[HN Gopher] Source code is not enough
___________________________________________________________________
Source code is not enough
Author : kiyanwang
Score : 54 points
Date : 2022-11-13 17:34 UTC (5 hours ago)
(HTM) web link (fuzzypixelz.com)
(TXT) w3m dump (fuzzypixelz.com)
| fragmede wrote:
| With that license, does Aseprite qualify as capital-o Open Source
| software, or is it merely source available?
| rpdillon wrote:
| It is not OSI open source, since it doesn't allow unfettered
| distribution of original or modified sources.
| jimjimjim wrote:
| Seems sensible. Whenever i've had to do a code escrow with a corp
| customer, I've included the whole build system, documentation and
| enough to make it turnkey. For Open Source, it's like Open Car
| Parts.
| doix wrote:
| I have re-read the post many times and I don't quite get the
| point.
|
| The first example is not FOSS because of its license. There are
| loads of examples like that. I don't see how it relates to the
| complexity of build systems or how it affects freedoms.
|
| The obfuscation point is kind of interesting. I'm guessing a
| minified JavaScript file does not count as open source even if it
| is distributed with the correct license because it's been
| transformed by a machine. If you hand wrote some obfuscated
| JavaScript I'm guessing it's fine. You could argue the end result
| is the same, or how can you tell it's not hand written, and you'd
| be right.
|
| Then it goes on to talk about upstream and what not, but I don't
| get what the point is.
|
| Then the last paragraph talks about forcing software to be
| audited and enforcing regulation. To me, this is the epitome of
| anti-free software. Now you can no longer run whatever program
| you want and instead only what <someone>(your OS vendor? The
| government?) wants you to run.
| JonChesterfield wrote:
| Building software is often a massive pain in the ass. I don't
| think that's essential but it usually seems to be true.
| Occasionally a program is wholly in some interpreted language in
| which case it might run or you might have the same experience
| with dependencies.
|
| I believe guix and nix have largely solved that by writing build
| scripts for everything they're willing to bring into scope.
| Debian seems to be a mix of patching upstream source and build
| script changes.
|
| A few projects compile to C and ship that one program.c file -
| sqlite comes to mind - but editing that one source file may not
| be easy if it was built by a build system that did lots of
| surprising things.
|
| I'm mostly interested in llvm and we try to make it easy to build
| on a variety of systems, so it could totally be worse, but it's
| not easy either. And that's partly by DIY'ing a bunch of stuff
| that could be library dependencies.
|
| I've no idea what to do about this. It feels like a lot of
| engineering effort is lost to chasing build weirdness. Open to
| suggestions!
|
| p.s. I blame cmake for a lot of build complexity in the C++
| world, and npm for whatever the hell is going on over in
| JavaScript. Random node projects from GitHub never run for me.
| Gigachad wrote:
| The root of most of these issues is the fact C/C++ has no
| package manager and central repo. If you want to build a fully
| Rust program, its trivial. As soon as it requires something C
| based you now have to track down the things it needs. And the
| build tools don't even know what is required. They just attempt
| to build and spit out some unintelligible error you have to
| search to find the stack overflow post telling you what package
| is needed and the 10 different names it has on different OSs.
|
| Thankfully the problem is getting better. Most languages now
| have a central package repo as well as killing off dynamic
| linking so the distro maintainers don't attempt packaging
| libraries.
| jimjimjim wrote:
| c and c++ have been around since before there was a central
| anything. Who should be the central for c?
| vq wrote:
| I doubt there could ever be something official, but for me
| (and others,) nixpkgs serves as a central source for a huge
| amount of C and C++ code.
| haburka wrote:
| This has a really terrible take where the author compares
| javascript obfuscation to source code complexity, suggesting that
| source code that's as hard to read as obfuscated JS is unfree.
| This is a pretty flimsy point - so much that I doubt this article
| was written in good faith. Firstly obfuscated javascript is
| intentionally modified by a program. Secondly, does this mean
| that any source code that's too complicated for the author is
| suddenly no longer FOSS?
|
| Code is often very complex for good and bad reasons but very
| rarely is it done just to prevent comprehension. If it's not
| being done intentionally then I'm sure that as long as you're
| skilled and taking the time, you can understand the code.
