1 00:00:01,080 --> 00:00:03,000 Speaker 1: How'd you like to listen to dot net rocks with 2 00:00:03,080 --> 00:00:07,879 no ads? Easy? Become a patron for just five dollars 3 00:00:07,919 --> 00:00:10,800 a month. You get access to a private RSS feed 4 00:00:10,839 --> 00:00:14,279 where all the shows have no ads. Twenty dollars a month, 5 00:00:14,279 --> 00:00:16,879 we'll get you that and a special dot net Rocks 6 00:00:16,960 --> 00:00:21,000 patron mug. Sign up now at Patreon dot dot NetRocks 7 00:00:21,120 --> 00:00:36,000 dot com. Hey, welcome back to dot net rocks. I'm 8 00:00:36,079 --> 00:00:38,960 Carl Franklin at Amateur Cable, and we're here doing the 9 00:00:39,000 --> 00:00:40,880 thing with the stuff. You know what, we like it. 10 00:00:40,920 --> 00:00:43,439 I think I might make a write a song called 11 00:00:43,439 --> 00:00:45,159 the Thing with this Stuffing with the stuff. It's just 12 00:00:45,240 --> 00:00:51,799 so so useful in everyday conversation because you know, it's 13 00:00:51,960 --> 00:00:55,119 just what it says, is you know that whole context, 14 00:00:55,159 --> 00:00:57,520 the thing we've been talking about lately. Yeah, that's what 15 00:00:57,560 --> 00:00:57,960 I'm doing. 16 00:00:58,000 --> 00:01:00,759 Speaker 2: The thing that's the thing with the stuff and the stuffy. 17 00:01:00,960 --> 00:01:02,759 Definitely need them both. Yeah. 18 00:01:02,920 --> 00:01:04,959 Speaker 1: Now, if you just walk down the stairs in the 19 00:01:04,959 --> 00:01:06,760 morning and say you got to do the thing with 20 00:01:06,799 --> 00:01:09,599 the stuff, now there's a problem because there's no context. 21 00:01:09,719 --> 00:01:12,480 Speaker 2: But if we've been there yet, all right anyway, so 22 00:01:14,120 --> 00:01:17,959 you put just fully in the bit, right fully how 23 00:01:17,959 --> 00:01:21,840 are you man's puppy. You know, she's a chaos monkey. 24 00:01:21,959 --> 00:01:25,000 She's head there and you but uh, you know it's 25 00:01:25,079 --> 00:01:28,040 very good. Yeah, I'm not. You know, I'm not unhappy 26 00:01:28,040 --> 00:01:29,599 to have a dog around. I didn't need to have 27 00:01:29,640 --> 00:01:30,159 a dog around. 28 00:01:30,200 --> 00:01:30,799 Speaker 1: Of course you're not. 29 00:01:31,480 --> 00:01:34,159 Speaker 2: But most people will know that animals adore me, and 30 00:01:34,319 --> 00:01:37,519 this one does too. So yeah, we all get along 31 00:01:37,640 --> 00:01:41,079 just fine. We'll see, you know, with the grandchild coming up. 32 00:01:41,239 --> 00:01:44,200 You know, we got a bit of a hurting dog here. 33 00:01:44,280 --> 00:01:47,920 My goal is that this dog annoys the grandchild so 34 00:01:48,000 --> 00:01:50,879 much because won't let her near the ocean. I want 35 00:01:50,920 --> 00:01:55,000 this kid to say, Grandpa, Joe, Joe won't let me 36 00:01:55,000 --> 00:01:58,079 get near the ocean, And I'll say, that'll do, dog, 37 00:01:59,120 --> 00:02:00,359 that'll do. All right. 38 00:02:00,400 --> 00:02:03,560 Speaker 1: Well, let's roll along right into better no frameworks awesome. 39 00:02:12,080 --> 00:02:14,360 I know we're talking about open source today, but I 40 00:02:14,400 --> 00:02:18,199 found a GitHub repo that is trending and it turns 41 00:02:18,240 --> 00:02:19,120 out this is kind. 42 00:02:19,000 --> 00:02:20,719 Speaker 2: Of a hub who uses get hub. 43 00:02:21,560 --> 00:02:25,719 Speaker 1: Yeah, I know this is actually on GitHub marketplace, so 44 00:02:26,400 --> 00:02:29,360 it's not really an OSS thing, but it is on 45 00:02:29,439 --> 00:02:32,039 GitHub and it is trending. And I noticed this because 46 00:02:32,039 --> 00:02:36,599 when I looked at the list like translation systems seem 47 00:02:36,719 --> 00:02:39,199 to be very much in demand right now. 48 00:02:39,319 --> 00:02:42,120 Speaker 2: Yeah, you know, especially with a on the new LLM 49 00:02:42,159 --> 00:02:45,120 tools are just tokenization of language has led to better 50 00:02:45,159 --> 00:02:46,319 translators without a doubt. 51 00:02:46,439 --> 00:02:48,759 Speaker 1: Yeah, well this one is a little bit different. So 52 00:02:48,800 --> 00:02:52,639 this is PO editor, and it does have a free version, 53 00:02:52,719 --> 00:02:54,879 but then you got to pay for more use, right, 54 00:02:54,960 --> 00:02:56,759 So it's a sort of a try before you buy 55 00:02:56,840 --> 00:02:59,680 kind of thing. But here's here's what it is, and 56 00:02:59,719 --> 00:03:03,199 I'm just reading. It's a PO editor is a highly 57 00:03:03,240 --> 00:03:10,000 scalable translation management system and localization platform. So it's an 58 00:03:10,039 --> 00:03:14,520 online collaboration environment for the entire localization team. But you 59 00:03:14,520 --> 00:03:17,159 don't need a team. So here's how. There's a couple 60 00:03:17,159 --> 00:03:19,599 of options of how you can use this. You can 61 00:03:19,680 --> 00:03:23,960 assign translators to specific languages by adding them as contributors. 62 00:03:24,840 --> 00:03:29,120 You can crowdsource translations from your community using public projects 63 00:03:29,120 --> 00:03:34,400 because it integrates with GitHub. You can order professional human 64 00:03:34,439 --> 00:03:37,800 translation services from one of their partners, or you can 65 00:03:37,919 --> 00:03:43,360 use machine translation or any combination of those things. And 66 00:03:43,400 --> 00:03:47,000 so it supports all sorts of different file formats. 67 00:03:46,520 --> 00:03:48,319 Speaker 2: Which is what you need, right. You want all that 68 00:03:48,919 --> 00:03:52,080 all that text, all that sourcing in centralized formats, so 69 00:03:52,080 --> 00:03:53,199 it can be swapped out. 70 00:03:53,120 --> 00:03:55,479 Speaker 1: Right or even in multiple formats. If you have a 71 00:03:55,599 --> 00:03:58,879 dot net application, you have something that doesn't read Jason, 72 00:03:59,039 --> 00:04:02,680 it needs to read Angular XMB files or something. 73 00:04:02,439 --> 00:04:04,800 Speaker 2: You're making iOS and Android and you want to do 74 00:04:04,840 --> 00:04:07,240 translation as well. Those are different file formats. Man. 75 00:04:07,319 --> 00:04:10,520 Speaker 1: Yeah, yeah, that's right. It even supports any files. Oh boy, 76 00:04:10,639 --> 00:04:11,319 how about that. 77 00:04:11,639 --> 00:04:13,240 Speaker 2: I don't know. That is a good thing. But okay, 78 00:04:13,719 --> 00:04:14,159 I don't know. 79 00:04:14,639 --> 00:04:17,240 Speaker 1: I don't know, Rob, how do you feel about any files? 80 00:04:18,360 --> 00:04:20,839 Speaker 3: I have a custom XMEL format that I remember we 81 00:04:20,879 --> 00:04:23,160 did work when I was in office to make sure 82 00:04:23,160 --> 00:04:24,959 it could ship over to Ireland where we did all 83 00:04:24,959 --> 00:04:28,360 our translation and come back. So I hope that they 84 00:04:28,360 --> 00:04:31,040 have access to or have the ability to support WXL 85 00:04:31,079 --> 00:04:33,480 files because that's what we use for all our stuff. 86 00:04:34,160 --> 00:04:37,240 Speaker 1: I don't let me look down the list. I don't 87 00:04:37,279 --> 00:04:38,800 see WXL files. 88 00:04:38,920 --> 00:04:41,120 Speaker 2: No, I don't see WXL. I means it. 89 00:04:41,560 --> 00:04:44,600 Speaker 1: I see XML files, but I see XML, but it's XML. 90 00:04:44,680 --> 00:04:47,160 Speaker 3: So most people be like, yeah, this parts translated, this parts, 91 00:04:47,160 --> 00:04:47,800 and ID go. 92 00:04:48,040 --> 00:04:48,800 Speaker 2: Yeah, nice. 93 00:04:48,879 --> 00:04:50,600 Speaker 1: Well anyway, so that's where it is, and right on 94 00:04:50,680 --> 00:04:53,319 there you get it for free. You can get three 95 00:04:53,319 --> 00:04:58,319 thousand strings and then medium projects and premium and enterprise. 96 00:04:58,439 --> 00:04:59,720 You can go all the way up to a couple 97 00:04:59,720 --> 00:05:05,240 of files a year. So that's awesome. That's it. It's 98 00:05:05,360 --> 00:05:08,399 just interesting. How you know these two, this one and 99 00:05:08,439 --> 00:05:10,959 the one I showed last week, we're right at the 100 00:05:10,959 --> 00:05:14,720 top of the list of trending GitHub projects. 101 00:05:14,720 --> 00:05:15,120 Speaker 2: Interesting. 102 00:05:15,319 --> 00:05:18,480 Speaker 1: So well, that's what I got. Richard, who's talking to 103 00:05:18,560 --> 00:05:19,000 us today. 104 00:05:19,560 --> 00:05:22,279 Speaker 2: I'm going into the wayback machine here and grabbing. 105 00:05:22,480 --> 00:05:22,680 Speaker 3: Yeah. 106 00:05:23,839 --> 00:05:26,199 Speaker 2: Rob's first show, the one we did back in March 107 00:05:26,240 --> 00:05:29,680 at twenty twelve, episode seven four seven, so only twelve 108 00:05:29,839 --> 00:05:33,680 hundred episodes ago or so. Wow, talking about the Wicks 109 00:05:33,759 --> 00:05:36,439 tool Set, which had a ton of comments on it, 110 00:05:36,480 --> 00:05:40,879 really like sixteen eighteen something like that. Yeah, and one 111 00:05:40,920 --> 00:05:43,040 of them is from Timothy Klink in a mid at 112 00:05:43,079 --> 00:05:44,040 least from thirteen years ago. 113 00:05:44,199 --> 00:05:47,040 Speaker 1: Oh wait a minute. We should differentiate between WIS the 114 00:05:47,680 --> 00:05:52,160 popular web development environment. I know Rob is shaking his 115 00:05:52,240 --> 00:05:54,720 head like, oh my god, these guys ruined my life. 116 00:05:54,800 --> 00:05:56,319 Speaker 2: Yeah, who stole your name? Man? 117 00:05:56,639 --> 00:05:59,560 Speaker 1: And but WIS that Rob did is a set of 118 00:05:59,560 --> 00:06:01,600 tools for building Windows installation packages. 119 00:06:01,800 --> 00:06:03,600 Speaker 3: The Wix tool Set is what we call it to 120 00:06:03,639 --> 00:06:05,879 avoid all the legal problems there, right, Yeah, may or 121 00:06:05,920 --> 00:06:08,879 may not exist that we have never investigated. No never, never, 122 00:06:08,920 --> 00:06:11,639 help don't want to under We call it the Wicks toolset, 123 00:06:11,720 --> 00:06:13,000 and then you could call it Wix and all the 124 00:06:13,079 --> 00:06:15,519 lawyers at Microsoft HILP come toool it that way back when. 125 00:06:15,560 --> 00:06:18,000 Speaker 1: Yeah, there you go, all right, so sorry to interrupt. 126 00:06:18,000 --> 00:06:19,800 Speaker 2: So that's all that problem. So, yeah, it was an installer. 127 00:06:19,839 --> 00:06:22,680 And this is what exactly where Tim clinkwaed where you 128 00:06:22,680 --> 00:06:24,000 said this is a great show. I was doing a 129 00:06:24,040 --> 00:06:27,160 lot of nodding during the discussion. And how still today 130 00:06:27,199 --> 00:06:30,639 many people dismiss how critically important a good installation package is. 131 00:06:31,120 --> 00:06:34,360 It's all about the first impressions. The user's first impression 132 00:06:34,360 --> 00:06:36,079 of your app does not begin when they double click 133 00:06:36,120 --> 00:06:38,399 the desktop short top of the first time begins when 134 00:06:38,439 --> 00:06:41,920 they double click set up XM. I was reminded of 135 00:06:41,920 --> 00:06:43,800 his story a long time ago about an applicant to 136 00:06:43,879 --> 00:06:47,639 Harvard Paper clipping a dollar bill to their application along 137 00:06:47,680 --> 00:06:49,720 with a short note. The note requests of the reviewer 138 00:06:49,720 --> 00:06:53,360 go get a donut, take a break, relax, and get 139 00:06:53,399 --> 00:06:56,120 into their happy place before they read the application. 140 00:06:56,560 --> 00:06:57,120 Speaker 1: That's great. 141 00:06:57,240 --> 00:06:59,959 Speaker 2: A good installation package is like this. It's a dope. 142 00:07:02,360 --> 00:07:05,120 It we'll set the user's mood to frustrated or happy 143 00:07:05,120 --> 00:07:08,040 place prior to them clicking on your applications debtstop icon 144 00:07:08,240 --> 00:07:12,639 for the first time. Legit absolutely and that's an old comment, 145 00:07:12,680 --> 00:07:14,800 too right. It's an old comment. It is so right. 146 00:07:14,879 --> 00:07:18,560 It's still writes today by a mile. It's still true, Tiffyth. 147 00:07:18,680 --> 00:07:20,120 Thank you so much for your comment. In a copy 148 00:07:20,120 --> 00:07:21,560 of music, Coby. It's on its way to you. And 149 00:07:21,560 --> 00:07:22,959 if you'd like a copy of music go buy. I 150 00:07:23,000 --> 00:07:24,759 write a comment on the website at dot at rocks 151 00:07:24,800 --> 00:07:27,399 dot com or on the facebooks. We publish every show there, 152 00:07:27,399 --> 00:07:28,759 and if I comment there and every reading on the show, 153 00:07:28,759 --> 00:07:30,040 we'll send you copy music to go buy. 154 00:07:30,079 --> 00:07:32,199 Speaker 1: And you can get music to Koby music to code 155 00:07:32,199 --> 00:07:34,800 by dot net and that is a u r L 156 00:07:34,920 --> 00:07:37,600 DNS entry, so don't put hgdps in front of it. 157 00:07:38,120 --> 00:07:41,560 And that brings you to another place where you can 158 00:07:41,839 --> 00:07:44,319 listen to a sample and get track twenty two or 159 00:07:44,360 --> 00:07:49,879 the entire collection rob before we get started here. When 160 00:07:49,959 --> 00:07:54,680 Richard was reading that, I was reminded of Mark Miller's 161 00:07:55,240 --> 00:07:59,839 new invention that he unleashed unveiled on Mondays, which was 162 00:08:00,000 --> 00:08:02,839 called the install Buddy and so the install buddy, when 163 00:08:02,839 --> 00:08:06,240 you're running an installer, it's in the background and it's 164 00:08:06,279 --> 00:08:11,279 just clicking next, next, next, next, next, next, next, next, finish. 165 00:08:11,360 --> 00:08:12,000 Speaker 2: That's awesome. 