Open-Source Exploitation - David Whitney - NDC London 2024

David Whitney is a wonderful human being for having the courage to talk about this on the behalf of millions of open source developers.

Nothing more relevant in light of xz debacle and what happened to Redis

As a software developer, I agree with everything this man says in this talk

About 5 years ago I asked a company to pay for fluent validation. I had met the main contributor and we used it all throughout everything. A simple gesture of just £500-1000 to a large company is nothing... But no...
David. Thanks for this brave talk. Awesome

Yes! I've been looking forward to seeing this talk being uploaded. Now I can share with colleagues the golden nuggets I myself consumed 😅
This may have been the best talk I've seen in years

Use AGPL because corporations are afraid to use it.

sad but absolutely true

There is no ethical consumption under capitalism.

I watched this live in London and it was an incredible and eye-opening presentation that turned what I felt about this topic into words, slideshows and a very good discussion!
It's topic that is hard to talk about not just because of the complexity of the problem, the "Software should be free" mantra and all heaps of other can of worms that get open but also because you need to have a lot of guts to talk about this openly and honestly.
David Whitney does an amazing job in advocating this. 😊

I dunno "relentlessly negative" sounds like the sorta talk I want to hear. ;)

An excellent presentation that should be listened to widely!

Didn't Metallica argue for shutting down the actual internet because of file sharing?

38:16 Thank you too for giving this speech!

I have been saying this for years now, because my life & family is full of entrepreneurs & insight into the business side of the equation... and I can 100% tell you that businesses will squeeze every drop of value out of free things & they will never support these packages financially unless forced to.
It's only 'fun' to work for free if it a cooperative among peers who are all building for & sharing with each other.

"And that's what I'm changing about my own behaviour" - a level of reflection and thoughtfulness that everyone should strive for.
Two things I kept thinking about throughout the chat.
How would this change if we included opensource contributions as part of existing anti-exploitation in the supply chain paperwork? I have needed to sign several of these as part of client engagements, I wonder how transparency about what opensource tech we use and how we contribute to it would cause some reflection at a corporate level.
I contribute to open source projects that I pull in as dependencies when delivering projects. But I guess my hope is that the underlying parts that I don't consider (things like xz fall into this) are already being taken care of it because its too hard for me an individual to go through the entire chain to allocate the individual dollars between everyone. But for someone like Microsoft, either you say you've vetted the entire chain (and thus could do that attribution) or you acknowledge you haven't (and thus can't talk to me about the security it offers). You can't know everything except how to contribute to those background pieces.
I hope David gives more talks - regardless of whether its around opensource or not.
-Kane, a person who just got 45minutes of solid information followed by an hour of solid reflection after paying $20 for premium, of which a fraction of a cent will go to NDC, of which 0% will go to David. Thanks to those who paid full whack at NDC London.

I've always wondered how to handle the "organization size" question. I'm a Canadian federal public servant; what's the scope here? Does a government (albeit at one remove - I'm a bureaucrat, not a politician) count as a for-profit organization? Is it the entire public service that counts, or my one department, or ...? I know that people have thought about these matters, but I do think it is interesting (and very important) to think about the complexity. I tried to find a way to officially contribute to the livelihood of an open source and free library maintainer that had a project that saved my bacon for years - and failed, because it was not a product recognized as "for sale". :(

Any particular "dual-license" models you would recommend?

Really interesting. Does make me think why don't small packages charge small fees, even if it's £2 a month but it has 500,000 users... that ain't too bad for everyone is it?

The path to approach is "creators should have been paid" depending on usage of their artwork. Same as musicians. So Patreon style package managers look like a way to research more.

This is why you opt in to free software instead of open source :)

Imo, it's not so much about some patricular piece of the system (i.e. Napster for Music or Opensource for Software) as it's about the system in it's entirety. Exploitation exists not because it's "allowed" for or "enabled" by previous bad decissions, but because it is necessary, so if you want it to stop you need to think not on how you can stop an instance of it, but on how you make it NOT necessary. Trying to fight every particular issue separately just won't lead anywhere, because even if you succeed, while you get busy patching one hole, 3 more appear.
I mean, "changing licensing", "introducing billing to package managers" - depending on the implementation, seems like you can just go straight the other direction with all that . Giving middleman power to those platforms, however benevolent they may be now, can make them just as bad as any "app-store" in the future. That being said, you are right in that something needs to change, it's just that there's a devil or two to get flashed out before I'd be comfortable fully accepting your approach (not that my acceptance really changes anything)

