The Cathedral, the Megachurch, and the Bazaar
90 points
5 days ago
| 17 comments
| opensourcesecurity.io
| HN
zahlman
4 hours ago
[-]
> Big companies will often tithe to these megachurches. Some churches are bigger than others. The Linux Foundation makes hundreds of millions of dollars. Smaller foundations like the Python Software Foundation have to make do with only a few million.

This hides essential detail that would seem to very much weaken the argument. You have the Linux Foundation and the Mozilla Foundation that "make hundreds of millions of dollars", and then everyone else is orders of magnitude smaller. Python might be in third place, for all I know (or maybe it's Apache).

> It shows how most open source projects aren’t some giant megachurch like group. These projects are one person.

> It’s easy to assume everyone else is also a megachurch member, even if they are not. The church members are pretty noisy and get a lot of attention.

I suspect most of those random bazaar vendors would like to have a respectable church-sized building. Or at least a proper stall.

> If you look at modern day open source, it sometimes feels like the megachurch open source is better because they have a nice parking lot, give out donation receipts, and it doesn’t smell like kabobs.

Well, no; it has more to do with the sense that outsiders are taking the bazaar seriously.

reply
rectang
3 hours ago
[-]
The ASF, chartered as a 501(c)(3) nonprofit charity which serves the public good, has a budget a fraction the size of those of orgs chartered as 501(c)(6) nonprofits which serve the common business interests of members.
reply
zahlman
2 hours ago
[-]
The PSF is also 501(c)(3) (https://www.python.org/psf/mission/).

A quick check implies Apache is on the order of half the size, though. When I wrote the other comment it was just the only other name that came to mind.

reply
femto
26 minutes ago
[-]
The post referred to the Sovereign Tech Agency (https://www.sovereign.tech). The problem that the Sovereign Tech Agency is trying to solve seems to be a hard one.

OpenPrinting is listed as a funded project:

https://www.sovereign.tech/tech/openprinting

yet 7 days ago someone who works on OpenPrinting was here and stated:

"The whole printing stack is supported by 4 people, 2 of whom are doing that since the inception of CUPS in 1999. Scanning is maintained by a single person."

https://news.ycombinator.com/item?id=46579361

Isn't this the situation the Sovereign Tech Agency is trying to avoid?

reply
tptacek
3 hours ago
[-]
It was a bad essay at the time and I don't think you can make a good essay by trying to build off it. Adding "megachurch" to the already strained metaphor didn't improve it.

https://news.ycombinator.com/item?id=35939383

reply
networkadmin
2 hours ago
[-]
You're completely wrong. The fact that people are still talking about it today proves it has some kind of worth. The essay was great.
reply
munificent
10 minutes ago
[-]
People are still talking about a flat Earth and creationism. Given 8 billion people, there are enough available braincells to keep even the stupidest idea floating around in the memesphere.
reply
wizzwizz4
2 hours ago
[-]
People are still talking about null pointers: that doesn't mean they were ever a good idea.
reply
networkadmin
2 hours ago
[-]
That's just how the hardware works. Don't like it? Make your own CPU.
reply
tptacek
2 hours ago
[-]
So the case that you're making here is that CATB is renowned amongst the kind of practitioners who think NULL pointers are "just how the hardware works". Sounds about right.
reply
dvt
1 hour ago
[-]
I know you're replying to a brand new (likely troll) account, but I'm also very confused by this and would be curious to learn if there's any truth to it. I personally don't really see what a Von Neumann machine has to do with null pointers (or how an implication would go either way), but maybe I'm missing something.
reply
z3512
1 hour ago
[-]
NULL pointers working the way they do was a design decision made my hardware engineers a long time ago because it saved some transistors when that mattered. We’re past that point now for most ASICs and hardware can be changed. Although backward software compatibility is a thing too.
reply
wizzwizz4
26 minutes ago
[-]
Null pointers have nothing to do with the instruction set architecture, except as far as they are often represented by the value 0. Can you describe the scheme you're imagining, whereby their use saves transistors?
reply
tptacek
1 hour ago
[-]
It has nothing to do with NULL pointers and is instead a property of a programming language.
reply
wizzwizz4
2 hours ago
[-]
No, the CPU doesn't have a special pointer value which is designated invalid (except as far as modern address spaces are so large that you cannot possibly map memory to each address without mirroring). In many OSs, e.g. CP/M, address 0 is actually meaningful. The C idiom of cramming sum-type semantics into the nooks and crannies of a return value that ordinarily means something entirely different is an extremely poor one, and null pointers are the poster child: Tony Hoare's billion-dollar mistake.

