> it is not okay to consider that this labor fell from the sky and is a gift, and that the people/person behind are just doing it for their own enjoyments.
I am. I enjoy making things, and it's even better when others enjoy them. Just because you have expectations that you should be compensated for everything line of code you write; doesn't make it ubiquitous, nor should your expectations be considered the default.
I'd argue If you're creating and releasing open source with the expectations of compensation, you're doing it wrong. Equally, if you expect someone creating open source owes you anything, you're also part of the problem, (and part of why people feel they deserve compensation for something that used to be considered a gift).
All that said, you should take care of your people, if you can help others; especially when you depend on them. I think you should try. Or rather, I hope you would.
My apologies - you’re correct. I didn’t mean that as “you should never expect anyone to have contributed code for free/the pleasure/for the puzzle solving aspect”. I do it all of the time.
I meant - it’s unfair to consider that because this labor “fell from the sky”, you should just accept it - and as others have said, in the case of projects that become popular, that the burden should just automatically fall on the shoulders of someone who happened to share code “for free”.
If/when someone ends up becoming responsible for work they hadn’t necessarily signed up for (who signs up for burnout?) - it’s ok/necessary/mandatory to see how everyone (and or Nvidia/Google/OpenAI etc) can, like, help.
My insistence is on the opt-out nature of this so that people who would be ok being compensated don't have to beg.
Consider how the xz malware situation happened [0]. Or the header & question 8 from the FAQ for PocketBase [1].
"Open Source" is hugely conflated in terms of the reasons people write open source software.
There are people who truly don't care to be compensated for their work. Some are even fine with corporations using it without receiving any benefit.
Some people prefer viral and infectious licenses the way that Stallman originally intended and that the FSF later lost sight of (the AGPL isn't strong enough, and the advocacy fell flat). They don't want to give corporations any wiggle room in using their craft and want anyone benefiting from it in any way to agree to the same terms for their own extensions.
Many corporations, some insidiously, use open source as a means of getting free labor. It's not just free code, but entire ecosystems of software and talent pools of engineers that appear, ready to take advantage of. These same companies often do not publish their code as open source. AWS and GCP are huge beneficiaries that come to mind, yet you don't have hyperscaler code to spin up. They get free karma for pushing the "ethos" of open source while not giving the important parts back. Linux having more users means more AWS and GCP customers, yet those customers will never get the AWS and GCP systems for themselves.
There are "impure" and "non-OSI" licenses such as Fair Source and Fair Code that enable companies to build in the open and give customers the keys to the kingdom. They just reserve the sole right to compete on offering the software. OSI purists attack this, yet these types of licenses enable consumers do to whatever they want with the code except for reselling it. If we care about sustainability, we wouldn't attack the gesture.
There are really multiple things going on in "open source" and we're calling it all by the same imprecise nomenclature.
The purists would argue not and that the OSI definition is all that matters. But look at how much of the conversation disappears when you adhere to that, and what behavior slips by.
I think this is the piece so many that are stuck in the hustle culture mindset miss, and why they are so quick to dismiss anything like UBI or a strong social safety net that might “reduce people’s motivation”. There are many many creative, caring people that are motivated to create things or care for each other for the sake of it, not for some financial reward. Imagine the incredible programs, websites, games, crafts, artworks, animations, performances, literature, journalism, hobby clubs, support groups, community organizations that would spring into existence if we all just had more bandwidth for them while having our baseline needs met.
Would it be chaotic? Sure, in the same way that open source or any other form of self-organization is. But boy it sounds a whole lot better than our current model of slavery-with-extra-steps…
a) I'm not sure it logically follows that the hikikomori would be a particularly artistic group, thus don't understand the assertion; b) how do we know they aren't? By definition, they wouldn't be out promoting their works or gaining recognition.
Also, there is at least one example of UBI contributing to an increase in activity:
"According to the research, 31% of BIA recipients reported an increased ability to sustain themselves through arts work alone, and the number of people who reported low pay as a career barrier went down from one third to 17%. These changes were identified after the first six months of the scheme and remained stable as the scheme continued." [1]
People who are specifically not employed because they aren't motivated to do anything at all don't seem to be the best sample for what average people could do if they had more free time during their waking hours.
It seems unlikely that the most motivated people are unlikely to take UBI; the most likely UBI recipients are those who are marginally employed, and likely marginally motivated.
Um, hikikomori are a hotbed of creative works, though. Your entire premise is false. I don't know that you could get reliable statistics proving this claim, but Japan likely has the highest number of creatives per capita of any country in the world, and a ton of them are NEETs who spend their time drawing fanart or writing trashy webnovels. The vast majority of this creative work isn't commercially successful, of course, which is part of why they're NEETs.
Hikikomori seems to be largely a symptom of mental illness. NEETs almost by definition are not productive.
The fact that these groups are not producing mass amounts of creative works in no way implies that currently-productive people would not produce significantly more creative works if they had the time and resources to do so.
No that wouldn’t. If the zeitgeist, culture, society at large are antagonizing toward you, if you are meant to feel like a useless negative part of society, why would we expect amazing output from them?
This reinforces others talking about the flaws of hustle and grind culture. The status quo create the conditions for the negatives and then point to that and say “see”.
and yet their hypothesis is true, there are already many people, with or without UBI, that volunteer, create things and in general help people surrounding them without any reward and they are the backbone of every society, not the career-chasers
I think phenomena like hikkikomori have more to do with (at least perceived) social rejection than lack of motivation. If the only acceptable message you receive from society is that you must chase the brass ring constantly and any setback means you are an abject failure, then withdrawing from the pain of that rejection makes sense for anyone who has experienced enough setbacks or strongly feels alien to that culture. A broader societal shift would occur if it was truly universally understood that everyone has value as a human being separate from their labor market leverage or capital accumulation.
There will always be strivers who measure their self worth against superficial standards (Russ Hanneman “doors go up” hand gesture here), I just don’t see why everyone should be forced to play that game or starve I suppose. Giving everyone the option to settle for a life of basic dignity while caring for those around them, or going all in on some academic / creative pursuit seems equally valid investments for society.
Yes. The only real conclusion from people like NEETs is that society failed them. Outside of a fraction of total people (or when addictions are at play), it is very rare that someone never wants to be productive.
UBI and safety net would just get eaten by economic rent. Basically your landlord would just raise the price of renting space leaving people right where they left off.
You need to impose a tax called the Land Value Tax to prevent landowners eating up the public money. Even then we got a long list of much needed public spending before we can even think about a Citizen's Dividend.
> I'd argue If you're creating and releasing open source with the expectations of compensation, you're doing it wrong.
I think this is a little unfair, given that many (especially younger maintainers) get into it for portfolio reasons where they otherwise might struggle to get a job but stick around because of the enjoyment and interest. It still sucks that so many big orgs rely on these packages and we're potentially experiencing a future when models trained on this code are going to replace jobs in the future.
I think a lack of unionisation is what puts the industry in such a tough spot. We have no big power brokers to enforce the rights of open source developers, unlike the other creative industries that can organise with combined legal action.
I agree with you, but I do think we have a bit of a problem in which an open source creator makes something and then suddenly finds themselves accidentally having created a load-bearing component that is not only used by a lot of people and companies, but where people are demanding that bugs be fixed, etc., and we lack great models for helping transition it from "I do this for fun, might fix the bug if I ever feel like it" to " I respect that this has become a critical dependency and we will find a way to make it someone's job to make it more like a product".
I gather that the open source maintainers who have found themselves in this situation sometimes get very unhappy about it, and I can see why -- it's not like they woke up one day and suddenly had a critical component on their hands, it kind of evolved over time and after a while they're like "uhoh, I don't think this is what I signed up for"
I think expecting to get paid to fix bugs, add features, etc. to one’s open source code is much more reasonable and there should be marketplace infrastructure that makes this much easier to do (compared to the current system where developers have to apply for corporate grants for long running projects).
>it is not okay to consider that this labor fell from the sky and is a gift, and that the people/person behind are just doing it for their own enjoyments
Yes it absolutely is. That is the exact social contract people 100% willingly enter by releasing something as Free and Open Source. They do give it as a gift, in exchange for maybe the tiny bit of niche recognition that comes with it, and often times out of simple generosity. Is that really so incredible?
Help normalize saying no? As an OSS maintainer, the sense of entitlement many have is quite frustrating. After years in OSS, I have built up a thick skin and am fine saying no, but many aren't.
