Comment by jchw

Comment by jchw 10 hours ago

0 replies

View on Hacker News

I promise you, everybody understands the general idea, but adding a built-in store to your operating system is far from a neutral action that has no second- or third-order effects. It isn't that it somehow affects "free" packages. Incoming text wall, because I am not very good at being terse.

- It creates perverse incentives for the promotion of free software.

If development of the operating system is now funded by purchases of proprietary commercial software in the app store, it naturally incentivizes them to sell more software via the app store. This naturally gives an incentive to promote commercial software over free software, contrary to the very mission of free software. They can still try to avoid this, but I think the incentive gets worse due to the next part (because running a proper software store is much more expensive.)

Free software can be sold, too, but in most cases it just doesn't make very much sense. If you try to coerce people into paying for free software that can be obtained free of charge, it basically puts it on the same level as any commercial proprietary software. If said commercial software is "freemium", it basically incentivizes you to just go with the freemium proprietary option instead that is not just free software, but also often arguably outright manipulative to the user. I don't really think free software OS vendors want to encourage this kind of thing.

- It might break the balance that makes free software package repositories work.

Software that is free as in beer will naturally compete favorably against software that costs money, as the difference between $0 and $1 is the biggest leap. Instead of selling software you can own, many (most?) commercial software vendors have shifted to "freemium" models where users pay for subscriptions or "upsells" inside of apps.

In commercial app stores, strict rules and even unfair/likely to be outlawed practices are used to force vendors to go through a standardized IAP system. This has many downsides for competition, but it does act as a (weak) balance against abusive vendors who would institute even worse practices if left to their own devices. Worse, though, is that proprietary software is hard to vet; the most scalable way to analyze it is via blackbox analysis, which is easily defeated by a vendor who desires to do so. Android and iOS rely on a combination of OS-level sandboxing and authorization as well as many automated and ostensibly human tests too.

I am not trying to say that what commercial app stores do is actually effective or works well, but actually that only serves to help my point here. Free software app stores are not guaranteed to be free of malware more than anything else is, but they have a pretty decent track record, and part of the reason why is because the packaging is done by people who are essentially volunteers to work on the OS, and very often are third parties to the software itself. The packages themselves are often reviewed by multiple people to uphold standards, and many OSes take the opportunity to limit or disable unwanted anti-features like telemetry. Because the software is free, it is possible to look at the actual changes that go into each release if you so please, and in fact, I often do look at the commit logs and diffs from release to release when reviewing package updates in Nixpkgs, especially since it's a good way to catch new things that might need to be updated in the package that aren't immediately apparent (e.g.: in NixOS, a new dlopen dependency in a new feature wouldn't show up anywhere obvious.)

Proprietary software is a totally different ball game. Maintainers can't see what's going on, and more often than not, it is simply illegal for them to attempt to do so in any comprehensive way, depending on where they live.

If the distributions suddenly become app store vendors, they will wind up needing to employ more people full time to work on security and auditing. Volunteers doing stuff for free won't scale well to a proper, real software store. Which further means that they need to make sure they're actually getting enough revenue for it to be self-sustaining, which again pushes perverse incentives to sell software.

What they wanted to do is build a community-driven OS built on free software by volunteers and possibly non-profit employees, and what they got was a startup business. Does that not make the problem apparent yet?

- It makes the OS no longer neutral to software stores.

Today, Flatpak and Steam are totally neutral and have roughly equal footing to any other software store; they may be installed by default in some cases, but they are strictly vendor neutral (except for obviously in SteamOS). If the OS itself ships one, it lives in a privileged position that other software store doesn't. This winds up with the exact same sorts of problems that occur with Windows, macOS, iOS and Android. You can, of course, try to behave in a benevolent manner, but what's even better than trying to behave in a benevolent manner is trying to put yourself in as few situations as possible to where you need to in order to maintain the health of an ecosystem. :)

--

I think you could probably find some retorts to this if you wanted. It's not impossible to make this model work, and some distributions do make this model work, at least insofar as they have gotten now. But with that having been said, I will state again my strongly held belief that it isn't that projects like Debian or Arch Linux couldn't figure out how to sell software or don't know that they can.

It's just that they do not want to.