And, the really awful thing is that if the project continues, it'll never stop. Every once in a while someone or some group will get a bee in their bonnet about the thing not being open enough, or the authors not following or not understanding the license (as though the copyright holder needs a license), charging too much for the one little thing they reserve for paying customers (no matter how small that amount is...we charge as little as $6/month, and we still get complaints about price).
And, there's always a huge misconception that because an OSS project has a lot of users it must be making a lot of money, especially among the people who won't tolerate any action that would actually make money for the project.
What I'm trying to say is that OSS is a hard-as-hell way to make a living (I've done it for my entire professional life, over two decades now), and there's gonna be a handful of users who will make it unpleasant. I love it when I can build some one-off thing and just throw it over the wall onto Github and never think about it again...where I can take a "use it or don't, but don't ask for my time" attitude. Making a business out of an OSS project makes it harder to select good users (who become good customers), though you have to in order to survive.
The awful behaviors you see from some users of a previously free-and-open project that went closed (ish) sound an awful like the behaviors of . . . paying customers in pretty much every industry.
What's interesting is that people who pay or people who contribute are, on average, nicer to us than the people who don't.
I'll have to clarify right at the top that I have not previously commented about Caddy, and I don't care about one cosmetic header nor the need to compile from source, those sound just fine to me.
Anyway: compare https://caddyserver.com/ to http://nginx.org/ and on the former you'll see way more marketing, logos, testimonials, quickstarts, etc etc ... looks way more like a product than an open-source free-software tool.
I always thought this was a weird trend for open source projects these days. I'm accustomed to debian, gnu make, nginx, apache, samba, cups ... useful tools with zero marketing and support. That's just how it used to work ... and frankly it still seems like it works better that way. A super modern website and easy-as-possible getting started stuff sets the wrong expectations in many many people who are not familiar with this world. They expect to do nothing and get a slick product / solution. They're drawn to the language they're familiar with from startups who get millions in funding and promise the world and then fizzle in a couple of years. That's not sustainable for open source projects.
Open source software is very useful and valuable and democratizing. Just the simplification of no per-user or per-machine or per-anything licensing adds a huge amount of value! The economies of scale of good quality open source software is super high. This stuff is really amazing and effective.
But the support does not scale. This is the one part you have to pay for with your own time. It could take years and years. That's the trade-off. You can't get it all for free, it's not possible.
So the least such users can do is to be nice otherwise gtfo.
Charge more. Like an order of magnitude more. You should charge enough that people who complain about price are firmly outside of your target market. If the thing is something you can target to large companies, you could charge an additional order of magnitude more.
(Btw, this nonsense is exactly the same mob behaviour Jon Ronson talks about in So, You've Been Publicly Shamed - which I highly recommend).
People get angry because they have hope for a better world. Now a lot of the responses he talks about in this blog post are, yes, very childish. I can see that.
OSS companies do struggle. I get that too. A lot of times they don't think enough about the business model before they start building their product. I agree, support contracts aren't enough a lot of times and I can see how their efforts struggled to bring in revenue. What they did is really no different than what RedHat did with RHEL .. that's why we have CentOS.
Today we live in a very different idea of what OSS should be. A lot of people don't differentiate licensees. So much of what is OSS are frameworks and tooling, and even in that space, big companies have worked very hard to get things out of GPL (Clang is a good example...and MacOS which has systematically removed any GPL code over the past several years). So much of our OSS is supported financially by the big players (RedHat, IBM, Google) and the dream of Linux desktops overtaking Windows on the consumer market died a long time ago. But that was the dream:
http://penguindreams.org/blog/the-philosophy-of-open-source-...
I don't think it's entitlement. I think a lot of people want to see real OSS; where devs have the time and energy to work together to make really good tooling. We want more projects like DarkTable. We want spare time projects that become amazing that people care about, not more half free/half enterprise stuff.
If a company fails to be profitable, we hope their tooling lives on in OSS. Making OSS profitable is super difficult, and something I don't even look for in my own big project (which is used more by students than in the commercial space).
