/Programming

There is an idea that the tech world has been repeating for decades without much scrutiny. That open source software is a collective achievement, proof that cooperation can beat the market. It is a good story. The problem is that good stories tend to survive precisely because nobody wants to check whether they are true. The facts, when you actually look at them, tell a different story. Open source, in the form it exists today, works as one of the most efficient value extraction mechanisms in the digital economy. It was not designed for this. It was designed with genuine idealism. But idealism without structural protection is, in practice, an invitation to abuse. And companies accepted that invitation without hesitation. Elastic built and maintained Elasticsearch for years. A search engine that became critical infrastructure for tens of thousands of organizations. During that time, Amazon took the code, built a managed service on top of it, and billed hundreds of millions of dollars per year. Without contributing engineers back to the project. Without compensation. Simply because the license allowed it. When Elastic changed the license in 2021 to protect itself, Amazon created a fork called OpenSearch to work around the change and maintain access. Elastic had around 600 or 700 employees. Amazon has over a million. There is no ambiguity about who holds power in that relationship. The same pattern repeated with MongoDB, HashiCorp with Terraform, Redis Labs, Confluent with Kafka. All changed their licenses for the same reason, in different years. The case of Marak Squires, in 2022, was more personal. Marak maintained two Node.js packages with over 20 million combined weekly downloads. Code that large companies used in production, paying nothing, saying nothing, not even noticing there was a person behind it. When Marak deliberately broke his own packages in protest, taking down production systems, the most common response was anger directed at him. Not at the system that had drained him for years. Before the incident, Marak had publicly asked for compensation on GitHub, writing that he would only continue if companies with a budget paid him for the work. He received no response from any of the companies depending on his code. It is tempting to reduce this to bad companies versus an idealistic community. But the problem goes deeper. Open source licenses were written at a time when distributing software meant handing over copies. The cloud changed that completely. Today you can take someone else's code, run it on servers, charge third parties for access, and never distribute a single line of modified code. The most common licenses simply do not cover this scenario. Not because anyone sabotaged them. The business model that would make them obsolete did not yet exist when they were written. The model assumes that those who benefit will contribute back. That reciprocity emerges naturally. Thirty years of data show that is not what happens, at least not in the proportions that would make the model sustainable. Individual programmers contribute. Companies consume. It is a systematic, well-documented transfer of value that is largely accepted as normal. The most sophisticated part is not the extraction itself. It is how companies ensure that the system benefiting them continues to be defended by the very people who lose the most from it. Google Summer of Code pays students to contribute to open source projects. The narrative is philanthropy. In practice, Google gets code in projects it depends on, trains programmers in the technologies it cares about, and creates a generation for whom contributing for free feels normal. Microsoft bought GitHub in 2018 for 7.5 billion dollars. Not out of generosity. It bought it because controlling the platform where open source code lives means controlling infrastructure of the software economy. GitHub hosts over 100 million repositories. Microsoft has access to development patterns, adoption trends, and data about projects that few companies in the world have. It paid with money, not with code. In 2023, Microsoft reported revenues of around 211 billion dollars. Azure grew largely on open source: Linux runs on more than half of the virtual machines on the platform. The company benefits, in very concrete ways, from code it did not pay to create. The most lasting result of all this is not financial. It is ideological. The programmer who spends weekends maintaining a project used by millions, without compensation, and who defends this model with genuine conviction is the most complete victory a corporation can achieve. Because it is a victory that costs nothing. Linux is the most cited success case, and reasonably so. It runs on servers, phones, embedded systems, and most of the internet infrastructure that exists. But it is worth looking at how it actually works. More than 85% of contributions to the Linux kernel come from programmers paid by companies such as Intel, Red Hat, and Google, all of which have direct commercial interests in the kernel's quality. Less than 15% come from independent volunteers. Linux succeeds largely because companies figured out it is cheaper to fund development than to build proprietary alternatives. It is cooperation, yes, but cooperation with very clear commercial incentives. Not the romantic model that usually gets presented. Firefox has survived for years thanks to a contract with Google that, in some years, represented more than 80% of Mozilla Foundation's revenues. The most successful open source project in this case is funded by the company that profits most from it. WordPress powers more than 40% of the global web and is technically open source, but Automattic, the company founded by its creator, bills hundreds of millions per year from services built on top of the project. Without that commercial structure, WordPress would probably be another well-intentioned project running on minimal maintenance. In all these cases, what worked was having a financial structure underneath. What consistently fails is the model built on goodwill and voluntary reciprocity alone. The argument here is not against sharing code, against collaboration, or against making software accessible. It is against the idea that open source as an institution, with its current licenses, its governance structures, its voluntary funding mechanisms, is delivering on what it promised. Licenses that distinguish between personal use and commercial use at scale would make sense. Compensation obligations for companies above certain revenue thresholds too. Governance structures that give real power to maintainers, not mainly to the companies that dominate standards committees. Initiatives like Open Collective, GitHub Sponsors, and Tidelift exist and are well-intentioned. But they are voluntary, and in voluntary systems, those with power rarely contribute in proportion to what they extract. Open source as an idea, code that can be read, modified, and improved by anyone, still makes sense. The problem is that the idea was implemented without the mechanisms that would make it sustainable. Thirty years later, we keep treating this as a question of culture rather than structure. As long as it stays that way, the outcome tends to be the same: some programmers burn out, companies keep growing, and the conversation starts over.