|
|
Subscribe / Log in / New account

Maintainers for desktop "critical infrastructure"

By Jake Edge
January 11, 2017

By any measure, the PulseAudio sound server is an important part of most Linux desktops. But, like other free-software projects, PulseAudio is understaffed and relies on volunteers to maintain it. An effort by the most active maintainer, Tanu Kaskinen, to use the Patreon platform to help fund PulseAudio maintenance makes one wonder how much of the free software we depend on is similarly suffering.

It was not that long ago that even critical internet infrastructure was largely being ignored by the companies that relied on it. The Heartbleed fiasco made it obvious that OpenSSL was not thriving with mostly volunteer maintainers. Heartbleed led to the formation of the Core Infrastructure Initiative (CII), which targets critical infrastructure projects (OpenSSL, OpenSSH, GnuPG, and so on). Initially, the CII provided grants to projects to help fund their development and maintenance, and evidently still does, though it is moving toward using threat modeling to target projects for security auditing according to the FAQ.

That work is great, but it is limited by a number of factors: funding and the interests of its members, primarily. Few of the companies involved have much, if any, interest in the Linux desktop. Some might argue that there aren't any companies with that particular interest, though that would be disingenuous. In any case, though, desktop Linux is a community-supported endeavor, at least more so than server or cloud Linux, which likely means some things are slipping through the cracks.

Kaskinen left his job in 2015 to be able to spend more time on PulseAudio (and some audio packages that he maintains for OpenEmbedded). For the last four months or so, he has been soliciting funds on Patreon. Unlike Kickstarter and other similar systems, Patreon is set up to provide ongoing funding, rather than just a chunk of money for a particular feature or project. Donors pledge a monthly amount to try to support someone's work going forward.

So far, Kaskinen has attracted 18 patrons who provide $77 per month, which approximately covers his rent according to the Patreon page. His needs are rather modest, as he is looking for $340 per month. [Update: These numbers are based on a misunderstanding, see the first comment below.] Patrons get immediate access to his monthly reports, while others must wait a few weeks (reminiscent of a certain weekly publication perhaps). Once they are freely available, the reports are published on his blog. He is actively looking for other reward ideas for those who donate at more than the $1 per month minimum.

A look through the reports gives the impression of an active maintainer working on bugs, reviewing patches, answering questions on IRC, writing documentation, and so on. Much of that could have been done in his "spare time", though presumably at a much slower rate. In the meantime, Kaskinen is burning through his savings to help support the many users of PulseAudio. It is undoubtedly the plight of many maintainers, though most probably just try to fit that work around their day job, rather than to try to do it full time.

There are a number of companies and groups that use PulseAudio as part of their Linux distribution. That starts with the traditional distributions, such as Fedora, Red Hat Enterprise Linux, Ubuntu, SUSE, and openSUSE, but goes beyond that. Mobile and automobile-focused distributions, such as Tizen, GENIVI, and Automotive Grade Linux, also use (or can use) the audio server. One would think they and others might have an interest in having a full-time PulseAudio maintainer.

It is a dilemma for the free-software world. Our projects will be much better off with full-time maintainers, and lots of projects already have that thanks to various companies in our community, but what should be done for projects that fall through the cracks? Though it is early going for Kaskinen, it is hard to see Patreon-based campaigns being the ultimate solution, though they can certainly help.

The free-software community itself, or at least the individuals who make up a large chunk of it, seem unlikely to be able to solve this problem directly. While that may be unfortunate at some level, the reality is that millions of folks, all over the world, with varying income levels and even awareness of how the software they use comes about, probably cannot be relied upon to directly fund these kinds of projects. For that, it will take organizations and/or companies to help identify, and ultimately fund, maintenance of critical desktop infrastructure.

Plenty of that infrastructure is being funded, of course. The major desktop environments have companies or groups of companies that employ the maintainers, developers, and others for those projects. Web browsers are in good shape, overall, as are some of the office and productivity suites. But there is a second tier of applications (and plumbing in the case of PulseAudio) that may not be receiving the attention it deserves and, perhaps in some cases, requires.

The urgency that Heartbleed provided is probably never going to occur in the Linux desktop realm, however. There is less monoculture and vastly less of an installed base. Android is, of course, a much bigger target, but has a large company behind it and doesn't use much from desktop Linux (other than the kernel).

The kernel model for maintainers seems to work quite well, overall. Companies employ maintainers of various subsystems to, essentially, continue maintaining. Those companies get the benefit of having those people on their staff as well as the benefit of a better-maintained kernel for themselves and others. But the kernel is unique; other parts of our free-software desktop infrastructure are not so centrally placed, thus not so well-maintained.