166 00:08:12,839 --> 00:08:16,560 Speaker 3: That's awesome. So I have a rebuttle to that if 167 00:08:16,560 --> 00:08:17,120 you care. 168 00:08:17,000 --> 00:08:18,279 Speaker 1: But yeah, sure, why not. 169 00:08:20,079 --> 00:08:24,040 Speaker 3: I appreciate the sentiment one hundred percent, And we actually 170 00:08:24,639 --> 00:08:27,399 talk to our customers a lot about minimizing the amount 171 00:08:27,399 --> 00:08:29,720 of input that you have to put in install Again, 172 00:08:29,839 --> 00:08:31,879 first impression, let's get to the product. That's where they 173 00:08:31,920 --> 00:08:34,000 want to be. They want to get past your progress 174 00:08:34,000 --> 00:08:36,639 bar and to the end. So to that point, I 175 00:08:36,720 --> 00:08:39,799 one hundred percent agree. Fortunately, the industry has definitely been 176 00:08:39,799 --> 00:08:43,039 moving that direction. Like app installer now is just one button. 177 00:08:44,360 --> 00:08:47,159 But at the same time, a lot of customers that 178 00:08:47,200 --> 00:08:50,240 I work with are large organizations with very large and 179 00:08:50,279 --> 00:08:53,039 complex software, and you're not going to next, next, next 180 00:08:53,039 --> 00:08:55,360 your way through it. There is complex information you have 181 00:08:55,399 --> 00:08:57,519 to provide up front in order to configure it. So 182 00:08:58,120 --> 00:09:01,480 there are different worlds, and we see all kinds in 183 00:09:01,480 --> 00:09:03,960 the insulation space because we see all software in the 184 00:09:04,039 --> 00:09:06,840 slation space, which makes it interesting for me. So yes, 185 00:09:07,000 --> 00:09:09,840 I totally get it next, next, next, except when you 186 00:09:09,919 --> 00:09:11,519 have some really heavy software. 187 00:09:11,679 --> 00:09:14,159 Speaker 1: Well it was. It was a joke, so it was funny, 188 00:09:14,159 --> 00:09:16,000 a funny joke, but it did hit all right, So 189 00:09:16,120 --> 00:09:17,279 let me introduce Rob. 190 00:09:17,639 --> 00:09:19,159 Speaker 2: Did you want to do nineteen forty eight? 191 00:09:19,240 --> 00:09:21,399 Speaker 1: Yes, I do want to do nineteen forty eight before 192 00:09:21,759 --> 00:09:25,679 I introduced Rob officially. Okay, because this is episode nineteen 193 00:09:25,720 --> 00:09:28,039 forty eight. We have been doing this lately. We go 194 00:09:28,120 --> 00:09:30,360 back in history and see, you know, try to summarize 195 00:09:30,399 --> 00:09:31,120 what happened. 196 00:09:30,840 --> 00:09:33,200 Speaker 2: Pretty much till we once we got in the nineteen hundred's, 197 00:09:33,240 --> 00:09:36,039 the history part came more. Yeah. Yeah. 198 00:09:36,279 --> 00:09:40,320 Speaker 1: So nineteen forty eight was a pivotal year several major events, 199 00:09:40,320 --> 00:09:45,159 including the assassination of Mahatma Gandhi, the declaration of independence 200 00:09:45,159 --> 00:09:48,360 for the State of Israel, and the start of the 201 00:09:48,559 --> 00:09:52,159 Arab Israeli War. It also saw the beginning of the 202 00:09:52,159 --> 00:09:56,519 Berlin Airlift, the US establishing the Marshall planted as I 203 00:09:56,559 --> 00:09:59,360 said last week, to aid post war Europe and the 204 00:09:59,480 --> 00:10:04,320 United States. It's recognizing the state of Israel, which was 205 00:10:04,600 --> 00:10:06,799 it happened at the same you know, in the same year. 206 00:10:07,240 --> 00:10:10,360 Also in the United States, President Truman signed executive Order 207 00:10:10,360 --> 00:10:13,039 in nine to nine to eight one ending racial segregation 208 00:10:13,159 --> 00:10:16,159 in the United States Armed Forces. Do you have anything 209 00:10:16,159 --> 00:10:17,080 to add, Richard. 210 00:10:18,200 --> 00:10:20,840 Speaker 2: The land Camera, the Polaroids and Camera nineteen forty eight, 211 00:10:20,879 --> 00:10:27,440 No kidding. Yeah. For Canadians, the Davelin Beaver, the DHC two. 212 00:10:27,519 --> 00:10:32,000 This is a prop plane float typically float planes, the 213 00:10:32,080 --> 00:10:35,000 ultimate bush plane and I flew on one like a 214 00:10:35,039 --> 00:10:37,679 month ago. It's called the Beaver. Yeah. Wow. Of course 215 00:10:37,720 --> 00:10:41,120 in the dash too. Uh and it's like it's a legend, 216 00:10:41,679 --> 00:10:45,080 just an unbelievable machine. Wow. Only made for until in 217 00:10:45,200 --> 00:10:48,960 nineteen sixties, still flying today. And finally, because it is 218 00:10:49,000 --> 00:10:52,519 a tech show, so let's talk about the men Chester Baby, 219 00:10:53,600 --> 00:10:55,840 which was one of the very they arguably the very 220 00:10:55,840 --> 00:10:59,840 first electronic quote stored program computers coming out of World 221 00:10:59,840 --> 00:11:01,840 War Too. There was a lot of computers being built, 222 00:11:02,120 --> 00:11:05,240 but this was a computer that could actually store a 223 00:11:05,279 --> 00:11:08,919 program within it and execute that program. It added thirty 224 00:11:09,039 --> 00:11:11,720 two words of memory of thirty two bits each for 225 00:11:11,759 --> 00:11:14,320 a total of one twenty four bits. 226 00:11:14,559 --> 00:11:15,039 Speaker 1: Wow. 227 00:11:15,480 --> 00:11:18,039 Speaker 2: Good Lord, and the Baby was the test bed for 228 00:11:18,080 --> 00:11:20,279 the Mark one, which eventually became what they called the 229 00:11:20,320 --> 00:11:24,320 Manchester Ferrante, which was the first commercially available stored program 230 00:11:24,360 --> 00:11:25,080 computer in the world. 231 00:11:25,080 --> 00:11:30,039 Speaker 1: Also the first Canadian land cruiser was called the Moose 232 00:11:30,440 --> 00:11:34,360 Nice and the first Canadian boat was called the Otter 233 00:11:34,600 --> 00:11:39,360 and then the sister submersal submersible. Anyway, I kid, you're 234 00:11:39,360 --> 00:11:42,039 making this stuff all right, So let's now let me 235 00:11:42,120 --> 00:11:46,320 finally introduce Rob Officially. Rob MenShing is the CEO and 236 00:11:46,399 --> 00:11:49,799 co founder of fire Giant, a company that provides commercial 237 00:11:49,840 --> 00:11:52,840 support in tools for the Wicks tool set. He's also 238 00:11:53,240 --> 00:11:55,879 the creator and maintainer of Wicks. Of course, we talked 239 00:11:55,879 --> 00:11:58,320 about the most powerful set of tools for running building 240 00:11:58,399 --> 00:12:03,159 Windows installation packages. The Wicks tool set holds the unique 241 00:12:03,159 --> 00:12:06,559 distinction of being the first open source project released by Microsoft, 242 00:12:07,080 --> 00:12:09,519 and Rob has been deeply involved in open source over 243 00:12:09,600 --> 00:12:13,720 twenty five years. He's passionate about making open source sustainable 244 00:12:14,559 --> 00:12:19,480 and his latest proposal, the open Source Maintenance Fee, is 245 00:12:19,600 --> 00:12:24,919 all about creating a better path toward. It is all 246 00:12:24,960 --> 00:12:28,480 about creating a better path forward for projects and their maintainers. 247 00:12:29,080 --> 00:12:32,799 This ought to be really good, Rob, welcome back. 248 00:12:32,720 --> 00:12:34,799 Speaker 3: Thank you. I'm looking forward to talking to you guys. 249 00:12:35,039 --> 00:12:38,000 It's I didn't realize that twenty twelve that was that 250 00:12:38,080 --> 00:12:41,840 was easy for show. You had some after that, but yeah, 251 00:12:41,879 --> 00:12:43,440 twenty twelve of you were still a Blue badge. 252 00:12:43,480 --> 00:12:44,600 Speaker 2: That's how long ago that was. 253 00:12:45,559 --> 00:12:48,799 Speaker 3: Just barely that's right. I started fire Giant twenty thirteen. 254 00:12:49,039 --> 00:12:52,320 Speaker 2: Wow, yes, there you go. So it's like it's been 255 00:12:52,600 --> 00:12:55,840 twelve years in fire Giant. But yeah, it's a way back, yeah, 256 00:12:55,919 --> 00:12:56,519 way back moment. 257 00:12:56,559 --> 00:12:59,440 Speaker 3: As long as that's kind of throws me off. I 258 00:12:59,480 --> 00:13:01,519 think I've been fire Giant as long as I've been 259 00:13:01,559 --> 00:13:03,519 at Microsoft, as I was at. 260 00:13:03,360 --> 00:13:05,440 Speaker 2: Microsoft, as long as your Microsoft n Yeah, and he 261 00:13:05,440 --> 00:13:06,759 still feels like it's your new thing. 262 00:13:07,320 --> 00:13:10,679 Speaker 3: Yeah, it feels like a startup. It feels like I've 263 00:13:10,720 --> 00:13:12,919 been doing this for about three years. But when I 264 00:13:12,960 --> 00:13:15,200 look back, we've done more than three years of work, 265 00:13:15,639 --> 00:13:18,600 and I just can't reconcile the two together. So when 266 00:13:18,679 --> 00:13:20,360 you say it's been twelve years, I have to and 267 00:13:20,440 --> 00:13:23,120 go really, I guess, man, we have so much more 268 00:13:23,159 --> 00:13:23,360 to do. 269 00:13:24,679 --> 00:13:26,960 Speaker 2: Yeah, it's not like I'm getting the bottom eye to 270 00:13:27,080 --> 00:13:28,399 do list. That's not a thing. 271 00:13:28,799 --> 00:13:33,159 Speaker 1: So when did you go solo again? Thirty thirteen twenty. 272 00:13:32,960 --> 00:13:35,559 Speaker 3: Right at the beginning. I retired from Microsoft in twenty 273 00:13:35,559 --> 00:13:39,080 twelve and started fire Giant. Fire Giant officially launched in June, 274 00:13:39,559 --> 00:13:41,519 But you know, takes six months to put everything together, 275 00:13:41,600 --> 00:13:45,480 but we had the idea, you know, to begin to 276 00:13:45,600 --> 00:13:46,840 my thirteen I was working towards that. 277 00:13:47,000 --> 00:13:50,559 Speaker 1: Yeah, well, when immediately came to mind when I read 278 00:13:50,600 --> 00:13:53,080 your bio. There in the things that you're talking about 279 00:13:53,080 --> 00:13:56,679 for open source, making it sustainable and better, you know, 280 00:13:57,240 --> 00:14:02,039 better prospects for owners of OSS projects. Is that we 281 00:14:02,320 --> 00:14:05,639 is that show that we did at NDC in twenty 282 00:14:05,679 --> 00:14:08,840 twenty two with David Whitney. I was in November twenty 283 00:14:08,879 --> 00:14:12,279 twenty two making open Source Work for Everyone with David Whitney, 284 00:14:13,360 --> 00:14:17,399 and I remember we got into this really cool what 285 00:14:17,480 --> 00:14:21,480 if discussion about what if you know, places like GitHub 286 00:14:22,000 --> 00:14:26,600 would have some sort of pay mechanism built in, so 287 00:14:26,840 --> 00:14:29,159 like write in Visual Studio, you could say, hey, this 288 00:14:29,240 --> 00:14:32,600 is open source, but they would really appreciate your donations 289 00:14:33,039 --> 00:14:36,159 or something like that. Just make it low friction for 290 00:14:36,240 --> 00:14:39,559 people to donate to open source projects. You're nodding your head. 291 00:14:39,759 --> 00:14:42,799 Speaker 3: Yeah, there have been ideas in this space for a 292 00:14:42,879 --> 00:14:47,039 long time, and lots of different ideas floating around this space, 293 00:14:47,120 --> 00:14:50,519 which is fantastic because I don't think we're going to 294 00:14:50,639 --> 00:14:53,399 end up with one solution to what do we do 295 00:14:53,440 --> 00:14:56,399 with open source to make it viable for everybody to 296 00:14:56,399 --> 00:14:59,360 continue working in it. So I do believe there are 297 00:14:59,399 --> 00:15:01,799 many different options that we need to consider because there 298 00:15:01,799 --> 00:15:05,840 are many different kinds of projects. And the idea of 299 00:15:05,919 --> 00:15:10,759 having some way to pay maintainers in GitHub was very 300 00:15:10,759 --> 00:15:13,759 present because now they have sponsors, which turned into very 301 00:15:13,840 --> 00:15:16,039 much that even if it's not deeply in a Grandville studio, 302 00:15:17,399 --> 00:15:20,399 it is exactly in that space. So yeah, there's been 303 00:15:20,440 --> 00:15:24,120 lots of thinking and talking about this, and I decided 304 00:15:24,159 --> 00:15:27,200 I had to formalize some of it. So that's why 305 00:15:27,240 --> 00:15:28,960 I want to talk to you today about. 306 00:15:28,799 --> 00:15:30,600 Speaker 1: So let's get to it. What are your ideas? 307 00:15:31,519 --> 00:15:33,360 Speaker 3: Do you want the history? Do you want the idea first? 308 00:15:34,840 --> 00:15:38,120 Speaker 2: That tweet thread is really important, Okay, because it's an 309 00:15:38,240 --> 00:15:41,519 encapsulation of so many projects I've seen. 310 00:15:41,759 --> 00:15:50,360 Speaker 3: Yeah, so maintainers. When you're a maintainer of a successful 311 00:15:50,360 --> 00:15:53,600 project for a long term, the world changes a little bit, 312 00:15:54,799 --> 00:15:56,679 the changes for you a little bit. And I have 313 00:15:56,840 --> 00:15:59,279 this theory that I've been developing of there are these 314 00:15:59,320 --> 00:16:01,679 mega projects that people know about, that's the ones they 315 00:16:01,679 --> 00:16:03,960 think of. They usually have corporates running them, and they 316 00:16:04,000 --> 00:16:07,039 have a different way of operating. You have the hobby projects, 317 00:16:07,600 --> 00:16:09,480 I don't have like that term acoungement, but you know, 318 00:16:09,519 --> 00:16:11,480 startup projects, they're just getting off the ground and the 319 00:16:11,480 --> 00:16:14,799 people are still very enthusiastic about what they are, what 320 00:16:14,840 --> 00:16:17,919 they could be, the future is everything ahead of them, right, 321 00:16:17,960 --> 00:16:20,200 and they're just trying to find more users. And that 322 00:16:20,519 --> 00:16:22,840 place is awesome. Then you hit the what I call 323 00:16:22,879 --> 00:16:26,519 the working class projects, where you've usually graduated from being 324 00:16:26,519 --> 00:16:28,960 a hobby project and you've now ended up in a 325 00:16:29,000 --> 00:16:32,120 space where people depend on you, and you take that 326 00:16:32,200 --> 00:16:37,159 responsibility seriously that you have an important piece of the ecosystem. 327 00:16:37,519 --> 00:16:39,679 It's the what is that the Ohio project? You are 328 00:16:39,679 --> 00:16:42,279 that tiny little cog standing up the whole system on 329 00:16:42,360 --> 00:16:45,840 top of you from SKCD, Yeah, you are that little 330 00:16:45,840 --> 00:16:48,120 block and you take it seriously, like this is my project. 