| [deleted]
| kwhitefoot wrote:
| I get the point, but credibility is dented a bit by making it
| about FOSS and then using an example that isn't FOSS licensed
| together with Arthur Whitney's b which doesn't even have a
| license.
| acedTrex wrote:
| I absolutely despise this post. As an open source dev, politely
| fuck off with your expectations of me. The source code is right
| there, MIT licensed, go do the work on your own to work with it.
| Its not obfuscated, it's the same stuff I work on every day. I'm
| not required to accommodate or cater to other people wanting to
| develop it.
| [deleted]
| zen21 wrote:
| I don't understand why people are reading some requirement for
| them to accommodate something into this post.
|
| He's simply making the case that as things stand, open source
| doesn't enable people to do much with the code if they aren't
| part of the project itself.
|
| For the most part that seems true. Why is it such a problem for
| him to say it?
| Supermancho wrote:
| > people are reading some requirement for them to accommodate
| something into this post.
|
| There is no other interpretation. "not enough" implies there
| should be MORE, which is a requirement. The requirement is
| never elucidated. This is a Mazouz gripe post for OSS issues
| that are not unknown, and provides no insight.
|
| > open source doesn't enable people to do much with the code
| if they aren't part of the project itself
|
| All code requires effort to utilize. Proposing that OSS
| should have some additional (hand-wave whatever you imagine)
| requirement lowers the effort to utilize it in some way _and
| that result differs for each program_. Imaging OSS code that
| simply does not compile. What more can you ask?
| Homogenization of code is a Sisyphean endeavor. The best we
| have to a uniform interface is source-code text.
| zen21 wrote:
| > There is no other interpretation. "not enough" implies
| there should be MORE, which is a requirement. The
| requirement is never elucidated.
|
| Yes it is. At the top of the article he says:
|
| > People will often claim that since X is Free and Open
| Source Software, every user of X is enabled to hack on it
| and bend it to their will.
|
| Which is basically the same goal as Alan Kay had for
| smalltalk systems. Why is it so controversial to say we
| haven't reached this goal?
| bsza wrote:
| Because it's an expectation about the _quality_ of the
| maintainer 's work. FOSS and code quality are two very
| different things, and they should stay that way. The
| saying "looking a gift horse in the mouth" comes to mind.
| zen21 wrote:
| You seem to be validating the original complaint - that
| FOSS alone doesn't empower people the way it is often
| claimed.
|
| As for looking a gift horse in the mouth, you may not be
| aware of how much that sentiment devalues FOSS. The
| implication being that as long as it's free, it doesn't
| matter how bad it is.
| mooreds wrote:
| > He's simply making the case that as things stand, open
| source doesn't enable people to do much with the code if they
| aren't part of the project itself.
|
| In that case, I'm unclear. Is he advocating for OSS devs to
| do more to make projects inclusive?
|
| Or is he saying that OSS isn't all that, and the code to
| Asperite might as well be closed, given how much beyond the
| source code goes into making a software product?
| imiric wrote:
| Except it's not actually true. Build issues are mostly a
| solved problem with reproducible build systems, like Nix and
| Docker to an extent. If a project is not using this, kindly
| suggest it to its authors, or, you know, propose the change
| yourself.
|
| The lack of documentation is also a problem with specific
| projects only, not a widespread F/LOSS issue. And again, if
| the project lacks in this area, you have the means to improve
| it.
|
| As for projects being difficult for newcomers; yes, this is
| an issue. But it's one you'll also encounter when approaching
| _any_ codebase, where you'll find it takes time and effort to
| understand and contribute a meaningful change. If you're not
| a programmer experienced in a particular tech stack, then
| it's obvious the barrier to entry will be even higher.
|
| None of these issues are specific to F/LOSS, so the post
| reads like a rant from an entitled user. The right mindset to
| begin with should be one of gratitude that developers are
| granting you these freedoms which you don't get with the
| majority of consumer software nowadays.
|
| And another benefit of F/LOSS: just because a project is
| inaccessible to person A, person B might find it easy to
| contribute, which encourages a community to exist, from which
| everyone ultimately benefits.
| zen21 wrote:
| > None of these issues are specific to F/LOSS, so the post
| reads like a rant from an entitled user.
|
| > The right mindset to begin with should be one of
| gratitude that developers are granting you these freedoms
| which you don't get with the majority of consumer software
| nowadays.
