The older I am the more I am pissed off on crappy the commercial software. Unfortunately I am becoming also more and more annoyed about crappier and crappier open source software.
I would like to be able to say, that I am stuck up with unprofessional, amateurish open source soft due to financial reasons… but it is not true. I have enough savings to allow myself to buy a commercial product (providing it is a perpetual license, of course. I am not wealthy enough to allow myself to spew out thousands of Euros a year for subscriptions). I am not buying a commercial product because I have a lot of bad experience at my work and I know how crappy a very expensive software can be. So if I have a choice to pay for a crap and just take a crap for a free I will rather stay with a free stuff.
At this moment most open source people will get really mad on me. What this idiot is saying, open source is superb!
It is in fact. But mostly as a process and community, but not as a final product.
But let me put it away for a moment.
Prusa 3D printer and business
Let me now jump off the software and take a glance at a more material business.
Prusa is a Czech company which is producing, selling and supporting 3D printers. This company works in totally open source model, what means, in short words, that they supply their competitors free of cost and royalties with full documentation of their product. Anyone legally can manufacture, market and sell it. In fact some China companies are doing that.
This printer is not a cheep one. Even worse, if ordered from Czech it will cost about 150% of a Chinese copy.
On the quality side I have to say, that it represents best of the best of both worlds: open source and commercial. I am continuously surprised how well it is made and how great effort was put in it to be as friendly, serviceable and fool proof as possible. It is certainly worth every penny spent on it.
When I am telling anyone in Poland who is running a business about Prusa there are just brows going up, they shrew and are saying: “They will bankrupt soon”.
Material and immaterial world
The Prusa is a boundary case of open source. The documents are open and free to use, but the company is making a lot of physical job on producing the printer. They also manage and support the open source community behind it, but from end customer point of view what You are paying for is “The Printer”. Some metal, plastic, electronics, books and tests which had to be made so that it could be safe and legally sold in EU.
But how does it look when You buy a software?
You certainly do not buy a “material product”. You are just buying the “right to use it”. Except the case when this is a “cloud” based solution the company who is selling it to You is not having any expenses related to each sold copy. The production cost of each copy is null. The production cost of a first copy is however tremendous.
The same is for music, movies, e-books. Everything what can be easily copied creates near zero cost of each copy for a producer…
Hey, wait, You will say, it is not true. We have to run our servers so that our clients could download it from. We have to handle our on-line shops, licensing servers…
Stop! It is not true. You do not have to do it. You have chosen to do it because you do not like people to copy Your product. Right, this is it. You could have zero distribution costs if You would allow copying it by anyone and just be paid each time a copy is used. The costs You claim You need to pay are just the consequence of restricted distribution model You have chosen.
Money paid as a “proof of …”
So when we remove those fake costs caused by “restrictions handling” you may notice that in fact You, as an end client, are paying two kinds of cost. I will call them:
- money as a “a proof of work”;
- money as a “a proof of ownership”.
When You pay Prusa You pay money as an appreciation of a work and time they spent on producing that exact piece of 3D printer. This is a “proof or work”. But if You pay Autodesk for their Inventor, which in fact You have to download at own cost, set up a PC at own cost and have zero warranty, You do pay mostly to appreciate their rights to that “intellectual property”. This is a “proof of ownership”.
Of course this is not a black-and-white situation. Autodesk had to do a lot of work to make a software. But the cost of it is continuously distributed along all licensed copies. And Yes, they do update the software. But guys, I am a programmer. And most of maintenance cost of Autodesk Inventor software the company I work for actually needed would be covered by one annual licensing fee. I stress on the words: “actually needed”, because it will show its importance later. We needed some fixes, which were in fact not made, but we did not need hundreds of other fixes in costs of which we had to participate.
I think that 99% of software business is about a “proof of ownership”.
Open source of course cannot charge for a “proof of ownership”, because it is, well… open, right?
Yet there are companies which do run their main business on open source software. Two of which I know are RedHat and Gitlabs. RedHat runs mainly on maintenance and support, Gitlab on close source additions, maintenance, support and cloud service.
You may notice, that all the aspects, except closed source additions, are in fact based on “a proof of work”. You pay them to sit on their asses and await for You calling them: “Help me, my server crashed!”. Or even more, You pay them for running Your server on their hardware.