331 00:16:50,519 --> 00:16:55,360 And I've been running the Wicks tool set for twenty 332 00:16:55,759 --> 00:16:58,600 plus years longer if you count the stuff I did 333 00:16:58,600 --> 00:17:03,279 in Microsoft, but twenty plus years. And after a while 334 00:17:03,360 --> 00:17:05,759 you kind of get to a place where not everybody's 335 00:17:05,799 --> 00:17:09,720 treating the project particularly well or you particularly well. And 336 00:17:10,079 --> 00:17:13,160 for the last few years I've been very frustrated with 337 00:17:13,200 --> 00:17:17,400 what's been going on around the project. And then the 338 00:17:17,400 --> 00:17:22,160 EXZ UTLS issue hit at the March last year. I 339 00:17:22,200 --> 00:17:26,640 think it was fourth that issue. I saw all these 340 00:17:26,680 --> 00:17:30,240 people talking about the attack vector that almost turned into 341 00:17:30,240 --> 00:17:33,039 a back door on Linux that got into cloud servers 342 00:17:33,079 --> 00:17:36,559 and every Linux like it was crazy, and I knew 343 00:17:36,559 --> 00:17:39,119 people are going to do the analysis of what it 344 00:17:39,240 --> 00:17:41,440 was and how it worked, because that's like the geeky 345 00:17:41,519 --> 00:17:45,400 technical stuff. But for me, I saw the story behind it. 346 00:17:45,480 --> 00:17:49,079 Speaker 2: We better recap what happened last year because not everybody's yeah, 347 00:17:49,119 --> 00:17:49,960 good idea. All right. 348 00:17:50,519 --> 00:17:53,480 Speaker 3: So someone found a way to use and xx udles, 349 00:17:53,480 --> 00:17:56,680 which is this like compression library and tool that was 350 00:17:56,720 --> 00:18:02,640 included in I think every major Linux distribution, and a 351 00:18:02,799 --> 00:18:05,200 we believe an attacker. Now at this point, someone very 352 00:18:05,240 --> 00:18:09,039 dedicated found a way to use the build system to 353 00:18:09,160 --> 00:18:14,440 inject code that did not appear until inside the Linux 354 00:18:14,440 --> 00:18:16,359 build or something in that effect, so that they could 355 00:18:16,440 --> 00:18:20,039 insert a back door into the Linux build system that 356 00:18:20,079 --> 00:18:22,279 they could then connect back in and it would end 357 00:18:22,359 --> 00:18:24,880 up on all Linux machines. And it happened to be 358 00:18:24,920 --> 00:18:29,160 found by a dev working on performance some performance issue 359 00:18:29,240 --> 00:18:33,039 was like Microsoft and Azure and said hey, wait this 360 00:18:33,079 --> 00:18:35,440 is acting a little slow and found the problem. 361 00:18:35,519 --> 00:18:38,400 Speaker 2: It was like a half a second or something, right, Yeah, 362 00:18:38,599 --> 00:18:39,720 it was minuscule. 363 00:18:39,799 --> 00:18:45,599 Speaker 3: It was talked about narrow, narrow, narrow by the slimmest 364 00:18:45,640 --> 00:18:48,599 margins that someone found that that could have been catastrophic, 365 00:18:48,680 --> 00:18:50,920 and then nobody might have even noticed once it's out there, 366 00:18:51,400 --> 00:18:53,079 it could have just been an invisible back door. 367 00:18:53,119 --> 00:18:56,000 Speaker 2: Well, they also bags the question how many we not noticed? Right? 368 00:18:56,079 --> 00:18:59,880 Speaker 3: Yeah it was. It was a very very sophisticated attack, 369 00:19:00,880 --> 00:19:04,279 so obviously fascinating to every developer out there, like, wow, 370 00:19:04,359 --> 00:19:06,680 how did this work? How did you get in there? 371 00:19:06,960 --> 00:19:09,480 How do you slip yourself into s sh or all 372 00:19:09,519 --> 00:19:12,039 the And I'll be honest, I didn't dig into those 373 00:19:12,039 --> 00:19:16,799 details because the part that I saw was the a 374 00:19:16,920 --> 00:19:19,960 thread and someone pointed out a thread, the email thread 375 00:19:20,319 --> 00:19:22,519 archived on you know, set of way pages of their 376 00:19:22,759 --> 00:19:25,640 their their mailing list, and I started at the top 377 00:19:25,720 --> 00:19:29,279 and I found the maintainer of the project talking to 378 00:19:29,400 --> 00:19:33,119 the people that are then believed to have put in 379 00:19:33,200 --> 00:19:36,559 this attack. And in it you have people pushing on 380 00:19:36,559 --> 00:19:39,960 this maintainer saying you're not doing enough for the project. 381 00:19:39,960 --> 00:19:42,119 Why haven't you submitted all these prs, why haven't you 382 00:19:42,119 --> 00:19:45,599 fixed all these bugs? And you can hear the maintainer saying, oh, yeah, 383 00:19:45,640 --> 00:19:48,160 I'm going to get to that. It's just it's been 384 00:19:48,200 --> 00:19:50,440 really hard and I've just been a lot of pressure. 385 00:19:50,799 --> 00:19:52,440 And you can hear like there's other things in their 386 00:19:52,480 --> 00:19:55,119 life going on, right and and he says, oh, and 387 00:19:55,119 --> 00:19:57,319 there's someone that's been helping me on the side. You know, 388 00:19:57,519 --> 00:19:59,680 that's been really helpful. But you know, it's it's really 389 00:19:59,720 --> 00:20:01,720 hard finding people to take over a project or helping 390 00:20:01,720 --> 00:20:05,200 a project. And then you have repeated cases that if people, well, 391 00:20:05,240 --> 00:20:07,359 you should give up on your project because clearly you're 392 00:20:07,359 --> 00:20:09,559 not going to take care of it, and someone else saying, oh, 393 00:20:09,680 --> 00:20:13,240 we understand, it's really hard to maintain your project. You know, 394 00:20:13,400 --> 00:20:15,119 you could be really busy, but you really should do 395 00:20:15,160 --> 00:20:18,480 something because your project will suffer because you're not doing this. 396 00:20:19,000 --> 00:20:20,240 And at the end, the guy's like, well, you know, 397 00:20:20,279 --> 00:20:23,640 this other person's been really helpful, and you know we'll 398 00:20:23,640 --> 00:20:26,599 probably have them helping more. It turns out that that person, 399 00:20:26,759 --> 00:20:30,319 that named person is the person that's tracked back to 400 00:20:30,519 --> 00:20:33,480 it's the attack or inserting the attack vector into make 401 00:20:33,480 --> 00:20:35,440 files and the data files and everything else. 402 00:20:35,519 --> 00:20:39,400 Speaker 1: And they made themselves look like, you know, they were 403 00:20:39,440 --> 00:20:41,000 going to help out like they. 404 00:20:41,039 --> 00:20:43,599 Speaker 2: Well, they be clear. They they had been more helping out, 405 00:20:43,640 --> 00:20:47,160 They had been making contributions, like one person had been helping. 406 00:20:47,319 --> 00:20:49,440 Speaker 1: Right, it's what I'm saying. But all the way along 407 00:20:49,599 --> 00:20:52,359 the goal must have been to at once they gain 408 00:20:53,440 --> 00:20:57,079 their trust to launch this attack, and nobody would ever 409 00:20:57,160 --> 00:20:57,839 suspect them. 410 00:20:57,920 --> 00:21:00,920 Speaker 3: Right, So one person was helping, and then two other 411 00:21:01,000 --> 00:21:03,759 people showed up in this particular thread, and the timing 412 00:21:03,839 --> 00:21:05,839 spread out. It's not like immediately back in back and forth. 413 00:21:05,880 --> 00:21:08,000 It's like a week spread out, two weeks here. I mean, 414 00:21:08,079 --> 00:21:11,160 it's not obvious. And when I originally saw this thread 415 00:21:11,200 --> 00:21:15,240 and I wrote down a tweet about this, that I realized, oh, 416 00:21:15,440 --> 00:21:17,160 and it was like, I don't know, thirty tweets and 417 00:21:17,200 --> 00:21:18,319 I was like, oh, I hate it when people write 418 00:21:18,319 --> 00:21:19,720 tweet thread. So I ran and put in my blog 419 00:21:19,759 --> 00:21:21,559 so you can read it all one big pass much 420 00:21:21,559 --> 00:21:24,240 as you read, and I had more contexts. At that time, 421 00:21:24,680 --> 00:21:29,000 there were theories that this could be a truly coordinated attack, 422 00:21:29,160 --> 00:21:32,960 with multiple people operating what we call sock puppets pretend 423 00:21:32,960 --> 00:21:37,960 to people pretending to be different. I don't characters in 424 00:21:38,000 --> 00:21:41,079 a play trying to manipulate what they wanted I thought 425 00:21:41,079 --> 00:21:44,519 that felt a little far fetched at the time, because 426 00:21:44,880 --> 00:21:48,160 it felt very real. Everything that was being discussed and 427 00:21:48,240 --> 00:21:51,440 treated and the way that people were acting was very 428 00:21:51,440 --> 00:21:54,200 common for what you get on maintainers. You get sets 429 00:21:54,200 --> 00:21:56,920 of people just showing up going why haven't you fed 430 00:21:56,960 --> 00:22:00,359 me yet? I want my fix? Where's my build? I 431 00:22:00,400 --> 00:22:03,519 can't believe you haven't fixed this in ten years. I 432 00:22:03,599 --> 00:22:06,720 just got that comment this morning from somebody. I can't 433 00:22:06,720 --> 00:22:08,319 believe you haven't fixed this in ten years. 434 00:22:09,279 --> 00:22:11,400 Speaker 2: And that's when you offer them the refund of everything 435 00:22:11,400 --> 00:22:11,880 they've paid. 436 00:22:12,200 --> 00:22:15,880 Speaker 3: I actually offered to assign them the issue, which is 437 00:22:15,920 --> 00:22:20,000 my new tactic. In the end, I ended up really mad, 438 00:22:20,599 --> 00:22:24,319 like just stomping mad. And I've been low key mad 439 00:22:24,559 --> 00:22:27,559 for quite a while having seen other maintainers treated the 440 00:22:27,559 --> 00:22:31,400 same way, feeling it myself. And I'm fortunate that I 441 00:22:31,440 --> 00:22:33,599 have Bob who works who's a co maintainer on the 442 00:22:33,640 --> 00:22:35,680 WHIS tool set with me, so I have someone I 443 00:22:35,720 --> 00:22:38,599 can talk to and kind of, you know, walk off 444 00:22:38,599 --> 00:22:42,359 that ledge. No, sorry, step away from the ledge from 445 00:22:42,400 --> 00:22:45,440 the ledge. Yeah, just like this is this is too much? 446 00:22:45,599 --> 00:22:47,680 Speaker 2: You're really a friend, you'll jump off with me? No, No, 447 00:22:47,720 --> 00:22:48,839 that's not the goal here. 448 00:22:48,920 --> 00:22:54,359 Speaker 3: Well, and when you're in a project that is popular 449 00:22:54,839 --> 00:22:58,599 and successful and you have lots of users, you will 450 00:22:58,640 --> 00:23:01,400 hit this space where you went up with a non 451 00:23:01,480 --> 00:23:05,799 trivial number of people showing up making demands of the 452 00:23:05,839 --> 00:23:13,519 project without any thoughts of any contributions. And so the 453 00:23:13,720 --> 00:23:17,240 xc udels that event and then finding out that it 454 00:23:17,319 --> 00:23:20,519 was very possibly Nation State actors. Nobody knows for sure, 455 00:23:20,920 --> 00:23:23,960 but that level of coordination made me just go that 456 00:23:24,279 --> 00:23:28,200 that's it. I'm going to do something. I don't know 457 00:23:28,240 --> 00:23:31,880 what I'm going to do. But at April last year, 458 00:23:32,319 --> 00:23:34,079 you know, about a year ago now, I said, I'm 459 00:23:34,119 --> 00:23:36,960 going to find something and I'm not doing it like 460 00:23:37,000 --> 00:23:39,279 this anymore. We're not just going to have maintainers out 461 00:23:39,279 --> 00:23:44,839 here unprotected from every you know, everything. We need to 462 00:23:44,960 --> 00:23:48,160 change the culture and the way that we treat maintainers. 463 00:23:48,240 --> 00:23:51,599 And so I sat for months just I couldn't put 464 00:23:51,599 --> 00:23:52,960 it down. I had job to do. This is not 465 00:23:53,039 --> 00:23:54,920 my job. But I had this thought process in the 466 00:23:54,920 --> 00:23:57,720 back of my head, going what can we do that 467 00:23:57,839 --> 00:24:01,359 builds a system that works well for maintainers, that is 468 00:24:01,480 --> 00:24:05,240 fair to everybody involved, and can scale. And it was 469 00:24:05,279 --> 00:24:07,640 all based off this tweet of mine that got a 470 00:24:07,720 --> 00:24:10,359 million in some views, which I don't write tweets like that. 471 00:24:10,400 --> 00:24:12,880 I'm not a mean person, right, I write tweets communicate 472 00:24:12,920 --> 00:24:16,240 Moory project, my company and what I do. That thing 473 00:24:16,279 --> 00:24:19,880 went crazy and everybody in the thread agreed that it 474 00:24:19,920 --> 00:24:22,920 was a problem. I have never seen so many people 475 00:24:23,000 --> 00:24:24,200 agree on Twitter. 476 00:24:24,200 --> 00:24:26,079 Speaker 2: The Internet. You're not supposed to get along, that's not 477 00:24:26,119 --> 00:24:27,279 how Ever. 478 00:24:27,359 --> 00:24:31,200 Speaker 3: The only discussion that went sideways where people were disagreeing 479 00:24:31,440 --> 00:24:33,880 was whether we should have universal basic income. And I 480 00:24:33,920 --> 00:24:35,759 was like, Okay, I'm not touching that. You guys, go 481 00:24:35,880 --> 00:24:37,960 have fun on that conversation. That's a bit far. Yeah, 482 00:24:38,079 --> 00:24:41,079 a bit far, And it just was like a side 483 00:24:41,079 --> 00:24:43,279 thread on the whole thing. But everybody agreed. 