The Social Coding Contract

Transcript

1. THE SOCIAL CODING CONTRACT

2. My name is Justin Searls
   Please tweet me @searls &
   

   Say hello@testdouble.com

3. Open Source is Good!

4. !❤️!

5. $%

6. &'(

7. is Open Source Good?

8. !)

9. %⏰+

10. ,'(

11. -

12. - . -- -

13. - . -- - / .

14. - . -- - / . . 0

15. - . -- - / . . 0 . 1

16. - . -- - / . . 0 . 2

    . 1

17. - . -- - / . . 0 . 2

    . 1 ✅

18. - . -- - / . . 0 . 2

    . 1 ✅
19. None
20. None
21. None
22. None
23. None

24. ideology, n. \ ˌˌ i-dē- ˈ ä-lƧ-jē\

25. ideology, n. \ ˌˌ i-dē- ˈ ä-lƧ-jē\ "They do not

    know it, but they are doing it"

26. ideology, n. \ ˌˌ i-dē- ˈ ä-lƧ-jē\ "They do not

    know it, but they are doing it" - Karl Marx

27. Open source fans are a bunch of hippies so I

    figured I'd start with a Marx quote
28. None

29. philosophy

30. economics philosophy

31. economics philosophy

32. The march of progress & our false consciousness

33. IN THE BEGINNING

34. SPECIALIZATION

35. SPECIALIZATION veggies

36. SPECIALIZATION veggies meats

37. SPECIALIZATION veggies meats games

38. INDUSTRIALIZATION

39. INDUSTRIALIZATION

40. INDUSTRIALIZATION

41. INDUSTRIALIZATION

42. INTERNETIFICATION 1-Click

43. BIG DATAFICATION

44. BIG DATAFICATION ???

45. Unintended Consequences

46. None

47. FOR, LIKE, AT LEAST A MONTH

48. progress awfulness

49. progress awfulness

50. progress awfulness

51. None

52. progress awfulness

53. progress awfulness

54. None
55. None

56. Open Source's Progress

57. .h & .c files

58. None
59. None
60. None
61. None

62. veggies Makefile

63. None
64. None

65. jar file

66. None
67. None
68. None

69. 1-Click Gemfile

70. None
71. None
72. None
73. None

74. package.json

75. None
76. None
77. None
78. None
79. None

80. 50ft

81. 50ft 100ft

82. 50ft 100ft windows max file path limit

83. short-term progress

84. short-term progress for the low, low price of

85. short-term progress for the low, low price of long-term fragility

86. None

87. Build a small, but non-trivial, Rails app. An empty app

    has ~50 gem dependencies; yours will have 75-100. Go away for six months. Come back and update all of your dependencies. Your app no longer works.

88. It's easy to start a Jekyll blog, though. Easy to

    install sass. Easy to generate a Rails app. Always easy right now, never in a year.
89. None

90. What we think our app is

91. What our app really is

92. easy, but not simple

93. We say "it's a Rails app"

94. We never say "and Rails depends on thor >= 0.18.1,

    < 2.0"

95. We never say "and Rails depends on thor >= 0.18.1,

    < 2.0" We don't even notice that!

96. Bundler could not find compatible versions for gem "thor": In

    Gemfile: ajax-cat (= 2.1.0) ruby depends on thor (~> 0.15.2) ruby rails (= 4.1.4) ruby depends on railties (= 4.1.4) ruby depends on thor (0.18.1) Even though 272 gems can no longer be installed!

97. What if Bundler told us more? ... Using unicorn 4.8.3

    Using zurb-foundation 4.3.2 Your bundle is complete! Use `bundle show [gemname]` to see where a bundled gem is installed.

98. What if Bundler told us more? ... Using unicorn 4.8.3

    Using zurb-foundation 4.3.2 Your bundle is complete! Use `bundle show [gemname]` to see where a bundled gem is installed. Your bundle has 10 direct dependencies and 43 transitive dependencies.

