[HN Gopher] Source code is not enough ___________________________________________________________________ Source code is not enough Author : kiyanwang Score : 54 points Date : 2022-11-13 17:34 UTC (5 hours ago) (HTM) web link (fuzzypixelz.com) (TXT) w3m dump (fuzzypixelz.com) | fragmede wrote: | With that license, does Aseprite qualify as capital-o Open Source | software, or is it merely source available? | rpdillon wrote: | It is not OSI open source, since it doesn't allow unfettered | distribution of original or modified sources. | jimjimjim wrote: | Seems sensible. Whenever i've had to do a code escrow with a corp | customer, I've included the whole build system, documentation and | enough to make it turnkey. For Open Source, it's like Open Car | Parts. | doix wrote: | I have re-read the post many times and I don't quite get the | point. | | The first example is not FOSS because of its license. There are | loads of examples like that. I don't see how it relates to the | complexity of build systems or how it affects freedoms. | | The obfuscation point is kind of interesting. I'm guessing a | minified JavaScript file does not count as open source even if it | is distributed with the correct license because it's been | transformed by a machine. If you hand wrote some obfuscated | JavaScript I'm guessing it's fine. You could argue the end result | is the same, or how can you tell it's not hand written, and you'd | be right. | | Then it goes on to talk about upstream and what not, but I don't | get what the point is. | | Then the last paragraph talks about forcing software to be | audited and enforcing regulation. To me, this is the epitome of | anti-free software. Now you can no longer run whatever program | you want and instead only what <someone>(your OS vendor? The | government?) wants you to run. | JonChesterfield wrote: | Building software is often a massive pain in the ass. I don't | think that's essential but it usually seems to be true. | Occasionally a program is wholly in some interpreted language in | which case it might run or you might have the same experience | with dependencies. | | I believe guix and nix have largely solved that by writing build | scripts for everything they're willing to bring into scope. | Debian seems to be a mix of patching upstream source and build | script changes. | | A few projects compile to C and ship that one program.c file - | sqlite comes to mind - but editing that one source file may not | be easy if it was built by a build system that did lots of | surprising things. | | I'm mostly interested in llvm and we try to make it easy to build | on a variety of systems, so it could totally be worse, but it's | not easy either. And that's partly by DIY'ing a bunch of stuff | that could be library dependencies. | | I've no idea what to do about this. It feels like a lot of | engineering effort is lost to chasing build weirdness. Open to | suggestions! | | p.s. I blame cmake for a lot of build complexity in the C++ | world, and npm for whatever the hell is going on over in | JavaScript. Random node projects from GitHub never run for me. | Gigachad wrote: | The root of most of these issues is the fact C/C++ has no | package manager and central repo. If you want to build a fully | Rust program, its trivial. As soon as it requires something C | based you now have to track down the things it needs. And the | build tools don't even know what is required. They just attempt | to build and spit out some unintelligible error you have to | search to find the stack overflow post telling you what package | is needed and the 10 different names it has on different OSs. | | Thankfully the problem is getting better. Most languages now | have a central package repo as well as killing off dynamic | linking so the distro maintainers don't attempt packaging | libraries. | jimjimjim wrote: | c and c++ have been around since before there was a central | anything. Who should be the central for c? | vq wrote: | I doubt there could ever be something official, but for me | (and others,) nixpkgs serves as a central source for a huge | amount of C and C++ code. | haburka wrote: | This has a really terrible take where the author compares | javascript obfuscation to source code complexity, suggesting that | source code that's as hard to read as obfuscated JS is unfree. | This is a pretty flimsy point - so much that I doubt this article | was written in good faith. Firstly obfuscated javascript is | intentionally modified by a program. Secondly, does this mean | that any source code that's too complicated for the author is | suddenly no longer FOSS? | | Code is often very complex for good and bad reasons but very | rarely is it done just to prevent comprehension. If it's not | being done intentionally then I'm sure that as long as you're | skilled and taking the time, you can understand the code. | [deleted] | kwhitefoot wrote: | I get the point, but credibility is dented a bit by making it | about FOSS and then using an example that isn't FOSS licensed | together with Arthur Whitney's b which doesn't even have a | license. | acedTrex wrote: | I