Microsoft opens a "high priority" bug ticket in ffmpeg, attempting to leech the free labour of the maintainers
trac.ffmpeg.org
Microsoft employee:
Hi, This is a high priority ticket and the FFmpeg version is currently used in a highly visible product in Microsoft. We have customers experience issues with Caption during Teams Live Event. Please help
Maintainer's comment on twitter:
After politely requesting a support contract from Microsoft for long term maintenance, they offered a one-time payment of a few thousand dollars instead.
This is unacceptable.
And further:
The lesson from the xz fiasco is that investments in maintenance and sustainability are unsexy and probably won't get a middle manager their promotion but pay off a thousandfold over many years.
But try selling that to a bean counter
FFMPEG is a core technology. You literally cannot do anything with video without touching FFMPEG at multiple places in the stack.
The fact that we have billions of dollars of revenue flowing through that software every day, but we rely on VOLUNTEERS to maintain it shows exactly how hollow the whole SV entrepreneur culture really is.
Bunch of fucking posers wouldn’t know performance code if it kicked them in the face.
Exactly: I'm not mad about important things being run by volunteers -- arguably, that's a good thing because it means project decisions are made uncorrupted by profit motive -- but I am mad about the profit being reaped elsewhere on the backs of their free labor.
@grue @vzq this is such an interesting space. The general public has no idea how much of their software relies on open source code and voluntary community contributions. There have been so many attempts to figure out a way to compensate these maintainers, but it doesn't seem like anything has really become the defacto solution. Open Collective and Tidelift are the closest things I can think of.
OBS seems to be funded by the likes of Meta, Google, Amazon, AMD, Nvidia, etc. despite being unaffiliated.
@grue @vzq The key is that these folks are supposed to have both freedom & power to set direction independent of corporate shit, *and* compensation for their labor.
Argue-er here, chiming in. This statement could be interpreted as considering only half of the central relationship of capitalism. (Capitalism isn't just about deriving profit from the control of surplus, it's about the relationship between surplus and scarcity. Surplus doesn't mean shit if no one wants what you have.)
The decisions that volunteers make may not be motivated by the desire/ability to make profit, but they can be (and often are) motivated by the opposite; they have to account for the fact that their volunteer work is labor that isn't contributing to their survival -- aka, their day job. The demands placed on them by their other responsibilities will have to take precedence over the volunteer project.
In practice, this means they have to take shortcuts and/or do less than they would like to, because they don't have time to devote to it. It's not exactly the same end product as if it was profit-seeking, since that can tempt maintainers into using dark patterns etc, but they're similar.
Ideally, they would have all the money they needed, didn't have to have regular jobs, but also had families/friends/hobbies that would keep them from over-engineering ffmpeg.
To say this in a simpler/shorter way (TD;DR), their decisions can be motivated by the fact that they aren't making money from it, don't have enough time or resources to do everything they might want.
(Why is this so long?? I'm bored in the train, gotta kill the time somehow..why not say in 1000 words what I could have said in 100)
Interesting point! I'm not sure that that motivates the quality or type of decisions so much as the mere quantity, though. (In other words, I agree the pace of development suffers, but I'm not sure the quality of the end result does.)
They're not going to invest in it if they don't own it, and frankly I'm happy they don't.
Those same companies tell you that their products that you paid for don't belong to you. You are just buying a license to use them. Sadly, this asinine concept is spreading even to hardware markets.
I think it's fair to ask them to take their own bitter pill. They should also invest without owning.
You mean JavaScript right?
These days it's all about Python, with AI being the hype and all. JS can at least try to compete.
QuickTime has entered the chat
This seems like a "you" problem, Microsoft, and since you employ thousands of programmers with the experience to solve your problem and commit the change back to the FOSS project, I think this is also very easily a "you" solution as well.
This is pretty funny, kinda suggests they have no faith in the engineers they work with... ffmpeg is an awesome piece of work, but if it's a bug they can repeat to some level, then like you said, it 100% a them problem!
E: oh, was thinking it was a pm raised it, but seems it was possibly one of their developers, brutal....
It seems like ffmpeg made a breaking change to their API, and I expect a lot of users to have problems.
On one hand that's fair, but on the other hand Microsoft is the biggest name in software development and ffmpeg is a volunteer gig, this is probably a problem the megacorp can handle.
But then it'd cost them money.
It is frustrating that people no longer stop and think about the money anymore :(
They offered a one time gift in the thousands of dollars. They were planning to do that anyway.
It's so ridiculous that this isn't even brought up:
Gotta love being a forced beta tester... I mean customer.
That does kind of admit what we all suspected about Microsoft's QA since they fired the whole testing team in 2014.
Meanwhile Google has always just forced you to go to Google Groups to log bugs in production software.
If the live version is already broken, there isn't much to lose deploying the fix as soon as possible. Not sure what else they could have done here.
Yup. Shits fucked. Do what you can. Lol
There are likely other changes made since they released that version to their customers, so the risk is other things in addition to the current thing get broken.
There is zero chance that they'll just build from the latest main branch and release that tomorrow. Or that whatever build they make goes directly to general distribution.
They'll make a build from the last release plus this patch and send it to a few customers who have complained. Then they'll think about making a release with this and perhaps other bug fixes.
If the Microsoft person making this request can’t update a command line switch, I seriously doubt they will try to build from source with a patch.
isn't that what a canary release essentially is?
Man, must be rough to be an MS engineer and do work in public. Ignoring the financial aspect, can't say I've never had a similar ticket and resolution.
Can't reproduce bug. Closing ticket.
It's what Microsoft would do in the same situation. It's only fair
I understand you are having a problem with ffmpeg.
Firstly, I will need you to open a command prompt and run SFC /scannow.
And then reboot your PC.
And then run SFC /scannow again.
