WEBVTT

00:00.000 --> 00:11.280
All right, hi everyone. I'm Vlad. I'm going to talk about why and how companies should pay open

00:11.280 --> 00:16.000
source maintainers. We'll get into that. So first of all, I'll just give you a little

00:16.000 --> 00:19.520
tiny bit about myself. I work on software and philosophy, the contributes, and some

00:19.520 --> 00:24.400
way to the public good. Right now mainly working on the open source budget on thanks Dev

00:24.400 --> 00:28.720
and you're going to find out in due time what that is. I'm also doing a PhD at the University

00:28.720 --> 00:32.400
of Edinburgh and the philosophy of the exploitation mainly, and we'll see how that sort of ties

00:32.400 --> 00:38.240
into it. In case anyone's interested, I'm also a cat sitter. So, you know, come up to me. Let me know,

00:38.240 --> 00:44.000
you know. All right. So here's a general, the general just of what I'm talking about. I just want to

00:44.000 --> 00:48.400
talk about a couple of sort of ideas and also technologies that we might be able to use to make the

00:48.400 --> 00:53.600
open source ecosystem more sustainable. However, these are just some ideas that I'm keen to discuss them

00:53.600 --> 00:56.720
with you. I don't have all the answers, it's just that we have to really make more progress with

00:56.720 --> 01:04.320
this stuff because it's important. So, you know, almost all companies, you know, measurements

01:04.320 --> 01:09.520
vary, but almost all companies these open source software. Cat would occur that, you know,

01:09.520 --> 01:13.360
that this great article a while back and he said that, you know, he approximated that open source

01:13.360 --> 01:21.120
software creates around $850 billion dollars a value yearly. And, you know, if we didn't have

01:21.120 --> 01:25.040
critical open source software, we can watch YouTube videos without, like, FFMPEG, you know,

01:25.120 --> 01:28.880
you can use your phone to talk to your friends and family, you know, can get your medical records,

01:29.680 --> 01:37.600
certainly can go to Mars, right? Never the less. A lot of software is kept going by unpaid

01:37.600 --> 01:43.360
maintainers. Here we're seeing a tweet from FFMPEG saying, you know, our software is using these,

01:43.360 --> 01:47.600
like, incredibly critical applications. And we just don't, you know, FFMPEG does get some grants,

01:47.600 --> 01:51.840
but we just don't get paid by the corporations that get a huge amount of value from our software.

01:55.120 --> 01:59.920
This becomes a problem when we look into things like security issues, right? So, if this opens

01:59.920 --> 02:04.960
or software that we rely on so much as vulnerable, it can lead to really bad stuff when it's a

02:04.960 --> 02:11.440
huge part of our global supply chain. And so we saw some close calls with FFMPEG, with log

02:11.440 --> 02:14.720
for show, these are vulnerabilities, you know, just exit utos if you're not familiar, you know,

02:15.440 --> 02:22.320
hugely important open source project, the maintainers kind of doing an enormous amount of work,

02:22.320 --> 02:26.880
gets burned out and says, hey, can someone help me maintain this project? Someone shows up and says,

02:26.880 --> 02:32.000
sure, I'll help you. But they're about guy and they, you know, introduce this awful exploit into this

02:32.000 --> 02:39.280
thing that everyone uses. So that's scary. The reason this is a problem for suit for sustainability,

02:39.280 --> 02:43.120
when it comes to ping maintainers is that, you know, maintainers need to pay rent. If you don't get paid,

02:43.120 --> 02:50.560
it's very difficult to dedicate time to justify dedicating time to these projects that are often a lot

02:50.640 --> 02:55.920
of work to maintain. And yeah, that puts, you know, it's not very nice for the maintainer and also

02:55.920 --> 03:00.720
it puts a project they maintain at risk because, you know, there might not be someone to maintain it.

03:00.720 --> 03:07.360
It might be improperly maintained and so on. All right, why don't maintainers get paid? Now,

03:08.320 --> 03:14.320
basically, you know, money gets exchanged on the market, the market's exclusionary. So if you come and

03:14.320 --> 03:20.640
stay in my hotel, I will say, hey, you can stay in my hotel. If you pay me, you know,

03:20.640 --> 03:24.800
whatever the fee is, if you pay me a hundred dollars. Now, that means that I have to withhold

03:24.800 --> 03:30.160
what I'm making or what I own until you pay me an appropriate amount of money. Of course,

03:30.160 --> 03:33.520
I could just give you the hotel room, but then that wouldn't be a market transaction and it's

03:33.520 --> 03:38.240
not usually how it happens. Opusers software is very much not like that. Some might say the

03:38.240 --> 03:43.760
whole point of Opusers software is that it's not exclusionary that, you know, you have the right

03:43.760 --> 03:47.840
to sort of redistribute and use and change in all the software, but also, you know, you know,

03:47.840 --> 03:51.600
you're not supposed to stop anyone from having those freedoms, right? So in a sense, it goes

03:51.600 --> 03:57.040
counter to the market. Problem is, you pay rent on the market. So, uh-oh.