484 00:24:44,279 --> 00:24:44,799 Speaker 2: So yeah. 485 00:24:44,920 --> 00:24:48,559 Speaker 3: I went from there and my experience with frustration of 486 00:24:48,880 --> 00:24:50,920 where I was at as a maintainer, because like a 487 00:24:51,000 --> 00:24:53,319 year before that, I remember one morning I woke up 488 00:24:53,559 --> 00:24:55,279 and you know, dealt so with me and I just 489 00:24:55,279 --> 00:24:57,079 get my wife said that's it. I'm done. I'm not 490 00:24:57,079 --> 00:24:59,480 going to do this anymore. Like why am I Why 491 00:24:59,480 --> 00:25:01,920 do I even do this? Why am I putting myself 492 00:25:01,920 --> 00:25:03,640 through this? I have a company built on this open 493 00:25:03,640 --> 00:25:08,279 source project. I'll just do it a different way. And 494 00:25:08,960 --> 00:25:12,960 I'm the guy that worked for years inside Microsoft to 495 00:25:13,000 --> 00:25:15,920 make open source happen. So I was like, I'm walking 496 00:25:16,039 --> 00:25:19,720 I my mind was torn. It was I was I 497 00:25:19,759 --> 00:25:22,680 was broken. It was pretty bad in this space. So 498 00:25:22,720 --> 00:25:26,319 to hear other maintainers having these same problems and pains, 499 00:25:26,599 --> 00:25:28,559 I reached out to a number of them. And every 500 00:25:28,599 --> 00:25:31,039 maintainer that has a project that you think of successful, 501 00:25:31,599 --> 00:25:34,680 that you thought was successful, if you know it by 502 00:25:34,799 --> 00:25:38,279 name and you know that maintainer, they are in either 503 00:25:38,319 --> 00:25:41,759 one of two camps. One they don't care about what 504 00:25:41,920 --> 00:25:44,799 happens to the project and they're just distracted from it. 505 00:25:45,000 --> 00:25:49,319 DHH has this famous slide where he's just like, f you, Like, 506 00:25:49,359 --> 00:25:51,519 that's the way he approaches his project. He doesn't care 507 00:25:51,559 --> 00:25:53,839 about you. That's a fine way to go. I know 508 00:25:54,240 --> 00:25:57,160 no maintainer, I personally know no maintainers that operate that 509 00:25:57,160 --> 00:25:59,079 way because they care too much about their project and 510 00:25:59,119 --> 00:26:02,960 being how it work well. All the ones I talked 511 00:26:02,960 --> 00:26:05,000 to all have were like, yep, I totally agree. I've 512 00:26:05,000 --> 00:26:06,880 all thought about quitting every single one of them, all 513 00:26:06,880 --> 00:26:08,960 of the major projects, all of them are all in 514 00:26:08,960 --> 00:26:09,599 the same spot. 515 00:26:10,000 --> 00:26:13,440 Speaker 2: So now you wake up in the morning up, you know, 516 00:26:13,920 --> 00:26:16,759 immediately anxious about I haven't dealt with I haven't got 517 00:26:16,759 --> 00:26:19,000 to like you're dreading going to your office. 518 00:26:19,160 --> 00:26:23,119 Speaker 3: Yeah, And so that was the reality. That's where it's at. 519 00:26:23,279 --> 00:26:23,440 Speaker 2: End. 520 00:26:23,559 --> 00:26:25,400 Speaker 3: I decided I was going to have to create a solution. So, 521 00:26:26,680 --> 00:26:28,839 like I said before, I think there will be many 522 00:26:29,039 --> 00:26:31,839 solutions for many different sized projects, for different kind of 523 00:26:31,880 --> 00:26:35,759 types of projects. I know, my project, it's about half 524 00:26:35,799 --> 00:26:37,680 a million lines of code. There's two of us that 525 00:26:37,720 --> 00:26:39,759 work on it. Often there's only one person that works 526 00:26:39,759 --> 00:26:44,759 on it. And we have you know, millions of downloads, 527 00:26:45,319 --> 00:26:48,160 tens of millions of downloads, ten million downloads, twelve million downs. 528 00:26:48,200 --> 00:26:50,920 Now it's a big project, all that kind of good stuff. 529 00:26:50,960 --> 00:26:54,880 And I said, all right, in this space, what can 530 00:26:54,960 --> 00:26:58,680 I do? And so I sat down for a while 531 00:26:58,680 --> 00:27:02,640 and started going, what if we charge a fee for 532 00:27:02,720 --> 00:27:06,000 people to use the project? And from there I started 533 00:27:06,000 --> 00:27:07,799 putting it together. So should I go jump into the 534 00:27:07,839 --> 00:27:09,559 details of the maintenance. 535 00:27:09,279 --> 00:27:11,319 Speaker 2: Fe then yeah, let's go all right, yeah, let's do it. 536 00:27:11,640 --> 00:27:15,640 Speaker 3: So the maintenance feek idea came as I slowly started 537 00:27:15,680 --> 00:27:19,240 teasing apart the problem and I realized that there's open 538 00:27:19,240 --> 00:27:22,319 source software and that has a license on it that 539 00:27:22,440 --> 00:27:25,079 we all know and love. All of our various license 540 00:27:25,079 --> 00:27:27,960 out there, whether you're like MIT or GPL or my 541 00:27:28,000 --> 00:27:32,039 favorite MSRL, whatever license, we know all of that. And 542 00:27:32,079 --> 00:27:36,400 what I got to was that license applies to the 543 00:27:36,480 --> 00:27:39,519 source code. And if we say that that license will 544 00:27:39,519 --> 00:27:42,799 only apply to the source code and stop there, that's 545 00:27:42,839 --> 00:27:44,759 an open source project. Like that's enough to say that 546 00:27:44,799 --> 00:27:47,200 your software is open source. Right. You don't have to 547 00:27:47,319 --> 00:27:50,519 build the source code for people. You don't have to 548 00:27:50,599 --> 00:27:54,160 have an issue tracker, You don't have to take changes 549 00:27:54,200 --> 00:27:57,000 from other people and apply them to your open source software. 550 00:27:57,160 --> 00:28:00,519 Your open source software is open source. Are done? 551 00:28:00,640 --> 00:28:00,880 Speaker 2: Yeah? 552 00:28:00,960 --> 00:28:05,000 Speaker 3: You you have successfully created an open source project. So 553 00:28:05,079 --> 00:28:10,200 all that other stuff that is generally expected of maintainers. 554 00:28:10,359 --> 00:28:13,119 Build a binary that other people can use. Answer the 555 00:28:13,160 --> 00:28:16,480 discussions that people have, keep a discussion list where people 556 00:28:16,480 --> 00:28:19,279 can ask questions, have an issue tracker, deal with them. 557 00:28:19,400 --> 00:28:22,200 Some people expect you to fix all of them. Do 558 00:28:22,359 --> 00:28:24,440 regular builds, stay up to date with all of the 559 00:28:24,440 --> 00:28:27,160 dependencies that you have, as those keep changing. Dot A 560 00:28:27,240 --> 00:28:30,519 framework I'm looking at you. You know, security vulnerabilities that 561 00:28:30,559 --> 00:28:32,920 pop up, you know all of the you know, spam 562 00:28:32,960 --> 00:28:35,240 shows up. Yeah, go make sure that doesn't show up. Oh, 563 00:28:35,279 --> 00:28:37,119 you have to have signing certificates for your binaries, we'll 564 00:28:37,160 --> 00:28:39,480 keep those up to date, so on and so forth. 565 00:28:39,599 --> 00:28:44,680 So there's all this other stuff that's actually that's the project, 566 00:28:45,640 --> 00:28:50,119 that's the work that the maintainers do regularly, outside of 567 00:28:50,160 --> 00:28:53,519 maybe choosing to write some lines of code as a contributor. Right, 568 00:28:54,079 --> 00:28:57,680 So if we separate those two concepts and we say, 569 00:28:58,079 --> 00:29:01,359 I'm going to make the open source software open source 570 00:29:01,440 --> 00:29:05,279 by this license, but the rest of this stuff that 571 00:29:05,359 --> 00:29:07,920 I have to do to maintain the project to make 572 00:29:07,960 --> 00:29:11,079 it viable as most people expect it to be. What 573 00:29:11,240 --> 00:29:14,039 if I have a fee? And in that tweet thread 574 00:29:14,079 --> 00:29:16,359 that we were talking about, I kept throwing out the 575 00:29:16,400 --> 00:29:19,640 idea of what if you paid ten bucks per month 576 00:29:20,400 --> 00:29:24,680 for a project? Nobody ever said peepe. They're like, yeah, 577 00:29:24,880 --> 00:29:28,160 that seems fine, right, maintainers ten bucks a month, no problem. 578 00:29:28,240 --> 00:29:29,799 So I said, all right, we're going to create the 579 00:29:29,799 --> 00:29:34,039 maintenance fee and for all of the stuff that isn't 580 00:29:34,079 --> 00:29:37,400 the source code itself. You want the bills, you want 581 00:29:37,519 --> 00:29:40,880 issue tracker and discussion lists, and you want signing certificates 582 00:29:40,880 --> 00:29:43,200 and all that stuff maintained. You pay ten bucks a 583 00:29:43,200 --> 00:29:47,440 month if you make money. So if you're a student, 584 00:29:47,759 --> 00:29:49,519 if you don't make money, if you don't want to 585 00:29:49,559 --> 00:29:53,720 play in the money game, no problem, you're in. Hang out. 586 00:29:54,000 --> 00:29:57,119 Let's go right, we're talking source code, we're talking open source. 587 00:29:58,240 --> 00:30:00,519 But if you're making money, if you're a compan or 588 00:30:00,559 --> 00:30:03,400 your employee at a company using a project, you're in 589 00:30:03,440 --> 00:30:06,119 a different world. You're using this and you are getting 590 00:30:06,119 --> 00:30:08,400 some value out of it. So you get to. 591 00:30:08,359 --> 00:30:10,680 Speaker 1: Pay, and you're taking a dependency on it a. 592 00:30:10,559 --> 00:30:12,960 Speaker 3: Fee, right, right, And you depend on it and you 593 00:30:13,000 --> 00:30:15,559 want to presumably want it to be there, so you 594 00:30:15,640 --> 00:30:19,079 pay the fee. Really simple. And then I stacked it 595 00:30:19,119 --> 00:30:21,160 and I said, all right, we have dependencies an open 596 00:30:21,160 --> 00:30:24,039 source project. So if an open source project says I'm 597 00:30:24,039 --> 00:30:26,279 going to start charging a fee for all of the 598 00:30:26,839 --> 00:30:30,440 stuff that isn't the software, than any dependency that you have, 599 00:30:30,559 --> 00:30:32,680 you pay their fee too. Okay, Right, So if I 600 00:30:32,720 --> 00:30:35,960 have a dependency us on some other project, then I 601 00:30:36,039 --> 00:30:38,519 pay them. My project takes a fee, then I pay 602 00:30:38,559 --> 00:30:39,720 them however many fees they have. 603 00:30:39,880 --> 00:30:43,559 Speaker 1: So you basically now are in a money distribution royalty 604 00:30:43,640 --> 00:30:46,000 kind of right system. 605 00:30:46,079 --> 00:30:48,720 Speaker 3: Right, You you taking a fee in your project means 606 00:30:48,759 --> 00:30:50,359 you now have decided to take money, So now you 607 00:30:50,400 --> 00:30:52,720 play as money. If your project doesn't take money, then 608 00:30:52,880 --> 00:30:54,799 you don't have to pay money. At the idea of 609 00:30:54,839 --> 00:30:56,920 being like, look, if you're not making money, you're not 610 00:30:56,960 --> 00:30:59,119 paying people, right, You're not trying to bankrupt people or 611 00:30:59,119 --> 00:31:01,039 anything like that. We're trying to get to a place 612 00:31:01,079 --> 00:31:05,279 where maintainers now can get paid for the work that 613 00:31:05,319 --> 00:31:07,720 they have to do to keep the software going and 614 00:31:07,839 --> 00:31:10,319 viable in an environment where people expect it to be. 615 00:31:10,400 --> 00:31:12,279 Speaker 2: Any you're driving this through GitHub. 616 00:31:12,480 --> 00:31:15,200 Speaker 3: Yeah. What I realized was that with the system, I 617 00:31:15,279 --> 00:31:18,160 ended up with about the tightest feedback loop that I 618 00:31:18,200 --> 00:31:23,839 could create. Consumers pay a maintenance fee for the maintainers 619 00:31:23,839 --> 00:31:27,400 to maintain the project. The maintainers maintain the project, so 620 00:31:27,440 --> 00:31:30,480 that the consumers continue to pay the fee, so that 621 00:31:30,519 --> 00:31:32,359 the consumers pay the fee to maintain the projects, and 622 00:31:32,359 --> 00:31:34,319 the maintainers continue to part and you end up with 623 00:31:34,359 --> 00:31:39,119 this tiny little loop cycle. Nobody else involved. There's nothing 624 00:31:39,160 --> 00:31:42,640 else out there, because so many other proposal I'd seen 625 00:31:42,960 --> 00:31:49,440 required somebody out there to do something to make this possible. 626 00:31:49,960 --> 00:31:52,039 Usually some company is going to come down on high 627 00:31:52,079 --> 00:31:54,880 and say I have now created a system by which 628 00:31:55,079 --> 00:31:57,640 you will get paid, and the maintainers could be like, oh, 629 00:31:57,680 --> 00:32:00,640 thank you, finally good assuming payment what they want. But 630 00:32:00,720 --> 00:32:03,720 you know, a solution from outside here. Maintainer just says 631 00:32:04,279 --> 00:32:07,000 I require a fee and it all works. It's just 632 00:32:07,039 --> 00:32:08,920 between you and the consumer on that fee. You're good 633 00:32:08,920 --> 00:32:09,160 to go. 634 00:32:10,119 --> 00:32:10,480 Speaker 2: All right? 635 00:32:10,559 --> 00:32:12,279 Speaker 1: And I have so many questions, but we got to 636 00:32:12,319 --> 00:32:14,119 take a little break here, so we'll be right back 637 00:32:14,119 --> 00:32:17,960 after these very important messages. Stay tuned. Did you know 638 00:32:18,000 --> 00:32:21,039 that you can work with AWS directly from your ID? 639 00:32:22,079 --> 00:32:26,599 AWS provides toolkits for visual studio, visual studio, code, and 640 00:32:26,799 --> 00:32:31,519 jet brains rider. Learn more at AWS dot Amazon dot com, 641 00:32:31,559 --> 00:32:39,599 slash net slash tools. And we're back. It's dot net rox. 642 00:32:39,599 --> 00:32:42,519 I'm Carl Franklin and that's my friend Richard Campbell and 643 00:32:42,559 --> 00:32:45,160 our friend Rob Menching, and we're talking about making open 644 00:32:45,200 --> 00:32:48,440 source sustainable. I have so many questions, but the first 645 00:32:48,480 --> 00:32:51,759 question I have is do you just work on the 646 00:32:51,759 --> 00:32:55,400 honor system? Do you just say, how do you prove 647 00:32:55,480 --> 00:32:57,480 that you're not making money? How do you prove that 648 00:32:57,559 --> 00:33:00,200 you are? How do you do you go after for 649 00:33:00,240 --> 00:33:03,160 people if they start using it and making money without 650 00:33:03,200 --> 00:33:04,000 it without paying? 651 00:33:04,079 --> 00:33:07,240 Speaker 3: This is this is a fantastic question. And I sat 652 00:33:07,240 --> 00:33:10,079 here for a long time going how do we do enforcement? 653 00:33:10,279 --> 00:33:12,720 And every maintainer as I presented this idea to them 654 00:33:12,720 --> 00:33:14,759 always kind of got to this point, like I really 655 00:33:14,839 --> 00:33:16,519 love this idea. I never thought of it that way. 656 00:33:17,279 --> 00:33:19,000 How do you make it happen? 657 00:33:19,279 --> 00:33:19,519 Speaker 2: Right? 