Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The Social Coding Contract

Justin Searls
November 19, 2014
Programming
8
15k

The Social Coding Contract

As presented at RubyConf 2014.

More info here: http://blog.testdouble.com/posts/2014-12-02-the-social-coding-contract.html

Justin Searls

November 19, 2014
Tweet

More Decks by Justin Searls

See All by Justin Searls
How to Scratch an Itch (in 200 Repos or Less)
searls
1
530
Surgical Refactors
searls
8
10k
Sometimes a Controller is Just a Controller
searls
10
7k
JavaScript Testing Tactics ⚡️ Lightning Edition
searls
2
3.4k
The "Rails of JavaScript" won't be a framework
searls
3
620
Breaking up (with) your test suite
searls
12
14k
as easy as rails
searls
3
340
1st class web development with lineman
searls
4
4.8k
JavaScript Testing Tactics
searls
3
16k

Other Decks in Programming

See All in Programming
From complexity to observability using OpenTelemetry
danilop
1
290
Yla's #Kaigieffect
little_rubyist
0
900
Introduction to Typing Practice
fendo181
0
380
Webフロントエンドのための実践「テスト」手法 CodeZine Night #1
takefumiyoshii
19
5.2k
デザイナーと協業しているNuxtプロジェクトを、ChromaticによるVRTでさらに改善した話
mozu1206
0
140
サバンナ便り〜自動テストに関する連載で得られた知見のまとめ(2023年5月版)〜 / Automated Test Knowledge from Savanna 202305 edition
twada
PRO
15
4.7k
「無ければ作る」Backlogに欲しい機能を自分で作った話
nsuz
0
130
The Angular Renaissance: Architectures with Modern Angular
manfredsteyer
PRO
1
240
Symfony Messenger et ses messages: à la queleuleu…. Et s’il était temps de grouper ?
alli83
1
210
AWS CDKとZodを活用したバリデーションパターン集 / validation patterns with cdk and zod
gotok365
3
810
Hugo で作ったブログに閲覧数ランキングが欲しい!
track3jyo
PRO
2
420
フロントエンド刷新をプロジェクトとして進める際に気をつけていること
koba04
1
1.1k

Featured

See All Featured
The MySQL Ecosystem @ GitHub 2015
samlambert
240
11k
Art Directing for the Web. Five minutes with CSS Template Areas
malarkey
197
11k
10 Git Anti Patterns You Should be Aware of
lemiorhan
644
55k
4 Signs Your Business is Dying
shpigford
171
20k
Done Done
chrislema
178
15k
Making the Leap to Tech Lead
cromwellryan
118
7.8k
Mobile First: as difficult as doing things right
swwweet
213
8k
How GitHub Uses GitHub to Build GitHub
holman
466
280k
Docker and Python
trallard
31
2.1k
Why Our Code Smells
bkeepers
PRO
327
55k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
0
1.3k
Testing 201, or: Great Expectations
jmmastey
26
5.9k

Transcript

  1. THE SOCIAL CODING CONTRACT

    View Slide

  2. My name is Justin Searls
    Please tweet me @searls &
    Say [email protected]

    View Slide

  3. Open Source is Good!

    View Slide

  4. !❤️!

    View Slide

  5. $%

    View Slide

  6. &'(

    View Slide

  7. is Open Source Good?

    View Slide

  8. !)

    View Slide

  9. %⏰+

    View Slide

  10. ,'(

    View Slide

  11. -

    View Slide

  12. - . --
    -

    View Slide

  13. - . --
    -
    /
    .

    View Slide

  14. - . --
    -
    /
    .
    .
    0

    View Slide

  15. - . --
    -
    /
    .
    .
    0
    .
    1

    View Slide

  16. - . --
    -
    /
    .
    .
    0
    .
    2
    .
    1

    View Slide

  17. - . --
    -
    /
    .
    .
    0
    .
    2
    .
    1 ✅

    View Slide

  18. - . --
    -
    /
    .
    .
    0
    .
    2
    .
    1 ✅

    View Slide

  19. View Slide

  20. View Slide

  21. View Slide

  22. View Slide

  23. View Slide

  24. ideology, n. \
    ˌˌ
    i-dē-
    ˈ
    ä-lƧ-jē\

    View Slide

  25. ideology, n. \
    ˌˌ
    i-dē-
    ˈ
    ä-lƧ-jē\
    "They do not know it,
    but they are doing it"

    View Slide

  26. ideology, n. \
    ˌˌ
    i-dē-
    ˈ
    ä-lƧ-jē\
    "They do not know it,
    but they are doing it"
    - Karl Marx

