Open Source Matters w/ Chad Whitacre

Welcome to Syntax.

Today, we have a great one. We have the latest member of the Syntax team, Chad Whitaker, on the show here to talk all about open source.

He's an open source expert of sorts, and he is going to really fill us in about what licenses you should use, why are people so mad on the Internet about open source sometimes.

And, you know, just in general about for. Yeah. Just in general about the topic. So, Chad, first of all, welcome to the Syntax team, and welcome to Syntax.

Thanks, Scott. Thanks, Wes.

Happy to be on the team and excited to join you guys for this episode.

Right on. Right on. So you wanna give us a quick rundown? You're not new to to Century or to open source at all. No, sir. You have a bit of a a history with open source. You wanna give us a Little bit. Quick rundown of of that whole story and and what it is that you do?

Accidental.

Open source as a movement started in 1998.

I graduated from college in late ninety nine and started, you know, a career as a programmer in in around then February.

And so I just kind of grew up as a, you know, as a programmer with open source. Didn't really appreciate until years later that it, like, hadn't always existed. But, yeah, long history with open source really got involved in Python and, like, the Python community in the aughts. You know? So these days, it's Django. Right? It's Django and it's Flask or, like, the big web frameworks, and there's some newer ones coming out. But back in the February, everybody had a Python web framework. We had the, like, these web framework shootouts and all this stuff. There was, like, 20 different Python web frameworks.

So I I kinda participated in that. I had I think it was, like, the fifth most downloaded Python web framework in 02/2008 or something like this. Anyway yeah. So, that's kinda where I cut my teeth in open source and in in web programming and then really experienced you know, we could see how much this we get ESLint. But really kind of experienced the tension between the fun volunteer open source side of things and then, like, having to have a day job and work on closed source software for money, and kind of the tension between those. And that kinda came to a head for me in about 2012. I started a crowdfunding platform for open source maintainers, called GitTip, and I ran that basically through the teens and then joined Century here in 2020. So a few Century here in 2020, so a few years ago now. So I've been at Century for a little over four years. I joined as a software engineer on the open source team working on our self hosted, Century, and then also got involved in funding open source maintainers kind of from the Sentry side of things, and that kind of, grew into something bigger. And so now I've been promoted the head of open source, and we've launched this open source pledge and all this fun stuff that we can get into. But maybe that's a little bit of a little bit of a history.

I wanna say one thing about about Chad is that, like, he's he's he's an OG, man. So one thing that we do when we put people on the Syntax website is that we find an old, embarrassing photo of them. And I'm like I'm a bit of an Internet sleuth. You know? Like, I can find I can find things. If we need to find it, we can find things. Okay. And I, like, I went way back on on Chad, and he's got, like, Internet archive website from Wes when did you first Wes was your first domain? I bought my first domain in, I think, it was February.

So, again, I finished school in, like, late ninety Node. And yeah. So I I I I wish that I had the domain from premillennial era, but, no. Yeah. February was And and for the listeners

who are on audio only, Chad is wearing, like like, Sanity Walkman headphones from, like, 1993.

And you I'll throw that. Can you tell us about those a sec? Yeah. So, I mean, these are actually they're

there's a company I gotta dig it up. There's a company that's making these, headphones new again.

You know, so these are, like, $15 headphones. You know? I was like, what, I don't know. Yeah. You know, I've I've got I've got the nice ones over here too for when I really, really need them. But, yeah, these are fun. Retrospect, I think, with a k. Let's see if I remembered it. Retrospect with a k.

Yeah. I gotta say, anybody who wasn't around for those headphones, they're they're so funny because the little foam bits, they always eventually just completely deteriorated.

Yeah. There's, like, a one single metal band over the top. It's like, oh, man. I I I have such fond memories of wearing those headphones with my first Walkman.

Well, it it is Retrospect. So retrospec.com with a k. And that you can buy, you know, replacement foams colors and stuff JS pretty fun. Wow. That's so fun. Check it out.

That's great. Yeah. This episode sponsored by Yeah. Retrospect. Retrospect.

Just kidding. Man, I can, like, I can yeah. Like, I can almost smell the, like, metal print on those headphones. It smells hilarious. Yeah.

So what are are you gonna be doing with Syntax then? Like, what's the deal here? Yeah. So we've,

I guess, maybe Wes can do it this way. So, maybe revisiting more of the recent history with Sanity. Again, I joined as an IC engineer working on open source, you know, on our self hosted release and really building out the infrastructure to help Sentry engineers kinda stay on top of GitHub issues to to really kinda be practical about it, you know, because Century was a growing company. I think when I joined, there was a 30 people at the company, and now we're up over 300. You know? We're, like, three fifty. And it was hard for, you know, we warp, like, dropping stuff through the cracks on GitHub. So that was a big part of what I focused on at first, but then, again, kind of, with this funding program, you know Wes, yeah. Here's the story. Okay? Indeed do you remember Indeed? Yeah. Like, the John Ford? Okay. Yes. Well, Indeed had this program.

My friend Dwayne O'Brien, when he was at Indeed, he started this program called Bos Fund, the FOSS Contributor Fund. And so he had this great program at Indeed Wes Indeed would pay open source projects, would give money to open source projects. And he had this whole thing. He actually wrote a book on it and published it with O'Reilly about how to run one of these false funds.

Century was a recipient of one of Indeed's false fund grants, like, because a little history on Century. Two thousand eight started as this little open source side project. Wasn't until 2015 that David and Chris, you know, started the company and took venture capital and everything like this. You know? So even a few years after that, Indeed engineers were like, hey. We like Century. Century's open source. Let's give money to Century. And you know? But by then, you know, we were, like, off and running on, you know, on the startup path.

Didn't need $20,000 or whatever, $10,000 from Indeed.

And so we ended up taking that, matching it, and regifting it to open source projects. But when I showed up, David Kramer, our technical cofounder, he was like, Chad, he's like, I need you to, give a hundred thousand dollars to open source projects. This was, like, the year after the Indeed thing, you know, because at the time, he had, like, promised. He's like, yeah. We're gonna do this this year. We're gonna do even more next year. So I showed up in, like, the first week. You know, I'm here to be, like, an engineer, and he's like, Chad, give a hundred thousand dollars to open source projects. I was like, well, that's pretty cool job to have, you know, walk walked into. Right? It took about a year to to really get organized and get that Deno. But that first year of funding open source went really well and kind of started my path towards becoming more of a representative of kind of Century's open source values, first inside the company, and then kind of as time went on, you know, started to get a higher profile, outside the company.

