惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

罗磊的独立博客
T
Tor Project blog
T
The Exploit Database - CXSecurity.com
T
Threat Research - Cisco Blogs
G
GRAHAM CLULEY
AWS News Blog
AWS News Blog
A
Arctic Wolf
D
Darknet – Hacking Tools, Hacker News & Cyber Security
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
WordPress大学
WordPress大学
雷峰网
雷峰网
P
Privacy International News Feed
Hugging Face - Blog
Hugging Face - Blog
S
Schneier on Security
M
MIT News - Artificial intelligence
C
Cybersecurity and Infrastructure Security Agency CISA
宝玉的分享
宝玉的分享
Recorded Future
Recorded Future
P
Proofpoint News Feed
Cisco Talos Blog
Cisco Talos Blog
Recent Announcements
Recent Announcements
博客园 - Franky
云风的 BLOG
云风的 BLOG
A
About on SuperTechFans
酷 壳 – CoolShell
酷 壳 – CoolShell
K
Kaspersky official blog
V2EX - 技术
V2EX - 技术
大猫的无限游戏
大猫的无限游戏
小众软件
小众软件
GbyAI
GbyAI
Application and Cybersecurity Blog
Application and Cybersecurity Blog
V
V2EX
量子位
月光博客
月光博客
V
Visual Studio Blog
Spread Privacy
Spread Privacy
The Cloudflare Blog
T
Troy Hunt's Blog
博客园 - 三生石上(FineUI控件)
N
Netflix TechBlog - Medium
L
LINUX DO - 热门话题
Webroot Blog
Webroot Blog
T
Threatpost
J
Java Code Geeks
N
News and Events Feed by Topic
L
LINUX DO - 最新话题
L
LangChain Blog
Martin Fowler
Martin Fowler
TaoSecurity Blog
TaoSecurity Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint

The Register - Software: OSes

Fedora: Microsoft is all aboard, but Deepin is dumped Microsoft promises to do better, but it has a long way to go First big Microsoft update after vow to 'win back fans' Who needs ghost train scares when Windows is such a fright? Microsoft boss tells investors the company is working to 'win back fans' Microsoft boss says company is working to 'win back fans' Linux cryptographic code flaw offers fast route to root Fedora 44 is out – countless versions of it Microsoft sets its sights on the past with 86-DOS and PC-DOS Microsoft updates the Windows Update Experience Windows second-chance setup hurts IT, productivity Ubuntu Resolute Raccoon drops Xorg, keeps X11 apps alive More ancient Linux device support facing the ax WSL9x hacks Linux into ancient Windows 9x systems UK tribunal sends £2B claim accusing Microsoft of overcharging for licensing to trial Zorin OS 18.1 released - and the Lite edition reappears Task Manager's CPU%: an obituary for the recent past Linux 7.1 will have an optional new NTFS driver Microsoft releases Windows Server update to fix April update 20-year-old Enlightenment E16 bug finally gets patched 20-year-old Enlightenment E16 bug finally gets patched Raspberry Pi OS ends open-door policy for sudo Firefox Nightly adds Web Serial after years of saying no Windows Update: Torture chamber for seldom-used PCs Windows Update: Torture chamber for seldom-used PCs Notepad loses Copilot icon as Microsoft gives subtlety a try Notepad loses Copilot icon as Microsoft gives subtlety a try Microsoft attempts to untangle Windows Insider program Adobe finally patches PDF pest after months of abuse NHS pays £46K to prep next Microsoft licensing round Linux 7.0 debuts as Linus Torvalds ponders AI's impact Linux 7.0 debuts as Linus Torvalds ponders AI's impact Red Hat RHELocates its Chinese engineering team to India Showing the Windows 10 desktop was the yeast they could do Apple's chips are winners, but Windows fails help it most The end of Linux i486 support looks nigh The end of Linux i486 support looks nigh Windows asks a networking question on a Stratford billboard Some 'broken by update' PCs were already doomed SystemRescue 13 lands with Linux 6.18 and bcachefs support Memo: Red Hat Global Engineering plans to lean in to AI Microsoft plans another out-of-band Windows fix Ubuntu beta arrives with GNOME 50, sans Google Drive support Ubuntu beta arrives with GNOME 50, sans Google Drive support Microsoft pulls Windows update after installation problems Microsoft pulls Windows update after installation problems Microsoft cracks down on old Windows kernel drivers Microsoft cracks down on old Windows kernel drivers Linux kernel czar says AI bug reports aren't slop anymore How Windows 95 fought off badly behaved installers Age checks creep into Linux as systemd gets a DOB field Systemd-free antiX 26: Debian 13, in bonsai form Systemd-free antiX 26: Debian 13, in bonsai form Windows boss promises to heal the operating system's wounds Windows boss promises to heal the operating system's wounds Smart TVs and voice assistants are the next gatekeepers Microsoft releases emergency fix for account internet error Microsoft releases emergency fix for account internet error Microsoft: Removing some Copilots will improve Windows 11 WSL, WINE updates speed cross-OS app performance MS update kills Microsoft account sign-ins in Windows 11 GNOME 50 debuts with X11 axed, Wayland front and center Microsoft publishes a workaround for Samsung's C:\ drive woes Systemd 260 kills SysV, tells AI not to misbehave Out-of-band getting out of hand as Microsoft pushes hotpatch for Bluetooth Microsoft pushes out-of-band hotpatch for Bluetooth Big moves in Linux filesystems as new bcachefs lands and KDE adds support for Apple's APFS Age verification isn't sage verification when it's inside operating systems Age verification isn't sage verification inside OSes Microsoft points at Samsung after Galaxy app bug locks users out of C:\ RAM is getting expensive, so squeeze the most from it Nanny state vs. Linux: show us your ID, kid Smart mirror shows dumb Windows in elevator Microsoft adding Xbox mode to Windows 11 – even the Professional edition DR-DOS rises again – rebuilt from scratch, not open source Hotpatching goes default in Windows Autopatch whether you like it or not Hotpatching goes default in Windows Autopatch Linux PC vendor System76 tries to talk Colorado down over OS age checks System76 tries to talk Colorado down over OS age checks US state laws push age checks into the operating system Microsoft finally gets around to fixing Windows 10 Recovery Environment after breaking it in October BunsenLabs Carbon keeps the CrunchBang flame alive with Debian 13 Bootleg Windows, Office scheme crashes, triggers 22-month lockup for Florida woman
Open source isn't a tip jar – it's time to charge for access
Steven J. Vaughan-Nichols · 2026-03-25 · via The Register - Software: OSes