I’m sure many companies like to pay. It’s probably the cheapest way to solve a business problem. It should be the norm. If a company wants to have a bug fixed or a feature added, they should pay. And GitHub should make it easy to do so.
> Correct, maintainers can say that and get shamed.
And then they can shrug and move on with their respective days. If I open source something it's a gift to the commons, not a promise to work on it for free in perpetuity. I don't really care if someone tries to shame me for that, as there's nothing to be ashamed of.
If you look at the issue list for any significant open source project, it's probably of nonzero size. That's a way of saying "no": just don't do it.
Maybe you're overloaded, maybe you just don't feel like it. It's totally normal, and different projects have different levels of resources, some with none anymore.
Unless you're talking about a different event, tj-actions wasn't "compromised because there aren't any security specialists looking at the library". Instead, an API key was used, maybe by the author, maybe by someone else, to replace good code with bad code, including modifying historical release tags to point to the bad code.
That said, everything in my previous post still applies: a nonzero buglist is totally normal and widely accepted.
I'm not too sure about the root cause about tj-actions. IIRC there are some libraries that compromised by actions injections vulnerabilities, where a security specialist could have helped.
Agreed. Supporting open source maintainers is a great idea in general, but shaming people for using something according to the exact license terms it was released with is getting old.
A natural solution for this kind of problem would be either a private or public grants program. Critical infrastructure built by random uncompensated people... ideally there would be some process for evaluating what is critical and compensating that person for continued maintenance.
If this actually happens, get ready for an avalanche of AI-generated garbage code that exists for the sole purpose of boosting a scammer's metrics, so they can maximize their slice of the pie with the minimum amount of effort. Spotify is dealing with this same issue around AI-generated music [1].
Proposals like these seem to assume that FOSS is mostly produced by unpaid volunteers. But a lot of the open-source stuff that I personally use is produced by massively profitable companies.
For example, I am currently working with React, which was produced by Meta. I write the code using TypeScript, which was produced by Microsoft (and other corporate behemoths such as Google). I am writing this comment in Chrome (produced by Google). Etc.
Maybe it's just me, but I don't think the solution to the open source funding problem is to force people to pay for it. I think that goes against the spirit of open source. If there is forced payment, or even the expectation of payment, then we're not really doing the whole original open source thing, we're just doing bad source available commercial-ish software.
I think the solution is for people to understand that open source goes both ways. Unlike what this post says, users don't owe maintainers anything, but maintainers also don't owe the users anything. If I build something cool and share it freely, why should users expect anything from me? Why should you expect me to maintain it or add the features you want? I think we need a mentality change where less is expected from maintainers, unless funding is arranged.
After all, it's free and open source. No one is forcing you to use it. Don't like that I'm not actively developing it? Submit a PR or fork it. Isn't that what the original spirit of open source was? I think that open source has been so succesful and good that we've come to expect it to be almost like commercial software. That's not what it is.
Even though I like JS/TS, I agree... not to mention that at even 10x the suggested amount for paid accounts, or even $1 per private repo per month, it still wouldn't be significant to any individual developer... More along the lines of thanks for the cup of coffee money as opposed to income money.
As suggested, I do think there should be room for grant funding, especially in the case of govts switching to open-source (LibreOffice, Linux, whatever) and open-source individuals and orgs can apply and granted each year dependent on actual use. Though, even then, govts should probably do more for funding, but I don't want a situation where the org just spends more money than they actually distribute for dev (looking at you Mozilla).
I've spent a bit of time thinking about this[0] - as a maintainer (oapi-codegen, Renovate, previously Jenkins Job DSL Plugin and Wiremock), as someone who used to work on "how can we better fund our company's dependencies", and building projects and products to better understand dependency usage
As others have noted, there are a few areas to watch out for, and:
- some ecosystems have more dependencies over fewer, and so we need to consider how to apply a careful weighting in line with that
- how do we handle forks? Does a % of the money go to the original maintainers who did 80% of the work?
- how can companies be clever to not need to pay this?
- some maintainers don't want financial support, and that's OK
- some project creators / maintainers don't get into the work for the money (... because there is often very little)
- there's a risk of funding requirements leading to "I'm not merging your PR without you paying me" which is /not problematic/ but may not be how some people (in particular companies) would like to operate
If you willingly choose to make source code publicly available under an open source license you can’t then act all shocked that people don’t have to pay you for using that code. If you wanted to be guaranteed an income whenever your code gets used, you should have chosen a different license.
> Those funds would then be distributed by usage - every mention in a package.json or requirements.txt gets you a piece of the pie.
Usage is not a good proxy for value or ongoing effort. I have a npm package with tens of millions of weekly downloads. It's only a few lines long and it's basically done - no maintenance required.
I'm skeptical that there exists an algorithmic way to distribute funds that's both efficient and resistant to gaming.
The first order effect of this would be great, but the following onslaught of schlinkert spam would be devastating- its bad enough now with people making garbage dependencies and sneaking them in everywhere just for clout
Sadly I think this is true. There is already a problem with people making useless dependencies and pushing them into projects with PRs to increase their download numbers.
Showing high download numbers on your resume is more valuable than anything a fund like this could provide. There will always be a company who views high NPM download numbers as a signal of top 1% talent, even if it has become a game in itself.
This would not fund the people you want it to fund.
Bad or borderline actors would be so much better at creating whatever metrics you're basing things off of that the actual value creators wouldn't stand a chance.
I've seen plenty of cases of making something a target where quality won't be measurable and immediately cut off the reward or apply penalties. I don't really want Microsoft to run a large fund that encourages people to try to take over roles and request cash, etc.
Literally anyone could create a support and maintenance organization that takes MIT license projects into an AWS like split and only get paid if the support they provide remains valuable to people who pay for the value of the support and maintenance.
Corporations who use and benefit from software should be made to pay for their use of that software, but they don't want to, which is why they'll happily spend money promoting the use of corporate-friendly and maximally exploitable open source licensing among the passionate individuals who maintain the lions share of their dependency tree.
If you don't want to give your software away for free, don't give your software away for free. When they decide it is in their best interest to pay for it they will, i.e. support, bug fixes, changes. If you make open source software that just works they are unlikely to start writing checks nor should there be any expectation that they do that.
> When they decide it is in their best interest to pay for it they will, i.e. support, bug fixes, changes.
Maybe, but also maybe they just fork internally and fix the bug internally and don't publish the bugfix. And maybe it's never in their best interest to pay for it, maybe it's in their best interest to just freeload forever.
> If you make open source software that just works they are unlikely to start writing checks nor should there be any expectation that they do that.
I think it's good when we expect corporations to write checks to the people that write the open-source stuff they rely on. "A rising tide lifts all boats" is not automatically true in software, we have to choose to make it true. I think a world in which we make that choice is a better world. I'm not convinced we currently live in that world.
That is not how people and society function. The status quo and culture is that open source is good for society and all. You are not told about why big corporations can use all this code for free. You’re actually told you’re doing a good deed by making code open source.
Then you jump on to a place like Reddit or HN and you have people mostly supporting the status quo. Of course people are going to do open source more than they should. And then if they complain later on, you will say they chose to make it open source. Reinforcing the status quo by blaming the individual.
I paid 1 buck for WhatsApp back in the day. Better business model than what meta did with it. But we're moving closer and closer to 8 companies controlling the world. Both WhatsApp and github are owned by them.
> we're moving closer and closer to 8 companies controlling the world.
Which 8? In the control the world domain I see Meta, Google, Amazon, Apple, Microsoft. In terms of Market Cap you would add Tesla, Nvidia and TSMC, but these three aren't any where close to "controlling" the world category.
I would put Disney in there. I picked 8 arbitrarily but those companies have substantial pull in governmental regulations and the state of the web. Probably missing some Chinese companies.
imo corporations have more pull on governments than governments have on businesses at this point as far as long term culture goes.
The trick will be getting around the regulations that are being set up to protect interests of government and big business at the expense of everybody else. This will only become more difficult as time goes on.
The transitive nature of dependencies makes fund allocation extremely wonky. Say you have Next.js as a dependency in your package.json file? How many dependencies does Next.js itself have? What portion of your funds go to Next.js versus all the transitive dependencies of Next.js?
How about GitHub stops using GPL'd code to train models? The authors weren't asking for payment, they were just asking not to reuse their code without GPL.
Government grants can be used to cover infrastructural open source. Not every open source wants money, so this scheme has ro be opt-in. Further, entitled "paying" users[1] will make things much worse for small projects. "I paid for this package, so you need to fix this show-stopper bug before we ship on Friday"
Having a passion project is great, having it gain traction is even better, but that is not sufficient to make it a job / company. The utility of open source projects range from "I could implement the bits I use in under an hour" to "It would take 100-person team years".