|
| By this logic, FOSS is always impervious to criticism
| because non FOSS is worse.
|
| That's not an argument against the premise of the article.
| scarface74 wrote:
| I worked on a company sponsored open source project for a couple
| of years. We were a small team from different departments who
| kept it going as both a labor of love and because we used it for
| customer projects.
|
| I could make necessary changes for a customer, fork it,
| generalize it and then after discussions with the rest of the
| team, I could get my changes merged after the team came to a
| consensus. It was a relatively painless process. We could release
| any time we wanted to.
|
| Then as the project became more popular, 5 years into its life
| (about a year after I got involved), it became more official and
| transferred to another team. Then any change had to go through
| "the process" and any proposed change had to go through levels of
| approval. I still had commit rights and they didn't take away my
| access.
|
| I found myself in the same position as the Haskell developers.
| Either I had to hard fork the code and have a customer specific
| implementation or go through "the process". It wasn't a fun
| skunkworks project anymore.
|
| Luckily, one of my last changes before the project got
| transitioned to another team was an officially supported
| extension framework where I could customize functionality without
| changing the base code - much like the VSCode example.
| jraph wrote:
| The question for me is probably "not enough _for what_ "?
|
| My requirement is user-respecting. Software should respect users,
| be useful to society, and should not (be designed to) cause harm
| (environmentally, psychologically, should respect user's privacy
| - and why this is important is its whole own discussion).
|
| Free software is (arguably) a requirement for being user-
| respecting. A necessary condition. Because it is theoretically
| necessary for users (or someone they ask - most people don't have
| the required time / knowledge) to be able to adapt or maintain
| pieces of software they rely on, if its original builders ever
| disappear, want to take another path or simply won't fulfills the
| user's need. Because the users should be able to inspect their
| software. But indeed not sufficient. You may need guidance to
| understand the code and build it (documentation) [1]. You need
| reproducible builds (so someone can check that the shipped
| version does what the code says, so users don't need to build the
| program themselves each time to be sure). And other requirements
| too: like the software should not manipulate the users to make
| them do things that they would not have done and cause harm, or
| skew society in some undesirable direction. Which can be
| subjective.
|
| For instance, Chromium is free software, probably documented
| quite well, but still serves a monopoly from an ad-supported
| company, which is arguably "not sufficiently" user-respecting and
| helps it to push the entire world to an economical model that
| relies on user-privacy issues, manipulation caused by ads, and
| control from a company bigger than countries and yet not
| democratic at all (assuming democracy is desirable).
|
| Software should be free. And more. How exactly? I don't really
| know.
|
| [1] Note that I also think we can't require documentation or any
| extra work from people contributing free software neither. They
| already make a gift to the world by releasing their free
| software, especially if they do it in their spare time.
| scarface74 wrote:
| I would think Chromium is just the opposite. If you have the
| resources and the knowledge, you can fork it and make it your
| own. I doubt Microsoft's version has any Google dependencies.
|
| Also, if I recall correctly, MS has been able to get changes
| pushed upstream.
| jraph wrote:
| > MS has been able to get changes pushed upstream
|
| Yes, because they suit Google. I suspect you'd not get your
| contribution to get back Manifest v2 features which allow
| tampering with requests from extensions upstream. It would go
| against Google's decisions. They can say that it's for
| technical reasons, but this removal also helps their business
| model.
|
| Chromium is a wonderful piece of software, but it's not
| politically neutral. Software, in general, is not neutral.
|
| Assuming I have the resources, I can fork it and make the
| changes myself. At an individual level, I'm covered thanks to
| Chromium being free software. But at the collective level,
| not so much. Most people will likely continue to use Chrome
| (or Chromium with some luck) and play inside whatever limits
| Google sets. Unfortunately, some network effect is present
| too, which raises collective issues (some websites might not
| bother with compatibility with other browsers, for instance).
| And the collective aspect matters (to me).
|
| Because of this network effect, using Chromium and Chromium-
| based browsers is, in my opinion, a vote for Google's
| business model. Not necessarily in the intent, but in effect.
| The issue is that individual choices don't only have
| individual repercussions.
|
| Software, including free software, can harm society. Programs
| are not neutral. Power games are in effect. Hence why I think
| the free aspect is not sufficient.
