Quote from Website: "For the past 30+ years I’ve been the maintainer of sudo. I’m currently in search of a sponsor to fund continued sudo maintenance and development. If you or your organization is interested in sponsoring sudo, please let me know."
This is why Big Tech is so desperate for AI to work as a wholesale replacement for software developers: they do not pay for their Open Source consumption as-is, and new maintainers aren’t stepping up because they can’t afford rent, let alone to devote their full time to FOSS work free of charge like a lot of older project maintainers do.
The fact that sudo is a critical security pillar for trillions of dollars of global infrastructure but this guy gets bupkis for it screams volumes about the current state of technology.
We must do better, or it’ll be closed systems (OpenAI, Microsoft, Apple, Google, Oracle) all the way down as maintainers age out, go bankrupt, or die without succession plans in place.
Honestly, it seems like the idealism of open source shouldn't have survived its contact with capitalism, but I suppose the contact wasn't painful enough the the exploitation continued for a long time.
Maybe we need a license that's even more onerous to corporations than the AGPL, like something with a revenue share clause.
Or maybe the problem is the naivete of software engineers. In aggregate, there was so much embrace of libertarianism that no groundwork was laid to protect ourselves from things like AI and offshoring.
Been pitching that with my FOSS colleagues and peers for years, now. A license for individual and educational use, but pay-to-play for anyone tangentially making revenue from its use. Then the conversation boils down to the business engineering of how much should something cost, with some arguing for flat yearly rates, and others arguing for cost-per-unit, while others still fret about "disrupting" the status quo immediately after acknowledging its untenability.
It's...frustrating, but those who do the work are the most qualified to explain what they need. For the rest of us, it's encouraging them to seek reasonable compensation for their work from those who exploit it for profit, and that doing so doesn't necessarily go against the spirit of open source.
I don't mean to come across as far too cynical, but in what world has a software license ever stopped the greedy and powerful from pillaging the IP of other people smaller and weaker than them?
In my opinion, libertarianism in software is a hollow dream that leads people to make foolish decisions that can't be protected. This makes it easy for corporations to exploit and quash any barely audible opposition.
Almost as if by plan, the libertarian mindset has eroded and weakened open source protections, defanging and declawing it every step of the way.
A change in economic system might be neither sufficient nor necessary, especially if the new economic system turns out to be even worse, or a scam.
One approach is to have expectations to not only the economic system, but also other systems, and the different people involved, no matter if they're on the top, on the bottom, or somewhere in the middle.
Not trying to be glib here. This feels like the embrace, extend, extinguish pattern that we jokingly used to think was only Microsoft. It is now becoming more and more obviously the modus operandi of the entire enterprise software ecosystem.
I believe you are correct to be frustrated and ringing the alarm bell. This is a "death of the commons" moment for OSS.
> and new maintainers aren’t stepping up because they can’t afford rent, let alone to devote their full time to FOSS work free of charge like a lot of older project maintainers do.
What about the Rust rewrite (sudo-rs)? I think it shows people are interested in maintaining and/or modernizing tools taken for granted.
It has a more lax license AFAIK. Also, many Rust projects and libraries have been abandoned, or are in so-so shapes.
Edit:
To specify, new projects like sudo-rs may seem promising, but going by observation and experience with similar projects, there is no guarantee that sudo-rs and similar projects will be successful, good and continued to be maintained. The problems with old projects can end up applying to new projects as well. And projects in Rust are no exception, going by experience with existing, older Rust projects.
Aside, a pet peeve I have is that for instance Ruffle has not turned out as successful as I had hoped for, even after several years and many sponsors. The proprietary Flash runtimes written in C still outperform Ruffle greatly in some cases, causing problems for some users that want to use Ruffle instead of other runtimes.
If there are 1000 projects that aren't sudo-rs but are similarly load bearing, and they have all been abandoned/in so-so shape, you're right that it doesn't actually say anything about sudo-rs, but there's a highly probable outcome that will be inferred by most people. Incorrectly or otherwise.
How is this a counter argument for anything? A more permissive license is not inherently a bad thing. Many C and C++ projects are also abandon or in so-so condition, why you uniquely call out Rust makes little sense. Either sudo-rs fills the void or it doesn't, but it is a counter point to this idea that open source projects have no path of evolution. Just because that path doesn't look like how you want it to doesn't mean it doesn't exist.
What if the exploitative aspect is open source itself? Trick some above average but naive developers into giving their talent, effort, insights and time away for free or very little? Maybe open source or something similar could have been organized in a way that wasn't exploitative and wasn't (possibly) unsustainable, but that is not how things ended up with what Richard Stallman and others organized.
The exact moment you charge for something, you need payment processing, a bank, a legal entity to hold said processed funds, you have liability, you need some sort of marketing / sales process (even if it's just copy on a website), and the barrier for someone to use your product is suddenly extremely high, simply because it costs something.
Release it for free, no barrier to entry, no legal liability, the entire world can use it instantly. This is why free software spreads and catches on - precisely because it's free.
There is no way to form a business around FOSS without becoming a gatekeeping high-barrier entity. You can release for free then charge extra for consulting or special features, which many have done and continue to experiment with.
But the core reason why FOSS spreads and took over is precisely why it is difficult to fund. No one is going to pay for something when the alternative is free. And the moment you start to charge some free alternative comes along and your prior users spurn you as greedy
I think you have good arguments, but I wonder if there are alternatives that could work in at least some cases. Like, how Unreal engine's license works. Source-available to game developers, but in theory limited to paying customers, or something along those lines.
> The exact moment you charge for something, you need payment processing, a bank, a legal entity to hold said processed funds, you have liability, you need some sort of marketing / sales process (even if it's just copy on a website),
That seems like an area that's ripe for innovation. What does it take to get setup on a platform like Patreon? Seems like something similar ought to be setup for open source/independent development, probably an idealistic nonprofit.
> and the barrier for someone to use your product is suddenly extremely high, simply because it costs something.
All the organizations who really ought to pay are already setup to do all that, and do it all the time.
> But the core reason why FOSS spreads and took over is precisely why it is difficult to fund. No one is going to pay for something when the alternative is free. And the moment you start to charge some free alternative comes along and your prior users spurn you as greedy
What we need is innovation. Maybe a license that has a trip-wire? If not enough money is voluntarily deposited into a tip jar over a certain period of time, the license requires a modest payment from all for-profit organizations of a particular size.
That's up-front, is for the most part free, and incentivizes some payment.
The code can become "radioactive" as well when a software library goes paid. It starts phoning home with information about its environment to ensure compliance which is just kinda... icky to most devs. I certainly don't want that bloat in my dependencies.