Wes, I felt like this was answering a question that you were ESLint, and now I've lost my train of thought. And I'm hoping that we're gonna bring that back to like, what are you what are you doing here?

Yeah. With right? Because, like, you you you joined Century. Yeah. Doing all this open source stuff, giving out money.

Chad came to us, I don't know, about six months ago and was like, hey. Syntax gets 50 k. Yeah. That was fun.

Wes get to give that away. Right? So Wes we asked the community, like, what project should Syntax give that money to, and that was a a really fun and interesting way to figure out how to divvy that up. So Yeah. Exactly. So, I I guess to to complete the circuit,

started internally focused, grew for a few years there. And then over the past couple years, we've really started to see Century's open source funding and some other initiatives as something we wanna offer to the broader community, to the broader industry. And so David's really asked me to, to to step forward even more and play more of an external, kinda role in promoting Century's open source initiatives, open source related, initiatives in the community, in the industry. And, you know, and that means kind of, you know, doing more content creation, and stepping out, you Node. I started a blog, you know, started thinking about video and things like that. And then, you know, you guys Yarn also working with David and kinda he made the connection. He's like, look, Chad. If you're gonna do this, let's do it right. We got this crew here. This is what they do. This is their bread and butter. Let's connect you guys and, make it happen. Yeah. And and and, Chad, you you do such an excellent job of

teaching open source, which seems to be like a a I don't know if it's just a topic that people get confused by or people tend to argue about it, quite a bit. But you you have a really great blog, the Wes, and and it's super informative for anybody who, has really not dove into a lot of, like, deep things inside of open source. What do people get wrong most about open source in general?

Yeah. Wow. Well, that's a big question. Yeah. Because oh, yeah. Open source means a lot of different things to a lot of different people. You know, maybe I'll approach it this way. We have an onboarding session at Sanity, that everybody who joins the company goes through, and it's about open source. And the way that I introduce that you know, so I run that session.

Source fundamentally is really this brand. It's this, this this name for a thing that, that anybody who's in anywhere close to software, at least has some notion of. You Node, you've heard of this idea. Okay.

It's defined by a certain kind of licensing. You know? So the fine print really is the fine print. You know? It it's about the legalese. It's about the licensing. So it's this brand in the software industry that's defined by a certain kind of licensing, and that licensing is designed to encode a public community centric approach to building software.

So that's kind of the heart of open source JS, like, this public community centric approach to building software. You Node? The legalese is kind of how it gets encoded, and there's a lot of detail in there. You know? But the result is we've got this thing called open source, you know, that anybody using software touches in some degree or another. And, you know, yeah, you can go as deep as you want down the rabbit hole on it. But that's kind of how I think of it as a at a high level.

Yeah. What do you think that's why like, the fact that people kind of have a different idea about it, do you think that's why people tend to get so mad about it on Hacker News? It's like anytime anybody posts anything about open source, there's just, like, bickering about details.

Yeah. One of the things I see, and maybe this is the biggest problem, you know, getting back getting back to your original Wes, Because it has this legal element to it, it is really easy to get kind of legalistic about it, you know, and to have this, what I think of JS kind of a narrower kind of rigid approach to it. Mhmm.

And to forget you know, it's kind of a letter of the law, spirit of the law kinda thing. Right? It's like, well, here's the letter of the law. Sure. But, like, what's the point? Like, why do we have these definitions? Why do we have these, like, you know, these these fine print legal things? What's the point? And that's where I get to this idea of this public community centric approach to building software. It's like, if we lose that, then, you know, it doesn't matter that we're, you know, crossing the t's and dotting the i's on the licenses. It's like, let's keep the main thing the main thing without, of course, you know, losing,

you know, those those definitional aspects. It's always an interesting question of, like, how do you license something so that it's not, like, you you keep that Sanity. You keep the openness, but you also protect the project from from being taken advantage of. Right? Because, like like, maybe someone's listening and doesn't necessarily understand. But, like, what are some bad things that could happen if you just wide open a project? Like, I'm thinking of, like, one project that's huge is FFmpeg.

Right? Like, tirelessly maintained by several developers and

probably billions of dollars of companies sitting on top using that to to run companies. Yeah. Here's the thing about open source. Another thing. Let's we'll we'll throw some things on the table and maybe Yeah. Get get us make the connections. You like Chad. Yeah.

Alright.

Open source, we think of it in terms of technology.

Okay? Yep. And, you know, we're all geeks here. We all love, you know, the the tech and everything and geeking out on the tech.

But when we look at this idea of a public community centric approach to building software, that really gets us outside of technology per se, and it gets us into economics. It gets us into politics.

So open source really has all of these, like, implications or these, like, tendrils or these meanings or these, yeah, like, things, yeah, that are really political about it and really kind of economic about it. And I think a lot of the confusion, you know, that people have about open source is, like, is is not really recognizing that and not really taking that on board, not really understanding kind of, you know, these bigger implications for the thing.

Yeah. I mean, so this FFmpeg example, let's maybe go over a little more of the detail of what's called the open source definition and how that applies to make the the specifics of the license, and and see where we go from there. So before there was open source, there was something called Free Software, which Wes a movement started by Richard Stallman in 1983. Okay? And then by the late nineties, folks were trying to take that free software movement and, kind of broaden it, you know, take it to the masses.

And, the term free was confusing because it's like, well, is it free as in beer or free as in speech? This is the the way that we thought about it. And so they landed on the term open source JS kind of a replacement term.

But all of the values of free software warp kind of, like, implicit in the open source movement.

Bruce Perrons JS this fellow that wrote, a 10 definition for free software for the Debian project in, like, the mid nineties, '90 '6, '90 '7, somewhere there. Bruce is a lawyer, and he wrote this 10 definition. So that ended up being taken wholesale into the open source movement. They just changed the title. So the free software guidelines became the open source definition. So if you look up open source definition and you go to opensource.org/0sd, you know, you can see these 10 points. So number one, free redistribution.

