WEBVTT

00:00.000 --> 00:10.360
Okay, ladies and gentlemen, welcome to the first session on Sunday.

00:10.360 --> 00:18.520
I think the title is self-explanatory, but Margaret is going to take us into detail on who

00:18.520 --> 00:19.520
really pays.

00:19.520 --> 00:20.520
Thank you.

00:20.520 --> 00:21.520
Thank you.

00:21.520 --> 00:31.680
All right, thank you, and good morning, everybody.

00:31.680 --> 00:35.840
Thank you for waking up early for being here.

00:35.840 --> 00:40.480
I think we are actually early, at least according to my watch, we are early.

00:40.480 --> 00:46.120
So I expect more people will arrive that they are just cutting it very close.

00:46.120 --> 00:52.640
Or anybody that is watching on the livestream or later on on recording, it's okay

00:52.640 --> 00:56.120
that you didn't wake up early, it's very early, I know.

00:56.120 --> 01:00.200
But yeah, thank you for being here, those that are here.

01:00.200 --> 01:07.920
As it's very early, and I know many of you have not really woken up, let's start with some...

01:07.920 --> 01:11.160
This is not working.

01:11.160 --> 01:13.160
To turn it on.

01:14.160 --> 01:16.840
Yeah, yeah, now it's working.

01:16.840 --> 01:17.840
Yes.

01:17.840 --> 01:20.640
So let's start with a show of funds.

01:20.640 --> 01:28.360
So who here has ever contributed to open source bead with like a bug report, a batch, or a

01:28.360 --> 01:31.800
feature, or maintaining a whole project?

01:31.800 --> 01:32.800
Nice.

01:32.800 --> 01:36.800
Yes, we are at first and we expect open source contributors here.

01:36.800 --> 01:44.240
Now, who here is a core developer, maintainer, cometer, like you are really in charge

01:44.240 --> 01:47.120
of an open source project?

01:47.120 --> 01:49.840
Okay, yes, quite a few.

01:49.840 --> 01:56.960
Now of those that just raise your hands, who of you does this on your spare time, your

01:56.960 --> 02:01.480
nights and weekends, your time that is not paid by an employer?

02:01.480 --> 02:04.360
Okay, quite a few again.

02:04.360 --> 02:11.360
And if you just raise your hand, would you like to be paid for that work?

02:11.360 --> 02:17.040
Okay, yeah, most of you, at some note, don't, and that's fine.

02:17.040 --> 02:21.600
It's fine to want to be paid, and it's also fine to not want to be paid, right?

02:21.600 --> 02:23.800
Like both, both things are fine.

02:23.800 --> 02:29.200
All right, so before we jump into the talk a little bit about me, I'm Marga.

02:29.200 --> 02:34.320
I'm originally from Argentina, but I've been living in Germany for almost 14 years now.

02:35.160 --> 02:39.560
As a sign note, one of the reasons that I moved to Germany was so that I would be able

02:39.560 --> 02:46.440
to attend for them, because coming from Argentina for just two days seemed like way too

02:46.440 --> 02:49.240
much trouble at the time.

02:49.240 --> 02:54.080
And I did attend for them quite a few times since then, but this is actually my first

02:54.080 --> 03:00.360
talk at first and so, yeah, you know, it took me 14 years to make it on stage.

03:00.360 --> 03:05.360
So, thank you.

03:05.360 --> 03:10.520
Anyway, I've been using free and open source software for 25 years.

03:10.520 --> 03:17.240
I've been contributing for almost all of those 25 years, and I've been a deviant developer

03:17.240 --> 03:22.400
for over 20 years, so that's also very much part of my identity.

03:22.400 --> 03:30.400
Professionally, I started work at a company in Argentina, where I was a system administrator

03:30.400 --> 03:33.600
software engineer doing a little bit of everything.

03:33.600 --> 03:36.920
And then, as I said, I moved to Germany to work for Google.

03:36.920 --> 03:41.680
I worked for Google in the team that maintains the internal line of distribution that

03:41.680 --> 03:44.280
is used by Google engineers.

03:44.280 --> 03:50.600
And I worked there for eight years when I finally got tired of the corporate culture, I left.

03:50.600 --> 03:56.520
I showed in a small open source consultancy called Kingfuck, where I worked on flat-care

03:56.520 --> 03:58.520
container Linux.

03:58.520 --> 04:03.640
It was really nice because it was a company that was all about open source, but unfortunately

04:03.640 --> 04:09.680
it got acquired by Microsoft, so that was like the darkest year in my life, where I

04:09.680 --> 04:15.840
worked for Microsoft for a year, but I didn't like it, it really was not for me.

04:15.840 --> 04:22.840
So I eventually left Microsoft and joined ISOValent, which was an open core company in

04:22.840 --> 04:29.600
the Kubernetes space, doing products like Silium and Tetragon, and I worked there until

04:29.600 --> 04:32.200
they got acquired by Cisco.

04:32.200 --> 04:36.080
And I was like, I'm not joining another corporate again.

04:36.080 --> 04:43.560
So fortunately, I landed Egalia, which is also an open source consultancy, but in this case,

04:43.560 --> 04:50.360
it's workers on open source consultancy, so yeah, no risk of being acquired.

04:50.360 --> 04:55.960
All right, so why did I just go over my resume for you?

04:55.960 --> 05:02.320
It's mostly just to give you an idea of the different things that I have experience.

05:02.320 --> 05:08.440
I worked for big companies, small companies, I worked for product companies, for consultancies.

05:08.440 --> 05:13.320
So I kind of seen a bit of everything, of course I haven't seen absolutely everything

05:13.320 --> 05:18.800
that is out there, but I know how it is to work in open source, in different spaces.

05:18.800 --> 05:24.360
So this is kind of like the basis that I'm using for the rest of the talk.

05:24.360 --> 05:29.600
All right, now that's it about me, let's now talk about the problem.