And reboot again.
Until you give up and reinstall Windows.
-Microsoft MVP
I tried all that but accidentally installed Linux at the last step, but it seems to have fixed the issue so I'm suggesting it as a functioning workaround to all of my colleagues
You forgot when the boot loader forgets where it placed your boot partition and you get to do a few rounds of bcdedit /h /s /gofuckyourself
have you tried restarting explorer yet?
Also, did you install all updates? Did you already accept Edge as your new web browser?
have you tried pressing shift + alt + T + f24 yet? It resets the shitfart dongle adapter.
I figured they would just run
sfc /scannowand then sit staring at their screen bewildered when it inevitably does nothing.New decoder... who dis?
As if microsoft ever tries to repro anything... Just refer them to some of the most clunkiest and convoluted sites ever, where it should say to just reboot three times and hope for the best.
Got that's fucking brutal. This isn't even asking them to fix a bug, it's just basic help-desk shit.
I'm sure Microsoft has some good devs that are a net benefit to the open source projects they use, but this is not one of them.
If you've ever been forced to use Teams you must already know they scraped the bottom of their talent barrel for the team that works on it... The software is shit, riddled with bugs to the point where at one point I used to only be able to use teams on my browser because the desktop app just decided to never let me access the text chat, and the browser version I would load it would be a white screen and I would have to refresh 3 times for it to load. But at least it worked after those 3 refreshes. And it was exactly 3 refreshes every single time, never 2, never 4, and 5 was right out. It was always without fail 3 refreshes. Whether loading from Firefox, Chrome, or Edge. Fortunately we don't have too many meetings with people using Teams these days, so I haven't had to use it in a while, but its easily in my top 5 worst software I've been forced to deal with. Maybe Top 3. But its still miles behind Magento. Fuck Magento, just thinking of it right now gets my blood pumping and I refused to work with it ever again about 10 years ago... Fuck Magento. Teams is at least a distant 2nd or 3rd to that. Absolute crap.
I'm convinced it's the whole B-2-B software world at this point. The shit starts at MS (or any of the FAANGS) and rolls downhill to everyone else.
We're working on a huge Dynamics 365 thing at work, and one of the third parties we use for automated testing is just.... the product seems barebones, is clearly built on top of open source automated testing tool, and is riddled with indicators that barely anyone works there, from the AI help bot to the "submit a ticket and we'll assign it eventually" approach to all other interactions.
I looked them up on Linked In and 12 people work there. 8 of them have C-suite or VP titles, and 4 of them are interns from a local university. This is the state of all modern tech: a board room full of investors, a website, and a product barely glued together from FOSS parts by interns. If you wonder why everything feels like a scam now it's because it is.
Name and shame!
I wouldn’t be surprised to find out it’s Atlassian/JIRA
Found the guy who created the FFMpeg ticket on LinkedIn. Job title: "Principal software engineer", saying they are "A detailed, analytical Software Engineer with Eighteen years of experience". 18 years?! Fuck me dead...
So I had two interviews at a Dynamics 365 partner, until they ended up restructuring internally and said they'd "get in contact if they have need for new devs"... Then later I interviewed at an Odoo partner, got the job and ya know what? I'm glad I didn't get the Dynamics 365 partner job. Not only is our core product FOSS, it actually feels pretty nice as an end user too.
You probably can't change things at your job, which sucks, but anyone looking at ERP solutions should probably consider Odoo as an option.
There's a reason Teams is/was shit.
The first teams was written in AngularJS (which is a slow to run resource hog, but fast to develop) wrapped in Electron. It was kind of a minimum viable product, just to build something quickly to get some feedback and stats on what people needed.
The plan was to build a new native version of teams and build it into the next windows while having an web fallback (built on react) for everyone else.
They stopped working on the original teams and started working on the new versions.
They got half-way through working on the native and react versions when suddenly, covid happened.
They couldn't keep working on the new versions because they wouldn't be ready for a while, so they had to go back and resume development on the old one, introducing patch after patch to quickly get more features in there (like more than 2 webcam streams per call).
Eventually covid subsided and they were able to resume development on the new teams versions.
Windows 11 launched with a native teams version (which has less features but runs super quick), and the new react based teams (which can now be downloaded in a webview2 wrapper) has been in open beta since late last year (if you've seen the "Try the new Teams" toggle, then you've seen this). The React+Webview2 teams will replace the AngularJS+Electron version as the default on July 7th.
"New Teams" has been so painful for me, but if I understand correctly that is because my work is still on Windows 10. The Windows 11 version works better than the React version?
The windows 11 teams runs better, but if you're using a school or work account, you need to use the old AngularJS+Electron version, or the new React+Webview2 version.
So for the time being, the Windows 11 teams is more catered for personal use only. It's kind of like a modern reboot of Microsoft's old MSN Messenger. It was included in Windows 11 (rebranded as "Chat") but it's been unbundled from Windows 11 installs and I think rebranded again. But not having the school/work account support means not a lot of people use it.
The transition between the AngularJS+Electron version and the React+Webview2 versions is happening now. At some point soon, anyone who is running an OS too old to run the new teams will be forced to use the browser version.
So after their transition, we'll have to wait and see if they add the school/work account support to the native version because everyone using teams right now only uses those accounts.
So what do microsoft's crack teams working at? typescript? xbox? vscode? Because those are the smoothest microsoft products I tried so far. The rests seem to get the bottom of the barrel these days.
Seems like they are mostly trying to pawn off their issues onto unpaid volunteers instead of doing any actual development.
Lmao even after providing a well explained answer, they still had to manually add the flag to their command for them.
You got this dumbass at MS and then you've got the other MS guy who's a god damn hero that very well might have saved the world atm lmao
Jon Skeet? He’s my hero, but he hasn’t worked at MS for quite some time I believe.
