rubyday 2020

Summarized using AI

OSS - to be defined

Floor Drees • September 16, 2020 • online

The video, titled "OSS - To Be Defined" and presented by Floor Drees at RubyDay 2020, explores the complexities and challenges surrounding open-source software in contemporary enterprises. Although open-source software has been embraced by many organizations, Drees argues that this popularity often leads to a "suffocating grip," resulting in vulnerabilities attributable to maintainer burnout. Her focus shifts towards sustainable models of open-source engagement, particularly through newer licensing frameworks like the Hippocratic License.

Key points discussed in the video include:

- Sustainable Models: The need for open-source software to transition into more sustainable models that allow maintainers to retain control over how their code is used while preventing abuse for unethical purposes.

- Maintainer Burnout: Highlighting that many maintainers face overwhelming workloads, leading to risks of critical software being left unsupported.

- Ethical Source Initiative: The emergence of the Hippocratic License by Coraline Ada Emke is introduced as an effort to retain ethical considerations in software usage, specifically prohibiting its use for human rights abuses.

- Corporate Challenges: Drees provides examples of corporations exploiting open-source software without giving back, such as the incident involving MongoDB and AWS. She describes the shortcomings of the OSI definition of open source which permits usage by potentially harmful entities.

- Political Responsibility: She stresses that technology is not neutral and carries inherently political implications, calling for developers to be mindful of the impacts of their work.

- Inclusivity and Awareness: The need for a more diverse contributor base and for institutions to adapt to the demands of these evolving ethical standards is emphasized.

- Community Efforts: Drees encourages community advocacy efforts, such as supporting projects through financial means and participating in discussions to create change.

In conclusion, Drees calls for active participation and innovation in the open-source community to ensure that it serves as a beneficial force rather than a tool for corporate consolidation of power. She illustrates the importance of protecting and properly compensating open-source contributors, facilitating a conversation about ethics in software development, and advancing organizations that prioritize inclusion and empathy. This transition reshapes the understanding of open source as essential infrastructure governed not only by technical merits but also by ethical considerations.

OSS - to be defined
Floor Drees • September 16, 2020 • online

Enterprises have embraced Open Source software - but their grip is suffocating. Business critical software is plagued by vulnerabilities because of maintainer burnout. We're looking for more sustainable models, and regaining control over what our code can be used for - enter the Hippocratic License. GitHub taking down software that was vital infrastructure for opposition groups in Spain shows us that no one party (let alone company) should own access to open source software. The world runs on open source, how do we make sure it can do so sustainably and reliably?