05:29.600 --> 05:34.040
Why did I think this was an interesting topic to talk about?

05:34.040 --> 05:40.120
The problem or not problem starts 40 plus years ago.

05:40.120 --> 05:46.760
So when Richard Stanna created the GNU project, he was creating a project for a small group

05:46.760 --> 05:48.120
of people.

05:48.120 --> 05:54.960
There were about a thousand nodes connected to the internet, the people that were participating

05:54.960 --> 06:02.400
in the movement where sending software via tapes or disks.

06:02.400 --> 06:07.840
They were not downloading it over the internet, and everybody that was participating

06:07.840 --> 06:12.280
was very much an enthusiast.

06:12.280 --> 06:19.600
By 1991, when the GNU scanner was published, there were already around a million nodes connected

06:19.600 --> 06:20.600
to the internet.

06:20.600 --> 06:29.920
So a lot more people were able to participate, but these people were still using use net forums

06:30.000 --> 06:33.800
and downloading software via FTP.

06:33.800 --> 06:37.480
So it was still very much hacker culture, right?

06:37.480 --> 06:42.640
There were geeks, there were people that either knew what they were doing or at least they

06:42.640 --> 06:47.360
were willing to learn to be able to know what they were doing.

06:47.360 --> 06:54.080
And the expectation was that if you were using free software, you were also contributing

06:54.080 --> 06:55.080
to free software.

06:55.080 --> 06:56.080
It was a given, right?

06:56.080 --> 07:00.440
Like, a user and a contributor were the same thing.

07:00.440 --> 07:05.560
Now when we reach current times, this has gone up a lot.

07:05.560 --> 07:11.920
And actually this graph is from Wikipedia, and it's weird that it cups at like 1 billion

07:11.920 --> 07:12.920
nodes.

07:12.920 --> 07:14.560
I've been pondering why it cups there.

07:14.560 --> 07:19.400
I guess it's like most of the nodes are no longer connected to the public internet and

07:19.400 --> 07:25.280
are actually behind proxies and so on and so that's why this doesn't keep going up

07:25.280 --> 07:30.040
because we know that there's more and more devices connected to the internet today.

07:30.040 --> 07:31.240
But that's not relevant.

07:31.240 --> 07:37.960
The relevant part is that open source, unfree software has reached basically everybody, right?

07:37.960 --> 07:40.080
It has expanded together with the internet.

07:40.080 --> 07:47.040
And today you can download thousands and thousands of open source projects from the internet

07:47.120 --> 07:53.600
without ever having to interact with the containers, with the developers of the software,

07:53.600 --> 07:54.600
right?

07:54.600 --> 08:05.040
And there was actually a code audit recently that found that 97% of the software that was

08:05.040 --> 08:10.400
audited has at least one open source dependency.

08:10.400 --> 08:13.120
Basically open source is everywhere, right?

08:13.200 --> 08:17.480
We could say that open source has one, right?

08:17.480 --> 08:18.480
Woo!

08:18.480 --> 08:26.840
Yes, we have one because we are everywhere.

08:26.840 --> 08:36.040
But has it really one when like all modern digital infrastructure depends on the projects

08:36.080 --> 08:41.920
and random person in the vraska is thankfully maintaining in 2003?

08:41.920 --> 08:44.480
Probably not.

08:44.480 --> 08:50.320
And yeah, so no talk about open source sustainability is complete without this awesome comic

08:50.320 --> 08:52.320
from its KCD.

08:52.320 --> 08:59.320
But I do want to know that this comic only shows like one problematic piece and in reality

08:59.320 --> 09:02.800
we have a lot more, right?

09:02.800 --> 09:08.080
This is actually better than our reality.

09:08.080 --> 09:14.000
So open source has one in the objective of being everywhere.

09:14.000 --> 09:25.280
But we have not one in making this a sustainable model that can survive for the future.

09:25.280 --> 09:30.880
This is the part that we need to rethink.

09:31.880 --> 09:34.080
So I've been thinking about this for a while.

09:34.080 --> 09:37.320
Why is it that we are in this conundrum?

09:37.320 --> 09:44.720
And one of the things that I've been thinking about is this illusion of free on the internet

09:44.720 --> 09:48.360
today we get a lot of things for free.

09:48.360 --> 09:55.440
We get a web-made client for free, we get a search engine for free, we get social media for free.

09:55.440 --> 09:57.440
And why is it between quotes?

09:57.480 --> 10:01.480
It's been three quotes because we all know that this is not really for free.

10:01.480 --> 10:13.680
We pay for this by having to see ads and by having our data scraped and sold and bad things

10:13.680 --> 10:16.800
happening, right, without data.

10:16.800 --> 10:22.040
So it feels like it's for free, although we all know that it's not for free.

10:22.360 --> 10:29.240
Because we know it's not for free, we actually demand quality out of this product, right?

10:29.240 --> 10:36.840
That we get for free because we know that companies like Google and Meta are making money out of this product.

10:36.840 --> 10:40.840
And if they are making money, they should publish good products, right?

10:40.840 --> 10:43.560
This is how our minds operate.

10:43.560 --> 10:51.960
And this that makes sense for Google and Meta and other big companies does not make sense.

10:52.360 --> 10:57.560
For a maintainer that is doing this during their nights and weekends, right?

10:57.560 --> 11:03.000
And so this what we get for free is not always the same.

11:03.000 --> 11:09.160
But it's not easy to differentiate between one and the other.

11:09.160 --> 11:14.200
And you all that are here today probably can't tell the difference.

11:14.200 --> 11:18.760
But people that are not involved in the freeze-over movement,

11:18.760 --> 11:21.880
it's a lot harder for them to tell the difference.

11:21.880 --> 11:30.280
And so what happens is that people get in title and they feel like they have the right

11:30.280 --> 11:39.080
to demand quality out of these free things and they are not all the same.