Number two, source code is available. Number three, you know, derived works are allowed, etcetera, etcetera. Right? Like, here's 10 points that any software project, you know, licensing needs to fit in order to meet this kinda strict definition according to, you know, this open source initiative, authority for open source. Okay. Yeah. Well, that's that first one. Free redistribution. That's what I'm trying to focus on. K? Free redistribution.

So in order for something to count for open source or free software, clearly, it's in the name, you have to be able to take it and use it without any obligation, any requirement that you pay for it. Okay? And, you know, Richard Stallman, the people, you know, kind of invested in free software will be like, it's okay to charge for it. You're allowed to do that, But, you know, at the same time, you don't have to. And when people don't have to pay for something, they don't pay for it, right, is kind of the way of the world. So Yeah. Right. Yeah. So this is why I say, like, when we talk about FFmpeg being an open source project and some of the confusion on the Internet around, like, well, what is an open source project? And, you know, I'll be honest. Like, Century's wandered into this in years past, and it's, like, been a a big part of our story with open sources. Like, you know, Century's a company. We started life as an open source project using an OSI compliant license. What that means is a license that fits this definition, that the Open Source Initiative, which is this nonprofit that kinda manages this whole thing, you know, like, formally approved by them.

We are no longer an open source project.

Sentry, the product that we're selling, we relicensed in 2019 away from an OSI compliant BSD license to at the time, it's called the business source license. Now we use something called the fair source no. Excuse me. I'm gonna mess that up forever.

Functional source license, which is a fair source license. Alright.

That that's I'm firehosing here. That's that's some confusion. But this is Functional source source. To. Like, there's a lot of nuance here. Right? Yeah. Totally.

But, really, what that comes from is Sentry, meaning, like, the app that we sell at Sentry.io, you know, on SaaS that you can download and install yourself using self hosted.

That product is owned and run, and the Node map governance, keyword governance, are controlled by a single company, Functional Software Incorporated.

Mhmm. You Node, c corp Delaware c corp, DBA Sanity.

Mhmm. Our company is the single vendor, quote, unquote. Okay? So you have this concept of single vendor open source. It's like one company controls the whole project. Okay? This is a tension point because it gets back to this idea of open source JS really being about a public community centric approach to building a project. Right? So, really, there's this question of, like, is an open source project a genuine open source project if a single vendor, if one company wholly controls that project? Then we get into other things like, you know, Linux is the biggest example Wes we've got a Linux foundation in which multiple vendors come together and collaborate. So you've got IBM and you've got Google and you've got Huawei and you've got Microsoft. Multiple companies, no single company owns that road map, owns that project. And so you've got, you know, a multi vendor or a true community based open source project. So, yeah, I don't know. Yeah. Fire hose in here, and let me know what we need to go into deeper. But one important way to start wrapping your head around some of the nuance of open source is to recognize a distinction between a single vendor project and a community, community led project.

So FFMPEG would be on that I haven't dug deeply into the details. My understanding of it's it's it's on that community side. Right? On the one half, we've got multi vendor Sanity open source, and on the other half, we've got single vendor.

But I also wanna have another Wes here, which JS, is it using an OSI approved license or not? Because that's where some of the, some of the roughness comes in is, you know, on the single vendor side, you could be using an OSI approved license or you could be using a non OSI approved license. And some people wanna keep using the term open source for that, but then there's another nuance, which is oh, yeah. Alright. We're gonna get even more confused before we dare way out of this. Let's get into it. Yeah. There's another nuance, which is there's a particular license called the AGPL, which is kind of like a nuclear nuclear license. It's like, if your project is licensed under the AGPL, then anything else that touches your software has to also be released. It's a share alike, if you're familiar, like, from the Creative Commons, you know, the share alike idea. So the share alike part of open source is called Copyleft

and you know, which is distinguished from what we say JS permissive open source. Okay. If I have a a project and I I think WordPress is this. Is that right? Where Correct. I build something on top of WordPress. Whatever I build must also be publicly available and licensed under that. Yep.

But people are people are building WordPress businesses. Right? And, like, this was this was a huge thing ten years ago. I remember this big fight where people had had themes that they were selling. Yeah. Mhmm. How do they get around that? I feel like I'm shooting a little from the hip here because I'm not super familiar with this particular case. Adam Jacob is the best one on this for how to run

a true open source business using open source licenses like this. And, basically, what you do is you you to have a business, you have to have something scarce. Let's do it this way.

To have a business, you have to have something scarce, where you don't get the thing unless you pay for it. Mhmm. Okay? And so in an open source business, what you do is if the source code is not you know, if the source code's open source, well, that's not scarce because open source is, by definition, not scarce. So you have to have something around it, something adjacent to it, that is scarce. You have to find something. So the classic open source business model is support.

I'm selling my time. My time is scarce. There's only so much of my time to go around. So if you wanna use this open source software, I'm a consulting company, and you're gonna pay me to maintain your IT systems, and I gotta use open source software to do it, but I'm gonna be you know, you're paying me for my labor. So Yeah. The scarce thing there is the labor. So, you you know, whatever the business model is, for these plug in businesses, there's something scarce that people are paying for. It could be as simple as the convenience of clicking a button and having that installed on their WordPress system because, you know, WordPress is so popular. Many people using WordPress are not developers. Right? Yeah. Are not savvy enough that they're gonna download that and install it themselves. So, yeah, that convenience there, you know, you could think of that as a hook, as a scarcity hook, that you can charge somebody for. Does that help? Yeah. Yeah. Totally.

It makes sense. I've I've always been interested in all of these. We'll we'll talk a little bit more about licenses in in a little bit. But, yeah, that's super interesting.

Alright. I wanna throw this I'm not gonna say it's the last detail, but another detail at you.

So that's that you know, the GPL, the share alike, we're talking about that. This AGPL is kind of the nuclear version of that, which JS, like, you know, anything even on the network that touches this has to be released. Mhmm.

And what companies will do is they'll add an additional legal document called a CLA, which stands for contributor licensing agreement, which means that and Sentry's got this. Like, if anybody shows up at Sentry and gives us a pull request, you know, there's some now we do it in kind of a goofy way, but there's some boilerplate in our pull request templates that say, you know, I acknowledge by giving you this pull request that, you know, I'm giving you a grant of rights that you can do whatever you want with this. Okay? Because if you don't do this, then, you know, it's a really muddy situation and probably Linux or Debian or there's, like, some big projects where it's like, you've got thousands of people contributing to it. And if you ever wanted to relicense or do anything with that IP, you would need to contact thousands of people for permission to do it. So what companies do is they make you sign the CLA upfront before they accept your contribution to their project. And that way, they've got, you know, they've got the wherewithal where they can relicense a project or do something different with it in the future.