And the big reality is, will this actually generate revenue for Caddy? Probably not at all. I'm sure they thought this out, and enough of them thought it was a good idea, but looking at it on the outside in, it was a terrible business decision. I mean, what did they seriously think was going to happen? Would companies seriously start paying a fee for what they had gotten for free previously, when it would cost lest just to add a package building step into existing build systems?
Six months out I hope they publish a post on how this affected their actual revenue stream. If it helped them out, then I guess it was worth it to make that decision and I'm totally wrong and I have a lot to learn about business. If not, I'm equally interested in what went wrong and how open source projects can get a revenue model done correctly.
That sounds kinda like entitlement.
"We want" these things, but "we" only want them if someone has the ability, resources, and time, to do it for free as a "spare time project"? I would argue that's a world where the only large-scale software we can use comes from major corporations (Google, Facebook, Microsoft, etc.), because they have the ability to do "pure" OSS tools that serve their bottom line indirectly.
Also, "real OSS" is what we do and have always done. It's also what the Caddy folks do. The code is out there under an OSS license. This is the kind of attitude that makes it difficult sometimes to want to do any OSS in a way that isn't corporate-sponsored.
My ideal OSS world has a lot of independent developers, not just employees of the giants pushing their particular visions of the future. That's not possible without some level of funding, and since people don't donate, one has to come up with other ways to incent paying for OSS development. We've got hundreds of thousands of lines of systems management code to maintain...that's not a thing that happens merely for fun.
It's a signal that says, "Hey, we actually do need money to keep this going", for those who would've never seen or given a second thought about donation links. I imagine what they were thinking was that people who hold the project in a warm spot in their hearts would pick up on this signal and then sign up for a "plan". (And I imagine that since this is Go, a big chunk of those users are already doing their own builds anyway and yet it's entirely plausible that even some of these people would sign up for a plan just for the warm fuzzies.)
Having a publicized announcement and a plan to get rid of the headers is a gesture more than anything else, and only half a step removed from comments like the text that Marijn Haverbeke has on the ProseMirror homepage[1]:
> If you are using ProseMirror to make profit, there is a social expectation that you help fund its maintenance.
In any case, as former FOSS zealot, the fact is that pull requests don't pay bills, and for the majority of consumers there are zero differences between OSS software or just get a couple of pirated copies at the weekly bazaar.
Also even the ways one can monetize enterprise software work pretty badly in the consumer space.
Amazing projects require huge amount of effort, experimentation and time. Once in a while there is something amazing that can be cranked out fast. Very rarely.
That is why you see half enterprise stuff. You can't spare time 40 hours a week, year long, five developers (includes organizational and design and marketing work) large awesome project. If you would attempted, your people would likely loose real jobs (due to low performance) and damaged their families over it.
You may not owe your users anything, but guess what: they don't owe you anything either. That's how open source works.
Yep, that is how open source works. Note the 'source' there? Anyone is free to charge for compiled binaries. If this compilation has added bonuses (e.g. including plugins) that gives people a reason to pay for that compilation. In any case, those that don't like it can just compile the project themselves.
What exactly do you think was misleading about this move?
Yep, anyone is free to charge whatever amount for whatever service/feature they offer. But apparently, in this case, the backlash against Caddy's move is greater than the willingness to pay for the service rendered (building binaries without the sponsor header).
Matt's post, and a lot of comments here on HN defending Matt, are missing the point: yes, there was vitriol, and yes, people reacted in a way that was disproportional to the announced changes, but in the end the most important take-away is that people are _not_ willing to pay for the product and are angry because of the changes and the way they were handled. This will cost Caddy a lot of business. Period.
In my opinion Matt should have done one of two things:
- Own up to his mistake (if he agrees it's a mistake)
- Stand by his choices, grow a pair, and laugh at the community for their silliness
What he did instead, is play the victim. He's not a victim. He tries to run a business. That alone will always alienate people. Deal with it!
OSS is just that : a promise that users may modify the software to their heart's content. They didn't break that promise at all. Care to share why you hold your view ?
That being the case do we really think it's justified to roast them over it? Do we really think it's OK to make unpleasant accusations about them? To character-assassinate them? To drag their names through the mud and hurl insults at them?
I don't think so.
My suspicion is that all you know about these people is what you've read about them on the internet (granted: some of it will have been written by them), but the internet is a notoriously fickle and inaccurate source.