11:39.080 --> 11:50.360
So then we come to the problem of users becoming consumers

11:50.360 --> 11:55.080
that demand quality, the expect service level agreements,

11:55.080 --> 12:00.840
accountability, security fixes, without giving anything back, right?

12:00.840 --> 12:08.760
And I'm not talking about any of you today here that woke up very early to be a twosom on a Sunday.

12:08.760 --> 12:17.480
I'm talking about the companies that are getting rich out of the immense value that has been created

12:17.480 --> 12:21.320
by the open source movement and don't give anything back, right?

12:21.320 --> 12:27.720
Companies that just make money, but don't give back with contributions,

12:27.720 --> 12:34.040
don't give back with donations, don't give back with employing free software containers.

12:35.240 --> 12:45.480
So this all taking and not giving back is creating the problem that I'm talking about today.

12:48.040 --> 12:53.400
And the problem that it's creating is the burnout of containers.

12:54.280 --> 12:57.720
So there's this quote that I found on an article.

12:58.920 --> 13:03.080
I found this article after I have been thinking about this for a long time and I found this article

13:03.080 --> 13:09.080
that talks about the same things. So if you're interested, I would really recommend reading it.

13:10.280 --> 13:15.160
I'll read this quote aloud. The risk of burnout increases when there is an imbalance

13:15.240 --> 13:20.840
between the energy or work demands of us and the resources are available to replenish it.

13:21.480 --> 13:28.760
So burnout is not just having a lot of work to do because if you are motivated and if you feel

13:28.760 --> 13:33.800
like you are replenishing your energy, you can do a lot of work and it's fine.

13:34.520 --> 13:44.280
The problem is when that work that you're doing does not then translate into satisfaction, right?

13:44.280 --> 13:51.560
If you're satisfied with what you're doing, if you have the time and the space to replenish your

13:51.560 --> 13:58.280
energy, it's fine. But when you don't, that's when burnout occurs. So this article,

13:58.280 --> 14:02.440
it was written by a psychologist or sociologist, sorry, something like that.

14:03.480 --> 14:09.320
Identified two major contributors to burnout in open source developers.

14:10.200 --> 14:16.440
The first is developers struggling to make a living and the second one is the toxic behavior

14:16.440 --> 14:24.360
from the community members wearing developers down. So to me, these two reasons, basically,

14:25.880 --> 14:33.160
are based on the same root cause that I was mentioning earlier. The members of the community

14:34.120 --> 14:40.600
are the users, the consumers, that are demanding too much from the developers without giving

14:40.600 --> 14:47.160
luck, without even thinking the developers, right? Like, lots of developers feel like they need

14:47.160 --> 14:52.920
to keep doing the work, but they don't feel like this work that they are doing is appreciated

14:52.920 --> 14:57.800
by the people that are actually receiving all of this value.

15:04.040 --> 15:09.640
And one thing I'd like to highlight is the fact that you can download the piece of software

15:09.640 --> 15:15.400
for free doesn't mean that it doesn't have value, right? And I know all of you probably know this,

15:15.400 --> 15:23.720
but it's also easy to forget. It's like, you download something, it's free and it's easy to forget.

15:23.720 --> 15:30.120
How much value is in that? All the hours, all the effort that was put into creating and

15:30.120 --> 15:36.200
maintaining the piece of software has a lot of value. And it has that value, even if it's

15:36.200 --> 15:41.640
like completely open source, even if the person that did the work did it all in their spare time,

15:42.840 --> 15:50.600
it still has a lot of value, right? It's a valuable piece of the world. And again,

15:50.600 --> 15:58.920
I know we all know this, but it's important not to forget it. And so the next step is to stop

15:59.320 --> 16:07.400
framing maintenance as more of it to you, as like, oh, it's the right thing to do, right?

16:07.400 --> 16:13.640
You created this piece of software and it's now used by hundreds of thousands of people.

16:14.840 --> 16:21.080
And yeah, it's the right thing to do. You should continue doing it for free and you shouldn't

16:21.080 --> 16:26.920
complain because you know, like you want to make the world a better place. So yeah, if you

16:27.000 --> 16:32.200
need to stay up all night fixing that security bag and yeah,

16:32.200 --> 16:36.600
nobody's going to pay you for that, but it's the right thing to do, right? So you should keep doing it.

16:36.600 --> 16:43.560
So that's not healthy. It's fine if this is something that you enjoy. If this is your passion,

16:43.560 --> 16:50.360
if this is something that you'd like to do, yes, that's great. But when it becomes a

16:50.360 --> 16:56.040
nobligation that you have to do out of guilt, then it's not rating more. And then it's when

16:56.040 --> 17:03.160
it leads to burnout, right? And so we need to stop thinking about this like the right thing to do,

17:03.720 --> 17:11.240
and thinking about this as work. And it's great if you like to do this work, but it's still work.

17:12.200 --> 17:24.680
And another factor is the maintainers are treated as vendors. And this means that companies feel

17:24.680 --> 17:32.600
entitled to send them an email saying like, oh, we need to now have compliance with our procurement

17:32.600 --> 17:38.680
of software and we need to know like all the dependencies, what security measures they are taking.

17:38.680 --> 17:43.960
So why don't you tell us what are the security measures that you're taking? These are emails that

17:43.960 --> 17:51.240
people have actually received like free software containers that are paid 0 cents by these companies,

17:51.240 --> 17:56.840
and they get emails from companies asking them to like do some kind of security audit.

17:59.080 --> 18:04.040
Who gives you any right to send me these emails, but they send the emails, right? And

18:05.000 --> 18:09.560
the maintainers don't have any kind of protections. And we all know that the licenses say,

18:09.560 --> 18:13.640
well, these comes with no warranty, right? Yeah, sure. It comes with no warranty.