    View Slide

  27. Open source fans are a bunch of hippies
    so I figured I'd start with a Marx quote

    View Slide

  28. View Slide

  29. philosophy

    View Slide

  30. economics
    philosophy

    View Slide

  31. economics
    philosophy

    View Slide

  32. The march of progress
    & our false consciousness

    View Slide

  33. IN THE BEGINNING

    View Slide

  34. SPECIALIZATION

    View Slide

  35. SPECIALIZATION
    veggies

    View Slide

  36. SPECIALIZATION
    veggies meats

    View Slide

  37. SPECIALIZATION
    veggies meats games

    View Slide

  38. INDUSTRIALIZATION

    View Slide

  39. INDUSTRIALIZATION

    View Slide

  40. INDUSTRIALIZATION

    View Slide

  41. INDUSTRIALIZATION

    View Slide

  42. INTERNETIFICATION
    1-Click

    View Slide

  43. BIG DATAFICATION

    View Slide

  44. BIG DATAFICATION
    ???

    View Slide

  45. Unintended Consequences

    View Slide

  46. View Slide

  47. FOR, LIKE, AT LEAST A MONTH

    View Slide

  48. progress
    awfulness

    View Slide

  49. progress
    awfulness

    View Slide

  50. progress
    awfulness

    View Slide

  51. View Slide

  52. progress
    awfulness

    View Slide

  53. progress
    awfulness

    View Slide

  54. View Slide

  55. View Slide

  56. Open Source's Progress

    View Slide

  57. .h & .c files

    View Slide

  58. View Slide

  59. View Slide

  60. View Slide

  61. View Slide

  62. veggies
    Makefile

    View Slide

  63. View Slide

  64. View Slide

  65. jar file

    View Slide

  66. View Slide

  67. View Slide

  68. View Slide

  69. 1-Click
    Gemfile

    View Slide

  70. View Slide

  71. View Slide

  72. View Slide

  73. View Slide

  74. package.json

    View Slide

  75. View Slide

  76. View Slide

  77. View Slide

  78. View Slide

  79. View Slide

  80. 50ft

    View Slide

  81. 50ft
    100ft

    View Slide

  82. 50ft
    100ft
    windows max
    file path limit

    View Slide

  83. short-term progress

    View Slide

  84. short-term progress
    for the low, low price of

    View Slide

  85. short-term progress
    for the low, low price of
    long-term fragility

    View Slide

  86. View Slide

  87. Build a small, but non-trivial, Rails
    app. An empty app has ~50 gem
    dependencies; yours will have 75-100.
    Go away for six months. Come back
    and update all of your dependencies.
    Your app no longer works.

    View Slide

  88. It's easy to start a Jekyll blog, though. Easy
    to install sass. Easy to generate a Rails app.
    Always easy right now, never in a year.

    View Slide

  89. View Slide

  90. What we think
    our app is

    View Slide

  91. What our app
    really is

    View Slide

  92. easy, but
    not simple

    View Slide

  93. We say "it's a Rails app"

    View Slide

  94. We never say "and Rails depends
    on thor >= 0.18.1, < 2.0"

    View Slide

  95. We never say "and Rails depends
    on thor >= 0.18.1, < 2.0"
    We don't even notice that!

    View Slide

  96. Bundler could not find compatible versions for gem "thor":
    In Gemfile:
    ajax-cat (= 2.1.0) ruby depends on
    thor (~> 0.15.2) ruby
    rails (= 4.1.4) ruby depends on
    railties (= 4.1.4) ruby depends on
    thor (0.18.1)
    Even though 272 gems can
    no longer be installed!

    View Slide

  97. What if Bundler told us more?
    ...
    Using unicorn 4.8.3
    Using zurb-foundation 4.3.2
    Your bundle is complete!
    Use `bundle show [gemname]` to see where a bundled gem is installed.

    View Slide

  98. What if Bundler told us more?
    ...
    Using unicorn 4.8.3
    Using zurb-foundation 4.3.2
    Your bundle is complete!
    Use `bundle show [gemname]` to see where a bundled gem is installed.
    Your bundle has 10 direct dependencies and 43 transitive dependencies.

    View Slide

  99. What if Bundler told us more?
    ...
    Using unicorn 4.8.3
    Using zurb-foundation 4.3.2
    Your bundle is complete!
    Use `bundle show [gemname]` to see where a bundled gem is installed.
    Your bundle has 10 direct dependencies and 43 transitive dependencies.
    Your gems' version specifiers preclude the installation of 1300 gems.