He’s talking about Andres Freund, who uncovered the OpenSSL backdoor that was slipped into liblzma from the xz malicious maintainer. Dude saw a valgrind error and a function with a fixed runtime was taking too long and using too much CPU and reversed out and saved a major ssh backdoor from going upstream as Fedora was going to release it just days later.
I highly doubt that he works at Microsoft since his username is Elon Musk.
Found the guy who created the FFMpeg ticket on LinkedIn. Job title: "Principal software engineer at Microsoft", saying they are "A detailed, analytical Software Engineer with Eighteen years of experience". 18 years?! Fuck me dead...
That's the level of an intern that has never even seen a command. Imagine not being able to literally cat a string with another string, aka. add -data_field first to a command.
I'm sure they do too, but I've been surprised many times by the former coworkers I've learned have ended up working for Microsoft. To put it politely, they were generally not the best programmers I've ever worked with.
It’s basically the new IBM.
Raymond Chen. Hilariously enough, his best blog posts involve him jumping through hoops for MSFT customers with support contracts.
That, but they couldn't even insert the advised parameter to the command themselves, instead they had the capacity to basically demand improvement to the documentation, from those "filthy ffmpeg developers"
Tell Copilot to fix it.
This is what new agentic AI looks like
"A failure to plan on your part does not constitute an emergency on my part." -Someone hopefully working on ffmpeg.
Wow now that is a quote I'm going to steal. Wondering if "A failure to understand on your part does not constitute an emergency on my part." has the same punch or is as relevant... anyway, thanks for sharing!
Does that go for the xz vulnerability too? Wasn't it a Microsoft dev who discovered that?
In this case, it's actually Microsofts fault. There is no bug in ffmpeg, Microsoft just didn't properly use it
the xz vulnerability was done through a superflous dependency to systemd, xz was only the library that was abused to use systemd's superflous dependency hell. sshd does not use xz, but systemd does depend on it. sshd does not need systemd, but it was attacked through its library dependency.
we should remove any pointless dependencies that can be found on a system to prevent such attacks in future by reducing dependency based attack vectors to a minimum.
also we should increase the overall level of privilege separation where systemd is a good bad example, just look at the init binary and its capability zoo.
The company who hired "the" systemd developer should IMHO start to really fix these issues !
so please hold your "$they have fixed it" back until the the root cause that made the xz dependency level attack possible in the first place has been really fixed =)
Of course pointing it out was good, but now the root cause should be fixed, not just a random symptom that happened to be the first visible atrack that used this attack vector introduced by systemd.
I don't get why they don't propose a fix themselves.
99% morons, that's why...
Why spend money when you can bully people?
I see what you're saying, but no one is being bullied here.
Not really but Microsoft being pushy without wanting to pay for a support contract is kind of on par for that shit company.
Microsoft also makes like half of the languages and dev tooling that every piece of software depends on. Microsoft is certainly problematic but I would not consider their support or attitude towards open source projects in general to be.
You're kidding, right? Especially on open source?
Embrace, extend, extinguish. THAT is Microsoft, so if tomorrow that company burns to the ground, the world will be a little better.
Lmfao, it's honestly hard to tell whether people on Lemmy are genuine old heads still stuck in the past or just young ones blindly repeating what they've heard that sounds edgy.
There hasn't been an example of Microsoft EEEing something in 20 years. You could literally be in college right now and the past time Microsoft even tried to sabotage an open source project would be before you were born.
To casual tech enthusiasts who want to fit in with die hard open source enthusiasts it's cool to hate Microsoft, for professional software developers who have seen what say, JavaScript was like before and after Microsoft started working on it, we have a bit of a more nuanced view of them.
Lack of faith in their own talent?
Probably cause the software engineers writing a high level chat app in TypeScript don't have the skills or knowledge to fix a bug in a C++ video decoder.
Maybe microsoft should try reinstalling windows.
Have they turned it off and on again?
Can someone enlighten me why a one-time payment of a few thousand for a bugfix is unacceptable? I feel like I'm missing something.
I think the maintainer just viewed the bug report as tone deaf. Microsoft is a trillion dollar company and apparently relying on this library without a support contract. Then they a open a high priority bug item. The maintainer saying it's unacceptable is them basically saying they won't prioritize any work unless there's an existing support contract and that they don't do one off payments for bug fixes, which I think is fair.
I think this mentality shows a clear dissonance between how maintainers are licensing their software and what are their expectations in terms of retribution from users of their software.
If they release a software package with a license that explicitly states that they allow the whole world to use it freely without any expectation if return, they cannot complain afterwards that some particular people in the world end up using it.
Likewise for bug reports.
If they want to get paid because the software they have been releasing to be used freely by everyone is being used freely by a specific company then they need to get their shit together and release it under a license where they explicitly state their terms. This is crítical for everyone involved, specially end users, because we need clarity on these terms.
I'm not really sure what you're saying here. Microsoft have every right to fix the bug themselves and the maintainer has every right not to. Open source software doesn't come with a warranty in most licensed.
Yes, it does. You do too, and so do I.
Does it make sense to you for me to attack you for this?
And how about any person submitting a bug report? Is it ok to pile up on them for not fixing it themselves?
If you change the names, is your attitude any different? If it is, then you have a problem on your hands, and it's a personal problem.
It's not that they made a big report. It's that they, a multi-billion dollar company, had the nerve to mark it as "High Priority" and request that a volunteer fix it for them so their proprietary commercial product would work. It's that they do nothing for the project but expect the world from it. That's the problem.
I've got nothing against bug reports, infact I've made some myself, they help development. Demanding they are fixed is a different thing entirely.
Sorry if my previous comment sounded like an insult.
