Hacker News new | past | comments | ask | show | jobs | submit login
Handshake Donates $300k to Debian (debian.org)
192 points by edward 3 months ago | hide | past | web | favorite | 33 comments

I think we all owe a lot to Debian. I know there are a lot of high quality distros out there but most silicon valley companies I know use either Debian or Ubuntu which is ultimately based on Debian. It is just that one never consciously thinks about Debian and Ubuntu as non-profit services they've been using unlike for example Wikipedia. We should change that!

Eh .. while Debian is non profit Canonical most definitely is not. While they reinvest a ton of their profits back into Ubuntu, as far as I know they’re still in it to make money.

Debian is a non-profit, but it is also a volunteer run organization and many of those volunteers work at companies (Ubuntu being one of them) that are for profit and depend on the development of Linux for that profit.

Kind of. I think Canonical is losing money on purpose, because Shuttleworth really likes the desktop Linux dream.

They ended up turning a profit year after they dropped Unity and the team involved, I believe. But otherwise, Shuttleworth definitely does reinvest most of the profits.

How we ended up here? Many of us make $100K+ per year yet important projects we use every day get little to no funding. It's Debian! And I'm as guilty as the next guy for not donating.

I found out that a good way to make this easier is to donate when I get my annual bonus. It's not a lot, but then again, I'm a single person, and I'm a developer, not a company owner. I depend on open source projects to do my job, but I don't buy yachts with the money I make off FOSS software. I donate to a couple of projects that are helpful for me and to a few that I consider important on principle. It's a time of the year when I find it somewhat easier to part with a few hundred bucks -- plus it's bonus money, which I always leave out of any financial calculations, since you can't be 100% sure you're getting it.

There is one easy way to get rid of that guilt now. Have you donated yet?

He'd gonna hard pressed to find anything left over from a 100k salary lol.

Sure you could give a few dollars here, and there but when the shit hits the fan, hes gonna wish he had those dollars over of eating the family pet, or leather accessories.

Just your standard human greed and selfishness. We're all trying to get more at the expense of other people. It's how we evolved.

https://handshake.org/files/handshake.txt <-- is good to read. Blockstack is in there.

Handshake's security audit was also done by Zcash. If you look in the project info, they list all the info there.

Supposing there was such a thing, what would a Debian developer's hypothetical "billing rate" be?

US$300k seems like it'll fund roughly 1 proper man-year while covering indirect costs and effectively zero profit margin.

Freexian[1] is a software development company that hires developers[2] to work on Debian LTS[3]. The rates appear to be roughly $100/hr[4], which is about $200k/yr.

[1] https://www.freexian.com/

[2] https://wiki.debian.org/LTS/Funding

[3] https://wiki.debian.org/LTS/

[4] https://www.freexian.com/services/debian-lts.html

Nitpick, but calling it out as clients sometimes do the same thing as they see the math repeated.

The back of the napkin $100 x 40 x 50 == $200k w2 salary is misleading. Aside from self employment tax, needed liability insurance, no health insurance subsidy, no 401k match, etc...depending on location, you can also be subject to franchise taxes, etc. And most people making $200k as a salary don't work 50 weeks a year.

The health insurance subsidies alone, at a good company, are often worth $12k+/year, for example.

Thanks for sharing. Didn't know they existed.

Raphael's monthly reports[1] were very insightful and explains why equivalent billing rate seems anecdotally low.

[1] https://raphaelhertzog.com/tag/Freexian+LTS/

If you live in the US in a HCOL area, sure.

Edit: after thinking about it, my comment is unfounded and probably nonsense.

Might I ask how you came to that conclusion?

My remarks assumed a rough US national average. The enterprise billing rate for top SV talent certainly exceeds ~$144/hr.

I made a guesstimate based on the rate of a US freelancer I employed in the past. However, I just checked his most recent bill, then multiplying that by ~1800 hours (1 year), indeed it almost hits the 300k.

So I have to admit my comment doesn't make much sense.

Thanks for the clarification.