This is a good route, but I think this is not enough for the open source community.
The fact which has to be realized is that people need to eat. Programmers are not an exception. If You like a job to be done fast and well You have to find a good programmer. And a good programmer will, most probably, have a decent job, well paid. Such a person may be not very willing to spend hours of free time for free at open source project. If however You could pay…
Corporate and individuals as open source customers
Both RedHat and Gitlabs do aim at corporate clients. Their services are not cheep. Especially for an “average Joe” who needs a word processor, music editor or a spread-sheet. Especially when average Joe is using them once or twice a month. Especially when average Joe is not a well paid programmer but just a janitor.
Those clients are totally outside the “support & maintenance” scope. They are fully in “licensing as a proof of ownership” scope, but only if licensing is in 100$ region. They could be in “could computing” region, but again, only if “pay-per-minute” accounting would be available instead of an annual subscription. And believe me, they would really really struggle hard to not spent more time in front of a software than needed.
So there is an entire herd of average Joes who are stuck with a free open source software…
If I would be a business shark I would ask now: “There are millions of $ laying around. How can I get my hands on them?!”
But I am not. I am just an open source user. But I know there are people who are really excited about business opportunities and I think that we can make a good deal.
Bugs do generate costs at users end
At the place where I work about 50% of personnel is using a LibreOffice suite for daily job. They do prefer it over Microsoft products because it is more productive, more stable, less changing so it generates less returning training costs and is more user friendly. Sadly our employer is forcing all of us to use Microsoft products, because he thinks that it is a “superior standard”… But I think he does it only to be able to cry on us:”A rise? You want a rise?! Do You even know how much do I pay for the tools I have given to You?!” Well…
Even tough the LibreOffice suite is better than Microsoft it is still annoyingly buggy in many places. I personally do loose at my job about ~20 work hours each year due to bugs or usability issues. Twenty hours is not that expensive. But I am not the only person using it. I will let myself to say, that the company I work for is loosing about 300 work hours a year due to this exact software inefficiencies.
From an economic point of view it would be clear that commercial product would have to win with an open source because it has a “support”. That would be true if it would be possible to have a true “support” agreements with Microsoft. We are now paying an annual subscription, but we have absolutely zero chance to have reported bugs fixed in a predictable time. If at all. But theory says: “if You pay for support You get bug-fixes on request”.
With open source it is very different. We are not paying anyone, so nobody is going to fix anything on our request. We have a theoretical ability to download a source, set up a build environment, learn it, hunt down the bug and fix it. This is theoretical, because it would cost us much more than 300 hours. Even worse, once we have fixed it we, of course, as the old-school businessman would do, would treat this fix as a “business secret” and would not share the fix with anyone. Thous we will condemn ourselves for “freezing” at the certain LibreOffice version.
All we can in fact do it is to report a bug and just ask politely if anyone can fix it.
I does not look good, isn’t it?
“Bug bounty” as a business opportunity
300 hours is not much, but if I could get an extra 150 hours worth payment for fixing a tiny bug in a well known code it would be for me an extra annual 10% bonus. Most of bugs I have encountered are, in my opinion, fixable within 20 to 60 working hours assuming You know the code and program structure very well. If You don’t I can estimate it at about 300 hours.
So the only block is: “I don’t know the code well enough”. But what business opportunity could have open in front of me if I would knew it well?
Some of You probably had filled a bug report. Some of those bug reports might have even earned a response. Maybe 5% of them have been fixed. Maybe 1% have been fixed soon enough to be any use for You.
Now imagine, that You have a rather annoying bug. A bug due to which You have to spend many working hours on re-doing things, fixing, checking, fixing, re-doing… It pisses You off, and when You are pissed off Your boss is loosing money.
Currently all I can do to get bug fixed as soon as possible it is to make a “good bug report”. A good bug report presents a step-by-step, repeatable test case, proposes how should it work correctly and explains why. I can’t do anything more as a user. All I can do is to be very, very accurate in description and my expectations.
Sadly, since we are talking about an open source, we have to take in an account how the community works. Since there is no governing entity nobody can give an order to anybody to work on something. The work choice is purely voluntary. If somebody wishes to do something, somebody does it. If nobody takes it, nobody fixes it.