This is an upfront cost and is possibly a one-time cost per-agreement.
Practically nobody downloads and installs sudo directly from the project website; people install it with their distribution of choice. The agreement could be automated and included in the licensing process. ie: the license gives specific distributions access to the software (either via paid or other agreed-upon terms appropriate to the distribution) and perhaps individual licensing terms for non-commercial entities.
Of course, the bigger ask in this decade is in use for training LLMs. OSS shouldn't be laundered through an LLM (IMHO) for license avoidance. Maybe some projects are OK with that (eg: many BSD licensed works.) There are some that likely aren't.
All of this is true, but ironically Free Software is about ensuring people have control over their computers, and Open Source spun the narrative to make it about getting software cheap or without paying at all.
People having control over their computer (and even having the right to share what they run on their computer!) is completely compatible with people paying for software labor.
No it isn't. People having control over their own computer is in direct contradiction with people paying for software labor. In an honest world, sure, but in reality, people don't want to pay for shit and are going to steal from you. The Pirate Bay is still running and isn't going away. So is Anna's archive.
There can be "cynical greedy bastards" in many places. If you optimize against them in one regard and place, will you also handle them elsewhere well? And calling for change can be abused by some of them to open new opportunities for exploitation, this time benefitting some different group of them.
You need to have an alternative, and it needs to be a credible and reliable one, to ensure that it does not end up being the case that one scam is replaced with another scam.
I really think that criminal theory needs to progress. We differentiate between say consensual intimacy and rape and we don't let the existence of sexual abusive people set the terms for our romantic encounters.
We have carved out a class of engagements, labeled it deeply asocial, criminalized it and now we pursue people who engage in it through legal means.
Business really doesn't have this. Personal example - last week I was at a place where the business owner tried to overcharge me by an order of magnitude and then verbally attacked me when I caught him and backed out of the transaction.
His google and yelp reviews are full of people claiming false charges and all kinds of fraud, refusal to correct and repeated abuse until they closed their cards. It's wildly obvious what's going on here and I was on the ball enough to catch it.
I contacted the police and they said "well you should call the BBB or something". It's dozens of reviews of clear credit card fraud and for some reason because he's a merchant, doesn't seem to hit the radar.
These are purely criminal matters - people acting habitually in bad faith with ill intent in a brazenly dishonest manner.
Whether it's plundering the commons, polluting the public discourse, or breaking other types of social compacts, these should be treated the same as any other crime.
Does your country allow suing him for a large monetary amount? Have you talked to the media? A lawyer? Maybe together with others? Made it as easy as possible for the police to get him, paper trail, receipts and all?
You do have points, though, but there might at least be some actions that you and others can take in this case. Maybe a medium change like changing the law on this specific point might make sense.
I'm not law enforcement. This shouldn't be my job. If I see someone robbing a store with a mask on and a gun I should be able to call the police, report it, and hand it off.
If there's an accumulation of complaints against this merchant then that should warrant an investigation.
The police have like half the local city budget, can't they do their job?
Why should something like sudo not be "done" after 30 years?
Sudo is one of the poster children for creeping featuritis, to the point that the sudoers man page is a meme ("Don't despair if you are unfamiliar with EBNF ...")
Even OpenBSD gave up and implmented their own simplified replacement (doas).
This community and others like it are so weird in that if they see something as stable as sudo but without recent commits, rather than conclude that it's solid and doesn't need further changes, they see it as some kind of a problem and want to switch to something that's seen major changes in the last week.
Maybe that's somehow related to why so many companies are shoving AI into a bunch of stuff that doesn't need it. Gotta keep everything on the hype train. Working and fulfilling people's needs is no longer good enough.
The thing is, there is next to no software that "doesn't need further changes" at all. There is always something, sure it might be infrequent and/or most of the time nothing really big or difficult (except sometimes) but the point is: someone needs to step up and do it.
If a see a project with recent activity, best from multiple people it is a strong signal that this will happen, if the last commit is a year ago I must assume it's completely abandoned because most of the time it just is. Sometimes it's clearly communicated that it is the way because the authors see it as essentially feature complete, there are some examples of this but not that many honestly.
Different platform but the simplest mainframe utility IEFBR14, a noop process to trigger JCL events started as one instruction. Then two. Then debate started about which machine instruction should be used to set the return code to zero …
I'm not sure what can be gained for further development of the OG c sudo, add security patches of course.
But fund adding yet another feature 99.9% of users will never use? I can't fathom the justification for that. Just adding attack surface at this point.
Rightly both doas and the *-rs drops ins intend to drop most of those unnecessary features.
Because we haven't progressed to the angelic level of software development, so nothing is bug-free, which especially important in something security-critical like sudo
Even if sudo itself never changed, the system around it changes pretty drastically. I agree the scope of the tool should be smaller and it violates the Unix philosophy (whatever that is worth these days)
Bugfixes and security vulnerabilities, mostly. So long as fallible humans make fallible hardware running fallible software that in turn executes and/or compiles fallible code, there will always be a need for continued development of critical tooling and packages.
On a long enough timeline, those fixes become fewer and less frequent as the codebase improves, but there is no "done" in software unfortunately. Hell, entropy itself means nothing is ever done, just in an ever-changing state.
> Why should something like sudo not be "done" after 30 years?
Because new needs arise over time. For example, when I started in IT the "sudoedit" functionality was not present and so allowing someone to do "sudo vi …" would allow them breakout of the editor when it was running as root.
With sudoedit you can give people permissions to edit particular files with elevated permissions.
> Even OpenBSD gave up and implmented their own simplified replacement (doas).
They did not "give up": they found they needed only much simpler functionality shipped in the base OS. For example, sudo has functionality to talk to LDAP (which I've used at multiple jobs over the years), but is not needed for a local-only box. Once you need centralized account and privilege management, doas becomes much less useful.
Are you saying you would be using something that fills the same critical role as sudo even if it had not received any updates in a decade or more? Because that sounds insane
Is it really creeping, though? Pretty sure I first saw the EBNF in the man page more than 20 years ago, it's just how that generation learned to write and discuss parsers. (What I'm getting at is that even if it is, that isn't a sign of it.)
Of course, 20+ years ago a big feature was platform compatibility, and since then we've gone from 10+ to 2ish, so if it's not explicitly enabling retrocomputing, it should be getting simpler, right?
I've always favored the view that digital goods are only scarce until they are released. if we had a market for patch releases once they hit some goal. Uses could tip to reach the goal. After the goal is reached the patch is released and to all. Still have free loaders but one might live on the work
Have used sudo millions of times. It's so smooth I don't even consider it software. Thinking that sudo could give me bug one day haunts me now. Thanks Miller for your work!