658 00:33:19,680 --> 00:33:24,400 Speaker 3: So, in the new gut world, we produce nugat package. Sorry, 659 00:33:24,400 --> 00:33:26,480 in the dot net world mostly about nugat packages. That's 660 00:33:26,480 --> 00:33:28,480 how a lot of things are attributed. Even my own 661 00:33:28,759 --> 00:33:32,240 system is now msbilled, SDKs and dot net tools and 662 00:33:32,279 --> 00:33:34,599 a whole bunch of NEWGAT packages. So we're all in 663 00:33:34,640 --> 00:33:37,720 on nugat. I kind of sat and got all right, 664 00:33:37,759 --> 00:33:40,720 So what do I want? I want to declare a 665 00:33:40,880 --> 00:33:43,440 I have a license, an open source license that applies 666 00:33:43,480 --> 00:33:47,079 to source code. I need a YULA, an end user 667 00:33:47,160 --> 00:33:49,839 license agreement to apply to the binaries and the rest 668 00:33:49,839 --> 00:33:53,960 of the project. Okay, oh, I can have a license 669 00:33:54,240 --> 00:33:57,000 for this source code. I can write AYULA that does 670 00:33:57,039 --> 00:34:00,000 not impinge on your rights that the license gives you. 671 00:34:00,839 --> 00:34:03,559 I can put that ULA in the nugat package, and 672 00:34:03,559 --> 00:34:05,680 then lo and behold. Nugat has a way to say 673 00:34:05,680 --> 00:34:09,239 require acceptance when you accept a Nugat package. So you 674 00:34:09,400 --> 00:34:12,360 have to say I accept the terms of the ULA 675 00:34:13,280 --> 00:34:16,960 AKAI will pay the maintenance fee because I am making money, 676 00:34:17,880 --> 00:34:20,960 and you have to check that box. And now you 677 00:34:21,599 --> 00:34:26,199 have legally said that you are complying with the maintenance 678 00:34:26,199 --> 00:34:27,800 fee for any project that you want. 679 00:34:27,719 --> 00:34:30,480 Speaker 1: And that amounts to Diddley Squad, however, because we've all 680 00:34:30,519 --> 00:34:33,400 agreed to ULA's because otherwise we can't use the software. 681 00:34:33,480 --> 00:34:33,639 Speaker 3: Yeah. 682 00:34:33,679 --> 00:34:36,400 Speaker 1: Yeah, So nobody's ever knocked on my door and said, hey, 683 00:34:36,679 --> 00:34:37,760 did you read that ULA? 684 00:34:38,000 --> 00:34:42,239 Speaker 3: Yeah. But if you remember, lawyers had a huge, huge 685 00:34:42,320 --> 00:34:44,639 challenge when they first started trying to pick up open source, 686 00:34:44,679 --> 00:34:47,239 and they held up everything saying no, no, no, we 687 00:34:47,320 --> 00:34:49,800 can't pull source code into the company that open source 688 00:34:49,800 --> 00:34:53,079 license until we understand what those licenses will do to 689 00:34:53,239 --> 00:34:57,760 us and our company. The maintenance fee puts a legal 690 00:34:57,800 --> 00:35:00,320 document in there that if a lawyer sees it and 691 00:35:00,360 --> 00:35:04,000 you've accepted it, you're on the hook for it. I 692 00:35:04,039 --> 00:35:06,440 believe it's written correctly. I've had another lawyer write it. 693 00:35:06,679 --> 00:35:08,400 You're now on the hook. So any lawyer that saw 694 00:35:08,400 --> 00:35:11,000 it inside the company be like, we're on the hook 695 00:35:11,079 --> 00:35:11,320 for this. 696 00:35:12,000 --> 00:35:12,719 Speaker 2: Yeah, okay. 697 00:35:12,800 --> 00:35:15,920 Speaker 3: And this is actually important because there are many maintainers 698 00:35:15,960 --> 00:35:17,760 out there that I've come out and said, oh, you know, 699 00:35:17,880 --> 00:35:20,639 I would I would pay I you know, get how 700 00:35:20,639 --> 00:35:22,920 sponsors is great. I would pay it, and my company, 701 00:35:23,079 --> 00:35:26,079 you know, should pay it. But you know, the procurement team, 702 00:35:26,360 --> 00:35:28,880 I just they they won't do anything. They're so hard 703 00:35:28,920 --> 00:35:32,199 to get work through, and I believe them. Procurement teams 704 00:35:32,239 --> 00:35:34,440 are very challenging with my own company. You know, we 705 00:35:34,440 --> 00:35:36,519 can spend six months with the company and their procurement 706 00:35:36,519 --> 00:35:37,920 team just trying to get them to pay us for 707 00:35:38,000 --> 00:35:39,960 the legal agreement they already signed up for and the 708 00:35:40,000 --> 00:35:42,760 services they're paying for. It's a challenge, I get it. 709 00:35:43,559 --> 00:35:46,559 So let's create a system by which the curement team 710 00:35:46,719 --> 00:35:48,480 has to pay it because the legal team will show 711 00:35:48,519 --> 00:35:50,639 up and say, hey, you know this open source thing, 712 00:35:50,880 --> 00:35:52,840 we already went through our time and figured out how 713 00:35:52,840 --> 00:35:55,159 to deal with open source. Now you, as a procurement team, 714 00:35:55,559 --> 00:35:58,119 you now need to figure out how to deal with 715 00:35:58,239 --> 00:36:01,119 open source projects that require this maintenance because you have 716 00:36:01,199 --> 00:36:03,480 to pay them because the license says that you have to. 717 00:36:03,599 --> 00:36:07,400 Speaker 1: And for big businesses with lawyers, I think that's probably 718 00:36:07,639 --> 00:36:11,159 a valid thing. What about all the small businesses. 719 00:36:10,679 --> 00:36:12,679 Speaker 2: But that's that's who we want to pay. 720 00:36:12,840 --> 00:36:14,960 Speaker 1: But what about a small business that's making a million 721 00:36:15,000 --> 00:36:17,159 dollars a year and it's Joe and his wife and 722 00:36:17,360 --> 00:36:19,360 they don't have lawyers. You know, maybe they do, but 723 00:36:19,960 --> 00:36:21,760 they're going to take the chance. How are you going 724 00:36:21,800 --> 00:36:23,639 to enforce? How are you going to enforce it? 725 00:36:23,800 --> 00:36:28,280 Speaker 3: So I've been slow walking the enforcement past the legal 726 00:36:29,199 --> 00:36:32,159 requirements that will hopefully build the structure that everything else 727 00:36:32,199 --> 00:36:36,280 stands on. Okay, I've had people ask, hey, what do 728 00:36:36,320 --> 00:36:39,360 you do with the issues in the Wicks tool set. 729 00:36:39,440 --> 00:36:41,840 We've called out that you check a box if you're 730 00:36:41,960 --> 00:36:44,519 using money and you go through our templates, it says 731 00:36:44,719 --> 00:36:47,519 you're using this for monetary value. Check the box it 732 00:36:47,519 --> 00:36:50,920 says you are sponsoring the project. So we're getting the 733 00:36:51,159 --> 00:36:52,679 education and awareness out there. 734 00:36:52,719 --> 00:36:53,000 Speaker 2: Now. 735 00:36:54,280 --> 00:36:59,039 Speaker 3: There are some projects that I saw that lock their 736 00:36:59,159 --> 00:37:01,719 issue tracker unless you sponsor. 737 00:37:01,519 --> 00:37:03,000 Speaker 2: So you can't submit an issue. 738 00:37:03,920 --> 00:37:05,519 Speaker 3: Enter that, you can't submit the issues, you can't get 739 00:37:05,559 --> 00:37:09,840 the issues unless you sponsor the projects. That's doable through 740 00:37:09,920 --> 00:37:12,159 GitHub sponsors. Straight up, that's. 741 00:37:11,920 --> 00:37:15,199 Speaker 1: Only if you're making money, right What about the student who. 742 00:37:15,079 --> 00:37:18,760 Speaker 3: Isn't Again, So that's the challenge of the enforcement on 743 00:37:18,760 --> 00:37:21,119 that front for people that aren't making money. We have 744 00:37:21,159 --> 00:37:23,880 to find a place in there. After I made this announcement, 745 00:37:24,599 --> 00:37:27,719 the GitHub sponsors lead reached out to me and we 746 00:37:27,760 --> 00:37:30,719 had some conversations about what could be done. So there, 747 00:37:31,440 --> 00:37:33,639 what I'm saying is right now, we're in the beginning, 748 00:37:33,880 --> 00:37:38,000 and I want to start the enforcement by assuming that 749 00:37:38,679 --> 00:37:41,840 the developers that said I want to be able to 750 00:37:42,320 --> 00:37:44,760 help you and maintain your project, but I can't get 751 00:37:44,760 --> 00:37:48,960 through procurement now have the tool they need to go 752 00:37:49,039 --> 00:37:51,079 to their legal team and say, I now need to 753 00:37:51,119 --> 00:37:54,239 pay this project because it has a legal requirement. Please 754 00:37:54,280 --> 00:37:57,159 help me solve this issue with the procurement team. 755 00:37:57,559 --> 00:38:01,039 Speaker 2: And people have told me, but also coming to them 756 00:38:01,079 --> 00:38:04,039 with the documents to say here's how it solved exactly. 757 00:38:04,199 --> 00:38:07,719 Speaker 3: Yeah, it's not. Before it was like, you know, let's 758 00:38:07,719 --> 00:38:10,039 say as an individual contributed company and you're using this 759 00:38:10,079 --> 00:38:11,920 project that you want to support it, and you're like, yes, 760 00:38:12,440 --> 00:38:13,880 I want to help them, and you go to your 761 00:38:13,920 --> 00:38:16,119 boss and your boss says, no, dude, too much work. 762 00:38:16,320 --> 00:38:19,119 Let's not bother. Just just go do it and be done. 763 00:38:20,280 --> 00:38:23,039 Now you're able to go to the boss and boss say, hey, boss, 764 00:38:23,159 --> 00:38:25,400 there's now this legal requirement. We have to do this. 765 00:38:26,119 --> 00:38:27,960 Boss will be like, well, if we're going to continue 766 00:38:28,000 --> 00:38:29,639 this project, we have to go do with legal, we 767 00:38:29,679 --> 00:38:31,800 have to go do with procurement. They now have that tool, 768 00:38:32,159 --> 00:38:34,280 will they maybe say, you know what, forget it. Let's 769 00:38:34,320 --> 00:38:37,039 just go use a different project that's free, that doesn't 770 00:38:37,079 --> 00:38:41,280 have this open source maintenance fee. Absolutely, that may absolutely happen. 771 00:38:41,320 --> 00:38:44,320 Speaker 1: So I have ideas. I have some ideas, which always 772 00:38:44,360 --> 00:38:47,920 happens when I have these great conversations with guys like you. 773 00:38:47,960 --> 00:38:51,400 But one idea is to have a sort of an 774 00:38:51,400 --> 00:38:57,039 outside agency that does enforcement. And I don't because I think, 775 00:38:57,159 --> 00:39:00,079 you know, software developers, they don't want to be in 776 00:39:00,119 --> 00:39:03,199 that position. You know, nobody wants to be the bad 777 00:39:03,239 --> 00:39:06,039 guy and have to on top of having to write 778 00:39:06,079 --> 00:39:08,239 good code. Now you got to wake up every morning 779 00:39:08,280 --> 00:39:10,679 and wonder who's not paying me that needs to be 780 00:39:10,679 --> 00:39:14,239 paying me. So an outside agency is not like a 781 00:39:14,400 --> 00:39:17,199 union or something, but just somebody that works on behalf 782 00:39:17,280 --> 00:39:21,599 of contributors to enforce this. The other thing that I 783 00:39:21,639 --> 00:39:24,920 was thinking of was is gone from my head. It's 784 00:39:24,960 --> 00:39:25,360 just gone. 785 00:39:25,599 --> 00:39:28,920 Speaker 3: These ideas are great. I want the ideas, and honestly, 786 00:39:29,880 --> 00:39:32,199 if someone comes up with an idea and is inspired 787 00:39:32,239 --> 00:39:35,360 by the open Source Maintenance Fee and says, ah, this 788 00:39:35,440 --> 00:39:38,000 is a good idea, but it is fatally flawed this way. 789 00:39:38,039 --> 00:39:41,079 But I can create a system that works better. I 790 00:39:41,119 --> 00:39:44,159 hope that happens. Or people say, hey, here are different 791 00:39:44,199 --> 00:39:47,880 ways that you can do enforcement with the structure that 792 00:39:47,880 --> 00:39:50,239 the open Source Maintenance fee happens, I'm going to write 793 00:39:50,239 --> 00:39:52,880 them down. I have a discussion list on the open 794 00:39:52,880 --> 00:39:55,039 Source Maintenance Fee dot org. It says, hey, if you 795 00:39:55,079 --> 00:39:57,719 have more facts that your more ideas, you want to add, 796 00:39:57,960 --> 00:40:00,880 more questions that need to be answered, let's put them 797 00:40:00,960 --> 00:40:03,280 up there. There is a place to have the conversation 798 00:40:03,440 --> 00:40:06,079 to say, here's what we need to do. And I 799 00:40:06,239 --> 00:40:09,079 want to be really clear. The Wix tool set is 800 00:40:09,079 --> 00:40:12,239 the first project to apply the open Source Maintenance Fee, 801 00:40:12,280 --> 00:40:15,000 and we did so on the seventh, so a week 802 00:40:15,039 --> 00:40:16,119 ago today. 803 00:40:15,840 --> 00:40:18,199 Speaker 2: The seventh of April, of April of. 804 00:40:18,199 --> 00:40:20,360 Speaker 3: Twenty twenty five, the seventh of April twenty twenty five, 805 00:40:20,360 --> 00:40:24,159 so a week ago today. That has put all the 806 00:40:24,199 --> 00:40:26,679 pieces in place, and I've been then using that experience 807 00:40:26,719 --> 00:40:30,239 to update the step by step list for maintainers on 808 00:40:30,280 --> 00:40:33,039 the open Source Maintenance Fee dot org site. So if 809 00:40:33,039 --> 00:40:34,760 you want to go through it. It just lays out 810 00:40:34,800 --> 00:40:37,000 all the five or seventh steps you have to do 811 00:40:37,320 --> 00:40:38,039 to work your way through. 812 00:40:38,079 --> 00:40:40,400 Speaker 1: It's really cool, right, so I found I remembered the 813 00:40:40,440 --> 00:40:43,639 second idea. Okay, the second idea was to require by 814 00:40:43,760 --> 00:40:48,599 law companies to publish as software bill of materials. So 815 00:40:48,760 --> 00:40:51,440 on every website in there about page or whatever, there 816 00:40:51,480 --> 00:40:53,960 should be a link to a s bomb page and 817 00:40:54,000 --> 00:40:57,280 then every dependency that they've taken must be listed there. 818 00:40:57,840 --> 00:40:59,880 And that way would it be easier for an auditor, 819 00:40:59,880 --> 00:41:01,719 even if the auditor was GitHub? 820 00:41:02,039 --> 00:41:03,039 Speaker 2: Right yep, you know. 821 00:41:03,119 --> 00:41:05,840 Speaker 1: GitHub seems like the logical place where this kind of 822 00:41:05,880 --> 00:41:09,079 thing would happen for getthub repost. But maybe in another place. 823 00:41:09,119 --> 00:41:09,519 I don't know. 824 00:41:09,719 --> 00:41:12,159 Speaker 3: I actually had someone ask me if we would try 825 00:41:12,199 --> 00:41:16,519 to get an SPDX identifier for the OSMF. 826 00:41:16,639 --> 00:41:16,719 Speaker 2: So. 827 00:41:17,159 --> 00:41:24,159 Speaker 3: SPDX is the software what identity system They have a 828 00:41:24,199 --> 00:41:26,239 way of saying s bombs. Basically, they're one of the 829 00:41:26,360 --> 00:41:29,400 standards for specifying s bombs and one of the big 830 00:41:29,519 --> 00:41:32,519 features they've provided are the standard list for all the 831 00:41:32,599 --> 00:41:34,320 various open source licenses out there. 