🪥 FlossFunding
🌻 Synopsis
This tool can help library maintainers earn money from their open source work in one line of code.
- 👉️ No network calls.
- 👉️ No tracking.
- 👉️ No oversight.
- 👉️ Minimal crypto hashing.
- 💡 Easily disabled*
* There will be many ways to disable nags, to ensure it is always an option for Mr. Scrooge.
A global ones is:
ENV['FLOSS_FUNDING_SILENT'] = "CATHEDRAL_OR_BAZAAR"`
Instructions for turning this tool off will always be front and center.
If all you want is to turn it off, no sense in wasting your time figuring out how.
Now, back to the one line of code I mentioned. If you blink you may miss it…
module MyGemLibrary
include FlossFunding::Poke.new(__FILE__) # <====== THERE IT IS! ONE LINE OF CODE!
end
The website that will generate activation keys for your gems is coming soon @ floss-funding.dev. FLOSS Funding relies on empathy, respect, honor, and annoyance of the most extreme mildness. It doesn’t accept payments for activation keys, and trusts you to go and sponsor or donate to your favorite open source projects before getting their “activation key”.
What does an activation key do? It silences the nags for a library, and “activates” your peace of mind. It rewards you with a gold star sticker (⭐️) for each project you fund when your process exits. That’s it.
The project does not affect licensing of projects. It is purely a tool to help library maintainers earn money from their open source work.
This is permitted by nearly all, if not all, FLOSS licenses, including the popular MIT, BSD 2-clause, BSD 3-clause, Apache 2.0, etc.
There are two kinds of “free” in software:
- Free as in beer
- Free as in freedom (of speech)
No FLOSS licenses I am aware of guarantee “free as in beer”. Since developers deserve to be paid for their work, I decided to make this tool.
It has been my experience that work on the dark underbelly of software, down in the test harnesses, and the dev tools, often gets overlooked, as people focus on the big frameworks.
This tool makes it far easier to get paid for your work down there at the bottom of the stack, in the dev dependencies that get overlooked by most OSS funding tools.
Activation keys use a cipher encryption algorithm against a 2400-word dictionary, with some other data, like the project’s namespace, and the current month, thrown in, to make valid activation keys slightly difficult to discover manually. Once a key is made it is valid forever. There is no revocation. The activation keys are opaque, rather than private. They are not tied to you in any way. Other people may use the same one. And that’s fine! They don’t do anything except silence some STDOUT nagging.
Project summary
- Purpose
- Help FLOSS maintainers get funded without changing licenses or adding telemetry. Libraries add one line to include a small module that reminds users to fund the software they rely on.
- Default is consent and privacy-preserving: no network calls, no tracking, and easy opt-out when appropriate.
- Methodology (how it works)
- Inclusion: Libraries include FlossFunding::Poke.new(FILE) in a module or class; this fingerprints the library and records activation events when it loads.
- Activation keys via ENV: A user or CI sets ENV[“FLOSS_FUNDING_
"] to an activation key value. Keys can be unpaid silence tokens (e.g., Free-as-in-beer), explicit opt-out tokens (Not-financially-supporting- ), or a paid 64-hex-byte key. - Gentle messaging: On library load, if unactivated or invalid, a single-line friendly message can be printed (on-load nag). At process end, a short end-of-run summary can highlight one library with next steps (at-exit spotlight) plus a brief table of activated/unactivated counts.
- Sentinels: YAML lockfiles in the project root prevent over–nagging:
- .floss_funding.ruby.on_load.lock limits on-load messages per library within a window.