Every day, millions go to work because they have to eat. Every day, thousands (?) go to their computers in their free time and make OSS software. Not because they have to eat but because [?]. Then they or others complain that people take their work that they do for free under no duress for free.
Maybe economists could do what is ostensibly their job and try to prevent the “tetris game of software depending on the OSS maintained by one guy in Nebraska...” situation. In the meanwhile people who do things under no duress for free could stop doing it.
(Not that OSS is all hobby activities. There are many who are paid to do it. But these appeals only talk about the former.)
The sense of entitlement is strong in these comments. If you haven’t built or maintained OSS I’m wondering why your opinion matters [edit: that's harshly worded I could have been more nuanced, hopefully the point is taken and it is a question]. There’s also the take that “this is fine” vs considering that the state of OSS things could be a LOT better with higher quality and more choices if we fed the beast properly.
I don't see any entitlement at all, in fact it's the opposite.
The article: "I expect open source maintainers to maintain their codebases and add new features. I have unilaterally decided that $1/package is a suitable amount, universally applicable to all packages and maintainers." <--- this is entitlement
The comments here: "Open source maintainers don't owe you shit."
Interesting. I do not agree with your summary of his post, in fact he goes so far as to say "an idea, really. Incredibly half-baked. Poke all the holes you want. It’s very unwrought and muy unripe."
So yes, we can laugh at the proposed mechanism but I feel the world would be a better place if we could funnel more resources to OSS creators rather than just take because that's an easier path.
No. I would get rid of "should" to "could" but it actually would warp the open source world once money is involved. People would start optimizing what they do to try and get a slice of the pie.
This transformation of open-source into rent-seeking behaviour is quite distasteful to me. If you don't want to share your stuff without taxing everyone, then don't share it. Other licenses exist. You don't have to use MIT or the GPL.
Meta has even demonstrated an alternative with the Llama 4 License which has exclusion criteria:
> 2. Additional Commercial Terms. If, on the Llama 4 version release date, the monthly active users of the products or services made available by or for Licensee, or Licensee’s affiliates, is greater than 700 million monthly active users in the preceding calendar month, you must request a license from Meta, which Meta may grant to you in its sole discretion, and you are not authorized to exercise any of the rights under this Agreement unless or until Meta otherwise expressly grants you such rights.
Go put such terms in your licenses.
This is particularly rampant in the Rust community and if I'm being honest this forced tithing church nonsense from people who want to be priests makes participating in that community less desirable. I don't even want to donate to the RSF as a result.
All the other projects I've donated to in the past have been much more reasonable. This kind of pushy nonsense is unacceptable.
One thing I thought that got me interested about Brave was this part of their business modell. It had the potential to support this type of economy almost without any attrition. It was not that different from flattr, with the difference that people would be able to contribute just by accepting the notification ads and passing along their earnings.
Unfortunately, the crypto angle made sure that mostly degens and speculators got into it. Perhaps if stabletokens were more established by the time they started, it would be easier to market it.
(I am not going to get into yet-another discussion about Brave as a company. I will flag any attempt at derailing the conversation.)
>It is crazy, absolutely crazy to depend on open source to be free (as beer).
Why? It's not crazy at all. It's the status quo with no sign of things changing. It is both possible right now and likely continue. Its not crazy.
If it's not worth maintaining people will stop. If people need it they will develop it. The current incentive structure has produced lots of open source code that is being maintained.
>It is not okay - it is not okay to consider that this labor fell from the sky and is a gift, and that the people/person behind are just doing it for their own enjoyments.
It is if there is no cost. You can always charge for it. But you can't make it free then pretend its not.
> every mention in a package.json or requirements.txt
OK, what about those of us who aren't writing libraries?
As a personal anecdote, the amount of opportunities that have been opened up to me as a result of my open source project are worth way more than any $1 per mention or user.
$1 USD is ~90 Indian Rupees, 1450 Argentinian Peso or over 1 million Iranian Rial [1]. In some places, $1 USD could be a week's work. On the collection side, you could be seriously over-charging people. On the distribution side, you could be seriously overpaying people for their work - and encourage scams, etc.
> GitHub should charge every org $1 more per user per month and direct it into an Open Source fund, held in escrow.
Sure. It'll be some charity, then somebody gets paid $200k+ per year to distribute what remains after they've taken the majority, all whilst avoiding most taxes. To receive the money the person has to ID themselves, financial background checks need to be done, a minimum amount needs to be reached before a payment is made, and then after passing through multiple wanting hands, they end up with a fraction.
> Those funds would then be distributed by usage - every mention in a package.json or requirements.txt gets you a piece of the pie.
What even is "usage"? How many times it appears in a number of repos? How many users there are of the project? Is the usefulness and value of a project limited to the number of people that directly use it?
> Or don’t! Let’s not do anything! People’s code and efforts - fueling incredibly critical bits of infrastructure all around the world - should just be up for grabs. Haha! Suckers!
> Anyway, you all smarter than me people can figure it out. I just cannot accept that what we have is “GOOD”. xx
It's entirely possible you can make things worse by avoiding doing nothing. Sometimes in life you have to pick the lesser of evils.
Many open source projects are created by engineers being paid to solve a problem their employer has, and they just happen to release it freely.
I don't think Google needs a dollar every time I write a script in golang or run a container in kubernetes, and I would put a lot less trust in Envoy if I thought Lyft was building it profit and not because they needed to.
Instead of a dollar from github users, I think it should just be a hefty tax on big tech companies that have valuations of over a billion. The nature of software and tech means that there are massive monopolies where winner takes all. We should just accept that and leverage it.
OSS works partially because a lot of stuff is free as in beer. I rely on probably many thousands of OSS projects directly or indirectly on a daily basis. So does everyone else.
The problem for some people is that they want to get paid for their work and just aren't; or not enough. I won't judge that. Writing software is hard work. Whether you donate your time and how much of your time is a personal choice to make. But of course a lot of OSS gets paid for indirectly via companies paying people to work on them (most long lived projects have paid contributors like that) or in a few cases because the companies behind these projects have some business model that actually works. Some people donate money to things they like. And some projects are parked under foundations that accept donations. That's all fine. But there are also an enormous amount of projects out there and most of them will never receive a dollar for any of it. OSS wouldn't work without this long tail of unpaid contributors.
I have a few OSS projects of my own. I don't accept donations for them. I don't get paid for them. I have my own reasons for creating these projects; but money isn't one of those. And people are welcome to use them. That's why these projects are open source.
MS and Github make loads of money. There's a reason they give the freemium version away for free: it funnels enough people into the non free version that it is worth it to them. Charging money to everyone might actually break that for them. I happily use their freemium stuff. I did pay for it a long time ago when private projects weren't part of the freemium layer. Anyway their reasons/motivations are theirs. I'm sure it all makes sense for them and their share holders.
If people feel guilty about not donating to each of the thousands of projects they rely on (or any, because why cherry pick?), you can pay back in a different way and try to contribute once in a while. Just pay it forward. Yes you somebody put a lot of work in the stuff that you use. And you put some work in stuff that others get to use. If enough people keep on doing that (and the success of OSS hints that they do), OSS will be here to stay.
This is a terrible idea in my opinion and it's been tried/is being tried by services like thanks.dev. Yes, we need something here but this is not it. The reality is more complex.
It doesn't work well in practice. Because then people like https://github.com/sindresorhus?tab=repositories&type=source would get a shit ton of money because of the pure number of dependencies. And yes our stack also contains his code somewhere in a debug UI but our main product is entirely written in a different programming language with way fewer dependencies but if one of them goes away we'd be in trouble. In other words: Dependency count is not a good metric for this.
My "idea":
Lots of companies will have to create SBOMs anyway. Take all of those but also scan your machines and take all the open source software running on there (your package.lock does not contain VLC etc.) and throw it in a big company wide BOM, then somehow prioritise those using algorithms, data and just manual voting and then upload that to some distributor who then distributes this to all the relevant organisations and people and then (crucially) sends me (as a company) an invoice.
We've tried doing the right thing but sponsoring is hard - it works differently for every project/foundation and the administrative overhead is huge.
The reality is that "we" as an open-source community suck at taking money and I believe this is partially on us.
However it is opt-in aka "Launch a page in minutes and showcase Sponsors buttons on your GitHub profile and repositories". That's effort & friction and only simplifies the "begging" aspect that I am (strongly) reacting to.