It's absolutely fine to have a packed representation of a sum type "under the hood": this is how Rust implements Option<&T> (where T: Thin), for example. It's also fine to expose the layout of this packed representation to the programmer, as C's union does. But it's a huge footgun to have unchecked casts as the default. If not for this terrible convention, C wouldn't have any unchecked implicit casts: something like f(1 + 0.5) performs a coercion, a far more sensible behaviour.

The only reason we're talking about null pointers at all is because they were an influential idea, not because they were a good idea. Likewise with the essay.

reply
mrkeen
2 hours ago
[-]
They aren't there in asm.
reply
charcircuit
1 hour ago
[-]

  mov rax, qword ptr [0]
reply
nyc_data_geek1
2 hours ago
[-]
There are lots of proven bad ideas still being bandies about today, and it does not prove they are anything but enduringly worthless.
reply
dgreensp
2 hours ago
[-]
I always interpreted cathedral vs bazaar as being about the architecture of large things. Do you build to a master plan? Or does everyone do whatever they want? (Within some kind of framework, of course.) Like the cathedral of the Java SDKs vs the flea market of NPM.

This author seems to have some kind of attitude about organization in general—anything with people and process, that happens to exist around some project, that might require at least a small commitment to be a part of. Like complaining that a flea market has a form to sign.

The ability for people to functionally collaborate, with some kind of structure, is the key thing that enables building large things together.

reply
canadaduane
4 hours ago
[-]
"Don't look him up, he's not exactly role model material." I don't admire the ethos of putting people in bad boxes.
reply
nilamo
3 hours ago
[-]
On the otherhand, I greatly appreciate that we don't pretend everyone is 100% awesome all the time. We shouldn't hold people up as role models that we don't want to emulate, and whatnot.
reply
Brian_K_White
35 minutes ago
[-]
One of them is legit a saint and the other almost as much. They absolutely are role models, and the way they are talked about now is exactly a lesson in the problem. If more people emulated them, the world would be a much better place.
reply
wahnfrieden
27 minutes ago
[-]
You believe in the commentary and advocacy he provides for pedophilia? Why should I and others pay more attention to that?
reply
Brian_K_White
8 minutes ago
[-]
There isn't any such "advocacy".
reply
philipallstar
1 hour ago
[-]
If we're not pretending everyone is awesome then why permanently deselect certain people as role models?
reply
ocdtrekkie
1 hour ago
[-]
I absolutely think we should put people in bad boxes, and would go so far as to suggest if you are worried about this possibility, you may be worried about which box you belong in. ;)

I think the important part is there must always remain a possibility for someone to exit that box. Repentance and forgiveness are key values in themselves, and we must be able to accept people if they can change.

Unrepentant garbage people who still make garbage statements and do garbage things, however, can remain in the dumpster where they belong until such time they warrant climbing out.

reply
rbanffy
47 minutes ago
[-]
> you may be worried about which box you belong in. ;)

There’s also the risk someone very loud decides to put you in a box you don’t belong in. Eventually you are able to demonstrate it, but, in the meantime, you need to deal with the consequences.

reply
uncletaco
3 hours ago
[-]
> History will probably remember him as LTT, “Linus The Torvalds”

This is trolling right?

reply
asveikau
1 hour ago
[-]
There are a lot of tangential, one-liner, throwaway jokes in this article.
reply
stronglikedan
1 hour ago
[-]
Yes, everyone knows LTT is Linus Tech Tips!
reply
pstuart
3 hours ago
[-]
> This is trolling right?