rubyday 2020 - Virtual edition, September 16th 2020. https://2020.rubyday.it/

Next edition: https://2021.rubyday.it/

rubyday 2020

00:00:48.000 Okay, then let's go ahead with our next talk. This talk is going to be about open source.
00:01:03.359 We all work for companies that are using open source on a daily basis. Ruby is open source, Rails is open source, and we have plenty of other tools that are open source out there. Sometimes, the fact that companies do support open source can become a double-edged sword. There are issues with companies actually trying to contribute back.
00:01:22.000 Floor today is going to talk about a different license than the ones we've heard about until now. It's called the Hippocratic License, if I'm not mistaken about the English pronunciation.
00:01:37.040 Hello, Floor. Well, good to see you! Nice to meet you finally. I'm saying finally because we had a brief exchange via chat, and she's awesome.
00:01:49.040 Floor works as a DevRel program manager at Microsoft and is very active in the community, supporting Rails Girls and the Amsterdam Ruby community with meetups. Floor was also the co-organizer of Eureka 2019, which I'm super sad to say I wasn't able to attend because I was too late in booking tickets. However, I heard awesome things about that edition.
00:02:28.879 Thank you, that's very cool. I mean, last, no, it was not last week but two weeks ago, we had another sort of 'No Ruco' we call it, which is, of course, a play on 'Euroco' because this year's edition couldn't take place for certain reasons. But we still got to invite 12 speakers to share their stories.
00:02:54.080 You can all watch it on demand because it's available on our YouTube channel on Ruby and L. So we still did a little bit because we missed it, like you missed it. Okay then, I'm definitely going to go and take a look at it. Thank you so much for it. Would you like to start?
00:03:36.560 Absolutely, I would love to get started.
00:03:41.199 So hello everyone, it will just be my face that you'll be looking at. I don't have any slides because I don't think they add anything to what I want to discuss with you. I will post a blog post after my talk, so you can find all of the links and things I refer to in my talk and read them on your own time.
00:04:41.199 My talk is called 'OSS - To Be Defined.' I totally missed the opportunity to make a joke about it being a work in progress or to-do projects, so I'll do better on that next time. Let's get started.
00:05:00.479 Enterprises have embraced open source software, but their grip is suffocating. Business-critical software is plagued by vulnerabilities due to maintainer burnout. We're looking for more sustainable models and regaining control over what our code can be used for.
00:05:28.400 Several initiatives are popping up, questioning what the fork we are doing, like the folks behind the Hippocratic License and the Ethical Source movement. I would like to investigate if the world indeed runs on open source, then how can we ensure it does so sustainably and reliably?
00:05:47.680 Yes, my name is Floor, and thank you so much for the introduction. You mentioned a couple of initiatives I’m involved in, but I feel the need to add a little more. Yes, I am a Rails Girls coach and organizer. I have organized numerous Ruby-type conferences, both online and offline.
00:06:02.400 I was also involved in the Rails Girls Summer of Code initiative, which was sadly discontinued when Travis and the Travis Foundation got acquired. I am also an organizer for DevOps Days and the DevOps Meetup in Amsterdam.
00:06:14.720 I think I just really love connecting people and ideas. This is the moment to disclose that I work for Microsoft as a Senior Developer Relations Program Manager. Microsoft has a history with open source that hasn't always been very healthy or productive. However, since a change in leadership several years ago, that started changing.
00:06:34.239 People have begun to embrace the open source ethos, but we still have a long way to go. So let's probably get started. Maybe you'll remember Caleb Hartstock at RubyConf 2017. He once helped build software to identify humans by drones. The work was so interesting that he didn't stop to reflect on how his work could pinpoint human targets for assassination. He now regrets his choice but understands how easy it is to get lost in fascinating work.
00:07:36.319 If you haven't already, I strongly recommend checking out Caleb's talk from RubyConf. For more recent examples, last year GitHub took down software that was vital infrastructure for opposition groups in Spain. This incident shows us that no single party or company should own access to open source.
00:07:56.479 Many companies restrict access to their services to folks in countries like Syria at the request of the U.S. government. Some have even dropped access to their products without prior notice to end users. Several big companies, including GitHub, Microsoft, and others, have contracts with ICE, the U.S. Immigration and Customs Enforcement.
00:08:11.760 We've heard horrifying stories about the abusive practices of ICE. Just recently, a whistleblower reported jarring medical neglect within an ICE detention center, including a refusal to test detainees for the coronavirus and a high number of hysterectomies performed on immigrant women. In 2019, a $100,000 contract between software automation company Chef and ICE was uncovered. After learning about this contract, Seth Bargo, a former Chef employee and author of several open source libraries, deleted his code in protest.
00:09:02.160 He wanted to regain control over what his code was used for, ultimately pulling his code from GitHub. However, this was only a temporary measure because the nature of open source means that one can restore lost functionality by pulling from archives.
00:09:30.720 Legally, there's nothing that Seth can do to prevent this because he licensed his code as open source. In 2018, Amazon Web Services added MongoDB, an open source database project, to its product offerings without compensation to the project.
00:09:48.720 In an attempt to require Amazon to open source its code for the rest of its services, MongoDB altered its license. A few months later, AWS unveiled Amazon DocumentDB, a program suspiciously similar to MongoDB but created with AWS's own code. The MongoDB owners received no compensation, and contributors watched the project shift toward a more proprietary license without prior consultation.
00:10:15.760 Then we have stories of npm components being abandoned. Critical pieces of internet infrastructure left unsupported because maintainers can no longer justify the time and energy spent on these projects. When this happens, a commonly used component can turn into a single point of failure for a substantial part of the internet.
00:11:16.160 For example, in March 2016, a maintainer published more than 250 of his npm modules because one was named 'kik,' attracting the attention of lawyers for the instant messaging app. The maintainer refused to change the name, leading to a claim of brand infringement. In protest, he unpublished all his npm managed modules, including LeftPad, which many projects relied on.
00:11:43.040 Open source code appears everywhere, from popular apps to military software, so what happens in open source affects the tech industry as a whole. What got us here is the assumption that open source requires no regulation. Since open source is thought to be inexhaustible, placing restrictions on who can access and contribute is viewed as wrong. However, when you refuse to regulate communities, they tend to regulate themselves.
00:12:21.760 Open source operates on shaky ideas, for instance, that meritocracy is a good thing. This attitude has led to indispensable software like the Linux kernel that powers operating systems around the world. The perception that tech is neutral is another shaky idea; software is first and foremost meant to address human problems, thus it is inherently political.
00:12:41.040 Volunteerism is another foundational idea. Open source contributors often aren't paid for their work. Some may contribute as part of their day jobs or even for an enterprise arm of an open source project, but these contributors are exceptions rather than the norm.
00:13:10.560 There's also this notion that listing open source contributions enhances your resume. People are much more likely to choose the exciting, new projects for their CV rather than those critical infrastructures that we rely on and often take for granted.
00:13:48.480 Additionally, the reality that fast developers often get hired more quickly and advance up the career ladder causes maintainer burnout. The 'move fast and break things' mentality, popularized by Facebook, also contributes to this issue. Ensuring a variety of perspectives are considered in the decision-making process might be less thrilling than the promise of fun workplace perks.
00:14:20.560 Remember when open and free software were ways to undermine big corporations and empower individuals to fix problems? Today, open source is being transformed into a tool for consolidating power. Authoritarian government entities heavily rely on open source to run their operations while large businesses extract significantly more value from open source than they contribute.
00:14:58.560 The free software movement was revolutionary; it gave users power over their programs. Even when free software was rebranded as open source for corporate appeal, freedom of use remained a central tenet. Some open source companies and project owners are scrambling for new source-available licenses to protect their intellectual property from larger competitors while still allowing code sharing.
00:15:34.880 Many maintainers find themselves in a difficult position. They regret seeing their code used for unethical purposes, but due to the open source values they signed up for, they feel powerless to act. Others struggle just to make ends meet, despite their labor creating significant positive value for others.
00:16:00.560 Open source is defined by the OSI. The Open Source Initiative focuses on enabling people to use code licensed as open source. At its core, the definition is that everyone can benefit from open source software. This sounds great at first, but it means that producers give up certain rights and can't set restrictions on who uses their software.
00:16:29.399 According to the OSI definition, there can be no discrimination against the field of endeavor. The license must not restrict anyone from using the program in any particular business or for specific research areas. In case this wasn't clear, the OSI's FAQ states that you cannot stop 'evil' people from using your program. This brings up an interesting point about inclusivity.
