Why Open Source Needs A New Funding Model
So a developer makes a little project to scratch an itch, get it working to a point that seems stable enough and publishes the code to a repository.
Some time later one of a couple possible things happen.
1) The code/project is abandoned for any number of reasons, lack of personal time to work on it, burnout, moving on to other things, lack of community support, job change or just about anything else. 2) The code/project is very useful in other projects and gets used but in a limited manner due to being kind of a niche project. 3) The code/project really takes off and winds up being used in hundreds of thousands of projects and has one person to handle the entire code base that becomes a full time job. Without any real pay. 4) The code/project gets enough attention that a bigger project group picks it up to help support the code base.
Usually it is the first two that happen, sometimes the fourth, but when it is the third option, that's when things can go really bad.
This is not the first time something like this has happened, sometimes even when a project gets picked up.
More notable is the continued widespread use of aging or abandoned open source components, with 91% of the codebases containing components that either were more than four years out of date or had seen no development activity in the last two years.
...
Snip >
It is ridiculous when you think about all of the business capital that depends on such grossly underfunded applications. OpenSSL has never received more than a million dollar yearly budget and OpenSSH can鈥檛 pay its electric bill. The OpenSSL foundation鈥檚 president, Steve Marquess, said 鈥淭he mystery is not that a few overworked volunteers missed this bug; the mystery is why it hasn't happened more often."
Snip
And while I am not going into the details, there was this Log4J thing that is still happening.
Obligatory xkcd.
But what happens when a lone developer has had enough on a really popular project? Or Two?
Really bad things, they control the codebase.
Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps
Users of popular open-source libraries 'colors' and 'faker' were left stunned after they saw their applications, using these libraries, printing gibberish data and breaking.
Some surmised if the NPM libraries had been compromised, but it turns out there's much more to the story.
The developer of these libraries intentionally introduced an infinite loop that bricked thousands of projects that depend on 'colors' and 'faker.'
The colors library receives over 20 million weekly downloads on npm alone and has almost 19,000 projects relying on it. Whereas, faker receives over 2.8 million weekly downloads on npm, and has over 2,500 dependents.
...
From the developer side, a little history.
I lost all my stuff in an apartment fire and am barely staying unhomeless. Lost access to most of my accounts. All precious metal is missing. If anyone could bless paypal@marak.com with a little cash it would help me from freezing on the street. lol. 1:41 PM 路 Oct 25, 2020路Twitter Web App
No more free work from Marak Pay Me or Fork This 路 Issue 1046 路 Marak/faker.js 路 GitHub
Marak commented on Nov 8, 2020
Respectfully, I am no longer going to support Fortune 500s ( and other smaller sized companies ) with my free work.
There isn't much else to say.
Take this as an opportunity to send me a six figure yearly contract or fork the project and have someone else work on it.
While this doesn't involve the above developer, it is just more of the same with Log4J.
Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps
snip
Open-source library Log4j is used extensively in a vast range of Java applications, including those developed by corporations and commercial entities.
But, shortly after mass-exploitation of the Log4shell vulnerability, the maintainers of the open-source library worked without compensation over the holidays to patch the project, as more and more CVEs were being discovered.
Concerns emerged as to how big businesses were used to "exploiting" open-source; by consuming it incessantly but not giving back enough to support the unpaid volunteers who sustain these critical projects by giving up their free time.
snip
While I was listening to LINUX Unplugged 440: Saving Podcasting from Centralization there were a few things that struck me as being useful to help solving the developer funding model.
There is this thing called the Lightening Network. And it is already in use.
Lightning Network: Bitcoin micropayments Blockstream
The Lightning Network is a new protocol layer built on top of Bitcoin. It uses cutting-edge smart contracting to achieve faster-than-VISA transaction throughput, while retaining the peer-to-peer nature of the Bitcoin protocol.
One of the things mentioned in the podcast was the ability to pay podcasters in many different ways, a very small amount continuously for the duration of your listening time, a one time payment every time you download a new episode or just send some funds anytime.
Reward podcasters
Send a tip to the host along with a message or send them some sats for every minute you listen to their show
Now what if this was used for Open Source projects?
It would, I think, definitely change things for the better.
Those projects that fall by the wayside might just keep going, maybe only a little longer but if someone was making a little, even if it only paid for the morning coffee. If you are getting something, anything, people will typically keep doing that thing as long as it doesn't become too burdensome.
For the projects that do take off, this might be enough to make it a full time job.
Now for the math part of this to see what it would take for someone like Marak to be able to get his six figure income.
The colors library receives over 20 million weekly downloads on npm alone and has almost 19,000 projects relying on it. Whereas, faker receives over 2.8 million weekly downloads on npm, and has over 2,500 dependents.
So, lets round this and call it 23 million downloads weekly.
A bitcoin is worth ~$43,000 at the moment.
Since we are looking at a six figure income that typically is also over a year, that makes comes out to 1.2 trillion (23 million * 52 weeks = 1,196,000,000 downloads, yes I am rounding again) downloads a year.
One Bitcoin = 100 million sats ($0.00043/sats)
Three bitcoin = six figure pay.
So, 300 million sats will be needed.
0.25 sats per download, I am not even sure it can go that small.
If the smallest unit is 1 sats, the income would be $516,000 per year with a download pay of $0.00043 per download.
Less than half a cent.
That leaves us with one last rule.
13 - Anything worth doing is worth doing for money. - Ferengi Rules of Acquisition
Someone needs to get something like this going.
Now.