Why do you think this is even relevant? Again, does your attitude towards a run of the mill ticket change if you change who filed it? Why are you outraged because some random grunt from company A or B filed an issue instead of random joe X? Would you be commenting here if the very same person who filed the issue had done so with a personal account without identifying or disclosing their employer?
I'm sorry, where does ffmpeg demand contributions or retributions from anyone who downloads or distributes their project? Aren't they explicitly distributing their work without asking anyone to do or give anything in return? I mean, isn't that the whole point of FLOSS?
More surprisingly, we see guides on how to contribute to FLOSS projects which state in no uncertain terms that filing bug reports and even run exploratory tests to give feedback to maintainers counts as contributing to the project, but somehow you've flipped over even the core principles to make it sound like a cash grab.
You still are not reading what I said correctly. The problem is they said in the bug report that it is "High Priority". That's a bit pushy. It's up to the maintainers to work out what's "High Priority". You completely missed the point.
Yeah way less pushing than most bug reports I see, but just sounds like a panicked guy
Yes certainly some nasty reports out there. Even the reviews that show up in GNOME software are a bit nasty
You are right, nothing is relevant except bootlicking corps
This is really not about "corps".
You eager-to-be-outraged types are desperately trying to make a storm in a tea cup over a normal bug report filed among hundreds of bug reports.
Again, if you replaced the name of those filing the bug report with "random joe", would you still have faked all this outrage? Would you throw the same tantrum if it was even any other business?
I'm not outraged, I'm telling you "Your position that they are acting normally, or ethically, or optimally or whatever your position is, is dumb."
I don't think the ffmpeg maintainer is complaining that Microsoft is using ffmpeg, rather that they are opening "high priority" bug reports based on customer complaints. This might be a high priority problem for Microsoft but that does not make it so for ffmpeg.
The license allows Microsoft to use ffmpeg but they aren't entitled to demand free labor from the project. Really, no one is entitled to do so, but Microsoft being a large company who can definitely afford to put money or talent on the problem makes it only that much more egregious.
edit: I would note that asking for help or reporting a bug is usually welcome, the problematic part is demanding help because it's a high priority issue for YOUR customers.
Users can only assign priority to issues they create themselves if they are explicitly authorized to assign priorities.
If you provide access to that field but then complain that bug reporters use that field, you're complaining about how you misconfigured your service, not how end users are using it.
Are there any other people targeted in this sort of complain, or is a specific company being singled out just because some low-level grunt filled in a field in a bug report?
FYI they're not a "low-level grunt". The bug author's job title is Principal Software Engineer at Microsoft with (at least) 18 years' experience.
Completely disagree. This is how it works, Microsoft get software for free but they have no authority to prioritise other people's scheduling
I don't know where you're getting the prioritization issue. Anyone in the world who is able to create an issue in a bug tracker can claim anything, but it's always the people doing the bug triages who determine priorities. It means exactly as it means: nothing.
The "is this fixed yet" posts in bug reports by now is a meme in the floss world.
I think you're trying too hard to find something to be outraged over.
The scheduling demand thing is referring specifically to the project manager going “we need this for an upcoming major product launch, so you need to fix this before the launch.” It feels like Microsoft cracking the whip to try getting free labor, because it is.
If they truly can’t do without it for their product launch, they can fork it and fix the bug themselves. Surely Microsoft has the resources and brainpower to do so. But the PM didn’t want to do that, because it means they’d be spending their own time and resources on it.
But they have no whip to crack the guy literally just said please help
They made a demand, based on a product launch time line. This is absurdly rude, abd basically treating open source like slave labor instead of commons.
If you read the same bug report I read, you wouldn't make that claim. They expressed their personal needs, which are their own and theirs alone, and don't extend beyond their personal roadmap.
The issue stated they found a bug that they had to get fixed. They said it was important to them for their own personal reasons. It's laughable to describe what amounts to a run-of-the-mill bug report as "absurdly rude".
Do you actually work on software for a living?
I'm sorry, what? Do you even pay attention to what you're writing?
There's a difference between creating something and giving it to the world and being on the hook to help them solve their business problems. A libre or permissive license does not commit the person who released it to making it work for anyone, for any reason. It is in fact the first line in those licenses.
They don't want to get paid for it being used. They want to get paid to continue working on it by people who need them to continue working on it.
I think you're extrapolating things that aren't there. If you had any experience contributing to any semi-successful floss project you'd be ver aware that asking for fixes is as common as filing bug reports. This is not a Microsoft problem, it's a staple of FLOSS project management.
Why do you think it's reasonable to single out a whole company for doing exactly what the community contribution process was designed to be and achieve? On any case you see FLOSS proponents arguing that filing bug reports and troubleshooting problems counts as contributions to improve a project. Yet, here we are attacking someone for doing just that, because of what exactly? Do you think ffmpeg would be in a better shape if the likes of Microsoft didn't reported bugs?
I have experience contributing to a semi successful FLOSS project, one that I'm 100% certain you use daily. Why do people just assume they know you on the internet? What is it, law of averages? "The likelihood this person arguing with me is a nobody is high enough I can assume it." "If they disagree with me it means they don't know what they're talking about." How does this mentality work? You're the third person in a week on Lemmy (which makes it particularly funny) that has just assumed I don't have experience contributing to FOSS software. Do you have experience contributing to FLOSS software? Have you ever been expected to solve other peoples problems for free? I'm asking because I don't know. Maybe you have. I wouldn't want to get egg on my face assuming something.
I'm not talking about contributing. A drive-by PR does not make you a maintainer, nor gets you to triage bugs. The problems I mention are the bread and butter of maintainers engaged in community support, which you would know if you had any semblance of experience in the subject.
And the truth of the matter is that your choice to use weasel words as seaways to a rant to go off on a tangent demonstrates your complete lack of insight and experience in the subject.
Again thinking you know me. Just stop, you're making yourself look stupid.
