“We need a better way to financially support OSS!” I mean call me the crazy business guy here but how about for-profit enterprises start paying market rates for professional labor?
-
-
Show this thread
-
People want someone to blame for this security incident, and while I sympathize with that emotional desire, folks wouldn’t be fulminating nearly as much if (non-responsible) engineers were getting paid $200k and ate at same lunchroom.
Show this thread -
It’s a really curious sociological thing that the fact that folks are exploiting the OSS devs here, and I’m not choosing that word lightly, is what gives them social permission to hold their own engineering practices blameless in the process of doing the exploitation.
Show this thread -
I did consulting for a number of years. You know what happens if someone discovers a bug in the general vicinity of one of my 2012 consulting deliverables? Nothing happens, because everyone involved is a professional. They pay someone to fix the code they bought for $X0k.
Show this thread -
In the very unlikely event that they were to say “Oh hey Patrick we have discovered a security vulnerability here... I know you’re probably busy what with working at another company, but could you drop everything to fix it?”, I would politely and firmly point to the MSA and SOW.
Show this thread -
(Contracts which define the relationship between a consultant and their client viz things like Acceptance Criteria, and which are very unambiguous about “After you’ve accepted a deliverable this work is *over.* If you want more work, enquire about rates and availability.”)
Show this thread
End of conversation
New conversation -
-
-
Because OSS is fun, and useful, and easy to start doing, and socially validated by your peerset... and by the time you realize your peers expectations trap you into being a company doing software lifecycle management on maintenance revenues of zero dollars you think it normal.
-
Another reason is that someone who has a successful OSS project under his belt will likely get way better offers than someone with corresponding experience from proprietary projects.
End of conversation
New conversation -
-
-
You mean companies with 50m have yet to come to terms with
Crypto is driving this. Since it’s what’s tying direct money to be stolen for vulnerability discovery. Where’s that’s more obscured in most industries -
Polite disagree. (Let this be the one tweet in which I defend crypto’s honor!) The socially poisonous part here wasn’t the unauthorized code execution; it’s the fact that the community perceives there to be a duty of care where there manifestly is not.
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.