My estimate was based on 2080 hrs/yr; indirect costs such as insurance coverage, paid annual/sick leave, 401(k) matching, and operating costs that one might associate with a large software distribution.

Probably worth noting that the average freelancer bills a lot lower than typical for-profit enterprise.

You misunderstood. It’s the billing rate, not the salary that was asked about. Like when you call a plumber.

Yes, exactly.

When I first learned what my employer charges for 1 hour of my time, I was shocked and had to completely retool how I thought about these things...and that was knowing beforehand that, by law, we're not allowed to profit, and management had artificially lowered the engineering rate 2 years in row to make up for inefficiencies on the production side, keeping the organization competitive as a whole.

It must feel nice to work at a nonprofit. Assuming you have previous experience at for-profit companies, do you like that aspect of your job?

I've worked at two non-profits in the education sector and it's quite a change from having worked at for-profits, mostly in the IT sector. Things are way more relaxed (deadlines, SLAs, etc) and there's a constant worry about running out of funding so they make very conservative choices regarding buying equipment or using public clouds, for instance. I find it's hard to measure things as well when you're working with subjective metrics (e.g. are users "happy"? how do we define that?). Either that or these things didn't get communicated down the chain properly.

The mission is usually a big boost to your morale and engagement, but it's not the same for everyone.

Thanks for the insight!

I did, and I do, but to be sure, the organization I work for isn't a non-profit.

Our branch's projects manifest when: 1) data rights are on lockdown and can't legally be distributed; 2) data is limited, making acquisition risk too high; or 3) bids from the private sector far exceed what acquisition estimates suggest they should reasonably be. In general, these constraints tend to keep things both interesting and challenging.

There is a section on Handshakes site concerning this: https://handshake.org/faq#grants

Blockstack was also awarded equity. docs.blockstack.com

I am sad that the biggest donation to Debian is... a DNS-but-on-blockchain, in Javascript. (And with their own coin, of course.)

You're leaving out the fact that this eliminates the security mess that is the current DNS system which is so easily compromised by hacker groups and state actors.

Blockchain is the perfect protocol for DNS since it's totally transparent and establishes consensus without blind trust.

There is in fact blind trust in blockchains. It's blind trust in stone-written legislature that has the aim of being universal. You can't change what trust means, it's a highly complex concept which already has a meaning for individuals and groups, prior to any techno-financial objective/essential/analytic metric you map to it. BGP has understood that, SCP too. ssl/tls PKI also works that way although big corps effectively control the policy using large CAs and browser bundles. On the "dns" side, there is the gnunet name system which goes that way too [1].

Names and identities are always relative to a (tree of) policy and decentralization of control means that ultimately the root is you. Blockchains (quite well-defined by handshake actually, as crypto-financially incentivized strong consensus) take the incompatible route of making statements public and permanent (instead of gated and amendable) and conflating abstract protocol with concrete network (eg imposing a distinguished core policy). Blockchains may be participatory but they are totalitarian and authoritarian, they deny the possibility of local independence. It's "either you are us or you don't exist". It's authoritarian in the same way android permissions are (or were, i don't recall the specifics): either you accept all we ask or you don't install. There is no room for negotiation since the whole thing works as a monolithic black box and treats you as an outsider/client/consumer.

I believe a core property for a decentralized naming protocol should be to stop trying to construct trust anchors and concrete network. Fluctuations and definitions of these trust anchors cannot be governed by tech, they will come out of meetings, social circles, interests, beliefs. As such the system should encourage that out-of-band behavior and make it easy to have the system controlled by the real-life status of these anchors and the scope of the networks.

[1] A Censorship-Resistant, Privacy-Enhancing and Fully Decentralized Name System. Matthias Wachs, Martin Schanzenbach, Christian Grothoff.

You can just link the site you know... https://gnunet.org/

Satoshi Labs should consider a donation :) Since Trezor devices now support many coins, I'm sure that there is a much higher demand for the devices. If you are a purist, please update trezor-connect so that it doesn't rely on a Bitcore instance that you manage

I don't work at SatoshiLabs anymore, partly because I have realized most of crypto is a scam. I think I don't have it written anywhere anymore.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact