惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

W
WeLiveSecurity
博客园 - 【当耐特】
Microsoft Azure Blog
Microsoft Azure Blog
WordPress大学
WordPress大学
Stack Overflow Blog
Stack Overflow Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
IT之家
IT之家
Cloudbric
Cloudbric
The Register - Security
The Register - Security
小众软件
小众软件
PCI Perspectives
PCI Perspectives
G
Google Developers Blog
AI
AI
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Google DeepMind News
Google DeepMind News
Google DeepMind News
Google DeepMind News
宝玉的分享
宝玉的分享
Recent Commits to openclaw:main
Recent Commits to openclaw:main
量子位
TaoSecurity Blog
TaoSecurity Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
F
Full Disclosure
N
Netflix TechBlog - Medium
博客园_首页
Last Week in AI
Last Week in AI
A
Arctic Wolf
B
Blog RSS Feed
J
Java Code Geeks
C
Cybersecurity and Infrastructure Security Agency CISA
I
InfoQ
aimingoo的专栏
aimingoo的专栏
云风的 BLOG
云风的 BLOG
NISL@THU
NISL@THU
MyScale Blog
MyScale Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Jina AI
Jina AI
有赞技术团队
有赞技术团队
S
Schneier on Security
L
Lohrmann on Cybersecurity
P
Privacy & Cybersecurity Law Blog
T
Threat Research - Cisco Blogs
P
Palo Alto Networks Blog
S
Security @ Cisco Blogs
Security Archives - TechRepublic
Security Archives - TechRepublic
Security Latest
Security Latest
Vercel News
Vercel News
博客园 - 司徒正美
Webroot Blog
Webroot Blog
Hacker News: Ask HN
Hacker News: Ask HN
A
About on SuperTechFans

The Register - Software: OSes

Fedora: Microsoft is all aboard, but Deepin is dumped Microsoft promises to do better, but it has a long way to go First big Microsoft update after vow to 'win back fans' Who needs ghost train scares when Windows is such a fright? Microsoft boss tells investors the company is working to 'win back fans' Microsoft boss says company is working to 'win back fans' Linux cryptographic code flaw offers fast route to root Fedora 44 is out – countless versions of it Microsoft sets its sights on the past with 86-DOS and PC-DOS Microsoft updates the Windows Update Experience Windows second-chance setup hurts IT, productivity Ubuntu Resolute Raccoon drops Xorg, keeps X11 apps alive More ancient Linux device support facing the ax WSL9x hacks Linux into ancient Windows 9x systems UK tribunal sends £2B claim accusing Microsoft of overcharging for licensing to trial Zorin OS 18.1 released - and the Lite edition reappears Task Manager's CPU%: an obituary for the recent past Linux 7.1 will have an optional new NTFS driver Microsoft releases Windows Server update to fix April update 20-year-old Enlightenment E16 bug finally gets patched 20-year-old Enlightenment E16 bug finally gets patched Raspberry Pi OS ends open-door policy for sudo Firefox Nightly adds Web Serial after years of saying no Windows Update: Torture chamber for seldom-used PCs Windows Update: Torture chamber for seldom-used PCs Notepad loses Copilot icon as Microsoft gives subtlety a try Notepad loses Copilot icon as Microsoft gives subtlety a try Microsoft attempts to untangle Windows Insider program Adobe finally patches PDF pest after months of abuse NHS pays £46K to prep next Microsoft licensing round Linux 7.0 debuts as Linus Torvalds ponders AI's impact Linux 7.0 debuts as Linus Torvalds ponders AI's impact Red Hat RHELocates its Chinese engineering team to India Showing the Windows 10 desktop was the yeast they could do Apple's chips are winners, but Windows fails help it most The end of Linux i486 support looks nigh The end of Linux i486 support looks nigh Windows asks a networking question on a Stratford billboard Some 'broken by update' PCs were already doomed SystemRescue 13 lands with Linux 6.18 and bcachefs support Memo: Red Hat Global Engineering plans to lean in to AI Microsoft plans another out-of-band Windows fix Ubuntu beta arrives with GNOME 50, sans Google Drive support Ubuntu beta arrives with GNOME 50, sans Google Drive support Microsoft pulls Windows update after installation problems Microsoft pulls Windows update after installation problems Microsoft cracks down on old Windows kernel drivers Microsoft cracks down on old Windows kernel drivers Linux kernel czar says AI bug reports aren't slop anymore How Windows 95 fought off badly behaved installers Age checks creep into Linux as systemd gets a DOB field Systemd-free antiX 26: Debian 13, in bonsai form Systemd-free antiX 26: Debian 13, in bonsai form Windows boss promises to heal the operating system's wounds Windows boss promises to heal the operating system's wounds Smart TVs and voice assistants are the next gatekeepers Microsoft releases emergency fix for account internet error Microsoft releases emergency fix for account internet error Microsoft: Removing some Copilots will improve Windows 11 WSL, WINE updates speed cross-OS app performance MS update kills Microsoft account sign-ins in Windows 11 GNOME 50 debuts with X11 axed, Wayland front and center Microsoft publishes a workaround for Samsung's C:\ drive woes Systemd 260 kills SysV, tells AI not to misbehave Out-of-band getting out of hand as Microsoft pushes hotpatch for Bluetooth Microsoft pushes out-of-band hotpatch for Bluetooth Big moves in Linux filesystems as new bcachefs lands and KDE adds support for Apple's APFS Age verification isn't sage verification when it's inside operating systems Age verification isn't sage verification inside OSes Microsoft points at Samsung after Galaxy app bug locks users out of C:\ RAM is getting expensive, so squeeze the most from it Nanny state vs. Linux: show us your ID, kid Smart mirror shows dumb Windows in elevator Microsoft adding Xbox mode to Windows 11 – even the Professional edition DR-DOS rises again – rebuilt from scratch, not open source Hotpatching goes default in Windows Autopatch whether you like it or not Hotpatching goes default in Windows Autopatch Linux PC vendor System76 tries to talk Colorado down over OS age checks System76 tries to talk Colorado down over OS age checks US state laws push age checks into the operating system Microsoft finally gets around to fixing Windows 10 Recovery Environment after breaking it in October BunsenLabs Carbon keeps the CrunchBang flame alive with Debian 13 Bootleg Windows, Office scheme crashes, triggers 22-month lockup for Florida woman
Open source isn't a tip jar – it's time to charge for access
Steven J. Vaughan-Nichols · 2026-03-25 · via The Register - Software: OSes

