I wish there was an actual thriving business model like this -- just fixing most annoying bugs, for a price, of commonly used desktop software. Why proprietary software companies cannot or do not want to provide this service is over me. Perhaps I'm too much used to consulting.
Given that “fixing this issue required weeks of intensive work from multiple people”, the price would have to be prohibitively high.
More generally, software is really, really expensive to produce and maintain. The economics only work at scale, in particular for B2C. (Maybe AI will change that, if it becomes more reliable.)
Eh, I think you're underestimating some people perseverance.
You generally only need multiple people for timely action, and it usually even slows you down (from the perspective of total hours spent)
Like 2k bug bounty? I guarantee you some people would be willing to spend a lot of time for that. But yeah, people which are gainfully employed and have a decent salary - likely not.
Did you realize that you didn't include 'open source' in your statement? This is exactly what the desktop OS makers -Microsoft and Apple- do every single day. Their prices are mostly B2B and therefore hidden, but there is a steady income for each person involved in making the fix.
Yeah, you'd want some sort of micro-kickstarting website where users can pool money that goes into paying for some fix or feature if the committed money crosses a threshold.
For small stuff, the cost is just going to be too much for people to want to pay it. This bug had a $1900 bounty attached. Let's put the cost of one software engineer (salary plus overheads) at $200,000 a year, which I think is an underestimate. That's $3850 a week, so unless your bug can definitely be fixed (including getting any necessary hardware, investigation, fixing, code review overhead, etc) in two or three days it doesn't pay. And if it could obviously be done in two days then it's likely somebody would have already done that.
The above back of envelope maths ignores the overheads of interacting with the people who posted the bounties to get them to agree to pay up, and of the cost overruns on the class of bugs that look like two day fixes but take two weeks.
I assumed the commonly cited 2x markup, so that would be a $100k salary, which is less than various websites say is the average US software dev salary. You could probably find cheaper elsewhere in the world, but even if you cut the salary in half that's still "bug must be doable in a week", which isn't going to cover many of the bugs people will care about.
$200k is on the extreme high-end of software engineers. For example in eastern europe $30k is normal. And that's not even the floor. You can go to india or africa to get even cheaper. The problem with this bug bounty though is that it requires pretty rare expertise. It's not a "throw any developer at it" type of thing.
People spam the most minimal viable patch to collect the bounty and move on. And these days they are sending an AI slop solution. It doesn’t promote good code like actually hiring someone.
> Approximately 95% of the engineering work was done by Lyapsus. Lyapsus improved an incomplete kernel driver, wrote new kernel codecs and side-codecs, and contributed much more. I want to emphasize his incredible kindness and dedication to solving this issue. He is the primary force behind this fix, and without him, it would never have been possible.
> I (Nadim Kobeissi) conducted the initial investigation that identified the missing components needed for audio to work on the 16IAX10H on Linux. Building on what I learned from Lyapsus's work, I helped debug and clean up his kernel code, tested it, and made minor improvements. I also contributed the solution to the volume control issue documented in Step 8, and wrote this guide.
Actually, the mercenary garbage that Lenovo started doing was absolutely hateful. I'd been tearing my hair out forever trying to figure out why nothing I could do would make my bluetooth work right on an old T430, even when I upgraded the chip. Assumed it was a Linux bug.
Turns out that Lenovo put awful bluetooth in the laptop, and made it ignore any other bluetooth chip you installed (you can get around this in Linux by force ignoring what the system reports.) I have no idea why you would do that except out of spite; I don't remember them selling bluetooth upgrades or anything. They were just keeping their options open? This is aside from having to hack the bios in order to upgrade wireless or use generic batteries.
I would be awesome if the people that sold me products weren't awful people. They don't have to feel bad about it, but they should.
I don't care that you're angrier at Apple than at Lenovo. I'm angrier at the electric company, but I don't bring it up to defend my local alderman. I also don't care that FOSS hasn't solved all your problems for free like they apparently promised you they would.
> Turns out that Lenovo put awful bluetooth in the laptop, and made it ignore any other bluetooth chip you installed (you can get around this in Linux by force ignoring what the system reports.)
I used to Hackintosh Lenovos -- I thought this was at the bios level, so even if you did DSDT patching (linux or mac wise) it wouldn't work?
I'm guessing it's the fact that linux has in-tree drivers, so you necessarily need to "patch the kernel" in order to write/fix a driver for a non-standard compliant device?
I wish there was an actual thriving business model like this -- just fixing most annoying bugs, for a price, of commonly used desktop software. Why proprietary software companies cannot or do not want to provide this service is over me. Perhaps I'm too much used to consulting.
Given that “fixing this issue required weeks of intensive work from multiple people”, the price would have to be prohibitively high.
More generally, software is really, really expensive to produce and maintain. The economics only work at scale, in particular for B2C. (Maybe AI will change that, if it becomes more reliable.)
Eh, I think you're underestimating some people perseverance.
You generally only need multiple people for timely action, and it usually even slows you down (from the perspective of total hours spent)
Like 2k bug bounty? I guarantee you some people would be willing to spend a lot of time for that. But yeah, people which are gainfully employed and have a decent salary - likely not.
Did you realize that you didn't include 'open source' in your statement? This is exactly what the desktop OS makers -Microsoft and Apple- do every single day. Their prices are mostly B2B and therefore hidden, but there is a steady income for each person involved in making the fix.
and yet, Microsoft Teams is a total trash fire full of bugs that users hate. So something is broken (Teams. It's Teams that is busted).
