At PyCon AU 2015, and again at DjangoCon US 2015, I gave a talk entitled "Money Money Money: Writing software, in a rich (wo)man's world". The talk was a summary of the issues around one of the biggest problems that I see facing the open source community: how to provide the resources that are needed to develop and maintain the software that we, as a community depend upon. This means providing maintenance and support for established projects, large and small; but also providing an ecosystem where new ideas can be incubated, developed and matured until they present compelling alternatives or significant benefits over closed source offerings.
It's been almost 18 months since I first presented this talk, but the issue persists. I haven't been alone in noticing and drawing attention to this issue, either. Nadia Eghbal was commissioned to write a white paper for the Ford Foundation entitled Roads and Bridges highlighting the chronic need for resources to support the basic infrastructure that underpins large parts of the modern economy. Eric Holscher (maintainer of Read the Docs) blogged about the problems he's had raising funds, despite the fact that the service he delivers is a widely used - arguably indispensible - part of the Python ecosystem.
However, despite this attention, it still doesn't get anywhere near as much attention as it should. And it's an issue that is of pressing importance to me, as the BeeWare project is looking for ways to fund the development needed to take us from "interesting technical demo" to "compelling technical solution".
A few months back, it was suggested that I should publish a blog post to accompany the video presentation. I dragged my feet on doing this, until industrious BeeWare contributor and all-around nice guy Elias Dorneles offered to take my speakers notes and convert it into a transcript.
So - here it is. Money Money Money: Writing software, in a rich (wo)man's world. If you've got any questions, disagreements, requests to present this at your conference, or just a generic offer of a bag of cash, you can reach me at firstname.lastname@example.org.
Hi, I'm Russell Keith-Magee, if you've heard of me before, it's probably because of my work on the Django project; I've been a core team member for almost 10 years, and president of the Django Software Foundation since 2011.
One of the big challenges of the Django project - and any big project for that matter - has been to secure certainty in its development future.
My day job is as CTO and co-founder of TradesCloud. We’re a Software as a Service for tradespeople -- plumbers, electricians, carpenters and the like. TradesCloud depends on a number of open source projects - Django, Apache, memcache, countless others. So I've got a business interest in the continuity of these open source projects - but I certainly don't have the resources to fund them all myself.
I've also got a declared interest in GUI/UI issues, especially as they relate to development tools. I've got grand visions of what I'd like to do with this project, and I've received some great contributions from the community, but it's still largely my own work. But my startup would be able to make great use of these tools if they were mature.
I've also a maintainer of some smaller projects, like the Python wrapper to the Xero API. I started the project because I had an itch; and my itch has been scratched. But now I've open sourced that project, which means I've inherited a maintenance task. I've accepted help from a couple of people - most notably Matthew Schinkel and Aidan Lister, who have done great work. But if I'm honest, the maintenance burden of PyXero well exceeds the time I can reasonably dedicate to it.
So - I've got vested interests in free software. I've got an interest as a producer of a successful project with a high profile; as the producer of a small project with lots of users but little personal incentive; and as a producer of smaller projects with almost no profile but grand plans. These projects all have different resourcing needs, reflecting their maturity as projects.
I've also got interests as a consumer of free software - both in terms of the software I rely on to develop my own projects, and in terms of my commercial interest in the long term maintenance of tools and platforms. I need these projects to continue to develop, survive and thrive.
Based on my experience, I'd like to make a bold assertion:
Absent of any other constraints, given equivalent resources, the free software approach produces vastly superior engineering outcomes than the closed-source approach.
The catch is the operative clause "given equivalent resources". Most free software projects aren't developed using anything close to "equivalent" resources.
In some cases, this is a blessing in disguise - regardless of the project, having scarce resources is an excellent crucible for burning away the unnecessary to leave only the base metal. But it's not always a blessing.
The moral high road is littered with the corpses of our allies
Talk to any prominent free software developer, and amongst the success stories, you'll also hear some consistent troubles - that they've got great ideas and grand plans, but no time to execute; that they're about to burn out due to the pressues of maintaining their project; or that they've had yet another mailing list discussion with someone who doesn't understand why you didn't drop everything to help them fix their problem. And there are plenty of examples.