832 00:41:34,360 --> 00:41:38,159 Speaker 1: Because it's advantageous for every software company to have an 833 00:41:38,280 --> 00:41:42,760 s bomb, right Yes, it's absolutely advantageous to them. Yes, 834 00:41:42,800 --> 00:41:45,440 because of security problems, right, and so you know when 835 00:41:45,480 --> 00:41:47,480 there's a problem, oh, we're using. 836 00:41:47,239 --> 00:41:50,079 Speaker 3: That, right. And if the maintenance fee was in SPDX, 837 00:41:50,599 --> 00:41:53,480 then you would just use the identifier and then you'd know, hey, 838 00:41:53,480 --> 00:41:55,559 they're already doing this, and they would they'd all roll 839 00:41:55,599 --> 00:41:58,239 down the direction that you're saying. Now. Yeah, there's only 840 00:41:58,239 --> 00:42:00,559 one project using the open source maintenance fee right now, 841 00:42:00,880 --> 00:42:05,199 and we are slowly working our way through the experience 842 00:42:05,239 --> 00:42:08,960 of what does it mean to do so? And enforcement 843 00:42:09,039 --> 00:42:12,760 is an area where I'm trying to be extremely respectful 844 00:42:12,800 --> 00:42:17,880 to the challenges that I know individual developers will have 845 00:42:18,360 --> 00:42:21,920 inside their companies. I worked in Microsoft, I know big 846 00:42:21,960 --> 00:42:25,199 company challenges. I spent a lot of time with lawyers 847 00:42:25,320 --> 00:42:26,800 when I was first trying to get the WISK tools 848 00:42:26,800 --> 00:42:29,039 set released as an open source I think part of 849 00:42:29,079 --> 00:42:31,880 that training helped me design the open source maintenance fee 850 00:42:32,719 --> 00:42:34,880 is learn how to use lawyers to help you get 851 00:42:34,920 --> 00:42:39,280 a problem solved. Where we go through enforcement is a question. 852 00:42:40,519 --> 00:42:44,400 I think getting the first foundation and then normalizing the 853 00:42:44,480 --> 00:42:49,800 idea that maintainers should be paid to maintain the projects, 854 00:42:50,519 --> 00:42:53,559 and that if you don't want to use the project, 855 00:42:53,679 --> 00:42:57,039 and you don't want to pay a maintainer money for 856 00:42:57,320 --> 00:42:59,480 them maintaining the project, then you can go take the 857 00:42:59,519 --> 00:43:02,400 source code because it's still available, it's still a source. 858 00:43:02,679 --> 00:43:05,519 You can go take the source code and maintain it yourself, 859 00:43:06,280 --> 00:43:08,000 which is the alternative. 860 00:43:07,519 --> 00:43:10,239 Speaker 1: You know, in the interest of security. This is the 861 00:43:10,239 --> 00:43:13,480 same reason that that bill got pass that requires everybody 862 00:43:13,519 --> 00:43:17,400 to allow cookies, yes or no. Right that is required 863 00:43:17,440 --> 00:43:20,880 by law right in GDPR. Yeah, the GDPR. And so 864 00:43:22,119 --> 00:43:25,320 just like that the way that got passed, this could 865 00:43:25,320 --> 00:43:27,960 be you know, you you must have an s bomb 866 00:43:28,119 --> 00:43:30,039 and you must be able to well. 867 00:43:29,920 --> 00:43:32,920 Speaker 2: I would point out that that is not enforced. No 868 00:43:32,960 --> 00:43:36,079 one has ever been charged for not doing that. Yeah, so, 869 00:43:36,880 --> 00:43:39,079 and yet lots of people have done it. Like enforcement 870 00:43:39,119 --> 00:43:41,840 is a separate issue here, yea, And I would argue 871 00:43:42,159 --> 00:43:46,519 long before you get to anywhere near that, you can 872 00:43:46,639 --> 00:43:50,079 have nudges from within GitHub. Like the main thing we're 873 00:43:50,079 --> 00:43:53,039 hoping for is a get hub. Here is poke at 874 00:43:53,320 --> 00:43:58,480 obvious large organizations that are utilizing these resources to write, Hey, 875 00:43:58,679 --> 00:44:00,000 you know you should be making a contry. 876 00:44:00,280 --> 00:44:03,719 Speaker 3: Here is the path and to basically put a system 877 00:44:03,760 --> 00:44:06,760 in place that starts allowing people to do the right thing. 878 00:44:07,079 --> 00:44:09,960 Speaker 2: Yeah, make it reduced to friction doing the right thing. 879 00:44:10,119 --> 00:44:12,800 Speaker 3: He says, Look, you have to do this. So now 880 00:44:13,039 --> 00:44:14,880 the people that want to do the right thing are 881 00:44:14,920 --> 00:44:18,199 now empowered to go take care of the larger systems 882 00:44:18,519 --> 00:44:22,000 that naturally would not change or continue to run the 883 00:44:22,000 --> 00:44:25,119 way they do. And we will continue to have large 884 00:44:25,159 --> 00:44:28,280 companies with their procurement systems which are designed not to 885 00:44:28,320 --> 00:44:32,840 spend money to you know, not spend money on maintainers 886 00:44:33,199 --> 00:44:36,519 for these projects. I mean. One of the interesting comments 887 00:44:36,559 --> 00:44:40,000 I got very recently was someone left a comment saying, hey, 888 00:44:40,679 --> 00:44:44,119 I will need some extra verification of to give you money. 889 00:44:44,159 --> 00:44:46,400 I will need some extra verification to know that you're 890 00:44:46,440 --> 00:44:49,440 not a terrorist organization, right right, because my procurement team 891 00:44:49,480 --> 00:44:53,880 can't fund terrorist organizations. And I was like, sure, whatever 892 00:44:53,920 --> 00:44:57,000 you need, let me know, we'll answer those questions. But 893 00:44:57,039 --> 00:45:00,079 then I stopped and said, it is harder for the 894 00:45:00,000 --> 00:45:04,000 the procurement team. The procurement team has higher standards than 895 00:45:04,159 --> 00:45:06,840 the developers do for taking the code, like you already 896 00:45:06,840 --> 00:45:10,760 took the code the binary code usually and are using it, 897 00:45:11,280 --> 00:45:13,719 and I don't remember a background check or anything like 898 00:45:13,760 --> 00:45:17,079 that to take the bus. I heard terror because I 899 00:45:17,320 --> 00:45:19,559 use my code. What we have done is create some 900 00:45:19,719 --> 00:45:24,159 artificially high bar on the procurement and the sustaining the 901 00:45:24,239 --> 00:45:27,880 project if projects want to be sustained by money, and 902 00:45:28,360 --> 00:45:30,039 the way that you can take the code into the 903 00:45:30,039 --> 00:45:33,119 sources world. And we've also created a culture where I 904 00:45:33,360 --> 00:45:36,000 just take it and I don't have to do anything 905 00:45:36,039 --> 00:45:37,239 else after that. 906 00:45:36,840 --> 00:45:39,840 Speaker 2: Well, and there's an advantage to that too, because you 907 00:45:39,920 --> 00:45:42,199 want to take it out for a spin. You want 908 00:45:42,239 --> 00:45:44,440 to prove that it's valuable to the organization, Like you 909 00:45:44,519 --> 00:45:46,360 need to get to a place before you even have 910 00:45:46,400 --> 00:45:49,000 the conversation about you know, do I want to spend 911 00:45:49,039 --> 00:45:51,679 money on this or not? I mean, I do appreciate 912 00:45:51,760 --> 00:45:54,800 and I've included the link to how wix tool sets 913 00:45:54,800 --> 00:45:56,840 maintenance fee is set up where it's based on the 914 00:45:56,880 --> 00:45:58,840 size of the organization with the size of the contribution. 915 00:45:59,000 --> 00:46:02,519 Is because this now roll the other way where a 916 00:46:02,719 --> 00:46:06,760 CFO should be able to go to gethub and say, hey, 917 00:46:07,360 --> 00:46:11,480 what libraries is my company using? What is the total 918 00:46:11,519 --> 00:46:14,880 fee I should be paying. My experience with CFOs is 919 00:46:15,280 --> 00:46:17,679 they'll kind of check once a year, but don't make 920 00:46:17,719 --> 00:46:19,119 it more complicated than that. 921 00:46:19,599 --> 00:46:22,440 Speaker 3: And so we fell upon I fell upon GitHub sponsors 922 00:46:22,480 --> 00:46:25,519 because it was very straightforward for a lot of maintainers 923 00:46:25,559 --> 00:46:29,199 to be able to access that directly without having to 924 00:46:29,199 --> 00:46:31,559 do a whole lot of extra work. And also because 925 00:46:31,599 --> 00:46:35,840 gethub sponsors has may have relationships has larritionships a lot 926 00:46:35,880 --> 00:46:40,679 of companies through their enterprise system, and through that enterprise system, 927 00:46:40,800 --> 00:46:44,280 you can say pay for sponsorships by invoice. It doesn't 928 00:46:44,280 --> 00:46:46,159 have to be a credit card. So you can walk up 929 00:46:46,199 --> 00:46:49,039 with an invoice to get Hub and say here, I 930 00:46:49,119 --> 00:46:51,320 want you know, give me. I think the minimum invoice 931 00:46:51,320 --> 00:46:53,159 is like five thousand dollars. It's a pretty large number. 932 00:46:53,159 --> 00:46:55,920 But you can pay an invoice in bulk and know 933 00:46:56,199 --> 00:46:58,519 I will pay my maintenance fees, you know, in bulk 934 00:46:58,599 --> 00:47:01,320 for this amount of time for all projects. 935 00:47:01,800 --> 00:47:03,400 Speaker 2: Yeah, so GitHub will disperse it. 936 00:47:03,440 --> 00:47:04,079 Speaker 3: There's a process. 937 00:47:04,320 --> 00:47:06,719 Speaker 2: Well that's important, right, Like that's the important part of it. 938 00:47:06,760 --> 00:47:08,840 Speaker 3: And it can also wire straight into your enterprise buss. 939 00:47:08,880 --> 00:47:12,039 So if you're already paying for repose and you know 940 00:47:12,280 --> 00:47:15,320 actions and all time, and you know space inside GitHub 941 00:47:15,719 --> 00:47:18,320 with they already have that, then your sponsors just end 942 00:47:18,400 --> 00:47:22,079 up as line items inside that nice payment system. 943 00:47:22,119 --> 00:47:22,519 Speaker 2: Already. 944 00:47:22,679 --> 00:47:24,960 Speaker 1: I'll tell you what we don't want. We don't want 945 00:47:25,039 --> 00:47:30,679 the Spotify model. Like imagine GitHub. In order for you 946 00:47:30,719 --> 00:47:33,400 to access any of this open store of source stuff, 947 00:47:33,800 --> 00:47:36,039 you'd have to pay GitHub, you know, ten dollars a 948 00:47:36,039 --> 00:47:38,840 month or thirty dollars a month or whatever, and then 949 00:47:38,880 --> 00:47:41,239 you can use whatever you want for free, and then 950 00:47:41,320 --> 00:47:44,760 that gets dispersed among all of the projects. Like that 951 00:47:44,840 --> 00:47:48,440 model is horrible. It's horrible for the music business, and 952 00:47:48,480 --> 00:47:50,880 it would be even more horrible for the software business. 953 00:47:51,159 --> 00:47:53,119 I'm just the anti patterns are community. 954 00:47:53,199 --> 00:47:55,719 Speaker 3: I've seen proposals for doing that through like Newgate, like 955 00:47:56,239 --> 00:47:58,719 nugat would get a bulk upload and then send out 956 00:47:58,760 --> 00:47:59,880 whoever has most downloads. 957 00:48:00,079 --> 00:48:01,000 Speaker 2: I don't like that at all. 958 00:48:01,360 --> 00:48:03,840 Speaker 3: I don't like any of those systems either, because they 959 00:48:03,880 --> 00:48:06,559 all can be gamed. With the numbers. With the open 960 00:48:06,599 --> 00:48:09,000 source maintenance fee, you basically say, here are the projects 961 00:48:09,039 --> 00:48:12,480 I use. Whatever you know in your package reference or 962 00:48:12,480 --> 00:48:14,360 your package cafig. If you're still using that, you look 963 00:48:14,400 --> 00:48:17,440 at your packages you depend on. You chose them. They 964 00:48:17,480 --> 00:48:19,119 didn't get in there because someone out of them. You 965 00:48:19,199 --> 00:48:21,360 chose them. You go to each others project, you go, oh, 966 00:48:21,480 --> 00:48:22,760 there's the fee for that one. There's a feed for 967 00:48:22,800 --> 00:48:24,039 that win there's a feed for that, and there's a fee, 968 00:48:24,039 --> 00:48:26,320 but there all of the things that I use and 969 00:48:26,320 --> 00:48:28,719 the people that I depend on, I've now paid the fee. 970 00:48:29,440 --> 00:48:31,719 You're done. You don't have to go down some crazy train, 971 00:48:32,159 --> 00:48:33,199 you know, tree. 972 00:48:32,920 --> 00:48:36,880 Speaker 2: And ultimately the maintainers are setting the fear for their projects. 973 00:48:36,920 --> 00:48:37,239 Speaker 3: Correct. 974 00:48:37,280 --> 00:48:40,079 Speaker 2: And if you don't like that fee, don't use that project. 975 00:48:40,159 --> 00:48:42,800 Speaker 3: Right, if a fee is like ten thousand dollars per month, 976 00:48:42,920 --> 00:48:45,519 you might go, hmm, I think I can have an 977 00:48:45,559 --> 00:48:49,280 engineer use that source FEDE and maintain it myself and 978 00:48:49,360 --> 00:48:51,760 all the overhead that goes with staying on top of 979 00:48:51,760 --> 00:48:54,840 the source code, being awarable, security vulnerabilities, that whole list 980 00:48:54,880 --> 00:48:57,400 I brought back. You're like, yeah, that makes sense. But 981 00:48:57,920 --> 00:49:01,639 for a small company, ten dollars And I've had many 982 00:49:01,719 --> 00:49:05,639 business people tell me ten dollars is too low, just flat. 983 00:49:05,840 --> 00:49:09,159 Speaker 1: That depends on depends on the value right that you're providing, correct. 984 00:49:09,199 --> 00:49:12,000 Speaker 3: And so the Wix toolset I use as a tiered model. 985 00:49:12,039 --> 00:49:13,760 So we're going to try to also show that where 986 00:49:13,800 --> 00:49:16,440 if you're a small company less than twenty people, it's ten, 987 00:49:16,519 --> 00:49:19,320 if you're twenty to one hundred people, it's forty. And 988 00:49:19,360 --> 00:49:21,920 if you're over that at sixty. That tiered model basic 989 00:49:21,960 --> 00:49:23,599 to say that you're getting more value out of it 990 00:49:23,599 --> 00:49:28,320 as a bigger company, that those tiering systems will see 991 00:49:28,320 --> 00:49:30,360 how all that works. But the goal is basically, look, 992 00:49:30,440 --> 00:49:32,400 nobody's arguing that ten dollars is too much. 993 00:49:32,480 --> 00:49:34,920 Speaker 2: Yeah, right, like it just if it is. 994 00:49:35,000 --> 00:49:38,000 Speaker 3: It's like a dev at one hundred thousand dollars a year, 995 00:49:38,039 --> 00:49:39,800 it's like two hours of their time for the year. 996 00:49:40,360 --> 00:49:42,400 So if you can take the source code, build it, 997 00:49:43,000 --> 00:49:45,119 maintain it, keep up the date on all those things 998 00:49:45,119 --> 00:49:46,960 for less than two dollars per year, then that your 999 00:49:47,000 --> 00:49:49,719 procurement team's right. You should copy the code and maintain 1000 00:49:49,719 --> 00:49:53,559 it yourself, right, right, But two hours is not a 1001 00:49:53,559 --> 00:49:56,159 lot of time to keep up even build a project 1002 00:49:56,199 --> 00:49:58,480 and keep tracking. Come on, it doesn't work, and that's 1003 00:49:58,480 --> 00:50:01,159 why we want maintainers. Do you see the reactions when 1004 00:50:01,159 --> 00:50:04,480 other projects say, hey, we're gonna not be open source anymore. 