absolutely despise this post. As an open source dev, politely | fuck off with your expectations of me. The source code is right | there, MIT licensed, go do the work on your own to work with it. | Its not obfuscated, it's the same stuff I work on every day. I'm | not required to accommodate or cater to other people wanting to | develop it. | [deleted] | zen21 wrote: | I don't understand why people are reading some requirement for | them to accommodate something into this post. | | He's simply making the case that as things stand, open source | doesn't enable people to do much with the code if they aren't | part of the project itself. | | For the most part that seems true. Why is it such a problem for | him to say it? | Supermancho wrote: | > people are reading some requirement for them to accommodate | something into this post. | | There is no other interpretation. "not enough" implies there | should be MORE, which is a requirement. The requirement is | never elucidated. This is a Mazouz gripe post for OSS issues | that are not unknown, and provides no insight. | | > open source doesn't enable people to do much with the code | if they aren't part of the project itself | | All code requires effort to utilize. Proposing that OSS | should have some additional (hand-wave whatever you imagine) | requirement lowers the effort to utilize it in some way _and | that result differs for each program_. Imaging OSS code that | simply does not compile. What more can you ask? | Homogenization of code is a Sisyphean endeavor. The best we | have to a uniform interface is source-code text. | zen21 wrote: | > There is no other interpretation. "not enough" implies | there should be MORE, which is a requirement. The | requirement is never elucidated. | | Yes it is. At the top of the article he says: | | > People will often claim that since X is Free and Open | Source Software, every user of X is enabled to hack on it | and bend it to their will. | | Which is basically the same goal as Alan Kay had for | smalltalk systems. Why is it so controversial to say we | haven't reached this goal? | bsza wrote: | Because it's an expectation about the _quality_ of the | maintainer 's work. FOSS and code quality are two very | different things, and they should stay that way. The | saying "looking a gift horse in the mouth" comes to mind. | zen21 wrote: | You seem to be validating the original complaint - that | FOSS alone doesn't empower people the way it is often | claimed. | | As for looking a gift horse in the mouth, you may not be | aware of how much that sentiment devalues FOSS. The | implication being that as long as it's free, it doesn't | matter how bad it is. | mooreds wrote: | > He's simply making the case that as things stand, open | source doesn't enable people to do much with the code if they | aren't part of the project itself. | | In that case, I'm unclear. Is he advocating for OSS devs to | do more to make projects inclusive? | | Or is he saying that OSS isn't all that, and the code to | Asperite might as well be closed, given how much beyond the | source code goes into making a software product? | imiric wrote: | Except it's not actually true. Build issues are mostly a | solved problem with reproducible build systems, like Nix and | Docker to an extent. If a project is not using this, kindly | suggest it to its authors, or, you know, propose the change | yourself. | | The lack of documentation is also a problem with specific | projects only, not a widespread F/LOSS issue. And again, if | the project lacks in this area, you have the means to improve | it. | | As for projects being difficult for newcomers; yes, this is | an issue. But it's one you'll also encounter when approaching | _any_ codebase, where you'll find it takes time and effort to | understand and contribute a meaningful change. If you're not | a programmer experienced in a particular tech stack, then | it's obvious the barrier to entry will be even higher. | | None of these issues are specific to F/LOSS, so the post | reads like a rant from an entitled user. The right mindset to | begin with should be one of gratitude that developers are | granting you these freedoms which you don't get with the | majority of consumer software nowadays. | | And another benefit of F/LOSS: just because a project is | inaccessible to person A, person B might find it easy to | contribute, which encourages a community to exist, from which | everyone ultimately benefits. | zen21 wrote: | > None of these issues are specific to F/LOSS, so the post | reads like a rant from an entitled user. | | > The right mindset to begin with should be one of | gratitude that developers are granting you these freedoms | which you don't get with the majority of consumer software | nowadays. | | By this logic, FOSS is always impervious to criticism | because non FOSS is worse. | | That's not an argument against the premise of the article. | scarface74 wrote: | I worked on a company sponsored open source project for a couple | of years. We were a small team from different departments who | kept it going as both a labor of love and because we used it for | customer projects. | | I could make necessary changes for a customer, fork it, | generalize it and then after discussions with the rest of the | team, I could get my changes merged after the team came to a | consensus. It was a relatively painless process. We could release | any time we wanted to. | | Then as the project became more popular, 5 years into its life | (about a year after I got involved), it became more official and | transferred to another team. Then any change had to go through | "the process" and any proposed change had to go through levels of | approval. I still had commit rights and they didn't take away my | access. | | I found myself in the same position as the Haskell developers. | Either I had to hard fork the code and have a customer specific | implementation or go through "the process". It wasn't a fun | skunkworks project anymore. | | Luckily, one of my last changes before the project got | transitioned to another team was an officially supported | extension framework where I could customize functionality without | changing the base code - much like the VSCode example. | jraph wrote: | The question for me is probably "not enough _for what_ "? | | My requirement is user-respecting. Software should respect users, | be useful to society, and should not (be designed to) cause harm | (environmentally, psychologically, should respect user's privacy | - and why this is important is its whole own discussion). | | Free software is (arguably) a requirement for being user- | respecting. A necessary condition. Because it is theoretically | necessary for users (or someone they ask - most people don't have | the required time / knowledge) to be able to adapt or maintain | pieces of software they rely on, if its original builders ever | disappear, want to take another path or simply won't fulfills the | user's need. Because the users should be able to inspect their | software. But indeed not sufficient. You may need guidance to | understand the code and build it (documentation) [1]. You need | reproducible builds (so someone can check that the shipped | version does what the code says, so users don't need to build the | program themselves each time to be sure). And other requirements | too: like the software should not manipulate the users to make | them do things that they would not have done and cause harm, or | skew society in some undesirable direction. Which can be | subjective. | | For instance, Chromium is free software, probably documented | quite well, but still serves a monopoly from an ad-supported | company, which is arguably "not sufficiently" user-respecting and | helps it to push the entire world to an economical model that | relies on user-privacy issues, manipulation caused by ads, and | control from a company bigger than countries and yet not | democratic at all (assuming democracy is desirable). | | Software should be free. And more. How exactly? I don't really | know. | | [1] Note that I also think we can't require documentation or any | extra work from people contributing free software neither. They | already make a gift to the world by releasing their free | software, especially if they do it in their spare time. | scarface74 wrote: | I would think Chromium is just the opposite. If you have the | resources and the knowledge, you can fork it and make it your | own. I doubt Microsoft's version has any Google dependencies. | | Also, if I recall correctly, MS has been able to get changes | pushed upstream. | jraph wrote: | > MS has been able to get changes pushed upstream | | Yes, because they suit Google. I suspect you'd not get your | contribution to get back Manifest v2 features which allow | tampering with requests from extensions upstream. It would go | against Google's decisions. They can say that it's for | technical reasons, but this removal also helps their business | model. | | Chromium is a wonderful piece of software, but it's not | politically neutral. Software, in general, is not neutral. | | Assuming I have the resources, I can fork it and make the | changes myself. At an individual level, I'm covered thanks to | Chromium being free software. But at the collective level, | not so much. Most people will likely continue to use Chrome | (or Chromium with some luck) and play inside whatever limits | Google sets. Unfortunately, some network effect is present | too, which raises collective issues (some websites might not | bother with compatibility with other browsers, for instance). | And the collective aspect matters (to me). | | Because of this network effect, using Chromium and Chromium- | based browsers is, in my opinion, a vote for Google's | business model. Not necessarily in the intent, but in effect. | The issue is that individual choices don't only have | individual repercussions. | | Software, including free software, can harm society. Programs | are not neutral. Power games are in effect. Hence why I think | the free aspect is not sufficient. | | I could have used a caricatural open source missile launcher | example to convey this idea, but also seams less interesting. | scarface74 wrote: | > They can say that