> Those funds would then be distributed by usage - every mention in a package.json or requirements.txt gets you a piece of the pie.
Could have worked before LLMs.
Also, funding by popularity would mean alternatives would have a harder time to emerge and get the funding they need to compete against the established popular projects.
Being an Open Source project doesn't mean that it provides the best solution to the problem it's supposed to solve.
Diversity is important.
I do like this idea, as it seems easy to implement. Github can just increase its prices by $1/month/orguser and that fund could end up with like, i think, 6 million per month. Thats a sizeable amount of money and could help in making open source more sustainable & attractive.
>it is not okay to consider that this labor fell from the sky and is a gift, and that the people/person behind are just doing it for their own enjoyments
should be the transitive dependencies, not just top-level (so the lock file or equiv) or you just reward the "barely wrap it and give it a new name" js crowd even more.
let everything be gratis and if you need something fixed, and engineer you hired to work for you in your org can fork or send in a patch. there, I solved it
In principle it sounds like a grand idea, although there are a bunch of corner cases like how it works cross country borders, and de-anonymising maintainers.
If it was opt in for opensource projects, and there are strong guards against people forking/hard takover-ing then yes, it seems like a good idea in principle.
I will leave the AI enthusiasts to chime in about the future, and how we don't need OS anymore.
$5 a month per dependency, OK let's go! Hold up I've just reorganized my packages into sqlalchemy-base, sqlalchemy-core-sql, sqlalchemy-orm, sqlalchemy-oh-you-want-deletes-also, sqlalchemy-fewer-bugs, and about eight more
the payment isn't the problem so much as the payment processing. They wouldn't support crypto, even if they did, getting crypto without KYC hassle is a PITA, not worth it for paying one company $1. Not associating your real identity with a github repo is very important to most github users.
Payment could solve lots of problems, but there is no real and meaningful cash-equivalent payment system or method. This isn't a tech problem either, governments allow cash payments, but if it is digital, they won't allow any means that preserves privacy. Money laundering is their concern. You can't solve this without laws changing. Even if I don't mind buying crypto with a credit card, I still have to go through proving my identity with my id card, as if my credit-card company didn't do that already.
payment is a huge barrier to commerce these days, people think LLMs will change the world, but payment tech/laws will have a bigger effect in my opinion.
Let's say HN mods go a little crazy one day and want to let us tip each other for good posts and comments, imagine if all they had to do is add an html tag in the right place and that's it. All we had to do is click a button and it just works, and there is no exposure of private information by any involved party, and you could fund that payment by buying something (a card?) at a convenience store in person, just as easily as you could with a crypto payment, moneygram or wire transfer.
I __want__ to pay so many news sites, blogs,etc... I don't mind tipping a few bucks to some guy who wrote a good blog, or who put together a decent project on github that saved me lots of time and work.
It isn't merely the change in economics or people getting a buck here and there, but the explosion in economic activity you have to look at. The generation of wealth, not the mere zero-sum transferring of currency. This is the type of stuff that changes society drastically, like freeways being invented, women being able to ride bicycles, airplanes allowing fast transport, telegrams allowing instant messaging,etc..
Everyone being able to easily pay anyone at all, including funding private as well as commercial projects would be more disruptive than democracy itself, if I could dare make that claim. There is freedom of movement, there is freedom of communication and last there is freedom of trade. these are the ultimate barriers to human progress. Imagine if everyone from texas to beijing could fund research and projects, trade stocks in companies (all companies in the world). You won't need governments to fund climate change work, I think eventually taxation itself will have to suffer, because people would be able to direct exactly where their funds went. Not just what department in the government gets a budget, but exactly what projects they spend it on. being able to not just talk or meet each other instantly (and even those have a long way to go) but to also collectively or as individuals found each other, governments and companies, that'd be the biggest thing that could happen this century.
This could be done, but again, we don't need better tech as much as we need a change in attitude. For people to actually believe this would result in a better world for them.
Yes I read it, but still, charging me $1 so M/S can spy on what I do and make money off of it by selling my work to large corporations is wrong.
But if they really wanted to do what the article says, create a project and people can donate what the want. For example, if M/S sends me $5 per month, I can redirect it to various open source projects instead.
When I was on GH, I did donate a little per month to 2 projects, it was a nice way to do that. But I moved off because I do not want to give M/S more personal information (like my Cell #), so I send a few $ to them using other means.
love this idea on so many levels. Of course, then the fight moves to how allocation happens, and how to avoid people further gaming things like repo stars, forks, PRs, voting, dependencies, etc.
in particular, there's repos with extremely high activity where funding doesn't help anyone and repos with low activity where funding ensures continuity for key components we all depend on but which are under-funded for various reasons.
> it is not okay to consider that this labor fell from the sky and is a gift, and that the people/person behind are just doing it for their own enjoyments.
Is that not what most of open source is? Things people make for themselves because they either found it fun or solved their own problem, then published it for others to use for free. Most projects are not worth the bureaucratic tax related headaches the income from them would bring (maybe that's just my EU showing).
What's not okay is demanding new features or to fix something urgently. That's paid territory.
Honestly this post is such a shit take it's borderline intentional ragebait.
> it is not okay to consider that this labor fell from the sky and is a gift, and that the people/person behind are just doing it for their own enjoyments.
I am. I enjoy making things, and it's even better when others enjoy them. Just because you have expectations that you should be compensated for everything line of code you write; doesn't make it ubiquitous, nor should your expectations be considered the default.
I'd argue If you're creating and releasing open source with the expectations of compensation, you're doing it wrong. Equally, if you expect someone creating open source owes you anything, you're also part of the problem, (and part of why people feel they deserve compensation for something that used to be considered a gift).
All that said, you should take care of your people, if you can help others; especially when you depend on them. I think you should try. Or rather, I hope you would.
My apologies - you’re correct. I didn’t mean that as “you should never expect anyone to have contributed code for free/the pleasure/for the puzzle solving aspect”. I do it all of the time.
I meant - it’s unfair to consider that because this labor “fell from the sky”, you should just accept it - and as others have said, in the case of projects that become popular, that the burden should just automatically fall on the shoulders of someone who happened to share code “for free”.
If/when someone ends up becoming responsible for work they hadn’t necessarily signed up for (who signs up for burnout?) - it’s ok/necessary/mandatory to see how everyone (and or Nvidia/Google/OpenAI etc) can, like, help.
My insistence is on the opt-out nature of this so that people who would be ok being compensated don't have to beg.
Consider how the xz malware situation happened [0]. Or the header & question 8 from the FAQ for PocketBase [1].
[0] https://x.com/FFmpeg/status/1775178803129602500
[1] https://pocketbase.io/faq/
Don't apologize.
"Open Source" is hugely conflated in terms of the reasons people write open source software.
There are people who truly don't care to be compensated for their work. Some are even fine with corporations using it without receiving any benefit.
Some people prefer viral and infectious licenses the way that Stallman originally intended and that the FSF later lost sight of (the AGPL isn't strong enough, and the advocacy fell flat). They don't want to give corporations any wiggle room in using their craft and want anyone benefiting from it in any way to agree to the same terms for their own extensions.
Many corporations, some insidiously, use open source as a means of getting free labor. It's not just free code, but entire ecosystems of software and talent pools of engineers that appear, ready to take advantage of. These same companies often do not publish their code as open source. AWS and GCP are huge beneficiaries that come to mind, yet you don't have hyperscaler code to spin up. They get free karma for pushing the "ethos" of open source while not giving the important parts back. Linux having more users means more AWS and GCP customers, yet those customers will never get the AWS and GCP systems for themselves.
There are "impure" and "non-OSI" licenses such as Fair Source and Fair Code that enable companies to build in the open and give customers the keys to the kingdom. They just reserve the sole right to compete on offering the software. OSI purists attack this, yet these types of licenses enable consumers do to whatever they want with the code except for reselling it. If we care about sustainability, we wouldn't attack the gesture.
There are really multiple things going on in "open source" and we're calling it all by the same imprecise nomenclature.
The purists would argue not and that the OSI definition is all that matters. But look at how much of the conversation disappears when you adhere to that, and what behavior slips by.
I think this is the piece so many that are stuck in the hustle culture mindset miss, and why they are so quick to dismiss anything like UBI or a strong social safety net that might “reduce people’s motivation”. There are many many creative, caring people that are motivated to create things or care for each other for the sake of it, not for some financial reward. Imagine the incredible programs, websites, games, crafts, artworks, animations, performances, literature, journalism, hobby clubs, support groups, community organizations that would spring into existence if we all just had more bandwidth for them while having our baseline needs met.
Would it be chaotic? Sure, in the same way that open source or any other form of self-organization is. But boy it sounds a whole lot better than our current model of slavery-with-extra-steps…
The hikikomori[1] or NEETs ought to be a hotbed of creative works if your hypothesis is true. And they aren't, plain and simple.
There is effectively zero evidence suggesting a population on UBI will result in some sort of outpouring of creativity.
[1] https://en.wikipedia.org/wiki/Hikikomori and it's not a phenomenon limited to Japan.
a) I'm not sure it logically follows that the hikikomori would be a particularly artistic group, thus don't understand the assertion; b) how do we know they aren't? By definition, they wouldn't be out promoting their works or gaining recognition.
Also, there is at least one example of UBI contributing to an increase in activity:
"According to the research, 31% of BIA recipients reported an increased ability to sustain themselves through arts work alone, and the number of people who reported low pay as a career barrier went down from one third to 17%. These changes were identified after the first six months of the scheme and remained stable as the scheme continued." [1]
[1] https://musiciansunion.org.uk/news/ireland-s-basic-income-fo...
People who are specifically not employed because they aren't motivated to do anything at all don't seem to be the best sample for what average people could do if they had more free time during their waking hours.
It seems unlikely that the most motivated people are unlikely to take UBI; the most likely UBI recipients are those who are marginally employed, and likely marginally motivated.
Um, hikikomori are a hotbed of creative works, though. Your entire premise is false. I don't know that you could get reliable statistics proving this claim, but Japan likely has the highest number of creatives per capita of any country in the world, and a ton of them are NEETs who spend their time drawing fanart or writing trashy webnovels. The vast majority of this creative work isn't commercially successful, of course, which is part of why they're NEETs.
Can it really be a 'hotbed' if there is no demand (or even maybe awareness) of the works? That just seems like a hobby done for selfish reasons.
Hikikomori seems to be largely a symptom of mental illness. NEETs almost by definition are not productive.
The fact that these groups are not producing mass amounts of creative works in no way implies that currently-productive people would not produce significantly more creative works if they had the time and resources to do so.
No that wouldn’t. If the zeitgeist, culture, society at large are antagonizing toward you, if you are meant to feel like a useless negative part of society, why would we expect amazing output from them?
This reinforces others talking about the flaws of hustle and grind culture. The status quo create the conditions for the negatives and then point to that and say “see”.
The UK music culture of the 1960s was in large part due to the "dole" or cash payments to poor people.
and yet their hypothesis is true, there are already many people, with or without UBI, that volunteer, create things and in general help people surrounding them without any reward and they are the backbone of every society, not the career-chasers
I think phenomena like hikkikomori have more to do with (at least perceived) social rejection than lack of motivation. If the only acceptable message you receive from society is that you must chase the brass ring constantly and any setback means you are an abject failure, then withdrawing from the pain of that rejection makes sense for anyone who has experienced enough setbacks or strongly feels alien to that culture. A broader societal shift would occur if it was truly universally understood that everyone has value as a human being separate from their labor market leverage or capital accumulation.
There will always be strivers who measure their self worth against superficial standards (Russ Hanneman “doors go up” hand gesture here), I just don’t see why everyone should be forced to play that game or starve I suppose. Giving everyone the option to settle for a life of basic dignity while caring for those around them, or going all in on some academic / creative pursuit seems equally valid investments for society.
Yes. The only real conclusion from people like NEETs is that society failed them. Outside of a fraction of total people (or when addictions are at play), it is very rare that someone never wants to be productive.
Not really against welfare programs...but...
UBI and safety net would just get eaten by economic rent. Basically your landlord would just raise the price of renting space leaving people right where they left off.
You need to impose a tax called the Land Value Tax to prevent landowners eating up the public money. Even then we got a long list of much needed public spending before we can even think about a Citizen's Dividend.
> I'd argue If you're creating and releasing open source with the expectations of compensation, you're doing it wrong.
I think this is a little unfair, given that many (especially younger maintainers) get into it for portfolio reasons where they otherwise might struggle to get a job but stick around because of the enjoyment and interest. It still sucks that so many big orgs rely on these packages and we're potentially experiencing a future when models trained on this code are going to replace jobs in the future.
I think a lack of unionisation is what puts the industry in such a tough spot. We have no big power brokers to enforce the rights of open source developers, unlike the other creative industries that can organise with combined legal action.
I agree with you, but I do think we have a bit of a problem in which an open source creator makes something and then suddenly finds themselves accidentally having created a load-bearing component that is not only used by a lot of people and companies, but where people are demanding that bugs be fixed, etc., and we lack great models for helping transition it from "I do this for fun, might fix the bug if I ever feel like it" to " I respect that this has become a critical dependency and we will find a way to make it someone's job to make it more like a product".
I gather that the open source maintainers who have found themselves in this situation sometimes get very unhappy about it, and I can see why -- it's not like they woke up one day and suddenly had a critical component on their hands, it kind of evolved over time and after a while they're like "uhoh, I don't think this is what I signed up for"
I think expecting to get paid to fix bugs, add features, etc. to one’s open source code is much more reasonable and there should be marketplace infrastructure that makes this much easier to do (compared to the current system where developers have to apply for corporate grants for long running projects).
I'm pretty sure you didn't wake up at 5am to an urgent issue. Because I did last night, and for sure __MY WIFE__ expects me to get paid for it!!
In general, people's time is not free if only because they have rent/mortgage, food, transportation, medical bills, education, etc.
Redistributing unwanted funds would be a good chore to have to do!
>it is not okay to consider that this labor fell from the sky and is a gift, and that the people/person behind are just doing it for their own enjoyments
Yes it absolutely is. That is the exact social contract people 100% willingly enter by releasing something as Free and Open Source. They do give it as a gift, in exchange for maybe the tiny bit of niche recognition that comes with it, and often times out of simple generosity. Is that really so incredible?
The problem is more so maintenance.
The expectation of FOSS is that the users and maintainer work together to resolve bug fixes/features/security issues.
However many companies will dump these issues to the maintainer and take it for granted when they are resolved.
It's not a sustainable model, and will lead to burnout/unmaintained libraries.
If the companies don't have the engineering resources/specialization to complete bug fixes/features, they should sponsor the maintainers.
It’s OK to say “No” or “Pay me and I’ll do it right now” to companies doing this.
I 100% agree with this. It also is 100% OK to fork aggressively and patch yourself.
Correct, maintainers can say that and get shamed.
And it leads to unmaintained libraries, since companies don't want to pay.
At some point, is open sourcing your work a liability?
Help normalize saying no? As an OSS maintainer, the sense of entitlement many have is quite frustrating. After years in OSS, I have built up a thick skin and am fine saying no, but many aren't.
I’m sure many companies like to pay. It’s probably the cheapest way to solve a business problem. It should be the norm. If a company wants to have a bug fixed or a feature added, they should pay. And GitHub should make it easy to do so.
> Correct, maintainers can say that and get shamed.
And then they can shrug and move on with their respective days. If I open source something it's a gift to the commons, not a promise to work on it for free in perpetuity. I don't really care if someone tries to shame me for that, as there's nothing to be ashamed of.
If you look at the issue list for any significant open source project, it's probably of nonzero size. That's a way of saying "no": just don't do it.
Maybe you're overloaded, maybe you just don't feel like it. It's totally normal, and different projects have different levels of resources, some with none anymore.
I have seen small utility libraries like tj-actions get compromised because there aren't any security specialists looking at the library.
My main concern is supply chain compromise.
Unless you're talking about a different event, tj-actions wasn't "compromised because there aren't any security specialists looking at the library". Instead, an API key was used, maybe by the author, maybe by someone else, to replace good code with bad code, including modifying historical release tags to point to the bad code.
That said, everything in my previous post still applies: a nonzero buglist is totally normal and widely accepted.
I'm not too sure about the root cause about tj-actions. IIRC there are some libraries that compromised by actions injections vulnerabilities, where a security specialist could have helped.
(And on the flipside, nothing is owed for a bugfix the maintainer made out of their own free will. Again, a gift.)
The problem is lots of open source is unmaintained/insecure, and there aren't any security engineers on those open source libraries.
For the library to be secure, there needs to be funding, not by magic and expecting maintainers will do stuff on there free will.
Agreed. Supporting open source maintainers is a great idea in general, but shaming people for using something according to the exact license terms it was released with is getting old.