18:14.360 --> 18:19.480
But companies can still send you these kind of emails, and it's not nice when you are under this

18:19.480 --> 18:24.760
kind of scrutiny. In particular, if there is some kind of security vulnerability in your software,

18:24.760 --> 18:32.120
it can become a lot of pressure from some of these super-entiled companies.

18:33.080 --> 18:39.000
So what happens if we don't fix it? Well, if we don't fix it, there's likely a lot of people that

18:39.000 --> 18:46.440
will learn out, a lot of people have already burned out. And what happens then is that this critical

18:46.440 --> 18:55.400
dependencies, this piece is that we talked about in the XKCD comment, get unmanned. And anything

18:55.400 --> 19:00.920
that can happen, right? Like there can be security vulnerabilities, there can be all kinds of problems,

19:00.920 --> 19:08.280
incompatibilities, and if we don't take care of our maintainers, they will not be able to take care

19:08.280 --> 19:17.480
of the software. All right, so and the other part of the talk is money. So how do we make money with

19:17.480 --> 19:26.120
free software? This was actually one of the first questions I had when I first learned about free software

19:26.200 --> 19:32.600
back in the year 2000. I was like, huh, and how do you make money out of it if you give

19:32.600 --> 19:38.920
this software for free, right? And the answer to that was, well, you charge for features and support.

19:39.640 --> 19:47.560
And surprisingly, or maybe not surprisingly, that's mostly the answer today. Still,

19:49.400 --> 19:54.360
25 years later, 26 years later, that's still the answer today.

19:56.600 --> 20:02.760
And so yes, as I said, like, I work at the consultancy, and this is what a consultancy does. So yes,

20:02.760 --> 20:09.640
you can charge for features and support. It is a thing, but it has a bunch of problems.

20:11.560 --> 20:15.240
One of the problems is that someone has to pay the development cost upfront,

20:16.360 --> 20:23.480
because most customers are not willing to say, oh, well, we want this piece of software.

20:24.440 --> 20:28.760
Yeah, you can develop it from scratch, and we will pay you to develop it from scratch.

20:28.760 --> 20:35.320
That it's very hard for that to happen. Instead, what happens is that someone, it can be you,

20:35.320 --> 20:40.600
or it can be someone else, right? Like, you can give support and develop features for software

20:40.600 --> 20:46.040
that someone has developed. It's fine. That's part of the open source model. And so someone

20:46.040 --> 20:50.680
has to have paid that development cost first. And when I say pay the cost,

20:51.400 --> 20:55.880
like, if you are developing this software in your nights and weekends, you are paying the cost,

20:55.880 --> 21:00.360
right? You're paying the cost with your spare time and your spare energy that you could be

21:00.360 --> 21:05.320
using for something completely different. But you're using it to develop this piece of software.

21:05.320 --> 21:11.480
That eventually, you will be able to sell support and new features and so on.

21:12.360 --> 21:18.680
But you're paying that cost. So someone needs to pay that cost upfront. And it's part of the

21:18.680 --> 21:23.720
this charge from features on support. It's part of the model. Yeah. Well, first you pay that

21:23.720 --> 21:29.800
cost upfront. And then you can charge for features on support. Then the next problem is that

21:29.800 --> 21:36.040
it's hard to get steady income. So if you're charging for features, once you develop the feature

21:37.240 --> 21:41.960
that feature is finished, and you need to find the customer willing to pay for the next feature.

21:42.760 --> 21:49.720
If you are charging for support, that's better, right? But you need to get enough customers that

21:49.720 --> 21:57.400
are add up to the containers that are supporting this software. Because customers are

21:58.360 --> 22:07.480
unlikely to want to pay for the full cost of developers, all the developers needed to support

22:07.560 --> 22:15.320
and keep maintaining the software. And finally, it's one of the first things that get cut.

22:15.320 --> 22:22.120
So if the customers for any reason are in a less good financial situation,

22:22.120 --> 22:27.800
it's very easy for them to say, oh, yeah, we have this support contract for this free software piece.

22:27.800 --> 22:33.560
Well, yeah, it's free software. Let's just not keep paying this support contract anymore.

22:34.520 --> 22:43.320
So yeah, that's like this works, but it's not easy. So of course, this is like a lot of people

22:43.320 --> 22:49.160
have realized that it's not easy. And a lot of people have tried to do business around free software

22:49.160 --> 22:56.760
and they found that it was a lot of work. So instead of doing that, they have come up with another

22:56.760 --> 23:05.320
model, which is called open core. So I haven't let you alone for a long time. So let's now do a show

23:05.320 --> 23:13.480
of hands. Who knows what is open core? All right. So most of you, but not everybody, I'm surprised.

23:13.480 --> 23:19.480
I thought it would be more. Anyway, so open core in brief is publishing some pieces of software

23:19.480 --> 23:26.280
as open source, while keeping some other pieces as close source and charging licensing cost for that

23:26.280 --> 23:34.120
other piece. There is a spectrum of open core. Not all open core software is the same. I heard

23:34.120 --> 23:42.040
someone say shit. And yeah, I mean, open core is not open source. There is a spectrum. Some,

23:42.920 --> 23:51.240
some open core is kind of like weight, right, that you're like hooking your customers into

23:51.240 --> 24:01.480
the open source piece and then reeling them into the enterprise version. But other open core

24:01.480 --> 24:06.840
is a lot nicer, where you could say, well, the open source version is kind of like the free

24:06.840 --> 24:13.560
for all weighting area and airport where the enterprise version is the VIP lounge where you have

24:13.560 --> 24:21.400
amenities and it's nicer, right. And yeah, and there's a lot of things in between. But the point

24:21.400 --> 24:31.240
is that the closed source version is not open source. And the company is paying for the open source

24:31.240 --> 24:39.160
development with the licensing fees that it's getting from the known open source. But.