    View Slide

  100. What if Bundler told us more?
    ...
    Using unicorn 4.8.3
    Using zurb-foundation 4.3.2
    Your bundle is complete!
    Use `bundle show [gemname]` to see where a bundled gem is installed.
    Your bundle has 10 direct dependencies and 43 transitive dependencies.
    Your gems' version specifiers preclude the installation of 1300 gems.
    `bundle update` would be unable to update 5 gems to the latest version.

    View Slide

  101. View Slide

  102. View Slide

  103. C

    View Slide

  104. C
    B

    View Slide

  105. C
    B
    A

    View Slide

  106. C
    B
    A

    View Slide

  107. C
    B
    A

    View Slide

  108. C
    B
    A

    View Slide

  109. C
    B
    A
    ???

    View Slide

  110. C
    B
    A
    ???4?

    View Slide

  111. C
    B
    A
    ???4?5?

    View Slide

  112. C
    B
    A

    View Slide

  113. C
    B
    A

    View Slide

  114. C
    B
    A

    View Slide

  115. C
    B
    A


    View Slide

  116. C
    B
    A



    View Slide

  117. One day, every new
    install started failing

    View Slide


  118. B
    A


    C

    View Slide


  119. B
    A


    C
    4

    View Slide


  120. myAC
    B
    A


    4

    View Slide

  121. myAC
    B
    A
    D


    4

    View Slide

  122. myAC
    B
    A
    D


    View Slide

  123. Video of me
    that weekend

    View Slide

  124. View Slide

  125. View Slide

  126. need

    View Slide

  127. convenience
    need

    View Slide

  128. convenience
    need
    complexity

    View Slide

  129. convenience
    need
    complexity
    risk

    View Slide

  130. convenience
    need
    complexity
    risk
    mystery

    View Slide

  131. As painful as Makefiles are,
    they still work 30 years later

    View Slide

  132. View Slide

  133. View Slide

  134. Open Source
    Maintainers
    are not
    Rockstars

    View Slide

  135. Maintainers are just
    extra-early adopters

    View Slide

  136. MAINTAINER EARLY ADOPTER

    View Slide

  137. MAINTAINER EARLY ADOPTER
    soap for ruby

    View Slide

  138. MAINTAINER EARLY ADOPTER
    soap for ruby
    No results found

    View Slide

  139. MAINTAINER EARLY ADOPTER

    View Slide

  140. MAINTAINER EARLY ADOPTER

    View Slide

  141. MAINTAINER EARLY ADOPTER

    View Slide

  142. MAINTAINER EARLY ADOPTER
    soap for ruby

    View Slide

  143. MAINTAINER EARLY ADOPTER
    soap for ruby
    1. soapy-ruby gem

    View Slide

  144. MAINTAINER EARLY ADOPTER

    View Slide

  145. MAINTAINER EARLY ADOPTER

    View Slide

  146. MAINTAINER EARLY ADOPTER

    View Slide

  147. MAINTAINER EARLY ADOPTER

    View Slide

  148. MAINTAINER EARLY ADOPTER

    View Slide

  149. MAINTAINER EARLY ADOPTER

    View Slide

  150. SCRATCHING AN ITCH

    View Slide

  151. SCRATCHING AN ITCH

    View Slide

  152. SCRATCHING AN ITCH

    View Slide

  153. SCRATCHING AN ITCH

    View Slide

  154. SCRATCHING AN ITCH

    View Slide

  155. SCRATCHING AN ITCH

    View Slide

  156. SCRATCHING AN ITCH

    View Slide

  157. MAINTAINER EARLY ADOPTER

    View Slide

  158. MAINTAINER
    hey, let's own
    this together!
    EARLY ADOPTER

    View Slide

  159. MAINTAINER
    hey, let's own
    this together!
    EARLY ADOPTER
    wow, me?
    let's do this!

    View Slide

  160. MAINTAINER EARLY ADOPTER

    View Slide

  161. MAINTAINER
    hey, let's make
    you a committer!
    EARLY ADOPTER

    View Slide

  162. MAINTAINER
    hey, let's make
    you a committer!
    EARLY ADOPTER
    awesome, i will
    help sometimes!

    View Slide

  163. MAINTAINER EARLY ADOPTER

    View Slide

  164. MAINTAINER
    hey, let's never
    communicate again!
    EARLY ADOPTER

    View Slide

  165. MAINTAINER
    hey, let's never
    communicate again!
    EARLY ADOPTER
    sounds good,
    bye forever!

    View Slide

  166. MAINTAINER
    hey, let's never
    communicate again!
    EARLY ADOPTER

    View Slide

  167. Why don't maintainers
    just share control?

    View Slide

  168. time
    happiness

    View Slide

  169. time
    happiness

    View Slide

  170. time
    happiness

    View Slide

  171. time
    happiness

    View Slide

  172. time
    happiness

    View Slide