Yes, and well done as well. Unlike the other two unmentionables, Linus very much worthy of remembrance. Sure he was extra grumpy for a long time but that's about the only bad thing you can say about the man.

reply
emanueleo
50 minutes ago
[-]
The article says "GNU's not Linux". No, it's "GNU's not Unix".
reply
brid
4 hours ago
[-]
The Cathedral metaphor doesn't make any sense since the point of the Cathedral is simultaneously to revere God and to be able to take in as many "unwashed masses" as possible. Only by self-exclusion (explicit external irreverence/scandal) can you be excluded.
reply
afiori
1 hour ago
[-]
The metaphor does not refer to the finished building but to the building process
reply
larrydag
2 hours ago
[-]
It works for me. Cathedral is analogous to free software being a religion. It is a theocratic worldview that has a zealous following that must apply the rituals of old. Bazaar is the marketplace. It is supposed to be a efficient market metaphor for software being transactional and not relational.

Is this a perfect metaphor? I think its a rigid way of looking at software on either side. I think it is more grey. I like the merits of both sides.

reply
jt2190
1 hour ago
[-]
That is not what Eric S. Raymond (esr) was describing.

GNUnix was developed using the Cathedral-style, Linux was developed using the bazaar-style. How Linux development was coordinated was thought to be impossible for something that had to be as solid as an operating system. The essay is a deep dive, exploring the conditions that the Linux project needed to ship an OS.

reply
asveikau
1 hour ago
[-]
But ESR believed in right wing, libertarian adjacent politics. He's advocating for deregulated, free market ideas in the form of criticizing GNU. In doing this, he was seeking out the preferred metaphor and working backwards, rather than describing what is.
reply
dfajgljsldkjag
3 hours ago
[-]
I like the idea that we moved from cathedrals to megachurches because it explains why everything feels so corporate now. It is easy to forget that the messy bazaar is still underneath all the shiny tools we use.
reply
rbanffy
37 minutes ago
[-]
Large endeavours require some level of “megachurchness”. Linux back then was tiny in comparison with what it is today. So was Python. Nowadays we have much larger projects that encompass a much larger space than we had in the 1990s. You can’t make things consistent at these sizes without some governance in place.

There are still a lot of space for projects without much structure- if you have NSA codenames that aren’t public yet (and you are not subject to US laws) you can contribute with the nsaname tool and have cool names for your servers and containers. If you want to help adding glyphs to my 3278 font, you can. You can do that to millions of small projects that are small enough to not require much structure.

reply
jrowen
3 hours ago
[-]
The author links to another article of theirs called "Open Source is Bigger Than You Can Imagine," which hinges on the size of the npm registry. npm says "open source" on their landing page, and has an "npm Open Source" section of their policies, which places no restrictions on how you license your npm package (save for a special license to them).

This does seem very bazaar to me, but this would all be deemed Not Open Source by the [cathedral/megachurch?] community, correct? Do people take issue with npm using the term open source?

reply
TZubiri
56 minutes ago
[-]
With that title, I'm clicking and reading all the way through.

I'm writing an article on a similar topic, but it's a critique on a popular development style that imports a huge dependency supply chain (without concern on if they are cathedral, bazaar, or megachurches), and what the benefits of building your thing bottom-up has.

If this sounds interesting to you, hacker news reader, you can leave a comment and I'll reply with a link once it's published.

reply
xg15
4 hours ago
[-]
If we're working with those metaphors, I think it's useful to read up on how actual, real-life bazaars are operating.

In particular:

> A bazaar or souk is a marketplace consisting of multiple small stalls or shops [...] They are traditionally located in vaulted or covered streets that have doors on each end and served as a city's central marketplace.