00:17:10.080 Big corporations derive significant value from open source without giving back. They effectively outsource labor to a pool of unpaid developers. Yet, we have built a system that depends on the unpaid labor of thousands, with no real incentive to maintain their software. When they leave their projects, it becomes a liability.
00:18:05.200 The OSI's priorities sometimes focus more on businesses than creators. It's true that they may have wanted to professionalize the industry, but the saying goes that the road to hell is paved with good intentions. Recently, I attended the OSI's online conference, State of the Source.
00:19:16.560 In the conference, Joshua Simmons, the OSI president, mentioned alternative licenses but deemed them interesting experiments. This approach conveyed that businesses depend on the OSI for their policies, indicating that navigating our current waters requires a steady course without changes.
00:19:40.720 The first alternative Joshua mentioned was the Vaccine License, which was a joke. He also mentioned the Anti-Anti-Capitalist License and the Hippocratic License, both of which attempt to regain some level of control over how we use our code.
00:20:19.920 I want to focus on the Hippocratic License and the Ethical Source movement, which emerged from the work of Coraline Ada Emke, a well-known Rubyist. She created the Contributor Covenant, outlining acceptable behavior for open source projects and events, which has been adopted by hundreds of thousands of projects.
00:21:29.120 Ruby on Rails was instrumental in popularizing the MIT License as the default license in the Ruby community, even though Matz supports free software. He has also voiced concerns about the affiliation between GitHub and ICE, which has tainted GitHub as an open source institution.
00:21:52.640 The Hippocratic License prohibits using software for human rights abuses under the UN's Universal Declaration of Human Rights. Initially, this license was not intended for adoption; Coraline intended it as a discussion starter about the intersection of software and social justice.
00:22:48.720 The Ethical Source working group has grown to more than 150 members, collaborating with a legal team to legitimize the Hippocratic License and advocate for its adoption. They also outlined a seven-point definition of what ethical source means, addressing user safety and contributor compensation.
00:23:17.840 The Hippocratic License contradicts the OSI's definition of open source because it restricts discrimination based on the field of endeavor. It also opposes the Free Software Foundation's definition, which allows users to run programs for any purpose. I encourage you to familiarize yourself with the Ethical Source definition.
00:24:10.560 Many developers want reassurance that their efforts support projects benefiting contributors and end users, rather than harming them. Casual contributors and I have the option to choose which projects we invest our time in, and the Ethical Source definition might guide us in evaluating which projects to engage with.
00:24:37.760 If institutions like the OSI and the Free Software Foundation are not keen to support change in how people can use and reuse value created by the commons, with corporations lacking incentives to change the status quo, what's left for us to do? It’s not all bad. I realize I have been somewhat negative, and I want to pivot to the positive.
00:25:48.880 The Maintenariati Berlin 2019 event report highlights a growing awareness and desire for change in the open source community. You can read about the challenges maintainers face, and hopefully, we can brainstorm ways to mitigate these issues.
00:26:21.760 The OSI's State of the Source Conference made a robust promise, aimed at identifying current non-technical issues affecting open source development and communities through the perspectives of developers, companies, and projects. They also pledged to conceptualize the potential future of open source software as a community.
00:27:06.160 In a week or two, we should ask the OSI how they have documented their conference goals. They invited influential speakers, such as Toby Langell and Don Goodman-Wilson, to discuss various topics, ensuring that people not familiar with the Ethical Source movement engaged with these discussions.
00:27:29.040 The last two days were spent at the Git Inclusion Summit, collaborating with the Google Open Source Program Office and Git contributors for about 40 core contributors. This group is small but impactful in driving change upstream and in other associated projects, with plans for a broader event next year.
00:28:28.000 Currently, the demographic of open source contributors is approximately 95% male, with leadership largely comprised of white individuals. Open source governance is loosely structured, relying on contributor goodwill and often creating an exclusive atmosphere.
00:29:06.000 Participants at the summit sought ways to identify perspective gaps and explore potential solutions for inclusivity in projects. Historically, open source has an aggressive reputation, particularly with projects like Linux and Git, where communication styles can often be combative.