I would love to know were IBM is on this. They use sudo everywhere, even on AIX. Not to mention IBM owns Red Hat Linux.
IBM should be able to send a decent amount to Todd once in a while, but based upon how much IBM supports ssh ($0), all they are proving is they are very cheap and only wants be a parasite living off other's work.
But, on the whole, the server seems to be doing well enough for something near the top of HN. The website is served by nginx and appears to be mostly static pages.
But today people can just vibe code their own sudo "with blackjack and hookers!"
/s
Really though, it is remarkable just how high we've built this towering house of cards on the selfless works of individuals. The geek in me immediately begins meditating on OSS funding mechanisms I've seen in the past, and what might work today. Then I remember that I don't believe it can work, but hope desperately that people like Todd can keep paying rent and continue getting some satisfaction from the efforts.
30+ years maintaining one of the most critical pieces of infrastructure on nearly every Linux and Unix system, and he's currently looking for a sponsor to fund continued development. Every company running sudo in production owes this man. Someone should fix that
Right? A company to step and cut a check to support this would get positive publicity and there doing something good for community at large. Someone step up.
Companies don’t step up and do things for the common good. They do things for profit. Occasionally that looks like they are charitable if the value of the PR is worth it for them.
No one[1] changes what product they are using based on funding or not of open source software. Companies will step in and fund it if they want control, like with Rust, or if the maintainer finally stops giving them free labor and they actually need the software.
Why would you be running sudo in production? A production environment should usually be setup up properly with explicit roles and normal access control.
Sudo is kind of a UX tool for user sessions where the user fundamentally can do things that require admin/root privileges but they don't trust themselves not to fat finger things so we add some friction. That friction is not really a security layer, it's a UX layer against fat fingering.
I know there is more to sudo if you really go deep on it, but the above is what 99+% of users are doing with it. If you're using sudo as a sort of framework for building setuid-like tooling, then this does not apply to you.
> A production environment should usually be setup up properly with explicit roles and normal access control.
… and sudo is a common tool for doing that so you can do things like say members of this group can restart a specific service or trigger a task as a service user without otherwise giving them root.
Yes, there are many other ways to accomplish that goal but it seems odd to criticize a tool being used for its original purpose.
PSA for anyone reading this, you should probably use polkit instead of sudo if you just want to grant systemd-related permissions, like restarting a service, to an unprivileged user.
It's roughly the same complexity (one drop-in file) to implement.
I’d broaden that slightly to say you should try to have as few mechanisms for elevating privileges as possible: if you had tooling around sudo, dzdo, etc. for PAM, auditing, etc. I wouldn’t lightly add a third tool until you were confident that you had parity on that side.
> Why would you be running sudo in production? A production environment should usually be setup up properly with explicit roles and normal access control.
And doing cross-role actions may be part of that production environment.
You could configure an ACME client to run as a service account to talk to an ACME server (like Let's Encrypt), write the nonce files in /var/www, and then the resulting new certificate in /etc/certs. But you still need to restart (or at least reload) the web/IMAP/SMTP server to pick up the updated certs.
But do you want the ACME client to run as the same service user as the web server? You can add sudo so that the ACME service account can tell the web service account/web server to do a reload.
In your example certbot is given permission to write to /var/www/.well-known/acme-challenge and to write certs somewhere. Your web server also has permission to read those files too.
There is no need for the acme client and web server to run as the same user. For reloads the certbot user can be given permission to just invoke the reload command / signal directly. There does not need to be sudo in between them.
If he actually did charge money someone else would've written an implementation of sudo to solve their own needs and avoid the overhead of transacting with a random developer.
Seriously, just put a VAT on digital services to fund a system that pays out grants to individuals to help maintain open source software. It should be obvious by now that corporations will rat fuck the commons for monetary gain and there is a serious need for democratic initiatives to put technology back into the hands of the people.
I disagree on "the most critical" part. You can be superuser at all times. I understand the arguments why not; I am pointing out that this is possible. Despite people claiming aliens will arrive and nothing will work, everything works fine when the superuser account is used too.
Also, I disagree that every company needs to pay the man. Funding is important, yes, but a *nix system is not crippled without sudo. You can change the permission systems. The superuser can do so too. It is not black magic. The permission system is trivial. sudo is simply a feature of convenience, not a "if sudo does not exist, nothing works" - that just makes no sense.
Say, I clone sudo. Clearly, a human applying freedom zero. I use it in my projects. Probably still freedom zero. I use it in my CI pipeline for the stuff that makes me money... corporation or human? If it's corporation, what if I sponsor a not-for-profit that provides that piece of CI infra?
The problem is that "corporation or not" has more shades than you can reasonably account for. And, worse, the cost of accounting for it is more than any volunteer wants to shoulder.
Even if this were a hard and legally enforceable rule, what individual maintainer wants to sue a company with a legal department?
What could work is a large collective that licenses free software with the explicit goal of extracting money from corporate users and distributing it to authors. Maybe.
And the shades in between account for the large number of new licensing schemes sprouting, with different restrictions on what is and isn't possible. (Not to mention the large number of "just used it anyways" instances). And it struggles for smaller utilities, or packages of many different things.
It's "worked out" in the sense that it still doesn't really work for a lot of maintainers.
As covered literally just a few days ago (IIRC), you absolutely can demand payment: https://github.com/LGUG2Z/komorebi actively works to detect MDM, and if found, demand payment.
Not open source, but an interesting counterpoint, I think.
> any time someone says something is post-$thing it means what they are doing is in dialogue with and in response to $thing. “we were doing that before $thing” no, you can’t be in dialogue with something that hasn’t happened yet.
> this is like saying “what do you mean post-modernist architecture, architecture predates modernism”.
If you can't explain why it did not work in the past, and can't explain how & why things will be different this time, you don't have a plan. History is a harsh mistress.
GPLv3 is a bit overreaching , especially in patent clauses. The GPL as idea is great but the license needs a little more refining
The constant fear of lawyers that using some GPL lib will infest entire codebase of their project with GPL is a real problem that stops many corporations from contributing in the first place.
Copyright law is hundreds of years old and originally was intended to prevent owner-operators of mechanical printing presses from printing and selling copies of some author's books without paying them or getting permission.
> originally was intended to prevent owner-operators of mechanical printing presses from printing and selling copies of some author's books without paying them or getting permission.
We agree that that was its initial stated intention.
However, what we have seen in practice is that it has resulted in the owner-operators of those machines banding together to restrict access to the machines unless authors sign exploitative contracts assigning their rights to the operators (which they interpret as "getting permission").