|
| I could have used a caricatural open source missile launcher
| example to convey this idea, but also seams less interesting.
| scarface74 wrote:
| > They can say that it's for technical reasons, but this
| removal also helps their business model.
|
| Isn't manifestv2 basically the same as Apple is doing?
| Apple has no business reason to prevent better ad blocking
| in Safari. Having untrusted third party code intercept all
| of your request is a privacy concern.
| jraph wrote:
| I'm not familiar with the Apple ecosystem. But it is my
| understanding that Safari does this too indeed. That does
| not make it right.
|
| > Having untrusted third party code intercept all of your
| request is a privacy concern
|
| Indeed, but I trust uBlock Origin. More than Google's
| software.
|
| In any case, extensions are a privacy concern themselves.
| I still want to be able to install them. Those I trust.
| Google does have a review phase in their almost mandatory
| Play Store anyway, they could use this instead of
| removing useful features if that's their concern.
| zen21 wrote:
| If you "have the resources and the knowledge" then you don't
| even need the source code. You can build your own browser
| from scratch.
| scarface74 wrote:
| So you think it takes the same amount of resources and
| knowledge to build a browser from scratch as it does to
| make modifications to an existing one?
| zen21 wrote:
| No, that's not what I said.
| scarface74 wrote:
| > If you "have the resources and the knowledge" then you
| don't even need the source code
|
| Are you not equating the resources needed to create a
| browser with the resources required to modify one?
| zen21 wrote:
| No. I didn't equate those things.
|
| Edit: It's not clear why you think I did.
| kkfx wrote:
| Personally i consider Chromium as not really free. Simply
| because of it's development model (not developed in an open
| community form, from the start) and codebase size (no single
| human can know it all).
|
| Personally i consider a software free if it born free,
| developed openly so to have eventually a community of different
| peoples with different ideas, set of interests, culture, ...
| have seen the code from it's early days when it was small
| enough to be fully understood and subsequent
| discussions/evolution happened in such open manner. It's not
| exactly a measurable thing, and it's not merely "freedom" but
| for me is a requirement to consider a software as a really free
| one: the freedom of knowing and trusting it with acceptable
| efforts.
| feoren wrote:
| > Free software is (arguably) a requirement for being user-
| respecting.
|
| Arguably indeed. I'll argue this all day. I'd argue that, for
| instance, Excel is mostly user-respecting, within its own
| limits. OneNote is, as well. (If you disable telemetry, which
| is a counterpoint, but could be argued is not a core part of
| those products.) Note for instance that you can save an Excel
| document to .ods format, the main format for OpenOffice and
| LibreOffice.
|
| On the other hand, free software is (arguably) incompatible
| with being developer-respecting, as TFA demonstrates. Software
| needs to be developer-respecting to thrive as well.
|
| > Software should be free. And more.
|
| This is not compatible with the statement "developers should be
| paid". As a developer who would like to make a living, I
| obviously strongly disagree with this.
|
| Nor is that statement compatible with any sensible intellectual
| property or copyright protections whatsoever, unless you really
| just hate software developers particularly. There's no reason
| why software developers shouldn't be allowed to profit from
| their work, but J.K. Rowling should be allowed to profit from
| Harry Potter, or Lin Manuel Miranda profit from sales of the
| Encanto soundtrack. If you truly believe no artist or creative
| person anywhere in the world ever deserves to be compensated
| for anything they do, well, I just really never want to live in
| the world you imagine.
| jraph wrote:
| When I say free, I don't mean gratis.
|
| > On the other hand, free software is (arguably) incompatible
| with being developer-respecting
|
| If you mean developer-respecting as in "paid developer".
| That's not true. There are several ways of building a
| business around free software. Anyway, people releasing their
| software as free software do it willingly. That's strange to
| say that their software does not respect them.
|
| > This is not compatible with the statement "developers
| should be paid"
|
| No. As a developer, I chose to work for a company making
| money from free software. This company sells paid licenses
| for extensions (the code is free software, but people,
| especially enterprises, will pay for the convenience of
| having it built for them and installed from an easy-to-use
| UI), support, cloud hosting and customization.
|
| I should restrict my statement however: end-user software
| should be free software. Not necessarily free beer. And if a
| customer wants non-free customization, that's fine with me.
| They are the ones who pay and use the software, under terms
| they outline in the contract they have with the company.
