Jujutsu: a new, Git-compatible version control system

Usually, there are regulations against selling products under value. It is just that, for some reason unbeknownst to me, these laws never seem to be applied to software.

The usual regulations apply to selling products below the marginal cost of production - if mining 1 gram of unobtanium and shipping it to me costs you $1,500, then you cannot sell unobtainium to me for less than $1,500 per gram; if the mining is $500 of machine time, and shipping is $1,000, that sets your lower bound. However, the cost of finding unobtanium deposits, and of designing and building the mining machine, are ignored for this analysis; it may cost you billions of dollars in analysis to find each gram of unobtanium, or trillions of dollars to design and build a mining machine that works long enough to mine 10 grams before needing replacement, but that's ignored by the rules.

So, for example, you can't sell DRAM chips at less than the cost of making a DRAM chip; you can sell them cheaply, but it must be possible for someone who owns a semiconductor fabrication plant to make DRAM chips at or above the price you sell them for. Note, though, that semiconductor fabs are expensive, but that cost is not taken into account here; it's assumed that you already own one for the purposes of determining if you're selling DRAM chips at a loss, and so what's accounted for is the cost of silicon wafers, dopants, chemicals and electricity (over and above that consumed if the plant is idling waiting for an order) to run the plant for the duration of a batch of DRAM chips, etc.

Software escapes from this because virtually all the cost of software is in the analysis and design phases, which are outside the rules; the marginal cost of one more copy of a piece of software that already exists is tiny (what's the total cost of transferring 1 GiB from my server to yours, given that the cost of the server and the Internet connection are already paid, and it's only the additional electricity over and above idle that counts?), and the rules say that it's only those marginal costs that matter.

Also, importantly, this has only become a significant issue now that electronic distribution is cheap; in the days when software came on physical media (tapes, disks, CDs, DVDs etc), your bound on the price was set by the cost of the medium you were using; if getting a DVD pressed costs you $500 per thousand disks, your lower bound on price is $0.50. With Internet distribution of software (or music or video for that matter), your lower bound is some tiny fraction of a cent, and accounting rules let you write it off because it's so small; for example, if you use (chosen at random) Backblaze to store software for distribution, then your marginal cost is at most $0.01/GB plus $0.0000004 per copy. For a piece of software that's 10 MB in size, that's close enough to zero to be a permissible write-off.

> when RMS wrote his essay

(Note: that link goes to Eric Raymond's 'Goodbye, "free software"; hello, "open source"' essay from 1998, not to anything that RMS wrote. Did you mean to write "ESR" there instead of "RMS"?)

> That happened later when free software zealots rejected the peace offering.

As of right now, there are very few people anymore who still believe that "separate well-defined “open source camps” and “free software camps”" ever existed.

The hard-binary distinction to which you're referring was more-or-less an illusion, not a real state of affairs. And from 1999 onwards, there have been an ever-increasing amount of hobbyist developers posting their work on forge sites, and this trend accelerated rapidly in the next decade when GitHub and Gitorious appeared on the scene. Collectively, these hobbyist developers definitely do not fall into separate well-defined “open source camps” and “free software camps”, and that's the way it's been ever since SourceForge debuted.

Now I'll pose this question: what, exactly, motivates those hobbyist developers to post their work on forge sites? Here's one major reason why they do that (which I already mentioned once): in order to publicly showcase their own programming work, so that people from their own potential future employer(s) can read & evaluate said programming work as part of the job-application process.

If regulators were to regulate these forge sites (Codeberg, SourceHut, invent.kde.org, etc.) out of existence, then that would have the effect of economically harming tech workers, by making it next to impossible for tech workers to showcase any fully-functioning software they've written themselves on their CVs, and thereby benefitting the employers at the expense of the workers.

