Everyone loves free software. But “free” comes with a price you don’t see until it’s too late.
Context
Open-source software powers the internet:
- Linux: 90% of cloud servers
- Apache: 40% of web servers
- PostgreSQL: Millions of databases
- Node.js: 50 million developers
All free. All maintained by volunteers.
The problem: Those volunteers are burning out.
Recent examples:
- Log4j vulnerability: Maintained by 3 unpaid volunteers
- Heartbleed: OpenSSL maintained by 1 person part-time
- XZ backdoor: Single maintainer for entire project
Critical infrastructure. Billion-dollar companies depend on it. Maintained by hobbyists.
Plot Twist
Here’s what nobody’s talking about: The “free” software economy is a pyramid scheme.
Big tech companies:
- Use free open-source software
- Build billion-dollar products on it
- Pay $0 to maintain it
- Extract value while externalizing costs
The twist: We built an entire industry on unpaid labor. And now we’re surprised when the foundation cracks.
The XZ backdoor wasn’t an anomaly. It was inevitable.
When critical infrastructure relies on hobbyist maintainers working in their spare time, security becomes optional.
The real fix: Sustainable funding for open-source maintainers. Not donations. Actual salaries.
Because “free” software isn’t free. Someone’s paying. They just don’t know it yet.