Imagine if you gave away some old clothes to some Charity and they called you and said "Some of the socks have holes in them and we need you to come over here and fix those holes ASAP because we want to sell them in our used clothes store". What would be your reaction to that?
The expectation of payment is not for the software (which MS already has and is already using, free of charge, same as everybody else), it's for getting priority in bugfix and maintenance work, or in other words, it's for dictating other people's work rather than merelly getting the product of work they, of their own choice and in their own timings, did and gave away for free.
Free software is a social relationship, not a business relationship: the users get what they get because somebody chose to put their own time into it and is giving it out for free. Such relationship does not entitle the recipients of the goodwill of others to make demands on their time, especially if said recipients are actually profiting from what those other people gave away. If they want the right to get to use other people's time as they see fit, then they have to get into a business relationship and that's only going to happen in business terms that both parties are willing to have.
Further, nobody is stopping MS from using their own programmers to fix that problem themselves.
I think your hypothetical scenario doesn't match the issue being discussed in a few key aspects.
You're giving old clothes with no expectation of return. Why then get pissed because someone is using your clothes without paying you for them?
Then,if you make it your point to put up a system for everyone to file tickets pointing problems with the clothes you're giving away, why are you whining that the system is being used as it was designed to be used?
It's perfectly fine if you feel the need to prioritize your work based on your criteria alone, and anyone else's input is at most a suggestion. That's what everyone expects of it, too. But don't throw a tantrum when someone uses your work precisely as you told the world to use it.
I don't think you are able to grok the actual issue, which is a big corp demanding free work, then demanding a pittance to complete the work, then being buthurt when people refuse to work with them.
Where did they demand it?
Learn how to read man.
I guess I can't so can you just quote it?
Nah, do the work yourself.
I looked and couldn't find it, that's why I said what I said
So is the real analogy …
You gave some old clothes to charity, expecting nothing back. However you spotted a lawyer wearing your old clothes so walked up and demanded money?
No no no lawyer came knocking at my door begging me to darn a sock
And of course you said “sorry but I can’t do that right now” and went on with your life , rather than jumping down his throat, then holding a grudge for 11 months?
If the dude was so tone deaf and myopic I'd post a bad review on yelp
The point of my comment seems to have missed you, turned around and done another pass and missed you again.
I get that you're dyslexic but take the time to read what was written before responding.
I'm just dumb, but I don't see how what they said is wrong
Found the PM
It's not that Microsoft isn't allowed to use ffmpeg, it's that they start demanding quick service. When you use an open source product, you get what you get. You can politely ask for a fix somewhere, you can fix it yourself and make a merge request, but being amongst the biggest corporations in the world, you don't go without a support contract yet make demands and then maybe toss in a few thousand dollars, that is just insulting.
Had this been a non Foss product, MS would have a support contract. This just shows Microsofts typical greed.
Where did they demand?
I'm not sure what experience you have in maintaining any somewhat popular FLOSS project, but as I said in other posts the way random users demand features and fixes in these circles already became a meme in FLOSS circles. We're talking about insults and belligerent attitudes towards whole projects in abstract and maintainers in particular, to the point maintainers end up burning out and quitting.
Knowing this, complaining that a particular request was described as high-priority as if this was unacceptable, fully knowing that this doesn't even represent a remark that's out of line given the baseline, is something that makes no sense at all. It sounds as an lame attempt to be outraged about something.
It's one thing to just use the software, it's another to open bug tickets that you expect the maintainer to prioritise. It's free software, the maintainer doesn't have to do anything for you. If they want tickets fixed with high priority, they should work something out with the maintainer.
The problem isnt that ms was using it The problem is that ms wanted special treatment for free because of their timetable, which wasnt even 'oh shit everything broke' but for a fucking product launch as if the maintainers should care about that, treating a fucking charity like a contractor, and really highlighting how all this proprietary bullshit can only exist because of the work provided by open source people.
Microsoft needs to see serious consequences from the open source community for this.
They filed a bug report, with a reproducible bug.
Some guides on how to contribute to FLOSS projects even go as far as listing this as one of the main ways to contribute to projects.
But here you are, describing a run-of-the-mill bug report, filed among hundreds of bug reports, in a ticketing system explicitly opened to the public so that everyone and anyone in the world could file bug reports, as a request for "special treatment for free".
Do you think every single person filing a bug report is asking to be given special treatment for free? Everyone's bug is very important to them too. What makes you think this case is special or even any different?
The report of the bug is not the problem. The prioritization, reasoning for the prioritization, and demand that it be fixed quickly for their product launch was the problem.
The fact that when asked, they offered pay for a spot fix rather than maintenance, essentially abusing the Commons for corporate profit, and being super fucking rude about it, was the problem.
People in this thread are arguing otherwise.
Users filing tickets do not prioritize jack shit. That's not how it works. At best they mention an issue is important to them. Not even in big corporations dealing with internal tickets things work like that. The responsibility of prioritizing work lies on the project owners, exclusively.
Literally what each and every single user affected by a problem asks in their bug reports.
Again, why do you feel this is something that warrants your outrage?
Okay so talk to one of them about it. I'm with you on this part. So bizzaire.
That's not even the issue. Nobody cares that MS is using ffmpeg. It's just rude to have as much money as MS does, integrate ffmpeg into one of their core products, then apparently not know anything about it and file hilariously bad bug reports that are actually just support requests after never contributing anything back.
Like, I've used ffmpeg probably since it was released. I've never given the ffmpeg developers anything, and I expect nothing in return from them. They don't know me, they don't know I exist, they don't know I use their software. I could not reasonably file a support request as a bug like they did and expect to be taken seriously. Why does Microsoft get to have this expectation when they behave the same way? They're a big company who asked ffmpeg to do extra work to support MS's ignorance and laziness, and they didn't even offer an ongoing support relationship. They wanted to throw a few grand at ffmpeg once to make the problem go away. This is completely ridiculous.