So that combination of the AGPL license, which is a true OSI approved license, plus a CLA is kind of a loophole that companies use to pretend that they're an open source company, but, really, it's a single vendor.

They control it. It's not a true community project.

I mean, this is the OpenCore playbook. OpenCore is a word that's thrown around that's used for this. You know? So like a GitLab or a Calcom or a Plausible or some of these companies where it's like, yeah. You could download and you can self host it maybe, and, you know, the code's on GitHub, and you can contribute to it. But when you're contributing to it, you're signing that CLA. So you're not really participating in a community project like an FFmpeg or Linux. Yeah. And and so people get that's one of the things people get upset about. It's like people see it as companies taking advantage

of developers' free labor. So you you would say that, like, the the nuclear option you mentioned before would be, like, in some people's minds, the most pure version of open source.

Is that kind of how it's viewed, or is it just, like, the most intense version of it? This is where opinions differ

Yeah.

Between that what we say is permissive versus copyleft. The copyleft is the share alike that we're talking about.

And the difference between the two, Permissive is like an MIT license or an Apache license or a BSD license or or my favorite when Wes get into the beerware license Wes it's like, just do whatever you want. You know? Like, take the software and do whatever you want with They're short licenses, generally speaking, and they're very simple. They're like, you know, take it, do whatever you want, just, you know, don't sue me if something goes wrong. Yeah. On the GPL side, on the Copyleft side, they're really long licenses, and they're really trying to use the legal system against itself. You know? It was conceived as this kind of, like, clever hack on the legal system to be like, you know, alright, companies that love lawyers, like, we're gonna come at you with a legal document that forces you to share if you use our stuff. You know? And so then, of course, companies are like, well, you know, like, we're better at this game than you are. We're just gonna come back with CLAs, you know, that, like, sort of like wall off the garden again. So AGPL, when it's used by a community project, which tends to look like a nonprofit foundation. There'll be a nonprofit foundation that kind of is the umbrella under which multiple companies kinda come together to collaborate, and that nonprofit is the thing that holds the intellectual property for the project.

And they're using the AGPL to, yeah, preserve that nonprofit, ownership of this code and and community management of the code. You know? So this the AGPL is a little neutral. Like, it could be used kind of in either scenario. Yeah. Is it the purest? I don't I mean, Sentry's on the permissive side. You know? Our our kind of open source values, yeah, are really kind of on the permissive side Wes it's just like, look, take it, do whatever like, we're Scott here to, like, fight a legal battle with you. Mhmm. You Node? The point is, like, yeah, we'd we'd rather write code than Yeah. Licenses.

That that was my next Wes. People are probably thinking right Node. So when something is, I guess, fair source or or source available, but there are limitations on what you can do that with that, a, what are you allowed to do? And and, b, why even have your project open source if if people are not able to, then then take it and use it if Yeah. That's the case.

So FAIR source is a term that's been around for a little while, but we kind of took it over last year, And we launched this fair source movement, which is really about these companies that wanna share.

And so far, the best option has been kind of a single vendor open source that, you know, kind of gets you in in these fights over what does open source really mean.

And we sort of said, okay. Let's let go of that battle, and let's just have a different name for it. With Faresource, you could read the code. You can download the code. You can run the code. You can run the code for your own purposes.

You just can't compete with the single vendor company that's producing in the first place. So for Sentry, our business is all in SaaS. And so we've got our SaaS Sentry, and that's where we make our money. And then we have self hosted Sentry that people can download and run for themselves. And we've got, you know, 10,000 plus installations of self hosted Sentry out in the wild. So, like, this is actually working. You Node? People are using it and getting real value out of Century.

The limitation thing you can't do with it is you can't stand up a competing SaaS business because that would undermine our ability. You know? That would undermine our business. Like, because Yeah. What you have to understand is Wes a company like Facebook puts out React or a company like Google puts out Kubernetes, k, they release these kinda big open source projects that we're familiar with or, like, the Go language or whatever. Right? Yeah. When these companies are releasing that software as open source, it's not their core business. You know? Like, Google is an ad company. Facebook is an ad company. Facebook's not a software company. They're an advertising company. So for them to release React, it's like, well, they're not, you know React is like this infrastructure component for them.

It's not part of their core business. Sanity JS a software company.

We sell software. That's our core product. So we need to have a little protection around that. Yeah. Yeah. So FairSource is an attempt to kind of clean up this mess that we've ended up in after decades of trying to smash these two things together under the open source umbrella and really, hopefully, free us up as an industry and as a community to really let open source be about this multi vendor, you know, community approach to building software together and have a clearer path for founders that do wanna share, especially developer tools companies. You know? It's like, you're not gonna have a developer tools company without some kind of open source or sharing strategy.

So let's, yeah, let's kind of clarify, those two things so that we can I mean, we'll never stop fighting on the Internet, Scott? But Yeah. We can do that. That makes so much sense to me, though, in terms of,

like, giving people the opportunity to utilize the code or understand the code or even host it themselves while Yeah. Not allowing somebody to just copy it and make a business out of it. I I guess that just makes too much sense to me, yeah, to get angry about that. And if you want to see all of the errors in your application, you'll want to check out Sentry at sentry.i0/syntax.

You don't want a production application out there that, well, you have no visibility into in case something is blowing up, and you might not even know it. So head on to dosentry.i0/syntax.

Again, we've been using this tool for a long time, and it totally rules. Alright.

I'm just looking into another piece of software right now that I've been touching a lot, and that JS, three d printing slicing software, which is basically you you take, like, a model. Like, I've got, like, a little m 24 nut or a bolt right here. Yep. And it cuts it into layers and allows you to print it. And there's a whole bunch of, like, mathematics into, like, how do you orient and and whatnot, all kinds of features. The software that it uses JS called Bamboo Studio, which is by this, company, and they basically forked PrusaSlicer. There's another one called OrcaSlicer. They're all they're all based on the same thing. And Bamboo forked it and started adding all these, like, nice features, like different types of supports and whatnot, but they didn't make it open source. And everyone freaked out because the PrusaSlicer is is AGPL. I just looked it up. Right? So they have to make that Interesting. Open source. Right? And and it's a it's a net win for the community because Bamboo was able to get a really good base and start building on top of that, and now they have to make their stuff open source, which the other projects can now then take take that. Oh, they added tree supports. Let's let's take that, or they added in auto arrangement. Let's take that feature and port it back to to our own. And it's it's nice because now the the software for the entire industry is all these companies have their own software if they want to, but they're all kinda helping each other out.

Wow. Yeah. I'm seeing this. I guess it's a couple years ago. But, yeah, this blog post, AGPL compliance of Bamboo Studio. Yes.

It's, interesting. I hadn't seen this case.

Yeah. It's a wild world. It's it's not just software. Right? Like, even, I don't have an example over here as well, but I'm getting into this, like like, multi board, which is for hanging stuff up. And the guy who designed it, like, wants it to be open source, but it doesn't also doesn't want, like, some like, Ikea coming and just, like, injection molding Eating his lunch. 10,000,000 of them and yeah. And then making all money off of it. So it's it's kinda tricky.

Yeah. I mean, so you can see where what starts out as, you know, we're having fun building tech together ESLint these really thorny kind of economic questions and political Wes. Yeah. You know, and, like, what does it mean to have a society together kind of Wes. Like

yeah. As you start pulling on the thread, it's like, whoo. Yeah. Yeah. So my next question then JS, when you simply just npm install something and you might have dependencies 11 layers Deno. Should we be concerned about that? Let's say someone's building an app that they wanna one day sell. Should we be concerned about that? Even, like, when when Syntax joined Sentry, we had to go through our package JSON Oh, yeah. And find every license all the way down, and we gave it to the lawyers. Yeah. Yeah. Just give it to the lawyers. Yeah. To make sure there's none of that AGPL in there. Right? None of that viral, so to speak,

yeah, copyleft licensing.

I mean, it's definitely something to be aware of, and it's absolutely I mean, like you experienced, at any scale, you're gonna need to, you know and there's tooling for this now. You Node? FASA is one that we use internally to keep track of our licenses. You know? We're kinda too far gone with it. You know? It's like, anymore you can't you Node, the the stats of these things are always Wes. But, like, 90 plus percent of any code Bos is open source components. You Node? Like, if you look at any of the apps on your phone or whatever websites you're using, it's like it's all it's like an iceberg of open source with, like, a little bit of proprietary on top. You know? Mhmm. Were you the one that had to go through that, Wes? Well, luckily, I found a a tool to do that. But, yeah, I I dug into it, and I wrote a or not wrote it to. I found some tool that would just crawl your package JSON, and we gave this massive spreadsheet to the lawyers. We're like, here you go. You know? Yep. Enjoy. Last for it.

Yeah. That happened when I was working at at Ford, though. We went to install something, and then the lawyers were like, we can't use this. And I'm, okay. I guess we're, rolling this by hand then. Okay. Yeah. A lot of people do that. Or I'll have I'll often have a repo where I I don't add a license because for whatever reason, and then someone or or someone simply want you sometimes hit upon a a GitHub Wes, eight lines of Node. And there's someone in the comments, can you please add a license to this? I need to copy paste this into our code base. Yeah. No. More,

enlightened lawyer will let you get away with eight lines Yeah. You know, from somewhere. But yeah. But, you know, left pad. Right? How many Npm packages Yarn only a couple lines? Yeah. Yeah. No kidding.

Chad, what's the most interesting open source license?

The most unusual, I suppose. The most interesting? Is that a leading question, Scott? No. Because I was about to bring up. Tee ball.

The one I'm loving right now is this beerware license that you guys have seen me talk about in in in our channel. I guess I mentioned a little earlier here, and I was thinking about it just now because you're talking about having to go through the audit of everything, you know, in in in syntax.

With open source licenses, you can do whatever you want with it, but almost always, you have to include what's called attribution. So you have to actually include the text of the license when you, when you incorporate a component into your own app. Alright? And you Node, so any company of any size is doing this, you know, in in some way.

And so on your phone or in any of the apps that you're using that use all the software, there has to be some place where they're listing, here's the components we're using, and here's the license, which is, you know, essentially, this permission, you know, permission slip from the author to use the thing. Okay.

Twenty years ago, probably.

Yeah. I mean, I went back and looked.

I actually used this license for a bunch of code in the aughts. It's called the Beerware license. Okay? And it comes from a developer named Paul Henningkamp who wrote, like, half of FreeBSD.

He wrote this this HTTP cache called Varnish, which is a popular HTTP cache, that basically got commercialized as Fastly. You know? So Fastly, like, came out of the Varnish community and is, you know, is is is built on top of Fastly.

A lot of PHK goes by PHK. A lot of his code is licensed under what he came up with. He calls it the Beerware license, and it's supposed to be this, like, Sanity lawyer license.

Yeah. I'm gonna read it to you here.

The Beerware license the Beerware license, revision 42, p h k at freebies dot org wrote this file. As long as you retain this notice, you can do whatever you want with this stuff.

If we meet someday and you think this stuff is worth it, you can buy me a beer and return, pull Henning Camp. That's it. That's the license. No legal fees. Just like yeah. Hey. If you like it, buy me a beer. I love it. And yeah. And I I used this you know, I found this license in, like, 02/2005 or whatever. I was like, oh, man. That's cool. You know? And so I, like, put it on a bunch of stuff. What I really like about this license, though, you know, obviously, it's fun. It's tongue in cheek. And, I guess, going back to what I was saying earlier, Apple you know, you'd think, okay. This is just like a joke. Right? But Apple has components that they're using for iOS that, you know, PHK wrote and licensed under the bureau license, which means that Apple has to include in the legal notices like, if you go into settings, you go into legal notices, whatever, and you scroll down far enough, you'll see beerware license. You're like I love it because it's like, Apple is such a buttoned up you know, like, the most buttoned up of companies. Right? Like, with the most controlled kind of image. And then it's like they have to put this beer license. I I I get a kick out of it.

This of all the licenses that I'm aware of, actually does the best job of pointing to what we've kind of been you know, that thread that we've been pulling on, which is that open source has economic implications. Open source has, political implications.

Because in here, this idea that it's like, hey. If you like this, you know, feel free to buy me a beer sometime.

That's an exchange, as funny as it is.