OpenSSL is the software that drives pretty much every "secure" connection on the internet - and yet it took until the discovery of Heartbleed - a critical vulnerability that sent the internet into a tailspin - before it could find funding to pay for maintainers.
Another example - GnuPG - Werner Koch almost went bankrupt trying to support GPG - a project that many others depends upon for trust in their release process. He was rescued, at deaths door, by the Linux Foundation's Core Infrastructure initiative.
Those are both examples that ended with funding; but it's not all happy endings.
Take the example of Capistrano. Hugely popular configuration management tool around 2007-8, maintained by Jamis Buck. In 2008, citing burnout and maintenance overhead, he famously withdrew support for Windows, saying "Windows may be the 800 pounds gorilla in the room, but it's not my gorilla, and it's not in my room". This was an incredibly unpopular move; but even with that scale down, Jamis burned out in 2009, abandoning Capistrano, and a number of other projects, without maintainers.
"Hi I'm an engineer at a well-funded company and we need this feature can someone implement it for free?" -- Every FOSS mailing list.— Christophe (@Xof) July 17, 2015
The thing is - that this is a community that has lots of cash. In the grand scheme of things, software development is a well funded industry. If companies can find money for foosball tables and meditative ball pits, they should be able to find resources to help maintain the software on which they've based their success. And if you're on the receiving end of the problem - a developer of free software - that can be really frustrating.
For me, this is the great unanswered question of the free software movement - how to reconcile the discrepancy between the clear demand for a software product, and the ability to convert that demand into the time and resources needed to service that demand.
Free software: Dream vs Realty
Although the theory says that anyone can contribute to a free software project, in reality, every single project of any significance has leaders. At the most basic level, it's whoever has the commit bit. And you need that leadership, especially when anything to do with design is involved. The running gag is that a camel is a horse designed by committee. The worst APIs we deal with on a daily basis are the ones that were designed by committee. You need someone with taste running the show.
But there's a bigger problem - there's the extent of the engagement that users have with a project. Here's a though experiment to prove my point. We're in a room full of Python users. Django is a free software project.
- Who in this room has found a bug in Django, or has a niggling thing they'd like to see fixed Django API?
- Who has turn that niggle into a bug report to Django?
- Who has submitted a patch to Django for that niggle?
- Of those, who have had that patch committed?
When this is done in front of a live audience, at each question, there are less people raising their hands
Products vs Projects
So what's going on here? Well, it reflects 2 different ways of looking at a piece of software - Projects and Products. And it's a matter of personal perspective - my project can be your product, and vice versa.
When I view some code as a project, it's a body of code where I'm contributing to a larger goal. I'm willing to spend resources focussing on other people's needs in the hope that their needs will help make the project as a whole better. I'm willing to do this because I get some personal gain, like an enhanced public profile; or if the tool is really close to my work coalface; or where I know I can make a substantive contribution.
But the further I get away from my coalface, and the harder it is to make a contribution, the less inclined I am to even want to contribute to the project. Most of the time, it's a product that I'm using, warts and all. If a product has bugs, I'll work around them, or find an alternative, rather than navigating the contribution process and contributing a patch back upstream.
In the case of a product, the freedoms afforded by Free software are a bit like freedom of speech - it's a freedom I definitely want, it's comforting to know it's there, but I don't spend every day making sure that I fully exploit the extents of those freedoms. There are people who do - protestors, advocates for controversial social positions - and one day, given the right circumstances, I might join in and help them. But most of the time, I just want to be pragmatic, and get on with living.
This dichotomy between the theory and practice is also the reason why comments like "Patches Welcome" get made in Free software mailing lists. On the one hand, it's completely correct. Anyone can contribute, and on most projects patches are welcome. But most people don't look at a new open source project as an opportunity to engage and contribute. Most people just want to use the damn software.
And you can argue it's because people are focussing on the wrong interpretation of "free", and haven't "captured the spirit of free software". Which is 100% true, but utterly counterproductive as a position. Anyone who has done any UX work knows that if users are consistently making a mistake, blaming the user gets you nowhere. You were in charge of what the user experienced, and they made the "error" because of a fundamental cognitive disconnect.