It's crazy to expect someone to pay for something that you're giving them for free.
Correct, but if there's a bug/enhancement/support they want, it's perfectly reasonable to ask for compensation for it.
A natural solution for this kind of problem would be either a private or public grants program. Critical infrastructure built by random uncompensated people... ideally there would be some process for evaluating what is critical and compensating that person for continued maintenance.
How bold to start with "Listen to me" then jump into something that doesn't make much economic sense and has not been properly considered
If this actually happens, get ready for an avalanche of AI-generated garbage code that exists for the sole purpose of boosting a scammer's metrics, so they can maximize their slice of the pie with the minimum amount of effort. Spotify is dealing with this same issue around AI-generated music [1].
1. https://www.forbes.com/sites/lesliekatz/2024/09/08/man-charg...
Proposals like these seem to assume that FOSS is mostly produced by unpaid volunteers. But a lot of the open-source stuff that I personally use is produced by massively profitable companies.
For example, I am currently working with React, which was produced by Meta. I write the code using TypeScript, which was produced by Microsoft (and other corporate behemoths such as Google). I am writing this comment in Chrome (produced by Google). Etc.
Maybe it's just me, but I don't think the solution to the open source funding problem is to force people to pay for it. I think that goes against the spirit of open source. If there is forced payment, or even the expectation of payment, then we're not really doing the whole original open source thing, we're just doing bad source available commercial-ish software.
I think the solution is for people to understand that open source goes both ways. Unlike what this post says, users don't owe maintainers anything, but maintainers also don't owe the users anything. If I build something cool and share it freely, why should users expect anything from me? Why should you expect me to maintain it or add the features you want? I think we need a mentality change where less is expected from maintainers, unless funding is arranged.
After all, it's free and open source. No one is forcing you to use it. Don't like that I'm not actively developing it? Submit a PR or fork it. Isn't that what the original spirit of open source was? I think that open source has been so succesful and good that we've come to expect it to be almost like commercial software. That's not what it is.
There's also the problem of who decides who gets paid?
If they pay by popularity most of my $1 would go to javascript. I'd rather it went to libraries I actually use.
Even though I like JS/TS, I agree... not to mention that at even 10x the suggested amount for paid accounts, or even $1 per private repo per month, it still wouldn't be significant to any individual developer... More along the lines of thanks for the cup of coffee money as opposed to income money.
As suggested, I do think there should be room for grant funding, especially in the case of govts switching to open-source (LibreOffice, Linux, whatever) and open-source individuals and orgs can apply and granted each year dependent on actual use. Though, even then, govts should probably do more for funding, but I don't want a situation where the org just spends more money than they actually distribute for dev (looking at you Mozilla).
I've spent a bit of time thinking about this[0] - as a maintainer (oapi-codegen, Renovate, previously Jenkins Job DSL Plugin and Wiremock), as someone who used to work on "how can we better fund our company's dependencies", and building projects and products to better understand dependency usage
As others have noted, there are a few areas to watch out for, and:
- some ecosystems have more dependencies over fewer, and so we need to consider how to apply a careful weighting in line with that - how do we handle forks? Does a % of the money go to the original maintainers who did 80% of the work? - how can companies be clever to not need to pay this? - some maintainers don't want financial support, and that's OK - some project creators / maintainers don't get into the work for the money (... because there is often very little) - there's a risk of funding requirements leading to "I'm not merging your PR without you paying me" which is /not problematic/ but may not be how some people (in particular companies) would like to operate
[0]: https://www.jvt.me/posts/2025/02/20/funding-oss-product/
If you willingly choose to make source code publicly available under an open source license you can’t then act all shocked that people don’t have to pay you for using that code. If you wanted to be guaranteed an income whenever your code gets used, you should have chosen a different license.
> Those funds would then be distributed by usage - every mention in a package.json or requirements.txt gets you a piece of the pie.
Usage is not a good proxy for value or ongoing effort. I have a npm package with tens of millions of weekly downloads. It's only a few lines long and it's basically done - no maintenance required.
I'm skeptical that there exists an algorithmic way to distribute funds that's both efficient and resistant to gaming.
The first order effect of this would be great, but the following onslaught of schlinkert spam would be devastating- its bad enough now with people making garbage dependencies and sneaking them in everywhere just for clout
Sadly I think this is true. There is already a problem with people making useless dependencies and pushing them into projects with PRs to increase their download numbers.
Showing high download numbers on your resume is more valuable than anything a fund like this could provide. There will always be a company who views high NPM download numbers as a signal of top 1% talent, even if it has become a game in itself.
It might make the maintainers of if the rest of the pie vigilant for dependency spam that would cut into their end.
Well now you've got me wondering.
This would not fund the people you want it to fund.
Bad or borderline actors would be so much better at creating whatever metrics you're basing things off of that the actual value creators wouldn't stand a chance.
IMHO Open Source Software is a public good, and should be mostly funded like other public goods: through government grants.
GitHub charging its users, who themselves are mostly OSS developers (and not end users) doesn't seem like a sensible solution.
I've seen plenty of cases of making something a target where quality won't be measurable and immediately cut off the reward or apply penalties. I don't really want Microsoft to run a large fund that encourages people to try to take over roles and request cash, etc.
Literally anyone could create a support and maintenance organization that takes MIT license projects into an AWS like split and only get paid if the support they provide remains valuable to people who pay for the value of the support and maintenance.
So you sprinkle a few tens of thousands of dollars across a few hundreds of thousands of developers every month? Thanks for the $0.48 Github.
s/thousands/millions/ the point stands that there are way more devs than commercial accounts, and even then, even if it's 1:1, you get $1?
Not a great take.
Corporations who use and benefit from software should be made to pay for their use of that software, but they don't want to, which is why they'll happily spend money promoting the use of corporate-friendly and maximally exploitable open source licensing among the passionate individuals who maintain the lions share of their dependency tree.
https://lgug2z.com/articles/on-evils-in-software-licensing/
If you don't want to give your software away for free, don't give your software away for free. When they decide it is in their best interest to pay for it they will, i.e. support, bug fixes, changes. If you make open source software that just works they are unlikely to start writing checks nor should there be any expectation that they do that.
> When they decide it is in their best interest to pay for it they will, i.e. support, bug fixes, changes.
Maybe, but also maybe they just fork internally and fix the bug internally and don't publish the bugfix. And maybe it's never in their best interest to pay for it, maybe it's in their best interest to just freeload forever.
> If you make open source software that just works they are unlikely to start writing checks nor should there be any expectation that they do that.
I think it's good when we expect corporations to write checks to the people that write the open-source stuff they rely on. "A rising tide lifts all boats" is not automatically true in software, we have to choose to make it true. I think a world in which we make that choice is a better world. I'm not convinced we currently live in that world.
> If you don't want to give your software away for free, don't give your software away for free.
I don't, and I spend a lot of my time and efforts encouraging others not to, and doing the work to prove out alternative models :)
https://lgug2z.com/articles/normalize-identifying-corporate-...
https://lgug2z.com/articles/komorebi-financial-breakdown-for...
That is not how people and society function. The status quo and culture is that open source is good for society and all. You are not told about why big corporations can use all this code for free. You’re actually told you’re doing a good deed by making code open source.
Then you jump on to a place like Reddit or HN and you have people mostly supporting the status quo. Of course people are going to do open source more than they should. And then if they complain later on, you will say they chose to make it open source. Reinforcing the status quo by blaming the individual.
I paid 1 buck for WhatsApp back in the day. Better business model than what meta did with it. But we're moving closer and closer to 8 companies controlling the world. Both WhatsApp and github are owned by them.
> we're moving closer and closer to 8 companies controlling the world.
Which 8? In the control the world domain I see Meta, Google, Amazon, Apple, Microsoft. In terms of Market Cap you would add Tesla, Nvidia and TSMC, but these three aren't any where close to "controlling" the world category.
I would put Disney in there. I picked 8 arbitrarily but those companies have substantial pull in governmental regulations and the state of the web. Probably missing some Chinese companies.
imo corporations have more pull on governments than governments have on businesses at this point as far as long term culture goes.
Had you said these 8 companies controlling the world 5 to 6 years ago I would have partly agreed.
But right now I see so many cracks in their game I am optimistic they wont control world and there will be new competition to challenge them.
The trick will be getting around the regulations that are being set up to protect interests of government and big business at the expense of everybody else. This will only become more difficult as time goes on.
The transitive nature of dependencies makes fund allocation extremely wonky. Say you have Next.js as a dependency in your package.json file? How many dependencies does Next.js itself have? What portion of your funds go to Next.js versus all the transitive dependencies of Next.js?
