GitHub's new tools to monetize open source
For years, it seems like GitHub wasn't in a good place. It hadn't shipped anything meaningful to appease the frustrated developers using its platform, but more frustratingly, was incredibly quiet and opaque for a company that operated the world's largest open source hosting tool.
When Microsoft came along and acquired GitHub in 2018, there was a mixture of surprise, worry and excitement from the community, but most an open question: could the old-school computer giant revive the company? At an event for developers yesterday, the company sought to do just that: it unveiled a slew of features for collaboration, monetization and the enterprise.
What stole the show is a new tool called Sponsors that helps developers take money directly from the people who use and value their work. It's an idea that's been attempted in the past by third-party platforms, but never sanctioned nor encouraged by anyone with the scale and reach to make it simple, with GitHub, npm and others largely remaining silent on the issue.
That not only allows them to potentially focus their efforts on building the tool, it also may be a watershed moment for the industry, allowing developers to make open source a full-time job, rather than the situations we see today, where incredibly popular libraries like React are maintained by full-time Facebook employees.
Unfortunately, monetizing open source work is a controversial topic.
The community loves to deride asking for money in exchange for 'open' work, arguing that it fundamentally undermines the point and devalues the work. What they don't like discussing, however, is that doing work for free on spare time is a privilege that few can afford—and that's reflected by how homogenous the wider community of contributors really is. In other words, it's a form of gatekeeping that self-perpetuates.
I wrote a piece for Stripe's Increment magazine earlier this year that was published just yesterday, which is funny timing, which argues that encouraging contributions and a culture of not expecting to build billion-dollar businesses on top of open source, is healthy:
Free software might not come with a price tag, but the hidden costs add up. If we can’t change the culture around open source, something’s going to break. The combination of open source and package managers we use today is still relatively new, but this system simply can’t continue to rely on the generosity of a few privileged folks. We readily discuss the ethics of unpaid internships, so why don’t we talk about those pouring hundreds of hours of unpaid labor into the code we rely on?
There are problems with monetizing open-source projects, which commentators have raised vocally already. One scenario I've seen shown repeatedly is a user of a library contributing to the developer might demand support "because they've paid them"—a perfectly likely scenario, but one that could easily be circumvented by simply having a policy about such things.
If anything, I see monetization of open source as a powerful first step toward requiring technology juggernauts to pay the creators of the free tools they rely on to build their platforms. Open source has been a boon for startups, making it easier than ever to build a product like Facebook by just wiring up a bunch of free packages, rather than laboriously doing it yourself.
But, what happens when one of those free bits of code is compromised? As we've seen in the past, in the case of Eventstream, there's little to fall back on outside of the kindness of a bunch of internet strangers who have the time to invest in it. If that library offered a paid support tier in exchange for contribution, perhaps the developer wouldn't have grown tired of maintaining it.
GitHub's new tools are an important step on this journey, and one that probably won't have obvious effects immediately. By building contribution into the tools we use every day, however, I'd argue that we build a more sustainable internet infrastructure for the long haul, and help take care of the people behind the projects as well.
P.S - for more reading about the features GitHub announced yesterday, I wrote a longer set of thoughts here, and think it's exciting to see the company shipping again!
Snapchat employees spied on users for years with powerful tools
Young are bad at securing their tools, assuming employees will use them with only the best of intentions... and Snap is the latest to have a scandal around its 'god' mode app called "SnapLion." Similar to the Uber tool that was abused to spy on unsuspecting users previously, SnapLion allowed early employees to access a wealth of user data without any sort of consequence.
Administrative tools like this are common, and more often than not, they don't get the development attention they should initially, in pursuit of focusing on user-facing tools. Almost always, as the company grows they realize the need to add logging or role-based access, but by then it's likely the tool has been misused for years, as we've seen repeatedly in the past.
Rotten Tomatoes will start verifying ticket purchases for reviews
After repeated problems with fans targeting movies with 'brigading' tactics, voicing discontent about films they might not have seen because the hive mind is annoyed in some manner, Rotten Tomatoes has a solution: proving you actually went to the movie already.