Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> We've been really bad at allocating capital to people who are building important and highly influential software

What does this mean? Can you give an example?




Sorry - I might be being a bit slow. How is that an example of poor capital allocation?


  - XZ is critical software
  - XZ was (is?) developed by a single person
  - XZ developer does XZ development in their spare time, having a normal job to pay the bills
  - XZ developer gets overburdened. Not making money, they can't hire another dev.
  - Pressure builds up. Hacker leverages and takes advantage of this. Especially since everything can't be checked due to said overburden
Look at it from the flip side. Take the counterfactual of if XZ Utils was making money for their work

  - XZ is critical software, therefore it is funded
  - XZ is funded and critical, so more than one developer is hired to ensure quality
  - XZ is funded, developers don't have a second job. They have ONE job
  - XZ is over burdened. XZ is funded. XZ hires more devs.
It's true that a hacker can still infiltrate corporate software, but it is also true that the pressures would have been far lower were the main dev not doing 2 fucking jobs.


Of course if there were a large company maintaining XZ Utils then that would dramatically mitigate the cyber risk, but isn't this is the default economics of OSS?

Approaching it from the point of view of "it's obviously unjust and stupid that people voluntarily offered their software for nothing" without questioning the prior seems a bit short-sighted.

If you want to say "no one should use OSS because of the cyber risk", you might be right. But then what should replace it? What's the proposal?


Not every valid recognition of a real problem has to come with a 13-page point-by-point proposal for a fix.


I took it to mean that we give money to people who ask for it




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: