The headline buried the lede -- this is a way to get some summer vacation (niiice) AND encourage enterprise support contracts, which will still have availability. I don't think I've heard of this particular open source / support / summer vacation business model before but I like it!
I liked the idea as well, maybe OSS should adopt 6 months availability and 6 months for enterprise support schedule. This way both could benefit, OSS gets more funding, enterprise gets support (cheaper than hiring full-time employee for specific OSS)
nice idea to time vacation in the summar, right around major security conferences (blackhat, defcon, etc), when large bulk of CVEs get published, to put some fire under the enterprise butts
Private disclosures happen well before the presentations.
Until someone races to the bottom to do 12 months of availability.
Races to the bottom to … do work exclusively for free and not make any money out of the hopes that they become the most popular OSS toolkit, with an end goal of … what?
End goal of complaining that no one pays for their efforts.
Validation, often. Stars and installs make self-worth integer go up, etc.
Greed, sometimes. Gotta get those usercounts high to get acquihired / to sell out / to flip on the paid subs for formerly free features.
I can’t remember the word for “prosocial through lowering cost to zero” is but sometimes that too.
> I can’t remember the word for “prosocial through lowering cost to zero” is but sometimes that too.
Wiktionary:
Benevolent, altruistic, unselfish, beneficent, philanthropic, selfless
Philanthropic! Thanks.
This works for a while. Then you - the programmer - grow up.
Wise customers know this.
But a programmer is born every minute.
Not so much these days.
> at they become the most popular OSS toolkit, with an end goal of … what?
Look at how any "FOSS + VC + for-profit" company in the last 5-10 years worked out, and you'll see the playbook.
bait and switch
Xz
A race to the bottom of… unpaid work that eliminates the paid work? Can you elaborate?
I mean.. isn't this basically open source?
We don’t need to speculate do we, there are tons of real non company run OSS projects
Now I personally wish lawyers and plumbers also got into the free work thing but here we are
Lawyers have a term for it, pro bono, and they do it for good causes. Turns out they're as human as software engineers.
> Turns out they're as human as software engineers.
Lawyers start out as humans but something about going into law school and then private practice, and feeding them after midnight turns them into... something else entirely.
Arguably the same is true for some software engineers. One minute they're a good friend that you respect, next thing you know they're building killbots or AI non consensual porn generators or surveillance platforms that are illegal for government agencies to operate. Perhaps it happens more often to lawyers?
Water is a key ingredient to the transformation. Nerds are less likely to shower than bougie lawyers, so we transform less often.
Plumbers are realistic and don’t live on ideals. They set their rates and set their hours. Lawyers; well if if only people behaved we could have nice things in life, but here we are with people trying to screw each other and misbehave…
Digital assets or work are a bit different in that making a second copy is trivial. It’d be different if every computer in the world were bespoke and needed its own bespoke software. So that makes OSS a viable option for those who can but we also can’t expect everyone to default OSS. We can default to asking that the service and prices be reasonable though.
Now I'm imagining a plumber who fixes a drain, then stands up a "fix drain as a service" website where people can put their credit cards in and their drain gets fixed remotely at effectively zero marginal cost to the plumber.
(And then, of course, the plumber gets VC money to expand the business and the drain fix becomes a drain fix subscription, and if you cancel or your credit card expires all your drains instantly block back up again.)
AI-slop PRs automerged in response to AI slop bug reports.
Coz just about everyone wants to be that one guy in Nebraska thanklessly maintaining this bit of digital infrastructure, apparently?
Yeah me neither.
I think the only thing that would convince people to move away from curl at this point would be if curl had a heartbleed level vulnerability and failed to fix it quickly.
Curl is so important that if it had a heartbleed and didn’t patch, someone would and people’d just apply it until it was fixed in tree.
Individuals don't but lots of companies do, so that they can threaten to rugpull it later if you don't pay them millions.
then it is up to community to fork the project if they find it valuable and can convince people migrating to their fork.
many engineers actually work that way, right? We are employed for 12 months and give our availability fully to the company and we get salary for it, why isn't it allowed to others?
A fork of a project that does security patches only is an interesting idea...
Since then a diff of the two projects will be a perfect list of security issues and will make designing an attack rather easy...