OPINION Time and again, I see people begging for companies with deep pockets to fund open source projects. I mean, after all, they've made billions from this code. You'd think they could support the code's creators and maintainers. It would be only fair, right?

Screw fair. Screw asking for dimes. You can't live off one-off charity donations. Trust me, I've been on the boards of several small nonprofits. Dpending on what people put in a tip jar is no way to fund anything of value.

So you'll excuse me if I'm not blown away by the fact that Anthropic, AWS, GitHub, Google, Microsoft, OpenAI, and others – total market cap in the ballpark of $7.7 trillion – have donated $12.5 million in grants to the Linux Foundation, OpenSSF, and Alpha‑Omega. If you make $100,000 a year, that's about 16 cents. Color me unimpressed.

Mind you, many open source developers never see an annual income that large. Indeed, according to a 2024 Tidelift maintainer report, 60 percent of open source maintainers are unpaid, and 60 percent have quit or considered quitting, largely due to burnout and lack of compensation. Oh, and of those getting paid, only 26 percent earn more than $1,000 a year for their work. They'd be better paid asking "Would you like fries with that?" at your local McDonald's.

It's not just the developers who are underpaid and unappreciated. Anyone building modern software depends on language registries such as Maven Central, PyPI, npm, crates.io, and others, which collectively handle on the order of trillions of package downloads a year. Yes, I said "trillions."

Sonatype CTO Brian Fox recently told me that Maven Central, the Java registry, has delivered hundreds of billions of downloads, yet it runs on a shoestring" in terms of funding, staff, and infrastructure.

The load comes overwhelmingly from large users, not hobbyists. Fox's analysis shows that 82 percent of Maven Central demand comes from fewer than 1 percent of IPs, with roughly 80 percent of traffic sourced from the largest cloud providers' infrastructure. Now these companies could easily run their own local mirrors, but they don't. Instead, they hit up public open source registries on every build, test, or scan. All of this drives bandwidth, storage, and operational complexity, which eats up cash like an elephant does peanuts. Open source charity won't pay the bills. Going forward, commercial users can expect to pay to access the code. Sure, the code will still be free, but if you're going to be perpetually downloading terabytes of code and artifacts, you'll need to pay for access.

Another hidden cost is that open source maintainers must deal with a flood of bogus AI slop security reports. Some AI bug reporting is great and helpful. Unfortunately, most of what programmers are seeing is garbage.

OpenSSF reports that only about 5 percent of bug bounty submissions are genuine vulnerabilities. Digging out the good reports from the bad ones is an enormous pain in the rump.

As cURL founder and maintainer Daniel Stenberg says of the situation, maintainers face a "death by a thousand slops." He ultimately shut down cURL's bug bounty program because the flood of low‑quality, AI‑driven submissions was damaging maintainers' "survival and intact mental health."

Despite that, enterprises still blithely assume that "the community" will absorb this workload as part of the deal. According to Synopsys's 2025 Open Source Security and Risk Analysis (OSSRA) report, more than 97 percent of commercial software projects use open source dependencies. You guys owe open source big time.

The OSSRA report also found that 91 percent of audited open source components showed no clear signs of maintenance in the past two years. That isn't just abandonware projects. Widely used programs such as Ingress NGINX are also dying because no one is willing to maintain them without pay.

Imagine not being willing to work without compensation! The nerve of some people! As it happens, many open source developers have been willing to work without a paycheck.

Some organizations do support maintainers, for example, there's HeroDevs and its $20 million Open Source Sustainability Fund. Its mission is to pay maintainers of critical, often end‑of‑life open source components so they can keep shipping patches without burning out. Sentry's Open Source Pledge/Fund has given hundreds of thousands of dollars per year directly to maintainers of the packages Sentry depends on. Sentry is one of the few vendors that systematically maps its dependency tree and then actually cuts checks to the people maintaining that stack, as opposed to just talking about "giving back."

Sentry is on to something. We have the Linux Foundation to manage commercial open source projects, the Apache Foundation to oversee its various open source programs, the Open Source Initiative (OSI) to coordinate open source licenses, and many more for various specific projects. It's time we had an organization with the mission of ensuring that the top programmers and maintainers of valuable open source projects get a cut of the tech billionaire pie.

We must realign how businesses work with open source so that payment is no longer an optional charitable gift but a cost of doing business. To do that, we need an organization to create a viable, supportable path from big business to individual programmer. It's time for someone to step up and make this happen. Businesses, open source software, and maintainers will all be better off for it. ®