I seriously doubt they've "deliberately misled" anyone.
Here's a blunt truth. If it's easy for me to ditch your product, your product has no value. 90% of the comments here on HN amounted to "gee, I guess I have to spend an extra 20 minutes configuring Nginx now." Solving 20 minutes of Nginx configuration is not a viable business. System configuration is handled by some Puppet library author. Who's going to spend $100 on your product so they don't have to spend $20 on a non-free SSL certificate?
You're friends with the RethinkDB developers? The moral of their story was even if you have a compelling product, even if you have an interesting niche, even if you give it away for free, even if you give away the source code, even if you have features nobody else has, if you are entering a saturated market you are facing a massive, time-consuming, expensive up-hill battle. Moving away from RethinkDB to Postgres is hard. There are things RethinkDB does that Postgres just doesn't do. But people did this anyway instead of paying, instead of contributing.
Moving away from Caddy is simple. Your product barely even exists. That's why you're having trouble making money. Solve a real problem and you'll make real money.
It's obviously not going to be the next big IPO. If he can make some money back for his time however, good for him.
If his project is useless, people would not get so upset.
There is a market for his product. Nginx and Apache already own that market. His differentiator is being easy to install. Puppet et. al. solve ease-of-use for large corporations with the budget. The niche that cares about being easy to install is the niche with no money and nobody to pawn it off on. That niche is also passionate and loud.
If he could make some money back for his time, he would already have had a business here.
This business idea is essentially selling pre-made cardboard signs to the homeless. If they have the money, they aren't homeless; if they don't, well, they already make their own signs.
To quote from the article:
> This was the worst part of this experience, and is akin to abuse. Demands or demanding comments stem from the misconception that users are entitled to FOSS. This behavior also stems from a misconception, but a different one: that open source maintainers depend on, or need, their open source projects.
For most maintainers or project owners, this is FALSE! > snip > as well as any comment insinuating that the maintainer is reliant upon a project that is not profitable or sustainable. Here’s the brutal truth for 99.9% (* not an actual figure) of open source projects, folks: you (the user of an open source project) need and rely on the project more than the maintainers do. Do not make the mistake of thinking that maintainers are emotionally tied to their projects. Definitely don’t call it their ‘baby’.
Is it because it's user-facing instead of an infrastructure component?
>> “But then I have to build from source to get what I want.” > Yes… that’s the point. Welcome to open source.
> I do find it ironic that the open source community is so irate about having to compile software from source to customize it the way they want.
I trust the author is using LFS or Gentoo, and is personally building his Go toolchain and not using any Google-provided binaries?
>> “So I have to pay to remove ads from my web server.”
> This was one of the biggest misconceptions.
Half-credit, you're both wrong. Users could pay or build themselves to avoid ads. So to a hobbyist who was using Caddy specifically because of the tiny learning curve, this is not a misconception. Thankfully this is a mostly moot point since they took the ads back out.
EDIT: Fixed formatting. One day, I will post and not have to fix newlines...
There's a big difference between (a) not paying for something while being grateful to the maintainers for allowing you to get away with not paying, and (b) not paying for something while sneering at the maintainers and ironically calling them "classy" in hopes to cash in on short term community karma.
Most decent people that I know would calmly do the same.
Most leeching off Caddy will send the vitriol to the author. But, they are not his community, now they are his customers.
Your argument would apply to any Apache or BSD licensed code. Not just Caddy.
Caddy has used the Apache 2 license for 2 years. Why would you not contribute now vs when the license was committed? Because they are not providing full free builds anymore? The public source code you are contributing to is still free. Nothing would have stopped anyone else from slapping a EULA on a custom Caddy build to sell.
It feels like a poor reason to refuse to contribute to an Apache licensed project.
An Apache licensed project with no commercial offering will happily incorporate your improvements whenever they meet its quality standards and scope. Now, when the company controlling the upstream project is chafging for the same functionality your patches provide... let's just say ut is going to be harder to contribute them upstream.
That's why I find it a no-brainer to invest in and contribute back to open source projects without "paid features available" whereas I will avoid the same project when they do.
Projects where maintainers get money through support contracts are fine for me, although a similar argument may be made regarding the project's documentation/easiness of configuration.