00:29:50.000 The leadership of projects can influence culture significantly. There are many successful projects directed by a central leader, like Ruby, Python, and Git, labeling them beneficial as they foster a strong vision for continuity. However, many projects struggle without that guidance.
00:30:41.760 Casual contributors and technology users can play a role in shaping these dynamics. In a conversation at the State of the Source, Don highlighted the need to disincentivize software's adoption by organizations that do not value human rights. The absence of principles guiding usage can have harmful repercussions.
00:31:24.000 We must incentivize creating software that benefits those outside the developer community, particularly marginalized populations. The town should shift focus on impact rather than raw adoption rates; metrics like GitHub stars and downloads alone are not enough.
00:31:49.280 My call to action is simple: put your contributions where your mouth is. I translated the Hippocratic License into Dutch. Contributions need not be code-based; small efforts in advocacy matter.
00:32:13.200 I am organizing another Lost Conf at the end of October. This Ruby open source conference, which I initiated in 2015, now in its fourth chapter, invites maintainers to discuss their projects and the contributions they welcome. Participants are encouraged to engage with maintainers, addressing their issues.
00:32:39.520 We aim to limit participants to avoid overwhelming maintainers and focus on vital Ruby community infrastructure. This event coincides with Hacktoberfest, allowing participants to make contributions for code.
00:33:15.440 Another call to action is to support the software we rely on through financial means. Ruby Together is a grassroots initiative committed to supporting critical Ruby infrastructure and tools. You can consider becoming a member or advocating for your employer to do so.
00:33:49.920 Ruby Central is a non-profit organization dedicated to supporting the Ruby community and organizes RailsConf, providing vital infrastructure like RubyGems. Donations and support are essential for nurturing these resources.
00:34:30.720 Consider utilizing GitHub Sponsors and other funding avenues. It is also essential to learn and educate others, recommending resources like Don Wilson's newsletter, The Ethical Technologist.
00:35:00.000 This curated digest highlights notable content at the intersection of software and ethics. I look forward to the upcoming Open Source in Business podcast, focusing on the relationship between business and open source.
00:36:18.560 I will share further resources and reading material in my blog post later. The aim is to create awareness without overwhelming anyone.
00:36:36.160 Consider engaging in discussions about these topics during company lunch and learns or community gatherings. If you're a leader, leverage your platform to advocate for empathy and consideration in open source.
00:37:06.080 Coraline and Toby ran for positions on the OSI board; while they didn't win, their efforts yield potential change. Open source maintainers should emulate the Mozilla Foundation's open leadership training to foster healthier communities.
00:37:40.320 Stay connected with your company’s open source program office. Utilize social media to amplify voices advocating for ethical practices, such as GitHubbers or We Won't Build It.
00:38:01.760 I actively participate in the Foss Fund, which grants $10,000 monthly for those contributing to open source projects outside Microsoft. This can be a means to support ethical projects and encourage inclusive practices.
00:38:48.080 What I would love is for anyone in the chat to share suggestions on how we can collectively support open source as a force for good. I'll be around to take some questions and feel free to reach out on Twitter. I'm Floor Drees on Twitter, so that should be easy to find.
00:39:12.080 That blog post will come very soon. Thank you so much.
00:39:20.000 Thank you, Floor. This has been truly enlightening. There is so much to unpack from this discussion, especially considering how companies handle user data. It's a great opportunity to bring the topic of ethics into our daily work, contributing in ways that resonate with us as developers.
00:40:47.840 Thank you again for this insightful conversation and for taking the time. I had a question in the chat regarding your experience as a company employee on how to introduce these topics without pushback.
00:41:09.000 It's something I navigate daily. Microsoft has significantly improved its reputation with regards to open source. Leadership is receptive to feedback, underscoring the importance of diversity and inclusion.
00:41:50.960 We communicate these ideals even in performance reviews, which focus heavily on diversity initiatives. However, we still have some individuals stuck in old ways.
00:42:06.480 We must be patient; the progress may be slow, but it is undeniably happening.
00:42:11.920 Floor, thank you once again. I hope you enjoy the rest of your day, and I look forward to further discussions with you.
00:42:37.440 I will connect with you on Twitter and stay updated.
00:42:48.720 So, Floor, I should have my pet here for the closing.
00:42:55.840 It's adorable how our pets seem to recognize the importance of open source. Thank you again, and goodbye!
Explore all talks recorded at rubyday 2020
+2