Category: Sociology

Libre software funding and market abuse

I’ve just read a troubling article from the developer of Aether.

What troubles me is not so much the differences we have, which likely stems from being in vastly different segments of libre software (he’s doing social media, and I’m in low-level systems). What troubles me is that he claims that it is an economic imperative to work at FAANG or a Silicon Valley startup for a number of years before working on libre software full time, and all of this on a false pretense.

Encouraging someone to have a long-term savings and funding plan is a good idea, perhaps even a great idea. It falls apart when he states that working for startups or FAANG are the only or best way you can earn that money — and then claiming that you could make 250,000 USD per month working at them[1]. This is flawed mathematics at best, and actively malicious to society at worst.

Most people are going to have to work at a company before founding their own, unless they have funding from external sources (be it angel investors, VC, inheritance, family and friends, etc). This is not what I take issue with. This issue I have is this false dichotomy that you can only make good money by working at FAANG or an abusive startup. As someone who actually has worked at two different startups in their life, I take personal issue with the way startup culture exploits its workers, investors, and society at large. This doesn’t even go in to how startup culture can also be bad for business.

This abuse is ingrained in to most, if not all, of the industry of Big Tech, ala FAANG. You might be able to wrestle some division of Apple, or the security research division of Netflix, out of this hole and point to them as an example of where I’m wrong. Oh, dear reader — even if you have the privilege of working in an area of the company that isn’t abusing its workers, you’re still complicit in that abuse by furthering the company’s mission and control over some part of the industry at best, and indirectly engaging in it yourself at worst.

It’s time for the computer industry to rise up and work at companies that respect their workers, and society. Quit FAANG like a bad habit, and find a company to work for that doesn’t trade in the abuse of power and users as its main product. And where those don’t yet exist, it’s time to found some. At the end of the day, we are all defined by the actions we take — which side of history do you want to be on?

[1]: And I quote, “If you can make $10,000 a month from donations doing open source work, I can guarantee you that your salary in any large tech company (or even startup) would be much more — to the tune of 10x to 25x.” The firm Indeed claim, at time of writing, that the highest paid research engineers at Google make about 246,000 USD per year; other companies pay even less. That’s 20,500 USD per month, or just about twice the amount he claims you might be able to make on donations doing ‘open source work’. And this doesn’t require you to further Google’s surveillance state.

Keeping libre software accessible to all

Recently, a number of high-profile libre software projects have been either considering, or adopting, proprietary chat systems to be their primary method of communication with their communities. This should cause alarm to everyone who is interested in the libre software movement.

Projects using Discord as an official method of communication include distributions like Fedora, Gentoo, and openSuSE; infrastructure projects like Gitea and Yarn; and libre programming languages including Elixir and Rust.

I was mercifully unable to find many examples of independent libre projects using Slack, other than Elixir (which seems to prefer Discord these days, but still has a Slack community). Most of the projects I found using Slack were run by companies that use Slack internally, and provide contributors access to it.

There are many reasons that libre software should not rely on proprietary communication tools. Of course, there are ideological reasons – we should not, as libre software maintainers, force our users or contributors to use a proprietary system. However, that may not be convincing enough for some projects, especially those that focus more on being “open source” than standing for the rights of their users. Some of the non-ideological reasons include:

  • No transparency: Most proprietary chat systems contain very long contracts that you must agree to when you sign up for the service. These contracts take away your freedom and allow the companies behind these systems to use your data, including your chat logs, for whatever purposes they want. Quoting the Discord terms of service (as of 27 April 2019):

    All of Your Content is your sole responsibility and the Company is not responsible for any material that you upload, post, or otherwise make available. By uploading, distributing, transmitting or otherwise using Your Content with the Service, you grant to us a perpetual, nonexclusive, transferable, royalty-free, sublicensable, and worldwide license to use, host, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform, and display Your Content in connection with operating and providing the Service.

  • No client choice: If you cannot use the official Discord client, which is a proprietary binary blob using CEF (Google Chrome) that only runs on Intel x86 computers, you must use the Web browser client. The Web browser client is also proprietary, does not contain all features, and has accessibility issues. Creating your own Discord client is against their contract and will result in a permanent ban. Additionally, the official Discord client does not allow user style changes (it is against the terms of service to modify it in any way). This means that people who need assistive technologies to use a computer cannot participate in a Discord community.
  • Lack of infrastructure control: By using a proprietary chat system, you have no control over the infrastructure. If the service is discontinued, which has happened to many providers over the years, there is no recourse for the community.