And even if everyone did get the right message - let's be realistic - it wouldn't work anyway. The mythical man month showed us that you don't deliver a project faster or better by throwing more people at it. 9 women can't make a baby in 1 month - a project doesn't just need resources - it needs the right resources, in the right quantities. And ultimately, that means projects finding a way to get the resouces they need to be self sustaining.
So, that means that if we want free software to be maintained, and maintained well, we need to find a way to fund it's maintenance.
Use value vs Sale value
18 years ago, Eric S Raymond published an essay entitled "Cathedral and the Bazaar". This essay catalyzed the start of the open source movement - a redefinition of "free software" to make it clear that the openness, not price, was the important property. What isn't as well remembered is that "Cathedral and the Bazaar" isn't the only essay Raymond wrote at that time. He published 2 other essays shortly after CatB - "Homesteading the Noosphere", about the social organization and motivations behind free software projects, and The Magic Cauldron, about the economics of Free software.
One of the key distinctions that Raymond highlights in that essay is the difference between Use value and Sale value.
The sale value of a product is its value as a salable commodity - literally, what you sell it for.
The use value of a product is its economic value as a tool, as a productivity multiplier. This is how much economic benefit the user will get from the product.
The important the is that the two aren't necessarily connected. In a traditional manufacturing environment, the focus is on sale value, because that's usually linked to the manufacturing cost - the cost of parts and materials.
But most software isn't produced for sale value - it's in house software produced for use value. In the case of free software, the "sale" value for free software is 0. But that doesn't mean there isn't use value, and the catch is to work out how to exploit the use value that exists within an organization as a monetization channel.
So, what are your options?
Well, you can sell merchandise. And while this is relatively easy to do, lets be honest - you're not going to fund a software empire selling t-shirts.
You can get users to pay for documentation. Write a book, get users to pay for it.
Unfortunately, the dirty little secret of the tech writing scene is that nobody gets rich writing tech books. They're incredibly valuable resources for the community, they're great for padding your resume, but not so great as a revenue stream.
One area that does pay well is selling training. Employers are willing to pay big bucks for training courses; if you can put together a 3 day intensive workshop, you can sell it over and over again.
You can productize your offering. The source code remains free, but a simple, easy-to-use installer costs money. This works really great when when what you have is a clearly identifiable product - like an IDE.
One specific model of productization is SaaS - give the code away for free, but pay for the convenience of having someone else administer it for you. Any open source web software is a good example of this - you can install the software on your own servers, but honestly, unless you've got a reason, you use someone elses hosted solution and let them take care of it for you.
But, SaaS is only viable if you can deliver as a service - which means it's really only viable for web. And, as technologies like docker commodify deployment, it's possible that even this revenue stream might evaporate.
So what else can you sell?
You can sell access to the developers. If you're the maintainer of a project, you're in the best position to provide support, or debug complex problems - which means you're in a prime position to sell support and consulting. Honza Král <https://twitter.com/honzakral> from ElasticSearch calls this the "Ghostbusters" business model - "Who you gonna call?"
You can sell access to the software. Trolltech did this with Qt; Riverbank still does with the PyQt bindings. The library itself is GPL - but if you want to use it on a closed source project, you can, for a hefty fee. This has the advantage that it forces commercial interests to pay for what they're using; but it also discourages small scale commercial tinkering - if I'm writing a new tool, and I'm forced to choose between open sourcing my tool or a $1000 price tag, I'll probably choose a different toolkit.
You can also get into the business of providing certifications and guarantees - auditing code to ensure quality or compatibility, providing guarantees about fixing bugs, and certifying that individuals are skilled in the use of the product. This is a big part of RedHat's business model - auditing packages, making sure they all interoperate as expected, ensuring that security updates are available and meet the same standards, and certifying system administrators.
This is a set of products that appeals to the "enterprise" high end of town - and that's is a lucrative end of the market. But those customers also tend to only want these guarantees for certain types of software - broadly speaking, "Boring fuddy-duddy" software. Your operating system, your database - these are pieces of software that need to be rock solid in an enterprise setting. Your debug toolbar - not so much, unless maybe they've being wrapped as part of a suite of tools.
Undermining your value proposition
Another problem with many of these revenue sources is that if you run your project well, a lot of them are ruled out - or at least severely curtailed.