03:59.600 --> 04:04.960
Now, I want to talk a little bit about what Opusers actually is if it's not sort of part of the

04:04.960 --> 04:10.560
market economy in that sense. You know, some people say it's a gift economy. I think, you know,

04:10.640 --> 04:15.040
maybe, uh, but, you know, I don't think it's a gift economy right now. Okay, what is a gift economy?

04:15.040 --> 04:21.440
So a gift economy, um, in a gift economy, what usually happens is goods get exchanged, um,

04:21.440 --> 04:27.040
in sort of, well, I have a list here. It's sort of a directed and personalized way, right? So I give

04:27.040 --> 04:31.680
you something that's sort of symbolic of my relationship to you. There's some kind of expectation

04:31.680 --> 04:39.680
of reciprocity and that sort of maintains our relationship with our exchange. Um, that's not really

04:40.080 --> 04:44.720
how things happen in Opusers, especially because, you know, when you create Opusers softer,

04:44.720 --> 04:48.640
you're not giving it to a particular person. You're not saying, hey, I made this for you. Here's my gift

04:48.640 --> 04:52.720
to you. Um, you know, it could be something like that in the future, but that's not really what's

04:52.720 --> 04:57.200
happening right now, missing reciprocity. Um, and then the other thing is, you know, some people say,

04:57.200 --> 05:01.520
well, you know, it's based on a steam. There's for sure a component of esteem and Opusers software,

05:01.520 --> 05:05.440
but it's not really the case that it's a sort of exchange of esteem. Like, you know, I don't

05:05.440 --> 05:09.440
give you the software, and then I get esteem and return, and that's it, right? There's many

05:09.440 --> 05:15.440
reasons why people create Opusers software beyond esteem. Um, now you might say,

05:17.040 --> 05:22.400
if you're Adam Smith, you might say, well, you know, what, well, why would anyone make Opusers

05:22.400 --> 05:25.920
softer in, you know, in this case? You know, it's not from the benevolence of the butcher, the

05:25.920 --> 05:28.720
brewer, the baker that we expected, the neighbor from the regard to their own interest. And,

05:28.720 --> 05:32.720
you know, that's you obviously people are not irrational in that since people who make Opusers

05:32.800 --> 05:39.600
software do get something out of it, obviously. Um, and so, you know, some people say, well,

05:39.600 --> 05:43.840
you know, this is contradictory, right? Because if it's not an exchange, what are you getting out of it?

05:43.840 --> 05:47.440
So, I guess what I'm saying is you might be getting something out of it. It is just not an

05:47.440 --> 05:51.360
exchange. You know, you're not getting something from sort of a direct transaction in that sense.

05:52.160 --> 05:56.000
And again, this is sort of an idea that I'm happy to sort of continue workshopping, but I think

05:56.000 --> 05:59.840
open source production might be something like solidary meaningful work. Because you get,

05:59.920 --> 06:04.000
there's a lot of goods that we get from work that we don't get from the transaction itself, right?

06:04.000 --> 06:09.280
So, what I mean by solidary is, you know, it famously opensource developers like scratch

06:09.280 --> 06:13.600
their own itch, and so, you know, you might be using a piece of software, and then you realize

06:13.600 --> 06:17.520
that there's something missing, and you create a big, you know, you create that sort of feature or

06:17.520 --> 06:21.840
whatever, because you would like it. But also, I think there's this component of, you know,

06:21.840 --> 06:25.760
I wish we all had this thing. Here's something that I think is important. Wouldn't it be nice

06:25.760 --> 06:30.160
if we all had it? And, you know, I would like if also other people worked in that way,

06:30.160 --> 06:35.200
so that when there's something that I'm lacking, someone else can step up and help contribute that.