The work assignment in community is in fact not based on the bug importance but on “bug attraction”. If a bug is attractive it will quickly tempt somebody to fix it. If it a boring, minor, hard to solve stuff nobody will be tempted to do it. Exactly as in public health care: if You are “an interesting case” You will get all the doctors attention. If You are a “standard procedure” You will get ignored until Your illness will progress in such a way, that it will become “interesting”.
But the company I work for is loosing 300 work hours each year due to that bug!
So what if with a bug report I could simply put: “I give 100$ to fix that”. Or when I would have found a bug report made of somebody else I could also add my own “bounty” to it? Surely it could make a bug more “attractive”.
The open source might then easily monetize the high volume, but low financial capability users and turn that money into high quality work hours spent on a project by qualified programmers. And users would have a clear, hand-to-hand “proof of work”. I do find a bug, I report it. If this really annoys me I can put some money on that. I do some pre-payment to the project foundation with a “money return” warranty and have this bug fixed in predictable time.
Notice, since many bugs are “related to each other” there is quite a significant chance that with one fix one could have in fact capture more than one “bounty”. This is a great opportunity for free-lancer programmers to gain a good profit.
This kind of business will boost up quality of open source by attracting people with professional experience and provide users with a feeling that they really can drive the open source project in a direction which is good for them.
Abuse of bug bounty
Of course bug bounty business model may be abused. The same way open source may be sabotaged. Some people may intentionally put bugs in project so that they could fix them later for money, some may take money and do not do their work, some may request the job to be done and then not pay the money.
So I would rather think about it the same way the “auction web sites” do work. For an example a Polish Allegro do offer to its customers the ability to work as a “trusted buffer” between person who is selling an item and a person who is buying it. They take money from one side, take the item from the other side and complete the transaction working as a “trusted partner” for non-trusting sides of transaction.
This is a place when a Free Software Foundation may enter. Or in fact any trustworthy intermediate I think. It even may be a foundation or main sponsor of an open source project itself or a specialized business entity. I do not know, I am not a businessman.
What I see it like it is:
- one or more persons are declaring a “bounty” for a bug;
- some programmer do declare “I will do it”. All parties do make some public discussion and agree on some details of the bug fix request;
- at this moment the money is to be paid to the intermediate entity, since neither bug reporters do trust the programmer nor programmer trusts them to be paid for his or her work;
- when the work is done the result is presented to the project community by usual means (pull-request, commit, branch, patch-set, build – call it whatever You like);
- the community validates its quality by usual means, exactly as it normally do for each proposed change. This validation covers general quality, coding standards, regression errors and etc. This validation must include the ability for an “average Joe” to test it, so it must go down to presenting the executable build of the software on as many platforms as possible. The “compile it Yourself” approach cannot be accepted because original bug reporters who were plain users wont be able to test it;
- in the next step the community is expected, using a bug-reporting system, to validate if requests specified in bug report are fulfilled. In plain words people of the community may vote for or against the programmer doing the job;
- if the community validation will say: “Yes, the reported bug was fixed as expected” the intermediate entity transfers money to programmer and closes a bounty. If however community says: “No, it is not. The work was done, something was fixed, but the bug report requested an another solution” or the agreed time frame is exceeded (some flexibility is needed there, for an example if You spent half the time more, You are paid half the money) then the money is returned to persons who declared the “bounty”.
I think this model would have a great positive impact on the open source community. An open source community must consist of programmers. The quality and quantity of programmers is essential for a quality of an open source project.
In “bug bounty” model high quality programmers from outside the community are attracted by money. The community itself does not have to contain a lot of them. The balance is moved from requests for experienced programmers to the need of competent integrators and pedantic testers.
In this model the community main focus is the quality assurance. If a community can foster a well working quality assurance model, then the probability that abusive bug will slip in is low. There is also a very little chance that the community will be “unfair” or “cheating” and will abuse the bounty system. Some persons may be “unfair” or “cheating”, but as long as the statistical majority will play fair it will work. As a Bitcoin does.
And in this model the people who are reporting bugs will be rather keen on quality validation because they will be putting money on it. In this model open source community would be more about “users who tests” than “programmers who create”.
I think it can be a great model for a future.
Old coder's ramblings about software concepts and quality. 