But more importantly, tell me more about the scandals, I love good gossip :)
P.S. The article also opens by contrasting open source consumption and contribution. In a certain sense, as the article acknowledges later, I care much much more about government consuming free software, as a neutral platform to avoid lock-in for themselves and the taxpayer, as well as providing an open foundation for integration and letting people use free software if they choose to (and not lock them to iOS and Android, for instance.) That alone is one of the biggest ways they can contribute. The actual code contribution will come naturally if they do that.
I’m not sure I understand what you mean by this?
One could imagine something like RedHat or a quasi-coop Apache Foundation that actually employs high-quality people and pays them to develop code and sells subscription/support.
If it was a primary function and was staffed independently of educational programs, it could work and be a great teaching tool for actual students.
A problem with academia in general is the lack of staff positions. Post docs finish their time then it’s either leave academia or become a professor. There’s few positions for those who want to just do research as a career, rather than pushing for a professorship. This means there isn’t a stable and experienced core of people.
Obviously slanted to certain areas (OSes and languages, rather than say word processors), relevant to research, but still.
It has not historically quite important.
Of course, it would be great to fund experienced people just to do this - and a better use of the money currently subsidising commercial R & D at the moment in many countries.
I think looking at those is much more instructive as to what govt-funded FOSS might be like.
I don't know where you live, but I hope OpenSSL is not developed like the roads I drive on. That's not some grand aspiration.
The article claims that this is not happening:
> Procurement practices often make the problem worse. Contracts are typically awarded to the lowest bidder or to large, well-known IT vendors rather than those with deep Open Source expertise and a track record of contributing back. Companies that help maintain Open Source projects are often undercut by firms that give nothing in return. This creates a race to the bottom that ultimately weakens the Open Source projects governments rely on.
> The European Commission runs more than a hundred Drupal sites, France operates over a thousand Drupal sites, and Australia's government has standardized on Drupal as its national digital platform. Yet despite this widespread use, most of these institutions contribute little back to Drupal's development or maintenance.
but software is just not-a-base thing - it needs cpu's, computers. If you want realy independence do base thing - computer hardware ! Make small hardware that just can run Linux, can display things and use keyboard and mouse... Do eg. Dennmark do this ? Or Bosh ? Or...
Computers just to connect to internet and send some messages via IRC or something... ;)
I believe, once in deep future, an open source developers will grown and stop repeating this sectarian mantra.
No one owes you anything. If you do opensource and you need in money - use your open source as marketing tool to promote services you sell.
It's simple as 2+2, I've mention it in my blog post https://vitonsky.net/blog/2025/06/24/open-source/
I think those who believe a companies will pay to you for a random OSS is just a kids. Ask people who can use a sheets, they explain you why your product will die with this approach.
Currently it sounds you just a kid who want to be paid. Is there anything more except "you all owe to me" in this claim?
Also, please read the HN guidelines [0]
> Be kind. Don't be snarky. Converse curiously; don't cross-examine. Edit out swipes.
You don't know anything about me, including my age, nor my motivations or history.
It is similar to open source... Something has value and is good for society, but society neither has willingness or ways to reward it.
If trash is lying around only getting picked up by generous citizens in their spare time, what that implies is that the city/county have chosen not to invest in maintaining the streets, and the citizens have elected to throw trash everywhere. I don't think we should take either of those conditions as a given. Better things are possible.
The thing to understand about discussions around funding FOSS projects is that it should be clear that society as a whole would benefit immensely from a strategic investment in commons-based software infrastructure.
Currently when new vulnerabilities pop up (i.e. xz-utils compromise, log4j shell), people are quick to blame the maintainers for it. Why shouldn't companies instead be responsible for these vulnerabilities?
Currently, companies treat open source code as someone else's, so they don't bother to audit, maintain it, or fund it. Clearly, this is wrong, and reflected in the oss license, which states that code is solely consumer's responsibility.
Most people like working societies and a huge part of that is reliable infrastructure.
My guess is that real rich people love public funded stuff as it's basically free for them.
This is something like commercial open source
Contribution to existing projects lacks behind, but it's getting better.
