should be the transitive dependencies, not just top-level (so the lock file or equiv) or you just reward the "barely wrap it and give it a new name" js crowd even more.
I paid 1 buck for WhatsApp back in the day. Better business model than what meta did with it. But we're moving closer and closer to 8 companies controlling the world. Both WhatsApp and github are owned by them.
The first order effect of this would be great, but the following onslaught of schlinkert spam would be devastating- its bad enough now with people making garbage dependencies and sneaking them in everywhere just for clout
I do like this idea, as it seems easy to implement. Github can just increase its prices by $1/month/orguser and that fund could end up with like, i think, 6 million per month. Thats a sizeable amount of money and could help in making open source more sustainable & attractive.
>it is not okay to consider that this labor fell from the sky and is a gift, and that the people/person behind are just doing it for their own enjoyments
Yes it absolutely is. That is the exact social contract people 100% willingly enter by releasing something as Free and Open Source. They do give it as a gift, in exchange for maybe the tiny bit of niche recognition that comes with it, and often times out of simple generosity. Is that really so incredible?
A natural solution for this kind of problem would be either a private or public grants program. Critical infrastructure built by random uncompensated people... ideally there would be some process for evaluating what is critical and compensating that person for continued maintenance.
> it is not okay to consider that this labor fell from the sky and is a gift, and that the people/person behind are just doing it for their own enjoyments.
I am. I enjoy making things, and it's even better when others enjoy them. Just because you have expectations that you should be compensated for everything line of code you write; doesn't make it ubiquitous, nor should your expectations be considered the default.
I'd argue If you're creating and releasing open source with the expectations of compensation, you're doing it wrong. Equally, if you expect someone creating open source owes you anything, you're also part of the problem, (and part of why people feel they deserve compensation for something that used to be considered a gift).
All that said, you should take care of your people, if you can help others; especially when you depend on them. I think you should try. Or rather, I hope you would.
Urgent issue for whom? If there is some org relying on something you maintain voluntarily, in your free time, that seems like a "Poor planning on your part does not constitute an emergency on mine"-type situation to me.
At the risk of sounding like a poor man's John Galt: If you wouldn't like to get out of bed at 5am to work without getting compensated, then you should just not do that.
> I'd argue If you're creating and releasing open source with the expectations of compensation, you're doing it wrong.
I think this is a little unfair, given that many (especially younger maintainers) get into it for portfolio reasons where they otherwise might struggle to get a job but stick around because of the enjoyment and interest. It still sucks that so many big orgs rely on these packages and we're potentially experiencing a future when models trained on this code are going to replace jobs in the future.
I think a lack of unionisation is what puts the industry in such a tough spot. We have no big power brokers to enforce the rights of open source developers, unlike the other creative industries that can organise with combined legal action.
thanks grayhatter. well said. been programming for 20+ years never earned a dime from it dont want it. its a silly assumption that everyone's motivation is money. this is very far from the truth.
I was going to comment exactly the same thing, thanks for expressing it so well and here's my upvote. I think part of why I wanted to comment the same, is that for me this IS exactly the reason I make open source! It is my gift for everyone, please use it well.
I do think it would be nice to get paid anything at all, but that wouldn't change at all how I do things/release code. In fact, unless it'd be really no-strings-attached, I'd prefer to keep the current arrangement than being paid a pittance per month and then have extra obligations.
Yes and yes. I make open source software because I fundamentally enjoy the act of learning something new and then applying that knowledge by making something. I publish it for the ego boost only. I am equally likely to be irritated by contributions than to be excited by them. My day job contributions are up for scrutiny but the personal projects I publish on github are my island, my sovereign ground. As exciting as PR interest is, sometimes I don’t really want someone to paint over my painting. It’s mine after all. I obviously don’t speak for all open source contributors but I don’t want compensation. If someone wants to fork my work and turn it into a community then they are free to do so as a result of my licensing choice. If the first few contributions I receive are pleasant and someone takes over then that is great too. My point is that not all creators are aggregators. Leave us alone and stop complaining. We gave it away for free after all.
People really want to have a business with none of the work of running a business. They want to make something useful, then have people just pay them for it without any of the things that go into operating a business. In a perfect world value would directly correlate to income, but it isn't even close to being the case, there's a lot of coercion and control of supply that goes into owning a business.