06:36.160 --> 06:40.480
So, in this sense, I think it's solidary. And I also think it's meaningful, you know, this is a

06:40.480 --> 06:43.520
long list, and I'm not going to get into it too much. But basically, there's all sorts of things

06:43.520 --> 06:48.400
that we get from work aside from, you know, the money. We get autonomy, so the ability to create

06:48.400 --> 06:53.440
something that's self-directed, and then we put ourselves into, you know, self-development developing

06:53.520 --> 06:57.280
your skills, making some kind of social contribution where you feel like you're helping others

06:57.280 --> 07:03.120
around you, you know, getting purpose, you know, something to sort of make you get out of that.

07:03.120 --> 07:08.160
And then, of course, of course, the recognition. So, I guess the sort of point I'm trying to make here

07:08.160 --> 07:12.960
is I think there's a lot of goods that people get from open-source production other than

07:13.760 --> 07:18.800
sort of exchange, you know, goods that are exchanged. Now,

07:19.760 --> 07:25.440
some might say, well, you know, cool, it's solidary meaningful work. Doesn't that sound nice,

07:25.440 --> 07:30.400
but you're not going to get paid because that's, you know, not, you know, we don't pay people

07:30.400 --> 07:36.800
based on how solidary meaningful their work is. Okay, you know, that there's a point there.

07:38.560 --> 07:42.320
Thing is, obviously, there are good reasons, you know, you can't just say, well, all those open-source

07:42.320 --> 07:45.360
people, you know, we should just sort of put them in companies and pay them if they want to get paid.

07:45.360 --> 07:51.120
I think there's good reasons to produce software in the way that the open-source ecosystem produces it,

07:51.120 --> 07:56.400
even if it means that sort of currently that is incompatible with the market.

07:57.200 --> 08:01.280
You know, obviously, you get a much larger base of contributors. So, you know, there's only so many

08:01.280 --> 08:04.480
people in a company. There's only so many people you can hire. And there's a high transaction

08:04.480 --> 08:09.120
cost associated with that, you know, there's friction there, whereas when you have an international

08:09.120 --> 08:14.880
base of contributors, transaction costs is very low. Anyone can help and often that means

08:14.960 --> 08:20.320
that someone who's very specialized in the thing that's being built is the person that steps up to

08:20.320 --> 08:24.640
do the work. And this doesn't happen. So, well, you know, it happens sometimes, but it's much more

08:24.640 --> 08:30.320
difficult to transaction costs as much higher in companies. There's massive deduplication of work

08:30.320 --> 08:34.080
for some things. Obviously, there are some things that we produce. There are specific to a

08:34.080 --> 08:39.120
certain firm, a certain product. There's so much stuff that is, you know, used by a lot of different

08:39.120 --> 08:43.040
companies. And so, if they all were to produce that separately, that would be extremely inefficient.

08:43.040 --> 08:47.280
So, that's a good reason to do things in this way. And again, this is really tied to the

08:47.280 --> 08:52.320
economics, right? It's difficult. It's more difficult to have this deduplication of work if you

08:52.320 --> 08:57.360
have the high transaction costs of having to, you know, hire people and so on. And, you know,

08:57.360 --> 09:02.240
so you're more, a more minor point, but in a lot of open source projects, the fact that

09:02.240 --> 09:06.640
production is done in an open source way means a production is much more responsive to user needs,

09:06.640 --> 09:12.640
because in open source production often, the people contributing are also users,

09:12.640 --> 09:17.840
and so they really understand how the product works as opposed to, you know, a developer in a

09:17.840 --> 09:21.680
company who might not be using the thing that they're making. So, they understand it from the user

09:21.680 --> 09:28.160
perspective way less. You know, so this is not just me saying it. This is also Microsoft in 1998.

09:28.160 --> 09:31.840
It's saying commercial quality can be achieved or exceeded by open source software projects, right?

09:31.840 --> 09:39.040
So, this is sort of a thing that's acknowledged. Now, taking all of this into account,

09:39.440 --> 09:45.680
nevertheless, maintainers are in getting paid. Why should companies specifically pay maintainers?