Literal nonsense. If someone abuses my bug tracker to act like a clown, I have every right to decline their support requests, even if I licensed my software open source. Nothing in open source philosophy requires you to bend over backwards to cater to every MS project manager's poorly thought-out whims. You're literally just making things up.
From what little we know, it looks like they used it correctly
Priority is guidance from the user. The maintainer always has the decision how they’ll respond. You could have said you don’t have time, you could have said it’s on my queue to look at later, you could have said you don’t provide support.
We're talking about a hypothetical. I'm not the ffmpeg maintainer. The person got help in their thread and everything was courteous. I wouldn't even be rude about it, I just wouldn't hold their hand, and I might make a comment about the value of doing some legwork on your own when an update to a core dependency seems to break something. If this kind of behavior is considered sensible for a project manager at MS, then apparently I'm more qualified to manage projects than a lot of people at some of the largest corporations on Earth.
That is literally the opposite of what you were just saying. You were saying that open source developers can't even complain when responsible people at gigantic corporations file dumb bug reports against their project.
You surely haven't been paying attention to this thread.
Seriously? Is this the argument you're going with?
Unbelievable.
There was no bug to fix, the PM didn't keep up with developments in an (apparently) core dependency and was passing outdated arguments to ffmpeg. The fix was for the project to update how it was passing flags to ffmpeg. They'd rather spend the time opening a ticket on ffmpeg's bugtracker and spend thousands of company money begging ffmpeg to help them, when MS is a massive corporation, is apparently relying on ffmpeg, yet has hitherto established no support relationship and also has developed no internal expertise on ffmpeg
They easily could have opened up the code and looked around to find the problem, or checked the changelog since an update broke it, or just rolled back to the last-known working version until they had time to figure it out, instead they just dumped it on ffmpeg's doorstep like their hair was on fire. FFMPEG's development model is explicitly that they iterate quickly and there are very likely to be poorly documented breaking changes between versions. It's not one you pull a new version of casually.
Ok, this time I read the full ticket, so ….
I love to hate on Microsoft too, but I only see one asshole here
The point is that a multi billion dollar company, known for squashing and sabotaging open source projects, wants a bug fixed quickly. The open source software that they make big money from has an issue and they COULD just sponsor it, get a support contract, whatever, but instead they want priority because reasons?
If it was a random user, then whatever. The entire point is that this is not a simple random user.
Thanks was too lazy to read the actual issue - exactly what i expected
A trillion dollar company using your product in one of their flagship products without a support contract can fuck right off.
Microsoft should be putting up money via the support contract to support the creators in maintaining and further development of their product.
A one off payment might be technically sufficient, it is not ethically or morally sufficient. And to put it in terms shareholders understand.. support contract is cheaper than the cost of an alternative.
Well it depends on the size of the one time payment. A 6 or 7 figure one time payment would likely get a maintainer to do something. But micro$oft should really be paying a long term support contract for sure.
The maintainer is a human that needs to eat every day, and not just whenever their services are needed. So at least, the sum of money would need to be a few times higher than whatever labour the fix takes.
But then, the maintainer's ability to fix these bugs doesn't come from nowhere. They worked on this project for likely a long time, which would also need to be taken into account when agreeing on a sum.
Further, this would be business to business. And those contracts often include the value that the client gets out of the software. So if Microsoft makes billions from this open source library, then the maintainer's - as a business - should receive a payment that reflects this for the fix.
All that implies that a few thousand is not nearly enough. Maybe 100k and the maintainer would budge.
That's perfectly fine.
But the maintainer is indeed explicitly making his work available to the public for free and without any expectation of retribution of any kind, isn't it?
And this isn't exactly something new or recent or novel, right? That's been going on for many years.
What changed? Did anything changed at all, even?
Microsoft is no longer able to outcompete the Free Software commons. That's all.
You might want to re-read the thread and think about how you sound, by the way. You're coming off as a concern troll, not as a member of the Free Software community.
Companies hate giving out cash. Even if it's for software they critically need.
I think for most cases getting the cash is the easy part, and the hard part is getting all the paperwork in place to validate payments to random external entities. If that was easy, nothing would stop any low-level manager from making cash payments to random users with a GitHub account.
All of the other things you mention can be solved with money. In terms of the things that are easy and hard, this very much the former.
The real hard part here is whomever in charge of making the actual decision, to expense a pittance.
I don't think you know what you're talking about, or have any experience working in a corporate environment and asking for funding or extraordinary payments to external parties to deliver something. I even personally know of cases where low-level grunts opt to pay for licenses out of pocket just to not have to deal with the hassle of jumping through the necesssry hoops. You just don't reach out for the cash bag and throw money at things. Do you think that corporations work like hip-hop videos?
I do have some experience. What you are talking about are all internal hurdles, and what I was referring to as the hard problem to solve.
Incurring an expense in order to compensate for a service rendered, which is what the company would need to do in this case, is not difficult.
If you deal with amounts that need special consideration, there are people who do this for you for money. I believe that the correct approach is to show up, and sequentially slide individual banknotes from a densely packed stack in their general direction.
That is by design.
They do whenever the CEO is briefly mildly inconvenienced.
this is true. I tried to donate a small sum to an open source package my team uses a lot. I gave up after weeks of fighting the finance bureucracy.
Long term maintenance. Meaning not a simple bug fix but providing support on demand and possibly prioritizing requests by the contract grantor for an extended period.
Fixing a bug for a fee will create a liability and obligations for the developer. Should you mess it up, Microsoft will have no issue burying you to save even just face.