GitHub cannot see enterprise repos. Those are purposely kept on-prem.
How about GitHub stops using GPL'd code to train models? The authors weren't asking for payment, they were just asking not to reuse their code without GPL.
That would be fun. Could over time round roughly to charging everyone to fund the use of GitHub Copilot to work on open source.
GitHub should be gradually substituted by some other providers, decentralized.
Tech guy reinvents half-assed taxes. More at 11.
Government grants can be used to cover infrastructural open source. Not every open source wants money, so this scheme has ro be opt-in. Further, entitled "paying" users[1] will make things much worse for small projects. "I paid for this package, so you need to fix this show-stopper bug before we ship on Friday"
Having a passion project is great, having it gain traction is even better, but that is not sufficient to make it a job / company. The utility of open source projects range from "I could implement the bits I use in under an hour" to "It would take 100-person team years".
Every day, millions go to work because they have to eat. Every day, thousands (?) go to their computers in their free time and make OSS software. Not because they have to eat but because [?]. Then they or others complain that people take their work that they do for free under no duress for free.
Maybe economists could do what is ostensibly their job and try to prevent the “tetris game of software depending on the OSS maintained by one guy in Nebraska...” situation. In the meanwhile people who do things under no duress for free could stop doing it.
(Not that OSS is all hobby activities. There are many who are paid to do it. But these appeals only talk about the former.)
If you pay for it to gain the access, then it is not open source. In open source, everyone can access it and contribute (in theory).
The sense of entitlement is strong in these comments. If you haven’t built or maintained OSS I’m wondering why your opinion matters [edit: that's harshly worded I could have been more nuanced, hopefully the point is taken and it is a question]. There’s also the take that “this is fine” vs considering that the state of OSS things could be a LOT better with higher quality and more choices if we fed the beast properly.
I don't see any entitlement at all, in fact it's the opposite.
The article: "I expect open source maintainers to maintain their codebases and add new features. I have unilaterally decided that $1/package is a suitable amount, universally applicable to all packages and maintainers." <--- this is entitlement
The comments here: "Open source maintainers don't owe you shit."
Interesting. I do not agree with your summary of his post, in fact he goes so far as to say "an idea, really. Incredibly half-baked. Poke all the holes you want. It’s very unwrought and muy unripe."
So yes, we can laugh at the proposed mechanism but I feel the world would be a better place if we could funnel more resources to OSS creators rather than just take because that's an easier path.
No. I would get rid of "should" to "could" but it actually would warp the open source world once money is involved. People would start optimizing what they do to try and get a slice of the pie.
This transformation of open-source into rent-seeking behaviour is quite distasteful to me. If you don't want to share your stuff without taxing everyone, then don't share it. Other licenses exist. You don't have to use MIT or the GPL.
Meta has even demonstrated an alternative with the Llama 4 License which has exclusion criteria:
> 2. Additional Commercial Terms. If, on the Llama 4 version release date, the monthly active users of the products or services made available by or for Licensee, or Licensee’s affiliates, is greater than 700 million monthly active users in the preceding calendar month, you must request a license from Meta, which Meta may grant to you in its sole discretion, and you are not authorized to exercise any of the rights under this Agreement unless or until Meta otherwise expressly grants you such rights.
Go put such terms in your licenses.
This is particularly rampant in the Rust community and if I'm being honest this forced tithing church nonsense from people who want to be priests makes participating in that community less desirable. I don't even want to donate to the RSF as a result.
All the other projects I've donated to in the past have been much more reasonable. This kind of pushy nonsense is unacceptable.
One thing I thought that got me interested about Brave was this part of their business modell. It had the potential to support this type of economy almost without any attrition. It was not that different from flattr, with the difference that people would be able to contribute just by accepting the notification ads and passing along their earnings.
Unfortunately, the crypto angle made sure that mostly degens and speculators got into it. Perhaps if stabletokens were more established by the time they started, it would be easier to market it.
(I am not going to get into yet-another discussion about Brave as a company. I will flag any attempt at derailing the conversation.)
>It is crazy, absolutely crazy to depend on open source to be free (as beer).
Why? It's not crazy at all. It's the status quo with no sign of things changing. It is both possible right now and likely continue. Its not crazy.
If it's not worth maintaining people will stop. If people need it they will develop it. The current incentive structure has produced lots of open source code that is being maintained.
>It is not okay - it is not okay to consider that this labor fell from the sky and is a gift, and that the people/person behind are just doing it for their own enjoyments.
It is if there is no cost. You can always charge for it. But you can't make it free then pretend its not.
Static rules will be gamed.
It's easy to predict what sort of incentives this would produce, and how bad they would be. Fewer users and way more spammy projects to say the least.
GH could easily end up having to spend more than it collected in fighting abuse.
> every mention in a package.json or requirements.txt
OK, what about those of us who aren't writing libraries?
As a personal anecdote, the amount of opportunities that have been opened up to me as a result of my open source project are worth way more than any $1 per mention or user.
$1 USD is ~90 Indian Rupees, 1450 Argentinian Peso or over 1 million Iranian Rial [1]. In some places, $1 USD could be a week's work. On the collection side, you could be seriously over-charging people. On the distribution side, you could be seriously overpaying people for their work - and encourage scams, etc.
> GitHub should charge every org $1 more per user per month and direct it into an Open Source fund, held in escrow.
Sure. It'll be some charity, then somebody gets paid $200k+ per year to distribute what remains after they've taken the majority, all whilst avoiding most taxes. To receive the money the person has to ID themselves, financial background checks need to be done, a minimum amount needs to be reached before a payment is made, and then after passing through multiple wanting hands, they end up with a fraction.
> Those funds would then be distributed by usage - every mention in a package.json or requirements.txt gets you a piece of the pie.
What even is "usage"? How many times it appears in a number of repos? How many users there are of the project? Is the usefulness and value of a project limited to the number of people that directly use it?
> Or don’t! Let’s not do anything! People’s code and efforts - fueling incredibly critical bits of infrastructure all around the world - should just be up for grabs. Haha! Suckers!
> Anyway, you all smarter than me people can figure it out. I just cannot accept that what we have is “GOOD”. xx
It's entirely possible you can make things worse by avoiding doing nothing. Sometimes in life you have to pick the lesser of evils.
[1] https://www.x-rates.com/table/?from=USD&amount=1
Many open source projects are created by engineers being paid to solve a problem their employer has, and they just happen to release it freely.
I don't think Google needs a dollar every time I write a script in golang or run a container in kubernetes, and I would put a lot less trust in Envoy if I thought Lyft was building it profit and not because they needed to.
Considering that Github already has indirectly done a biggest theft in the tech history, I'd say: no way.
Instead of a dollar from github users, I think it should just be a hefty tax on big tech companies that have valuations of over a billion. The nature of software and tech means that there are massive monopolies where winner takes all. We should just accept that and leverage it.
OSS works partially because a lot of stuff is free as in beer. I rely on probably many thousands of OSS projects directly or indirectly on a daily basis. So does everyone else.
The problem for some people is that they want to get paid for their work and just aren't; or not enough. I won't judge that. Writing software is hard work. Whether you donate your time and how much of your time is a personal choice to make. But of course a lot of OSS gets paid for indirectly via companies paying people to work on them (most long lived projects have paid contributors like that) or in a few cases because the companies behind these projects have some business model that actually works. Some people donate money to things they like. And some projects are parked under foundations that accept donations. That's all fine. But there are also an enormous amount of projects out there and most of them will never receive a dollar for any of it. OSS wouldn't work without this long tail of unpaid contributors.
I have a few OSS projects of my own. I don't accept donations for them. I don't get paid for them. I have my own reasons for creating these projects; but money isn't one of those. And people are welcome to use them. That's why these projects are open source.
MS and Github make loads of money. There's a reason they give the freemium version away for free: it funnels enough people into the non free version that it is worth it to them. Charging money to everyone might actually break that for them. I happily use their freemium stuff. I did pay for it a long time ago when private projects weren't part of the freemium layer. Anyway their reasons/motivations are theirs. I'm sure it all makes sense for them and their share holders.
If people feel guilty about not donating to each of the thousands of projects they rely on (or any, because why cherry pick?), you can pay back in a different way and try to contribute once in a while. Just pay it forward. Yes you somebody put a lot of work in the stuff that you use. And you put some work in stuff that others get to use. If enough people keep on doing that (and the success of OSS hints that they do), OSS will be here to stay.