it's for technical reasons, but this | removal also helps their business model. | | Isn't manifestv2 basically the same as Apple is doing? | Apple has no business reason to prevent better ad blocking | in Safari. Having untrusted third party code intercept all | of your request is a privacy concern. | jraph wrote: | I'm not familiar with the Apple ecosystem. But it is my | understanding that Safari does this too indeed. That does | not make it right. | | > Having untrusted third party code intercept all of your | request is a privacy concern | | Indeed, but I trust uBlock Origin. More than Google's | software. | | In any case, extensions are a privacy concern themselves. | I still want to be able to install them. Those I trust. | Google does have a review phase in their almost mandatory | Play Store anyway, they could use this instead of | removing useful features if that's their concern. | zen21 wrote: | If you "have the resources and the knowledge" then you don't | even need the source code. You can build your own browser | from scratch. | scarface74 wrote: | So you think it takes the same amount of resources and | knowledge to build a browser from scratch as it does to | make modifications to an existing one? | zen21 wrote: | No, that's not what I said. | scarface74 wrote: | > If you "have the resources and the knowledge" then you | don't even need the source code | | Are you not equating the resources needed to create a | browser with the resources required to modify one? | zen21 wrote: | No. I didn't equate those things. | | Edit: It's not clear why you think I did. | kkfx wrote: | Personally i consider Chromium as not really free. Simply | because of it's development model (not developed in an open | community form, from the start) and codebase size (no single | human can know it all). | | Personally i consider a software free if it born free, | developed openly so to have eventually a community of different | peoples with different ideas, set of interests, culture, ... | have seen the code from it's early days when it was small | enough to be fully understood and subsequent | discussions/evolution happened in such open manner. It's not | exactly a measurable thing, and it's not merely "freedom" but | for me is a requirement to consider a software as a really free | one: the freedom of knowing and trusting it with acceptable | efforts. | feoren wrote: | > Free software is (arguably) a requirement for being user- | respecting. | | Arguably indeed. I'll argue this all day. I'd argue that, for | instance, Excel is mostly user-respecting, within its own | limits. OneNote is, as well. (If you disable telemetry, which | is a counterpoint, but could be argued is not a core part of | those products.) Note for instance that you can save an Excel | document to .ods format, the main format for OpenOffice and | LibreOffice. | | On the other hand, free software is (arguably) incompatible | with being developer-respecting, as TFA demonstrates. Software | needs to be developer-respecting to thrive as well. | | > Software should be free. And more. | | This is not compatible with the statement "developers should be | paid". As a developer who would like to make a living, I | obviously strongly disagree with this. | | Nor is that statement compatible with any sensible intellectual | property or copyright protections whatsoever, unless you really | just hate software developers particularly. There's no reason | why software developers shouldn't be allowed to profit from | their work, but J.K. Rowling should be allowed to profit from | Harry Potter, or Lin Manuel Miranda profit from sales of the | Encanto soundtrack. If you truly believe no artist or creative | person anywhere in the world ever deserves to be compensated | for anything they do, well, I just really never want to live in | the world you imagine. | jraph wrote: | When I say free, I don't mean gratis. | | > On the other hand, free software is (arguably) incompatible | with being developer-respecting | | If you mean developer-respecting as in "paid developer". | That's not true. There are several ways of building a | business around free software. Anyway, people releasing their | software as free software do it willingly. That's strange to | say that their software does not respect them. | | > This is not compatible with the statement "developers | should be paid" | | No. As a developer, I chose to work for a company making | money from free software. This company sells paid licenses | for extensions (the code is free software, but people, | especially enterprises, will pay for the convenience of | having it built for them and installed from an easy-to-use | UI), support, cloud hosting and customization. | | I should restrict my statement however: end-user software | should be free software. Not necessarily free beer. And if a | customer wants non-free customization, that's fine with me. | They are the ones who pay and use the software, under terms | they outline in the contract they have with the company. | Though I don't enjoy writing such non-free code if it could | benefit others and will try to avoid