Alternatives

Most libre communities turn to Discord or Slack because they are unsatisfied with IRC. There are libre solutions that go far beyond IRC. Some include:

  • Mattermost: written in Golang and React, has many of the same features as Slack, including a mobile app and integration with many services. Includes IRC and XMPP bridging for those who wish to use it.
  • Matrix: touted by some as a modern replacement for IRC. Can federate with other communities including an IRC bridge, has a mobile app, somewhat rough around the edges.
  • Rocket.Chat: aimed more at businesses (including LDAP and SSO support), can also be great for larger libre software communities, includes mobile app.
  • Zulip: emphasises threaded conversations, putting it somewhere between email and traditional real-time chat. I have heard great things about Zulip, but as I haven’t used it yet, I do not have any opinion on it.

For libre projects, the time is right and the time is now: migrate to a libre communications platform and ensure the rights of your community are respected.

Speaking with authority

I’ve just spent the better part of three hours arguing on IRC about Let’s Encrypt clients. After speaking with two others, I realised that nobody who I spoke with before knew their facts were facts.

Different people all told me various incorrect information, such as:

  • No ACME client supports doing a manual DNS TXT record for verification bootstrapping until you have an httpd up. (acme.sh, dehydrated, and certbot all support this.)
  • LE needs IPv4 for the HTTP challenge. (It worked fine for me with an IPv6-only host. I’m not sure which it would prefer if it had the choice between v6 and v4, or if it’d use Happy Eyeballs and connect to whichever responded first.)
  • It isn’t possible to step through the process manually as a debugging aid; you have to rely on your ACME client’s debugging facilities. (https://gethttpsforfree.com/ helped a tonne.)
  • You have to be listening for the HTTP challenge on port 80. (The TLS-ALPN-01 challenge type exists which will only ever use port 443 for the challenge.)
  • Critique of how I isolated each service on a separate VM so that they would be more secure, saying it was “over-convoluted”.

All of these people spoke with an air of authority. They sounded like they genuinely knew what they were talking about, and were trying to inform me of the limitations of ACME clients / Let’s Encrypt. Nobody actually knew the answer, but they thought they were right because it fit their experience.

When I speak to people about technology, whether in real life, on IRC, or on a mailing list, I always try to make the limitations of my knowledge clear. Many is the time I have said “I’m not sure if you can do that”, or “I don’t know if X supports Y“. And sure, on occasion I will say “I have never done Y and last I knew X couldn’t do that”. Note, however, that all of these are presented as statements from my hive of knowledge, and not presented as plain facts. The art of communication seems to be lost on far too many in the technology field.

There is no shame in not knowing the answer to something. It is certainly more helpful to say “I’m not sure you can do that”, instead of “you can’t do that”. I almost gave up on Let’s Encrypt and wrote another article on how useless it is, because I was told by people who used Let’s Encrypt that it had all of these limitations that made it seem useless, arbitrary, and ridiculous to me. (Thanks to Rich Felker of musl, and Freeyorp, for setting the record straight.)

Maybe we need a new term for this. “Organic FUD”, since it comes from the community itself? At any rate, I hope that in the future, more people note the limitations of their knowledge up-front rather than sounding authoritative about a subject they know little about.

Being wrong

I think it’s important to note this in public: Sometimes, I’m wrong.

I don’t know everything. Sometimes, my opinions are based on things I’ve been told second-hand, or on things I don’t fully understand yet. Sometimes, the facts that I believe to be truthful and accurate turn out to be outdated, or incorrect. Sometimes, I do or say things that I believe to be the best possible action or statement to make at the time, and it isn’t.

The Web, and the Internet at large (which includes non-Web ecosystems like email, IRC, and so on), is full of too many people that never want to admit they are wrong. The Internet is a fairly permanent medium of record; if you are wrong, it will be forever very obvious that you were wrong. I believe this contributes to people going out of their way to always be “right”, even when they know they aren’t. Otherwise they will look foolish in public forever.

Well, sometimes I’m wrong. That wrongness has been recorded before. In public. Forever. It will almost assuredly happen again, too. And when it does, I’ll note it, and possibly write a correction article, or a response email, or ping an affected party on IRC, and note that I was wrong.

The Internet needs more people to admit to being less than perfect, and to note their assumptions when writing. I hope that leads to more intellectual honesty, of which I find the Internet to be increasingly devoid.