One hopes that Kaskinen can find enough patrons to meet his modest needs to continue with his work. But it would be better still if we could find a way as a community to make it possible for maintainers (and others) to do their work without giving up all of their free time—or their savings.


Index entries for this article
SecurityDesktop


to post comments

Maintainers for desktop "critical infrastructure"

Posted Jan 12, 2017 2:39 UTC (Thu) by tanuk (guest, #71154) [Link] (3 responses)

Thanks a lot for this article!

I'd like to correct one bit:

> So far, Kaskinen has attracted 18 patrons who provide $77 per month, which approximately covers his rent according to the Patreon page. His needs are rather modest, as he is looking for $340 per month.

I think my needs are modest, but not quite that modest! Patreon encourages creators to define goals, and I have set three goals: $340 (rent), $590 (rent+food) and $1000 (all basic living expenses). Only the next goal is shown on the default view, so this mistake is understandable, and the description I had set for the goal was easy to misinterpret. I have now updated the goal description, hopefully making this a bit more clear.

Maintainers for desktop "critical infrastructure"

Posted Jan 12, 2017 12:51 UTC (Thu) by GoodMirek (subscriber, #101902) [Link]

Thanks for your effort. I have just subscribed to your project on Patreon.
Fingers crossed!

Maintainers for desktop "critical infrastructure"

Posted Jan 12, 2017 13:01 UTC (Thu) by aleXXX (subscriber, #2742) [Link] (1 responses)

I think you should (at least) double your goals there, it will look better (while still very modest), and maybe you'll collect more.

Maintainers for desktop "critical infrastructure"

Posted Jan 12, 2017 13:57 UTC (Thu) by tanuk (guest, #71154) [Link]

Yes, maybe it does look kind of bad to ask for much less than a typical software engineer salary. However, the fact is that around $1000 comes the critical point where this becomes sustainable - I don't really need more than that. Thanks for the suggestion anyway, I now added another goal at $4000.

Maintainers for desktop "critical infrastructure"

Posted Jan 12, 2017 10:01 UTC (Thu) by bernat (subscriber, #51658) [Link] (1 responses)

If Patreon could subdivide income to various people, someone could set a Patreon that would divide its income to the various other people based on some "market share". That's quite a reach, but figures from Debian popcon or other similar sources could be used to define the market share. This Patreon would provide a better visibility than invidual ones.

Maintainers for desktop "critical infrastructure"

Posted Jan 12, 2017 13:55 UTC (Thu) by ehiggs (subscriber, #90713) [Link]

This is really difficult as packages like leftpad or fart noise apps would be overrepresented versus their effort or actual value.

Maintainers for desktop "critical infrastructure"

Posted Jan 12, 2017 13:32 UTC (Thu) by IanKelling (subscriber, #89418) [Link] (1 responses)

A link to his patreon link (https://www.patreon.com/tanuk) belongs in the article. When it got to that part I was wondering why no link... just a blog link? huh?

Maintainers for desktop "critical infrastructure"

Posted Jan 12, 2017 14:50 UTC (Thu) by jake (editor, #205) [Link]

> A link to his patreon link (https://www.patreon.com/tanuk) belongs in the article.

And is. In the last sentence of the first graf, anchored at "help fund PulseAudio maintenance".

thanks,

jake

Maintainers for desktop "critical infrastructure"

Posted Jan 12, 2017 13:32 UTC (Thu) by bkuhn (subscriber, #58642) [Link] (5 responses)

I encourage projects like this one to join Conservancy or another fiscal sponsor that can help their project raise money which can then be used to fund the developers.

Conservancy has at any time 4-6 developers for various member projects on monthly contract, which are funded via charitable donations. The Patreon model has worked pretty well for artists and musicians, and I hope that Kaskinen can be successful through it, but sometimes the assistance of a professional non-profit fundraiser can make the difference in reaching the level you want.

I agree with Jake that Kaskinen's request is modest, and it's actually much less than the typical contract Conservancy does with member project developers. Most projects with serious name recognition can pretty easily raise that much through a fiscal sponsor. I encourage PulseAudio to apply to Conservancy and other fiscal sponsors (like SPI) to see if it's a good fit!

Maintainers for desktop "critical infrastructure"

Posted Jan 18, 2017 16:13 UTC (Wed) by paulj (subscriber, #341) [Link] (4 responses)

The Software Freedom Conservancy is a great idea. I've had people recommend it to me before.

One issue though is, once entered to it, a project's assets can apparently only ever be transferred to another US 501(c)(3) - I assume a (very reasonable) US IRS requirement. What if a projects' members are all or largely European and wanted later to form a European NPO (e.g., UK) to hold assets instead? It seems like joining the Conservancy now would make it very hard for a project to extricate itself from US tax law later?