24:42.360 --> 24:48.760
So I thought it would be interesting to look at the projects that are part of the CNCF

24:48.760 --> 24:55.480
landscape for those of you that are not in the Kubernetes space. The CNCF is a foundation cloud

24:55.560 --> 25:03.480
native computing foundation is a foundation inside the Linux foundation. And it has this like

25:03.480 --> 25:11.160
category of projects and you can be like incubating and and sandbox and graduated. So these ones

25:11.160 --> 25:20.200
are like the incubating and graduating graduated project of the CNCF landscape. And so I went through

25:20.200 --> 25:28.280
all of them to find out which ones were open core and which ones weren't. It took me a long time

25:28.280 --> 25:36.760
to do this. The whole train ride from Munich to Brussels. Anyway, so I found out that this ones are

25:36.760 --> 25:43.080
the ones that are open core. At least I could find that they were open core. It's not easy to find

25:43.080 --> 25:48.360
this information. They it's not like they say, hey, we are open core very big. You have to like

25:48.360 --> 25:55.560
dig in. Anyway, I thought it would be more, but still quite a number of them are open core.

25:56.280 --> 26:06.200
And then this ones were donated by companies that were using them for something. It could be that

26:06.200 --> 26:12.440
they did it like as part of their infrastructure or they did it together with some other

26:12.440 --> 26:18.200
customer and so they did some project and they created this thing and then they donated it

26:18.200 --> 26:24.040
to the CNCF. And these are like a bunch of very different companies. It includes companies like

26:24.040 --> 26:34.120
Google and Red Hat, but it also includes like Spotify or Lyft or Alibaba. So one. And then the others,

26:34.120 --> 26:40.760
the remaining ones are the ones that were developed by the community. So I think this shows a little

26:41.080 --> 26:47.000
bit of the who pays the up from cost, right? Like even the blue ones, the ones that were donated

26:47.000 --> 26:54.280
by companies, the up from post was paid by companies. So it's hard for the community to develop

26:54.280 --> 26:59.800
things. And I know there might be errors here. I did my best, but it's not super easy to find like

26:59.800 --> 27:07.880
all the information. Anyway, this was kind of anic data. And now for a different kind of anic data,

27:08.760 --> 27:14.760
there's a hashic or terraformed snafu. So show of hands who knows what this is about.

27:16.680 --> 27:24.360
Okay, not that many. Less than who knew about open core. All right. So on August 2023,

27:25.400 --> 27:31.240
hashic or announced that they were moving all of their projects to this business source license.

27:31.640 --> 27:38.360
For those that don't know, hashic or you used to have a bunch of open source projects,

27:40.200 --> 27:48.120
like terraformed and vault and a bunch of others. And at least to me, hashic or was an example

27:48.120 --> 27:53.560
of a successful open source company. They were doing open source and they were successful.

27:54.280 --> 28:02.040
Until they paid this. They switched to this bustle licenses that is not open source, right?

28:02.040 --> 28:07.240
It was a license that if you were an individual using terraformed, you were fine. But if you

28:07.240 --> 28:14.840
were building products on top of terraformed, you had to pay them. And of course, they were going

28:14.840 --> 28:22.520
after the big fish or we don't know. But we expect that they were going after the big fish,

28:22.600 --> 28:28.520
but in their going after the big fish, they also went after the small fish as well, right? So

28:28.520 --> 28:36.680
they were affecting everyone that was using their product. And this was done after, oh sorry,

28:37.480 --> 28:45.320
this was done after 10 years of having terraformed be open source. So a lot of things had been built

28:45.320 --> 28:50.360
on top of terraformed. A lot of companies were building products on top of terraformed.

28:51.080 --> 28:59.160
So what happened was that this company said, well, no, we are not going to pay to this bustle

28:59.160 --> 29:07.560
license. And so they got together and they created a fork that they first called it OpenTF,

29:07.560 --> 29:15.720
then they called it Open Tofu. Then they created this open fork. Not only is it open source,

29:15.880 --> 29:23.560
but it's also open governance. So it's really a community-based project that is not controlled

29:23.560 --> 29:30.360
by one company, but like many companies are contributing, many people from different places are

29:30.360 --> 29:41.000
contributing. And what I find the most interesting from this story is that when they started

29:41.560 --> 29:48.520
several companies committed to donating the time of their employees to this project, right?

29:48.520 --> 29:55.800
Like they committed to five years of five employees or three years of three employees. And so on.

29:55.800 --> 30:02.680
So they, they were willing to spend a lot of money because like five years of five employees,

30:02.680 --> 30:09.240
it's a lot of money. They were willing to spend a lot of money on keeping this project open source.

30:09.880 --> 30:17.400
They were not willing to pay Hashikorp for this. But so that's one interesting point.

30:17.400 --> 30:26.520
And then the other is they had not done this before, right? So when this minutes of the project

30:26.520 --> 30:35.080
going away appeared, then they were, yes, we are contributing our employees, but not before when

30:35.080 --> 30:41.160
it was owned by Hashikorp. So I don't know, I think all of this is kind of interesting.

30:43.400 --> 30:51.080
Okay, so we talked about the traditional, the open core, and now I'll just cover a few other

30:51.080 --> 30:58.360
options. There's a bunch of them. So one option is to turn to donations. So there's a bunch of ways

30:58.360 --> 31:05.800
you can ask for donations. One option is the GitHub sponsor thing. So if you are on GitHub,

31:05.800 --> 31:13.640
you can just say that you want to receive donations. And then if, as a dependency, so someone

31:13.640 --> 31:21.400
that is using your project goes to GitHub, they can check all the dependencies that are open to the

31:21.400 --> 31:25.560
donations. And they can say, oh, well, okay, so I have these 10 dependencies that are open to the

31:25.560 --> 31:34.680
nations, I will donate one URL per month to each or whatever amount, right? So that's one thing.

31:34.680 --> 31:40.440
And GitHub claims that they have distributed $40 million using this. So that's good.

31:42.200 --> 31:50.040
Then another option to ask for donations is through open collective, which is a platform that has

31:50.120 --> 31:56.760
different hosts that have collectives. It's hard to get all the terminology right, but yeah.

31:57.720 --> 32:06.120
So the open source collective, which is one of the hosts, has 2692 collectives. So a lot of collectives.

32:06.120 --> 32:12.760
And then the open collective Europe, which has open source and other things, not just open source

32:12.760 --> 32:18.840
projects, has like 400 more collectives. So all in all, it's a lot of collectives. What are these

32:18.920 --> 32:24.840
collectives? They are projects, right? Different projects. Like for example, oh, yes, the video

32:24.840 --> 32:31.800
system is there. And you can say, okay, we want to develop this feature and you can participate

32:31.800 --> 32:37.800
in the crowdfunding campaign to get enough money to develop that feature. Or you can say, well,

32:37.800 --> 32:43.800
subscribe to us. And then I'd like five euros per month. And then, like, if enough people subscribe,

32:43.800 --> 32:50.680
then that adds up to someone's salary, right? And it's great, like seeing the list of projects

32:50.680 --> 32:55.800
that are available and seeing the projects that have received donations, that's great, it's like,

32:58.200 --> 33:03.800
I think, no, yeah. It shows that a lot of people are actually donating and helping this projects

33:04.600 --> 33:11.080
be successful and helping employ developers like this projects when they reach enough money,

33:11.160 --> 33:17.480
they can employ people to work on this. And that's great. But also, it requires you to be

33:18.440 --> 33:25.160
asking for donations and constantly saying, hey, we have this page, please donate. And we have

33:25.160 --> 33:31.000
this campaign, please donate. So, like, it feels a little bit like begging, but it's working,

33:31.000 --> 33:36.680
at least for some projects. Another option is to go the route of government funding.

33:36.680 --> 33:43.960
So, NLNet is one of the organizations, not the only one. So, one of the organizations that

33:43.960 --> 33:51.320
distributes money from the European Union's next generation internet program. So, that's like a

33:51.320 --> 33:57.800
big pot of money. And you have to go through a lot of bureaucracy to get that money. So, NLNet

33:57.800 --> 34:05.960
and the other organizations that do the same facilitate this. They do most of the paperwork and they

34:05.960 --> 34:14.600
select projects that are going to receive the money. And then they give them the money and

34:14.600 --> 34:22.680
they take care of most of the bureaucracy. According to the page, the last time I saw it, like

34:23.480 --> 34:31.160
1,500 projects, 1,500 plus projects have received money through this way. And these are

34:31.160 --> 34:36.760
some of our large projects and well-known and some are not well-known projects and small projects

34:36.760 --> 34:46.040
that have proposed to do something that was deemed useful for the world. And so, they received

34:46.040 --> 34:52.520
this grant. The grants are usually not very big, but they can help a project that is struggling.

34:52.520 --> 34:59.400
They can help a project to get something done and get more features. In general, it's about

34:59.400 --> 35:05.080
developing new features or even new projects. It's not about maintaining existing software.

35:08.120 --> 35:15.080
Another government funded way of getting money is the summer intake fund, which is part of the

35:15.080 --> 35:20.520
summer intake agency. It's from the Sherman government, but actually they are helping maintain

35:20.520 --> 35:26.360
the digital infrastructure around the world. So, it's not just for German projects or German

35:26.440 --> 35:33.080
developers, but rather for the projects that make up the digital infrastructure of the world.

35:33.080 --> 35:40.440
So, they are set on making this situation that we are talking about better. And in the case of the

35:40.440 --> 35:46.760
summer intake fund, they're actually paying for maintenance. So, not for new features, but for

35:46.760 --> 35:53.240
keeping the projects well maintained. And in general, they are paying to larger

35:56.680 --> 36:10.200
projects. Yes, okay, that three was over something. All right. So, I was saying, in general, they pay

36:10.200 --> 36:18.920
larger projects. Okay. And finally, the last alternative that I want to mention is the open source

36:18.920 --> 36:26.280
pledge. This is something that started a couple of years ago and I find this initiative very interesting.

36:27.000 --> 36:36.280
So, the pledge is basically saying, we as a company, like, comment to the 19 2000 dollars per

36:36.280 --> 36:44.920
developer per year, two open source. And the companies can choose who they donate to and how they

36:44.920 --> 36:53.000
donate to. And the only thing that they need to do is donate at least 2000 dollars per developer

36:53.000 --> 37:01.160
per year per year. Some companies choose a bunch of projects that they depend on and they donate

37:01.160 --> 37:08.040
a little bit to each project. And some other companies, I've worked like the project of the month

37:08.040 --> 37:14.040
and they donate like a big amount of money to a project each month, depending which one was the

37:14.040 --> 37:23.480
project selected that month. But yeah, in the end, it has to add up to 2000 dollars per developer

37:23.480 --> 37:30.520
working at the company per year. The goal of the open source pledge is to establish a new social

37:30.520 --> 37:35.880
norm in the tech industry of company Spain, open source containers so that burnout and related

37:35.880 --> 37:42.040
security issues can become a thing of the past. So, in the abstract of my talk, it talked about

37:42.040 --> 37:49.800
acid time for an open source tax. And this is sort of like an open source tax, except it's voluntary

37:50.440 --> 37:56.440
and the company is the site who they donate to. So, it's not really how a tax would work because

37:57.640 --> 38:03.960
if it's a tax, everyone pays the tax and someone decides where the money goes. Well, this is kind of

38:03.960 --> 38:16.920
like you decide your own tax. All right, and finally, I feel like probably the most common way

38:16.920 --> 38:24.840
of making money out of free software is to be employed by a company that does something else