>it is not okay to consider that this labor fell from the sky and is a gift, and that the people/person behind are just doing it for their own enjoyments
> Those funds would then be distributed by usage - every mention in a package.json or requirements.txt gets you a piece of the pie.
Usage is not a good proxy for value or ongoing effort. I have a npm package with tens of millions of weekly downloads. It's only a few lines long and it's basically done - no maintenance required.
I'm skeptical that there exists an algorithmic way to distribute funds that's both efficient and resistant to gaming.
In principle it sounds like a grand idea, although there are a bunch of corner cases like how it works cross country borders, and de-anonymising maintainers.
If it was opt in for opensource projects, and there are strong guards against people forking/hard takover-ing then yes, it seems like a good idea in principle.
I will leave the AI enthusiasts to chime in about the future, and how we don't need OS anymore.
Instead of a dollar from github users, I think it should just be a hefty tax on big tech companies that have valuations of over a billion. The nature of software and tech means that there are massive monopolies where winner takes all. We should just accept that and leverage it.
>It is crazy, absolutely crazy to depend on open source to be free (as beer).
Why? It's not crazy at all. It's the status quo with no sign of things changing. It is both possible right now and likely continue. Its not crazy.
If it's not worth maintaining people will stop. If people need it they will develop it. The current incentive structure has produced lots of open source code that is being maintained.
>It is not okay - it is not okay to consider that this labor fell from the sky and is a gift, and that the people/person behind are just doing it for their own enjoyments.
It is if there is no cost. You can always charge for it. But you can't make it free then pretend its not.
> Those funds would then be distributed by usage - every mention in a package.json or requirements.txt gets you a piece of the pie.
Could have worked before LLMs.
Also, funding by popularity would mean alternatives would have a harder time to emerge and get the funding they need to compete against the established popular projects.
Being an Open Source project doesn't mean that it provides the best solution to the problem it's supposed to solve.
Diversity is important.
This is a terrible idea in my opinion and it's been tried/is being tried by services like thanks.dev. Yes, we need something here but this is not it. The reality is more complex.
It doesn't work well in practice. Because then people like https://github.com/sindresorhus?tab=repositories&type=source would get a shit ton of money because of the pure number of dependencies. And yes our stack also contains his code somewhere in a debug UI but our main product is entirely written in a different programming language with way fewer dependencies but if one of them goes away we'd be in trouble. In other words: Dependency count is not a good metric for this.
My "idea":
Lots of companies will have to create SBOMs anyway. Take all of those but also scan your machines and take all the open source software running on there (your package.lock does not contain VLC etc.) and throw it in a big company wide BOM, then somehow prioritise those using algorithms, data and just manual voting and then upload that to some distributor who then distributes this to all the relevant organisations and people and then (crucially) sends me (as a company) an invoice.
We've tried doing the right thing but sponsoring is hard - it works differently for every project/foundation and the administrative overhead is huge.
The reality is that "we" as an open-source community suck at taking money and I believe this is partially on us.
One thing I thought that got me interested about Brave was this part of their business modell. It had the potential to support this type of economy almost without any attrition. It was not that different from flattr, with the difference that people would be able to contribute just by accepting the notification ads and passing along their earnings.
Unfortunately, the crypto angle made sure that mostly degens and speculators got into it. Perhaps if stabletokens were more established by the time they started, it would be easier to market it.
(I am not going to get into yet-another discussion about Brave as a company. I will flag any attempt at derailing the conversation.)
If this actually happens, get ready for an avalanche of AI-generated garbage code that exists for the sole purpose of boosting a scammer's metrics, so they can maximize their slice of the pie with the minimum amount of effort. Spotify is dealing with this same issue around AI-generated music [1].
Many open source projects are created by engineers being paid to solve a problem their employer has, and they just happen to release it freely.
I don't think Google needs a dollar every time I write a script in golang or run a container in kubernetes, and I would put a lot less trust in Envoy if I thought Lyft was building it profit and not because they needed to.
OSS works partially because a lot of stuff is free as in beer. I rely on probably many thousands of OSS projects directly or indirectly on a daily basis. So does everyone else.