If you make something truly simple to use, you've just removed the need for books and training courses - or, at the very least, moved the ground to "advanced" courses - which are harder to write, and have a smaller audience.
Django saw this first hand - Django's documentation was famously very good from a very early stage, and as a result, it was quite hard to get publishers to take on Django book projects - because the documentation was too good, and was undermining the market for books. It's taken a long time, and mostly self-publishing, to get good Django books available for sale.
If you have a project mailing list, where the community answers questions for free, and it's a healthy, responsive mailing list... why would I pay for support?
If your software is well designed, and modular, and those interfaces are well documented, and I need a modification - why wouldn't I just write the mod myself?
Now, Ok - I'm exaggerating. There are legitimate reasons to pay for support or to bring in a consultant even if the interfaces are clean and well documented. But my point is that the better you do a job as a free software engineer, it becomes harder to make the business case for your revenue stream, because the value proposition becomes less obvious.
And if it isn't directly undermining your value proposition, it can still undermine you indirectly, because the more time you spend earning money, the less you spend doing what the money pays for. Administering a certification program takes time. Writing and delivering training courses takes time. Consulting can be lucrative, but developing a sales pipeline takes time. And if you're consulting, you need to make sure that sales pipeline is full, which means you're going to err on the side of taking on more work than less... which means you've just closed the door on the the time you have available to work on open source.
You also need to be careful that in selling your business case, you don't undermine your main project. If every hard question on the mailing list is answered "We can answer that for a fee", you're going to sound like a shill.
If a project says it needs money to make sure we stay on top of security issues... you have to be really careful how you say it, because the easy interpretation is "well, the project must be insecure, because they're not on top of security now".
A question of scale
There's also a question of scale. Python, Django - these are large projects with large communities. Making a business case for Python or Django isn't too hard. Not trivial, but possible. But is the maintainer of a smaller project - like, say Django Debug Toolbar - are they seriously expected to write and sell a book about Debug Toolbar? Or training and certification in its use?
Smaller projects are no less important to the vitality of the overall Django ecosystem, but those projects aren't afforded the same opportunties for fundraising as larger projects.
It's also important to realize that not all products are afforded all these opportunities for revenue. An IDE can be productized; a developer library probably can't. Different projects will need different mixes of revenue streams.
Do you have to sell something?
Ok - but can we do this without selling anything at all?
"How to make money from open source" is like "How to make money from clean water" or public education or science.— Pieter Hintjens (@hintjens) May 27, 2015
Free software stems from a moral imperative - so can we fund development through altruism and patronage? Well, it's harder, but there's evidence that it can be done.
Crowdfunding and Bug Bounties
One option that has seen a lot of activity recently is crowdfunding. Platforms like Kickstarter and Indiegogo provide a way to a group of people to pitch in and contribute to a goal.
The Django community has a couple of examples of very successful crowdfunding projects, each raising tens of thousands of dollars (Django Migrations, Multiple Template engines, django.contrib.postgres, Django Rest Framework). But - if you survey the people who did these projects, they didn't make money on these projects. The amount of engineering time that went into them well exceeded the money raised.
Another idea that gets floated regularly is the idea of bug bounties - placing a price on specific bugs. This is really just another form of crowdfunding - You want a specific bug fixied or feature added? Contribute money. You really want it - contribute more. And eventually someone will take the bait and fix the bug or implement the feature.
It's an attractive model - but it also has problems - most notably, Who gets paid. Do you pay by lines of code written? That ignores the contribution of reviewers. How much more important than writing code is reviewing code or triaging a bug?
But the biggest problem I see with crowdfunding approaches is that they are in conflict with establishing a working income. If you're hiring yourself out, the shorter the engagement, the higher your hourly rate. This is a hedge against unemployment at the end of the contract. If you're doing a Kickstarter, you're best served by having a small, clearly described, clearly achievable goal. So - a month or two of work.
That means you need to charge your short term rate in order to guarantee long term income. But it's also in your interest to have a low fundraising target, so that the campaign actually tips. If it's too high, it could scare off potential bidders. It also means the community pays a premium for any new feature, which isn't the best use of already scarce community resources.
Grants, Fellowships, Patreon
Ok - so if you want longer term income, you need to look at longer term engagements. That means that you stop looking at funding specific projects, and start looking at funding the person, with grants and fellowship positions.