09:45.680 --> 09:50.800
And I have sort of two main arguments. The first one was a moral argument, and this is more

09:50.800 --> 09:57.360
sort of an invitation for you to think about that then anything else, right? You know, we can say

09:57.360 --> 10:01.760
that open source software is a digital public, what does that mean? I won't get into the weeds too much,

10:01.760 --> 10:06.320
but, you know, we have sort of free main things. If you work on curl or, you know, substitute,

10:06.400 --> 10:10.560
you know, curl, I'm just saying like a really important open source package. If you make an

10:10.560 --> 10:14.480
improvement to curl, everyone in the world benefits from it, right? To different degrees,

10:14.480 --> 10:21.360
but everyone benefits. Crule is non-exclusionary in that I can't, you know, stop you from using

10:21.360 --> 10:25.440
curl, I can't take curl away from you, you know, it's open source. And it's also non-rivalrous

10:25.440 --> 10:31.520
in that if I use curl, there isn't less curl for use. For example, if I do a lot of fishing,

10:31.520 --> 10:37.280
and I take a lot of fish out of the ocean, there's less fish for you, but if I use curl, I'm not

10:37.280 --> 10:41.200
stopping anyone from using curl, right? So that's just generally what people may have public good.

10:42.800 --> 10:46.800
However, some people benefit a lot more from curl than other people, or, you know,

10:46.800 --> 10:50.320
equivalent open source projects. So companies that base their business model on curl get a

10:50.320 --> 10:58.240
huge amount of value out of curl. Again, we're imagining. And, um, so Dina, we should also

10:58.240 --> 11:03.680
take that into account that sort of benefit is not evenly distributed. So one kind of argument

11:03.680 --> 11:08.320
that someone might make is to say, hey, do your CEO that's using my software? You know, all

11:08.320 --> 11:13.280
these critical maintainers generate so much value for your company. And this is value that,

11:13.280 --> 11:18.080
you know, you get the most value, or you get a sort of a really large share of the value

11:18.080 --> 11:24.000
from this project. The people making it don't get that value because you're not able to

11:24.320 --> 11:31.360
rent off of the development of that project. Wouldn't it be nice, right, for you to pay

11:31.360 --> 11:37.200
something back to the people that enable you to sort of make use of this value? Now, I'm not saying

11:37.200 --> 11:41.280
this as sort of this furrow moral argument because I think that's sort of philosophically really

11:41.280 --> 11:48.640
difficult. But, I wonder how many people this speaks to, right? So my friend was about

11:48.640 --> 11:52.960
says that emotions are suffused with intelligence and discernment and judgements about important

11:52.960 --> 11:57.680
things. So often we get a hint about what things we should think about and what things are

11:57.680 --> 12:03.120
important when it gets some information for the emotions that we feel. And so this is just an

12:03.120 --> 12:06.880
invitation sort of to everyone to think, do you empathize with this situation that the mean

12:06.880 --> 12:12.080
painters in? But of course, again, this isn't a furrow argument. So here's my second argument,

12:12.080 --> 12:17.200
which is the business argument. What, you know, by business argument, I mean something like, hey,

12:17.200 --> 12:23.280
look, you know, CEO or business owner, if you do something, either you will profit or you will

12:23.280 --> 12:27.760
avoid loss, right? So it's sort of, it's sort of potential. It's wise to do this thing. Now,

12:28.640 --> 12:35.280
we saw earlier, right, the benefits of open source production. And so the companies using that

12:35.280 --> 12:41.440
open source author also benefit from the way that open source production is organized. So if your

12:41.440 --> 12:47.360
company pays the maintainers that it depends on that software that you're relying on that

12:47.360 --> 12:52.560
open source software, you're going to be able to benefit by enabling that larger base of contributors,

12:52.560 --> 12:57.840
those more specialized contributors, that efficient production. And importantly, if you're

12:57.840 --> 13:03.440
company relies on this, you're going to know that by paying the people who make the software,

13:03.440 --> 13:07.840
you have more sustainability and security in the software stack that you rely on and are enabling

13:07.840 --> 13:12.480
this more efficient model of production. And yeah, you know that you can keep relying on the

13:12.480 --> 13:16.640
packages that you depend on. So it offers the company that's paying the maintainers stability as well.

13:17.440 --> 13:21.520
There's also a little pleasant marketing bonus there if you're a company, which is,

13:23.360 --> 13:27.040
you know, this sort of open source funding is something that we're still figuring out. If you

13:27.040 --> 13:33.120
decide to pay maintainers and sort of lead this movement forward, there's a marketing bonus there

13:33.120 --> 13:38.480
and in which, you know, if your customers are comparing you to a competitor, they might say,

13:38.480 --> 13:44.240
well, these guys are forward with thinking, right? These guys are sort of leading open source

13:44.240 --> 13:48.800
funding, so I trust them more, right, because they're fault leaders in this sector. Okay.

