Send him an e-mail saying, "Hey, I sent you $100. I would deeply appreciate it if you spent it on your beverage of choice, or a nice dinner with a friend, rather than on necessities."
Charging $400/hour does not mean he does not need extra money. His nature of business is a short term projects, it's not like a regular web developer who has to work 40 hours a week for many month to finish a project, he only does audits which don't last long because of that you see this "high" (I personally don't think it's high) hourly rate.
It's actually a good strategy to price high hourly but over-deliver (doing lots of free work behind the scenes, or speculative unpaid work, etc.) -- rather than the market-clearing rate of ~100-150/hr, at least when you're trying to build a brand. At $400, he's clearly a specialist, and will get more interesting work; at $100/hr, you could hire him and just treat him like another developer, have him do cookie-cutter assessments, etc.
Personally, I think he'd make more money at $400-600/hr if he could also get some kind of manager to handle the interactions with clients; it doesn't seem to be what he enjoys, or is particularly good at.
(I've had drinks with him before, so probably the most effective way to accomplish my goal is to buy him drinks when I'm in town.)
Personally, I think he'd make more money at $400-600/hr if he could also get some kind of manager to handle the interactions with clients; it doesn't seem to be what he enjoys, or is particularly good at.
Completely agree. I'm not doing security, but my hourly is similar, and it was a game changer for me to have someone in a manager-like role working with me. Client relations are a huge time suck, but are also absolutely necessary. If he can find someone (or maybe someone on HN should volunteer), it'd be more than worth it.
BTW My manager takes a flat 15%. I'm much happier, clients are way happier, and my total income has increased as a result—not to mention another person is gainfully employed at something they're good at and enjoy. A win-win all the way around.
At least in my experience, I donate to groups that do good work but aren't getting paid for it. I wouldn't donate to people who are being paid (quite handsomely, in this case) for their labor. Especially when he's already clarified that GitHub paid him more than he thought his time was worth.
Perhaps you could clarify that part in your future posts, to appease the Internet haters on both sides. "I do paid contract work. However I also spend lots of time fixing open source stuff for free. If you want to encourage me to keep doing the latter, here's how to donate."
Donate or don't donate, that's your call. But why are you complaining about him asking for a donation? Why try to "shame" him? What is he doing to harm you?
Not sure why you're viewing my comment with such hostility. I was mistakenly under the impression that most of his work is contracted / bounty. He's already clarified his reason for accepting donations below, and I understand. I just think the placement/wording was less than ideal.
I doubt Egor is being paid for posting these summaries to his own blog for all of us to see. Even if he weren't contributing code to various libraries and applications, these write-ups are a great benefit to everyone else who has yet to be a target.