Licensing isn't everything. There's a difference in attitude between an open source project that provides commercial services to support itself and a commercial project that also has an open source version. It's a fuzzy line, but "is this good for business?" and "does this make it a better project?" don't always align.
See https://gnu.org/philosophy/open-source-misses-the-point.html for more explanation of the difference between free software and open source. See also https://thebaffler.com/salvos/the-meme-hustler for Evgeny Morozov's article on the same point.
Regarding the term "FOSS", see https://gnu.org/philosophy/floss-and-foss.html
It's just wrong to say that that "there is no FOSS" as if you were correcting someone's spelling mistake. The debate about the direction of open source/Libre software is too important to be treated in the way you chose for your post.
He has done much for the movement and this isn't meant to denigrate him. It's just that there was free software proponents before him and he's just the famous one. I'm sure Wikipedia has an article on the history of free software. It should go back at least as far as SHARE, from the 1950s, as I recall.
Again, this isn't meant to denigrate RMS, or his work. He's a nice enough fellow. In fact, we went to school together. This is just a bit of a lead for those who wish to look deeper.
Actually, I'll get you a link.
Scolding on tone aside, the comment by RomanPushkin is also correct:
> FYI, there is no FOSS -- that expression is a misunderstanding. There is the free (libre) software movement, and there is the open source non-movement: two different viewpoints based on different values.
This is very much the literal truth at least in my little world. Stallman's vision and response (the GNU license/weapon) are very much the "alpha and omega" of Free Software. In contrast, the entire "Open Source" non-movement either doesn't get it or doesn't care. From the POV of a free software true believer (Hello there!) there is no point to Open Source.
IMO the author doesn't realize how much price factors into tech stack decisions, or how the majority of his users are developers who now have the new responsibility of creating business cases for a piece of software (or scramble to find a replacement) that need to go through approval, or the projects that now have to be delayed to switch around one framework on the back end (I can just see the looks of manager/PM faces everywhere when they get the news from one of their devs).
The tone is another big issue. Flippant phrases like "what's new for personal edition users? Not much" isn't going to get any laughs after talking about mandatory payment. Other times, the disdain for users seeps from the wording (like the passive-aggressive "reminder" that internal apps constitute commercial use).
I'd really encourage the author to go back and re-read that announcement as a user who has taken a gamble on your software and is now invested in it. Yes, this might be a completely necessary move for the survival of Caddy. The necessity, though, doesn't mean you can skip the formalities. Users still need to be sold on the idea.
The professional users will pay for the software they're using, or accept the consequences of the tech decisions they made. Maybe the release wording sucked, but software vendors shouldn't be on the hook to sell you the thing you already bought.
Is "sudo apt-get install caddy" allowed? Does header advertising mean "Server: caddy" or "X-Advertisement: go to www.malicious.com for camgirls"? Is this indicative of a broader move to stop supporting the open source version? If I had previously installed Caddy through a package manager that grabbed the official binaries, and I updated my system, would I now be breaching an EULA that I never saw? And so on.
Obviously I am not entitled to get anything for free and don't use the software anyway, and I can probably find answers after 10 minutes on the Caddy website, but this seems like a communications issue that might have made people angry - particularly if they thought they would have to immediately migrate back to nginx with zero notice.
Binary packages from your distro should also be fine.
If you download and use the binaries from the caddy web site, you are bound by their EULA.
To be safe, use the version provided by your distro or -- even better -- build it from source yourself.
You may want to read the actual Apache License [0] yourself, skim over the "Licensing conditions" section [1] of the Wikipedia page, or, at the least, review GitHub's bullet points [2].
[0]: https://www.apache.org/licenses/LICENSE-2.0
[1]: https://en.wikipedia.org/wiki/Apache_License#Licensing_condi...
In terms of the header, that change was reverted a few days ago
Wait a second. The Caddy developers implemented a premium "thank you" feature that embeds their sponsors' company names in the HTTP headers of the binary distribution[0], and then defends this by complaining that you can't disable nginx from simply printing a header that says "server: nginx"? It's not even remotely the same thing!