1005 00:50:04,800 --> 00:50:07,079 You can see people being upset. She's like, look, you 1006 00:50:07,119 --> 00:50:09,639 have the source code, you can build it, and they're like, oh, 1007 00:50:09,719 --> 00:50:11,679 that takes work. I'm like, wait, so. 1008 00:50:11,719 --> 00:50:14,239 Speaker 2: You know it takes work. You know enough to know 1009 00:50:14,320 --> 00:50:15,480 why I'm where I am. 1010 00:50:15,519 --> 00:50:18,480 Speaker 3: You're complaining that it takes work, but we're not doing 1011 00:50:18,519 --> 00:50:21,760 anything to support the people doing that work. And I 1012 00:50:21,800 --> 00:50:23,800 want to be really, really really clear, because I don't 1013 00:50:23,800 --> 00:50:26,559 think I've said this yet. These are not support contracts. 1014 00:50:26,800 --> 00:50:29,159 These are not I if you're going to get fixed 1015 00:50:29,159 --> 00:50:31,239 my bugs, you're going to fix my features, you're going 1016 00:50:31,320 --> 00:50:34,000 to write the code. It's not that, it's essentially the 1017 00:50:34,039 --> 00:50:36,920 work it takes to keep a project running that people 1018 00:50:36,960 --> 00:50:38,559 don't see. I know a lot of people don't even 1019 00:50:38,599 --> 00:50:41,440 know that's there, but just sucks up so much time 1020 00:50:41,480 --> 00:50:43,920 of a Maintainer's so much energy out of a maintainer. 1021 00:50:44,039 --> 00:50:47,000 Speaker 1: Have you published the documents and the mechanisms to go 1022 00:50:47,039 --> 00:50:49,679 ahead and do this in your own projects? Like if 1023 00:50:49,719 --> 00:50:52,480 somebody's listening and they say, yeah, I want to implement 1024 00:50:52,519 --> 00:50:54,719 this in my project, do you have a little zip 1025 00:50:54,719 --> 00:50:57,360 file they can download and with instructions and everything. 1026 00:50:57,400 --> 00:50:57,559 Speaker 2: Yeah. 1027 00:50:57,599 --> 00:51:00,199 Speaker 3: So if you go to open Source Maintenance Fee dot org, 1028 00:51:01,280 --> 00:51:03,679 you will get presented with two options at the top. 1029 00:51:03,760 --> 00:51:06,360 If you're a consumer. It explains why the open source 1030 00:51:06,400 --> 00:51:09,159 maintenance fee is there. And I have a six minute 1031 00:51:09,199 --> 00:51:13,199 video where I tell pieces of this story in one 1032 00:51:13,280 --> 00:51:15,400 unified video, and then it breaks it down with the 1033 00:51:15,440 --> 00:51:17,920 fact and things like that. There's a separate route you 1034 00:51:17,960 --> 00:51:20,679 go through as a maintainer, and that essentially lays out 1035 00:51:20,719 --> 00:51:23,400 the Hey, you're a maintainer. Here's why you should consider 1036 00:51:23,440 --> 00:51:26,400 taking a maintenance fee all the work you're doing. Because 1037 00:51:26,440 --> 00:51:28,119 when I talk to maintainers, a lot of them had 1038 00:51:28,159 --> 00:51:30,199 never thought about all the work they'd been doing. But 1039 00:51:30,280 --> 00:51:32,079 as I was talking to them, when I was first 1040 00:51:32,119 --> 00:51:33,960 vetting this idea, a lot of them would like get 1041 00:51:34,000 --> 00:51:36,000 to that point. They all start nodding, going, oh, yeah, 1042 00:51:36,039 --> 00:51:37,880 I do a lot of wow, And I thought, oh, 1043 00:51:37,880 --> 00:51:39,880 that's a lot of work, isn't it. So there's that, 1044 00:51:40,079 --> 00:51:42,599 and then there's next one is this five step process. 1045 00:51:42,639 --> 00:51:45,639 I think of the steps to do, and the first 1046 00:51:45,639 --> 00:51:49,880 step is communicate the change. Tell your community that you're 1047 00:51:49,920 --> 00:51:52,639 going to introduce a maintenance fee at some point in 1048 00:51:52,679 --> 00:51:54,519 time in the future, with the date whatever that date 1049 00:51:54,599 --> 00:51:56,519 is for your product. And then it says here's how 1050 00:51:56,519 --> 00:51:59,000 you can set up with GIOB sponsors. And then here's 1051 00:51:59,039 --> 00:52:01,239 what you do and you read me, and then here's 1052 00:52:01,280 --> 00:52:04,800 the EULA. By the way, here's a EULA already man 1053 00:52:05,280 --> 00:52:07,880 verified by the fire Giant lawyers. So if you want it, 1054 00:52:07,960 --> 00:52:10,559 you can have it. It should work for you, no problem. 1055 00:52:10,880 --> 00:52:12,960 I can't guarantee that. My lawyer won't let me tell 1056 00:52:13,000 --> 00:52:15,679 you that. We guarantee that because lawyers won't ever do that. 1057 00:52:16,119 --> 00:52:17,920 Speaker 2: You're a lawyer. 1058 00:52:18,239 --> 00:52:20,800 Speaker 3: But it's good and because we got feedback on the 1059 00:52:20,840 --> 00:52:23,440 first draft that I had up there that was not good. 1060 00:52:23,480 --> 00:52:25,400 It had problems, and I got plenty of feedback from 1061 00:52:25,440 --> 00:52:28,599 the internet that it was bad. But we fixed those bugs. 1062 00:52:28,639 --> 00:52:30,760 No problem. And then it goes through on how to 1063 00:52:30,800 --> 00:52:33,320 add the EULA to your package. And I have steps 1064 00:52:33,320 --> 00:52:38,880 for both MPM, for for MPM and for new gits 1065 00:52:38,880 --> 00:52:40,639 because those are the ones that I understand enough of 1066 00:52:40,760 --> 00:52:42,239 to do that. But if people come along and say, hey, 1067 00:52:42,280 --> 00:52:44,400 here's how I could do it for other types, I'd 1068 00:52:44,440 --> 00:52:48,079 love to get that information on the website. But it's 1069 00:52:48,320 --> 00:52:51,119 it's like a five step process. And the big one 1070 00:52:51,199 --> 00:52:55,039 up front is copy this blank you know this message, 1071 00:52:55,039 --> 00:52:57,599 replace the date, and send it to the place where 1072 00:52:57,639 --> 00:53:00,920 your people are. Create an issue, pin the top, put 1073 00:53:00,920 --> 00:53:04,000 a discussion, put at the top, say we're doing this, 1074 00:53:05,239 --> 00:53:07,079 and then you do the rest of the steps and 1075 00:53:07,159 --> 00:53:10,719 it will take you a day, I mean or two 1076 00:53:10,800 --> 00:53:13,599 to do it. It's not hard to step up. Just 1077 00:53:13,719 --> 00:53:15,360 had to get the I mean the hardest part was 1078 00:53:15,360 --> 00:53:17,920 getting the yula put together that passed all the rules. 1079 00:53:18,079 --> 00:53:20,599 Now you just copy and paste it and replace your 1080 00:53:20,639 --> 00:53:23,039 license inside your your nigga peck and had. 1081 00:53:23,159 --> 00:53:25,000 Speaker 1: I can't believe we haven't asked you this question, but 1082 00:53:25,079 --> 00:53:27,000 how did it work out for you so far? And 1083 00:53:27,159 --> 00:53:28,559 how long has it been in place? 1084 00:53:28,880 --> 00:53:30,119 Speaker 3: It's been seven days? 1085 00:53:31,280 --> 00:53:32,239 Speaker 1: Wow, Okay. 1086 00:53:32,280 --> 00:53:34,639 Speaker 3: At the point of recording, it's been in force in 1087 00:53:34,719 --> 00:53:38,239 seven days. It has been announced for a month and 1088 00:53:38,239 --> 00:53:41,360 a half ish, because I announced it four weeks right 1089 00:53:41,360 --> 00:53:42,880 after the maintenance fee was announced, which was the end 1090 00:53:42,880 --> 00:53:47,760 of February, okay. And I got a lot of feedback 1091 00:53:47,880 --> 00:53:53,639 and various questions up front, not a lot of pushback 1092 00:53:53,960 --> 00:53:58,559 on doing it, not a lot of pushback on why 1093 00:53:58,920 --> 00:54:01,679 or none of that real negativity of that. It could 1094 00:54:01,719 --> 00:54:03,320 be that they're not saying it. I'm sure they're just 1095 00:54:03,320 --> 00:54:04,920 not saying out loud they're playing people. I'm sure they're 1096 00:54:05,000 --> 00:54:06,480 very upset that we're making. 1097 00:54:06,360 --> 00:54:06,920 Speaker 2: Do this work. 1098 00:54:07,079 --> 00:54:09,159 Speaker 3: I have got the feedback from some people say, hey, 1099 00:54:09,599 --> 00:54:11,119 this is a lot of work to go through our 1100 00:54:11,199 --> 00:54:14,480 legal team and our procurement team, and I'm like yep, yep, 1101 00:54:15,119 --> 00:54:17,480 we would pay you money, but the procurement team's really 1102 00:54:17,519 --> 00:54:20,000 a problem. I'm like, yeah, I know, like, well what 1103 00:54:20,039 --> 00:54:22,000 do I do. I'm like, dude, it's your procurement team. 1104 00:54:22,639 --> 00:54:25,320 Like you're going to have to educate them, and every 1105 00:54:25,480 --> 00:54:27,840 company's procurement team needs to be educated so. 1106 00:54:28,119 --> 00:54:30,400 Speaker 2: Well, and you're going to build up more language around 1107 00:54:30,400 --> 00:54:32,639 how to talk to your procurrement team as this goes by, 1108 00:54:32,760 --> 00:54:35,719 because part of this is what's the cost of us 1109 00:54:35,760 --> 00:54:38,559 moving off of this project or maintaining itself and like 1110 00:54:38,920 --> 00:54:42,719 showing larger dollar signs to the CFO, then get this 1111 00:54:42,840 --> 00:54:45,159 through procurement so we can keep working. 1112 00:54:45,840 --> 00:54:47,800 Speaker 3: So one of the feedback I got from people was 1113 00:54:49,000 --> 00:54:50,880 our one idea I got out there was hey, be 1114 00:54:50,880 --> 00:54:52,599 cool if you had a list of companies that had 1115 00:54:52,599 --> 00:54:55,679 already adopted this as yeah, we're doing this, so I'll 1116 00:54:55,719 --> 00:54:58,960 try to go there. We're early in this, and that's 1117 00:54:58,960 --> 00:55:00,599 why I was really happy you got had me on 1118 00:55:00,639 --> 00:55:01,239 because I just. 1119 00:55:01,199 --> 00:55:04,239 Speaker 2: Wanted super early stages. I think the main thing you 1120 00:55:04,320 --> 00:55:07,920 READNACT right now, Rob, more than anything is more projects 1121 00:55:07,920 --> 00:55:08,920 to set up like this. 1122 00:55:09,159 --> 00:55:11,840 Speaker 3: Yeah, So that's my feeling is that I was That's 1123 00:55:11,880 --> 00:55:13,679 why I'm really glad you guys had me here is 1124 00:55:13,719 --> 00:55:16,800 because we can get the message out to maintainers so 1125 00:55:16,800 --> 00:55:20,559 the day can start going, Yeah, you know what I am. 1126 00:55:20,920 --> 00:55:23,719 I know exactly what he's saying. I know exactly how 1127 00:55:23,760 --> 00:55:27,360 he feels. And when I first announced this at the 1128 00:55:27,400 --> 00:55:30,840 end of February, I got so many dms from maintainers 1129 00:55:31,119 --> 00:55:33,119 and you know them, you know who they are. They 1130 00:55:33,159 --> 00:55:36,760 DM me saying this is brilliant. I was like, great, 1131 00:55:37,119 --> 00:55:38,960 but I didn't have the ule at that time, and 1132 00:55:39,519 --> 00:55:42,280 there's a leap of faith that you have to do it. 1133 00:55:42,320 --> 00:55:45,199 We've seen a couple so I want to talk about 1134 00:55:45,199 --> 00:55:47,599 the commercialization that projects has been going through, because that's 1135 00:55:47,840 --> 00:55:50,960 that's what we're kind of I'm hoping we can counter here. 1136 00:55:51,400 --> 00:55:53,800 But the idea that maintainers will be like, you know what, 1137 00:55:54,760 --> 00:55:58,280 my time is worth something, sure, and I should be 1138 00:55:58,360 --> 00:56:00,800 paid for this set of work that I am doing. 1139 00:56:00,880 --> 00:56:02,840 That actually is taking a lot of energy out of me. 1140 00:56:03,159 --> 00:56:05,199 And if I could put this into my project, I'm 1141 00:56:05,199 --> 00:56:07,880 not going to retire. I might not have enough users 1142 00:56:07,880 --> 00:56:10,519 to make a business, but one developer I talked to 1143 00:56:10,599 --> 00:56:16,800 said he probably has fifty ten to fifty companies using 1144 00:56:16,880 --> 00:56:19,000 his software. I was like, so that's like, you know, 1145 00:56:19,039 --> 00:56:22,079 one hundred to five hundred bucks a month. He's like, yeah, 1146 00:56:22,119 --> 00:56:25,440 that's about a weekend. Okay. Oh if I had five 1147 00:56:25,519 --> 00:56:27,599 hundred bucks a month that I could do something fun 1148 00:56:27,639 --> 00:56:30,440 on a weekend, then I could spend the other weekend 1149 00:56:30,719 --> 00:56:33,639 maintaining my project. Because he's just like, why am I bothering? Yeah, 1150 00:56:33,679 --> 00:56:36,159 he's and he'll walk. Those companies will be out of luck. 1151 00:56:36,480 --> 00:56:39,199 Speaker 2: But you hit on the key point, which is the 1152 00:56:39,239 --> 00:56:42,840 alternative is they head towards commercialization, which is going to 1153 00:56:42,840 --> 00:56:45,639 make it even more expensive for a bunch of people 1154 00:56:45,639 --> 00:56:48,519 who want to use this. It's going to make ask 1155 00:56:48,559 --> 00:56:50,760 a developer to do thing I maintainer, do things they 1156 00:56:50,760 --> 00:56:54,280 don't want to do, like operating a business like that. 1157 00:56:54,559 --> 00:56:57,519 That is a weaker choice. Then here's the low friction 1158 00:56:57,599 --> 00:56:59,559 way that lets everybody keep doing what they're good. 1159 00:56:59,360 --> 00:57:02,840 Speaker 3: At, and it walks away from open source, which I 1160 00:57:02,920 --> 00:57:05,360 don't want. I don't want that to be the way. 1161 00:57:05,199 --> 00:57:07,079 Speaker 2: The alternative open source starts to implode. 