Maintainers for desktop "critical infrastructure"

Posted Jan 19, 2017 13:38 UTC (Thu) by Wol (subscriber, #4433) [Link] (3 responses)

While it might be a bit of a pain, you set up a European non-profit, get your funding pledges swapped over, and let the US 501 burn itself out.

I don't know exactly the implications, but the setup that US funds can only be transferred within 501(c)s is mirrored somewhat under UK charity law. But setting up a new entity and transferring staff and on-going income across is not an uncommon situation - often for fraud unfortunately leaving the liabilities behind - and shouldn't be that difficult. It's called "doing a Phoenix" or similar. And provided you're open, transparent, and DON'T leave a trail of abandoned liabilities behind you, it's unlikely to cause a problem.

Cheers,
Wol

Maintainers for desktop "critical infrastructure"

Posted Jan 19, 2017 13:49 UTC (Thu) by paulj (subscriber, #341) [Link] (1 responses)

That certainly sounds a possibility. I'd still be concerned about non-depreciating project assets like domain names though.

I guess you could have a dormant UK non-profit (note: not a charity / 501(c)(3)) to just park assets in, and have all the business that can 'turn over' under SFLC. You could share the 'officers' between the EU non-business-conducting holding NPO and the project under a conservancy like SFLC (assuming SFLC thought it acceptable, of course).

Maintainers for desktop "critical infrastructure"

Posted Jan 27, 2017 18:33 UTC (Fri) by pehjota (guest, #91496) [Link]

Just to note, SFLC (Software Freedom Law Center) != Software Freedom Conservancy.

Maintainers for desktop "critical infrastructure"

Posted Jan 29, 2017 20:43 UTC (Sun) by bkuhn (subscriber, #58642) [Link]

If you'd like to apply to Conservancy, write to <apply@sfconservancy.org>.

As to your question, 501(c)(3) charities in the USA are able to make grants around the world, and thus can pay developers in virtually any country to carry out work that is within the mission of the project.

Nearly all Conservancy projects are international in scope and we've never had a problem.

It's true you can't simply transfer funds to a non-501(c)(3) entity, but you are allowed to stop taking donations at any point of the project leaves and simply spend remaining funds on valid 501(c)(3) program work.

This is what Conservancy did with jQuery project when they formed the jQuery Foundation, which was a 501(c)(6) and could not accept transfer of assets. Remaining jQuery funds at Conservancy were spent on 501(c)(3)-appropriate activity in the jQuery community.

Maintainers for desktop "critical infrastructure"

Posted Jan 12, 2017 13:38 UTC (Thu) by IanKelling (subscriber, #89418) [Link]

Shoutout to https://snowdrift.coop/. Launching soon (tm).

Maintainers for desktop "critical infrastructure"

Posted Jan 12, 2017 13:44 UTC (Thu) by mjthayer (guest, #39183) [Link] (3 responses)

Android tablets are looking more and more like desktop systems these days. How much sense would it make to share effort there? I understand (but may be wrong) that enough of that is open source to provide basic critical desktop infrastructure. Though I suspect that it might be hard to reconcile Google's desire to set the direction with other people's.

Maintainers for desktop "critical infrastructure"

Posted Jan 13, 2017 9:43 UTC (Fri) by intgr (subscriber, #39733) [Link] (2 responses)

> How much sense would it make to share effort there?

There are working ports of PulseAudio to Android, also implementing some Android audio APIs: https://www.freedesktop.org/wiki/Software/PulseAudio/Port...
This is probably outdated by now, but here's a comparison between PulseAudio and AudioFlinger from PA's perspective, which suggests there would be some benefit to Android: https://arunraghavan.net/2012/01/pulseaudio-vs-audiofling...

But the main sticking point appears to be the license. Google won't touch any piece of software with an (L)GPL license (except the kernel). And given the stranglehold Google has on Android development projects, adopting AudioFlinger for Linux desktop would be insane.

Maintainers for desktop "critical infrastructure"

Posted Jan 13, 2017 17:24 UTC (Fri) by raven667 (subscriber, #5198) [Link]

In a perfect world we would be able to get Google and Canonical on-board with the rest of the community and then would have plenty of resources to keep all the infrastructure well maintained and up to date with modern hardware. Google AudioFlinger vs. community PulseAudio and Google SurfaceFilinger vs. Canonical Mir vs. community Wayland are held apart not only for technical compatibility reasons but mainly due to (L)GPL license avoidance and ownership desires, Google and Canonical want to "own" their respective technologies and not have shared ownership a-la kernel.org Linux.

Maintainers for desktop "critical infrastructure"

Posted Jan 21, 2017 1:50 UTC (Sat) by njs (guest, #40338) [Link]

> Google won't touch any piece of software with an (L)GPL license (except the kernel).