> Merchants specialized in each trade were also organized into guilds, which provided support to merchants but also to clients. The exact details of the organizations varied from region to region. Each guild had rules that members were expected to follow, but they were loose enough to allow for competition. Guilds also fulfilled some functions similar to trade unions and were able to negotiate with the government on behalf of merchants or represent their interests when needed.

> Historically, in Islamic cities, the muḥtasib was the official in charge of regulating and policing the bazaar and other aspects of urban life. They monitored things such as weights and measures, pricing, cleanliness, noise, and traffic circulation, as well as being responsible for other issues of public morality. They also investigated complaints about cheating or the quality of goods.

( https://en.wikipedia.org/wiki/Bazaar )

So not quite the anarchocapitalist, self-organizing utopia that tech people seem to imagine there - in fact, they have a lot of organization, both between merchants as well as on the bazaar as a whole.

Seems to me, this model is more similar to the "privately-owned marketplaces" we see increasingly in the digital world: App stores, merchant sites like Amazon, etc.

In that sense, "most of open-source" being on Github which is now owned by Microsoft is ironically more similar to a real bazaar.

With one difference: At least the administrators of real bazaars were public officials with a mandate to keep the market fair - and there was organization among the vendors in form of guilds. With digital marketplaces, the markets themselves are private assets and the administrators are blatantly self-interested. And there doesn't seem to be any kind if higher-order organization across different open source projects, everyone is fighting on their own.

So maybe it would do the open source community good to become more like an actual bazaar.

reply
rzerowan
3 hours ago
[-]
>Seems to me, this model is more similar to the "privately-owned marketplaces" we see increasingly in the digital world: App stores, merchant sites like Amazon, etc.

>In that sense, "most of open-source" being on Github which is now owned by Microsoft is ironically more similar to a real bazaar.

Id put it that this is incorrect insofar - as the bazaar was/is a public commons with a dual regulatory environment city(state) and the guilds , which would enforce/regulate as needed.

The digital marketplaces we have would be more anologous to feudal plantations ,where each coder(sharecropper) survives at the whim of their particluar feudal lord , who have total control within that space and the state via lobbying mostly keeps off.Theer are no guild equivalent so when Playstore/Github makes a ruling like the recent hike of dev fees or ci runner. Theres no state or user leverage that can force a reversal other than complaints.

Paradoxically id say they are more megachurch than bazaars.

reply
wahnfrieden
2 hours ago
[-]
Guilds are now scorned as communism
reply
rzerowan
1 hour ago
[-]
Yep and its insane when most devs are actively hostile to unins etc from too much libertarian koolaid when they can see the active backing things like teacher/nurse/police unions provide. They may have some bad ideas , butthe structure and backing kinda gets glossed over.
reply
renewiltord
3 hours ago
[-]
The latest thing though is that the megachurches send out these evangelist priests who run an inquisition into your amounts tithed. These people then go around trying to co-opt the machinery of the state to redirect money to the megachurches.

“We should tax everyone to fund open source” they say

“Google should pay a percentage of their gross revenue to the Rust Software Foundation” they say

All this is because it’s enough for the bazaar to create but the author has correctly identified that the purpose of the megachurches is to receive tithes.

The Rust megachurch is one of the biggest proponents of this and its adherents are always trying to take our money by force because we won’t give it by will https://news.ycombinator.com/item?id=46048954

Rust delenda est.

reply
kiba
2 hours ago
[-]
Free and open source software provide a ton of value to businesses and consumers. It's right that tax dollars is used to fund what effectively is a public good so that we can all benefit from it even more.
reply
renewiltord
2 hours ago
[-]
There's always a cause and a church. There is an instrument for this: your donations can be tax deductible if you give to a 501c3 that exists for the public benefit. But that's not enough for you guys. Having seen the success of private equity dialysis clinics to redirect Medicare funding, you have decided that you want a piece of this government revenue pie. Enough of this greed.