- .floss_funding.ruby.at_exit.lock ensures a given library isn’t repeatedly spotlighted at exit within a window.
- Configuration: Optional .floss_funding.yml lets a library suggest donation amount and provide a funding URL. Defaults exist for resilience.
- Philosophy
- Respect and empathy: Nags are mild, infrequent, and silent by default in many environments. Opt-out is always available and is treated as an “activated” state for silence.
- Zero network by design: All behavior is local and deterministic. This is a social, not technical, contract encouraging support.
- Ecosystem-agnostic future: Filenames include the ecosystem (e.g., .ruby) so the approach can be ported to other languages without collisions.
- Safety first: Any failure paths are defensive; the library should never break your build or flip a successful exit into a failure.
TO DO List
floss_funding ruby gem is a work in progress.
-
install take task
floss_funding:install- support for ruby gem implementers
- support for apps with dependencies that use floss_funding
- validation of activation keys
- working silencing
- working configuration
-
working CLI
floss_funding
Website coming soon.
-
A website to generate activation keys for gems
- List all known gems that can be activated with floss_funding
- Account creation with email address, for those who want to keep a record of their generated activation keys
- (Optional) Enter Gem Name
- Affirm they have purchased an activation key
- (Optional) Receive activation key specific to namespace & month generated
- Activation key will remain valid for that namespace forever (tested out to the June, 5425 C.E.)
I expect the current release of this gem to be compatible with Ruby 1.9.2+,
but it is only tested on CI against Ruby 2.3+,
due to the inherent limitations of GitHub Actions.
| 🚚 Amazing test matrix was brought to you by | 🔎 appraisal2 🔎 |
|---|---|
| 👟 Check it out! | ✨ github.com/appraisal-rb/appraisal2 ✨ |
💡 Info you can shake a stick at
Federated DVCS
Find this repo on other forges (Coming soon!)
| Federated [DVCS][💎d-in-dvcs] Repository | Status | Issues | PRs | Wiki | CI | Discussions | |-------------------------------------------------------|-------------------------------------------------------------------|---------------------------|--------------------------|---------------------------|--------------------------|------------------------------| | 🧪 [galtzo-floss/floss_funding on GitLab][📜src-gl] | The Truth | [💚][🤝gl-issues] | [💚][🤝gl-pulls] | [💚][📜wiki] | 🏀 Tiny Matrix | ➖ | | 🧊 [galtzo-floss/floss_funding on CodeBerg][📜src-cb] | An Ethical Mirror ([Donate][🤝cb-donate]) | [💚][🤝cb-issues] | [💚][🤝cb-pulls] | ➖ | ⭕️ No Matrix | ➖ | | 🐙 [galtzo-floss/floss_funding on GitHub][📜src-gh] | A Dirty Mirror | [💚][🤝gh-issues] | [💚][🤝gh-pulls] | ➖ | 💯 Full Matrix | [💚][gh-discussions] | | 🎮️ [Discord Server][✉️discord-invite] | [![Live Chat on Discord][✉️discord-invite-img]][✉️discord-invite] | [Let's][✉️discord-invite] | [talk][✉️discord-invite] | [about][✉️discord-invite] | [this][✉️discord-invite] | [library!][✉️discord-invite] |Enterprise Support 
Need enterprise-level guarantees?
[![Get help from me on Tidelift][🏙️entsup-tidelift-img]][🏙️entsup-tidelift] - 💡Subscribe for support guarantees covering _all_ FLOSS dependencies - 💡Tidelift is part of [Sonar][🏙️entsup-tidelift-sonar] - 💡Tidelift pays maintainers to maintain the software you depend on!📊`@`Pointy Haired Boss: An [enterprise support][🏙️entsup-tidelift] subscription is "[never gonna let you down][🧮kloc]", and *supports* open source maintainers Alternatively: - [![Live Chat on Discord][✉️discord-invite-img]][✉️discord-invite] - [![Get help from me on Upwork][👨🏼🏫expsup-upwork-img]][👨🏼🏫expsup-upwork] - [![Get help from me on Codementor][👨🏼🏫expsup-codementor-img]][👨🏼🏫expsup-codementor]
| Tokens to Remember |
 
