The economics of package management

Transcript

1. The economics of package management

2. C J Silverio @ceejbot

3. you are in this story

4. a story about money

5. a story about power

6. remember Yahoo? ypm was its package manager

7. JSConfEU 2009 node.js announced

8. early node had package managers plural

9. one got official status

10. Joyent bought node

11. Joyent did not buy node's package manager

12. open-source doesn't mean open ownership or control

13. node grows through 2013

14. success is a catastrophe you need to survive

15. the package registry is centralized

16. centralization has advantages

17. centralization has been the trend

18. centralization of costs

19. servers cost money who pays for them?

20. donations work when you're small

21. success is expensive (for centralized services)

22. npm needed money

23. this is not a novel problem

24. founding a company was a novel choice

25. the node project decided this was fine

26. you decided this was fine

27. not everybody thought it was fine

28. money changes everything

29. I decided this was fine

30. I was employee number two

31. those large numbers sure are large

32. let's talk about money

33. open source generates a lot of value

34. capitalism does not reward open source authors

35. most of us give away source code not expecting money

36. open source vs free software

37. capitalism loves open source

38. one person in this story didn't give his stuff away

39. javascript's commons

40. commons: the resources available to everybody

41. the language spec

42. all our shared code

43. our common registry of shared code is owned by a

    private company

44. Ryan Dahl was here again last year

45. It’s unfortunate that there is a centralized (privately controlled even)

    repository for modules. --Ryan Dahl

46. what are the consequences of private control?

47. no input into registry policies

48. no input into registry features

49. the registry is what matters not the clients

50. the management of our commons is opaque to us

51. there is no trust without accountability

52. you had no way to hold me accountable

53. so is npm evil? mu. ask a different question.

54. npm is a financial instrument

55. financial instruments are monetary contracts

56. npm Inc is a means for turning some money into

    more money

57. companies don’t love you not even ones that make things

    you like

58. npm does not love you

59. nobody believes it anymore

60. how did the fall happen?

61. It's 2018. Packages flow like water.

62. packages cost money even if you're not paying for them

63. VCs want to go big or go home

64. npm is obligated to its owners not us

65. make money or raise money by telling a story about

    spending money to make money in some kind of money-ception. you can't fool me; it's money all the way down

66. they hired a CEO who made some, um, interesting moves

67. the centralized registry is expensive

68. the situation today is uneasy & probably short-lived

69. this was not the only option

70. what are we going to do about it?

71. do nothing?

72. imagine npm run by a non-benevolent entity

73. maybe we'll be saved by some large company

74. I agree with Ryan Dahl

75. do you think that's impossible?

76. I believe in giving source code away

77. Chris Dickinson @isntitvacant & I have an announcement

78. entropic: a federated package manager https://www.entropic.dev

79. Apache 2.0 licensed entirely open source (sorry RMS)

80. new cli & new api decentralized: many registries

81. no, don't use entropic yet

82. but we do want your help github/entropic-dev

83. entropic's goals

84. first, prove we have power

85. second, share our expertise

86. third, promote federation

87. take back the commons

88. go do something amazing

89. ❤ from ceej & chris