| Though I don't enjoy writing such non-free code if it could
| benefit others and will try to avoid this. That's a waste of
| my time, I'd rather have my time be spent on stuff that's
| useful for more people than just a customer whose values are
| not, by the way, necessarily totally aligned with mine. My
| company too, by the way. It encourages their customers to
| allow it to develop customization as open source components
| (by making a discount, and open source components are more
| likely to be maintained and get improvements outside this
| specific customer's contract - improvements can be paid by
| other customers needing them).
|
| There are ways. Core WordPress and Nextcloud developers are
| paid too. That's true for many projects.
|
| > If you truly believe no artist or creative person anywhere
| in the world ever deserves to be compensated for anything
| they do, well, I just really never want to live in the world
| you imagine.
|
| There's no bad implication like people being locked up with a
| closed solution with non-free art. I'm not against it, though
| I have sympathy for people releasing art under a free
| license.
| feoren wrote:
| > There are several ways of building a business around free
| software.
|
| For multiple orders of magnitude less opportunity than paid
| software. You think some internal business to business data
| processing software backed by hundreds of database tables
| and containing trade secrets works as an open source model?
| Because you said "software should be free." Period. And
| that's software. Those big Excel workbooks with thousands
| of formulas: that's software too. Internal ETL scripts, R
| scripts for data analysis: all software. None of that makes
| any sense as open source software. So what you're really
| saying is: internal company software should not exist.
| Trade secrets should not exist. A huge range of what
| millions of people do every day is unethical because you're
| not allowed to have a copy you can do whatever you want
| with. It's selfish and narrow-minded and harmful to our
| profession.
|
| > Anyway, people releasing their software as free software
| do it willingly. That's strange to say that their software
| does not respect them.
|
| I'm sure you can find many examples of people abandoning
| open source projects because they're not making enough to
| live on and their users are being toxic to them. You know
| exactly what I mean.
|
| > I chose to work for a company making money from free
| software.
|
| "I won the lottery, therfore everyone should quit their
| jobs and just buy lottery tickets." There is not enough
| opportunity in OSS for everyone to do this, unless you want
| 95%+ of developers to lose their jobs.
|
| > end-user software should be free software. Not
| necessarily free beer.
|
| This is an arbitrary destinction; anyone can be an "end
| user". And for end-user software to be free, all libraries
| it uses must also be free, so you've really only excluded
| ETL scripts here. And you can't have the "free speech" kind
| without the "free beer" kind.
|
| Every single argument in favor of "all software everywhere
| should be OSS" has the same fallacy: here's six examples of
| OSS projects that make money, therefore all 23 million
| developers in the world can do it, and we will forever
| ignore all evidence to the contrary. It's unbelievably
| idealistic and narrow-minded.
| UncleEntity wrote:
| > On the other hand, free software is (arguably) incompatible
| with being developer-respecting, as TFA demonstrates.
| Software needs to be developer-respecting to thrive as well.
|
| I labored, happily, for free[0] on blender's dodgy old code
| with virtually no documentation and the only way to figure
| out the really tricky bits was hope someone was on IRC who
| could point you in the right direction. Hell, with half the
| user features I'd have to read the code to figure out what a
| particular button did.
|
| Frickin' nightmare -- did I mention happily?
|
| I like to believe the time I spent was worth it because I
| mostly worked on filling out the python API so other people
| could write fancy extensions, this was right after the
| transition to python 3 so somebody had to put in the time as
| the old system was way too dodgy to be kept.
|
| If I just didn't work on the things I did because blender
| didn't respect me (whatever that means) I can give you a
| bunch of examples that the users/artists were able to build
| which wouldn't be possible because the core devs didn't have
| the time to go poking all around and figure out there's no
| reason <whatever> couldn't work. Just needed someone to ask
| the question and someone else to go find the answer.
|
| Oh, and last I looked blender is thriving. I wish I still had
| time to hack on it because I really like the abuse.
|
| [0] I did get a hand-tracking doodad for free from the
| results of this and my name in the credits of one of the
| movies so not completely without compensation.
| noobermin wrote:
| At some level all software will be too complex to understand
| easily within one sitting. That is just the nature of life. In my
| opinion, learning to read someone else's code is a sign of
| maturity, the ability to not just jump to churn or replace
| something just because you don't understand it is very mature.
