what is the point of libraries now that you can just generate them?
It's a meme as accurate as time. The problem is that our digital infrastructure depends upon just some random guy in Nebraska.
Open-source, by design, is not financially sustainable. Finding reliable, well-defined funding sources is exceptionally challenging. As projects grow in size, many maintainers burn out and find themselves unable to meet the increasing demands for support and maintenance.
Speaking from experience here, as someone who has delivered talks at conferences (see below) six years ago and also took a decent stab at resolving open source funding. The settlement on my land on Kangaroo Island was funded through open-source donations, and I'm forever thankful to the backers who supported me during a rough period of my life for helping make that happen.
Rather than watch a 60-minute talk by two burnt-out open-source maintainers, here is a quick summary of the conference video. The idea was simple:
If companies were to enumerate their bills of material and identify their unpaid vendors, they could take steps to mitigate their supply chain risks.
For dependencies that are of strategic importance, then the strategy would be a combination of financial support, becoming regular contributors to the project or even hiring the maintainers of these projects as engineers for [short|long]-term engagements.
Six years have gone by, and I haven't seen many companies do it. I mean, why would they? The software's given away for free, it's released as-is, so why would they pay?
It's only out of goodwill that someone would do it, or in my case, as part of a marketing expenditure program. While I was at Gitpod, I was able to distribute over $33,000 USD to open-source maintainers through the program.
The idea was simple: you could acquire backlinks and promote your brand on the profiles of prolific open-source maintainers, their website and in their GitHub repositories for a fraction of the cost compared to traditional marketing.
Through the above framework, I was able to raise over $33,000 USD for open source maintainers. The approach still works, and I don't understand why other companies are still overlooking it.
Now it's easy to say "marketing business dirty", etc., but what was underpinning this was a central thought.
If just one of those people can help more people better understand a technology or improve the developer experience for an entire ecosystem what is the worth/value of that and why isn’t our industry doing that yet?
The word volunteer, by definition, means those who have the ability and time to give freely.
Paying for resources that are being consumed broadens the list of people who can do open-source. Additionally, money enables open-source maintainers to buy services and outsource the activities that do not bring them joy.
so what has changed since then?
AI has. I'm now eight months into my journey of using AI to automate software development (see below)
Geoffrey Huntley
and when I speak with peers who have similarly spent the same amount of time invested in these tools, we're noticing a new emergent pattern:
We are reducing open source software consumption and taking dependencies on third parties.
Instead of relying on a third-party library maintained by a developer in Nebraska, we code-generate the libraries/dependencies ourselves unless the dependency has network effects or is critical infrastructure.
For example, you wouldn't want to code-generate your crypto - trust me, I have, and the results are comical. Well, it works, but I wouldn't trust it because I'm not a cryptographer. However, I'm sure a cryptographer with AI capabilities could generate something truly remarkable.
For projects like FFmpeg, Kubernetes, React, or PyTorch, they are good examples of something with network effects. Something that I wouldn't code-generate because it makes no sense to do so.
However, I want you to pause and consider the following:
If something is common enough to require a trustworthy NPM package, then it is also well-represented in the training set, and you can generate it yourself.
why do we have libraries
Humans created libraries to facilitate code reusability. I still heavily utilise libraries internally within the software I develop, but they are first-party libraries, not third-party libraries.
The problem with third-party libraries is that they were designed and built by someone else with different constraints and a different design in mind. When you code-generate your library, you can create it exactly to your needs without any trade-offs.
You also no longer have the Nebraska problem. When you encounter a bug or need a feature added, you no longer need to nag someone who maintains open-source software and seek their permission to get it added, or juggle with Unix patches.
You can just shape, mold, and craft the software exactly to your needs.
The next time you run into an issue on GitHub, I want you to think about why do you even have that dependency and why could you not just vibe code up its replacement and take complete ownership and control of your supply chain.
Yes, perhaps there will be bugs in the code-generated library, but then again, there are bugs in open source software. Open source software is released as is without warranties. When you find an issue, just kick off an agent to resolve it. You no longer need to be dependent on some random person on GitHub.
One positive upside I can see for this approach of code-generating your own first-party libraries is a reduction in blast radius for security incidents.
Consider Log4j and the billions of dollars of damage it caused while everyone was trying to eliminate/update that software dependency from their supply chain.
What if instead of using log4j you had your own logging library, and thus if there's any problems or security issues the blast radius is restricted just to you, not to the entire ecosystem?
My closing thoughts are that perhaps the open source sustainability issue is solved because of two factors:
- There is no open source sustainability issue, as open source was never designed to be sustainable.
- Through AI, companies can reduce their reliance on third-party software and dependence on unpaid individuals, which can lead to maintainer burnout.
I still believe there's a place for open source, and through AI, we're going to see a lot more open-source software being produced than ever before. But the question is, do you need to depend on it?