That's an exchange. It's an indication of the back and forth of open source.

And, you know, you could say in the AGPL and the GPL and that share like stuff, you have it. You know? But that's such like an arm twisting, you know, like using the law against them to force them to share. And this is much more like, I love the posture of this, which is invitation.

You know? Invitation.

I see open source as an invitation. It's a gift. Open source is like, hey. Here's a software I wrote. You know? Feel free to use it.

And, hey. Do you have any software you'd like to share? Do you have any any, you know, beer you'd like to buy me? Do you have any, you know, extra computers lying around that you'd like to give me, you know, as an exchange, as a reciprocal gift for this thing that I've given you. Mhmm. Because that, to me, again, getting back to, like, the the letter and the spirit, like, to me, that's that's the fun of open source. Right? Like, that's really what it's all about JS, like, people working together, collaborating, building stuff, you know, and and and getting way further than we could on our own. Yeah. So as funny as the bureau license is, I think there is a really deep insight kind of embedded in that.

Yeah. Yeah. I love that. Let's talk about the open source pledge really quick. You'd mentioned that you'd worked on the open source pledge at Century. We've talked about it a bit on this show already. But can you give the audience a rundown about, like, what the open source pledge is and who's involved?

Yeah. Absolutely. So the open source pledge is Century's attempt to get other companies to give as much money to open source as we do. Because, again, going back to my own history here, like, I started this. David was like, Chad, give money to open source. So I gave much money to open source. And then the next year, he was like, Chad, give even more money to open source. And so I gave you more money to open source. Then the third year, you know, we doubled the amount again. Wes get $500,000 to open source. Crazy. Yeah.

In year four, we were like, okay. This is cool, but we can't be the only ones doing this. Like, that you know, that that's fun, and, like, people are loving what we're doing, and it's great.

But to really have an impact on this question, we say, of open source sustainability or this way to make sure that the people building FFmpeg and all the tools we depend on, you know, that we're not burning them out.

We need an industry wide change. We need kind of a culture change in how we think about this and act on it. And so that's what the pledge is about. So the pledge is a group of companies working together to change the status quo in open source sustainability. So there's this classic x k c d comic. It's called Dependency. I think it's number twenty three forty seven, and it's got this, like, Jenga tower, you know, of of blocks kinda built on top of each other. And it says, you know, here's all modern digital infrastructure, and it's resting on this one little, kind of precarious component that says a project from 02/2003 thanklessly maintained by some guy in Nebraska.

Thanklessly maintaining that project since 02/2003 paid so he doesn't burn out and the whole thing collapses.

And yeah. So we've got, let's see. We launched about six months ago. For a company to join the pledge, they need to, number one, pay maintainers, and then number two, blog about it. So there's a threshold amount, which is a function of the number of developers employed at the company. So if a company employs a hundred developers, the figure is 2,000 per developer. That's the minimum. So if a company employs a hundred developers, they would pay maintainers two hundred thousand dollars, and then they would write a blog post that says, our company loves open source, and we pay maintainers, and here's the receipts. We want those receipts. We want that accountability.

And then, you know, we onboard them and put them on the website.

We just rolled out a job board a few weeks ago, so we're, you know, trying to find ways to add value for those companies to say, like, hey. This is a little movement. This is worth being part of. Yeah.

It's been it's been fun. If you're listening to this and your company uses open source software,

then you should encourage your company to join the Open Source Pledge. Totally. It's, what, o over 2 and a half million bucks on there, some some pretty big companies that Yeah.

Yeah. Laravel's with us.

It it was really fun.

A a company called Posit joined.

None of us had ever heard of them. They self serve, you know, found us and joined. They, do a bunch of they have a data science IDE, in R, this old data science language. And they've got more developers than Century does. So they joined, you know, just at the December, you know, a few months after we launched. So really encouraging to see companies, Wes, start to get on board with this and work together.

That's amazing. Yeah. Yeah. $3,679 per dev, and that's a 34

devs. Yeah. Right? It's awesome.

Pushing over 2 and a half million, and Century is only $7.50 of that. You know? So much more that's not Century than is. You guys rolled out some, like, hilarious billboards as well? What what were those there's three of them. Right? Oh, goodness. Yeah. We've so we launched the open source pledge last year on October 8, and we did it. We we rented three of the most expensive billboards in the world. And Century's creative team, we call them studio four and four studio four zero four internally here. They had a lot of fun, coming up with a campaign for us that we called Mooch Monsters. So we've got the Deno, who's the chief excuse officer.

We've got the CFO, that's the chief freeload officer, and the CTO that's the chief tightwad officer. And, actually, just last week, because we dug did those three billboards, but we also got a bunch of buses and bus shelters.

Mhmm. And they're still running around because those buses, you know, they don't they they don't change them as quick as the billboards. Right? So, like, there's still chief the CTO, you know, chief tight wall officers running around San Francisco. It's pretty fun. That's great. Wes we saw some of those in SF.

They're pretty, eye catching. JS that they're they're pretty dope. Yeah. We got an article in The Register

about the billboard. It's like since when are billboards news? You Node? It's like new billboard goes up on, you know, freeway or whatever. It's like yeah. Wes, and then the other one, we we were on, we were in Times Square too. You know, the Nasdaq jumbotron? Oh, yeah. Right? Yeah. Yeah. Square. Yeah. We were on there as well for Amazing. With a bunch of bunch of the launch partners. The innovators, we call them. The innovators that joined with us for that launch.

Yeah. So that's name of the game now is, you know, we just gotta keep growing. We gotta get more and more companies on board, chip away.

I mean, it's a weird, you know, it's a weird kinda Scott up, right, where it's like we're tracking Yarn, and we're trying to grow, and we're, like, you know, trying to get out there and and not die. I got a question for you, Chad. Yeah. What what license should I use? I like it.

Well, it depends on your goals.

There's different life cycle stages for an open source project.

So I think you're probably asking from the point of view of, kind of a solo maintainer, right, who maybe has a fun idea and some spare time and nights and weekends and, you know, puts together a project.

The two fundamental paths you can go down are the permissive or the copy left.

I like the permissive side.

I'm not really looking to use the law against people. It's like, you know, I'm gonna get outlawed one way or another. You know? If you're if you're of that bent, then sure. Use the GPL or look into it.

Here's what I wanna use this question to say.