I think this was a very poor use of judgement. I don't even see why it's relevant that they asked their sponsors "do you want us to put your names in the HTTP headers of all the poor suckers running the binary builds?" There's a handful of other places that would be way more appropriate for spamming sponsors' names, for example: banner on the website, in the log files, on the download page, in the README, etc.
As a web server, the only attribution required is to the person or entity who is deploying the server, not to the people accessing the website! (To be clear on that point, the actual web server software is running on the server end, not on the user end; this is in contrast with a JS library that runs in the web browser)
I think the authors either fundamentally misunderstand the requirements (in which case they should find a lawyer) or they are intentionally misleading readers (in which case they are acting in bad faith and deserve contempt)
The "most maintainers have very little to lose" point is one that isn't emphasized often enough. For every famous, high-profile FOSS developer who gives big swaths of their life to their projects, there are dozens or hundreds of people who are: a) contributing stuff they build for their job that they convinced the company to open source (hopefully out of good will, and not out of "maybe community PRs can fix our garbage fire") b) contributing code they wrote while learning something new for personal or professional enrichment, or c) just doing it as a fun activity.
The give-your-life-to-a-project folks are important, and prolific. Hats off to them. But so are all those other contributors. They might write less code than the lifers, but their code isn't any worse because they spend fewer hours per week developing it; it just takes longer to get written. And there are a lot more "casual" FOSS developers than lifers. Many FOSS projects started out in that "casual" realm before they became household names today. Sure, a lot of people think some of those casual projects aren't great, but that's not unique to small FOSS projects (cf. systemd).
All this is to say: be careful when communicating, especially negatively, with FOSS maintainers. If ethics and basic decency isn't reason enough to treat your fellow humans with compassion, try self-interest: a lot of these people are so un-invested in the projects you depend on for your {fun|living|freedom from the soulless void of the blinking cursor in an empty terminal} that your "How could you be so stupid?" or "Guess this project has gone to hell" comment on their GitHub PR might be enough to make them abandon it entirely.
Edit[s]: I accidentally some words and punctuation marks.
Having said that, what was particularly disturbing was the amount of hate towards the Caddy team. It's best to explain why think a certain change was "bad"/not in the your best interest and maybe offer suggestions on how to balance the need to build a business without alienating the community that supported the project in the early days. Outright vitriol is not a productive way to further your cause.
I guess building a business out of FOSS is as hard as ever.
Open source users frequently put up with extremely poor products in the beginning and help them mature and grow.
In the case of users some are frequently on HN itself complaining if a project repo on github is not updated in a week. There are startups who are successful who let alone give anything back to open source projects do not even properly acknowledge their use. This is hand waved away on HN when it should be the leading force of change against this kind of self serving culture.
Users pay you with their attention, that is the currency of open source and adds tangible value to your project in the beginning when you have no users. So projects like Caddy have been paid and validated by their users which enables them to now make a commercial push.
Once you gain traction you can't suddenly change the rules of the game and change the narrative to 'free' and 'paid' users or 'developers' and be dismissive of users who supported you.
Yet when even projects like Debian dismiss users to focus on developers now that they have traction, nevermind a project without users has no reason to exist, its not surprising this is the predominant dismissive attitude in open source towards users.
I'll quibble with this bit though:
> ...toxicity festers in open source because it’s all too common for forks to ground their motivation in emnity towards other projects.
This is wishful thinking, for the most part. Communities don't break off because things are going well. The American Revolution wouldn't have forked if King George had been sympathetic to their needs.
Perhaps every download page should have a preamble reminding people how many staff, how many collective years of effort, and how many dollars for laptops, web hosting, etc. went into what they are about to use. Perhaps every "./configure && make" should print a similar dump to the terminal. Put it front and center, clue people in.
The quote above clearly shows a huge oversight -- there were no plans in place to block out time to do PR after the announcement. Better to schedule the announcement to coincide with a period when the co-founders would be able clarify the public's perception of the changes. Even for OSS projects, marketing is important. But that's not even the underlying issue.
There is a subtle but very important observation that the OP's article didn't touch and I think will help illuminate why the seemly small changes to Caddy lead to the outburst of entitlement and vitriol directed at Matt and Cory.