Whitney is right on the meaning of "free software" in the original proposals, including all GPL licenses. However, the GPL license itself teached one to give away work without payment: if you obtain a copy of GPLd software free of charge, you are obliged to give back all your modifications and additions to that software to those giving you the GPL to use it, and so your work will be incorporated in the free-of-charge copy of the GPLd software. I remember that I struggled in the 90s with the idea to charge for giving away GPLd software, as there could always be someone (and there always was someone), who distributes the source free of charge and is entitled to receive your work. You can't compete with free-of-charge if you cannot differentiate your product from that free of charge. Which the GPL enforced.
So the GPL, although not permissive, introduced the idea that FOSS is always free of charge - not by intent, but by mechanisms combined: those of the license and those of the market. It could have been different, if every GPLd software had an organisation of all copyright holders (everyone contributing to the GPLd software becomes part of that group) organising the then obligatory charging for distribution and distributing the income to the copyright holders.

Basicaly David suggests all the open source developers to implement Unreal Engine's style of software licencing. Unreal engine is open source and sky is a limit what you can do with it but if you use it to make money you pay them royalty after first 1000000 usd. The way unreal engine does it is open source software in truest sense.

I've never really understood the rabid love of no-restrictions Open Source by indie-devs - it has a kind of cargo cult element to it. I can only presume because the early days of tech were so dominated by libertarian minded individuals who it benefited to twist in that direction.

Amazing presentation, I guess resolution of this problem boil down to your ideology. I see this as natural process corps will exploit free labour and are covered by same laws which enable them steal in the first place. I say abolish laws protecting intelectual property… all of them.

I've recently started work on a project I've made opensource.
I love this video because it highlights a huge issue I struggled with. It is a dev tool. I'd like to make money off it and possibly retire on it, but I also want the community to have access to it.
I really struggled with going MIT, but eventually, I decided to sell a subscription to premium packages. Packages you yourself could build with the core tool, but which I've prepackaged for you.
Hopefully, the packages are worth it to people such that they pay me for them.
It's really difficult.

I assume this catches on.

Damn, big Ed went open source huh..? Just kidding, relax guys. Great talk!!!

If charging for software is bad, then fine, so is your salary. Have fun working for free.
"Act only on that maxim through which you can at the same time will that it should become a universal law"

Ok but in the same way the internet has been taken from us, it's probably been of undeniable benefit to most of us even its modern form.
Everything will be taken and modified to suit the powerful, it's why baked in immutability, resilient protocols with incentives that aren't dependant on trust or honor need to be at the core of projects considerations from inception.
Code being available certainly doesn't mean you can't get paid for understanding it, that is a choice of the developer and a narrative we should stop pushing.

Spotify doesn't pay it's artists either.

Imagine a world where big companies pay per package download as they make their client advertisers do for clicks on ards

No. You cannot provide software for free competitive use under a permissive, legally binding license and then _retroactively_ *expect* compensation for work you voluntarily did, even if that work is extremely important and thankless, because IN that license you already forwent responsibility. In the same way, you can't _retroactively_ change the permissive license on contributions already made under the permissive license.
Nothing is stopping you from providing software consulting business on top of your open-source software or paid builds or paid addons. The "industry" has already largely solved this "exploitation" problem, just because you want to be lazy and expect compensation from your volunteer work does not mean others haven't actually put in work to monetize their open source software to make it sustainable. And if one cannot monetize their software as open source, take the case of xz, a compression library, then you can provide it as a non-open source software if you please. A product can still be a social good even if it isn't free.

Dude! This is badass. Thank you.

"Late-stage capitalist hellhole." Ah, socialism. Of course. 23:22 So basically, he wants to do what he wants and how he wants it, not go to meetings, not respect what his customer wants, and still get paid. Who wouldn't? But the world doesn't work like that. He says we shouldn't be entitled, but this desire of his of getting paid for not doing what your customer (or employer) wants is entitled. I don't like FOSS devs struggling, but I don't think socialism is the answer.

Unfortunately with this kind of tone and attitude, literally insulting people and telling them to shut up? Seriously dude?

ElasticSearch sucks, please avoid it at all costs, bloatware.

good timing

later this year, i will be proposing my solution to this problem ~ a 4peace license that will keep information forever-free, in both forms [💰, 🕊] + where profits from goodẽs will only be distributed to contributors, not profiteers [marketers/advertisers/businessmen] ~ the new monetization model to accompany this license may also prove that it is possible for society to be richer than ever while also being freer than ever 💸 a system composed entirely of community [creators/curators/contributors] + that’s fueled only by pursuing passion ❤️‍🔥

❤

So was Bill Gates right about open source after all?