I see the Copyleft style as more niche and more and more niche as time goes on. Because I think most people fundamentally don't care. You know? You have to really care. You have to really be an insider and really, like, geek out on the licenses and reading the licenses and everything like that.

You have to kinda be an activist to bring that word in. You know? So Copyleft, free software, so to speak. I see that more for activists, which just, you know, by definition, are gonna be a much smaller, you know, proportion.

And I think open source, we need to blow this up even bigger than it is. I think permissive is the thing that is gonna resonate more with more people and is truer to what I understand to be that kind of heart of open source, which is really about that community aspect, which is like I don't know, man. It's like if somebody's coming at me and trying to twist my arm to do this or that, like, to force me to share, you know, like, that's not how like, it feels just kinda dumb to me. Like, you can't force people to share. Right? The whole point is we're inviting people to share. We're inviting people into this community. And, yeah, to me, copy left misses the point. So use a permissive license.

The MIT is one of the most established licenses. That's you know, you can't go wrong with MIT. Mhmm. Apache has a little more legalese in there that gives you some, you know, Nuance protections around patents, very popular license. Those are the two that we use at Sentry, by the way. MIT, we use for all of our SDKs, and then Apache, we use for other components, you know, that we release.

Of course, we do also use our functional source license for Sanity itself. I'm talking about the true open source stuff that we put out. So MIT, Apache, you know, or if you really wanna have some fun, use that Beerware license. That'd be my record. Love it. Yeah. Yeah. I like beer. Have you guys ever put anything out open source? What's your what's your own history with publishing projects? Tons of it out there. Any anything anybody else is using, Wes? Like, what's your most popular open source project?

Oh, my most my most popular module is the most embarrassing thing. It's called wait.

If you go to npm.im/waait aait? 2 a's? Yeah. Because the one wait was taken. And it's simply a one line

that's right there, my friend. Yeah.

It's simply it's just a function that returns a promise after however many seconds you pass it or milliseconds. And you used MIT on it. There you go. And it, yeah, it's got a hundred thousand people a week. It used to be even higher before AI would, inject it because it's a it's a one line package but embarrassingly

popular. I love it. And it's seven years ago. You put it out seven years ago, and it still Seven years ago, updated it, I guess. Oh, okay.

Six years ago, last published. There's no there's no features that needed to be added.

It's it's the perfect package. Yes. Exactly. It doesn't need anything. I'm just going through the iOS,

legal Yeah. Page. I found a copy of it online, and I'm just searching. Get it. Yeah. It's tough to scroll. Yeah. They don't let you copy the whole thing, but somebody figured out how to put it on a GitHub gist. And I searched for all of the JavaScript libraries that were used in iOS.

Yeah. And You find some good stuff?

There's not a lot. It's jQuery Okay.

And, Ember JS. I'm pretty sure iTunes, Apple Music is built with Ember, or at least Apple Music is built with Svelte. Is it? Okay. Yeah. Oh, some at at some point, Apple used I'm curious what that is. And, obviously, they still have jQuery in there somewhere.

And then there's one for web WebRTC JavaScript library.

Curious. Maybe FaceTime's built with TypeScript.

And you find that beerware in there? Did you find that? I did. I did find the beerware in there. It makes me wanna make a funny license Node. And if,

if it's never used

Playing the long game. Yeah. Totally. Yeah. But every now and then, when in a if I go into a car and into legal notices, I I Scott. And I remember I see what's in there. We used to have a BMW, and I scrolled. And I found a whole bunch of JavaScript libraries in there as well.

Mercedes actually has some of the car companies are starting open source programs.

Really? You know, so Mercedes Benz has one of these FOSFONs, if I remember right, or they at least have an open source program that you can find. And let me just think. I for some reason, I feel like Porsche had an open source program. Yeah. Porsche open open source dot porsche dot com. Yeah. So Porsche ESLint the open source game. Maybe that's the one that goes I found the I'll I'll post a link to the Mercedes that's a a blog post about their,

Mercedes embraces open source to drive its digital ecosystem.

Cool. It's pretty cool. Right? To drive its d yeah. That's fine. There you go. Yeah. Speaking of, like like, interesting licenses, though, I need to find one for my, like, my teaching content because Oh, yeah. I've I published lots of examples and stuff online, and all of my course content is is open source. And I just explicitly put there, like, you can do whatever you want. You can have make a startup. This app that we're talking on right now was was based on some of my course code. But I was like, the only thing you can't do is you can't make another course teaching the exact same thing, which, unfortunately, has happened a few times. Yeah.

So I had to add that in there. But, like, I I just put it in the Read Me, and maybe I need a explicit license.

What about Creative Commons? Any of those Creative Commons licenses appropriate?

It it might. The the thing is, like, I've never

I I never know what to use, and I think a lot of people are like that. I usually just throw MIT on there because I'm like, I don't know. Yeah. Creative Commons is very similar, of course, to open source, but but it's really designed for everything except software, and open source is really about software. Mhmm. You know, so if you're talking about, like, code examples and stuff like that, you know, that's the sweet spot for open source. If you're talking about content otherwise, you know, that's what Creative Commons is there for. I don't know if, like because there is a noncommercial variant in Creative Commons, you know, that might do it. Because they have they have, like, a mix and match. Right? They have, like, four ish different kinds of restrictions you can put Yeah. And still fit in the Creative Commons bucket.

Yeah. And you can kinda pick and choose which of those you wanna bring in. Maybe I I'll I'll take a look into that. It's for me, it's mostly just the the the software that I write, like, the the actual Node. Yeah. Not the the videos themselves all have their own individual You might need fair source, Wes. Yeah. There we go. No. You can't commercialize it. I need to join on. Yeah.

Well, that that's the other thing JS I want people to be able to commercialize it. That's take people have started taking the code, and they've built startups off of it. I want people to do it. Want JS people to compete with you to Yeah. Exactly. That's that's the thing JS I don't want somebody taking the exact same code Yeah. Yeah. And the words that I've spoken and just rerecording them. Yeah. Or doing it in another language or something like that, you know, and GitHub explicit permission.

Yeah. So that is really that fair source idea.

This idea that companies that are, you know, public on GitHub with their code but have whether it's that AGPL with the CLA or using a FairSource license, you know, that there's this kind of, dark aspect to it. People were like, well, you're just, you know, stealing our labor and, you know, taking advantage of us.