13:50.640 --> 13:55.360
Those are my arguments for why. Okay, let's talk about how, because it's also not easy to

13:55.360 --> 14:00.160
actually go and pay maintainers, right? And also who is getting paid? I'm not going to answer all

14:00.320 --> 14:05.520
these questions. I'm just going to say a few things, right? For one thing, I'm talking specifically

14:05.520 --> 14:09.040
about company funding, right? There's a big difference between aggregate fund, you know, I just made

14:09.040 --> 14:13.520
up the word aggregate funding. So ecosystem, Andrew Nesbitt is doing amazing work. There's

14:13.520 --> 14:17.520
sovereign tech fund, you know, I love this stuff. It's great. This is basically saying we're going

14:17.520 --> 14:23.520
to take something like tax money and we're going to analyze the entire open source ecosystem

14:23.520 --> 14:29.920
and then we're going to find out who globally needs to get funding. I love it, right? But what

14:29.920 --> 14:34.240
I'm talking about is company funding. So companies that use open source software, paying

14:34.240 --> 14:39.120
maintainers more or less directly. And so that's the first expression, thanks. So let's talk about

14:39.120 --> 14:45.600
that a little bit. Open source pledge, you might have seen this, is sort of a cultural initiative

14:45.600 --> 14:52.400
that I help maintain. It's funded by century, thank you, century. And sort of the ask is to say,

14:52.400 --> 14:59.120
hey, look, if you want to be a member of the pledge, we asked that you paid $2,000 per developer

14:59.120 --> 15:07.200
employed at your company per year to, you know, any open source projects or foundations.

15:09.440 --> 15:14.080
You know, you can choose who you want to pay. However, you know, we recommend that you pay

15:14.080 --> 15:20.480
sort of the pay for the maintenance of the projects that you depend on. Payments go directly to

15:20.480 --> 15:25.680
maintainers so we don't handle any funds. You might have seen sort of the the marketing campaign

15:25.680 --> 15:31.280
that we had and I know some people saw the billboards. It's kind of a little bit provocative

15:31.280 --> 15:39.040
when it comes to companies that, you know, maybe don't pay the maintenance they depend on.

15:40.080 --> 15:46.160
So far, we've raised almost $1.5 million or, you know, our members have paid maintainers

15:46.160 --> 15:51.520
that amount over the last year. And, you know, there's pretty member companies and we're

15:51.600 --> 15:57.200
so happy to keep getting new members, you know, here's a member of companies. So, you know,

15:57.200 --> 16:01.200
you can check out the website. So, this is the general idea. This is where the cultural aspect of it,

16:01.200 --> 16:05.520
right? This is where we're saying, hey, it should be normal based on, you know, some of the

16:05.520 --> 16:11.120
arguments that I just said, it should be normal for companies to pay the maintenance they depend on,

16:11.120 --> 16:16.880
right? Now, if I'm a company, the question then becomes, okay, cool, here's a million dollars.

16:16.880 --> 16:20.640
Okay, what do you want me to do with it, right? Like, who do I pay? What do I do concretely, right?

16:21.200 --> 16:24.080
And there's a question also of like, who should I give it to? Now,

16:26.240 --> 16:29.440
you know, generally you want to say, well, you know, if you depend on some product, you depend on some

16:29.440 --> 16:34.560
projects more than others, right? And so you would like to fund those. There are some criticality

16:34.560 --> 16:38.720
metrics, so I've decided one thing here. In my, you know, so we can do more research here. In my

16:38.720 --> 16:43.760
opinion, these criticality metrics are just sort of a proxy for how much the thing is being used,

16:43.760 --> 16:50.000
right? So, let's focus on usage for now. However, I may be on a company,

16:50.000 --> 16:54.480
depend on thousands of projects, how am I going to know which projects I depend on the most

16:55.360 --> 16:59.440
in a scalable way? And with a minimum amount of effort, so I don't have people sort of, you know,

16:59.440 --> 17:04.240
looking through my code every time I update something. Something that would be nice, it is,

17:04.240 --> 17:07.920
if you had sort of, you know, the company has this code base and then the code base you could

17:07.920 --> 17:14.880
give it to this service that sort of confidently reads your code and spits out some dependency

17:15.040 --> 17:20.560
info about what your usage is. That's thanks Dev. So basically, just, you know, if you're not familiar

17:20.560 --> 17:26.880
with thanks Dev, thanks Dev is the service where, you know, companies are really anyone can

17:26.880 --> 17:32.480
sign in. You give us access to whatever repositories you want to give us access to. We sort of

