Running the internet, under-funded and under-staffed? - How to achieve a sustainable open source ecosystem
A presentation at re:publica 2024 in in Berlin, Germany by Jutta Horstmann
Running the internet, under-funded and under-staffed? How to achieve a sustainable open source ecosystem re:publica, May 29 2024 | Jutta Horstmann | CEO, Mailvelope
vs. Luca Florio, CC BY-SA 2.0, via Wikimedia Commons
Economic Sustainability The project has funding to continue operations
Economic Sustainability The project has funding to continue operations for years to come.
Source: https://xkcd.com/2347
Credit: Leena Snidate / Codenomicon, CC0, via Wikimedia Commons
OpenSSL Credit: Leena Snidate / Codenomicon, CC0, via Wikimedia Commons
“So the mystery is not that a few overworked volunteers missed this bug; the mystery is why it hasn’t happened more often.” – Steve Marquess, OpenSSL
GnuPG
Reactions
Log4J
xz Utils
The situation today ● 96% of the surveyed codebases included OSS ● 77% of the code in the codebases was OSS ● 49% of code bases included OSS that had had no developer activity in the past two years – Synopsys ‘24 Open Source Security Report (audited > 1,700 codebases across 17 industries, source) ● 60% of open source maintainers describe themselves as “unpaid hobbyists.” ● 44% of all maintainers said they are the only person maintaining a project. – Tidelift study 2023, https://thenewstack.io/open-source-needs-maintainers-b ut-how-can-they-get-paid
How to make a living from building Open Source software?
The Economics of Open Source
Voluntary, unpaid work
Voluntary, unpaid work
Lack of contributors Lack of funds Vicious cycle Lack of business / product development
Sustaining F/OSS: Business and Funding Models
Unrestricted funds Dual licensing / paid product Paid services Ads Crowdinvesting Investment / VC Grants Donations Awards GitHub Sponsors Crowdfunding Universal Basic Income Paid internship Restricted funds High effort beyond product work Paid contributor Low effort beyond product work
Scales with success Ads Dual licensing / paid product Donations Paid services Crowdfunding Grants Does not scale Awards Unpredictable GitHub Sponsors Investment / VC Paid internship Crowdinvesting Paid contributor Universal Basic Income Predictable
Examples
Adblock Plus What is it? What does it do? License: Developed by Browser extension Block ads, tracking, malware GPL Adblock Inc (subsidiary of eyeo GmbH) Available since 2006 Funded by ● Ads / paid services: Acceptable Ads revenue ● Freemium ● Donations
Drupal What is it? What does it do? License: Developed by CMS / DXP Framework for web content publishing GPL Community Available since 2001 Funded by ● ● ● ● ● Donations Grants (Drupal association) Sponsorships Paid contributors Paid services
GnuPG What is it? What does it do? License: Developed by: Crypto engine implementing PGP standard Encrypt & signs data and communications; key management system GPL Werner Koch / g10 Code GmbH Available since 1997 Funded by ● ● ● ● Public contract (Germany, for GPG4Win and VS-Desktop) Crowdfunding Donations (by larger companies like Stripe, Facebook) Paid services (g10 Code GmbH)
Mailvelope What is it? What does it do? License: Developed by Browser extension Encrypt webmail communications AGPL Thomas Oberndörfer, Mailvelope GmbH Available since 2012 Funded by ● Grants ● Paid subscriptions (Mailvelope Business)
Mozilla Firefox What is it? What does it do? License: Developed by Browser Encrypt webmail communications Mozilla Public License (MPL) Mozilla Foundation & Mozilla Corporation Available since 2004 Funded by ● Donations (Mozilla Foundation) ● Paid services / Ads (Mozilla Corporation, 81% (2022) from Google paying for making it the default search engine)
MySQL What is it? What does it do? License: Developed by Database Management System Stores and manages information in databases GPL and proprietary MySQL AB Available since 1995 Funded by ● Donations (Mozilla Foundation) ● Paid product via dual licensing
Learnings Longevity built on ● keeping the organization small ● finding a profitable paid services business model ● building a profitable paid services ecosystem ● dual licensing ● securing (unrestricted) grants ● securing (large) donations
Economic Sustainability The project has funding to continue operations for years to come.
Beware! ● Tip jars / Gig economy ● Restricted funds ● Short-term grants ● Grant writing overhead ● Donation taxation Tomwsulcer, CC0, via Wikimedia Commons
How about… funding Open Source maintainers with public money from (corporate) taxes? applying licensing that requires you to pay money when you build commercial offerings on top of OSS?
Licensing “I want everyone to be able to use my code only for non-commercial purposes.” ● Commons Clause: https://commonsclause.com ● Sustainable License: https://manishrjain.com/sustainable-license-faq ● Heather Meeker: https://heathermeeker.com/about-me/
What Open Source sustainability means for US Source: https://www.acquia.com/blog/series/women-of-drupal
< 10% female contributors to Open Source repositories Sources: https://www.toptal.com/open-source/is-open-source-open-to-women, https://community.sap.com/t5/open-source-blogs/women-in-open-source/ba-p/13508760, https://www.computer.org/csdl/magazine/co/2022/12/09963732/1Iz0RZM9Wbm
18% Gender pay gap: In Germany, women earn 18% less than men. (2022, DESTATIS)
9h Gender care gap: Per week, women work 9h more unpaid than men do. (2022, DESTATIS, Germany)
How can one expect women to contribute to Open Source when that means spending spare time we don’t have, on another topic we are not going to be paid for? https://www.toptal.com/open-source/is-open-source-open-to-women
Open Source sustainability enables diversity. Source: Created by Midjourney
Thank you! Jutta Horstmann Mailvelope GmbH CEO, Mailvelope GmbH https://www.mailvelope.com jutta@mailvelope.com @mailvelope (X, Mastodon) https://www.linkedin.com/in/jhorstmann/ https://www.linkedin.com/company/mailvelope/ @smphr (Mastodon) PGP: 89D1 69A3 ECAD CA3D A4E6 F3A7 DFA4 EE0F 9113 4859
Open Source technologies build the foundation of the free and open internet, but many are developed by only a single maintainer or a very small community.
Despite the critical role these tools play in the internet ecosystem, they are perpetually under-funded and under-supported.
The similarity to other “system relevant” professions is striking: The more we need them to keep the system running, the less we are willing to appreciate and sufficiently fund them.
Who cares? We all need to, as without proper funding and without redundant staffing, these projects may die out, leaving critical components unmaintained.