  173. Late adopters will disabuse
    them of this happiness

    View Slide

  174. MAINTAINER LATE ADOPTER

    View Slide

  175. MAINTAINER LATE ADOPTER
    0 commits this week

    View Slide

  176. MAINTAINER LATE ADOPTER
    0 commits this week

    View Slide

  177. MAINTAINER LATE ADOPTER
    0 commits this week

    View Slide

  178. MAINTAINER LATE ADOPTER
    0 commits this week

    View Slide

  179. MAINTAINER LATE ADOPTER
    0 commits this week

    View Slide

  180. MAINTAINER LATE ADOPTER
    0 commits this week

    View Slide

  181. MAINTAINER
    no recent commits?
    sounds stable!
    LATE ADOPTER
    0 commits this week

    View Slide

  182. MAINTAINER LATE ADOPTER
    800 stars?
    sounds safe!
    0 commits this week

    View Slide

  183. MAINTAINER LATE ADOPTER
    open source?
    sounds free!
    0 commits this week

    View Slide

  184. maintainer'
    s needs

    View Slide

  185. maintainer & early
    adopters' needs

    View Slide

  186. View Slide

  187. user needs

    View Slide

  188. user needs
    a negotiation

    View Slide

  189. Literally, like, two days later

    View Slide

  190. MAINTAINER LATE ADOPTER

    View Slide

  191. MAINTAINER LATE ADOPTER

    View Slide

  192. MAINTAINER
    what?! it doesn't [enterprise]
    my [enterprise] at all!
    LATE ADOPTER

    View Slide

  193. MAINTAINER LATE ADOPTER
    how could they ignore such
    an important use case?!

    View Slide

  194. View Slide

  195. View Slide

  196. View Slide

  197. View Slide

  198. View Slide

  199. View Slide

  200. View Slide

  201. View Slide

  202. View Slide

  203. time
    happiness

    View Slide

  204. time
    happiness

    View Slide

  205. time
    happiness

    View Slide

  206. Late adopters expect more
    niche features than early adopters

    View Slide

  207. Late adopters make better
    customers than users

    View Slide

  208. Late adopters make better
    customers than users

    View Slide

  209. Late adopters make better
    customers than users
    Dual-license

    View Slide

  210. Late adopters make better
    customers than users
    Dual-license
    "Pro™" features

    View Slide

  211. Late adopters make better
    customers than users
    Dual-license
    "Pro™" features
    Paid support

    View Slide

  212. Late adopters make better
    customers than users
    Dual-license
    "Pro™" features
    Paid support
    ¯\_(π)_/¯

    View Slide

  213. Maintainers should feel
    free to say "No"

    View Slide

  214. View Slide

  215. MAINTAINER TROLLS

    View Slide

  216. [HATE]
    MAINTAINER TROLLS

    View Slide

  217. plz stahp [HATE]
    MAINTAINER TROLLS

    View Slide

  218. plz stahp [THREATS]
    MAINTAINER TROLLS

    View Slide

  219. woah! not cool! [THREATS]
    MAINTAINER TROLLS

    View Slide

  220. woah! not cool! [REDACTED]
    MAINTAINER TROLLS

    View Slide

  221. (›°□°ʣ›ớ ᵲᴸᵲ [REDACTED]
    MAINTAINER TROLLS

    View Slide

  222. View Slide

  223. View Slide

  224. View Slide

  225. ASYMMETRIC POWER
    maintainer users

    View Slide

  226. ASYMMETRIC POWER
    maintainer users

    View Slide

  227. ASYMMETRIC POWER
    maintainer users

    View Slide

  228. ASYMMETRIC POWER
    maintainer users

    View Slide

  229. ASYMMETRIC POWER
    maintainer users

    View Slide

  230. ASYMMETRIC POWER
    maintainer users

    View Slide

  231. View Slide

  232. time
    happiness

    View Slide

  233. time
    happiness

    View Slide

  234. MAINTAINER ANYBODY

    View Slide

  235. MAINTAINER
    i'm burnt out
    can someone help
    me maintain this?
    ANYBODY

    View Slide

  236. hello?
    MAINTAINER ANYBODY

    View Slide

  237. anybody?
    MAINTAINER ANYBODY

    View Slide

  238. time
    happiness

    View Slide

  239. time
    happiness

    View Slide

  240. No Maintainer is Forever

    View Slide

  241. View Slide

  242. <_why disappears>

    View Slide

  243. What if there were
    an app for this?

    View Slide

  244. PRO
    %QPPGEVVQ5GTXKEGU
    4WD[)GOU
    )KVJWD
    UGVWR

    View Slide

  245. ;QWT2TQLGEVU
    NKPGOCPLUNKPGOCP
    ;'5
    ;'5
    01
    01
    UGCTNULCUOKPGTCKNU
    ;'5 01
    VGUVFQWDNGRTGUGPV
    0GGF*GNR!