> most browsers these days tack their ancestry not to Netscape source release, but to work of KDE guys who were, very much, an open source group

The historical background of KDE isn't very important in the context of the upcoming Cyber Resilience Act. Here's what really matters currently: KDE e.V. and Codeberg e.V. are both nonprofit orgs, neither of which have anywhere near as much financial resources as a giant corporation like Google. If the CRA were to cause KDE or Codeberg (or individual developers hosting their own software there) to be fined the same large amount of money for a security vulnerability in some software hosted on their GitLab/ForgeJo instances (invent.kde.org and codeberg.org, respectively) as Google would be fined for shipping a security vulnerability on tens of millions of Google Pixel handsets, that likely would ultimately cause this to happen: no hobbyist-developed software will be allowed to be hosted anywhere on the Web anymore, because all of the "forge" sites would have either been fined/sued into oblivion.

And if the CRA (or other similar legislation) is being lobbied for by Google thmselves or other similar giant companies, then that's a textbook example of regulatory capture! (However, I don't believe that's actually what's going on now w.r.t. the CRA itself — more details about this below…)

Alternately: regulation might instead cause forge sites to end up being "locked down" to the point where they host nothing but Git repos belonging to big corporations rather than hobbyists, along with requiring the companies hosting their software on the forge sites to sign contracts in which the company agrees to accept all legal liability for bugs in their own software so that the forge site itself isn't held liable for any bugs on software hosted there. That would have the same effect, though, of forcing hobbyist-developed software off of forge sites.

As for the historical background of KDE, though: your own timeline of events contradicts the statement that they "were, very much, an open source group". KDE Beta 1 was released in October 1997. That was before the point in time when (according to what you said) "free software zealots rejected the peace offering" (note: RMS wrote that essay in 1998, according to the copyright notice at the end of that webpage), and consequently before the point in time when (again, according to what you said) "separate well-defined “open source camps” and “free software camps”" sprung into existence.

(Also note: the earliest version of KDE's HTML rendering engine was part of kfm (KDE File Manager). I'm not sure what its exact release date was… maybe July 1998 (KDE 1.0) or March 1999 (KDE 1.1)? Though, as far as I'm concerned, that makes no difference as to which one of your so-called "camps" was the one to which the original group of "KDE guys" belonged… because, once again, any such hard-binary distinction between "camps" was really just an illusion.)

> as evidenced by the fact that free software zealots rejected their work and started an alternate project instead

Now you're calling Miguel de Icaza a "free software zealot"? If you really believe he was a "zealot", then here's a little something about the GNOME's early-ish days that you might have overlooked:

In the early 2000s, Nicholas Petreley occasionally wrote about Miguel de Icaza in his weekly editorials in Infoworld (an influential IT trade-press magazine, where Petreley was basically "the Linux and Java advocate guy" on their editorial board), and had nothing nice to say about him. Why? Because de Icaza is a dyed-in-the-wool Microsoft fan who made his own clean-room reimplementation of .NET and C# — that is, the Mono project — who also wanted Mono to become the main platform API for GNOME app developers to target, despite the fact that other people (including Nicholas Petreley, plus some developers of GNOME itself, plus some GNOME app developers) raised concerns that Microsoft might sabotage Mono — and, by extension, also sabotage GNOME and Linux as a whole — by using their patent portfolio to sue users of Mono or of any other clean-room reimplementation of .NET.

(Those worries about Microsoft and their patents are probably among the various causes that led to the creation of Vala.)

According to his Wikipedia article: de Icaza would later go on to work for Microsoft, even winning a Microsoft MVP award in 2010. (It also says that he had a job interview at Microsoft as long ago as 1997, but they couldn't hire him at that time due to legal restrictions.) That sure doesn't sound like someone who, even if we're only considering the 1997-through-2001 timeframe (note: 2001 was when Mono began), qualified as being a "Free Software zealot".

(Side note: if it weren't for Nicholas Petreley's weekly editorials, along with his XOOPS-powered (and at other times WordPress-powered) news/forum website — VarLinux.org, which, sadly, no longer exists — I might not have ever found my way to LWN.net in the first place.)

