Email or username:

Password:

Forgot your password?
nixCraft 🐧

This is what IBM demands from open-source developers. Meanwhile, they cried about the RHEL source code and called those distro users freeloaders or parasites. Anyway, FLOSS devs don’t own anyone anything. If you need support, pay for the contract. The sad thing is IBM/RHEL said they need to pay for their devs, and when you take it free, it is hard to maintain enterprise distro, but when it comes to other FLOSS devs/projects, they don't think the same logic applies. LOL twitter.com/maximilianhils/sta

51 comments
nixCraft 🐧

It is good that the original commenter has now issued an apology to this FLOSS dev.

Ed Cates

@nixCraft It is good, but it's one of those situations where I wonder if it would have happened if it hadn't gone viral.

nixCraft 🐧

@EdCates yes. The initial request seems like management sat on his back while he was typing this email. It was not his intention as a dev but as a dev paid by IBM. Either way, it doesn't look good on IBM's part. That is what I think.

DELETED

@nixCraft The new slogan for those using Red Hat/IBM is simple:

"Abandon all hope who use our products."

You're better off switching to either SUSE, Ubuntu, or Debian.

netizen

@Linux_Is_Best @nixCraft or even better, try a Unix compatible distribution. I mean, one that doesn't use redhat's systemd

Craig Maloney ☕

@Nixcraft Der IBM:

Patches welcome, or fork off.

No love.

[object Object]

@nixCraft this is the second time in about a month I’ve seen a big company nonsensically call a single dev’s request to pay them or fuck off a “thinly veiled extortion attempt”; the first was Reddit and Apollo’s dev

also, I didn’t expect to see an example of a red hat employee being toxic and demanding free labor so soon after my last post talking about this, but I’ll take it as a sign it’s getting worse

Ben Cotton (he/him)

@zzt @nixCraft Red Hat employees don't have IBM email addresses, unless that's changed since May 12.

[object Object]

@funnelfiasco @nixCraft oh sorry, what I referred to as red hat is in fact ibm/redhat. redhat is not a company to itself but rather another proprietary component of the ibm ecosystem

Alex

@funnelfiasco @zzt @nixCraft we have contracts with IBM for various dev/BA work, they ALL talk like this. Output is everything for them so they dgaf about any of the soft skills, stakeholder engagement, being nice to people. They just want you to Do The Thing

DELETED

@zzt @nixCraft @alextually @funnelfiasco ahh the old “he who has the gold is a fucking asshole” rule

Hak Foo

@zzt @nixCraft You'd think there would be a block of legalese boilerplate which you could put in repos that translates to "this project is not commercially backed, so any timelines, fixes or enhancements are solely at my whim until and unless I'm being paid for them."

[object Object]

@hakfoo @nixCraft to be honest, it feels like a corporation like ibm could easily ignore legal boilerplate if they really wanted their lawyers to bankrupt somebody. if large corporations want to play like this, it’s not going to be worth working with them in any capacity for individual devs

Tony Wells

@nixCraft
Going forward, I'm going to refer to any support contract I have to pay for as 'A thinly veiled extortion attempt".

Luca Ruggeri

@nixCraft if I ask IBM a Blade server (did they do them anymore?) and they ask me to pay, is that a thinly velated extortion?

Luca Ruggeri

@nixCraft also the code is MIT licensed, so IBM could had done the work by itself and even didn't have to share the source again

Nasado

@lcruggeri @nixCraft If you're a huge corp and you go to IBM and say "our customer base is growing too fast for us to handle, when are you going to give us new servers for free", then you're an asshole. Doubly so if at the same time you're also locking up other people's FOSS code under the guise of ensuring you get paid fairly for your work.

skategoat 🐐

@nixCraft subscriptions: good business practices
selling OS work: extortion attempt

Sphinx of Black Quartz

@nixCraft

"If you expect me to treat this like a job, I expect you to pay me like it's a job."

"This is EXTORTION!"

🤔

Ernest Thornehill

@sphinx @nixCraft I think this sums up the current state of worker/boss relationships quite well

Steve

@nixCraft the sad thing is how moronic corporate management thinking is. Here's a no brainer opportunity for IBM to offer their client a paid contract to fix the issue, and sub contract the floss dev to deliver it. Everybody wins. But of course, that would take >0 effort. There's no vision in any of these industry people anymore.

Steve

@nixCraft although, of course what is likely happening is IBM has a multi bazillion dollar software contract that's really a branded stack of MIT licensed libraries, while anybody with enough experience to build it internally has been made redundant, leaving a room full of client relationship managers to deliver in zero time.

Dr. Samuel Wein

@nixCraft
Lol. I had a contractor for a major pharma company try to pull this with #OpenMS. After finding out that he had been brought in to replace the team of employees who actually understood our software I responded in the same vein as Max. So far just hearing crickets from them.

indigo

I think this is a great example how the corp mindset is misaligned.

Jan Wildeboer 😷:krulorange:

@nixCraft This story has nothing to do with RHEL. The IBM dev apologised for his behaviour. But I guess the clickbait urge wins again? ;)

Robert Wire

@jwildeboer @nixCraft What do you mean, nothing to do with RHEL? Isn't Red Hat an IBM brand?

Jan Wildeboer 😷:krulorange:

@barubary Yes. IBM also owns The Weather Company. So I guess this is also a story about the weather, using your logic? @nixCraft

Dmitry Tantsur

@jwildeboer @nixCraft confusing ownership is not unexpected from people who think that RHEL is a company (or anyhow else an actor).