99. What if Bundler told us more? ... Using unicorn 4.8.3

    Using zurb-foundation 4.3.2 Your bundle is complete! Use `bundle show [gemname]` to see where a bundled gem is installed. Your bundle has 10 direct dependencies and 43 transitive dependencies. Your gems' version specifiers preclude the installation of 1300 gems.

100. What if Bundler told us more? ... Using unicorn 4.8.3

     Using zurb-foundation 4.3.2 Your bundle is complete! Use `bundle show [gemname]` to see where a bundled gem is installed. Your bundle has 10 direct dependencies and 43 transitive dependencies. Your gems' version specifiers preclude the installation of 1300 gems. `bundle update` would be unable to update 5 gems to the latest version.
101. None
102. None

103. C

104. C B

105. C B A

106. C B A

107. C B A

108. C B A

109. C B A ???

110. C B A ???4?

111. C B A ???4?5?

112. C B A

113. C B A

114. C B A

115. C B A

116. C B A

117. One day, every new install started failing

118. B A C

119. B A C 4

120. myAC B A 4

121. myAC B A D 4

122. myAC B A D

123. Video of me that weekend

124. None
125. None

126. need

127. convenience need

128. convenience need complexity

129. convenience need complexity risk

130. convenience need complexity risk mystery

131. As painful as Makefiles are, they still work 30 years

     later
132. None
133. None

134. Open Source Maintainers are not Rockstars

135. Maintainers are just extra-early adopters

136. MAINTAINER EARLY ADOPTER

137. MAINTAINER EARLY ADOPTER soap for ruby

138. MAINTAINER EARLY ADOPTER soap for ruby No results found

139. MAINTAINER EARLY ADOPTER

140. MAINTAINER EARLY ADOPTER

141. MAINTAINER EARLY ADOPTER

142. MAINTAINER EARLY ADOPTER soap for ruby

143. MAINTAINER EARLY ADOPTER soap for ruby 1. soapy-ruby gem

144. MAINTAINER EARLY ADOPTER

145. MAINTAINER EARLY ADOPTER

146. MAINTAINER EARLY ADOPTER

147. MAINTAINER EARLY ADOPTER

148. MAINTAINER EARLY ADOPTER

149. MAINTAINER EARLY ADOPTER

150. SCRATCHING AN ITCH

151. SCRATCHING AN ITCH

152. SCRATCHING AN ITCH

153. SCRATCHING AN ITCH

154. SCRATCHING AN ITCH

155. SCRATCHING AN ITCH

156. SCRATCHING AN ITCH

157. MAINTAINER EARLY ADOPTER

158. MAINTAINER hey, let's own this together! EARLY ADOPTER

159. MAINTAINER hey, let's own this together! EARLY ADOPTER wow, me?

     let's do this!

160. MAINTAINER EARLY ADOPTER

161. MAINTAINER hey, let's make you a committer! EARLY ADOPTER

162. MAINTAINER hey, let's make you a committer! EARLY ADOPTER awesome,

     i will help sometimes!

163. MAINTAINER EARLY ADOPTER

164. MAINTAINER hey, let's never communicate again! EARLY ADOPTER

165. MAINTAINER hey, let's never communicate again! EARLY ADOPTER sounds good,

     bye forever!

166. MAINTAINER hey, let's never communicate again! EARLY ADOPTER

167. Why don't maintainers just share control?

168. time happiness

169. time happiness

170. time happiness

171. time happiness

172. time happiness

173. Late adopters will disabuse them of this happiness

174. MAINTAINER LATE ADOPTER

175. MAINTAINER LATE ADOPTER 0 commits this week

176. MAINTAINER LATE ADOPTER 0 commits this week

177. MAINTAINER LATE ADOPTER 0 commits this week

178. MAINTAINER LATE ADOPTER 0 commits this week

179. MAINTAINER LATE ADOPTER 0 commits this week

180. MAINTAINER LATE ADOPTER 0 commits this week

181. MAINTAINER no recent commits? sounds stable! LATE ADOPTER 0 commits

     this week

182. MAINTAINER LATE ADOPTER 800 stars? sounds safe! 0 commits this

     week

183. MAINTAINER LATE ADOPTER open source? sounds free! 0 commits this

     week

184. maintainer' s needs

185. maintainer & early adopters' needs

186. None

187. user needs

188. user needs a negotiation

189. Literally, like, two days later

190. MAINTAINER LATE ADOPTER

191. MAINTAINER LATE ADOPTER

192. MAINTAINER what?! it doesn't [enterprise] my [enterprise] at all! LATE

     ADOPTER

193. MAINTAINER LATE ADOPTER how could they ignore such an important

     use case?!
194. None
195. None
196. None
197. None
198. None
199. None
200. None
201. None
202. None

203. time happiness

204. time happiness

205. time happiness

206. Late adopters expect more niche features than early adopters

207. Late adopters make better customers than users

208. Late adopters make better customers than users

209. Late adopters make better customers than users Dual-license

210. Late adopters make better customers than users Dual-license "Pro™" features

211. Late adopters make better customers than users Dual-license "Pro™" features

     Paid support

212. Late adopters make better customers than users Dual-license "Pro™" features

     Paid support ¯\_(π)_/¯

213. Maintainers should feel free to say "No"

214. None

215. MAINTAINER TROLLS

216. [HATE] MAINTAINER TROLLS

217. plz stahp [HATE] MAINTAINER TROLLS

218. plz stahp [THREATS] MAINTAINER TROLLS

219. woah! not cool! [THREATS] MAINTAINER TROLLS

220. woah! not cool! [REDACTED] MAINTAINER TROLLS

221. (›°□°ʣ›ớ ᵲᴸᵲ [REDACTED] MAINTAINER TROLLS

222. None
223. None
224. None

225. ASYMMETRIC POWER maintainer users

226. ASYMMETRIC POWER maintainer users

227. ASYMMETRIC POWER maintainer users

228. ASYMMETRIC POWER maintainer users

229. ASYMMETRIC POWER maintainer users

230. ASYMMETRIC POWER maintainer users

231. None

232. time happiness

233. time happiness

234. MAINTAINER ANYBODY

235. MAINTAINER i'm burnt out can someone help me maintain this?

     ANYBODY

236. hello? MAINTAINER ANYBODY

237. anybody? MAINTAINER ANYBODY

238. time happiness

239. time happiness

240. No Maintainer is Forever

241. None

242. <_why disappears>

243. What if there were an app for this?

244. PRO %QPPGEVVQ5GTXKEGU 4WD[)GOU )KVJWD UGVWR

245. ;QWT2TQLGEVU NKPGOCPLUNKPGOCP ;'5 ;'5 01 01 UGCTNULCUOKPGTCKNU ;'5 01 VGUVFQWDNGRTGUGPV

     0GGF*GNR!

246. 2TQLGEVU;QW7UG UGCTNULCUOKPGTCKNU OKMGCNTGSWGUV npm %QPVCEV %QPVCEV 1HHGT*GNR

247. None

248. $GPGHKEKCTKGU VMCWHOCP DMGGRGTU npm npm 4GOQXG 4GOQXG +HCHVGTFC[U[QWFQPQVTGURQPFVQCEJGEMKPGOCKN[QWT TGRQUKVQTKGU QYPGTUJKRYKNNDGVTCPUHGTTGFVQVJGUGRGQRNG

249. 61UGCTNU 57$,'%6%JGEMKP *KUGCTNU  2NGCUGXGTKH[[QW TGUVKNNCDNGVQ OCKPVCKP[QWTQRGPUQWTEGD[ TGRN[KPIVQVJKUGOCKNQTENKEMKPI VJKUNKPM

250. I like to call this app:

251. I like to call this app: SomebodyPleaseMakeThis

252. I like to call this app: SomebodyPleaseMakeThis.io

253. What about the ☁️?

254. None

255. Can any centralized service be open?

256. I ask, because most open source infrastructure is centralized

257. What if RubyGems disappears?

258. What if npm fails and loses a month of backups?

259. What might a decentralized dependency service look like?

260. None

261. OH NO! GITHUB WENT DOWN!

262. None

263. GOOD THING THAT' S ALL WE USE GITHUB FOR!

264. None
265. None
266. None
267. None
268. None

269. How can we connect numerous services while avoiding single points

     of failure?
270. None
271. None

272. Open Source requires adoption

273. Adoption requires trust

274. None

275. explicit trust

276. explicit trust implicit trust

277. How do we get people to trust us?

278. Marketing!

279. Consider Linus Torvalds' 1991 announcement of Linux

280. None

281. No Catchy Name!

282. No Catchy Name! Self deprecation!

283. No Catchy Name! Self deprecation! Off-message!

284. Linux wouldn't have made the front page of Hacker News!

285. None

286. Logo!

287. Logo! Web-site stuff!

288. Logo! Foundation Affiliation! Web-site stuff!

289. More dependencies means less time to vet them

290. None

291. Quick intro!

292. Quick intro! Easy steps!

293. Quick intro! Easy steps! Mostly green badges!

294. It's an arms race %

295. None

296. gradients!

297. gradients! Authoritative Tagline!

298. gradients! One-liner! Authoritative Tagline!

299. gradients! 1000 things! One-liner! Authoritative Tagline!

300. Optimized for adoption

301. Optimized for adoption

302. Optimized for adoption

303. Optimized for adoption

304. Optimized for adoption

305. Optimized for adoption

306. Optimized for adoption

307. Who's got time to vet transitive dependencies?

308. The more people you trust, the more people you don't

     realize you trust

309. Recognize when projects are marketing to you

310. Open Security

311. You can do worse than security through obscurity

312. "Open source code is accessible to everyone!"

313. "Open source code is accessible to everyone!"

314. WHO READS THE SOURCE?

315. WHO READS THE SOURCE? People who claim to

316. WHO READS THE SOURCE? People who claim to People who

     actually do

317. WHO READS THE SOURCE? People who fork

318. WHO READS THE SOURCE? People who fork Forkers who do

     anything

319. WHO READS THE SOURCE? People with Commit rights

320. WHO READS THE SOURCE? People with Commit rights Committers

321. WHO READS THE SOURCE? People that send a pull request

322. WHO READS THE SOURCE? People that send a pull request

     Not just drive-by PRs

323. WHO READS THE SOURCE? People hunting for exploits

324. WHO READS THE SOURCE? People hunting for exploits

325. /bin/bash

326. None

327. Global variables everywhere extern int posixly_correct; extern int line_number, line_number_base;

     extern int subshell_environment, indirection_level; extern int build_version, patch_level; extern int expanding_redir; extern int last_command_exit_value; extern char *dist_version, *release_status; extern char *shell_name; extern char *primary_prompt, *secondary_prompt; extern char *current_host_name; extern sh_builtin_func_t *this_shell_builtin; extern SHELL_VAR *this_shell_function; extern char *the_printed_command_except_trap; extern char *this_command_name; extern char *command_execution_string; extern time_t shell_start_time; extern int assigning_in_environment; extern int executing_builtin; extern int funcnest_max;

328. Side-effects everywhere static void create_variable_tables ()

329. The vulnerable function for (string_index = 0; string = env[string_index++];

     ) { char_index = 0; name = string; while ((c = *string++) && c != '=') ; if (string[-1] == '=') char_index = string - name - 1; /* If there are weird things in the environment, like `=xxx' or a string without an `=', just skip them. */ if (char_index == 0) continue; /* ASSERT(name[char_index] == '=') */ name[char_index] = '\0'; /* Now, name = env variable name, string = env variable value, and char_index == strlen (name) */ temp_var = (SHELL_VAR *)NULL; /* If exported function, define it now. Don't import functions from the environment in privileged mode. */ if (privmode == 0 && read_but_dont_execute == 0 && STREQN ("() {", string, 4)) {

330. The vulnerable function for (string_index = 0; string = env[string_index++];

     ) {

331. As a rubyist I don't spend a lot of time

     with for loops, but...

332. The vulnerable function for (string_index = 0; string = env[string_index++];

     ) {

333. The vulnerable function for (i = 0; env[i] != NULL;

     i++) {

334. "The solution is not...proprietary software—the solution is to put energy

     and resources into auditing and improving free programs." - Free Software Foundation

335. Who wants to audit the quality of code that literally

     everyone depends on?
336. None

337. popular adoption

338. popular adoption importance of audit

339. popular adoption importance of audit motivation to audit

340. Tragedy of the Commons:

341. Tragedy of the Commons: It's nobody's problem until it's everybody's

     problem

342. text text text text text

343. Don't let your business believe open source is a free

     lunch
344. None
345. None

346. THESE STICK FIGURES WERE A LIE

347. How we communicate

348. How we communicate

349. How we communicate

350. How we communicate

351. How we communicate Asynchronous text

352. We are no more than:

353. We are no more than: an avatar

354. We are no more than: a user @name an avatar

355. We are no more than: a user @name an avatar

     some emoji 78

356. We are no more than: a user @name an avatar

     some emoji 78 text on a screen

357. In open source, no one can hear you scream

358. In open source, no one can hear you scream (And

     that's a problem.)
359. None

360. UNCERTAINTY?

361. AMBIGUITY?

362. DISAGREEMENT?

363. SIMMERING DISDAIN?

364. SIMMERING DISDAIN?

365. SIMMERING DISDAIN?

366. SIMMERING DISDAIN?

367. SIMMERING DISDAIN?

368. SIMMERING DISDAIN?

369. This strategy can be great troll repellant

370. What if we could do this:

371. What if we could do this:

372. What if we could do this:

373. What if we could do this:

374. What if we could do this:

375. What does the future hold?

376. progress awfulness

377. progress awfulness we are here

378. progress awfulness we are here

379. progress awfulness we are here what happens here?

380. Extrapolating from our culture of dependence

381. None
382. None
383. None

384. time high level low level Innovation ' s

385. time high level low level Innovation ' s

386. time high level low level Innovation ' s

387. time high level low level Innovation ' s

388. time high level low level Innovation ' s

389. time high level low level Innovation ' s

390. time high level low level Today' s dependency "culture" Innovation

     ' s

391. time high level low level Today' s dependency "culture" Innovation

     ' s

392. time high level low level Today' s dependency "culture" How

     will it translate? Innovation ' s

393. Systems programmers tend to be conservative, cautious

394. None

395. Isolated from innovation

396. Isolated from innovation curmudgeonly disposition

397. curmudgeonly disposition Accidental cautiousness

398. Accidental cautiousness Intentional cautiousness

399. Embedded & real-time failures may have grave consequences

400. high level low level

401. high level low level HealthCare.gov

402. high level low level HealthCare.gov

403. high level low level HealthCare.gov

404. Adopting a dependency outsources our understanding of how to do

     something

405. Dependency Our app

406. Dependency Our app

407. Dependency Our app Understanding debt

408. "Understanding debt" can be paid down by iterating

409. If iterative releases aren't possible, don't outsource understanding

410. high level low level

411. high level low level

412. high level low level

413. high level low level 5-years

414. high level low level 5-years 30-years

415. high level low level 5-years 30-years

416. high level low level 5-years 30-years

417. high level low level 5-years 30-years

418. high level low level 5-years 30-years

419. high level low level 5-years 30-years

420. high level low level 5-years 30-years

421. easy to iterate high level low level 5-years 30-years

422. easy to iterate high level low level 5-years 30-years hard

     to iterate

423. These concerns require deeper up-front understanding of low-level systems

424. DEPTH OF UNDERSTANDING High level web app Low level plane

     control

425. DEPTH OF UNDERSTANDING High level web app Low level plane

     control

426. DEPTH OF UNDERSTANDING High level web app Low level plane

     control

427. DEPTH OF UNDERSTANDING High level web app Low level plane

     control Needs to know how browsers work

428. DEPTH OF UNDERSTANDING High level web app Low level plane

     control Needs to know how browsers work Needs to know how planes work

429. DEPTH OF UNDERSTANDING High level web app Low level plane

     control Needs to know how browsers work Needs to know how planes work

430. DEPTH OF UNDERSTANDING High level web app Low level plane

     control Needs to know how browsers work Needs to know how planes work

431. DEPTH OF UNDERSTANDING High level web app Low level plane

     control Needs to know how browsers work Needs to know how planes work ⚠️

432. DEPTH OF UNDERSTANDING High level web app Low level plane

     control Needs to know how browsers work Needs to know how planes work

433. "Modern" tooling is a product of high-level web development

434. time Innovation ' s high level low level

435. time Today' s perspective Innovation ' s high level low

     level

436. time Today' s perspective Innovation ' s high level low

     level

437. time Innovation ' s high level low level

438. time Innovation ' s New, broader perspective high level low

     level

439. Systems innovations may reciprocate some cautiousness & understanding

440. None

441. Open Source can be better!

442. !:;

443. !<=

444. %>

445. %> %?

446. %> %? %4

447. %> %? %4 @A

448. &'(

449. &'( &'

450. &'( &' &'

451. My name is Justin Searls
     Please tweet me @searls &
     

     Say hello@testdouble.com

452. Please say hello if your team could use our team's

     help B

453. Like everyone, we're hiring!
     Just join@testdouble.com

454. Find me during a break to chat or to grab

     a sticker!

455. My name is Justin Searls
     Please tweet me @searls &
     

     Say hello@testdouble.com

456. Attribution: Lock designed by Sam Smith from the thenounproject.com Shower

     Curtain designed by Rohan Gupta from the thenounproject.com Campfire designed by VALÈRE DAYAN from the thenounproject.com Stand designed by Evan Travelstead from the thenounproject.com Shopping Cart designed by Renee Ramsey-Passmore from the thenounproject.com Milk designed by Jeff Seevers from the thenounproject.com Milk designed by NAS from the thenounproject.com Breakfast designed by Konrad Michalik from the thenounproject.com Tablet designed by Pham Thi Dieu Linh from the thenounproject.com Can designed by Blaise Sewell from the thenounproject.com Door designed by Olaus Linn from the thenounproject.com Door designed by Sebastian Langer from the thenounproject.com Box designed by David Waschbüsch from the thenounproject.com Tomato designed by Nana Faisal from the thenounproject.com Keyboard designed by misirlou from the thenounproject.com Computer designed by Edward Boatman from the thenounproject.com Hammer designed by John Caserta from the thenounproject.com Star designed by Edward Boatman from the thenounproject.com Puzzle Piece designed by Roberto Chiaveri from the thenounproject.com Mail designed by Anas Ramadan from the thenounproject.com Text designed by Christopher Holm-Hansen from the thenounproject.com Phone designed by Tom Walsh from the thenounproject.com Video designed by useiconic.com from the thenounproject.com Cocktail designed by Okan Benn from the thenounproject.com Laptop designed by Olivier Guin from the thenounproject.com Laptop designed by Michael Loupos from the thenounproject.com Airplane designed by Andrew Fortnum from the thenounproject.com Coupon designed by Scott Lewis from the thenounproject.com Database designed by Shmidt Sergey from the thenounproject.com Microchip designed by Martin Vanco from the thenounproject.com Speedometer designed by Olly Banham from the thenounproject.com