Also, keep in mind the fact that GTK+ and GNOME's core API libraries were LGPL-ed from the very beginning. By contrast, the zero-cost/gratis variant of Qt went through a series of license-changes throughout the years: at first it was under the "Free Qt license" (non-FOSS), then the "QPL" (FOSS but GPL-incompatible), then the plain GPL, until at long last, in 2009 (version 4.5) changing to the LGPL. For that reason, prior to 2009, developers of proprietary-commercial Qt needed to pay Trolltech (or their successors-in-interest) fees for commercial Qt licenses. What's more: the native Windows variant of Qt wasn't for available for zero-cost at all until 2005 (version 4.0), and (similarly) the native Mac OS X variant of Qt wasn't available for zero-cost at all until 2003 (version 3.2). I suspect that the higher-ups at Red Hat took note of all those things, and decided to favor GTK+ and GNOME (over Qt and KDE) and even fund the development of GTK+/GNOME, so that 3rd-party proprietary app developers wouldn't be required to pay licensing fees to Trolltech.

So, no, I don't believe it's correct to characterize GNOME devs as being anti-corporate "Free Software zealots" in contrast to KDE devs who (supposedly) are a pro-corporate "open source group". That's not the way things were back in 1997/1998, and it's still not the way things are.

> And no, IT industry is not reverting to how it was run in the mi-'90s.

I said "a few years before" the mid-'90s, i.e. the era when Novell NetWare and (later) Windows NT ruled the roost in corporate America's datacenters (and in U.S. local/state-level governments's datacenters, too). To pick a specific point in time for this, I'll say 1990, i.e. the year when Windows 3.0 was released. Or, for a larger timespan, let's say approximately 1986 (when NetWare version 2 was released) up until 1995 (when Red Hat Linux version 1 was released).

> Government control would be much more strict […]

If the government in question were to put Codeberg — and/or programming work by individual developers being showcased there — equally strictly as it's going to treat the current "Big Five" tech companies, then that kind of government control would in practice amount to regulatory capture by the "Big Five"!

However, judging by LWN's recent article about the Cyber Resilience Act and especially the comments posted there by people who (judging purely by what they wrote in those comments) live in Europe/UK and consequently understand how current Euro/British vendor-liability law works, I'm not worried that the CRA is going to do any serious harm to hobbyist-oriented forge sites (like Codeberg) or to hobbyist-developed Git repos hosted on them. That's because the intended primary target of the CRA appears to be consumer-electronics manufacturers/vendors, particularly smartphone makers, and also IoT / home-automation gadget makers.

> […] and chances of anarchy developments taking over would be slim.

Well, since you mentioned "anarchy", I'll pose a question: out of either the U.S. (which is all of the current "Big Five" are headquartered) or Germany, which one of those two countries do you believe is the one that's closer to anarchy? With that question in mind, I'll re-post here a YouTube comment (originally posted on this video) that was written by someone who lives in Germany:

On the "German Model": In Germany, we in fact have 3 "levels" of Board participation: The one mentioned above, for most companies between 500 and 2000 employees, one for Heavy industries and some other cases with parity between employer and employee representatives, and one for Companies over 2000 employees with parity of employer and employee representation, with the President of the Board having double votes in case of a stalemate.

The companies that are exempt from employees on the board are those with under 500 Employees.

The real deal about the Employee participation in Germany is the workers council, which has a lot more power (They have co-decision or veto rights on things like including, but not limited to: work time, measues controlling workers, worker protection, (Paid) time off rates, firing of employees...)

For that reason, I'm guessing that the EU regulators will act to reduce, not increase, the amount of political power held by those "Big Five" U.S. corporations… and probably also act to improve the negotiating position that European tech-workers hold relative to their bosses (e.g. by ensuring that those tech-workers are able to showcase their work to other potential employers).

(Side note: two of the Democratic Party's candidates running for U.S. President made Co-determination a.k.a. Workplace Democracy part of their campaigns in the 2020 primary election cycle. And if a political-activist organization such as Citizens Trade Campaign were to successfully get that kind of public policy enacted into law — via international trade treaties — throughout the entire USMCA trading bloc, and the entire EU, and all of the BRICS countries, then imagine what human society as a whole might end up being like from that point onwards. It'd be a damn sight better than what we've got right now, that's for sure! For example, if the Philippines had that kind of public policy in place, it might do away with the CONTENT-MODERATION SWEATSHOPS that Facebook et al. are using right now, thus preventing content moderation at scale from being even remotely feasible and forcing a return to pre-2005-style small-scale web forums like phpBB or its modern equivalents like public-inbox and Discourse, and likewise forcing Discord users to abandon it in favor of Matrix, and so on.)