17:32.480 --> 17:39.120
analyze the code and then we say, hey, here's who you depend on the most and here's an easy way to,

17:39.440 --> 17:45.840
depending on sort of the weighting of each project, directly pay those maintainers, right? So

17:45.840 --> 17:50.400
you can pay the maintainers through the platform, right? Maintainers can also sort of sign up and say,

17:50.400 --> 17:55.360
hey, I'm happy to be paid for thanks that and so on. Now, the question remains, how is this money

17:55.360 --> 17:59.920
split up, right? Now, this is sort of what things Dev looks like right now more or less,

17:59.920 --> 18:03.840
is like if you give a hundred dollars, you get split up like this. So if you sort of do the numbers,

18:04.400 --> 18:10.400
the top row is directed dependency. So let's say the hundred dollars is your project. And then

18:10.400 --> 18:14.400
the top row is things that you have in your package, you sort of whatever, right? And then the lower

18:14.400 --> 18:18.800
things are sort of second level dependencies, which are dependencies of your dependencies and things

18:18.800 --> 18:27.840
get split up like this. So, okay, cool. You might see a problem, which is, you know, if you use

18:27.840 --> 18:32.640
left-pad and no postgres, obviously, no postgres is really important, and left-pad is like,

18:32.640 --> 18:37.040
not so important. And so if you split that up into two, you're giving $50 a station that doesn't

18:37.040 --> 18:40.720
seem like the best way to split things. So for the rest of the talk, I'm going to be sort of saying

18:40.720 --> 18:49.280
something about that. We just saw with the previous talk, someone saying, hey, look, I'm giving

18:49.280 --> 18:56.560
two with a couple of people bleak, and the ex-heck is tough. I'm paying maintainers, but I want to vote

18:56.560 --> 19:00.960
on who should be getting paid and manually adjust and so on. You can do this in things that

19:00.960 --> 19:07.280
today, right? So you can say, here are my dependencies, don't pay some projects, pay some projects

19:07.280 --> 19:12.960
more and so on. So that's fine. The problem is we've heard from a lot of people that they just

19:12.960 --> 19:17.520
want to say, look, here's, again, like $100,000, figure it out for me. I don't want to spend

19:17.520 --> 19:24.320
time clicking around, right? So here's an idea. Instead of relying on what's on the package, what's

19:24.320 --> 19:32.480
in the package, JSON and the other manifests, and sort of just waiting payments based on that,

19:33.120 --> 19:36.880
we could do some kind of static analysis of the code days to get a bit more accurate information.

19:37.440 --> 19:43.520
That's what is general principle. Here's one way to do that. It might not be the best way, but

19:43.520 --> 19:50.080
again, let's see, is for one thing, it would be good to measure some kind of coupling metric

19:50.080 --> 19:54.160
between each of the dependencies and my code, right? So if I use a dependency and it's not so

19:54.160 --> 19:58.640
tightly coupled to my code, that means it's sort of more trivial to replace. If I use a dependency

19:58.640 --> 20:02.800
and it's very tightly coupled, the replacement cost is very high, and so it stands to reason that

20:02.800 --> 20:10.320
I probably should give that dependency a bit more money. Here's like a super basic demo of what

20:10.320 --> 20:17.280
something like that might look like, right? So here's just some pretend code. If we look at where

20:17.280 --> 20:22.320
I use no postgres, obviously I'm importing it, and then I'm calling some function from the package

20:22.320 --> 20:27.680
and putting it into a binding and all the variables that end up depending on that DB variable,

20:27.680 --> 20:31.680
we can say that have sort of been touched by postgres. So we can have some kind of metric like this

20:31.680 --> 20:37.200
and say wherever something from postgres ends up making a difference to the code, what we can count

20:37.200 --> 20:42.480
those statements, let's say, right? And in this sort of toy example, seven out of eight statements,

20:42.560 --> 20:46.480
depend on postgres. Now left pad on the other hand, free out of eight statements,

20:46.480 --> 20:51.360
depend on left pad. So it's, you know, in this simple example, less essential. So we can create a

20:51.360 --> 20:58.560
score out of that. Now the other thing is it's not just that left pad is less critical to my

20:58.560 --> 21:04.480
project specifically. Left pad is also way less complex than no postgres. So in general, if you

21:04.480 --> 21:08.880
have to rewrite left pad from scratch, it would be fine. If you have to rewrite no postgres,

21:08.880 --> 21:14.960
not so much, right? So we would ideally like to have some kind of metric of complexity for each package.