    View Slide

  246. 2TQLGEVU;QW7UG
    UGCTNULCUOKPGTCKNU
    OKMGCNTGSWGUV npm %QPVCEV
    %QPVCEV
    1HHGT*GNR

    View Slide

  247. View Slide

  248. $GPGHKEKCTKGU
    VMCWHOCP
    DMGGRGTU
    npm
    npm
    4GOQXG
    4GOQXG
    +HCHVGTFC[U[QWFQPQVTGURQPFVQCEJGEMKPGOCKN[QWT
    TGRQUKVQTKGU QYPGTUJKRYKNNDGVTCPUHGTTGFVQVJGUGRGQRNG

    View Slide

  249. 61UGCTNU
    57$,'%6%JGEMKP
    *KUGCTNU

    2NGCUGXGTKH[[QW TGUVKNNCDNGVQ
    OCKPVCKP[QWTQRGPUQWTEGD[
    TGRN[KPIVQVJKUGOCKNQTENKEMKPI
    VJKUNKPM

    View Slide

  250. I like to call this app:

    View Slide

  251. I like to call this app:
    SomebodyPleaseMakeThis

    View Slide

  252. I like to call this app:
    SomebodyPleaseMakeThis.io

    View Slide

  253. What about the ☁️?

    View Slide

  254. View Slide

  255. Can any centralized
    service be open?

    View Slide

  256. I ask, because most open source
    infrastructure is centralized

    View Slide

  257. What if RubyGems disappears?

    View Slide

  258. What if npm fails and
    loses a month of backups?

    View Slide

  259. What might a decentralized
    dependency service look like?

    View Slide

  260. View Slide

  261. OH NO! GITHUB WENT DOWN!

    View Slide

  262. View Slide

  263. GOOD THING THAT'
    S ALL WE USE GITHUB FOR!

    View Slide

  264. View Slide

  265. View Slide

  266. View Slide

  267. View Slide

  268. View Slide

  269. How can we connect numerous services
    while avoiding single points of failure?

    View Slide

  270. View Slide

  271. View Slide

  272. Open Source requires adoption

    View Slide

  273. Adoption requires trust

    View Slide

  274. View Slide

  275. explicit trust

    View Slide

  276. explicit trust
    implicit trust

    View Slide

  277. How do we get people to trust us?

    View Slide

  278. Marketing!

    View Slide

  279. Consider Linus Torvalds' 1991
    announcement of Linux

    View Slide

  280. View Slide

  281. No Catchy Name!

    View Slide

  282. No Catchy Name!
    Self deprecation!

    View Slide

  283. No Catchy Name!
    Self deprecation!
    Off-message!

    View Slide

  284. Linux wouldn't have made
    the front page of Hacker News!

    View Slide

  285. View Slide

  286. Logo!

    View Slide

  287. Logo!
    Web-site stuff!

    View Slide

  288. Logo!
    Foundation Affiliation!
    Web-site stuff!

    View Slide

  289. More dependencies means
    less time to vet them

    View Slide

  290. View Slide

  291. Quick intro!

    View Slide

  292. Quick intro!
    Easy steps!

    View Slide

  293. Quick intro!
    Easy steps!
    Mostly green badges!

    View Slide

  294. It's an arms race %

    View Slide

  295. View Slide

  296. gradients!

    View Slide

  297. gradients!
    Authoritative
    Tagline!

    View Slide

  298. gradients!
    One-liner!
    Authoritative
    Tagline!

    View Slide

  299. gradients!
    1000 things!
    One-liner!
    Authoritative
    Tagline!

    View Slide

  300. Optimized for adoption

    View Slide

  301. Optimized for adoption

    View Slide

  302. Optimized for adoption

    View Slide

  303. Optimized for adoption

    View Slide

  304. Optimized for adoption

    View Slide

  305. Optimized for adoption

    View Slide

  306. Optimized for adoption

    View Slide

  307. Who's got time to vet
    transitive dependencies?

    View Slide

  308. The more people you trust, the more
    people you don't realize you trust

    View Slide

  309. Recognize when projects
    are marketing to you

    View Slide

  310. Open Security

    View Slide

  311. You can do worse than
    security through obscurity

    View Slide

  312. "Open source code is
    accessible to everyone!"