> That's what happened to every other industry, after all.

Those kinds of grandiose sweeping statements about history tend to be massive oversimplifications of what really happened, and the people who make such statements often are motivated do so as a means of advancing their own present-day political agendas, or sometimes religious agendas, or other times financially-motivated agendas.

(Remember back in 2016 when you predicted that "Android for the desktop" or something similar would replace all current desktop Linux distros Real Soon Now™, or maybe only replace the ones made by nonprofit orgs like Debian, in the same way that Tim O'Reilly predicted Mac OS X would replace desktop Linux back in the early 2000s? That still hasn't happened… though, now, it's looking like the Steam Deck is making some inroads in that direction…)

Yes, things happened the way you described them in the three examples other industries that you gave: the car industry (which had a bunch of regulations put on it due to collision-unsafety in the '50s/'60s and Ralph Nader's exposé, and more recently had more regulations put on it due to ecological/air-quality concerns… though even in that industry the regulations were enacted surprisingly recently in Europe relative to the U.S., because Europe's transit system is less car-dependent than the U.S. one is), the food industry (again due to risks to human health), and bridge builders (ditto). One more industry regulated about as heavily as those three is terrestrial & satellite radio/TV broadcasting (due to inherent limitations of the EM spectrum & the laws of physics themselves — despite that, though, Wi-Fi hasn't been regulated out of existence by the FCC or anyone else).

But every other industry… really? What about the paper industry, or the textile industry, or the clothing industry, or the furniture industry, or the home-audio-equipment industry, or the professional-grade A/V equipment industry, etc etc…

There are certain smaller industries (which, generally speaking, are currently not regulated as much as the car industry is) — in particular, hobbyist-oriented SBC makers such as Raspberry Pi and their competitors… note, by now they have lots of competitors (if in doubt then just take a look as Christopher Barnatt's "Explaining Computers" YouTube channel), because RPis tend to be out of stock most places for the last few years (because there's so much demand for RPis from businesses, who want to use the RPis in scenarios such as electronic signage, that there aren't any RPis left over for hobbyists to buy) and so a bunch of RPi competitors have sprung up to sell to the hobbyist customer base the RPi Foundation has partially abandoned — which apparently qualify (by your standards) as being mere "cottage industries" that are unimportant in the grand scheme of things. And yet, when taken as a whole, those industries collectively make up a not-insignificant portion of the world economy. So, I'm not convinced that European regulators will disregard the economic impact that the CRA will have on those industries (or consider it to be unimportant), like you seem to believe they will… nor am I convinced that they'll disregard the impact those regulations will have on tech workers' negotiating position (relative to their bosses / managers / HR departments) in the labor market.

(Remember also that there's a historical throughline from a state-funded "Computer Literacy Project" (that was its official name) in the UK to Eben Upton and the RPi Foundation. This goes to show that the Thatcher-era British state considered it important for general-purpose computers to be available for use — including programming-education use — to the public at large. And if today's British & European governmental bodies see things the same way — note, in 2013, the European Commission did see things that way — then they might take action to resist American BigCorp-led efforts like this recent one on the basis that it's important for societal reasons that a non-negligible portion of the general public must be able to use and program general-purpose computers.)

Here's something else from recent history that goes to show just how unpredictable lobbyists & legislators can be — look at what happened in the U.S. as compared to Japan in the '80s/'90s with regard to the packaged-media rental industry:

1. Home video (VHS/LD/DVD) rentals: legal in both the U.S. and Japan
2. Music album (LP/CD/cassette) rentals: illegal in the U.S., legal in Japan
3. PC software (on floppy diskettes or any other physical media) rentals: illegal in both the U.S. and Japan
4. Console video game (cartridges / CDs or other optical discs) rentals: legal in the U.S., illegal in Japan

(And here are two more examples of how difficult it is to make accurate long-term predictions about the IT industry and human society more generally: in France back in the 1980s, X.25 and Minitel looked set to become what TCP/IP + the Web + SMTP email would go on to become in the mid-1990s; and didn't Andrew Tanenbaum once say that "microkernels have won", citing Windows NT as an example of a microkernel OS, but later had to take back that statement in part because NT turned out to not really be a microkernel OS after all?)