|
|---|---|
| Works with JRuby |
     
|
| Works with Truffle Ruby |
   
|
| Works with MRI Ruby 3 |
     
|
| Works with MRI Ruby 2 |
       
|
| Works with MRI Ruby 1 |  |
| Source |
   
|
| Documentation |
   
|
| Compliance |
   
|
| Style |
   
|
| Support |
  
|
| Maintainer 🎖️ |
    
|
... 💖 |
    🧊 🐙 🛖 🧪
|
✨ Installation
Install the gem and add to the application’s Gemfile by executing:
$ bundle add floss_funding
If bundler is not being used to manage dependencies, install the gem by executing:
$ gem install floss_funding
🔒 Secure Installation
For Medium or High Security Installations
This gem is cryptographically signed, and has verifiable [SHA-256 and SHA-512][💎SHA_checksums] checksums by [stone_checksums][💎stone_checksums]. Be sure the gem you install hasn’t been tampered with by following the instructions below. Add my public key (if you haven’t already, expires 2045-04-29) as a trusted certificate: ```console gem cert --add <(curl -Ls https://raw.github.com/galtzo-floss/certs/main/pboling.pem) ``` You only need to do that once. Then proceed to install with: ```console gem install floss_funding -P HighSecurity ``` The `HighSecurity` trust profile will verify signed gems, and not allow the installation of unsigned dependencies. If you want to up your security game full-time: ```console bundle config set --global trust-policy MediumSecurity ``` `MediumSecurity` instead of `HighSecurity` is necessary if not all the gems you use are signed. NOTE: Be prepared to track down certs for signed gems and add them the same way you added mine.Terminology
- Nag: Non-debug, non-error, behavioral output from FlossFunding.
- on_load nag: a single-line message emitted during inclusion/load about missing or invalid activation.
- at_exit nag: the featured library information card rendered at process exit.
🔧 Basic Usage
Usage patterns:
- Traditional namespace (uses the including module’s name):
module MyGemLibrary include FlossFunding::Poke.new(__FILE__) end - Arbitrary custom namespace (can add version, or anything else):
module MyGemLibrary include FlossFunding::Poke.new(__FILE__, :namespace => "Custom::Namespace::V4") end
Configuration
Silence via lobal Environment Variable
For global silence the best solution is to set the environment variable FLOSS_FUNDING_SILENT=CATHEDRAL_OR_BAZAAR before your application starts.
If you can’t control ENV variables, and you can control the stack, at the beginning of the stack, before other things load, simply require "floss_funding/silent", and it will silence all output. Note that this is less performant than setting the global environment variable, as above.
Silence via Poke.new silent option.
silent options values can be any of:
- truthy - indicates that the library including Poke.new requires
FlossFundingto be silent, perhaps due to scanning the output of a command, or generating output that is expected elsewhere. - falsey - indicates that the library including Poke.new does not require
FlossFundingto be silent. This is effectively the default. - Object that responds to
:call- indicates that the library including Poke.new might requireFlossFundingto be silent, and that evaluation will be done whenever FlossFunding attempts to print something.
If you have a library that doesn’t know, at the time of Poke.new inclusion, if it needs silence, pass an object that responds to :call as the silent option to FlossFunding::Poke.new.
IMPORTANT - By the time your Poke.new using library loads into a stack, other libraries may have already loaded Poke.new for themselves, and may have already generated output. This is not a solution for silencing all output. The main thing it can reliably do is silence the output from the at_exit handler.
If you need to silence everything, do so by setting the environment variable FLOSS_FUNDING_SILENT=CATHEDRAL_OR_BAZAAR before your application starts.
File-based Configuration
Gems that use the floss_funding gem can configure some features by creating a .floss_funding.yml file at their root directory. This works in the same manner as .rubocop.yml for gems that use RuboCop.
The following options are configured via the .floss_funding.yml file:
-
suggested_donation_amount- The suggested donation amount to display in the begging message (default: 5) -