I'm including Patreon in that list because it's effectively "crowdsourced patronage". You're not paying for a specific thing - it's "keep doing what you're doing" money.
Over the last 10 months, Django has been using this model. We hired a fellow at the end of last year. The fellow - whose name is Tim Graham - is responsible for keeping the project wheels greased.
From a technical perspective, this has been a roaring success. Tim's made great inroads into our ticket backlog, and response times on ticket reviews are lower than they've ever been.
The hard part has been raising the money to pay him.
We did a fundraiser at the start of the year specifically to fund the Fellow; that campaign has raised just over $50k US. That's no small chunk of change - but it's also not a lot when you're talking about a full time employee. We're going to need to do another fundraiser really soon if the Fellowship is going to continue.
Almost everyone agrees it's been money well spent, but converting that into donations has been hard work.
Another other approach for raising money is to embrace the devil, and go commercial. Commercial interests have the money, so why shouldn't they pay for it? This can be very successful under certain circumstances - but you have to be able to make a business case for the corporate owner.
OpenStack is a great example of this. Why are Rackspace, HP, Redhat, Ubuntu all interested in OpenStack? Because they sell products that benefit from commodifying the hosting environment. By making it cheap and easy to control cloud deployments, they increase the size of the market for cloud hosting, which means more money for their core business - either directly (like Rackspace), or indirectly (like RedHat, because cloud servers still need operating systems).
Node.js is funded by Joyent for similar reasons - Joyent is making a long play that if it's easier to develop web software, more people will write web software, increasing the market for Joyent's services.
However, Node.js is also a cautionary tale about corporate interests - what happens when the community and the corporate sponsor disagree about the direction of the project? Well, you get project splits, like the io.js split. Corporate money can corrupt. You need to be careful that project governance is independent of the funding source.
Having a single corporate master also puts the project the risk if that corporate master loses interest. Django was originally under the wing of the World Company. Eventually, that interest waned, and the corporate support dried up, too.
The other corporate answer that gets floated is to go get venture money. And there are some examples out there of people doing this. Meteor, for example, is funding their development with money from a venture fund. They've got plenty of money to hire engineers, designers - whatever they need.
What makes me nervous about this model? We've been here before. Who here remembers Eazel? For those who don't remember, In the late 90s, Eazel was a dot-com company founded to develop the Nautilus file manager. And, we got 2 years of open source code. And then the bubble burst, and the company went bust. Now, the good thing is that we still have the code. But it would be better to have the code still being actively developed.
Developing a patronage culture
And again, all this discussion is happening in an industry where billion dollar valuations are kicking around.
Large parts of our industry, are built on a foundation of FOSS - but those with the most capacity to contribute, in many cases, aren't contributing.
Some are - there are some companies that do give huge amounts back to open source communities. But there are also a lot of companies that don't give back.
And even those that do give back - many of them give the help they're able to give, which isn't necessarily the help that is needed. The Django Software Foundation regularly receives offers for free or subsidized hosting from hosting providers. And don't get me wrong - that's great, and incredibly useful.
But what we really need is someone on the payroll to review bugs. Earlier on in the lifecycle of Django, we needed people to write new big features. We're in a constant need of graphic designers, artists, tech writers. We need people who know how to do sysadmin, and community outreach. And we don't need 400 people donating 1 hour; we need 10 very specific people donating 40 hours.
When a disaster hits, organizations like the Red Cross call for donations. And they will usually say "please give us money, not tins of food or blankets". The reason? Money can buy what is needed. You can't control what people donate, and even if they do happen to donate exactly what you need, there's a huge logistic task of working out what has been donated, and getting it where it's needed.
FOSS projects are much the same - they require resources. Some companies donate in kind, and that's great, but it's rarely what is needed, and it's easy to get distracted working out what to do with all resources that have been donated, but you don't have an immediate use for.
And sadly, just as with charities - many companies don't donate at all. And I'm not claiming these companies are being deliberately malicious in not funding open source - if anything, we as a community have failed them because we haven't helped them help us.
Most importantly, we don't have a mechanism in place to make it easy to spend money, and easy to receive money. The current state of affairs clearly demonstrates that it's not enough that there is a lot of money in a community - you have to make the mechanism for donating that money as obvious and seamless as possible, and you have to have someone to direct that money towards.
One model community that I think does this really well is the Wordpress community. Wordpress is GPL'd software. There are books, videos, blogs on how to write wordpress plugins and themes - the same as there would be for any open source software community. But criticially, there are also books, videos and blogs on how to make a business writing Wordpress plugins and themes. Wordpress is GPL. And therefore, so are all the plugins. They've got a store where you can buy plugins (and get free ones), and easily install them in your Wordpress instance.
The Wordpress ecosystem has fundamentally embraced the fact that money needs to be part of the equation, and by doing so, they've created an industry that is self-funding - and this, I'd argue, is one big reason for the success of Wordpress as a platform.
A controversial proposal
In that vein, I'd like to make a controversial proposal.
What if PyPI was a revenue stream? What if, when I registered an application with PyPI, I could specify a price - either per install, or per version, or per-app, or per-month. When I pip install, the cost just gets added to my PyPI account, and I get a monthly charge on my credit card; and that gets passed back to the developer projects.
If PyPI stats are to be believed, Django is downloaded from PyPI more than 1 million times per month. If there was a 10c toll on each download, that would raise $100,000 per month - enough to pay for 10 full-time well paid developers, or a metric buttload of diversity, outreach, DjangoGirls, and community support.
You could also leverage PyPi dependency information to pay it forward - if you're writing a project that depends on another, you could opt to pass some of your revenue upstream. Or, request that downstreams provide a tithe.
And then there's the biggest dependencies of all - PyPI and Python itself. If PyPI took a small cut of the revenue raised, that could help pay for the development and maintenance of PyPI - and potentially Python as well.
You could also take some of the money collected and put it into a development pool - so if there's a new project that needs some bootstrapping cash to get started, or an established project that needs some help for a big task (like a Python 3 upgrade), the community as a whole can easily funnel money towards that project.
What about people who don't have money? Well, we can offer free passes. You're at a DjangoGirls event? Use this promo code to get free access.
You can still give away your software at no cost. And it's still free software - you're still delivering Python, so you're still going to get the source. You could probably even make the signing up process completely optional. All we'd be doing is paving the cowpath - making it easy to collect a toll on the easy way to use your software.
I'm not going to say that any of this would be easy to implement. Completely aside from any technical challenge and nailing down details, it's a big philosophical change for the community, and that's a much bigger issue. But this philosophical question about money is a discussion that we, as a community need to have.
What we've got here is a tragedy of the commons. Everyone agrees this software is good. Everyone knows that software needs to be maintained. But why should one individual company take on the economic burden of funding maintenance when their competitors are getting the benefit for free?
Learn from the MPAA and RIAA: Make it easy to do the right thing
For me, the key lesson from the music and movie industry from the last 20 years is that if you make it easy to do the right thing, people will do the right thing. If you make it simple and seamless for a large company to swipe their credit card and get charged $100 a month for using all this open source software that has been developed, they will. Yes, people will cheat. Don't worry about it, as long as cheating isn't easier than doing the right thing.
The biggest reason that this isn't happening right now is that it isn't obvious what the "right" thing is. I could donate to the DSF or PSF... but it's a bit fiddly to organize, and it's not clear where the money goes... I could sign up to a few Patreons, or sign up to a bug bounty program... but not everybody is there, and those that are aren't really earning enough to make a living, and I don't want to just contribute beer money.
So what are we to do? The short answer is "I don't know". There probably isn't going to be a silver bullet. I'd like to think that a monetization channel on PyPI would work, but I'll be the first to admit that it might not be the answer, or there might be problems I haven't forseen.
But I firmly believe this conversation about money is conversation we have to have. Free software as a movement is over 30 years old. Open source is almost 20. We've conquered the technical hurdles. We're even conquered the policy hurdles. Now it's time to tackle how we make this a long term sustainable industry, not just commercial interests exploiting the naïveté of a stream of doe-eyed volunteers.
I'm actually going to take another slightly controversial position, and not take questions at this point, for two reasons - firstly, because this sort of talk is a magnet for "I have a comment, not a question" responses; but also because this isn't a subject where I have the answers.
This is a discussion we need to have as a community - and I'm eager to have that discussion - just not on this stage.