38:25.560 --> 38:31.720
but pays for open source developers. And I know a lot of people that are in this situation that

38:32.600 --> 38:39.160
they are working for another company for a company that is a for-profit company, but that some

38:39.160 --> 38:48.920
of their time is allocated to working on open source. It could be 20%, 30%, 50%, but to the company,

38:48.920 --> 38:55.800
it's a win-win situation because they are paying for the maintenance of this software that could be

38:55.800 --> 39:01.160
like a dependency or tool. Of course, I'm not talking about like the main core business of the company,

39:01.160 --> 39:07.000
the company should pay the developers working on its main core business, right? But like

39:07.000 --> 39:14.200
a dependency or a tool that the company is using and they give the developer the time to work

39:14.200 --> 39:20.520
on this tool and at the same time, they are getting the expertise of this person that can help them

39:20.600 --> 39:27.400
with whatever it is that the company does. So this is also a very common model of making money

39:27.400 --> 39:34.120
if you are a free software developer. All right, so we've seen a lot of different ways of making money.

39:34.840 --> 39:43.480
Is this enough? Is this enough? Not really, not really, it's not enough. It's not enough.

39:44.440 --> 39:52.200
All right, why is it not enough? No, no, you, I'm not asking you to answer. So it's not enough.

39:52.200 --> 39:56.840
It's not enough for many reasons. One of the reasons is like it's really complicated, right?

39:56.840 --> 40:04.600
Like you need to set up a collective and ask for money or you need to like run the grant application

40:04.600 --> 40:10.600
and when it runs south, like you need to correct the new grant application, which is kind of like academia.

40:10.680 --> 40:25.000
And it's, it's still complicated. But also, it's not steady, right? Like it's, it's really hard to

40:25.000 --> 40:31.560
make this. Let's say, okay, when you have a job, you have a job and you work on it and you get steady

40:31.560 --> 40:36.920
income. But all of these that we have been describing, it's, it's really hard to make it steady.

40:37.720 --> 40:47.720
But that's not the only reason it's not enough. And I want to propose here, uh, perhaps a controversial thing.

40:48.760 --> 40:56.840
Which is that this, everything that I described is about paying senior developers that are already

40:56.840 --> 41:04.120
maintaining core pieces of infrastructure. And of course, we should pay that people, those people, right? Like,

41:04.600 --> 41:12.200
for sure, I'm not saying we shouldn't. I'm saying that's not enough. Because if you only pay senior

41:12.200 --> 41:20.600
developers that are already maintaining core pieces of infrastructure, you're not giving space for

41:20.600 --> 41:29.720
people that cannot afford to work on open source in their nights and weekends, right? Being able to do

41:29.720 --> 41:37.160
a second show for free during your nights and weekends is a privilege. And it's a privilege

41:37.160 --> 41:46.280
that a lot of people don't have. In particular, women in the world, still today, are disproportionately

41:46.280 --> 41:54.760
in care, in, in charge of care taking responsibilities. So that's like, for many women, that's their

41:54.840 --> 42:06.280
second show, right? And thus, when you only pay senior developers, you're not making space for

42:06.280 --> 42:11.800
all of these people. So I know this is controversial, but I just wanted to plant the seed there

42:11.800 --> 42:21.800
of this idea. But now, I want to imagine a better world. And I want to imagine a world where we

42:22.200 --> 42:31.720
have teams of people that are paid to work on open source of work. Some are senior engineers

42:32.760 --> 42:37.880
and some are junior engineers that are coming up to speed and helping the senior engineers

42:38.920 --> 42:44.680
helping them with, like, bug reports or documentation or whatever tasks the senior engineers don't

42:44.680 --> 42:51.000
feel like doing. And so that eventually they can take over, they can create their own

42:51.960 --> 43:00.680
projects and be maintainers and so on. But also, like, all of them are paid a steady salary if they

43:00.680 --> 43:09.400
want to, right? This is the utopia that I like all of you to think about and think that this is

43:09.400 --> 43:16.360
possible, right? And you can say, well, but that's too much of a utopia and like, no, that's not really

43:17.240 --> 43:22.760
possible. But like, think back to, like, when in 1984's Dalman created a new project

43:23.800 --> 43:31.800
and the situation where we are today that we should say, like, 97% of software depends on open source,

43:31.800 --> 43:39.800
right? Well, today, we would already be in utopia, like, if you were back in 1984. So it's good

43:39.800 --> 43:45.560
to have a goal. And I think that's the goal that we should have that everybody that works in open

43:45.560 --> 43:53.320
source should be compensated if they want to, right? And I think they're still a great place for

43:53.320 --> 43:58.840
volunteer work. I'm not saying, oh, no, there shouldn't be volunteers. No, volunteers are super necessary.

43:59.800 --> 44:06.440
But if someone wants to do it as their full-time show, they should be able to do it. And that's the

44:07.240 --> 44:13.480
that's the utopia that I want to to plant. So some ideas to make that possible. I'm first

44:13.480 --> 44:20.840
on foot and then some ideas. First, remember that open source is already making the world better

44:20.840 --> 44:29.240
today that people working in open source are adding a lot of value today. And so people working

44:29.240 --> 44:35.480
in open source should be able to do it as their full-time show if they want to, right? Because we

44:35.480 --> 44:42.840
are adding a lot of value. It's not that we are begging for scraps. It's that we are asking for

44:42.840 --> 44:49.560
people to be fairly compensated for all of the value that is being added. All right. And now,

44:49.560 --> 44:59.640
some practically, yes, perhaps not so utopic. First is about companies giving back. I think the

44:59.640 --> 45:07.560
open source pledge is a great idea. This thing about it being sort of attacks, but with total freedom

45:07.560 --> 45:17.080
of who you are donating to. So if you work at a company that uses open source and hasn't signed

45:17.080 --> 45:24.120
the pledge, I invite you to talk to the management of your company and ask them to consider signing

