[OpenIndiana-discuss] OpenIndiana roadmap

Tue Feb 19 16:17:08 UTC 2013

On 2013-02-19 16:38, Sašo Kiselkov wrote:

> I'm tired of this discussion. In short, if OI were to reverse on its
> open-development promise, it will lead to its demise.  It's not like
> there aren't alternatives available.

I am not trying to discourage or disprove of any solution.
I don't argue for one in favor of another. I am just trying
to (loudly) understand what options there are, and how can
we get there. Some people like to ram into the forest and
find a way as they go along. Others like to look for a map
first and decide whether they need to go in the direction
of the forest at all ;)

In essence, I was just trying the part of "devil's advocate"
regarding the premise that intensive work with results one might
request *and* expect to receive in a timely manner is a job paid
for. Like in the triangle of "high quality, quick speed, low price -
pick two".

Either some enthusiasts would work on it - perhaps just for a
few weeks each, but overall nonstop - and deliver a continuous
stream of updates if we are lucky and they are in the mood, OR
someone's paid job would be to do this, OR we'll only have updates
whenever someone feels up to the task to update his OS and share
the results.

But monetary expression is just one way of shareable contribution.
Just as well, instead of "paid support" it could be contribution
of patches made in spare time - if the gifter is qualified enough.
He spent some time to do it, and we know that "time is money" ;)
So far we see that a lot more people are willing and/or able to
give real money to get the work done by someone, rather than to
competently do it themselves - even if the result would be used
by anyone who didn't pay, too. We also see that the entry barrier
for enthusiasts is often too high (creating the build environment
to just start working on patches and RFEs and so on). People who
might help by contributing a couple of hours per week, are scared
off (validly) by spending a week to set up the rig. This also
reduces the pool of enthusiasts who might with little personal
effort per-person create the seemingly continuous stream of
ultimately integrated security patches. (Perhaps, a preconfigured
"developer edition distro/live image" would play an important role
to add people with the tool to add patches)

I myself do want a free OS with all the good features popping up
(like those you thankfully create and contribute) and security
patches and everything.

I do too think that "requiring" people to pay is a way to close
the OS, scare off the community and wither into the unknownness.
However, requiring other people to sit down and do tedious work
regardless of their desire to go for a beer or to walk or to do
something else - requiring to work and not paying nor sharing
in a different manner (i.e. by contributing code in other areas
like you do) - is also wrong.

So the next best thing is to "get" someone to pay (require, ask,
etc) and fund the needed work and share it with the community for
everyone's pleasure and benefit. Thus one "rich" feeds an horde
of the "poor". Thus your dayjob's paid support pays also for your
home's updates. And your friends'. And of unknown people across
the globe...

That's why I think an "honorable" system might work, if a commercial
approach (requiring to pay) is indeed unviable. Perhaps, for example,
done as contributions to Illumos foundation with a notice to spend
the money onto security patching - so they can keep some students on
regular funding to do this quest?

Or perhaps indeed a commercial approach might happen - an OI-based
OS with paid support and a gentleman's obligation to share back into
the common source code pool, like many other distros do today, so
the code ultimately ends up in the free OI branch as well?

I don't think anyone would share the commercial secret - how many
paying users there are of some SmartOS, or OmniOS, or Nexenta? ;)

//Jim

PS:

 >> To go Nazi'er about this, you could use Remote Physical Device
 >> Fingerprinting techniques, see
 >> http://www.caida.org/publications/papers/2005/fingerprinting/
 >> 
http://www.caida.org/publications/papers/2005/fingerprinting/KohnoBroidoClaffy05-devicefingerprinting.pdf
 >
 > This only works if the users don't have access to the fingerprinting
 > library sources and the code is signed and possibly obfuscated. This
 > is 180 degrees opposite of open-source.

Actually, that's supposed to work on server side and identify
user devices - to some degree of accuracy (by timer skews, IP
protocol features, etc). Open or closed doesn't really matter.