this. That's a waste of | my time, I'd rather have my time be spent on stuff that's | useful for more people than just a customer whose values are | not, by the way, necessarily totally aligned with mine. My | company too, by the way. It encourages their customers to | allow it to develop customization as open source components | (by making a discount, and open source components are more | likely to be maintained and get improvements outside this | specific customer's contract - improvements can be paid by | other customers needing them). | | There are ways. Core WordPress and Nextcloud developers are | paid too. That's true for many projects. | | > If you truly believe no artist or creative person anywhere | in the world ever deserves to be compensated for anything | they do, well, I just really never want to live in the world | you imagine. | | There's no bad implication like people being locked up with a | closed solution with non-free art. I'm not against it, though | I have sympathy for people releasing art under a free | license. | feoren wrote: | > There are several ways of building a business around free | software. | | For multiple orders of magnitude less opportunity than paid | software. You think some internal business to business data | processing software backed by hundreds of database tables | and containing trade secrets works as an open source model? | Because you said "software should be free." Period. And | that's software. Those big Excel workbooks with thousands | of formulas: that's software too. Internal ETL scripts, R | scripts for data analysis: all software. None of that makes | any sense as open source software. So what you're really | saying is: internal company software should not exist. | Trade secrets should not exist. A huge range of what | millions of people do every day is unethical because you're | not allowed to have a copy you can do whatever you want | with. It's selfish and narrow-minded and harmful to our | profession. | | > Anyway, people releasing their software as free software | do it willingly. That's strange to say that their software | does not respect them. | | I'm sure you can find many examples of people abandoning | open source projects because they're not making enough to | live on and their users are being toxic to them. You know | exactly what I mean. | | > I chose to work for a company making money from free | software. | | "I won the lottery, therfore everyone should quit their | jobs and just buy lottery tickets." There is not enough | opportunity in OSS for everyone to do this, unless you want | 95%+ of developers to lose their jobs. | | > end-user software should be free software. Not | necessarily free beer. | | This is an arbitrary destinction; anyone can be an "end | user". And for end-user software to be free, all libraries | it uses must also be free, so you've really only excluded | ETL scripts here. And you can't have the "free speech" kind | without the "free beer" kind. | | Every single argument in favor of "all software everywhere | should be OSS" has the same fallacy: here's six examples of | OSS projects that make money, therefore all 23 million | developers in the world can do it, and we will forever | ignore all evidence to the contrary. It's unbelievably | idealistic and narrow-minded. | UncleEntity wrote: | > On the other hand, free software is (arguably) incompatible | with being developer-respecting, as TFA demonstrates. | Software needs to be developer-respecting to thrive as well. | | I labored, happily, for free[0] on blender's dodgy old code | with virtually no documentation and the only way to figure | out the really tricky bits was hope someone was on IRC who | could point you in the right direction. Hell, with half the | user features I'd have to read the code to figure out what a | particular button did. | | Frickin' nightmare -- did I mention happily? | | I like to believe the time I spent was worth it because I | mostly worked on filling out the python API so other people | could write fancy extensions, this was right after the | transition to python 3 so somebody had to put in the time as | the old system was way too dodgy to be kept. | | If I just didn't work on the things I did because blender | didn't respect me (whatever that means) I can give you a | bunch of examples that the users/artists were able to build | which wouldn't be possible because the core devs didn't have | the time to go poking all around and figure out there's no | reason <whatever> couldn't work. Just needed someone to ask | the question and someone else to go find the answer. | | Oh, and last I looked blender is thriving. I wish I still had | time to hack on it because I really like the abuse. | | [0] I did get a hand-tracking doodad for free from the | results of this and my name in the credits of one of the | movies so not completely without compensation. | noobermin wrote: | At some level all software will be too complex to understand | easily within one sitting. That is just the nature of life. In my | opinion, learning to read someone else's code is a sign of | maturity, the ability to not