Earlier today I was part of Twitter discussion Barmak (@BarmakN) and Chuck (@ShorterPearson) about Heartbleed and the obligations of associated with open source applications.
I feel pretty strongly about this topic. We use one open source software application at work, or rather five. It’s called Sueetie and pulls together several open source projects (wiki, blog, media server, forum) to create a single unified environment. It’s pretty slick and the integration and value-added wrap-arounds make it ideal for our purposes. As soon as we committed to using Sueetie, I joined the user community site, both for help with the set-up and to give back by sharing what we learned along the way. And we learned a lot.
None of my staff are .Net or C# developers, so it was hard to contribute much at that level. However, on the SQL side we could contribute a lot, which we did – right up until the founder pulled the plug. For whatever reason, after several years of development, the community user group never took off. There were only about three active users, including us, plus the founder. There were plenty of downloads, but not much in the way of real involvement. We were also one of the very few to actually buy the license and premium source code.
As a product, Sueetie never really took off. Maybe it was too much effort for most users. One had to know a few things to install it and have decent mastery of the least-used skill these days – RFC (Reading for Comprehension). I think though it also had a lot to do with lack of understanding of how open source works – participation, support, funding – and the desire to get something for nothing. The community of active supporters was not large enough to be self-perpetuating and the founder eventually needed to move his Sueetie-time to revenue generation.
It just doesn’t work that way. There Ain’t No Such Thing As A Free Lunch. TANSTAAFL. People need to read more Robert A. Heinlein. One way or another, things have to be paid for, either with cash or sweat or service or barter.
We’ve stuck with Sueetie. We’ve invested too much effort in using it and developing content. We have all the source code and will begin updating it, focusing on the areas we use most. Some pieces we may ultimately disassociate from our application because we don’t use them, others we will continue to enhance or integrate the newest versions.
The Heartbleed bug is an example of what happens when folks forget TANSTAAFL. Big moneymakers that adopted OpenSSL, but did not take seriously their role in being part of the OpenSSL community have a lot to answer for. Just a reminder these enterprises include Facebook, Google, Yahoo, Amazon, and Instagram. I feel confident they could have added value along the way…especially Facebook and Google.
I guess it is time to pay up.
Open source code is great. It is powerful, can be affordable, and you can customize it. If you need a cheap solution, that’s okay, but you can still contribute to its development through development, sharing your modifications, bug reporting, crowd-funding, letting the developers know how you are using it, and helping others get started. The last is the easiest, and perhaps the most powerful as it can help a user community become large enough to continue.
Remember: identity, community, and stability all apply to the open source movement. Especially if you aren’t paying attention.