> I guess some governments would fail to apply a tight leash and these government would fail… but that wouldn't lead to free software nirvana but to the proliferation of failed states where development of the software (free or otherwise) just wouldn't happen.

Regulatory capture is the American way of doing things, to a greater extent than it is in Germany, and right now the U.S. is already dangerously close to being a failed state (to a far greater extent than Germany is)! Or at least that's how things in the present-day U.S. seem to be going as seen by most "Joe Average"-type Americans, who (unlike ultrawealthy people such as Marc Andreessen or Jack Welch) neither have nor ever will earn a living by working in upper-management and/or enterpreneurship and/or professional investment.

Next, here's a personal story:

I've watched in despair as lots of my own coworkers in the private sector (note, working conditions for public-sector employees are a lot better than what I'm about to describe here, due to labor unions such as SEIU) have spent only somewhere around 4 to 6 years working in any given engineering/technical job role (as opposed to a managerial role) before leaving that role in one of these 4 ways: being promoted upwards into management, or moving "sideways" within the org chart (i.e. moving from one internal "team" to another), or moving to a separate project within the same company, or leaving the company altogether. Why do they do that? Because climbing the corporate ladder is a major life goal for them, isn't that why?!

And for those employees who care more about long-term maintainability of a codebase than (so-called) "career advancement", guess what happens: work turns into a never-ending barrage of "oops, it's 5:30 PM, but this problem we discovered at the last minute, and you must fix it TONIGHT, and stay up all night long working on it if necessary" demands from bosses!

Consequently, the developers with the most working knowledge of the codebase suffer from severe burnout, and long-term maintainability of codebases falls by the wayside. In other words: when the turnover rate of employees is that high, the company's institutional knowledge deteriorates, causing code rot to set in, until finally the entire codebase is so messy/incomprehensible that it must be thrown away in its entirety. Lack of long-term maintainability is what led to the downfall of dBASE, and also to the original Netscape Navigator codebase (that is, Navigator's codebase as it was before the changeover "from the old layout engine to the new layout engine (Gecko/Raptor) [which] constituted an almost-total rewrite of the browser").

That is how software development is actually done in the milieu of big business today. And if new government regulations were to strangle all hobbyist-oriented forge sites (like Codeberg and invent.kde.org) with red tape, then that would likely prevent any new software project that values long-term maintainability like this one:

No manager of a [Linux] kernel developper can say "I know it's half baked but merge it now beacuse marketing wants it" and Linux largely maintains the "it'll ship when it's ready" and "longterm maintability is important" mindsets that are missing in most commercial projects.

> If you seriously think that I have this level of influence then you need to have your head examined.

Maybe books such as the aforementioned "Chokepoint Capitalism" (and its authors), along with activist organizations such as the FSFE (which, I'd say, is much more effective in getting their message out to the general public than the American FSF has been for a long time by now), might influence the actions of regulators/legislators in European countries that reject the U.S. style of so-called "laissez-faire capitalism" (especially Germany).

And, aside from that, it sure looks like you have a tendency towards pro-"mass market consumer electronics" / anti-"old-fashioned desktop Linux" partisanship, ever since that time in 2011 when you said (to someone who, apparently, was one of the HP webOS developers) "The standard phrase applies: you [referring to corbet] don't exist", and also when you said that "most users value "pretty pixels" way, way, WAY above network transparency".

(That's similar to the "user-friendliness to Joe Average User must be priority #1" kind of rhetoric that Apple fans were known for in the '80s and '90s, and despite that, the Macintosh got soundly trounced in the marketplace by the more bricoleur-friendly option — that being Wintel PCs — that gave rise to Linux during that same era… which in turn recently led to the Steam Deck, which for now at least appears to be a commercial success story.)