The problem for some people is that they want to get paid for their work and just aren't; or not enough. I won't judge that. Writing software is hard work. Whether you donate your time and how much of your time is a personal choice to make. But of course a lot of OSS gets paid for indirectly via companies paying people to work on them (most long lived projects have paid contributors like that) or in a few cases because the companies behind these projects have some business model that actually works. Some people donate money to things they like. And some projects are parked under foundations that accept donations. That's all fine. But there are also an enormous amount of projects out there and most of them will never receive a dollar for any of it. OSS wouldn't work without this long tail of unpaid contributors.
I have a few OSS projects of my own. I don't accept donations for them. I don't get paid for them. I have my own reasons for creating these projects; but money isn't one of those. And people are welcome to use them. That's why these projects are open source.
MS and Github make loads of money. There's a reason they give the freemium version away for free: it funnels enough people into the non free version that it is worth it to them. Charging money to everyone might actually break that for them. I happily use their freemium stuff. I did pay for it a long time ago when private projects weren't part of the freemium layer. Anyway their reasons/motivations are theirs. I'm sure it all makes sense for them and their share holders.
If people feel guilty about not donating to each of the thousands of projects they rely on (or any, because why cherry pick?), you can pay back in a different way and try to contribute once in a while. Just pay it forward. Yes you somebody put a lot of work in the stuff that you use. And you put some work in stuff that others get to use. If enough people keep on doing that (and the success of OSS hints that they do), OSS will be here to stay.
142 comments
[ 4.9 ms ] story [ 110 ms ] threadYes it absolutely is. That is the exact social contract people 100% willingly enter by releasing something as Free and Open Source. They do give it as a gift, in exchange for maybe the tiny bit of niche recognition that comes with it, and often times out of simple generosity. Is that really so incredible?
I am. I enjoy making things, and it's even better when others enjoy them. Just because you have expectations that you should be compensated for everything line of code you write; doesn't make it ubiquitous, nor should your expectations be considered the default.
I'd argue If you're creating and releasing open source with the expectations of compensation, you're doing it wrong. Equally, if you expect someone creating open source owes you anything, you're also part of the problem, (and part of why people feel they deserve compensation for something that used to be considered a gift).
All that said, you should take care of your people, if you can help others; especially when you depend on them. I think you should try. Or rather, I hope you would.
In general, people's time is not free if only because they have rent/mortgage, food, transportation, medical bills, education, etc.
Urgent issue for whom? If there is some org relying on something you maintain voluntarily, in your free time, that seems like a "Poor planning on your part does not constitute an emergency on mine"-type situation to me.
At the risk of sounding like a poor man's John Galt: If you wouldn't like to get out of bed at 5am to work without getting compensated, then you should just not do that.
I think this is a little unfair, given that many (especially younger maintainers) get into it for portfolio reasons where they otherwise might struggle to get a job but stick around because of the enjoyment and interest. It still sucks that so many big orgs rely on these packages and we're potentially experiencing a future when models trained on this code are going to replace jobs in the future.
I think a lack of unionisation is what puts the industry in such a tough spot. We have no big power brokers to enforce the rights of open source developers, unlike the other creative industries that can organise with combined legal action.
I do think it would be nice to get paid anything at all, but that wouldn't change at all how I do things/release code. In fact, unless it'd be really no-strings-attached, I'd prefer to keep the current arrangement than being paid a pittance per month and then have extra obligations.
Profit incentives like the one suggested is what brought us enshitification.
And the code is a free gift, unless the licence says otherwise. What's wrong with letting developers choose what to bill for?
It's easy to predict what sort of incentives this would produce, and how bad they would be. Fewer users and way more spammy projects to say the least.
GH could easily end up having to spend more than it collected in fighting abuse.
Goodbye 90% of open source software I guess then
Usage is not a good proxy for value or ongoing effort. I have a npm package with tens of millions of weekly downloads. It's only a few lines long and it's basically done - no maintenance required.
I'm skeptical that there exists an algorithmic way to distribute funds that's both efficient and resistant to gaming.
In principle it sounds like a grand idea, although there are a bunch of corner cases like how it works cross country borders, and de-anonymising maintainers.