GPL & AGPL is effective against that, but companies are afraid of it since it tells "code is a collaborative effort, and you have to share what you did with the code".
Because of this, I share most of the code I write for myself, and strictly use (A)GPLv3 as a license. I don't care what companies do or what riches I possibly ignore. My principles are not for sale.
Being responsible generates no value for the shareholders. Being able to be reckless and ignore everyone while making business is.
Don't get distracted. It's about monies.
I think that this is an accurate description of working relationship. But, the fine print (MIT license) explicitly says that the companies are responsible:
> THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED
Exhibit A: Company X uses library Y by Mr. Z., which is used by another 100 or so companies. Mr. Z. is happy because he's quasi-famous because of all the exposure. A bug has been found in Y by users of Company X, which is not interested in fixing it.
- Users: Hey Company X, this feature provided by libY is broken.
- Company X: This makes us lose money, but it's complicated. Tell Mr. Z.
- Mr. Z: There's no warranty whatsoever.
- Company X: You either fix it, or we spread the word that you're irresponsible and everyone will inevitably migrate to libW.
- Mr. Z: OK. Lemme look at that.
Why? Because nobody tried to understand how GPL works, and companies said MIT or no cookie points anyway.
So, another developer is bought with hope vapor. He gets nothing in the end, while the company is printing money in two ways by not buying an expensive library and selling its capabilities.
Edit: One Daniel Stenberg of curl:// has dropped this: https://mastodon.social/@bagder/115025727082593712
Another (good) write up from LinkedIn: https://www.linkedin.com/posts/troed_how-many-open-source-pr...
- Mr. Z: There's no warranty whatsoever. However, I might fix it for a small consulting fee.
- Company X: You either fix it, or we spread the word that you're irresponsible and everyone will inevitably migrate to libW.
- Mr. Z: Ok, and I'll spread the word that you are a cheapskate.
So there's some more words from the mouth of the people inside this.
So FFmpeg said that they need a contract for that, and they have given a couple thousand dollars as a one-time contribution.
I mean, "a few thousand dollars" for something underpinning Teams, is unacceptable. They probably charge 10x much for a small client for their yearly license.
C'mon now. This is not even satire.
My point is if that FFmpeg, tried to raise more awareness of the issue, say talk to news outlets, they could get much more funding from MSFT.
Furthermore, big companies like Google, Microsoft care a lot about security. So they could raise money for security engineering like fixing memory corruption issues. Of course, FFmpeg could complain Google, Microsft doesn't care about all the high severity vulnerabilities in FFmpeg. That would be much more of an eye catcher.
Z should ignore or publicize the threat, not give in to it.
(If someone tried this approach with software I maintain I would absolutely not fix their problem.)
Open Source software became so common that the tragedy of the commons applies to it. IOW, there'll be always someone who will accept exposure as a valid form of payment either being very rich or being desperate or not caring.
> there'll be always someone who will accept exposure as a valid form of payment either being very rich or being desperate or not caring
Why is this, especially in the cases of being rich or not caring about compensation, a problem? I have done a lot of Open Source work for free, and a lot of Open Source work while paid by companies, and I don't feel like I've been exploited or otherwise mistreated in either case.
On the other hand, I believe requesting somebody's time for free is unethical, esp. if you are a company and wanting something from other parties at a certain quality at a certain time.
Somebody using your code and getting business done with it might not feel exploitative, and it might be true for you, and me. However, if they demand support from you, in X hours, at Y quality, and expecting you to "stop, drop and roll" for them, now that's exploitative. This is what I'm trying to say.
Many young people, who happened to write good code and their good code picked up by corporations are exploited like that. Not all of them know the better or have the gravitas to tell "go fix yourself", and this allows exploitation to continue.
I'm very grateful for people who write this code to enable this massive and wonderful ecosystem. I try to help them by filing high quality bug reports, submitting patches if I can and monetarily support a couple of them. I'm not against open source, but prefer Free Software more, because it's fairer towards the developers and the users. I don't like companies running away with someone's effort and come back and low-key threaten for free work.
Also, again talking about Microsoft, there's the WinGet/AppGet saga, which is ugly in its own right.