And I'll tell you what. There is I feel differently about it. I think those people are mostly just grumps, and are gonna hate anything, in my experience, and and, yeah, represent kind of the worst of the open source community because they're just, like, using the legalese of it to browbeat people.

Plausible you familiar with Plausible? They're like the Google Analytics yeah. They put it on the the Syntax side, don't we? We do. Yeah. Yeah. I love Plausible.

They are one of these open core companies that's AGPL with a CLA.

And I have a contribution in Flossibull. I gave them a pull request. You know, like, this is five years ago or whatever, six years ago.

You know, they were a little little newer. And, yeah, there was like a little thing I didn't like about what they're doing. And because they were on GitHub, I could go in and I could, you know, make a pull Wes, and they accepted it. And now it's in there. And I don't at all feel taken advantage of by plausible.

You know what I mean? It's like, I don't wanna maintain that code forever. You know what I mean? It's like, I wanna come in, fix my problem, and then go on with my day. And to me, that's that's part of the beauty of, you know, whether it's open source or even this kind of fair source model.

Like, I love that. I love that I, as an individual, if I'm sufficiently motivated, I can go fix that problem. You know, there's these kind of meme stories that go around of the, you know, the person that gets hired at the company and fixes the bug that's annoyed them forever then quits after two weeks because they only got hired in order to fix that bug. Right? Yeah. Yeah. So this. Right? It's like, that that's a joke because that's so hard to do. But what if it weren't hard to do? What if you know? And the fact is, you know, this plausible example is a real world example of that, where it's like, that's the value of kind of that fair source model or certainly an open source model.

And so I I don't think I don't see a problem with companies operating that way, because they're honest, as long as you're honest about it. You know? Which is like, hey. We're a company. This is our thing. You know? You're welcome to give us contributions.

You know? And it's, again, invitation. It's like nobody's twisting your arm to force you to contribute to something. Yeah. Right. Yeah. Yeah. I think there's value there in in both approaches.

Scott, how about you? Do you have any open source projects?

Yeah. You know what? I have one that I did recently, and it doesn't have a license on it. So I should probably put one. It's just the bindings for, Deno sync, which is a local first syncing platform. So Okay. I wrote the Svelte bindings for that.

I have a number of little small utilities that, like, like an automatic babel plug in for auto importing certain files and stuff like that, but nothing crazy.

Most of my stuff has just been the educational content that I just throw up on GitHub. Yeah. Do you guys ever

contribute

to other projects in open source? Oh, yeah. Yeah. Quite quite a bit. And I love that about open source projects JS you can just do drive by drive by, fix something, and and get going. So you're actually given PRs, Wes, not just issues? I mean Oh, yeah. Oh, yeah. Okay. Yeah. You take a take a look at my my GitHub profile. You'll see it. Okay. See some solutions. Yeah. When I first got started in in GitHub maybe, like, twelve years ago, I was mister docs. You know? Boom. Boom. Boom. But Mister docs? Much more of, like Wes, I still I still do quite a bit of docs because they're unfortunately kind of neglected in in many use cases. Oh, a lot. Mhmm. But I I would say, like, my most is simply issues with replications.

Quite a lot. Yeah. A high quality bug reports evaluation.

I sometimes I just get so exhausted when you, like, open up a new issue, and it's like, here, fill out this Here's the template. Give me a whole code sandbox. I'm like, but Yeah. Yeah. I I realized on the other end as Wes, it's like, well, I

I I don't know if this issue that you're having please show me how how it actually works. Yeah. Yeah. Right. Exactly. Well, that just goes to show you how much labor does go into open source. You know? Yeah. And if if you can spread it around a little bit, if we can I don't know? I kinda think, you know, company like Sentry, giving a lot of money, we're doing that. Here's what I'm trying to say. There's different ways for each of us to participate in the open source ecosystem and make it stronger.

If you're a company and you can give $750,000 to open source, that's awesome. If you're an individual developer and you come across a bug in upstream, you know, taking half an hour to write that book and give them that, reproducible, bug report, you know, that is actually valuable. And if, you know, if we could have kind of everybody do a little bit, you know, then we all benefit from it. You don't have to think, well, I'm not a century that can give all this money. Like, there is absolutely stuff that you can do to participate,

one notch, you know, more than than some of us are doing. Totally. And warp maintainers like that, though, because if you give them a failing test, even it takes you half an hour, sometimes they can just, like, ten minutes, fix it, push a new version.

Oh, yeah. Yeah. Yeah, man. If you're a maintainer and you get a really good bug report, I mean, that lights up your day, you Node, after all the trash that you get, especially with, like, the AI generated, you know, slop now. It's like maintainers are flooded with it. So if you come in with some valuable,

yeah, info, that's that's gold. Alright. Should we wrap this up, Scott? Yeah. Yeah. I think it's a good time to do that. Let's get it in the part of the show where we talk about sick picks and shameless plugs. Chad, a sick pick is something that you're just liking right now, enjoying anything. Oh, good. Do you have a sick pick?

Oh, well, you guys know where my head's at, and this, episode is supposed to air with my first salvo on the Syntax channel.

I'm really enjoying these Save the Cat books about, screenwriting and writing narrative story content.

So shout out to, this fella, Jamie Nash, who wrote a book about, writing for TV using the Save the Cat beat sheet method. So look into it if you want to understand about screenwriting, I guess. Yeah. Node. I'll give that one.

Yeah. What about, shameless plugs? Would you like to plug anything?

Oh, man. What's the difference between a pick and a plug, Wes?

A sick pick is is what you just gave, and a plug JS, like, you wanna change own thing? Yeah. Yeah. Show my own thing? Yeah. Well, then that I mean, the obviously compliment is, like

yeah. Go watch my show on Syntax that's coming out together with this episode. That's an easy Yeah. Yeah. Chad's gonna be, talking about open source and and giving us all some Oh my goodness.

Really interesting open source information in various ways. So we're really, really stoked to have Chad pull on the team.

Yeah. Pull on the thread. And see where it goes. Yeah. I love it. Yeah. So looking super forward to that. Chad, it's awesome. It's it's been great having you on the team so far, and I I can't wait to see, your show and what you put out. The future holds. This is great. Thank you. Appreciate it. Thanks, guys. Thanks, Wes. Thanks,