I can see him getting into a long term relationship that could guarantee the projects survival long-term,(and you at least invest some money for a lawyer to tell you what your are signing on for). For something that would get a few months for the project not so much.
I love how that PM brings up the fact that this is needed for a product launch. Like who cares?
Seriously. What part of "BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION." do they not understand?
I don't see the issus though, opening a GitHub issue isn't suing
Need to add a 'not for use with Microsoft products, including operating systems' clause for a version or two.
I think adoption of the JSLint license's ”This software can oly be used for good and not evil" clause would cover that. I hear IBMs lawyers had issue with it lol
Yes, but they were satisfied when IBM was given a license to use JSLint for evil.
Tasteless! MSFT can have their armies of skilled people do this instead of leeching off FOSS contributions. It’s just not an acceptable move from a profit-driven entity to expect free labor, regardless of the FOSS philosophy of the project!
To be fair, I'm sure this is a lone developer at Microsoft, not Microsoft as a company. A lot of this still absolutely applies, but it's not Microsoft as a company making an official decision to go ask the FFMEPG guys for free shit.
It'd be nice if the guy had an avenue to go to leadership, tell them about the issue, and just ask them to actually fund the guys to work on it.
They did offer a few thousand as a one time purchase so i doubt this is a lone developer.
Companies like Microsoft should really have a fund for fixing open source projects - it's breeds good will, reduces the cost of development, and they in turn get software for much less cost than if they did it themselves.
Like - we are using project X and I want to request a bug fix, they go - estimate your effort in shirt sizes or points or some shit for you to do it.
A bean counter looks at their scale that directly converts effort to cost they have under the table, and they give you a budget to offer the dev of the software as part of the fix request
I think they wanted something more like $10k/year, which seems pretty cheap when you compare it to the price of one employee.
But it seems that it’s actually built in to some part of their software so Microsoft is still responsible as a whole.
Fair! But if someone works in tech, this kind of etiquette is something worth learning
They offered a few thousand dollars, but not a long term contract.
That’s fine, but long term maintenance is the main pain for FOSS projects. I am not sure what’s the right protocol here, though. In general, maybe FOSS projects should start a subscription service for big time companies like MSFT. Why not?
Companies like Suse, redhat, gruntworks, etc etc all offer stuff like that. There is a clear model here. I think libs get little live because contracts are a lot if work so the smaller the contract the less it makes sense (to the people writing contracts).
Maybe open source coop that sells support contracts for libs in bulk deals in the same a farmer coop sells bulk crops from famers all around an area.
I'm honestly in favor of something like that, but when people are saying SSPL isn't FOSS because it supposedly discriminates against different classes of users, we won't get the momentum for people to view any sort of "FOSS except for commercial" license as valid or worth using.
Some such licenses exist (not saying they're good or anything). PolyForm Noncommercial and PolyForm Small Business are two examples https://polyformproject.org/licenses/
I wonder if these trillion dollar companies offer support contracts for astroturfing on social media on their behalf. I can't think of any other way so many people are supporting their sociopathic attitude.
there are companies out there that do this kind of thing.
Cognitive dissonance.
For a lot of people, either they accept "this trillion dollar corporation that controls all my computers, and the programming languages I use, and my code editor, is evil". Or they accept "this trillion dollar company does lots of good things for me and is good".
One is easier to accept than the other.
Old issue, so why post it now make it sound like MS demands something?
It's a regression, so ffmpeg should fix a regression.
What regression? It was a PEBKAC
See https://sopuli.xyz/comment/8474008
I think it's because of that recent security issue, and then the subject of corporations tithing into open source code efforts instead of just using it for freeish, that grew around the discussion of that security vulnerability.
Good, tell leech corporations and specially Microsoft to fuck right off. Pay for it or do it yourselves.
Corporations treat free software as an endless pool of free resources to exploit, pollute, and then shut down.
Or try to take over like Redis
I am confused. I realize this is just a flag change not even a dev problem but PEBKAC, still - in the event of an actual bug, why wouldn't Microsoft have a dev contribute to the project and fix it instead of just opening a ticket?
Filling an issue quickly is good etiquette. Then you can discuss in the ticket the best way to solve/work around.
The devs don't take an issue with the ticket being filed. They're irritated by one particular reply which sounds like "My million dollar product depends on this bug fix. Please do that for me". MS isn't offering a solution. They're asking for one.
To be fair MS offers an amount for the fix. Most companies just bully the devs instead. However, I don't think it's quite fair (though legal) to offer one time payments for a core library that they use.
You assume MS is competent?
Alternative answer: "We understand your issue and will fix it as time and priorities allow. Please note that customers paying for support always get higher priority. Given MS contributions to the project, this ticket was ranked 42nd in our priority list.
Have a pleasant day! FFMPEG support team"
lmao Elon is a FFMPEG maintainer?
Right, I'm confused by that too.
The order of the comment headers is the other way - above the comment it goes with. If you scroll to the top, you can see it better there. The Microsoft person is Zied Aouina
Fucking suits. They don't even care about the bottom-line, they just care about their own salary and benefits.
Pay for support or get fucked M$
CC BY-NC-SA 4.0
This is gold.
Ffmpreg?
Haifong inprurr
Kek
11 months ago
The tweet is from today. The ffmpeg team felt like it needed to be said.
Thanks for additional context. I don't open Twitter links anymore because 3/4 of the time the link doesn't work after Musk made changes
The Elon Musk of Twitter or the Elon Musk in the FFMPEG ticket?
You can try to read through https://archive.today . It's a site archiving site, it has a couple of tricks to evade such restrictions. Not the most private one.. but better than visiting twitter directly.
I didn’t know that site worked for Twitter. I’ve just been using Nitter.
Yeah, me too, but lately Nitter almost never works :/
Maybe Microsoft responded just now to their inquiry
MIT license to make money is bad because of this. You shouldn't make money or ask me for support in first place if you arent sharing earnings bitch. This should be forbidden by law because software is given AS IS.