This precisely. What started out as a way of rewarding authorship (of text, software, or other things) has mainly become a way of extracting rent -- see the music, movie, and software industries. In the digital age, when the cost of making copies of such works is approximately zero, copyright law ceases to make sense.
Note that this does not mean you cannot make money selling software or software-related services. For example, game developers could still sell keys for online play on their servers even if they couldn't copyright the binaries.
I am not sure sudo is licensed under MIT or GPL, looks it's like a mix of licenses[1]. The end of the first license says it's sponsored in part by DARPA.
From 2010 to February 2024, it was sponsored by Quest Software according to the history page[2].
I used to volunteer for a local non-profit a few years ago.
From time to time, I would reflect on the fact that Microsoft and other commercial suppliers were getting paid for providing services to us, but I was expected to work for free.
You can only fix that with leverage. The sudo maintainer doesn't have it. sudo is valuable, but if Todd stepped away, you could (and would) find other maintainers because it's so important.
If you want to fix it, you need organizational heft comparable to the companies using it, and the ability & willingness to make freeriding a more painful experience.
Things have changed quite a bit in the past 30 years!
I encourage you to peek at their changelog (https://www.sudo.ws/releases/changelog/) for more insight into why this project is still under active development.
It's all bug fixes it seems. What is surprising is that so many bugs remain even after all this time and effort. And no, for the most part these are not the kinds of bugs that are squashed by a rewrite in Rust.
I guess I don’t understand. Take RHEL. The sudo maintainer seeking a new sponsor affects upstream velocity and stewardship, not the deployed trust model of enterprise distributions. RHEL does not “follow HEAD.” It vendors a known-good snapshot and assumes long-term responsibility for it.
Core tools like sudo have survived things like this before
Sounds like we need an open source index fund where you can make one payment that goes into a pool of money which is invested into the top 1000 open source projects.
It almost seems like someone ought to be able to build some kind of digital currency with low transaction fees and no centralized payment processor that could power microtransactions. I wonder why nobody has done that yet.
I know crypto was supposed to solve this problem, but I’ve never seen an implementation that actually did the job. You’d think someone would have built a successful “Patreon for micropayments” in the past 10 years, but no one has.
Yeah I think the problem is that most of the main chains had astronomical transaction fees; most of the side chains that solved this problem had a trust problem; and Bitcoin Lightning was sorta dead on arrival, though it had both the trust and the technology solution. At that point, this forum had already moved BTC from "amazing new technology" to "huge threat to social order and environment".
Sounds like the above 2 ideas should be combined.
Lightning payments are more or less free, and an index or tracker that looks at your bash history could make it possible to spread 5$ per month over all projects that you use.
Why? If every person participating is giving $10-$20 per month to tens or hundreds of projects and then once distributed, this equates to $x00 or $x000/project/month, why would the payment processors mind. Of course, it's all in theory.
This is why I feel like a missing piece of Patreon/Kofi/whatever is the ability to say "Here's $x; divide it automagically amongst the creators I'm currently following"
Sure, I think a lot of those donations would amount to a few pennies or so at once, but I feel like a lot more people would be willing to support creators if they didn't have to constantly choose which to support.
I would love it if something like Github would accept donations from a repo and parcel it out to the repo's dependencies somehow. It would sadly make Github even stickier, but it would be a great feature.
I've said it before, open source works poorly in this area. It's great if everyone's getting paid fat money in a day job and can maintain their pet project a few days a month, but that's just not true for a lot of people.
It's disgusting that maintainers of critical projects have to go through the humiliation of begging for money, and absurd to suggest they all hang out Kofi or PAtreon banners. Realistically nobody is going to go through their bash history working out what utilities they use in order of frequency and allocating funds to the maintainers proportionally. I'm baffled that some entity like the Linux Software Foundation isn't administering this already.
> Realistically nobody is going to go through their bash history working out what utilities they use in order of frequency and allocating funds to the maintainers proportionally.
Not if we don't make it easy for them. I had Claude whip up fundcli a while ago, but this post got me to finally upload it. It goes through your http://atuin.sh/ history (raw .bash_history/.*history doesn't have enough information) and generates links to projects for you to donate to.
git clone https://github.com/fragmede/fundcli
uv run src/fundcli/cli.py analyze
uv run ./src/fundcli donate --amount 100
to get links to donate $100 for last month's usage. There's also http://thanks.dev if you're looking for other places to donate to based on your open source usage.
I feel like this should have been the responsibility of investors and venture capitalists. In a normal society, the moneyed folks should give special treatment to the folks who have proven themselves to be effective givers.
Unfortunately, it seems like either the moneyed folks don't care or the current financial structure simply does not support this.
I wonder if a few people going beyond what is reasonable, is representative of open source projects.
For a lot of open source projects, if you have a normal day job and spend a few hours per week on a project, then the project just never gets very big. It exists, may have a few users. But on a larger scale, nobody knows it exists.
The exceptions are projects where developers spend a lot of time on the project at the expense of a day job. Though there is the possibility that they may have a hard time having a day job in the first place, which may have let to the situation with the open source project.
In general, I think we do have a culture problem where we think projects need to be successful. And people working on a project 'need' to support users (who in general don't pay).
And that expectation of free work happens throughout the open source ecosystem as well. Distributions expect projects to fix bugs for free. Open source projects expect libraries and compilers to be maintained.
Ultimately, change has to come from people who refuse to work for free. Doing something as a hobby for free is perfectly fine. As long as it stays within the scope of a hobby project.
I think this is partly an education problem, and partly an industry culture problem. Lots of young developers are incentivized to 'contribute' to open-source as a way to demonstrate that they can actually write software. So open-source becomes a way of signalling competence when at a broader scale it's just extracting wealth from the vulnerable.
Open-source seems to be fragmented into three groups now. Large enterprise open-source like Kubernetes or OpenStack where the license seems more like a legal agreement amongst vendors to not sue each other. Legacy open-source projects that are getting by on brand recognition and sheer willpower. And a whole bunch of noise from people who are looking to leverage open-source into a job of some sort.
may also fund retirements for certain individuals, and there is for sure enough free juice to get it started in a very reasonable way. these people really deserve it, the same way Nobels extist, etc.
Look again at the xkcd comic (I did before posting the comment). The sandwich-making person is not obviously female, in fact he(?) looks rather male according to xkcd convention.
Reading the release history[1]. I'm kind of shocked that sudo gets active development and monthly releases. I would have thought that something this old and venerated would have been "done" long ago.
I was wondering the same thing. I would have thought every possible combination of parameters would have been tried by now. I guess it just goes to show you that your code is never really complete.