Having read those and also this, it gives an impression of motivated reasoning like this: "you can't make a business out of [supporting niche use-cases*] since there are no money in it**". When viewed in that light, a lot of your comments could plausibly be read as FUD and/or Stop Energy directed towards hobbyist-developed FOSS projects.

(*: in that instance, the use-case in question was reading email on a smartphone from a self-hosted IMAP server with a self-signed TLS certificate.)

(**: although, to be fair, you did acknowledge that "certain niche markets appeared where GPLv3 is not considered large enough liability to try such software" that time.)

> And you know it, or else you wouldn't have been so angry.

No, I don't know that the CRA will be bad for forge sites, and neither do you. And neither do several other LWNers who've posted comments about the CRA… but at least they seem to have first-hand knowledge of how European laws (about liability for selling defective products) work, so I suspect that they are correct about how the CRA will play out in practice, and that the Apache Software Foundation is incorrect.

(And as for the angry tone: I meant that to be directed toward the "Big Five" companies and big businesses in general, not towards EU legislators.)

> If that's true then it just means that there would be a different law later, which would bring control and responsibility into the IT industry.

"[Bringing] control and responsibility into the IT industry" shouldn't involve "making it possible for forge sites to be sued into oblivion", as far as I'm concerned… whereas it should involve cutting the Big Five down to size.

> Wow. So much cope.

If you're implying that I'm worried about the CRA in Europe, then you're mistaken (as I explained above).

OTOH, it does look like someone at Google is worried that FOSS might pose a threat to their business model, and if that worry spreads to the board-of-directors, then they might start lobbying the notoriously big-business-friendly U.S. federal government to allow them to (as jwz said) "rule the world forever"… but on the other other hand, some U.S. legislators want a 2020s-era version of this to be imposed on the "Big Five" tech corpos, and no one knows which side will get to have things their way…

> No, there are no such danger.

That contradicts your earlier claim that "there would be a different law later". It also contradicts this ("if you are creating a GitHub page and write README there then now you are marketing something [and therefore you will be held legally liable for bugs under the Cyber Resilience Act]") and this ("That, by necessity implies that large open source “forges”, if, maybe, not individual contributors, would have to deal with liabilities.").

> Or maybe there is, but that part is pretty much minor and insignificant. We have just arrived at the time where products made by hobbyists would stop being used by non-hobbyists.

That's (conditionally) OK with me, as long as it remains possible for these 2 kinds of events to continue happening in the future:

1. A large (though maybe not exactly huge) company like Valve can put on the market a consumer-electronics product whose pre-installed software includes a Linux distro derived from one that's written by hobbyists with a desktop environment that's also written by hobbyists; and,
2. someone like this developer can develop a FOSS-licensed microblog web-app that (6 years out from its initial release) gains enough users to make it famous enough for The Guardian to publish news stories about it & for its original developer to found a gGmbH non-profit organization dedicated to continuing its development… and then someone like this hobbyist developer can come along later and develop a forum/link-aggregator web app that's interoperable with the aforementioned microblogging app and which eventually has a bunch of non-profit orgs like this old one which began as a dialup BBS all the way back in 1987 running instances of it.

In conclusion, here's one more quotation from ESR, this time taken from the front page of his personal website:

I will not tolerate having general-purpose computing hardware, which should be an instrument of liberation and creativity, reduced to a locked-down delivery pipe for "content". By trying to cripple my tools, the big-media machine has made me its enemy. DRM delenda est!

It's a shame, though, that ESR is a capital-L Libertarian, because that minor U.S. political party's economic policy preference (i.e. "laissez-faire" capitalism) is basically the main reason why both "the big-media machine" and the current Big Five U.S. tech companies were able to gain so much political power in the first place. Anyone who wants to have a hobbyist-friendly national economy ought to look to the parts of the world from which Linux and KDE (which might qualify as being the "top two" most famous hobbyist-developed FOSS projects) as the model to follow, and push for this kind of corporate governance to be mandated by law worldwide.