OPINION Time and again, I see people begging for companies with deep pockets to fund open source projects. I mean, after all, they've made billions from this code. You'd think they could support the code's creators and maintainers. It would be only fair, right?

Screw fair. Screw asking for dimes. You can't live off one-off charity donations. Trust me, I've been on the boards of several small nonprofits. Dpending on what people put in a tip jar is no way to fund anything of value.

So you'll excuse me if I'm not blown away by the fact that Anthropic, AWS, GitHub, Google, Microsoft, OpenAI, and others – total market cap in the ballpark of $7.7 trillion – have donated $12.5 million in grants to the Linux Foundation, OpenSSF, and Alpha‑Omega. If you make $100,000 a year, that's about 16 cents. Color me unimpressed.

Mind you, many open source developers never see an annual income that large. Indeed, according to a 2024 Tidelift maintainer report, 60 percent of open source maintainers are unpaid, and 60 percent have quit or considered quitting, largely due to burnout and lack of compensation. Oh, and of those getting paid, only 26 percent earn more than $1,000 a year for their work. They'd be better paid asking "Would you like fries with that?" at your local McDonald's.

It's not just the developers who are underpaid and unappreciated. Anyone building modern software depends on language registries such as Maven Central, PyPI, npm, crates.io, and others, which collectively handle on the order of trillions of package downloads a year. Yes, I said "trillions."

Sonatype CTO Brian Fox recently told me that Maven Central, the Java registry, has delivered hundreds of billions of downloads, yet it runs on a shoestring" in terms of funding, staff, and infrastructure.

The load comes overwhelmingly from large users, not hobbyists. Fox's analysis shows that 82 percent of Maven Central demand comes from fewer than 1 percent of IPs, with roughly 80 percent of traffic sourced from the largest cloud providers' infrastructure. Now these companies could easily run their own local mirrors, but they don't. Instead, they hit up public open source registries on every build, test, or scan. All of this drives bandwidth, storage, and operational complexity, which eats up cash like an elephant does peanuts. Open source charity won't pay the bills. Going forward, commercial users can expect to pay to access the code. Sure, the code will still be free, but if you're going to be perpetually downloading terabytes of code and artifacts, you'll need to pay for access.

Another hidden cost is that open source maintainers must deal with a flood of bogus AI slop security reports. Some AI bug reporting is great and helpful. Unfortunately, most of what programmers are seeing is garbage.

OpenSSF reports that only about 5 percent of bug bounty submissions are genuine vulnerabilities. Digging out the good reports from the bad ones is an enormous pain in the rump.

As cURL founder and maintainer Daniel Stenberg says of the situation, maintainers face a "death by a thousand slops." He ultimately shut down cURL's bug bounty program because the flood of low‑quality, AI‑driven submissions was damaging maintainers' "survival and intact mental health."

Despite that, enterprises still blithely assume that "the community" will absorb this workload as part of the deal. According to Synopsys's 2025 Open Source Security and Risk Analysis (OSSRA) report, more than 97 percent of commercial software projects use open source dependencies. You guys owe open source big time.

The OSSRA report also found that 91 percent of audited open source components showed no clear signs of maintenance in the past two years. That isn't just abandonware projects. Widely used programs such as Ingress NGINX are also dying because no one is willing to maintain them without pay.

Imagine not being willing to work without compensation! The nerve of some people! As it happens, many open source developers have been willing to work without a paycheck.

Some organizations do support maintainers, for example, there's HeroDevs and its $20 million Open Source Sustainability Fund. Its mission is to pay maintainers of critical, often end‑of‑life open source components so they can keep shipping patches without burning out. Sentry's Open Source Pledge/Fund has given hundreds of thousands of dollars per year directly to maintainers of the packages Sentry depends on. Sentry is one of the few vendors that systematically maps its dependency tree and then actually cuts checks to the people maintaining that stack, as opposed to just talking about "giving back."

Sentry is on to something. We have the Linux Foundation to manage commercial open source projects, the Apache Foundation to oversee its various open source programs, the Open Source Initiative (OSI) to coordinate open source licenses, and many more for various specific projects. It's time we had an organization with the mission of ensuring that the top programmers and maintainers of valuable open source projects get a cut of the tech billionaire pie.

We must realign how businesses work with open source so that payment is no longer an optional charitable gift but a cost of doing business. To do that, we need an organization to create a viable, supportable path from big business to individual programmer. It's time for someone to step up and make this happen. Businesses, open source software, and maintainers will all be better off for it. ®