Rust delenda est.

reply
Y_Y
2 hours ago
[-]
Alright Cato, but consider that other countries successfully spend their budgets on public goods like infrastructure and the arts.
reply
renewiltord
1 hour ago
[-]
Other countries killed 250k/month in gas chambers till we came to liberate them, and they still exist under our shield. Their opinions are kind of moot.

Rust delenda est.

reply
jhatemyjob
4 hours ago
[-]
Kind of offtopic but fun fact I didn't know until recently, the Moldbug definition of Cathedral is based (lol) on the Eric Raymond definition
reply
sowbug
4 hours ago
[-]
I stalled on Which is an acronym for “Gnu’s not Linux” and can't recover from the spin.
reply
k3nsa1
3 hours ago
[-]
It's actually "Gnu's Not Unix", the original article got it wrong too
reply
jbggs
2 hours ago
[-]
the article also says the creator of Linux is LTT

It's a joke

reply
z3512
2 hours ago
[-]
Given the tone of the article I’m sure it was tongue-in-cheek humor and not an error.
reply
nextaccountic
2 hours ago
[-]
It's just harmless trolling
reply
karel-3d
2 hours ago
[-]
It's a joke. I think.
reply
tormeh
4 hours ago
[-]
It's excellent. I grinned ear to ear.
reply
faxmeyourcode
3 hours ago
[-]
> The TL;DR was that old open source was the cathedral of exclusive developers and groups. Then the Bazaar showed up (which was the Linux Kernel for example) and that freed us from the shackles of the cathedral.

I didn't make it past the tldr lol is this some kind of poisoned data for GPT 6?

reply
pipo234
2 hours ago
[-]
Not sure if GPT played a role, but for one the editor did a poor job. Very sloppy writing indeed
reply
mkoubaa
4 hours ago
[-]
There's a other group besides these: the secret society, who infiltrate the cathedrals, the megachurches and the bazaar. They are quite cultish, but thankfully the "Data Primacy Lodge" is gaining more initiates than the old guard "Order of Objects"
reply
ThrowawayB7
4 hours ago
[-]
> "...Microsoft. Who we haven’t mentioned in this story, but they hated Linux more than a toddler hates naps."

A lot of FOSS people think this but it's not really true. It was a thorn in the side of MS executives as a competitor, sure, but I never met anyone in the rank and file that could be bothered to hate Linux. More than a few of my colleagues played with Linux at home in the '00s. I cut my teeth on the commercial UNIXes so there wasn't anything interesting about Linux to me until it had caught up with them around 2010 or so.

reply
ronsor
4 hours ago
[-]
People mean Microsoft, the corporation, as a policy. Not every employee there literally.
reply
renewiltord
2 hours ago
[-]
Dude no one cares about “the rank and file”. You’re just serfs. It’s like asking whether John Doe, US citizen who pays for the Iraqi invasion, hates Iraqis. Well, no, he’s just flipping burgers and paying his $3k in tax ($600 of which goes to the war effort). He doesn’t care about Iraq. But the US does.

Your opinion on the subject is worthless. You are equipment.

reply
sunsetSamurai
3 hours ago
[-]
you're trying to rewrite history here, Microsoft used to be a well known linux hater, but linux became popular and they had no choice but to accept it. Remember the "linux is cancer" years...
reply
ThrowawayB7
3 hours ago
[-]
I was there a couple decades and you weren't.
reply
nextaccountic
2 hours ago
[-]
The devs weren't, but

https://www.theregister.com/2001/06/02/ballmer_linux_is_a_ca...

Microsoft messaging was very clear at the time

reply
PygmySurfer
3 hours ago
[-]
I was there, too, and I remember all of the FUD from MS. I remember the Halloween documents, MS funding SCO’s lawsuit, etc. MS saw Linux as a threat, especially in the server space. The goal was to stomp it out, like they did to Netscape.
reply