Humans are naturally loss averse[0] this is why there is an enormous difference between marketing copy that says "a $5 discount" versus saying "avoid a $5 surcharge". The original announcement[2] was framed[1] like a loss -- existing users should prepare to deal with previously non-existent advertising of Caddy's sponsors -- causing the human instinct of loss aversion to kick in in full force.
This will always happen whenever you switch your user/customer interaction from social to market norms [3] which is essentially what it means to monetize an OSS project. Better to keep a free product unchanged then create a separate product targeted at commercial users [4] to avoid alienating your free users, or incurring their wrath.
Engineers are generally skeptical of marketing but this is one of those situations when good marketing would have helped to put out fires.
[0] https://en.wikipedia.org/wiki/Loss_aversion
[1] https://en.wikipedia.org/wiki/Framing_effect_(psychology)
[2] https://caddyserver.com/blog/accouncing-caddy-commercial-lic...
[3] https://www.technologyreview.com/s/419923/social-vs-market-n...
I mean we all know how brutal (emotionally) online communities can be and I respect anybody who stands against it. Nevertheless, I do not think that 'Entitlement' and 'Emotional Manipulation' are the real problems here, because those are just honest expressions of what other people think. Those comments are some kind of feedback which the maintainer can accept or ignore.
On the other hand, there are a lot of dicussions where we have personal assaults, like 'the maintainer is a prick' or 'what a dumb move'. Those are totally unacceptable and the people discussion should show what they think about such comments.
And in the end, HN has a very heterogenous group of commenters, but Paul Graham gave us a guide on how to write good comments: http://www.paulgraham.com/disagree.html
2. You initially sold people on this project. That's what got your project enough eyeballs in the first place for you to even consider making it a business.
3. Of course, your acquaintance will not complain - that's precisely the reason they are still with you. As you got upset when people told you of your unfairness. It's such a pity that these days people don't even have friends who can tell them the truth to their face.
4. OSS as requires a certain spirit. The OSS project is being sold on a set of ideas which is exactly opposite of the commercial world - that's why they use and contribute to your product.
5. Maybe you are too poor to be an open source contributor, I suggest getting a job and not expecting to make money by flipping the board. That will get you more fame and respect.
That said, now playing victim will not help you.
and provides some insights into his thinking about builds whether you agree with him or not.
I don't see how this is a better business model for Caddy than donations (which didn't work.) This is still basically a donation model, since they are not creating a separate closed-source edition. This is a way to automatically solicit for donations, making them look more like licenses.
Why is a new web server so important that there were going to be commercial users paying for it over established alternatives. When I saw that it was written in Go and replete with the latest buzzwords, I realized that this was written for ninjas. The intersection of ninjas plus commercial users may be too small for a business. (I hope I'm wrong for the author's sake)
* I'm not going to build from source - the key differentior for me was that Caddy was _simple_. If I need to build from source, that goes away. ("I do find it ironic that the open source community is so irate about having to compile software from source to customize it the way they want" misses the point IMO - a key selling point of Caddy was HTTP2/SSL with minimal configuration, attracting people far beyond the "open source community").
* The promotional header is a non-starter for me. My current site very deliberately shows no ads and relies on as few external services/resources as possible, so I'm not happy embedding an ad in every request (I know it has been reverted, but it's still shown on https://caddyserver.com/pricing which would make me concerned about it coming back).
* The personal/commercial licence split is something I don't want to have to worry about. Currently the personal licence is fine, but what if I decide to add ads to get a few pounds a month back? It's not something I really want to have to think about.
* Pricing - I would consider paying to avoid the header/concerns about personal/commercial split, but starting at $1200/year (billed annually) is a complete non-starter. It's nowhere near what I could afford, but I'm also not seeing why you would pay that - basic email support doesn't seem compelling, there are no additional features over the free version, and it seems any company who could afford to pay it would also be in a place to build from source (or pay for an nginx consultant and get a comparable feature set).
Of course the Caddy devs are entitled to make these changes, but they make it into something I don't want to use.
Two other quick points while I'm here:
* Brand guidelines of "Please do not call it Caddy Server" seem strange when the main domain is caddyserver.com
* Linking to an EULA (from the footer of caddyserver.com) that contains e.g. "{{if eq .Type "personal"}}" is less than useful.