floss_funding_url- The URL to direct users to for donations or sponsorship
a. default: https://floss-funding.dev, which doesn’t take donations on behalf of other projects, but it will have helpful tips on how to find a way to donate.
Example Configuration
In your .floss_funding.yml at the root of your project:
suggested_donation_amount: 10
floss_funding_url: https://example.com/fund
🦷 FLOSS Funding
How wonderful it is that nobody need wait a single moment before starting to improve the world.
—Anne Frank
I’m driven by a passion to foster a thriving open-source community – a space where people can tackle complex problems, no matter how small. Revitalizing libraries that have fallen into disrepair, and building new libraries focused on solving real-world challenges, are my passions — totaling 79 hours of FLOSS coding over just the past seven days, a pretty regular week for me. I was recently affected by layoffs, and the tech jobs market is unwelcoming. I’m reaching out here because your support would significantly aid my efforts to provide for my family, and my farm (11 🐔 chickens, 2 🐶 dogs, 3 🐰 rabbits, 8 🐈 cats).
If you work at a company that uses my work, please encourage them to support me as a corporate sponsor. My work on gems you use might show up in bundle fund.
I’m developing a new library, floss_funding, designed to empower open-source developers like myself to get paid for the work we do, in a sustainable way. Please give it a look.
Floss-Funding.dev: 👉️ No network calls. 👉️ No tracking. 👉️ No oversight. 👉️ Minimal crypto hashing. 💡 Easily disabled nags
Here’s a joke I’m workshopping - tell me how I’m doing:
Software rots with time and lack of maintenance, just like teeth.
FLOSS funding should be done on a regular basis, just like tooth burshingDo it at least once a month.
– My fuzzy memory of pediatric dentist
🔐 Security
See SECURITY.md.
🤝 Contributing
If you need some ideas of where to help, you could work on adding more code coverage,
or if it is already 💯 (see below) check reek, issues, or PRs,
or use the gem and think about how it could be better.
We so if you make changes, remember to update it.
See CONTRIBUTING.md for more detailed instructions.
🚀 Release Instructions
See CONTRIBUTING.md.
Code Coverage
🪇 Code of Conduct
Everyone interacting with this project’s codebases, issue trackers,
chat rooms and mailing lists agrees to follow the .
🌈 Contributors
Made with contributors-img.
Also see GitLab Contributors: https://gitlab.com/galtzo-floss/floss_funding/-/graphs/main
⭐️ Star History
</a>
📌 Versioning
This Library adheres to .
Violations of this scheme should be reported as bugs.
Specifically, if a minor or patch version is released that breaks backward compatibility,
a new version should be immediately released that restores compatibility.
Breaking changes to the public API will only be introduced with new major versions.
dropping support for a platform is both obviously and objectively a breaking change
—Jordan Harband (@ljharb, maintainer of SemVer) in SemVer issue 716
I understand that policy doesn’t work universally (“exceptions to every rule!”),
but it is the policy here.
As such, in many cases it is good to specify a dependency on this library using
the Pessimistic Version Constraint with two digits of precision.
For example:
spec.add_dependency("library_tree", "~> 1.0")
📌 Is "Platform Support" part of the public API? More details inside.
SemVer should, but doesn't explicitly, say that dropping support for specific Platforms is a *breaking change* to an API. It is obvious to many, but not all, and since the spec is silent, the bike shedding is endless. To get a better understanding of how SemVer is intended to work over a project's lifetime, read this article from the creator of SemVer: - ["Major Version Numbers are Not Sacred"][📌major-versions-not-sacred]See CHANGELOG.md for a list of releases.
📄 License
The gem is available as open source under the terms of
the MIT License .
See LICENSE.txt for the official Copyright Notice.
© Copyright
-
Copyright (c) 2025 Peter H. Boling, of
Galtzo.com
- *1) If they were extracted into a general purpose `config_finder`, I'd use that instead, and I may do that at some point.
P.S. If you need help️ or want to say thanks, 👇 Join the Discord.