But also sudo has A LOT of features that 95% of people don't use. Just checkout `man sudo` to get a sense for this. And it includes plugins like the popular visudo plugin. You can see from the release cadence that real improvements continue to be made. Though it is a bit more work to secure a moving target.
Yeah, silly as it is, I guess it didn't even occur to me that sudo had a developer or maintainer, or was even a "program"; to me it has been one of those things that has and always will exist and I had just assumed it evolved and came about alongside Cro-Magnon man.
But of course, that's silly. Of every piece of software has to be written. I should probably throw the guy a few bucks, considering his code runs in basically every big script on the planet.
I think the rise of the open-source redistributor groupie has been an interesting cultural revolution. I wonder if it will persist. Even 10 years ago, the idea of Free As In Speech dominated the idea of Free Software. Today, the greatest enthusiasm on Hacker News and Reddit is for something like Meta's Llama license (which cannot be used by people or corps with sufficient numbers of users). It certainly seems like someone out there could go out and propose the Microfree License which only applies to sufficiently non-rich people.
For my part, I want none of it. I find this reduction of a significant philosophy to some kind of base tax-and-distribute mechanism distasteful. I don't like communities were this stuff is big and they always want to run some taxation scheme where they redirect money to their own personal pet projects. It is fortunate that modern tools are good enough to build personal insulation from this stuff.
Imagine the farce of Apply HN repeated continuously. Simply awful.
It's genuinely terrifying to think how much of the modern internet rests on the shoulders of a few people maintaining core utilities like sudo, curl, and openssl for decades. Todd is a legend.
[OP] wodniok | 12 hours ago
stego-tech | 12 hours ago
The fact that sudo is a critical security pillar for trillions of dollars of global infrastructure but this guy gets bupkis for it screams volumes about the current state of technology.
We must do better, or it’ll be closed systems (OpenAI, Microsoft, Apple, Google, Oracle) all the way down as maintainers age out, go bankrupt, or die without succession plans in place.
palmotea | 12 hours ago
Maybe we need a license that's even more onerous to corporations than the AGPL, like something with a revenue share clause.
Or maybe the problem is the naivete of software engineers. In aggregate, there was so much embrace of libertarianism that no groundwork was laid to protect ourselves from things like AI and offshoring.
stego-tech | 12 hours ago
It's...frustrating, but those who do the work are the most qualified to explain what they need. For the rest of us, it's encouraging them to seek reasonable compensation for their work from those who exploit it for profit, and that doing so doesn't necessarily go against the spirit of open source.
calvinmorrison | 12 hours ago
acuozzo | 12 hours ago
The US economy of the 1980s, 1990s, and 2000s made it possible.
softfalcon | 12 hours ago
In my opinion, libertarianism in software is a hollow dream that leads people to make foolish decisions that can't be protected. This makes it easy for corporations to exploit and quash any barely audible opposition.
Almost as if by plan, the libertarian mindset has eroded and weakened open source protections, defanging and declawing it every step of the way.
htx80nerd | 12 hours ago
about the current state of Big Corp vampires who are happy to bleed everyone dry to put more $$ in their own very fat pockets
softfalcon | 12 hours ago
functionmouse | 12 hours ago
People aren't vampires because they're on top, they're on top because they're vampires.
Shit flows downstream
whatis991 | 12 hours ago
One approach is to have expectations to not only the economic system, but also other systems, and the different people involved, no matter if they're on the top, on the bottom, or somewhere in the middle.
softfalcon | 12 hours ago
Not trying to be glib here. This feels like the embrace, extend, extinguish pattern that we jokingly used to think was only Microsoft. It is now becoming more and more obviously the modus operandi of the entire enterprise software ecosystem.
I believe you are correct to be frustrated and ringing the alarm bell. This is a "death of the commons" moment for OSS.
drnick1 | 12 hours ago
What about the Rust rewrite (sudo-rs)? I think it shows people are interested in maintaining and/or modernizing tools taken for granted.
whatis991 | 12 hours ago
Edit:
To specify, new projects like sudo-rs may seem promising, but going by observation and experience with similar projects, there is no guarantee that sudo-rs and similar projects will be successful, good and continued to be maintained. The problems with old projects can end up applying to new projects as well. And projects in Rust are no exception, going by experience with existing, older Rust projects.
Aside, a pet peeve I have is that for instance Ruffle has not turned out as successful as I had hoped for, even after several years and many sponsors. The proprietary Flash runtimes written in C still outperform Ruffle greatly in some cases, causing problems for some users that want to use Ruffle instead of other runtimes.
aw1621107 | 12 hours ago
This seems like a bit of a non-sequitur; the state of non-sudo-rs projects/libraries says nothing about the state of sudo-rs itself.
Not to mention that I'd imagine a similar statement would probably be true for projects and libraries written in any reasonably popular language.
fragmede | 7 hours ago
voxl | 11 hours ago
ndiddy | 11 hours ago
Sudo uses the OpenBSD license, while sudo-rs is dual licensed under MIT and Apache 2.0. Both licenses seem equally permissive to me.
tokyobreakfast | 12 hours ago
The Rust smokescreen is mostly being used to slowly eradicate the GPL.
Like Lenin said, "Who stands to gain?"
wrs | 11 hours ago
alt227 | 10 hours ago
hobofan | 8 hours ago
[0]: https://trifectatech.org/
whatis991 | 12 hours ago
What if the exploitative aspect is open source itself? Trick some above average but naive developers into giving their talent, effort, insights and time away for free or very little? Maybe open source or something similar could have been organized in a way that wasn't exploitative and wasn't (possibly) unsustainable, but that is not how things ended up with what Richard Stallman and others organized.
markus_zhang | 12 hours ago
You give it away for free so don’t be surprised to get abused. Human nature working at its best and worst here.
monero-xmr | 11 hours ago
Release it for free, no barrier to entry, no legal liability, the entire world can use it instantly. This is why free software spreads and catches on - precisely because it's free.
There is no way to form a business around FOSS without becoming a gatekeeping high-barrier entity. You can release for free then charge extra for consulting or special features, which many have done and continue to experiment with.
But the core reason why FOSS spreads and took over is precisely why it is difficult to fund. No one is going to pay for something when the alternative is free. And the moment you start to charge some free alternative comes along and your prior users spurn you as greedy
whatis991 | 11 hours ago
palmotea | 11 hours ago
That seems like an area that's ripe for innovation. What does it take to get setup on a platform like Patreon? Seems like something similar ought to be setup for open source/independent development, probably an idealistic nonprofit.
> and the barrier for someone to use your product is suddenly extremely high, simply because it costs something.
All the organizations who really ought to pay are already setup to do all that, and do it all the time.
> But the core reason why FOSS spreads and took over is precisely why it is difficult to fund. No one is going to pay for something when the alternative is free. And the moment you start to charge some free alternative comes along and your prior users spurn you as greedy
What we need is innovation. Maybe a license that has a trip-wire? If not enough money is voluntarily deposited into a tip jar over a certain period of time, the license requires a modest payment from all for-profit organizations of a particular size.
That's up-front, is for the most part free, and incentivizes some payment.
hypeatei | 11 hours ago
ycombinatrix | 10 hours ago
Even if you add functionality to phone home, it can be removed by all but the dumbest offenders.
imoverclocked | 10 hours ago
Practically nobody downloads and installs sudo directly from the project website; people install it with their distribution of choice. The agreement could be automated and included in the licensing process. ie: the license gives specific distributions access to the software (either via paid or other agreed-upon terms appropriate to the distribution) and perhaps individual licensing terms for non-commercial entities.
Of course, the bigger ask in this decade is in use for training LLMs. OSS shouldn't be laundered through an LLM (IMHO) for license avoidance. Maybe some projects are OK with that (eg: many BSD licensed works.) There are some that likely aren't.
Zambyte | 11 hours ago
People having control over their computer (and even having the right to share what they run on their computer!) is completely compatible with people paying for software labor.
fragmede | 7 hours ago
kristopolous | 10 hours ago
whatis991 | 10 hours ago
You need to have an alternative, and it needs to be a credible and reliable one, to ensure that it does not end up being the case that one scam is replaced with another scam.
kristopolous | 9 hours ago
We have carved out a class of engagements, labeled it deeply asocial, criminalized it and now we pursue people who engage in it through legal means.
Business really doesn't have this. Personal example - last week I was at a place where the business owner tried to overcharge me by an order of magnitude and then verbally attacked me when I caught him and backed out of the transaction.
His google and yelp reviews are full of people claiming false charges and all kinds of fraud, refusal to correct and repeated abuse until they closed their cards. It's wildly obvious what's going on here and I was on the ball enough to catch it.
I contacted the police and they said "well you should call the BBB or something". It's dozens of reviews of clear credit card fraud and for some reason because he's a merchant, doesn't seem to hit the radar.
These are purely criminal matters - people acting habitually in bad faith with ill intent in a brazenly dishonest manner.
Whether it's plundering the commons, polluting the public discourse, or breaking other types of social compacts, these should be treated the same as any other crime.
whatis991 | 9 hours ago
You do have points, though, but there might at least be some actions that you and others can take in this case. Maybe a medium change like changing the law on this specific point might make sense.
kristopolous | 8 hours ago
If there's an accumulation of complaints against this merchant then that should warrant an investigation.
The police have like half the local city budget, can't they do their job?
SoftTalker | 12 hours ago
Sudo is one of the poster children for creeping featuritis, to the point that the sudoers man page is a meme ("Don't despair if you are unfamiliar with EBNF ...")
Even OpenBSD gave up and implmented their own simplified replacement (doas).
asveikau | 11 hours ago
Maybe that's somehow related to why so many companies are shoving AI into a bunch of stuff that doesn't need it. Gotta keep everything on the hype train. Working and fulfilling people's needs is no longer good enough.
catdog | 7 hours ago
If a see a project with recent activity, best from multiple people it is a strong signal that this will happen, if the last commit is a year ago I must assume it's completely abandoned because most of the time it just is. Sometimes it's clearly communicated that it is the way because the authors see it as essentially feature complete, there are some examples of this but not that many honestly.
blame-troi | 11 hours ago
pjsg | 11 hours ago
rustyhancock | 11 hours ago
I'm not sure what can be gained for further development of the OG c sudo, add security patches of course.
But fund adding yet another feature 99.9% of users will never use? I can't fathom the justification for that. Just adding attack surface at this point.
Rightly both doas and the *-rs drops ins intend to drop most of those unnecessary features.
eviks | 11 hours ago
ddtaylor | 10 hours ago
stego-tech | 10 hours ago
On a long enough timeline, those fixes become fewer and less frequent as the codebase improves, but there is no "done" in software unfortunately. Hell, entropy itself means nothing is ever done, just in an ever-changing state.
throw0101a | 10 hours ago
Because new needs arise over time. For example, when I started in IT the "sudoedit" functionality was not present and so allowing someone to do "sudo vi …" would allow them breakout of the editor when it was running as root.
With sudoedit you can give people permissions to edit particular files with elevated permissions.
> Even OpenBSD gave up and implmented their own simplified replacement (doas).
They did not "give up": they found they needed only much simpler functionality shipped in the base OS. For example, sudo has functionality to talk to LDAP (which I've used at multiple jobs over the years), but is not needed for a local-only box. Once you need centralized account and privilege management, doas becomes much less useful.
groundzeros2015 | 10 hours ago
That is scary! I may need to look more at openbsd
overfeed | 10 hours ago
groundzeros2015 | 59 minutes ago
adolph | 10 hours ago
https://www.sudo.ws/docs/man/sudoers.ldap.man/
groundzeros2015 | 9 hours ago
I would expect another system to query ldap.
avadodin | 6 hours ago
I can't remember the name, but I read about a rust project a few months ago which claimed that even doas had too much feature creep.
numbsafari | 10 hours ago
Software is never "done".
The underlying APIs are always changing. The compilers and system libraries are changing.
Featuritis is a thing, but rolling it back is non-trivial as there are folks who depend upon it.
ycombinatrix | 10 hours ago
b00ty4breakfast | 10 hours ago
butterfi | 9 hours ago
eichin | 6 hours ago
Of course, 20+ years ago a big feature was platform compatibility, and since then we've gone from 10+ to 2ish, so if it's not explicitly enabling retrocomputing, it should be getting simpler, right?
arccy | 11 hours ago
sudo should have been a near complete tool after it was written.
sllabres | 10 hours ago
pwndByDeath | 11 hours ago
WorkerBee28474 | 11 hours ago
akokanka | 12 hours ago
jmclnx | 12 hours ago
IBM should be able to send a decent amount to Todd once in a while, but based upon how much IBM supports ssh ($0), all they are proving is they are very cheap and only wants be a parasite living off other's work.
fdupress | 12 hours ago
divbzero | 12 hours ago
https://www.millert.dev/therm/
Server exhaust fan temperature was typically 94°F (ranged 92°F to 96°F) over the previous week and has climbed to 97°F.
divbzero | 10 hours ago
calvinmorrison | 12 hours ago
kleiba | 12 hours ago
kleiba | 12 hours ago
divbzero | 10 hours ago
https://github.com/millert
varun_ch | 9 hours ago
zerotolerance | 12 hours ago
/s
Really though, it is remarkable just how high we've built this towering house of cards on the selfless works of individuals. The geek in me immediately begins meditating on OSS funding mechanisms I've seen in the past, and what might work today. Then I remember that I don't believe it can work, but hope desperately that people like Todd can keep paying rent and continue getting some satisfaction from the efforts.
OsamaJaber | 12 hours ago
boringg | 11 hours ago
lovich | 8 hours ago
No one[1] changes what product they are using based on funding or not of open source software. Companies will step in and fund it if they want control, like with Rust, or if the maintainer finally stops giving them free labor and they actually need the software.
[1] not enough people to alter finances
oconnore | 11 hours ago
Sudo is kind of a UX tool for user sessions where the user fundamentally can do things that require admin/root privileges but they don't trust themselves not to fat finger things so we add some friction. That friction is not really a security layer, it's a UX layer against fat fingering.
I know there is more to sudo if you really go deep on it, but the above is what 99+% of users are doing with it. If you're using sudo as a sort of framework for building setuid-like tooling, then this does not apply to you.
acdha | 10 hours ago
… and sudo is a common tool for doing that so you can do things like say members of this group can restart a specific service or trigger a task as a service user without otherwise giving them root.
Yes, there are many other ways to accomplish that goal but it seems odd to criticize a tool being used for its original purpose.
pphysch | 10 hours ago
It's roughly the same complexity (one drop-in file) to implement.
acdha | 8 hours ago
yjftsjthsd-h | 14 minutes ago
bobmcnamara | 10 hours ago
throw0101a | 10 hours ago
And doing cross-role actions may be part of that production environment.
You could configure an ACME client to run as a service account to talk to an ACME server (like Let's Encrypt), write the nonce files in /var/www, and then the resulting new certificate in /etc/certs. But you still need to restart (or at least reload) the web/IMAP/SMTP server to pick up the updated certs.
But do you want the ACME client to run as the same service user as the web server? You can add sudo so that the ACME service account can tell the web service account/web server to do a reload.
charcircuit | 3 hours ago
There is no need for the acme client and web server to run as the same user. For reloads the certbot user can be given permission to just invoke the reload command / signal directly. There does not need to be sudo in between them.
bigstrat2003 | 10 hours ago
bloqs | 10 hours ago
jcelerier | 3 hours ago
brightball | 10 hours ago
Everybody thinks somebody else should help, so nobody does.
lenerdenator | 10 hours ago
JuniperMesos | 5 hours ago
snvzz | 51 minutes ago
shimman | 9 hours ago
AmbroseBierce | 6 hours ago
shevy-java | 10 hours ago
Also, I disagree that every company needs to pay the man. Funding is important, yes, but a *nix system is not crippled without sudo. You can change the permission systems. The superuser can do so too. It is not black magic. The permission system is trivial. sudo is simply a feature of convenience, not a "if sudo does not exist, nothing works" - that just makes no sense.
noosphr | 9 hours ago
Only humans should have freedom zero. Corporations and robots must pay.
groby_b | 9 hours ago
Say, I clone sudo. Clearly, a human applying freedom zero. I use it in my projects. Probably still freedom zero. I use it in my CI pipeline for the stuff that makes me money... corporation or human? If it's corporation, what if I sponsor a not-for-profit that provides that piece of CI infra?
The problem is that "corporation or not" has more shades than you can reasonably account for. And, worse, the cost of accounting for it is more than any volunteer wants to shoulder.
Even if this were a hard and legally enforceable rule, what individual maintainer wants to sue a company with a legal department?
What could work is a large collective that licenses free software with the explicit goal of extracting money from corporate users and distributing it to authors. Maybe.
conception | 9 hours ago
mulmen | 8 hours ago
The problem with commercial software is the lock in.
groby_b | 8 hours ago
It's "worked out" in the sense that it still doesn't really work for a lot of maintainers.
wmf | 9 hours ago
zhengyi13 | 9 hours ago
Not open source, but an interesting counterpoint, I think.
bsnnkv | 8 hours ago
- https://lgug2z.com/articles/normalize-identifying-corporate-...
- https://lgug2z.com/articles/i-started-identifying-corporate-...
The post-open source space is indeed a very exciting space in 2026
alt187 | 3 hours ago
bsnnkv | 3 hours ago
> this is like saying “what do you mean post-modernist architecture, architecture predates modernism”.
https://lobste.rs/s/kaftkn/i_started_identifying_corporate_d...
saubeidl | 8 hours ago
noosphr | 8 hours ago
fragmede | 7 hours ago
saubeidl | 7 hours ago
david-gpu | 7 hours ago
PunchyHamster | 6 hours ago
The constant fear of lawyers that using some GPL lib will infest entire codebase of their project with GPL is a real problem that stops many corporations from contributing in the first place.
aboardRat4 | 6 hours ago
It's copyright law which should go away.
satvikpendem | 5 hours ago
JuniperMesos | 5 hours ago
degamad | an hour ago
We agree that that was its initial stated intention.
However, what we have seen in practice is that it has resulted in the owner-operators of those machines banding together to restrict access to the machines unless authors sign exploitative contracts assigning their rights to the operators (which they interpret as "getting permission").
drnick1 | 4 hours ago
This precisely. What started out as a way of rewarding authorship (of text, software, or other things) has mainly become a way of extracting rent -- see the music, movie, and software industries. In the digital age, when the cost of making copies of such works is approximately zero, copyright law ceases to make sense.
Note that this does not mean you cannot make money selling software or software-related services. For example, game developers could still sell keys for online play on their servers even if they couldn't copyright the binaries.
omoikane | 8 hours ago
From 2010 to February 2024, it was sponsored by Quest Software according to the history page[2].
[1] https://github.com/sudo-project/sudo/blob/main/LICENSE.md
[2] https://www.sudo.ws/about/history/
sixtyj | 7 hours ago
After all, people in these companies don't work for free and are able to spend a lot of money for other services.
6LLvveMx2koXfwn | an hour ago
throw0101c | 7 hours ago
Greenpeace is a (non-profit) corporation. Unions are corporations. Municipalities. Colleges and universities.