    View Slide

  313. "Open source code is
    accessible to everyone!"

    View Slide

  314. WHO READS THE SOURCE?

    View Slide

  315. WHO READS THE SOURCE?
    People who claim to

    View Slide

  316. WHO READS THE SOURCE?
    People who claim to
    People who actually do

    View Slide

  317. WHO READS THE SOURCE?
    People who fork

    View Slide

  318. WHO READS THE SOURCE?
    People who fork
    Forkers who do anything

    View Slide

  319. WHO READS THE SOURCE?
    People with Commit rights

    View Slide

  320. WHO READS THE SOURCE?
    People with Commit rights
    Committers

    View Slide

  321. WHO READS THE SOURCE?
    People that send a pull request

    View Slide

  322. WHO READS THE SOURCE?
    People that send a pull request
    Not just drive-by PRs

    View Slide

  323. WHO READS THE SOURCE?
    People hunting for exploits

    View Slide

  324. WHO READS THE SOURCE?
    People hunting for exploits

    View Slide

  325. /bin/bash

    View Slide

  326. View Slide

  327. Global variables everywhere
    extern int posixly_correct;
    extern int line_number, line_number_base;
    extern int subshell_environment, indirection_level;
    extern int build_version, patch_level;
    extern int expanding_redir;
    extern int last_command_exit_value;
    extern char *dist_version, *release_status;
    extern char *shell_name;
    extern char *primary_prompt, *secondary_prompt;
    extern char *current_host_name;
    extern sh_builtin_func_t *this_shell_builtin;
    extern SHELL_VAR *this_shell_function;
    extern char *the_printed_command_except_trap;
    extern char *this_command_name;
    extern char *command_execution_string;
    extern time_t shell_start_time;
    extern int assigning_in_environment;
    extern int executing_builtin;
    extern int funcnest_max;

    View Slide

  328. Side-effects everywhere
    static void create_variable_tables ()

    View Slide

  329. The vulnerable function
    for (string_index = 0; string = env[string_index++]; )
    {
    char_index = 0;
    name = string;
    while ((c = *string++) && c != '=')
    ;
    if (string[-1] == '=')
    char_index = string - name - 1;
    /* If there are weird things in the environment, like `=xxx' or a
    string without an `=', just skip them. */
    if (char_index == 0)
    continue;
    /* ASSERT(name[char_index] == '=') */
    name[char_index] = '\0';
    /* Now, name = env variable name, string = env variable value, and
    char_index == strlen (name) */
    temp_var = (SHELL_VAR *)NULL;
    /* If exported function, define it now. Don't import functions from
    the environment in privileged mode. */
    if (privmode == 0 && read_but_dont_execute == 0 && STREQN ("() {", string,
    4))
    {

    View Slide

  330. The vulnerable function
    for (string_index = 0; string = env[string_index++]; )
    {

    View Slide

  331. As a rubyist I don't spend a lot
    of time with for loops, but...

    View Slide

  332. The vulnerable function
    for (string_index = 0; string = env[string_index++]; )
    {

    View Slide

  333. The vulnerable function
    for (i = 0; env[i] != NULL; i++) {

    View Slide

  334. "The solution is not...proprietary
    software—the solution is to put
    energy and resources into auditing
    and improving free programs."
    - Free Software Foundation

    View Slide

  335. Who wants to audit the quality of code
    that literally everyone depends on?

    View Slide

  336. View Slide

  337. popular adoption

    View Slide

  338. popular adoption
    importance
    of audit

    View Slide

  339. popular adoption
    importance
    of audit
    motivation
    to audit

    View Slide

  340. Tragedy of the Commons:

    View Slide

  341. Tragedy of the Commons:
    It's nobody's problem until
    it's everybody's problem

    View Slide

  342. text
    text
    text
    text
    text

    View Slide

  343. Don't let your business believe
    open source is a free lunch

    View Slide

  344. View Slide

  345. View Slide

  346. THESE STICK FIGURES WERE A LIE

    View Slide

  347. How we communicate

    View Slide

  348. How we communicate

    View Slide

  349. How we communicate

    View Slide

  350. How we communicate

    View Slide

  351. How we communicate
    Asynchronous text

    View Slide

  352. We are no more than:

    View Slide

  353. We are no more than:
    an avatar

    View Slide

  354. We are no more than:
    a user @name
    an avatar

    View Slide

  355. We are no more than:
    a user @name
    an avatar
    some emoji 78

    View Slide

  356. We are no more than:
    a user @name
    an avatar
    some emoji 78
    text on a screen

    View Slide

  357. In open source, no one
    can hear you scream

    View Slide

  358. In open source, no one
    can hear you scream
    (And that's a problem.)

    View Slide

  359. View Slide

  360. UNCERTAINTY?

    View Slide

  361. AMBIGUITY?

    View Slide

  362. DISAGREEMENT?

    View Slide

  363. SIMMERING DISDAIN?

    View Slide

  364. SIMMERING DISDAIN?

    View Slide

  365. SIMMERING DISDAIN?

    View Slide

  366. SIMMERING DISDAIN?

    View Slide

  367. SIMMERING DISDAIN?

    View Slide

  368. SIMMERING DISDAIN?

    View Slide

  369. This strategy can be
    great troll repellant

    View Slide

  370. What if we could do this:

    View Slide

  371. What if we could do this:

    View Slide

  372. What if we could do this:

    View Slide

  373. What if we could do this:

    View Slide

  374. What if we could do this:

    View Slide

  375. What does the future hold?

    View Slide

  376. progress
    awfulness

    View Slide

  377. progress
    awfulness
    we are
    here

    View Slide

  378. progress
    awfulness
    we are
    here

    View Slide

  379. progress
    awfulness
    we are
    here
    what
    happens
    here?

    View Slide

  380. Extrapolating from our
    culture of dependence

    View Slide

  381. View Slide

  382. View Slide

  383. View Slide

  384. time
    high
    level
    low
    level
    Innovation '
    s

    View Slide

  385. time
    high
    level
    low
    level
    Innovation '
    s

    View Slide

  386. time
    high
    level
    low
    level
    Innovation '
    s

    View Slide

  387. time
    high
    level
    low
    level
    Innovation '
    s

    View Slide

  388. time
    high
    level
    low
    level
    Innovation '
    s

    View Slide

  389. time
    high
    level
    low
    level
    Innovation '
    s

    View Slide

  390. time
    high
    level
    low
    level
    Today'
    s
    dependency
    "culture"
    Innovation '
    s

    View Slide

  391. time
    high
    level
    low
    level
    Today'
    s
    dependency
    "culture"
    Innovation '
    s

    View Slide

  392. time
    high
    level
    low
    level
    Today'
    s
    dependency
    "culture"
    How will it
    translate?
    Innovation '
    s

    View Slide

  393. Systems programmers tend
    to be conservative, cautious

    View Slide

  394. View Slide

  395. Isolated from
    innovation

    View Slide

  396. Isolated from
    innovation
    curmudgeonly
    disposition

    View Slide

  397. curmudgeonly
    disposition
    Accidental
    cautiousness

    View Slide

  398. Accidental
    cautiousness
    Intentional
    cautiousness

    View Slide

  399. Embedded & real-time failures
    may have grave consequences

    View Slide

  400. high
    level
    low
    level

    View Slide

  401. high
    level
    low
    level
    HealthCare.gov

    View Slide

  402. high
    level
    low
    level
    HealthCare.gov

    View Slide

  403. high
    level
    low
    level
    HealthCare.gov

    View Slide

  404. Adopting a dependency outsources our
    understanding of how to do something

    View Slide

  405. Dependency
    Our app

    View Slide

  406. Dependency
    Our app

    View Slide

  407. Dependency
    Our app
    Understanding debt

    View Slide

  408. "Understanding debt" can
    be paid down by iterating

    View Slide

  409. If iterative releases aren't possible,
    don't outsource understanding

    View Slide

  410. high level low level

    View Slide

  411. high level low level

    View Slide

  412. high level low level

    View Slide

  413. high level low level
    5-years

    View Slide

  414. high level low level
    5-years 30-years

    View Slide

  415. high level low level
    5-years 30-years

    View Slide

  416. high level low level
    5-years 30-years

    View Slide

  417. high level low level
    5-years 30-years

    View Slide

  418. high level low level
    5-years 30-years

    View Slide

  419. high level low level
    5-years 30-years

    View Slide

  420. high level low level
    5-years 30-years

    View Slide

  421. easy to
    iterate
    high level low level
    5-years 30-years

    View Slide

  422. easy to
    iterate
    high level low level
    5-years 30-years
    hard to
    iterate

    View Slide

  423. These concerns require deeper up-front
    understanding of low-level systems

    View Slide

  424. DEPTH OF UNDERSTANDING
    High level
    web app
    Low level
    plane control

    View Slide

  425. DEPTH OF UNDERSTANDING
    High level
    web app
    Low level
    plane control

    View Slide

  426. DEPTH OF UNDERSTANDING
    High level
    web app
    Low level
    plane control

    View Slide

  427. DEPTH OF UNDERSTANDING
    High level
    web app
    Low level
    plane control
    Needs to know
    how browsers
    work

    View Slide

  428. DEPTH OF UNDERSTANDING
    High level
    web app
    Low level
    plane control
    Needs to know
    how browsers
    work
    Needs to know
    how planes
    work

    View Slide

  429. DEPTH OF UNDERSTANDING
    High level
    web app
    Low level
    plane control
    Needs to know
    how browsers
    work
    Needs to know
    how planes
    work

    View Slide

  430. DEPTH OF UNDERSTANDING
    High level
    web app
    Low level
    plane control
    Needs to know
    how browsers
    work
    Needs to know
    how planes
    work

    View Slide

  431. DEPTH OF UNDERSTANDING
    High level
    web app
    Low level
    plane control
    Needs to know
    how browsers
    work
    Needs to know
    how planes
    work
    ⚠️

    View Slide

  432. DEPTH OF UNDERSTANDING
    High level
    web app
    Low level
    plane control
    Needs to know
    how browsers
    work
    Needs to know
    how planes
    work

    View Slide

  433. "Modern" tooling is a product of
    high-level web development

    View Slide

  434. time
    Innovation '
    s
    high
    level
    low
    level

    View Slide

  435. time
    Today'
    s
    perspective
    Innovation '
    s
    high
    level
    low
    level

    View Slide

  436. time
    Today'
    s
    perspective
    Innovation '
    s
    high
    level
    low
    level

    View Slide

  437. time
    Innovation '
    s
    high
    level
    low
    level

    View Slide

  438. time
    Innovation '
    s
    New, broader
    perspective
    high
    level
    low
    level

    View Slide

  439. Systems innovations may reciprocate
    some cautiousness & understanding

    View Slide

  440. View Slide

  441. Open Source can be better!

    View Slide

  442. !:;

    View Slide

  443. !<=

    View Slide

  444. %>

    View Slide

  445. %>
    %?

    View Slide

  446. %>
    %? %4

    View Slide

  447. %>
    %? %4
    @A

    View Slide

  448. &'(

    View Slide

  449. &'(
    &'

    View Slide

  450. &'(
    &'
    &'

    View Slide

  451. My name is Justin Searls
    Please tweet me @searls &
    Say [email protected]

    View Slide

  452. Please say hello if your team
    could use our team's help B

    View Slide

  453. Like everyone, we're hiring!
    Just [email protected]

    View Slide

  454. Find me during a break to chat
    or to grab a sticker!

    View Slide

  455. My name is Justin Searls
    Please tweet me @searls &
    Say [email protected]

    View Slide

  456. Attribution:
    Lock designed by Sam Smith from the thenounproject.com
    Shower Curtain designed by Rohan Gupta from the thenounproject.com
    Campfire designed by VALÈRE DAYAN from the thenounproject.com
    Stand designed by Evan Travelstead from the thenounproject.com
    Shopping Cart designed by Renee Ramsey-Passmore from the thenounproject.com
    Milk designed by Jeff Seevers from the thenounproject.com
    Milk designed by NAS from the thenounproject.com
    Breakfast designed by Konrad Michalik from the thenounproject.com
    Tablet designed by Pham Thi Dieu Linh from the thenounproject.com
    Can designed by Blaise Sewell from the thenounproject.com
    Door designed by Olaus Linn from the thenounproject.com
    Door designed by Sebastian Langer from the thenounproject.com
    Box designed by David Waschbüsch from the thenounproject.com
    Tomato designed by Nana Faisal from the thenounproject.com
    Keyboard designed by misirlou from the thenounproject.com
    Computer designed by Edward Boatman from the thenounproject.com
    Hammer designed by John Caserta from the thenounproject.com
    Star designed by Edward Boatman from the thenounproject.com
    Puzzle Piece designed by Roberto Chiaveri from the thenounproject.com
    Mail designed by Anas Ramadan from the thenounproject.com
    Text designed by Christopher Holm-Hansen from the thenounproject.com
    Phone designed by Tom Walsh from the thenounproject.com
    Video designed by useiconic.com from the thenounproject.com
    Cocktail designed by Okan Benn from the thenounproject.com
    Laptop designed by Olivier Guin from the thenounproject.com
    Laptop designed by Michael Loupos from the thenounproject.com
    Airplane designed by Andrew Fortnum from the thenounproject.com
    Coupon designed by Scott Lewis from the thenounproject.com
    Database designed by Shmidt Sergey from the thenounproject.com
    Microchip designed by Martin Vanco from the thenounproject.com
    Speedometer designed by Olly Banham from the thenounproject.com

    View Slide