21:16.960 --> 21:21.200
I'm not going to get in for that, right? Let's just imagine we have a metric to measure package

21:21.200 --> 21:25.200
complexity, right? And then let's just say, well, whatever score we get, we need to make sure it's

21:25.200 --> 21:28.720
between zero and one. So let's say we get all of the complexity scores for all the packages,

21:28.720 --> 21:35.040
we take the highest one and then we divide by that highest one, right? Here's a table.

21:35.760 --> 21:40.640
That's a lot of numbers. We're going to go through it, okay? First row, you have the coupling

21:40.640 --> 21:46.800
between each of the two packages and my code base. We got sort of 87% for 87% whatever, right? So

21:46.800 --> 21:51.200
that's sort of the number that corresponds to how tightly node postgres and left pad,

21:51.200 --> 21:56.800
respectively correspond to my code base. The second row is how complex is node postgres, how

21:56.800 --> 22:00.960
complex is left pad? We just may don't those numbers up, but imagine you have some kind of good metric.

22:01.760 --> 22:05.440
What we can then do is we need to combine those two numbers in some way. We're just going to multiply

22:05.440 --> 22:14.240
them whatever. And so that gives us one score that combines those two numbers. The thing is,

22:14.240 --> 22:20.480
we'd like that score to be out of one, right? Sorry, not out of one, but to add up,

22:20.480 --> 22:24.880
all course to add up to one so that we can sort of do it as a percentage. And so we have that

22:24.880 --> 22:30.160
in the proportional score sort of by dividing by the sum. And then what you can end up with, for

22:30.160 --> 22:37.600
example, is by this calculation that I made up, postgres would get $95 and left pad would get $5.

22:37.600 --> 22:43.600
So that seems like a good result. So this sort of makes me believe that maybe this is something

22:43.600 --> 22:47.280
that we should look into more, because static analysis could give us better information

22:47.280 --> 22:51.760
about which dependency should get how much money, right? So this is sort of what you end up with,

22:51.760 --> 22:58.720
as you get $5 to left pad and 95 to no postgres. That's sort of almost it. I'd love to hear what

22:58.800 --> 23:01.920
you guys think. I think we might have time for like one or two questions, but I also don't like

23:01.920 --> 23:06.960
sort of the rush dynamic of the questions. So please come up to me later if you want to talk about it.

23:06.960 --> 23:12.160
Other than that, if you go to this handy link, I'll leave it up for a second. There's an issue

23:12.160 --> 23:18.320
tracker that I made, because I know some people might have sort of similar questions, or maybe

23:18.320 --> 23:22.560
we won one place to sort of consolidate like a longer discussion, because you know, your feedback is

23:22.560 --> 23:28.000
valuable. So if you go there, there's just a link to this like codeberg issue tracker, so you can

23:28.080 --> 23:33.600
make an issue, and then we can talk about it. Very importantly, I have one confession to make.

23:34.320 --> 23:38.800
I made open source pledge, and thanks to have stickers, they're really beautiful. I made too many

23:38.800 --> 23:45.600
stickers. Please help. The stickers are here. You take some for your friends. Take like five of them.

23:45.600 --> 23:49.680
It's fine. Okay. Please. All right. That's it. Thank you so much.

23:50.400 --> 23:59.840
Thank you. Thank you. Maybe, okay. Yes, hello.

23:59.840 --> 24:04.720
Hi. Thanks a really incredible thought. I too concerns the first one of the seams that you're

24:04.720 --> 24:08.560
solving social problems with the tank of coal solutions. Why do you just have to

24:08.560 --> 24:12.880
developers at the company if they have 100,000 sent out a little loading thing, people click on a couple

24:12.880 --> 24:17.920
of things and boom. You have a good idea. And the other one is $2,000 per developer is way too

24:18.560 --> 24:22.640
five percent at Linus. That's the minimum and that's what I tell companies.

24:22.640 --> 24:26.880
So I'll start with the first question. The first question I'm understanding correctly is why not

24:26.880 --> 24:32.560
ask the people at the company who have more information about the dependencies, what they think,

24:32.560 --> 24:36.480
because they have that domain knowledge instead of trying to find a technical solution that's

24:36.480 --> 24:41.120
just going to approximate what people know about the importance of the dependent. Is that right?