* https://en.wikipedia.org/wiki/Legal_person
Should they have to pay?
noosphr | 7 hours ago
llbbdd | 6 hours ago
isatty | 5 hours ago
With that logic why should non profits have to pay for anything at all?
degamad | an hour ago
From time to time, I would reflect on the fact that Microsoft and other commercial suppliers were getting paid for providing services to us, but I was expected to work for free.
groby_b | 9 hours ago
If you want to fix it, you need organizational heft comparable to the companies using it, and the ability & willingness to make freeriding a more painful experience.
eichin | 6 hours ago
af78 | 8 hours ago
SunlitCat | 3 hours ago
tuhgdetzhh | 8 hours ago
gonzo41 | 7 hours ago
aboardRat4 | 6 hours ago
Isn't it done and finished, after 30 years of development?
not_ai | 6 hours ago
aboardRat4 | 6 hours ago
mulmen | 5 hours ago
alt187 | 3 hours ago
s5fs | 5 hours ago
I encourage you to peek at their changelog (https://www.sudo.ws/releases/changelog/) for more insight into why this project is still under active development.
drnick1 | 4 hours ago
firesteelrain | 3 hours ago
Core tools like sudo have survived things like this before
jandrese | 11 hours ago
rileymat2 | 11 hours ago
bobmcnamara | 10 hours ago
einsteinx2 | 10 hours ago
__turbobrew__ | 10 hours ago
krior | 4 hours ago
aftbit | 9 hours ago
einsteinx2 | 9 hours ago
aftbit | 7 hours ago
jorvi | 11 minutes ago
janandonly | 9 hours ago
ycombinatrix | 10 hours ago
karamanolev | 10 hours ago
ycombinatrix | 10 hours ago
"Paypal keeps $0.30 + 2.9% of every donation, so please keep anything less than $0.32 as they have enough money already."
i think Cash App has the lowest fees i've seen at like $0.01 which would still be too much.
not saying it is impossible - but likely not viable directly with the current payment providers.
squigz | 10 hours ago
Sure, I think a lot of those donations would amount to a few pennies or so at once, but I feel like a lot more people would be willing to support creators if they didn't have to constantly choose which to support.
robertlagrant | 10 hours ago
ak009 | 10 hours ago
jandrese | 9 hours ago
gregw2 | 7 hours ago
That might be why he hasn't mentioned it.
adolph | 10 hours ago
https://github.com/sponsors/sudo-project
RhysU | 7 hours ago
fHr | 11 hours ago
dwflanagan | 10 hours ago
anigbrowl | 10 hours ago
It's disgusting that maintainers of critical projects have to go through the humiliation of begging for money, and absurd to suggest they all hang out Kofi or PAtreon banners. Realistically nobody is going to go through their bash history working out what utilities they use in order of frequency and allocating funds to the maintainers proportionally. I'm baffled that some entity like the Linux Software Foundation isn't administering this already.
fragmede | 9 hours ago
Not if we don't make it easy for them. I had Claude whip up fundcli a while ago, but this post got me to finally upload it. It goes through your http://atuin.sh/ history (raw .bash_history/.*history doesn't have enough information) and generates links to projects for you to donate to.
to get links to donate $100 for last month's usage. There's also http://thanks.dev if you're looking for other places to donate to based on your open source usage.jongjong | 9 hours ago
Unfortunately, it seems like either the moneyed folks don't care or the current financial structure simply does not support this.
badsectoracula | 5 hours ago
phicoh | 9 hours ago
For a lot of open source projects, if you have a normal day job and spend a few hours per week on a project, then the project just never gets very big. It exists, may have a few users. But on a larger scale, nobody knows it exists.
The exceptions are projects where developers spend a lot of time on the project at the expense of a day job. Though there is the possibility that they may have a hard time having a day job in the first place, which may have let to the situation with the open source project.
In general, I think we do have a culture problem where we think projects need to be successful. And people working on a project 'need' to support users (who in general don't pay).
And that expectation of free work happens throughout the open source ecosystem as well. Distributions expect projects to fix bugs for free. Open source projects expect libraries and compilers to be maintained.
Ultimately, change has to come from people who refuse to work for free. Doing something as a hobby for free is perfectly fine. As long as it stays within the scope of a hobby project.
kcexn | 2 hours ago
Open-source seems to be fragmented into three groups now. Large enterprise open-source like Kubernetes or OpenStack where the license seems more like a legal agreement amongst vendors to not sue each other. Legacy open-source projects that are getting by on brand recognition and sheer willpower. And a whole bunch of noise from people who are looking to leverage open-source into a job of some sort.
I'm not sure what the solution is...
shevy-java | 10 hours ago
We need to find better models. Even if it is just "low(er)" payment; that would still be better than zero or near zero payment.
larodi | 10 hours ago
may also fund retirements for certain individuals, and there is for sure enough free juice to get it started in a very reasonable way. these people really deserve it, the same way Nobels extist, etc.
dangoodmanUT | 9 hours ago
but the mascot for sudo is terrifying
ahartmetz | 9 hours ago
hobofan | 9 hours ago
ahartmetz | 7 hours ago
hobofan | 7 hours ago
metalliqaz | 5 hours ago
thelastgallon | 9 hours ago
The Largely Untold Story Of How One Guy In California Keeps The World’s Computers Running On The Right Time Zone: https://onezero.medium.com/the-largely-untold-story-of-how-o...
https://xkcd.com/2347/
debo_ | 8 hours ago
ryandrake | 9 hours ago
1: https://www.sudo.ws/releases/devel/
hobofan | 9 hours ago
kachapopopow | 3 hours ago
imchillyb | 3 hours ago
yjftsjthsd-h | 23 minutes ago
sizzzzlerz | 8 hours ago
varenc | an hour ago
But also sudo has A LOT of features that 95% of people don't use. Just checkout `man sudo` to get a sense for this. And it includes plugins like the popular visudo plugin. You can see from the release cadence that real improvements continue to be made. Though it is a bit more work to secure a moving target.
tombert | 49 minutes ago
But of course, that's silly. Of every piece of software has to be written. I should probably throw the guy a few bucks, considering his code runs in basically every big script on the planet.
arjie | 8 hours ago
For my part, I want none of it. I find this reduction of a significant philosophy to some kind of base tax-and-distribute mechanism distasteful. I don't like communities were this stuff is big and they always want to run some taxation scheme where they redirect money to their own personal pet projects. It is fortunate that modern tools are good enough to build personal insulation from this stuff.
Imagine the farce of Apply HN repeated continuously. Simply awful.
debo_ | 8 hours ago
https://xkcd.com/149/
baggy_trough | 8 hours ago
https://www.freedesktop.org/software/systemd/man/256/run0.ht...
h4kunamata | 7 hours ago
gwbas1c | 7 hours ago
https://www.millert.dev/images/photos/todd_ducktape_man.gif
Uhm, how did Todd relieve himself in that costume?
cr125rider | 4 hours ago
DonHopkins | 4 hours ago
RickJWagner | 4 hours ago
heftykoo | 3 hours ago
rixed | 40 minutes ago
khaki54 | 2 hours ago
ilaksh | 2 hours ago
Can donate there.
My bank account is basically empty but I will contribute a few bucks.