> OSS will be here to stay
OSS literally runs the modern infrastructure... https://www.fordfoundation.org/learning/library/research-rep...
Tax large companies properly then you don't have to tax the public for things like this.
This is a terrible idea in my opinion and it's been tried/is being tried by services like thanks.dev. Yes, we need something here but this is not it. The reality is more complex.
It doesn't work well in practice. Because then people like https://github.com/sindresorhus?tab=repositories&type=source would get a shit ton of money because of the pure number of dependencies. And yes our stack also contains his code somewhere in a debug UI but our main product is entirely written in a different programming language with way fewer dependencies but if one of them goes away we'd be in trouble. In other words: Dependency count is not a good metric for this.
GitHub actually offers something in that direction: https://github.com/sponsors/explore
My "idea": Lots of companies will have to create SBOMs anyway. Take all of those but also scan your machines and take all the open source software running on there (your package.lock does not contain VLC etc.) and throw it in a big company wide BOM, then somehow prioritise those using algorithms, data and just manual voting and then upload that to some distributor who then distributes this to all the relevant organisations and people and then (crucially) sends me (as a company) an invoice.
We've tried doing the right thing but sponsoring is hard - it works differently for every project/foundation and the administrative overhead is huge.
The reality is that "we" as an open-source community suck at taking money and I believe this is partially on us.
> The reality is that "we" as an open-source community suck at taking money and I believe this is partially on us.
More broadly people suck at giving money for things they can get for free. That’s just the reality of how most people out there behave.
The only “solution” is to educate people but that is completely unfeasible.
How much was left-pad worth? Lots of people used it because it's free, not because it's valuable.
npm funds is that to a certain extent -> https://docs.npmjs.com/cli/v11/commands/npm-fund
This... exists? Did they even search for it? https://github.com/open-source/sponsors
Yes, it's a step in the right direction.
However it is opt-in aka "Launch a page in minutes and showcase Sponsors buttons on your GitHub profile and repositories". That's effort & friction and only simplifies the "begging" aspect that I am (strongly) reacting to.
https://docs.npmjs.com/cli/v11/commands/npm-fund will also "list all dependencies that are looking for funding in a tree structure"
I want the step (or 5 steps) after that. Charge first, then distribute.
> Those funds would then be distributed by usage - every mention in a package.json or requirements.txt gets you a piece of the pie.
Could have worked before LLMs.
Also, funding by popularity would mean alternatives would have a harder time to emerge and get the funding they need to compete against the established popular projects.
Being an Open Source project doesn't mean that it provides the best solution to the problem it's supposed to solve. Diversity is important.
I do like this idea, as it seems easy to implement. Github can just increase its prices by $1/month/orguser and that fund could end up with like, i think, 6 million per month. Thats a sizeable amount of money and could help in making open source more sustainable & attractive.
If you make every single person go through Github's miserable auth process just to do git pull, they are going to leave
>it is not okay to consider that this labor fell from the sky and is a gift, and that the people/person behind are just doing it for their own enjoyments
Goodbye 90% of open source software I guess then
Great. That would mean that 98% of the github users would leave it.
He said only for org users. Orgs are already paying github, 4-20$ per month per user.
The post is about users who have paid plans
...With absolutely nothing expected in return. This is for work completed, not for leverage on future work
Taxes, that's called taxes.
I'd support this if only to end the nightmare that is the JS ecosystem
should be the transitive dependencies, not just top-level (so the lock file or equiv) or you just reward the "barely wrap it and give it a new name" js crowd even more.
let everything be gratis and if you need something fixed, and engineer you hired to work for you in your org can fork or send in a patch. there, I solved it
BRB donating to Forgejo.
This is suggesting Microsoft should take more power to itself, and disguise it as "community support"
Schemes like this have a way of getting captured.
You mean Microsoft?
the problem with any approach like this based on usage metrics is that it will be abused to death
<humour> sounds like socialism amirite?</humour>
In principle it sounds like a grand idea, although there are a bunch of corner cases like how it works cross country borders, and de-anonymising maintainers.
If it was opt in for opensource projects, and there are strong guards against people forking/hard takover-ing then yes, it seems like a good idea in principle.
I will leave the AI enthusiasts to chime in about the future, and how we don't need OS anymore.
no.
$5 a month per dependency, OK let's go! Hold up I've just reorganized my packages into sqlalchemy-base, sqlalchemy-core-sql, sqlalchemy-orm, sqlalchemy-oh-you-want-deletes-also, sqlalchemy-fewer-bugs, and about eight more
the payment isn't the problem so much as the payment processing. They wouldn't support crypto, even if they did, getting crypto without KYC hassle is a PITA, not worth it for paying one company $1. Not associating your real identity with a github repo is very important to most github users.
Payment could solve lots of problems, but there is no real and meaningful cash-equivalent payment system or method. This isn't a tech problem either, governments allow cash payments, but if it is digital, they won't allow any means that preserves privacy. Money laundering is their concern. You can't solve this without laws changing. Even if I don't mind buying crypto with a credit card, I still have to go through proving my identity with my id card, as if my credit-card company didn't do that already.
payment is a huge barrier to commerce these days, people think LLMs will change the world, but payment tech/laws will have a bigger effect in my opinion.
Let's say HN mods go a little crazy one day and want to let us tip each other for good posts and comments, imagine if all they had to do is add an html tag in the right place and that's it. All we had to do is click a button and it just works, and there is no exposure of private information by any involved party, and you could fund that payment by buying something (a card?) at a convenience store in person, just as easily as you could with a crypto payment, moneygram or wire transfer.
I __want__ to pay so many news sites, blogs,etc... I don't mind tipping a few bucks to some guy who wrote a good blog, or who put together a decent project on github that saved me lots of time and work.
It isn't merely the change in economics or people getting a buck here and there, but the explosion in economic activity you have to look at. The generation of wealth, not the mere zero-sum transferring of currency. This is the type of stuff that changes society drastically, like freeways being invented, women being able to ride bicycles, airplanes allowing fast transport, telegrams allowing instant messaging,etc..
Everyone being able to easily pay anyone at all, including funding private as well as commercial projects would be more disruptive than democracy itself, if I could dare make that claim. There is freedom of movement, there is freedom of communication and last there is freedom of trade. these are the ultimate barriers to human progress. Imagine if everyone from texas to beijing could fund research and projects, trade stocks in companies (all companies in the world). You won't need governments to fund climate change work, I think eventually taxation itself will have to suffer, because people would be able to direct exactly where their funds went. Not just what department in the government gets a budget, but exactly what projects they spend it on. being able to not just talk or meet each other instantly (and even those have a long way to go) but to also collectively or as individuals found each other, governments and companies, that'd be the biggest thing that could happen this century.
This could be done, but again, we don't need better tech as much as we need a change in attitude. For people to actually believe this would result in a better world for them.
I disagree, due to github copilot and other AI crap Microsoft is adding to GitHub, they should pay us 5 USD per month.
Did you read the article? Though I can agree the title is bait.
Yes I read it, but still, charging me $1 so M/S can spy on what I do and make money off of it by selling my work to large corporations is wrong.
But if they really wanted to do what the article says, create a project and people can donate what the want. For example, if M/S sends me $5 per month, I can redirect it to various open source projects instead.
When I was on GH, I did donate a little per month to 2 projects, it was a nice way to do that. But I moved off because I do not want to give M/S more personal information (like my Cell #), so I send a few $ to them using other means.
love this idea on so many levels. Of course, then the fight moves to how allocation happens, and how to avoid people further gaming things like repo stars, forks, PRs, voting, dependencies, etc.
in particular, there's repos with extremely high activity where funding doesn't help anyone and repos with low activity where funding ensures continuity for key components we all depend on but which are under-funded for various reasons.
obligatory XKCD: https://xkcd.com/2347/
> it is not okay to consider that this labor fell from the sky and is a gift, and that the people/person behind are just doing it for their own enjoyments.
Is that not what most of open source is? Things people make for themselves because they either found it fun or solved their own problem, then published it for others to use for free. Most projects are not worth the bureaucratic tax related headaches the income from them would bring (maybe that's just my EU showing).
What's not okay is demanding new features or to fix something urgently. That's paid territory.
Honestly this post is such a shit take it's borderline intentional ragebait.
You do not want to add profit incentives like this to FOSS.
Profit incentives like the one suggested is what brought us enshitification.
And the code is a free gift, unless the licence says otherwise. What's wrong with letting developers choose what to bill for?
You are absolutely right