Only until the next feature lands in upstream, likely accompanied by some refactoring.
Please go ahead and fork curl
That’s just the status quo.
Isn't that what we have already?
Ah yes, people will just be clamoring to use hURL
Or the Rust re-write rURL
Rusted Cu surely makes that, rather, verdigrURL. (-:
Here I was thinking that cURL's (non-existent) enterprise support contracts were a polite way to tell brain-dead paper pushers to GTFO: https://daniel.haxx.se/blog/2022/01/24/logj4-security-inquir...
https://curl.se/support.html
What do you mean by non-existent?
The paper pusher didn't have a contract.
It's an extremely un-European approach. European companies normally ignore their paid customers too from May to August.
Incorrect. In europe, either july or august, is the informally agreed upon "vacation month" which means that both customers and vendors scale down and go on vacation, and work slows down to very low levels. That means you need a lot less employees than usual in order to provide for the customers that do not go on vacation.
To be fair, at least in Spain, things get really slow during the summer, basically from May to the end of August, even if "officially" everything is just "slow and closed" during August. During August, anything productive is basically impossible to get done, the months around are still slower than the rest of the year.
Of course, "European companies normally ignore their paid customers too from May to August" is factious, but there is a slight hint of truth in there, in that things generally is slower, at least in the South/West countries I'm more familiar with.
Vacation months*, plural. All project timelines were aligned to wrap up important things by the end of May. June is still operational but mostly focused on reporting, shaping and generally preparing for September when (mostly) everyone will be back, refreshed and ready for new adventures.
Time to start looking for a work visa.
Wait till you figure out what happens around the month of December
Having seafood lunch in 40C temperatures at the beach on Christmas Day?
Fortunately December chills work out in the US (IT-wise) too, no one wants to mess with prod changes between Thanksgiving and Christmas.
Kinda like how the aerospace industry basically shuts down for the month of December.
ignore is not the right word.
In Poland smaller companies tell you outright: this and that person is on vacation, but plese call back in 2 weeks. Bigger companies will often ignore you and drag your problem through the vacation time.
> tell you outright
That is not ignoring but announcing a delay.
Bigger companies may have only limited number of people checking the mailboxes in july and august, that doesn't excuse not sending a small reply announcing delays but I guess they take it so much for granted they don't realize other continents aren't used to those kinds of delays. However in May and June every company is totally operational ( that doesn't mean nobody take holidays ). If you request something to one named person, that sole person can have scheduled holidays, parental or medical leave any time of the year. If it is a team mailbox, you should get an answer.
> That is not ignoring but announcing a delay.
I think maybe with the American PoV of "the customer is always right", that might basically feel like a slap and the face and being ignored. Of course, we should understand that every human needs to rest during the year, but if you don't have that opportunity yourself by law, maybe you're less knowing about that being a thing in other more modern countries?
In America we generally ensure there are multiple people who can do the job. Somebody can go on vacation no nobody will know because the backup is just as good.
Every once in a while there is an exception. Then that guy says "If your sending me to Australia I'm going to use my vacation to scuba drive the Great Barrier Reef" - and his body is never found. True story, it took months for someone else to figure out everything that guy knew.
> In America we generally ensure there are multiple people who can do the job. Somebody can go on vacation no nobody will know because the backup is just as good.
So every single business, everywhere in American, has at least two full-time employees or at least one other backup that is available when you want to vacation and the stores/businesses never close? I'm guessing the ones that don't have that (if they exists), just never have vacation, or how does that work? Sounds like a fever-dream, but I guess if that's what your experience tells you.
Not every single one. Most do though.
Stores remain open because they ensure somebody isn't on vacation and thus able to work. They sometimes give extra pay if you work a holiday (this is rare though - generally there is somebody who wants the hours/pay more than this holiday off - they can take time off a different day).
For small business (think a plumber) it is common to arrange a competitor who will take care of your emergency customers needs.
I wouldn't say "every single business", there's no universals. But there's a lot of American business owners who basically don't take vacations until they have enough staff to run things in their absence, and American culture in general treats vacations as much less sacrosanct. I usually check Slack every few days when I'm on vacation, in case something's come up I can quickly help with.
I mean, looking at most us company's.. What support?