Dmitry Tantsur

@jwildeboer @nixCraft I'm sad that the newly fashionable Red Hat hatred has completely obscured the actually interesting and important issue: this "customers are prohibited from using software with known high/critical vulnerabilities" bit (by no means specific to IBM, I've heard it in other contexts). Sounds like weaponizing CVEs, potentially against any open source.

Ross Grady
@creepy_owlet @jwildeboer @nixCraft I do *not* speak on behalf of my employer, but: yes. We are headquartered in the United States, and we do a lot of business with the government. The White House executive order on cybersecurity of May 2021 (which was itself prompted by the SolarWinds hack) brought software supply chain security to the top of the agenda with an urgency that I have not seen before (in over 25 years in the industry).

That plus the log4j kerfuffle has led most large enterprises to do a lot of soul-searching about the role of open source projects in their software supply chains. (Here is where you picture the classic xkcd comic that I’m too lazy to insert into this post :))

The dev in question was responding entirely inappropriately to a situation they at least described accurately: highs and criticals in OSS deps must be resolved on the same timelines as in our own code, or the deps must be replaced with something else.

The intended *target* of this leveraging of CVEs (I won’t say weaponization, sorry; while there are sometimes disagreements about severity or exploitability, they are still a widely accepted and critical component of software security practice) is our own development teams, *NOT* the OSS maintainers! But clearly open source is, in cases like this, a victim of its own success.

I really enjoyed the “I am not a vendor” blog post from a few months ago, as it covered a lot of the side effects of that success I just mentioned. My only complaint about it was that I wish GitHub or the OSS community as a whole had some kind of tag/label taxonomy that could easily classify an OSS project upfront on a spectrum from “I did this, I found it useful, IDGAF if you found it useful and I have no desire to talk to you” at one end, to “this solves a problem that many people have, and our employer (along with several others) pays us to work on it, and it’s published under the aegis of an established OSS foundation,” so that we could build automation to filter possible deps on that basis upfront :)

(YES I know that for seasoned devs, a glance at a repo makes those differences plain — but I want to tell, like, NPM or PIP or whatever what my threshold is, because modern package ecosystems with dependency trees make it impossible to individually vet every nested dep.)
@creepy_owlet @jwildeboer @nixCraft I do *not* speak on behalf of my employer, but: yes. We are headquartered in the United States, and we do a lot of business with the government. The White House executive order on cybersecurity of May 2021 (which was itself prompted by the SolarWinds hack) brought software supply chain security to the top of the agenda with an urgency that I have not seen before (in over 25 years in the industry).
Donald Ball

@jwildeboer This is not a refutation.

What you’re doing here is a pretty novel approach to your stated job though. Good luck with that, or something.

Jan Wildeboer 😷:krulorange:

@donaldball So far you only did rhetoric games and offered no argument to counter my point that this story is not related to Red Hat or RHEL. So I wish you a nice Sunday and I will step out to enjoy summer life in Munich :)

smitten
@nixCraft This reminds me of the reddit response to Apollo dev when he asked them why they hadn't considered buying him out. expecting free labor is fine, but when the person suggests you maybe pay them for more reliable labor, that's extortion?
DELETED

@nixCraft never ceases to amaze me how much labor corporations expect open source volunteers to hand over in service to their bottom line. Truly a delusional mental problem in tech

Chobbes

@nixCraft IBM is notoriously bad for this shit. They seem to often expect volunteer labour from students for events too… while contributing basically nothing back. Boo.

remote procedure chris

@nixCraft if ibm leadership thinks paying people to do work is a form of extortion it's probably time for new leadership lmao

King Calyo Delphi

@nixCraft I would just point them to the software license that says "This software is provided free as-is" and if they don't like it "free as-is" then they can pay to make it as they want it, including security patches for finance & banking institutions.

Patrick Reynolds

@nixCraft The phrase “thinly veiled extortion attempt” is peak irony coming from either RedHat or IBM.

@7

@piki @nixCraft IBM (especially the EU part) is mentally still stuck in the 70s, ok, maybe 80s. More than a few times I have had the opportunity to see their culture and organization of work "from the inside" - whatever you look at there: the structure, the accountability of employee goals, the pay structure stinks of the long-dead carcass of the great corporations of the late 20th century. So it is no surprise that floss is completely out of step with such rhetoric.

I don't know if it's the specifics of the EU branches, the problem with transplanting the work culture from the USA (I don't know the realities there) or just bad luck that I happened to come across such branches and not others, and that I didn't get to know the better ones, but I always had the impression that I was going back 40 years compared with contacts in other companies.

@piki @nixCraft IBM (especially the EU part) is mentally still stuck in the 70s, ok, maybe 80s. More than a few times I have had the opportunity to see their culture and organization of work "from the inside" - whatever you look at there: the structure, the accountability of employee goals, the pay structure stinks of the long-dead carcass of the great corporations of the late 20th century. So it is no surprise that floss is completely out of step with such rhetoric.

Elaine 💜🏳️‍⚧️🏳️‍🌈
@nixCraft Ubuntu is great if you need it to be free. Also the pricing of their support contracts is much more reasonable :)
mirabilos

@nixCraft oh well at least the beancounter apologised

Jesse

@nixCraft What is it with massive corporations accusing small devs of extortion at every turn? Why is victimhood so desirable to these types?

Go Up