Agreed there, but then this is what I think we should be arguing for. Not "companies are wrong to use software without paying" but "companies are wrong to demand work from (and especially to make threats to) volunteers" and "volunteer maintainers should be well supported by the community (and anticipate such) when they decline to extend software".
I mean, the original comment (by me) you replied to is intended to portray a scenario where the company threatens the developer for not fixing a bug which affects the company in short notice, for free.
Or, did I word it wrong?
The bug might have low impact in most cases but doesn't work with how Company X is using libY, so it might not get fixed for a while. If this is hurting them, they can fix it themselves and submit a PR. Or they can work with them to prioritize their bug, which puts them on the other foot. If it's a huge problem that affects half the web, then Mr. Z will be working on it anyway.
If I were Mr. Z, I would know the problems Company X will have replacing libY with libW, and wish them the best of luck if they bring it up. No one's paying me, if they want to use something else, good riddance. Especially if they are threatening me. But I get it, people are different.
The GPL can't solve the FOSS funding situation, its relatively easy to comply with, and still not send any money (nor code) back upstream to maintainers.
Most professional developers aren't that stupid. The problem is students, and the underemployed more broadly, write code to make a name for themselves, which isn't entirely irrational.
Small teams making software to solve problems, and then gradually aiming to hire for end users to be able to code (this is a good way of achieving the "less people, higher salaries" dream)
If we treat it as infra then I fear slightly that we'd end up like the Victorian to modern transition where the idea of public infrastructure being run by the people who built lots of it in the first place is unimaginable i.e. Britain's railways and many roads were built to make money, but we are now (I'd argue) so risk adverse and allergic to prices being allowed to signal anything that we would never actually allow this to happen now.
[0] - https://portswigger.net/daily-swig/vlc-patches-critical-flaw...
20 years ago I gave Dries the domain Drupal.com for free to support open source.
I recently gave the domain MrBeast.org to Beast Philanthropy.
But more important than Open Source is Freedom. I recently acquired the domain antifascist.org to fight the rise of fascism. This will be a website to share information on protecting your loved ones - it will be open source in that everyone can contribute.
I welcome anyone that wants to help - send an email or use the contact form on the website.
I am NOT rich. This money could have a significant impact on my life. But I wanted to help others and so I am showing my commitment to fight for Freedom.
I have run OpenDomain for 25 years and have contributed domains to Open Source worth millions all for Free. I am ending that project to fight the rise of fascism.
I welcome ANY help or criticism - https://Antifascist.org
https://www.england.nhs.uk/digitaltechnology/open-source/
If you're technical and curious, I'm currently porting the UK NHS design system from Nunjucks to more implementations, including vanilla HTML CSS TypeScript, and my personal favorite Svelte Tailwind Daisy UI. Claude Code is churning on it right now.
https://github.com/joelparkerhenderson/public-good-design-sy...
AMA. And we're hiring. Feel free to message me.
React implementation : https://github.com/codegouvfr/react-dsfr
Main website : https://www.systeme-de-design.gouv.fr/version-courante/fr
On the contrary, being open source adds the opportunity to understand what the software does on a deeper level, and you can always fork (Librewolf is one of many examples that comes to mind).
Do you have any examples where large entities taking over open source project having lead to the project's total demise? This sort of thing happens all the time the in the commercial space.
It of course also happens to some extent to open source projects, but usually that results in forks if the demand is high enough. For commercial software, you don't have many options - especially for subscription based licensing, which is pretty much the norm nowadays.
This allows the marketplace to determine which project get supported rather than bureaucratic decree.
However, the underlying infrastructure libraries, will not get any funding from this, even though they have much more users. For example, libxml2, xzutils, http parser ...
You can't build any product off of an infrastructure library, purchasing support doesn't make sense, and there are little bonus features to be made.
One way to remedy this, is to have well funded open source projects take ownership of its dependencies.
Still, most of these genius engineers likely don’t care much about such a small sum. They earn the honor and move on, while the charitable benefits flow to those who can monetize the software.
flowerthoughts•10h ago
chii•9h ago
tgma•9h ago