00:00:12.120
Moving on to our morning keynote, I'm excited to introduce one of Mike's co-workers, Eileen Uchitelle, to the stage today. She works at Shopify, and after two years of giving her talks from home, she's here in person today. Let's give a big round of applause for Eileen! Thank you to Ruby Central and all the volunteers working hard to put on RailsConf this year. I can't tell you how excited I am to be speaking in person again after two years of managing my own lighting and audio, hoping that my Wi-Fi wouldn’t go out during my presentations.
00:01:06.119
Two years ago, I was supposed to keynote RailsConf in Portland, so I see this as a do-over. I bought this dress for that conference and hadn’t worn it for two years. I'm honored to be keynoting again this year. Thank you all for having me. As Mike mentioned, I'm Eileen Uchitelle, and I appreciate him for pronouncing my last name correctly. If you wish to connect after the conference, you can find me online at Eileen codes. If you’ve been following me for a while, you might have noticed that I changed my profile photo—it's not an impostor; it’s just me, a bit older and hopefully a bit wiser.
00:01:44.100
I work at Shopify as a senior staff production engineer on the Ruby and Rails infrastructure team. Our mission is to improve the scalability, resiliency, security, and performance of the Ruby language and the Rails framework. We want to ensure that Rails and Ruby continue to support Shopify for a hundred years and beyond. Essentially, my job is to make Rails and Ruby better for all of you and for Shopify, which is a dream come true for me. In addition to my work at Shopify, I am also a member of the Rails core team, the stewards of Rails, responsible for the technical direction of the framework.
00:02:25.080
As a member of the Rails core team, and as someone who made working on the framework not just a passion but a career, I’ve spent a lot of time thinking about how to ensure Rails is not just sustainable for the next hundred years, but also a growing, thriving framework and community. I've been mulling over the topic of this talk for a few years now, born out of a growing frustration that many companies don’t see the value in contributing to Rails. Many leaders I've spoken to don’t consider open-source contributions essential or view them as investments they should be making. At best, they see it as something they let employees do occasionally on open-source Fridays or as part of a hack week.
00:03:01.680
At worst, they think it's someone else's responsibility to make Rails better for them. The truth is that Rails as a framework isn’t going anywhere; it will continue to evolve under the guidance of Shopify, GitHub, and Basecamp. But is that truly what Rails needs? Will we be able to create the most resilient and performant version of Rails if it's only those three companies investing in it? Imagine how much better Rails could be if more companies contributed.
00:03:43.800
In this talk, we will explore the history of Rails from version zero to today. We’ll look at how Shopify became a contributor on day one and why we continue to invest in the framework. To demystify the contribution process, we’ll learn about the Rails governance structure and our guidelines for how to contribute. Lastly, we’ll discuss why leaders think contributing to open source is risky and how we can dismantle those beliefs to foster a stronger community around Rails. Throughout this talk, I'll provide the tools and ideas we need to ensure real success and growth for the next hundred years.
00:04:27.060
In 2004, the Ruby on Rails framework was extracted from the original Basecamp application by DHH. The intent behind this extracted framework was to make web application development fast and fun by abstracting away repetitive and non-creative tasks. The very first iteration of Rails included only Action Pack, Active Record, Action Mailer, and Railties. Later that year, Toby Lucey, the founder and CEO of Shopify, was looking to build an online e-commerce store to sell snowboarding products, yet he was unhappy with the existing popular technologies of the time.
00:05:11.160
Before Rails was even publicly available, DHH emailed a zip archive of the Rails source code to Toby. This small framework allowed him to be immediately productive in building his new application. While developing that first app, Toby fixed bugs and added functionalities he needed to Rails. Before I began working on this talk, I didn’t realize that Shopify had been contributing to Rails since before day one. How many companies can claim they were there since the very beginning, actively investing in Rails?
00:05:48.300
It's astounding to consider the enormous impact Shopify has already had over the years. In 2005, the Snow Devil e-commerce platform was launched—this was the first iteration of what would become Shopify. Later that year, Rails 1.0 was released, incorporating many changes from Toby and other contributors passionate about Rails. By September 2005, DHH had granted eleven contributors access to the framework to make changes without needing his explicit approval—the first iteration of what we now recognize as the Rails core team.
00:06:34.080
After launching Snow Devil, it became apparent to Toby that he was constructing something others desired: an online platform for selling products. In 2006, the Snow Devil application was rebuilt and relaunched as Shopify. Today, there are over one million businesses on the platform. By 2008, GitHub was publicly launched, and the Rails repository was transferred there. Programmers found Rails exciting, and its popularity soared as more and more companies began utilizing it. Fast forward to today, and we can see how wildly successful some of these early Rails applications have become. GitHub was acquired for 7.5 billion dollars in 2018 by Microsoft, and Shopify made its public debut in 2015 at seventeen dollars a share, above the original proposed range.
00:07:14.640
Numerous other companies, each valued in the multi-millions and multi-billions, underscore that Rails has facilitated their success. You need only look at the RailsConf sponsors to see a small portion of the companies that are not only using Rails but clearly believe in its future. Rails, which started as a simple extraction towards project management applications, has evolved into a framework that inspires creativity and enables all of us in this room to build applications we can be proud of.
00:08:06.840
Just like any open-source project, as popularity increases, so do bug reports and feature requests. With more and more companies building on Rails, DHH couldn’t manage the project alone any longer, leading to a necessary evolution in the governance structure alongside the framework. The evolution of Rails maintenance has developed organically over the years, and as a result, a clear history of how the current teams formed is somewhat obscured. Regardless, we know that Rails started with just one person in 2004, growing to a team of twelve by 2005. Today, five teams ensure that Rails operates seamlessly. They include core committers, issues triage, and security teams.
00:08:55.440
We focus on maintaining well-documented APIs, adhering to preferred design styles, evolving to support new applications, and ensuring high-level security. The core team is the highest-ranking team, followed by committers, issues, and triage teams. The security team comprises everyone from core members to contributors focused on security; some are not part of any other teams. The core team is responsible for project management and directing Rails. However, when a security issue arises, it overrides everything else we’re addressing. Each of these teams plays a critical role in Rails' security, stability, and growth.
00:09:49.260
The security team’s general guidelines for joining require having contributed to Rails previously and possessing some security experience. We must ensure that vulnerabilities remain confidential until a fix and release are available, as security is a fundamental aspect of our governance model. If Rails isn’t secure, companies can’t trust it. The security team is responsible for triaging issues reported on HackerOne and through our dedicated security email address. Please note—if you discover a security issue, do not report it on GitHub as that compromises everyone's applications. Instead, utilize one of the established methods for reporting.