Maybe OP didn’t share enough context, because this whole thing looks like a big over-reaction on their part.
So what’s going on here? With the information given, Microsoft did what they should have and OP is acting the huge asshole
I think what set them off was the MSFT guy saying "this is high priority".
The rest of the tweets definitely don't make him appear as less of a self-righteous ass.
This actually made me cringe:
What, they just asked, they didn't say they were entitled to it.
lmao didn't know Elon Musk is an ffmpeg maintainer
I wonder if it's the real Elon Musk?
Wtf is a real elon musk? He is not elon musk of tesla. But is not uncommon for multiple people to have the same name.
Poor man it must be annoying to have to introduce yourself as "elon musk,, no not that elon musk" all the time?
It's just someone with the same name
Posted by Elon Musk. Hmm...
@Sibbo I propose a xz style subversion of the code or a dependency, to ensure ffmpeg runs poorly on Windows and Azure.
after looking at the ticket myself i think the relevant things IMHO are:
up to there that person -belonging to M$ or not (don't know and don't care) - behaved IMHO rather correctly, submitting a bug report for something that looked like it, beeing a bit pushy, wanting priority, trying to command, but still formally at least "asking" for help. but at that point the "bug" seemed to have been resolved to me, it looks like the person was either not reading the manual and changelog, or maybe manual or changelog lacks that information, but that was not stated later so i guess that person just did not read neither changelog nor manual.
instead - so it seems to me - that person demanded immediate and free-of-charge consulting of how exactly the switch should be used to work in that specific use case which would imply the dev looks into the example files, maybe try and error for himself just so that that person does not need to neither invest the time to learn use the software the company depends on, nor hire a consultant to do the work.
i think (intentional or not) abusing a bug tracker for demanding free-of-charge enduser consulting by a dev is a bad idea unless one wants(!) to actively waste the precious time of the dev (that high priority ticket for the highly visible already live released product relies on) or has even worse intentions like:
to me this clearly looks like a "different culture" problem. in companies where all are paid from basically the same employer, abusing an internal bug tracker for quick internal consulting would probably be seen as just normal and best practice because the dev who knows and is actually working on the code is likely to have the solution right at hand without thinking much while the other person, who is in charge of quick fixing an untested but already live to customers released product, does not have sufficient knowledge of how the thing works and neither is given the time to learn or at least read changelogs and manual nor the time to learn the basics of general upstream software culture.
in companies the https://en.m.wikipedia.org/wiki/Peter_principle could be a problem that imho likely leads to such situations, but this is a guess as i know nobody working there and i am not convinced that that person is in fact working for the named company, instead in that ticket shows up a name that i would assume to be a reason to not rely too much about names in the tickes system always be realnames.
the behaviour that causes the bad postings here in this lemmy thread is to me likely "just" a culture problem and that person would be advised well if told to learn to know the open source culture, netiquette etc and learn to behave differently depending on to who, where and how they communicate with, what to expect and how to interact productively to the benefit of their upstream too, which is the "real price" all so often in open source. it could be that in the company that rolled out the untested product it is seen to be best practice to immediately grab the dev who knows a software and let him help you with whatever you can't on your own (for whatever reason) whenever you manage to encounter one =]
i assume the pushyness could likely come from their hierarchy. it is not uncommon that so called leaders just create pressure to below because they maybe have no clue of the thing and not want to gain that clue, but that i cannot know, its just a picture in my head. but in a company that seems to put pressure on releasing an untested product to customers i guess i am not too wrong with the direction of that assumption. what the company maybe should learn is that releasing untested and/or unfinished products to live is a bad habit. but i also assume that if they wanted to learn that, they maybe would have started to learn it like roundabout 2 decades ago. again, i do not know for what company that person works -or worked- for, could be just a subcontractor of the named one too. and also could be that the pushyness (telling its for m$, that its live, has impact to customers etc) was really decided by someone up the latter who would have literally no experience at all on how to handle upstream in such situations. hierarchies can be very dysfunctional sometimes and in companies saying "impact to customers" sometimes is likely the same as saying "boss says asap".
what i would suggest their customers (those who were given a beta version as production ready) should learn is that when someone (maybe) continously delivers differently than advertised, that after some few times of experiencing this, the customer would be insane when assuming that that bad behaviour would vanish by pure hope + throwing money into hands where money maybe already didn't help improving their habits for assumingly decades. And when feeding everhungry with money does not resolve the problems, that maybe looking towards those who do have a non-money-dependant grown-up culture could actually provide more really usable products. Evaluation of new solutions (which one would really be best for a specific usecase i.e.) or testing new versions before really rolling them out to live might be costly especially when done throughout, but can provide a lot of really high valueable stability otherwise unreachable by those who only throw money at shareholders of brands and maybe rely on pure hope for all of the rest. Especially when that brand maybe even officially anounced to remove their testing department ;+) what should a sane and educated customer expect then ? but again to note, i do not know which companies really are involved and how exactly. from the ticket i do not see which company that person directly works for, nor if the claim that m$ is involved is a fact or just a false claim in hope for quicker help (companies already too desperate to test products before live could be desperate again in need for even more help when their bad habits piled up too long and begin falling on their heads)
I think you've done a fair summary that deconstructed the simple narrative of "evil corporation steals from the poor". Well, for me it did ;)
That is a key point. To me it is surprising that a developer of such supposed seniority was not aware of (or doesn't care about, or is so pushed for time, or just insensitive to?) the culture differences. That surprise made me jump to conclusions, leading to outrage and frustration.
Deep in my soul I believe Microsoft really is an evil corporation that steals from the poor. But in this specific instance, your summary made me think of Hanlon's razor.