I think that 2k is really really cheap for the expertise in kernel development
It is, but it's amazing how cheap kernel expertise is relative to comparable experience in other specialties like frontend.
But also lots of kernel developers work for free, so the average price of their work is very low
Yeah, you'd want some sort of micro-kickstarting website where users can pool money that goes into paying for some fix or feature if the committed money crosses a threshold.
For small stuff, the cost is just going to be too much for people to want to pay it. This bug had a $1900 bounty attached. Let's put the cost of one software engineer (salary plus overheads) at $200,000 a year, which I think is an underestimate. That's $3850 a week, so unless your bug can definitely be fixed (including getting any necessary hardware, investigation, fixing, code review overhead, etc) in two or three days it doesn't pay. And if it could obviously be done in two days then it's likely somebody would have already done that.
The above back of envelope maths ignores the overheads of interacting with the people who posted the bounties to get them to agree to pay up, and of the cost overruns on the class of bugs that look like two day fixes but take two weeks.
$200k is one expensive software engineer. On average, you can get people to work for much less.
I assumed the commonly cited 2x markup, so that would be a $100k salary, which is less than various websites say is the average US software dev salary. You could probably find cheaper elsewhere in the world, but even if you cut the salary in half that's still "bug must be doable in a week", which isn't going to cover many of the bugs people will care about.
I believe that the $200k figure was meant to express what such a person might cost the company, not what that person would be paid as salary.
(And it's just a placeholder. $200k seems like it's at least in the direction of the right ballpark.)
$200k is on the extreme high-end of software engineers. For example in eastern europe $30k is normal. And that's not even the floor. You can go to india or africa to get even cheaper. The problem with this bug bounty though is that it requires pretty rare expertise. It's not a "throw any developer at it" type of thing.
People spam the most minimal viable patch to collect the bounty and move on. And these days they are sending an AI slop solution. It doesn’t promote good code like actually hiring someone.
The paperwork.
And the person who did the implementation, Lyapsus, did it without access to the hardware?? https://github.com/nadimkobeissi/16iax10h-linux-sound-saga/i...
I guess this here is what the title is describing: https://github.com/nadimkobeissi/16iax10h-linux-sound-saga/b...
Title should be: $2000 Bug Bounty to Fix the Lenovoe Legion Pro 7 16IAX10H's Speakers on Linux
Oh it's written by Nadim Kobeissi, such a huge fan of his work didn't expect him see him here
In the README:
> Approximately 95% of the engineering work was done by Lyapsus. Lyapsus improved an incomplete kernel driver, wrote new kernel codecs and side-codecs, and contributed much more. I want to emphasize his incredible kindness and dedication to solving this issue. He is the primary force behind this fix, and without him, it would never have been possible.
> I (Nadim Kobeissi) conducted the initial investigation that identified the missing components needed for audio to work on the 16IAX10H on Linux. Building on what I learned from Lyapsus's work, I helped debug and clean up his kernel code, tested it, and made minor improvements. I also contributed the solution to the volume control issue documented in Step 8, and wrote this guide.
For those wondering:
> Sincere thanks to everyone who pledged a reward for solving this problem. The reward goes to Lyapsus.
Where are LLMs now?
They're not useful for fixing things like this. Only frontend React.js
> Only frontend React.js
Good suggestion, but I discovered that React was not able to fix my Linux kernel, either, for some reason.
Here is another[1] fine read that was post recently where someone pushed a kernel driver fix for media buttons for old 2005 Fujitsu keyboard.
[1] https://news.ycombinator.com/item?id=45490652
[flagged]
People might be willing to interact with your idea of you removed the snark, if you think it's a discussion worth having.
I am literally unable to understand what's being said here
Angry racist shouting at people.
The machine easily cost a million to develop and it's easy to throw money at a problem for the unemployed tinkerers out there.
Actually, the mercenary garbage that Lenovo started doing was absolutely hateful. I'd been tearing my hair out forever trying to figure out why nothing I could do would make my bluetooth work right on an old T430, even when I upgraded the chip. Assumed it was a Linux bug.
Turns out that Lenovo put awful bluetooth in the laptop, and made it ignore any other bluetooth chip you installed (you can get around this in Linux by force ignoring what the system reports.) I have no idea why you would do that except out of spite; I don't remember them selling bluetooth upgrades or anything. They were just keeping their options open? This is aside from having to hack the bios in order to upgrade wireless or use generic batteries.
I would be awesome if the people that sold me products weren't awful people. They don't have to feel bad about it, but they should.
I don't care that you're angrier at Apple than at Lenovo. I'm angrier at the electric company, but I don't bring it up to defend my local alderman. I also don't care that FOSS hasn't solved all your problems for free like they apparently promised you they would.
> Turns out that Lenovo put awful bluetooth in the laptop, and made it ignore any other bluetooth chip you installed (you can get around this in Linux by force ignoring what the system reports.)
I used to Hackintosh Lenovos -- I thought this was at the bios level, so even if you did DSDT patching (linux or mac wise) it wouldn't work?
Patching up the kernel to get some sound coming out of the speakers.. Very on brand for Linux.
How do you know somebody has no idea what they're talking about? They'll tell you.
Show us on the doll where they’re wrong.
I'm guessing it's the fact that linux has in-tree drivers, so you necessarily need to "patch the kernel" in order to write/fix a driver for a non-standard compliant device?
How else is that supposed to work?
You either fix a driver in the kernel or a driver outside the kernel, it's not going to make that big of a difference to the person who has to fix it.
The difference is that the end user doesn't have to do it. Someone else is going to do it. Just like it is on Windows.