just jump to churn or replace | something just because you don't understand it is very mature. | | While I somewhat agree there are levels of obscufation, just | because something is hard to understand on the first go isn't | sufficient for something to be "non-free" in my interpretation, | like the b interpreter. | ghuntley wrote: | See also https://ghuntley.com/fracture which details how the | source code of Visual Studio is available but it's fundamentally | useless by design as what people call Visual Studio (the product | experience of the standard desktop edition) isn't possible if you | compile your own version. Yes, this includes VSCodium and the gap | is getting worse as time goes on with the rollout of things such | as GitHub copilot. Microsoft is locking down access to Top 6 LSP | servers... | cxr wrote: | Visual Studio is still closed source. VS Code is open source. | ghuntley wrote: | But it really isn't. Sure the lower primitives are opensource | but the value of what people call VSCode // the language | servers and the market place. Yeah, they aren't and you can't | use it if you compile from source. I detail this in the link | above. | patrulek wrote: | Author of this post should develop something bigger by himself, | then mantain it and after all of this succesfully completed | complain about status of "free software". | cxr wrote: | See also other posts in this genre: | | Open source is not enough: | <http://web.archive.org/web/20150828195814/http://adamspitz.c...> | | Free software is not enough: | <https://jfred.dreamwidth.org/479.html> | | A related comment (2020 December 17; 19 points): | <https://news.ycombinator.com/item?id=25458080> | UncleEntity wrote: | > People will often claim that since X is Free and Open Source | Software, every user of X is enabled to hack on it and bend it to | their will. | | Does any one really say this? | | Every user has the _potential_ to hack on it if they're willing | to put in the time and effort to getting up to speed with the | codebase but the license doesn't _guarantee_ that right. | | In fact they generally provide it "as is" with no expressed or | implied usefulness. | | So no mandatory security audits, no mandatory documentation, no | onboard team to help the junior-woodchuck devs, nada. If it | breaks you get to keep both pieces and if you manage to fix it | you might be liable to share your changes with the rest of the | world, depending on licensing and what you're doing with it. | | Requirements which make the developers responsible for anything | more than what they want to provide will just kill open source | because they also have the freedom to not labor for free if they | choose not to. If they have to get approval from The Commissar of | Free Software before every upstream push, well, silly argument | but it makes the point. | pessimizer wrote: | Very good post with a lot of detail, but very vague on the action | that it's looking for except for a vague, ominous nod to | "regulation." | | I think that instead of looking for a daddy to tell people what | to do, the best thing is to come up with a reasonable standard | for _public_ projects. Projects that are not only Free by the | letter of the law, but are actually designed to encourage and | facilitate users in exercising those freedoms. And by "come up | with," I mean compose them yourself and explain the reason for | each goal that the standard is meant to solve, and how the rules | within the standard address those goals. Like Stallman did. | | I think it'd be nothing but positive to have some gold standard | eminently publicly-hackable and accessible Free software projects | out there. After criteria are laid out, I'm sure a few will be | discovered in the wild. | | Another couple of things about easy-to-build, well-laid-out, | well-commented projects with few idiosyncrasies is that they're | great to learn on, and often possible for experienced programmers | to jump in and out of. Publicizing projects that want to | prioritize those features, especially as models, could be | consciously aimed at attracting the help to maintain those | features. | robust-cactus wrote: | So on one side we have folks saying we expect too much from OSS | devs and we're burning them out. And then on the flip side in | this post were saying they need to support a variety of compilers | and endless hardware configurations. | | Personally, for OSS I subscribe to "no one owes me anything, I | can always fork or submit a patch or use something else". | [deleted] | ozim wrote: | Mahmoud author of the blog post wanted to play around with a | tool and found that he has to pay for something. | | Then he follows with a list of why compilation is not free and | that is his argument why someone should do this for him for | free instead of charging him $20. | | He also continues with some far fetched arguments that serve as | support for his claim that someone should do what he wants. | zen21 wrote: | Where did he claim that someone should do what he wants? ___________________________________________________________________ (page generated 2022-11-13 23:00 UTC)