1162 00:57:07,159 --> 00:57:10,239 Speaker 3: Yeah right, It basically says, you know what open source failed, 1163 00:57:10,679 --> 00:57:14,239 and that requires me to say, yeah, no, that idea 1164 00:57:14,280 --> 00:57:18,199 that I had well in nineteen ninety nine, and then 1165 00:57:18,320 --> 00:57:20,840 finally made a reality in two thousand and four that 1166 00:57:20,960 --> 00:57:22,719 you know, companies should do open source and it should 1167 00:57:22,760 --> 00:57:25,039 be a thing, and people and developer should do open source. 1168 00:57:25,079 --> 00:57:27,480 You should be able to go out there and create 1169 00:57:27,519 --> 00:57:30,840 communities around your source code. Wow, that should be possible. 1170 00:57:30,880 --> 00:57:33,480 It just says no, don't or don't be successful because 1171 00:57:33,519 --> 00:57:34,599 you will end up in a space. 1172 00:57:34,760 --> 00:57:37,199 Speaker 2: Yeah, you can do it, you just won't be successful. 1173 00:57:36,760 --> 00:57:38,559 Speaker 3: Where you hate it. Yeah, just don't be successful. Don't 1174 00:57:38,719 --> 00:57:41,159 don't have your project work out because you will end 1175 00:57:41,239 --> 00:57:42,920 up in a space that you want, or if you do, 1176 00:57:43,079 --> 00:57:45,039 you have to enter that space where I don't care 1177 00:57:45,199 --> 00:57:47,159 about any of you, which is a completely different way 1178 00:57:47,199 --> 00:57:49,079 of interacting with your project and the community. It's not 1179 00:57:49,159 --> 00:57:53,360 a community. It pains me and I'm I'm very conflicted 1180 00:57:53,400 --> 00:57:57,079 in this whole space still because I'm seeing people commercializing 1181 00:57:57,119 --> 00:58:00,960 their projects. At the same time, I couldn't reach out. 1182 00:58:00,960 --> 00:58:02,840 I couldn't reach out to everybody. So I'm hoping here, 1183 00:58:02,880 --> 00:58:04,519 at least take a little maintenance fee and go you 1184 00:58:04,559 --> 00:58:06,519 know what, I will follow that because there's a list 1185 00:58:06,639 --> 00:58:08,440 or no, no, I'm going to go route like that, 1186 00:58:08,480 --> 00:58:10,760 but a different way or a different spin on it great. 1187 00:58:10,880 --> 00:58:13,039 I want to see where people go. I just want 1188 00:58:13,039 --> 00:58:15,320 maintainers to have an option that they don't have to 1189 00:58:15,360 --> 00:58:19,119 give up and commercialize or just walk away, and they 1190 00:58:19,119 --> 00:58:21,480 can have a space that you know what, I could 1191 00:58:21,519 --> 00:58:26,440 fund a bit of my world here and feel good 1192 00:58:26,599 --> 00:58:31,000 about this space and if you know, and they'll have 1193 00:58:31,039 --> 00:58:34,920 other maintainers with them. I'm out here, right. So people 1194 00:58:34,920 --> 00:58:36,360 told me I was gonna get fired at Microsoft when 1195 00:58:36,360 --> 00:58:37,480 I said I was going to try to open source 1196 00:58:37,480 --> 00:58:41,400 my little project. It didn't. I was there for eight 1197 00:58:41,440 --> 00:58:44,559 more years until I decided to retire. I'm doing this now. 1198 00:58:44,880 --> 00:58:46,760 I was afraid I was going to get lambasted off 1199 00:58:46,760 --> 00:58:50,280 the internet. I haven't been, and I hope so we 1200 00:58:50,280 --> 00:58:53,000 could do something to change the ecosystem, because that's where 1201 00:58:53,000 --> 00:58:53,519 I want us. 1202 00:58:53,880 --> 00:58:56,559 Speaker 1: Well, I have a few open source projects that are 1203 00:58:56,599 --> 00:58:59,679 popular that then I think I might visit this with 1204 00:59:01,280 --> 00:59:03,480 So yeah, I'm going to be looking through my repos 1205 00:59:03,519 --> 00:59:03,880 and it. 1206 00:59:03,760 --> 00:59:06,639 Speaker 2: Looks like a weekend's worth of work. Yeah. To learn 1207 00:59:06,679 --> 00:59:09,320 the pattern, yeah, and put it into your project. 1208 00:59:09,360 --> 00:59:12,800 Speaker 3: Yeah. Yah, Yeah, you follow pattern and if there's issues, 1209 00:59:12,880 --> 00:59:15,280 you know, send them to me and will revise the 1210 00:59:15,400 --> 00:59:16,599 document and make it better. 1211 00:59:16,679 --> 00:59:18,719 Speaker 2: Yeah. And the more we can refine the material the better. 1212 00:59:18,960 --> 00:59:23,119 Speaker 3: Yeah, yeah, exactly, it's good stuff. Yeah, that's that's the 1213 00:59:24,480 --> 00:59:26,280 I hope we can get to a better space. 1214 00:59:26,440 --> 00:59:28,079 Speaker 1: I'm sure we will at some point. 1215 00:59:28,199 --> 00:59:30,599 Speaker 3: Can I add a couple of gripes at the end here? Yeah, 1216 00:59:30,639 --> 00:59:32,159 go ahead, you could try to stick where you want, 1217 00:59:32,159 --> 00:59:34,760 all right. So one people will say it's a rug pull. 1218 00:59:35,920 --> 00:59:38,440 You're going to get that the whole open source maintenance fee, 1219 00:59:38,559 --> 00:59:41,480 any charging for anything turns into rug poole. I don't 1220 00:59:41,480 --> 00:59:43,320 have a good answer that, because they're not entirely wrong. 1221 00:59:43,440 --> 00:59:44,960 It is a bit of a rug pull. It is 1222 00:59:45,119 --> 00:59:46,639 we're changing the rules on you. 1223 00:59:46,679 --> 00:59:49,079 Speaker 2: The ultimate rug pool is a project you're depending on 1224 00:59:49,199 --> 00:59:52,159 no longer being dependent and being maintained. Right, which rug 1225 00:59:52,159 --> 00:59:53,400 pole would you like? Yeah? 1226 00:59:53,440 --> 00:59:56,360 Speaker 3: Yeah, the alternative is exactly. The alternative is they just 1227 00:59:56,400 --> 01:00:00,480 go away. And my hope is that we can get 1228 01:00:00,559 --> 01:00:02,519 out get to a place where it's no longer a 1229 01:00:02,639 --> 01:00:05,280 rug pole. Because everybody expects it that companies walk up 1230 01:00:05,280 --> 01:00:08,159 to a project, go man, this one doesn't take a 1231 01:00:08,199 --> 01:00:10,559 maintenance fee or anything. How do we know that the 1232 01:00:10,599 --> 01:00:13,320 companies the project is going to stick around for us? 1233 01:00:13,480 --> 01:00:15,039 So I'd love for us to get to the other 1234 01:00:15,079 --> 01:00:17,840 side where it's not a rug pull, it's a you 1235 01:00:17,960 --> 01:00:19,840 need to do this so that we can, like, we 1236 01:00:19,840 --> 01:00:22,000 would like to have some interaction here, so we know 1237 01:00:22,519 --> 01:00:24,679 that you'll continue to maintain this project for us. So 1238 01:00:24,679 --> 01:00:27,760 I'd love for the to turn around. Maintainers may still 1239 01:00:27,760 --> 01:00:29,400 say I don't want money, because I don't want money, 1240 01:00:29,519 --> 01:00:31,719 that's fine. I'd love for it to be turned around, 1241 01:00:31,719 --> 01:00:34,880 so it's not a rug pull. The second right is 1242 01:00:34,920 --> 01:00:38,400 that I've been seeing this a lot as the commercialization 1243 01:00:38,480 --> 01:00:42,800 has started happening, or as this whole all these issues 1244 01:00:42,840 --> 01:00:45,599 have popped up. I see people saying they shouldn't have 1245 01:00:45,679 --> 01:00:48,159 made an open source in the first place if they 1246 01:00:48,159 --> 01:00:51,000 didn't want to give it away for free, and it 1247 01:00:51,519 --> 01:00:54,199 just it. It makes me so mad. 1248 01:00:54,360 --> 01:00:56,239 Speaker 2: Is an awesome piece of ignorance there. 1249 01:00:57,039 --> 01:01:01,400 Speaker 3: Because I didn't make it open source to make it free. 1250 01:01:01,840 --> 01:01:05,239 I made it open source so that people could join 1251 01:01:05,800 --> 01:01:08,440 and we could build something right right, But that's not 1252 01:01:08,480 --> 01:01:11,280 what happened. The fact that the source code is available 1253 01:01:11,519 --> 01:01:14,239 for you to do as you wish with it, as 1254 01:01:14,280 --> 01:01:19,000 in freedom to go forth, is what this is about. 1255 01:01:19,559 --> 01:01:22,840 It was never about me giving my time away for 1256 01:01:23,079 --> 01:01:28,159 twenty five years for free and having people not appreciate it. 1257 01:01:28,199 --> 01:01:31,000 That was never the goal. And it also is never 1258 01:01:31,039 --> 01:01:32,719 the goal that we'd get to the end twenty five 1259 01:01:32,800 --> 01:01:36,480 years later and say, haha, I'm now going to charge 1260 01:01:36,519 --> 01:01:38,480 you for this thing that you become dependent on. 1261 01:01:39,519 --> 01:01:42,360 Speaker 2: That was the goal. That's what I wanted all along. 1262 01:01:42,679 --> 01:01:45,119 Speaker 1: Like, come on, well, and the fact is right, you're 1263 01:01:45,119 --> 01:01:45,599 not paying. 1264 01:01:45,880 --> 01:01:46,920 Speaker 3: No maintainer's doing that. 1265 01:01:47,320 --> 01:01:49,079 Speaker 1: You're not paying if you're not making money on it. 1266 01:01:49,079 --> 01:01:51,159 If you are making money on it, it should be 1267 01:01:51,199 --> 01:01:52,639 less of an issue exactly. 1268 01:01:52,920 --> 01:01:56,039 Speaker 3: But this whole attitude I see about. They never should 1269 01:01:56,039 --> 01:01:57,599 have made it free in the first place. 1270 01:01:57,679 --> 01:02:01,159 Speaker 1: Say just I get so torq staggering bullshit. 1271 01:02:01,280 --> 01:02:05,360 Speaker 2: That never made it free. I expected contributions. They never came. 1272 01:02:05,920 --> 01:02:10,480 Now I'm buried either pay me or contribute. Well, not anymore. 1273 01:02:11,079 --> 01:02:13,800 Speaker 3: You know, I don't even expect contributions, like like, let's 1274 01:02:13,840 --> 01:02:17,079 be like, even as a maintainer, I didn't expect contributions. 1275 01:02:17,159 --> 01:02:20,920 I wanted people talking about it, helping people participating, working together. 1276 01:02:21,320 --> 01:02:26,320 I would have my project suffered significantly in documentation because 1277 01:02:26,360 --> 01:02:29,519 I'd hope that people would contribute what they learned is 1278 01:02:29,559 --> 01:02:31,800 a great contribution and just write it down and give 1279 01:02:31,840 --> 01:02:33,599 it back to us. Nobody did that. They wrote it 1280 01:02:33,599 --> 01:02:36,159 on their own blogs in their own places, and they 1281 01:02:36,199 --> 01:02:38,480 spread it all about the internet. They never came back 1282 01:02:38,480 --> 01:02:40,920 to a project. That's probably partly a failure on my 1283 01:02:41,039 --> 01:02:43,920 maintenance of my project and my doctition and my community. 1284 01:02:44,239 --> 01:02:47,159 But the goal was that people would work together and 1285 01:02:47,159 --> 01:02:48,679 we could all be set up ninjas together. 1286 01:02:48,960 --> 01:02:49,159 Speaker 2: Yep. 1287 01:02:49,280 --> 01:02:52,239 Speaker 3: Right, those sixteen people you talked about the beginning, Yeah, 1288 01:02:52,400 --> 01:02:55,119 those my people, right, that's why we're out here, right, 1289 01:02:55,440 --> 01:02:59,559 we're making these things happen, and we are not alone. 1290 01:03:00,239 --> 01:03:02,320 And then there's way, way, way too many people are 1291 01:03:02,320 --> 01:03:03,800 out here. Well, it's free, so I'm just going to 1292 01:03:03,920 --> 01:03:06,400 use it. And I can't believe that you didn't take 1293 01:03:06,440 --> 01:03:08,800 care of I issue ten years ago when someone else 1294 01:03:08,880 --> 01:03:09,239 opened it. 1295 01:03:09,519 --> 01:03:13,400 Speaker 2: Yeah. The original mantra of the open source community was 1296 01:03:13,440 --> 01:03:18,000 this small group of peers building stuff and helping each 1297 01:03:18,039 --> 01:03:20,639 other to make it better. Right, And that's I think 1298 01:03:20,719 --> 01:03:24,199 one tenth of one percent of the audience is actually 1299 01:03:24,239 --> 01:03:26,119 out there. And I'm not saying anything bad about that. 1300 01:03:26,159 --> 01:03:28,840 It's like, but recognize where you're sitting. Yeah, there's a 1301 01:03:28,840 --> 01:03:30,880 whole other show here to talk about. How do we 1302 01:03:31,960 --> 01:03:36,039 work with contributors to just recognize their value. But we 1303 01:03:36,079 --> 01:03:38,320 can do that today. Let's work on the reality of 1304 01:03:38,320 --> 01:03:40,039 where we are right now, which is that most of 1305 01:03:40,079 --> 01:03:43,400 these open source projects have a maintainer and that person 1306 01:03:43,440 --> 01:03:44,559 needs help. Rob. 1307 01:03:44,920 --> 01:03:48,159 Speaker 1: We got to pull the clock here and say thank 1308 01:03:48,199 --> 01:03:50,920 you very much. This is great. It's a great idea, 1309 01:03:51,079 --> 01:03:54,440 it's great stuff. I hope that I can get involved 1310 01:03:54,599 --> 01:03:57,840 in it, and I hope other people listening will evaluate 1311 01:03:57,880 --> 01:04:02,320 their open source projects and see whether this makes sense 1312 01:04:02,480 --> 01:04:02,719 to you. 1313 01:04:03,039 --> 01:04:05,480 Speaker 3: It's the beginning of a conversation that we need to have. 1314 01:04:06,159 --> 01:04:09,000 I'm hoping it can unlock more ideas so that we 1315 01:04:09,159 --> 01:04:12,199 get to a place that is sustainable for all these maintainers. 1316 01:04:12,800 --> 01:04:14,400 Thanks Rob, Thanks guys. 1317 01:04:14,119 --> 01:04:16,280 Speaker 1: And thank you for listening, and we'll see you next 1318 01:04:16,320 --> 01:04:39,239 time on dot net rocks. Dot dot net Rocks is 1319 01:04:39,280 --> 01:04:43,000 brought to you by Franklin's Net and produced by Pop Studios, 1320 01:04:43,360 --> 01:04:47,400 a full service audio, video and post production facility located 1321 01:04:47,400 --> 01:04:50,360 physically in New London, Connecticut, and of course in the 1322 01:04:50,400 --> 01:04:55,480 cloud online at pwop dot com. Visit our website at 1323 01:04:55,519 --> 01:04:57,360 d O T N E t R O c k 1324 01:04:57,639 --> 01:05:02,440 S dot com for RSS feeds, downloads, mobile apps, comments, 1325 01:05:02,760 --> 01:05:05,280 and access to the full archives going back to show 1326 01:05:05,360 --> 01:05:09,079 number one, recorded in September two thousand and two. And 1327 01:05:09,199 --> 01:05:11,599 make sure you check out our sponsors. They keep us 1328 01:05:11,599 --> 01:05:15,079 in business. Now go write some code. See you next time. 1329 01:05:16,000 --> 01:05:24,880 Speaker 3: You got JAD middle vans. Then I