Dear Debian users, contributors, and enthusiasts,

I have been working in IT, for more than twenty years, essentially Debian.
I tend to prefer non-computer related activities for the free time I have, therefore, I don't really contribute to
Debian, at least not directly.

Still, I have a personal open-source project that relies on and promotes Debian, and I am still passing some time on it.
I make great effort on the documentation, as well as using only Debian packages. I sometimes raise bug reports, or send
detailed messages to reproduce or bypass issues to the packages maintainers, or on this list.

These days, I am working for a company that intensively uses Debian servers, both on prem and on a major well known
cloud provider. Sadly, I notice that any service, not directly implemented by Debian, is systematically replaced by
proprietary services from third party providers.

Here a few simple examples, might be relevant or not to our usage, but some of you are definitely familiar with:

- An external company would provide host based intrusion detection system (HIDS) and automatic upgrades, using
proprietary forks of Wazuh and Nessus open source software and s cloud hosted nice console.
- A proprietary antivirus is installed, instead of using or contributing to ClamAV virus databases or Linux kernel
security modules.
- A centralised git source code hosting platform, where git actually does not need to be centralised.
- A cloud hosted bug tracking system, wiki, etc... You name it.
- etc.

Most of the time, these companies business speech is, "focus on your core business activity, and let us manage the
rest". Or something approaching, you get it, and it's true, on some aspect. I know that on many aspects, using these
proprietary tools are advantageous. They are often more polished, more modern than the "old" open source tool that
nobody maintained any more.

From what I have seen, there are issues, though, both minor and major. I will start by the minor ones, to finish by
_the_ major one, IMHO. You can disagree with the minor and major, depending on your experience.

The "minor" issues:

- The integration with Debian, or even Linux FHS, is not very good or even non-existant (like download and extract this
zip file, and run install.sh). Most of the time, they just don't care.
- These cloud platforms are vendor lock-in, it is hard to move away from them, to another provider. By the time you want
to move away, it is too late, too costly and too complex.
- They introduce dependencies towards a third-party service or site, that sometimes breaks and hold your activity in
hostage.
- They "attract" terrorists groups, because it becomes extremely interesting to inject a backdoor on their site (supply
chain attacks).
- They contribute to centralise the internet in the hands of powerful and monopolistic giant companies. Internet was
initially thought to be a decentralised and free network.
- They are installing black boxes closed sources binary agents, that we have to blindly trust on our systems.

Now, the last point, the major one, at least in my opinion: this attitude is contributing to the slow demise of "free"
and/or "open source" software. For most of these companies, the contributions to Debian - or even Linux, or open source
software - are often very little or even none.

I also think about the many open source projects, that died because there was only one or a few developer(s).

I also think about recently discovered vulnerabilities, or backdoors introduced in major open source libraries relying
on the free time of one developer. The hypocrite reaction from major companies suddenly "discovering" that the library
they used was the work of one person, deciding to start a "new" version of the same software, sometimes with a non-free
licence.

The worst is, most of the times, the money spent on these third party services could be used to hire developers, benefit
the open-source communities, and achieve better results.

Please, tell me what are your thoughts on this. Am I too pessimistic ? Are you, like me, thinking these companies as
open source "scroungers" ?

Thanks for your feedback.
Andrew

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Fri, Oct 11, 2024 at 05:46:05PM +0100, Andre Rodier wrote:

Dear Debian users, contributors, and enthusiasts,

[...]

Please, tell me what are your thoughts on this. Am I too pessimistic ? Are you, like me, thinking these companies as open source "scroungers" ?

Yes, they are. Arguably, the very term "open source" was promoted by scroungers.

There are several possible interpretations of it -- the most common is that "free" connotates "zero price", but this seems to me more realistic:

"Open source as a term emerged in the late 1990s by a group of
people in the free software movement who were critical of the
political agenda and moral philosophy implied in the term "free
software" and sought to reframe the discourse to reflect a more
commercially minded position."

See, I'm into free software because of user freedom. A software "vendor"
will balk at the idea of their users becoming "free", as much as a farmer
won't be happy about their cows becoming free -- those are their means
of production, as are the vendor's users. Much more extremely so in the
age of surveillance capitalism [2].

The methods of user freedom's enemies are shifting quickly. They still
have some GPL aversion (a bit quaint, makes one think of vampires and
garlic), but it'll matter less and less. And with Copilot, Microsoft
is running their Big Free License Dilution Experiment (note that they
don't train Copilot on their in-house proprietary code: /their/ license
seems still to matter to /them/).