24:41.120 --> 24:46.640
It's also the game. Yes, that's right. Yes. The technology is going to be game. Right. So it's

24:47.520 --> 24:52.320
mitigating people gaming the metrics. I think that's absolutely true. I think we need to do more for

24:52.320 --> 24:59.680
that and I absolutely agree. I think the reason that it's good to have some kind of computational

24:59.680 --> 25:05.280
solution is, again, I've heard from like a lot of companies that they're saying like, hey,

25:05.280 --> 25:10.000
man, I just want you decide for me, but I do agree that maybe there needs to be a little bit of

25:10.000 --> 25:15.600
pushback on that cultural change aspect to say, hey, guys, no, no, let's have a conversation.

25:15.680 --> 25:22.400
So yeah, I take that point. And then the second point is you said $2,000 per developer is not enough.

25:23.440 --> 25:32.080
Yep. Right. I think it's, you know, we're really trying to straddle a line

25:32.080 --> 25:36.800
in between getting something that meaningfully brings change to maintainers and something that

25:36.800 --> 25:44.000
companies are willing to do. As you scale that number up to a lot of employees, companies get more

25:44.000 --> 25:51.200
and more reluctant. So we are thinking about, you know, whether that is the best number,

25:51.200 --> 25:55.040
but I think that's sort of the compromise that we've reached for now, but it is not perfect. Yeah.

25:57.040 --> 26:05.120
Andrew? So yeah. So we actually use, we actually use things step in the past and I'm not

26:05.120 --> 26:09.840
using it anymore because it was too painful to to manually adjust all these things and because

26:09.840 --> 26:15.200
Cinderella saw who's popped up at the top of all the dependency charts, every was the peak of

26:15.200 --> 26:20.320
system. But here, we suggest something similar. We'd like a we need to produce a sponge anyway and

26:20.320 --> 26:25.600
we'd like to produce like an open sponge because all of this is also missing things like

26:25.600 --> 26:31.360
VLC, Firefox, Thunderbird and Layers 2, except on the B&E. So that was our big, our big problems

26:31.360 --> 26:36.880
actually, we'd like to spend money, but it's too hard. And this only sort, let's have a, I like it.

26:37.040 --> 26:42.400
Yeah. I don't even put that real on here. Yeah. So yeah, but I like it. Right. So how should I

26:42.400 --> 26:50.080
best summarize your comment for the audience? Yeah. So so basically, there is a lot of limitations

26:50.080 --> 26:56.320
to strategies like thanks Dev. And we need to work on how to to solve things that are not visible

26:56.320 --> 27:03.200
in the manifest really. Yeah. Right. Yeah. Yeah. Yeah. Yeah. Yeah. Yeah. Yeah. Yeah. Yeah. Yeah. Yeah. Yeah. Yeah. I

27:03.280 --> 27:10.320
take, they take their comment. Yeah. Hello. Yeah. So yes. Oh Andrew. Yes. Finally. Yes. He, uh,

27:10.320 --> 27:15.840
measure is financially incentivizing. They've had to make their code much more complex.

27:19.200 --> 27:24.560
In, in fact, it is like, oh, most cheek, but it's actually products are very, like,

27:24.560 --> 27:29.040
done. They're not necessarily going to do that. But we're already seeing people start to

27:29.120 --> 27:34.960
realize. And he's at the algorithm is open source. It's very easy to reverse engineer how to do that.

27:35.680 --> 27:39.600
We've got a great thing with open source, whether there's no barriers to entry. It doesn't cost

27:39.600 --> 27:46.400
me to publish a new version with thing. If we start to financial incentivize the algorithm that

27:46.400 --> 27:54.320
sends money automatically, we also need to consider the gamification and how we don't destroy everything

27:54.400 --> 27:59.360
that is good in the free and open source. Well, the process. Yeah. So Andrew is saying,

27:59.360 --> 28:03.680
hey, look, these metrics can be very easily game. They're not only can they be game. But they might

28:03.680 --> 28:09.040
be incentivizing people to prioritize the wrong things. You know, if you use like whatever

28:09.040 --> 28:13.360
measure of complex, you know, like left pad could just add like 15 trillion or four loops. And then

28:13.360 --> 28:19.520
you could say, whoa, there's so many paths for the code man. It's crazy. So, um, yeah, I agree.

28:19.520 --> 28:25.680
That's a problem. And I don't know. But yeah, thank you so much. I think we're out of time. I'm

28:25.680 --> 28:29.440
I'm so sorry that this like it has to be so quick. I really would have loved to hear all of your

28:29.440 --> 28:35.440
questions. But if you go again, you go back here. Um, please say hi. Okay. Thank you so much.