If it was opt in for opensource projects, and there are strong guards against people forking/hard takover-ing then yes, it seems like a good idea in principle.
I will leave the AI enthusiasts to chime in about the future, and how we don't need OS anymore.
Why? It's not crazy at all. It's the status quo with no sign of things changing. It is both possible right now and likely continue. Its not crazy.
If it's not worth maintaining people will stop. If people need it they will develop it. The current incentive structure has produced lots of open source code that is being maintained.
>It is not okay - it is not okay to consider that this labor fell from the sky and is a gift, and that the people/person behind are just doing it for their own enjoyments.
It is if there is no cost. You can always charge for it. But you can't make it free then pretend its not.
Could have worked before LLMs.
Also, funding by popularity would mean alternatives would have a harder time to emerge and get the funding they need to compete against the established popular projects.
Being an Open Source project doesn't mean that it provides the best solution to the problem it's supposed to solve. Diversity is important.
It doesn't work well in practice. Because then people like https://github.com/sindresorhus?tab=repositories&type=source would get a shit ton of money because of the pure number of dependencies. And yes our stack also contains his code somewhere in a debug UI but our main product is entirely written in a different programming language with way fewer dependencies but if one of them goes away we'd be in trouble. In other words: Dependency count is not a good metric for this.
GitHub actually offers something in that direction: https://github.com/sponsors/explore
My "idea": Lots of companies will have to create SBOMs anyway. Take all of those but also scan your machines and take all the open source software running on there (your package.lock does not contain VLC etc.) and throw it in a big company wide BOM, then somehow prioritise those using algorithms, data and just manual voting and then upload that to some distributor who then distributes this to all the relevant organisations and people and then (crucially) sends me (as a company) an invoice.
We've tried doing the right thing but sponsoring is hard - it works differently for every project/foundation and the administrative overhead is huge.
The reality is that "we" as an open-source community suck at taking money and I believe this is partially on us.
More broadly people suck at giving money for things they can get for free. That’s just the reality of how most people out there behave.
The only “solution” is to educate people but that is completely unfeasible.
Unfortunately, the crypto angle made sure that mostly degens and speculators got into it. Perhaps if stabletokens were more established by the time they started, it would be easier to market it.
(I am not going to get into yet-another discussion about Brave as a company. I will flag any attempt at derailing the conversation.)
1. https://www.forbes.com/sites/lesliekatz/2024/09/08/man-charg...
I don't think Google needs a dollar every time I write a script in golang or run a container in kubernetes, and I would put a lot less trust in Envoy if I thought Lyft was building it profit and not because they needed to.
The problem for some people is that they want to get paid for their work and just aren't; or not enough. I won't judge that. Writing software is hard work. Whether you donate your time and how much of your time is a personal choice to make. But of course a lot of OSS gets paid for indirectly via companies paying people to work on them (most long lived projects have paid contributors like that) or in a few cases because the companies behind these projects have some business model that actually works. Some people donate money to things they like. And some projects are parked under foundations that accept donations. That's all fine. But there are also an enormous amount of projects out there and most of them will never receive a dollar for any of it. OSS wouldn't work without this long tail of unpaid contributors.
I have a few OSS projects of my own. I don't accept donations for them. I don't get paid for them. I have my own reasons for creating these projects; but money isn't one of those. And people are welcome to use them. That's why these projects are open source.
MS and Github make loads of money. There's a reason they give the freemium version away for free: it funnels enough people into the non free version that it is worth it to them. Charging money to everyone might actually break that for them. I happily use their freemium stuff. I did pay for it a long time ago when private projects weren't part of the freemium layer. Anyway their reasons/motivations are theirs. I'm sure it all makes sense for them and their share holders.
If people feel guilty about not donating to each of the thousands of projects they rely on (or any, because why cherry pick?), you can pay back in a different way and try to contribute once in a while. Just pay it forward. Yes you somebody put a lot of work in the stuff that you use. And you put some work in stuff that others get to use. If enough people keep on doing that (and the success of OSS hints that they do), OSS will be here to stay.
OSS literally runs the modern infrastructure... https://www.fordfoundation.org/learning/library/research-rep...