So if we care about user fredom, we'll have to come up with something
new. Something fitting current times. Something as smart as the GPL
was back then.

So that's my take.

Cheers

[1] https://en.wikipedia.org/wiki/Open_source#Open_source_as_a_term
[2] https://en.wikipedia.org/wiki/The_Age_of_Surveillance_Capitalism
--
t

-----BEGIN PGP SIGNATURE-----

iF0EABECAB0WIQRp53liolZD6iXhAoIFyCz1etHaRgUCZwllJQAKCRAFyCz1etHa RjHGAJ9VYDaNbNHzCY3wWn81XPKUrpJp6ACdHw1Mt5J+iExf4TTq/Ugi0Fg7QiM=
=BE6+
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Oct 11, 2024, Andre Rodier wrote:

[...]
Please, tell me what are your thoughts on this. Am I too pessimistic ? Are you, like me, thinking these companies as open source "scroungers" ?

I think it's more that "companies" tend to need assurances (i.e. someone
to call and blame when [insert solution here] doesn't do something in an expected manner). So, "Open Source" falls on its face here, with
projects tending to not particularly have that kind of support
infrastructure.

Like, if something goes wrong in [proprietary PGP], you can call
[vendor] and get support (or their devteam to look at it, etc.) --
they're the ones on the hook, not you (well, you are, but you can
deflect a bit to "we're working with the vendor). On the other hand,
GPG ... well ... maybe the mailing list can help?

--
|_|O|_|
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: DDAB 23FB 19FA 7D85 1CC1 E067 6D65 70E5 4CE7 2860

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3asj+xn6fYUcweBnbWVw5UznKGAFAmcJYAMACgkQbWVw5Uzn KGB0sRAAgPkoIGZRZeNTFB/hfPu26FAWoiupN6TnRlUUs7K6tViU3cqNM4CvrsW/ 3TlvLm1OyeMMFwTZvuqKwODvLs21SgLx4aWTVRT8JB2zEebWjIaoRZvW9hhKv403 q/QLUugFM0URrKqryxGHVpktIYD02/j6n/9YtZGAovfRZj+NKoR/BHtfYApw2vCM K7hsO9HyvzcCO6EbQPEh5lOJizm9PcX9Yp09dsVtjHMzPio+j8PBmhJDZzi3vufx qo0FNHwNweLuAV2g9ssM+C+nRf/iYMeGTPh14b+yyYm31Yz8l2K6wBurg5ZGwPpM 9zQMqeEboovarXHBP6ZYjmEkniYD600A3BOij0u4P6r23bpL99HEB2iJFAfr+2nd DMDhn27h0OPW5q+43CYg7//1zd1Fyq/630PdNRoRB+kDIpK5AA4UaR9mZaApeWHI DcAI3+NVJCMIWsB9OK+K71U0afTNH0SaiO9TOp+wzO/0E4BJ+o/MuBRi2RhTsgJT s+y1s6iwc2r8q2p/1j97Z938Owk7YLQxocMBtOd41tNGqTYrDw46Pym8m3FjA6f3 06V+YUd/0d2AtmWOyax/hQhHlXMAfjk6OsUa7RoQc9ey+9+LDxn4ghPjO3fehzyb GJQPqkdMNVeVVCrbtMqsqEksvy8jNR/8rq3Ca3Ar+fEqzSX8jEw=
=rTfx
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Us

[...]
Please, tell me what are your thoughts on this. Am I too pessimistic?
Are you, like me, thinking these companies as open source "scroungers"?

I think it's more that "companies" tend to need assurances (i.e. someone
to call and blame when [insert solution here] doesn't do something in an expected manner).

Yup, the Free Software world needs more companies who sell support
contracts and collaborate between them to lower their costs and
strengthen their offering (so as to be competitive with larger
corporations).

But of course, there's still the issue that "noone was fired for buying <BIGNAMEHERE>", so any human-scale company offering support contracts
will tend to be overlooked, even if its bid is competitive.


Stefan "whose employer (Université de Montréal) spends >$10M
yearly on an Oracle support contract 🙁"

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Saturday, 12-10-2024 at 03:46 Andre Rodier wrote:

Dear Debian users, contributors, and enthusiasts,

I have been working in IT, for more than twenty years, essentially Debian.
I tend to prefer non-computer related activities for the free time I have, therefore, I don't really contribute to
Debian, at least not directly.

Still, I have a personal open-source project that relies on and promotes Debian, and I am still passing some time on it.
I make great effort on the documentation, as well as using only Debian packages. I sometimes raise bug reports, or send
detailed messages to reproduce or bypass issues to the packages maintainers, or on this list.