45:24.120 --> 45:32.440
the pledge. And donating this $2,000 per developer per year. And if they say no, well, maybe

45:32.520 --> 45:37.880
donate a little bit less, right? $2,000 per developer per year may be too much. If you are

45:37.880 --> 45:43.480
in a country where that's a lot of money or if the company is not making that much money,

45:43.480 --> 45:50.680
whatever, but something. It's good to start with something. You will not get the batch of like we

45:50.680 --> 45:56.680
are in the pledge, but you can still post a blog about the donations that the company is doing for

45:56.760 --> 46:05.800
open source. And that's still good. And if possible, I would advocate for donating a steady

46:05.800 --> 46:14.440
amount every month, rather than big lumps of money to different projects. I getting steady income

46:14.440 --> 46:21.000
is more important even if it's less. Now, the next one is a little bit controversial, and it's

46:21.000 --> 46:26.040
about foundations employing developers. And it depends on the foundations, some foundations are

46:26.120 --> 46:33.080
already doing it. And it might not be controversial, but other foundations are not doing it. And so

46:33.080 --> 46:41.000
it might be controversial. But I want to invite all of you if you are part of a group that is not

46:41.000 --> 46:46.920
employing developers. And it's receiving donations, right? Like if you are in a foundation that

46:46.920 --> 46:53.320
receives donations and it's not employing developers, start to explore this subject and start to think

46:53.400 --> 47:02.920
about how could we make it work? How can we employ people and pay them for their job without

47:02.920 --> 47:07.960
discouraging volunteers? Because that's the problem, right? Like if you pay someone like are all the

47:07.960 --> 47:14.200
other volunteers going to say, oh, I'm not going to do it anymore because he's paid and I'm not paid.

47:14.200 --> 47:21.240
So yeah, I'm out. Okay, we don't want that. So we need to start thinking about this and start thinking

47:21.320 --> 47:28.760
how we can make it work. I don't have the answer, but if we stop from having the conversation

47:28.760 --> 47:34.680
because we don't have the answer, then we are never going to reach the answer, right? So please start

47:34.680 --> 47:43.080
this conversation at whatever organization you are in. And yeah, finally I have this other idea,

47:43.080 --> 47:50.120
kind of crazy, or maybe not so crazy, but there's the open source pledge. So I'm proposing the open source

47:50.280 --> 47:56.120
employment pledge, which is, well, if you are not willing to demand money, maybe you are willing

47:56.120 --> 48:06.200
to donate a time of your employees. So every 20 developers in your company, 50% of one person's

48:06.200 --> 48:15.000
time goes to them developing open source. And that 50% is like completely free of company influence,

48:15.000 --> 48:20.840
right? It's not like, oh, you work on this project, but we tell you what to do. Now, it's 50% of

48:20.840 --> 48:29.960
their time for maintaining the project, however they see fit. And so, and if the company is not willing

48:29.960 --> 48:36.200
to pay money, but they are willing to do this, that's an option. I have not created the website.

48:36.200 --> 48:41.000
You are all, like, whoever here feels the initiative to create the website, you can go and create

48:41.000 --> 48:48.920
the website. You have my blessing. I'm finally, I'm a big advocate for teams. So I feel like,

48:48.920 --> 48:56.680
if you are a solo maintainer and you are feeling a lot of pressure from keeping up with your

48:56.680 --> 49:04.360
project and you can't do it anymore, it's time to show up with other people and like help each other,

49:04.360 --> 49:09.880
right? When you need to take some time off, someone else can take over and when that someone

49:09.960 --> 49:14.440
else needs to take some time off, you can take over. So I want to invite you, if you are a

49:14.440 --> 49:22.120
solo maintainer, to try to find other people in your space and form a team. I'm a big believer in

49:22.120 --> 49:28.040
teams. All right. And with that, I'm done with this talk. Thank you very much.

49:28.120 --> 49:41.400
Thank you. I think we have, like, two, maybe three minutes for questions.

49:42.520 --> 49:44.680
So if there are some questions.

49:50.840 --> 49:55.880
So good morning, everybody. And thanks for this marvelous talk. I think for us,

49:55.880 --> 50:04.040
there needs this kind of talk some more than many others. So, thank you for your presentation.

50:04.040 --> 50:08.680
And I don't have to be brief, since I've plenty of notes about this. So first of all,

50:09.560 --> 50:15.880
voluntary text is there is not such a voluntary text. We need some unvoluntary text,

50:17.400 --> 50:25.800
particularly for big companies, since the positive externalities are so high. And this is a critical

50:26.200 --> 50:33.160
infrastructure, I keep it on time. It's a critical, such a for humanity, okay. We cannot

50:33.160 --> 50:41.320
flee for money, like road maintenance do not, do not back, okay, for money, okay. It's like

50:41.320 --> 50:47.240
road maintenance. So we need something more effective. And I think it's high time, not for reasonable

50:47.240 --> 50:55.400
proposals, but for unreasonable concrete proposals, like the part of Texas. So this is

50:55.720 --> 51:02.840
like irreseeable, defective company should believe or for this kind of stuff, but I think

51:03.560 --> 51:10.200
you want to go in the direction. So this is the first point, second point. One second, one point,

51:10.200 --> 51:18.680
at least one point. To me, your talk resonates so much with feminist theory, for instance,

51:18.680 --> 51:24.520
the difference between productive work and liberty work. And we need as developers to organize

51:24.520 --> 51:35.160
sorry, do you have a question? One second, one second. If it's more of a statement than a

51:35.160 --> 51:44.760
question, stop with your own talk. Any actual questions, please? No, no, sorry. All right,

51:44.760 --> 51:51.080
sorry, we can keep discussing, somewhere else, where should we go to keep discussing?

51:51.080 --> 51:58.440
Thank you, Mark, a great talk. Carry on the conversation after it.