Comment by gjsman-1000
2 days ago
The problem open-source, and social media, and everything digital, has never overcome is accountability. Who do I sue, and who has insurance, if something goes wrong?
Combine that with most small businesses having more money than time (just pay Gmail, don’t spend the required amount of time to self host), and open-source is stuck at being hobbyists if there is no corporate sponsorship.
> Who do I sue, and who has insurance, if something goes wrong?
You sue the Red Hat-like support company with whom you ostensibly signed a contract.
If your question is who does the Red Hat-like support company sue if they want accountability for the code they are leveraging, I guess I don't understand the question or its relevance. E.g., with regard to proprietary code, who does Microsoft microsoft when Microsoft microsofts Microsoft? (Fun to write, but I don't think that sentence really makes sense.)
Do you think a small mom-and-pop dentist can win a lawsuit against Google?
There's absolutely no way that dentist will have a well-negotiated contract with SLA's and damage compensation with Google. The extent of their business relationship is that the dentist clicked a checkbox and put in their credit card details. Google does not even know they exist.
If Gmail loses all your email and accidentally kills your entire business, the absolute best outcome is a refund of your $10/month business subscription fee. The idea that they could in any way be held responsible is ludicrous.
> The problem open-source [...] has never overcome is accountability.
There are lots of organizations that provide a throat-to-choke-as-a-service, e.g. Red Hat.
> just pay Gmail, don’t spend the required amount of time to self host
Are you seriously suggesting a business put their contacts in the hands of Google, who has reportedly been totally capricious with account actions in the past and is notoriously difficult to contact when problems arise?
> and open-source is stuck at being hobbyists if there is no corporate sponsorship
Corpo sponsorship required for success? I guess I better tell all the open-source projects being used by millions that they're just hobbyists now.
> The problem [...] everything digital [...] Who do I sue, and who has insurance, if something goes wrong?
I have heard of analog world nostalgia, but you refer to the pre-digital age as if you didn't live through it. It's easier to locate someone today than ever before.
Can you name one open-source project "used by millions" that does not have corporate sponsorship?
This implies corporate sponsorship is a requirement for, as opposed to result of, a projects usefulness. That has not been the case for most valuable open source software.
1 reply →
GNU? Depending on how you want to treat FSF and PSF, gcc, emacs, python (are FSF/PSF/Apache corporations? Does PSF’s donations from corporations make python corporate sponsored?)
Never heard of Monero?
Keepass only allows donations, with no benefits for corporate vs. personal sponsors
GIMP is one of the most widely known & its sponsors only lists a few companies as hardware donors
VLC anyone?
OBS and Audacity (until recently) are two off the top of my head. Plus a lot of Linux components are run solely by a couple people, and those are run my millions of programmers.
I'd say if you take software that doesn't cost you anything, either
(1) you carry the risk or
(2) find someone that operates the software for you (on premise or SaaS) and they may also carry the risk for the premium you pay them.
This isn't a problem with open source. For many of us with startups that have low stakes (worst we can do is have no users) a lack of support is fine, we can do it ourselves and save the money.
And there's plenty of consultancies which will support OSS and give you support if you need it and be your scapegoat. Red Hat, Suse, IBM come to mind and there's many others...
You're being downvoted but yes, this is about risk mitigation. The IT department at a health care organization has to balance matching the requirements of payers, admins and clinical staff, do so in a way that fits inside the allocated budget, and de-risk the unknowns as much as possible.
Even if the vendors are only half accurate about the solution they offer, by being paid suppliers, they are on the hook (to varying degrees). These systems are highly customized and serious headaches arise from interoperability and security. If some of that can be shifted to a vendor, it's a net positive insofar as the IT department and the compliance departments are concerned.
Some healthcare organization have invested in the technology side and become leaders in innovation but those are the exception.
The person implementing the system for the hospital is accountable. I don’t see why this is difficult because it would be the same if that person built their own product from scratch.
There’s no vendor here that they can sue if they were paying for a product and deploying that, but that’s a different situation and the hospital, frankly, won’t care about that. Who their supplier subsequently sues isn’t their problem.
Also, quite frankly, whatever fancy contract you have and whatever legal system is backing it up, if the system you're using fails, it's your problem. You can't actually shuffle around all consequences freely.
I see this so often where people pay huge amounts of money (either buying a more expensive system or buying vs building) because 'we need the support!' and then still wind up with a bad system because the quality of the product modulated by the support offered still creates problems, and being able to blame someone else doesn't actually make the problems go away.
And even in cases where the problem is 'we might get sued', the fact that you have someone else to sue is to a large extent multiplying problems because you now have two lawsuits.
> And even in cases where the problem is 'we might get sued', the fact that you have someone else to sue is to a large extent multiplying problems because you now have two lawsuits.
To be fair, I’m not sure if this is a huge issue. It seems a pretty standard part of business. Like, if I’m a store and I sell a product that’s faulty, the customer would file their case against my business and it’s up to me to decide how to resolve that with my supplier.
You sue the developers. It’s how it works in general. So basically you’d comb the commit history for the project and name everyone in the lawsuit that you could.
It's possible that some FOSS developers have been hit with nuisance lawsuits but in general they have no contractual relationship with the users and thus no liability under US law.