These days, I am working for a company that intensively uses Debian servers, both on prem and on a major well known
cloud provider. Sadly, I notice that any service, not directly implemented by Debian, is systematically replaced by
proprietary services from third party providers.

Here a few simple examples, might be relevant or not to our usage, but some of you are definitely familiar with:

- An external company would provide host based intrusion detection system (HIDS) and automatic upgrades, using
proprietary forks of Wazuh and Nessus open source software and s cloud hosted nice console.
- A proprietary antivirus is installed, instead of using or contributing to ClamAV virus databases or Linux kernel
security modules.
- A centralised git source code hosting platform, where git actually does not need to be centralised.
- A cloud hosted bug tracking system, wiki, etc... You name it.
- etc.

Most of the time, these companies business speech is, "focus on your core business activity, and let us manage the
rest". Or something approaching, you get it, and it's true, on some aspect. I know that on many aspects, using these
proprietary tools are advantageous. They are often more polished, more modern than the "old" open source tool that
nobody maintained any more.

From what I have seen, there are issues, though, both minor and major. I will start by the minor ones, to finish by
_the_ major one, IMHO. You can disagree with the minor and major, depending on your experience.

The "minor" issues:

- The integration with Debian, or even Linux FHS, is not very good or even non-existant (like download and extract this
zip file, and run install.sh). Most of the time, they just don't care.
- These cloud platforms are vendor lock-in, it is hard to move away from them, to another provider. By the time you want
to move away, it is too late, too costly and too complex.
- They introduce dependencies towards a third-party service or site, that sometimes breaks and hold your activity in
hostage.
- They "attract" terrorists groups, because it becomes extremely interesting to inject a backdoor on their site (supply
chain attacks).
- They contribute to centralise the internet in the hands of powerful and monopolistic giant companies. Internet was
initially thought to be a decentralised and free network.
- They are installing black boxes closed sources binary agents, that we have to blindly trust on our systems.

Now, the last point, the major one, at least in my opinion: this attitude is contributing to the slow demise of "free"
and/or "open source" software. For most of these companies, the contributions to Debian - or even Linux, or open source
software - are often very little or even none.

I also think about the many open source projects, that died because there was only one or a few developer(s).

I also think about recently discovered vulnerabilities, or backdoors introduced in major open source libraries relying
on the free time of one developer. The hypocrite reaction from major companies suddenly "discovering" that the library
they used was the work of one person, deciding to start a "new" version of the same software, sometimes with a non-free
licence.

The worst is, most of the times, the money spent on these third party services could be used to hire developers, benefit
the open-source communities, and achieve better results.

Please, tell me what are your thoughts on this. Am I too pessimistic ? Are you, like me, thinking these companies as
open source "scroungers" ?

I feel all of us (at least most of us) are scrounging around just trying to make a living in life, and in this way, we are all "scroungers".

Your questions could easily spawn many philological discussions around Open Source, FOSS, and the IT industry.

I hope there will always be people who will contribute to FOSS and/or Open Source. In the main I am only a user of FOSS and/or Open Source.

As for who uses and/or contributors to FOSS and/or Open Source. The best is to contribute, then there is usage in all its forms, to not being used in any way (being totally irrelevant). How sad it would be if after all the contributed effort, no one at
all was making any use of that effort.

I hope your frustrations do not diminish your enthusiasm to contribute. Continue to contribute and to use Linux as you desire and enjoy doing so. Do not be distracted by what others do.

George.

Thanks for your feedback.
Andrew

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi,

On Fri, Oct 11, 2024 at 05:46:05PM +0100, Andre Rodier wrote:

Please, tell me what are your thoughts on this. Am I too pessimistic ? Are you, like me, thinking these companies as open source "scroungers" ?

i
Opinion:

The largest recipients of welfare in the Western world are
corporates. Both large corporations and the billionaires at their
head are blights on society. Any society that can even produce a
billionaire is dysfunctional at a far more fundamental level than
any conversation we'll have about software.

I am old enough to have experienced the "ignore", "laugh at" and
"fight" parts of the cycle, and now we are on the whole winning.

Yes, businesses are primarily trying to make money and some go
unfortunate ways with their licensing. Yes, too much is being asked of
open source maintainers. But I can remember what it used to be like.

I am not too worried about the survival of open source in general. I am
more concerned about diversity of participants, and the challenges that
AI brings.

Thanks,
Andy

--
https://bitfolk.com/ -- No-nonsense VPS hosting

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)