|
| While I somewhat agree there are levels of obscufation, just
| because something is hard to understand on the first go isn't
| sufficient for something to be "non-free" in my interpretation,
| like the b interpreter.
| ghuntley wrote:
| See also https://ghuntley.com/fracture which details how the
| source code of Visual Studio is available but it's fundamentally
| useless by design as what people call Visual Studio (the product
| experience of the standard desktop edition) isn't possible if you
| compile your own version. Yes, this includes VSCodium and the gap
| is getting worse as time goes on with the rollout of things such
| as GitHub copilot. Microsoft is locking down access to Top 6 LSP
| servers...
| cxr wrote:
| Visual Studio is still closed source. VS Code is open source.
| ghuntley wrote:
| But it really isn't. Sure the lower primitives are opensource
| but the value of what people call VSCode // the language
| servers and the market place. Yeah, they aren't and you can't
| use it if you compile from source. I detail this in the link
| above.
| patrulek wrote:
| Author of this post should develop something bigger by himself,
| then mantain it and after all of this succesfully completed
| complain about status of "free software".
| cxr wrote:
| See also other posts in this genre:
|
| Open source is not enough:
| <http://web.archive.org/web/20150828195814/http://adamspitz.c...>
|
| Free software is not enough:
| <https://jfred.dreamwidth.org/479.html>
|
| A related comment (2020 December 17; 19 points):
| <https://news.ycombinator.com/item?id=25458080>
| UncleEntity wrote:
| > People will often claim that since X is Free and Open Source
| Software, every user of X is enabled to hack on it and bend it to
| their will.
|
| Does any one really say this?
|
| Every user has the _potential_ to hack on it if they're willing
| to put in the time and effort to getting up to speed with the
| codebase but the license doesn't _guarantee_ that right.
|
| In fact they generally provide it "as is" with no expressed or
| implied usefulness.
|
| So no mandatory security audits, no mandatory documentation, no
| onboard team to help the junior-woodchuck devs, nada. If it
| breaks you get to keep both pieces and if you manage to fix it
| you might be liable to share your changes with the rest of the
| world, depending on licensing and what you're doing with it.
|
| Requirements which make the developers responsible for anything
| more than what they want to provide will just kill open source
| because they also have the freedom to not labor for free if they
| choose not to. If they have to get approval from The Commissar of
| Free Software before every upstream push, well, silly argument
| but it makes the point.
| pessimizer wrote:
| Very good post with a lot of detail, but very vague on the action
| that it's looking for except for a vague, ominous nod to
| "regulation."
|
| I think that instead of looking for a daddy to tell people what
| to do, the best thing is to come up with a reasonable standard
| for _public_ projects. Projects that are not only Free by the
| letter of the law, but are actually designed to encourage and
| facilitate users in exercising those freedoms. And by "come up
| with," I mean compose them yourself and explain the reason for
| each goal that the standard is meant to solve, and how the rules
| within the standard address those goals. Like Stallman did.
|
| I think it'd be nothing but positive to have some gold standard
| eminently publicly-hackable and accessible Free software projects
| out there. After criteria are laid out, I'm sure a few will be
| discovered in the wild.
|
| Another couple of things about easy-to-build, well-laid-out,
| well-commented projects with few idiosyncrasies is that they're
| great to learn on, and often possible for experienced programmers
| to jump in and out of. Publicizing projects that want to
| prioritize those features, especially as models, could be
| consciously aimed at attracting the help to maintain those
| features.
| robust-cactus wrote:
| So on one side we have folks saying we expect too much from OSS
| devs and we're burning them out. And then on the flip side in
| this post were saying they need to support a variety of compilers
| and endless hardware configurations.
|
| Personally, for OSS I subscribe to "no one owes me anything, I
| can always fork or submit a patch or use something else".
| [deleted]
| ozim wrote:
| Mahmoud author of the blog post wanted to play around with a
| tool and found that he has to pay for something.
|
| Then he follows with a list of why compilation is not free and
| that is his argument why someone should do this for him for
| free instead of charging him $20.
|
| He also continues with some far fetched arguments that serve as
| support for his claim that someone should do what he wants.
| zen21 wrote:
| Where did he claim that someone should do what he wants?
___________________________________________________________________
(page generated 2022-11-13 23:00 UTC)