And now Java.

Maintainers for desktop "critical infrastructure"

Posted Jan 13, 2017 14:17 UTC (Fri) by amarao (subscriber, #87073) [Link]

I think Valve, and the rest of the newly-risen linux-gaming industry are those commercial companies with business interest in PA. If I ware their I would crete something like CII for core pieces of desktop infrastructure. Faster wayland/vulkan adoption, PA, pressurizing NVIDIA, thousands of libraries used by almost all current multimedia applications in Linux, etc...

Done

Posted Jan 14, 2017 0:38 UTC (Sat) by boog (subscriber, #30882) [Link]

I signed up. I listen to music all the time on my computer...

Maintainers for desktop "critical infrastructure"

Posted Jan 16, 2017 14:25 UTC (Mon) by Seegras (guest, #20463) [Link] (6 responses)

How critical is pulseaudio exactly? I do have it running sometimes, but I can do most I need just with alsa.

Maintainers for desktop "critical infrastructure"

Posted Jan 16, 2017 15:10 UTC (Mon) by anselm (subscriber, #2796) [Link] (5 responses)

PulseAudio is pretty critical if you want stuff like an intermittently connected Bluetooth headset, webcam microphone, or TV set with HDMI audio to work out of the box. It can manage these conveniently and do things like hand off audio streams from one of those devices to another in mid-play.

Many people think that that sort of thing ought to work on a desktop system, but if your audio setup is quite static and you are never confronted with the issue in the first place, you can probably get away without PulseAudio.

Maintainers for desktop "critical infrastructure"

Posted Jan 19, 2017 13:42 UTC (Thu) by Wol (subscriber, #4433) [Link] (4 responses)

Our home system is multi-user. We'll typically have three or four people logged in on vt7, vt8 etc. And as soon as the currently active user does something with sound it (often, not always) kills sound from other sessions. Not (always) welcome behaviour.

My system doesn't have PulseAudio - I gather that would give us far more control over what happens.

Cheers,
Wol

Maintainers for desktop "critical infrastructure"

Posted Jan 19, 2017 15:12 UTC (Thu) by cortana (guest, #24596) [Link]

I believe pulseaudio closes the sound device when the session in which it is being run goes inactive (on VT switch). So only the currently active session is able to play sound.

Maintainers for desktop "critical infrastructure"

Posted Jan 19, 2017 15:41 UTC (Thu) by zlynx (guest, #2285) [Link] (2 responses)

Most distros don't let multiple users play sound at the same time. Their vision of multiple user is the "Switch User" ability, and they try to set it up so sound, input and GPU devices change ownership to the currently active user.

With some development effort you could fix that. PulseAudio for example, has a system daemon mode. Disable the per-user pulse daemon, use the system level one, fix the socket access permissions, etc, and you could play audio from all users at once.

Maintainers for desktop "critical infrastructure"

Posted Jan 24, 2017 19:25 UTC (Tue) by ajmacleod (guest, #1729) [Link] (1 responses)

The multi-user system setup described is certainly something PulseAudio promised to provide, but I quickly got seriously disillusioned when I actually tried to get it working in real life. Perhaps it was just that I was too early an adopter (this was a few years ago now) but the lack of factually accurate, readable documentation on PulseAudio was utterly atrocious; none of it made any sense and much of it was conflicting. (The alternative at the time, ESD, had some fairly serious drawbacks and couldn't compete on features but at least it was possible for normal people to configure and get working.)

In the end I wiped every vestige of PA from my system; at least single-user sound worked much more efficiently and I was happy to be rid of another layer of useless bloat.

By way of comparison, JACK was comparatively simple to get working and did exactly what it promised.

Maintainers for desktop "critical infrastructure"

Posted Jan 25, 2017 9:00 UTC (Wed) by anselm (subscriber, #2796) [Link]

By way of comparison, JACK was comparatively simple to get working and did exactly what it promised.

Yes, but JACK and PulseAudio cater to completely different use cases, and therefore comparing the two is essentially comparing a fairly simple apple to a pretty complicated orange. The oft-reviled Lennart Poettering explains this in more detail.

Maintainers for desktop "critical infrastructure"

Posted Jan 19, 2017 14:03 UTC (Thu) by stqn (guest, #103999) [Link]

This is one reason why a universal basic income (sufficient to live decently) would be awesome.

Maintainers for desktop "critical infrastructure"

Posted Feb 4, 2017 10:37 UTC (Sat) by toyotabedzrock (guest, #88005) [Link]

A tax on the amounts they pay for other things to be fixed/added.


Copyright © 2017, Eklektix, Inc.
This article may be redistributed under the terms of the Creative Commons CC BY-SA 4.0 license
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy