1 00:00:00,420 --> 00:00:05,910 [Music] 2 00:00:10,480 --> 00:00:14,400 We all doing well. 3 00:00:12,880 --> 00:00:17,520 Louder. 4 00:00:14,400 --> 00:00:19,520 Wow, that was awesome. I'm very excited 5 00:00:17,520 --> 00:00:21,680 to introduce our first speaker here, 6 00:00:19,520 --> 00:00:23,760 Justin Warren. He works for or runs, 7 00:00:21,680 --> 00:00:25,760 sorry, Pivot 9 and has more than 20 8 00:00:23,760 --> 00:00:27,680 years of experience in the open-source 9 00:00:25,760 --> 00:00:29,679 space. Does everybody here like open 10 00:00:27,680 --> 00:00:32,160 source? Do you want to see it? Keep 11 00:00:29,679 --> 00:00:35,090 going. And please give a very big round 12 00:00:32,160 --> 00:00:37,520 of applause for Justin Warren. 13 00:00:35,090 --> 00:00:38,800 [Applause] 14 00:00:37,520 --> 00:00:40,719 Thank you very much for that kind 15 00:00:38,800 --> 00:00:42,079 introduction. Hello everyone. I know 16 00:00:40,719 --> 00:00:44,559 we're after lunch so I'm going to try to 17 00:00:42,079 --> 00:00:45,920 g you up so we're not too tired. And how 18 00:00:44,559 --> 00:00:49,280 how many people carbloded over 19 00:00:45,920 --> 00:00:51,520 lunchtime? Yeah. Okay. Nap time in 20 20 00:00:49,280 --> 00:00:53,920 minutes maybe. Uh I'm going to try to 21 00:00:51,520 --> 00:00:55,760 hoover through this thing really kind of 22 00:00:53,920 --> 00:00:57,120 a bit quicker than normal. Uh because I 23 00:00:55,760 --> 00:00:59,600 really want to get to some questions if 24 00:00:57,120 --> 00:01:02,719 we can. Uh hoping we can do questions at 25 00:00:59,600 --> 00:01:04,239 the end. So let's let's go. Um this is 26 00:01:02,719 --> 00:01:05,920 me. I'm the principal consultant at 27 00:01:04,239 --> 00:01:08,400 Pivot 9, but you already heard that. We 28 00:01:05,920 --> 00:01:10,479 don't need to look at my face. 29 00:01:08,400 --> 00:01:14,000 Where to begin? Sustaining open source 30 00:01:10,479 --> 00:01:16,560 software. It's a big topic. Uh so I am 31 00:01:14,000 --> 00:01:18,159 not going to go through all the details. 32 00:01:16,560 --> 00:01:19,759 I'm going to summarize and gloss over 33 00:01:18,159 --> 00:01:21,280 things. I'm going to skip a lot of the 34 00:01:19,759 --> 00:01:22,880 nuances and so on. If you want to come 35 00:01:21,280 --> 00:01:26,000 and argue with me about nuance, more 36 00:01:22,880 --> 00:01:27,439 than happy to buy me a drink first. 37 00:01:26,000 --> 00:01:29,759 Four things I want you to get out of 38 00:01:27,439 --> 00:01:33,119 this talk. I want you to understand that 39 00:01:29,759 --> 00:01:35,280 maintenance matters more than creation. 40 00:01:33,119 --> 00:01:37,759 That ecosystems matter more than 41 00:01:35,280 --> 00:01:40,000 artifacts. That systems are more 42 00:01:37,759 --> 00:01:42,479 powerful than individuals. And finally, 43 00:01:40,000 --> 00:01:45,360 that humans matter more than computers. 44 00:01:42,479 --> 00:01:47,119 And summing up all of that idea is this 45 00:01:45,360 --> 00:01:48,720 concept that I love to promote, which is 46 00:01:47,119 --> 00:01:52,799 that the purpose of a system is what it 47 00:01:48,720 --> 00:01:55,759 does. Yes, you can buy the t-shirt. 48 00:01:52,799 --> 00:01:58,399 So, how did we get into this position? I 49 00:01:55,759 --> 00:02:00,079 would argue that this is the problem. 50 00:01:58,399 --> 00:02:01,759 This is what everyone is complaining 51 00:02:00,079 --> 00:02:03,840 about. Yes, this is an 52 00:02:01,759 --> 00:02:05,520 oversimplification, but broadly people 53 00:02:03,840 --> 00:02:07,759 are grumpy about where all the profits 54 00:02:05,520 --> 00:02:09,679 are going from what we call loosely free 55 00:02:07,759 --> 00:02:11,599 and open source software. It's not 56 00:02:09,679 --> 00:02:13,440 really going to the maintainers and we 57 00:02:11,599 --> 00:02:15,280 need to talk about why that happened 58 00:02:13,440 --> 00:02:17,440 before we can start to diagnose what we 59 00:02:15,280 --> 00:02:19,120 should do about it. Uh there have been 60 00:02:17,440 --> 00:02:21,200 many other talks today that I recommend 61 00:02:19,120 --> 00:02:23,840 that you go and talk about you go and 62 00:02:21,200 --> 00:02:25,440 listen to. uh but particularly I want to 63 00:02:23,840 --> 00:02:26,800 focus on this idea that maintenance 64 00:02:25,440 --> 00:02:28,640 matters more than creation. I think 65 00:02:26,800 --> 00:02:30,400 there was a mistake that was made right 66 00:02:28,640 --> 00:02:33,920 back at the beginning of the open source 67 00:02:30,400 --> 00:02:35,840 movement related to that concept. 68 00:02:33,920 --> 00:02:37,760 There are four types of goods in 69 00:02:35,840 --> 00:02:39,519 economic theory. Who who knows anything 70 00:02:37,760 --> 00:02:42,959 about the four types of goods? Anyone 71 00:02:39,519 --> 00:02:45,120 seen this before? No. Okay. Uh broadly 72 00:02:42,959 --> 00:02:47,519 private goods, toll goods, public goods, 73 00:02:45,120 --> 00:02:49,120 and common pool resources, which is a 74 00:02:47,519 --> 00:02:50,640 thing that you may not have heard about 75 00:02:49,120 --> 00:02:53,519 before. And that's what I'm going to be 76 00:02:50,640 --> 00:02:56,560 talking about a little bit. 77 00:02:53,519 --> 00:02:59,360 Of those four ideas, what do you think 78 00:02:56,560 --> 00:03:01,440 software is? Show of hands if it's a 79 00:02:59,360 --> 00:03:04,800 private good. 80 00:03:01,440 --> 00:03:07,760 Okay. Show of hands about toll good. 81 00:03:04,800 --> 00:03:10,159 Okay. Show of hands for public good. 82 00:03:07,760 --> 00:03:13,599 Show of hands on common pool resource. 83 00:03:10,159 --> 00:03:16,879 Ooh, interesting. Okay. Correct answer 84 00:03:13,599 --> 00:03:18,879 is all of them. Uh, 85 00:03:16,879 --> 00:03:21,680 yeah. which is not everyone put their 86 00:03:18,879 --> 00:03:23,519 hand up all the time. 87 00:03:21,680 --> 00:03:25,840 And the thing that I really want you to 88 00:03:23,519 --> 00:03:27,280 to concentrate on here is the two axes 89 00:03:25,840 --> 00:03:29,040 are important. Subtractability of use 90 00:03:27,280 --> 00:03:31,599 and exclusion difficulty. I'll refer to 91 00:03:29,040 --> 00:03:34,159 them as I go when it's important. But 92 00:03:31,599 --> 00:03:36,319 the top of this diagram I think is 93 00:03:34,159 --> 00:03:37,920 something I really want you to focus on. 94 00:03:36,319 --> 00:03:40,480 I think free and open source software 95 00:03:37,920 --> 00:03:43,680 belongs up here in the top right. And on 96 00:03:40,480 --> 00:03:45,760 the top left is a different kind of open 97 00:03:43,680 --> 00:03:48,640 source software which I would call 98 00:03:45,760 --> 00:03:50,720 reference software things like Eliza 99 00:03:48,640 --> 00:03:52,799 that happens to be public domain. But I 100 00:03:50,720 --> 00:03:54,400 think the reference versus living 101 00:03:52,799 --> 00:03:56,159 software is an important distinction 102 00:03:54,400 --> 00:03:57,519 that's kind of been overlooked and that 103 00:03:56,159 --> 00:03:58,959 was part of the maintenance versus 104 00:03:57,519 --> 00:04:03,040 creation mistake right back at the 105 00:03:58,959 --> 00:04:05,200 beginning. So why is it like this? 106 00:04:03,040 --> 00:04:06,640 I recommend that you go and uh look at 107 00:04:05,200 --> 00:04:08,879 some other talks which I'll I'll give 108 00:04:06,640 --> 00:04:11,439 you some links at the moment. Largely 109 00:04:08,879 --> 00:04:15,200 this picture demonstrates one of the 110 00:04:11,439 --> 00:04:17,120 reasons for about 20 years the entire 111 00:04:15,200 --> 00:04:20,720 tech industry has been trying to do a 112 00:04:17,120 --> 00:04:23,199 Google i.e. create a thing and then 113 00:04:20,720 --> 00:04:25,280 either IPO for lots and lots of money or 114 00:04:23,199 --> 00:04:28,240 like many of these companies get bought 115 00:04:25,280 --> 00:04:30,400 by Google. The reason for that is that 116 00:04:28,240 --> 00:04:32,240 VC funding was very important in the 117 00:04:30,400 --> 00:04:35,120 foundation of many of the organizations 118 00:04:32,240 --> 00:04:38,080 that started off this last 20 25 years 119 00:04:35,120 --> 00:04:40,240 worth of industry they were VC funded 120 00:04:38,080 --> 00:04:42,320 and the important part of VC funding is 121 00:04:40,240 --> 00:04:44,880 that the reason to fund something is to 122 00:04:42,320 --> 00:04:49,199 get your money back. What the company 123 00:04:44,880 --> 00:04:50,560 actually does matter what matters is 124 00:04:49,199 --> 00:04:52,400 whether you get your money back and the 125 00:04:50,560 --> 00:04:55,040 ways that you do that generally are you 126 00:04:52,400 --> 00:04:56,960 IPO i.e. sell it to the public or you 127 00:04:55,040 --> 00:04:59,680 get bought by someone else, sell it to a 128 00:04:56,960 --> 00:05:02,560 private company. 129 00:04:59,680 --> 00:05:04,080 And that led to this mistake. Many 130 00:05:02,560 --> 00:05:06,000 companies thought that if you were 131 00:05:04,080 --> 00:05:10,800 popular, that was the same as being 132 00:05:06,000 --> 00:05:14,080 profitable. Turns out that's not true. 133 00:05:10,800 --> 00:05:16,160 It was true enough for a few companies 134 00:05:14,080 --> 00:05:18,320 that they got very popular and then 135 00:05:16,160 --> 00:05:20,639 figured out how to make the money later. 136 00:05:18,320 --> 00:05:23,280 And lots of people copied that idea 137 00:05:20,639 --> 00:05:25,759 without really thinking about it. And 138 00:05:23,280 --> 00:05:27,840 because this doesn't always apply, it 139 00:05:25,759 --> 00:05:30,240 didn't really work for them, which led 140 00:05:27,840 --> 00:05:32,880 to a lot of conversations like this, 141 00:05:30,240 --> 00:05:34,639 particularly in the last couple of years 142 00:05:32,880 --> 00:05:36,400 where companies who had encouraged all 143 00:05:34,639 --> 00:05:38,800 of their customers to please use my 144 00:05:36,400 --> 00:05:41,120 product for free as much as possible. 145 00:05:38,800 --> 00:05:43,199 And everyone said, "Yep, awesome. We'll 146 00:05:41,120 --> 00:05:46,639 do that." And then they thought, "Hang 147 00:05:43,199 --> 00:05:48,400 on, where's the money? We can't keep 148 00:05:46,639 --> 00:05:50,080 paying all of our staff. We can't keep 149 00:05:48,400 --> 00:05:52,479 building this stuff. We can't keep 150 00:05:50,080 --> 00:05:55,680 maintaining our company and our software 151 00:05:52,479 --> 00:05:59,440 if there's no money in it. 152 00:05:55,680 --> 00:06:01,440 But we built this system to do this. And 153 00:05:59,440 --> 00:06:03,280 the purpose of a system is what it does. 154 00:06:01,440 --> 00:06:05,280 If we don't like what that system is 155 00:06:03,280 --> 00:06:08,960 doing, then we need to change the system 156 00:06:05,280 --> 00:06:11,759 so that it will do something else. 157 00:06:08,960 --> 00:06:13,520 And that's where ecosystems come in. So 158 00:06:11,759 --> 00:06:15,120 remember back couple of slides ago where 159 00:06:13,520 --> 00:06:17,199 I said Eliza and free and open source 160 00:06:15,120 --> 00:06:19,840 software are different. That's because 161 00:06:17,199 --> 00:06:21,919 Eliza is an artifact. it exists as a 162 00:06:19,840 --> 00:06:24,639 static thing whereas ecosystems are 163 00:06:21,919 --> 00:06:27,840 dynamic. They change. They evolve. They 164 00:06:24,639 --> 00:06:29,840 need to be maintained. 165 00:06:27,840 --> 00:06:31,759 This is a talk that Christopher Noabau 166 00:06:29,840 --> 00:06:33,120 is sitting over there. Uh I have this 167 00:06:31,759 --> 00:06:34,960 link that you should go and watch which 168 00:06:33,120 --> 00:06:37,520 is a talk that he did at Monktoberfest 169 00:06:34,960 --> 00:06:39,120 last year. Uh because his current talk 170 00:06:37,520 --> 00:06:40,479 isn't up yet because he only just gave 171 00:06:39,120 --> 00:06:42,880 it earlier today. Otherwise, I would 172 00:06:40,479 --> 00:06:44,400 have linked to that. Do go and look at 173 00:06:42,880 --> 00:06:46,639 this. I'm not going to reprise all of 174 00:06:44,400 --> 00:06:48,560 it, but he broadly goes into how we got 175 00:06:46,639 --> 00:06:50,240 into this kind of state and his last 176 00:06:48,560 --> 00:06:51,520 talk also does a bit more of that which 177 00:06:50,240 --> 00:06:54,720 is excellent because I don't have to do 178 00:06:51,520 --> 00:06:56,400 it now. But I do want to highlight this 179 00:06:54,720 --> 00:06:59,120 particular aspect. This is a slide from 180 00:06:56,400 --> 00:07:02,160 Christopher's talk previously which is 181 00:06:59,120 --> 00:07:05,840 about the ecosystem. It's not about the 182 00:07:02,160 --> 00:07:08,240 code. The mistake a lot of the licensing 183 00:07:05,840 --> 00:07:10,560 uh conversations that we have about 184 00:07:08,240 --> 00:07:13,039 talking about particular companies they 185 00:07:10,560 --> 00:07:15,440 are talking about very specific things 186 00:07:13,039 --> 00:07:17,280 and the focus on the code the open 187 00:07:15,440 --> 00:07:18,880 source and the free nature of the 188 00:07:17,280 --> 00:07:20,800 software 189 00:07:18,880 --> 00:07:23,440 overlooks everything else that is 190 00:07:20,800 --> 00:07:26,240 involved in the process of making and 191 00:07:23,440 --> 00:07:29,360 maintaining software the ecosystem in 192 00:07:26,240 --> 00:07:32,160 which your software lives and that's 193 00:07:29,360 --> 00:07:34,160 vital not understanding that I think is 194 00:07:32,160 --> 00:07:35,840 at the at the core core of a lot of what 195 00:07:34,160 --> 00:07:39,360 is uh causing this sustainability 196 00:07:35,840 --> 00:07:42,000 challenge because um this is newish 197 00:07:39,360 --> 00:07:44,880 data. This is from October of 2024 uh 198 00:07:42,000 --> 00:07:47,039 research by the sovereign tech agency uh 199 00:07:44,880 --> 00:07:50,000 which broadly shows that about 30% of 200 00:07:47,039 --> 00:07:52,240 projects are maintained by one person 201 00:07:50,000 --> 00:07:55,120 and two to three are maintained sorry uh 202 00:07:52,240 --> 00:07:58,400 and another 40%ish are maintained by two 203 00:07:55,120 --> 00:08:00,240 or three people. So around 70% of free 204 00:07:58,400 --> 00:08:02,960 and open source software is maintained 205 00:08:00,240 --> 00:08:05,120 by three or fewer people. 206 00:08:02,960 --> 00:08:07,520 That's not many, particularly given that 207 00:08:05,120 --> 00:08:08,639 there are millions of these projects. 208 00:08:07,520 --> 00:08:10,960 I've gone and had a look at the 209 00:08:08,639 --> 00:08:12,319 ecosystems data set. It's a little bit 210 00:08:10,960 --> 00:08:14,160 opaque and I haven't had time to go 211 00:08:12,319 --> 00:08:16,000 through it in great detail, but it 212 00:08:14,160 --> 00:08:18,080 broadly aligns with this. If anything, 213 00:08:16,000 --> 00:08:20,160 it kind of skews more towards the one 214 00:08:18,080 --> 00:08:22,960 person maintained projects depending on 215 00:08:20,160 --> 00:08:24,400 how alive they are. And this is 216 00:08:22,960 --> 00:08:25,919 difficult to see because unfortunately 217 00:08:24,400 --> 00:08:29,360 their their slide wasn't particularly 218 00:08:25,919 --> 00:08:31,759 great. Uh but broadly it's if you sum up 219 00:08:29,360 --> 00:08:33,680 all of the numbers and when they were 220 00:08:31,759 --> 00:08:36,560 asked are you getting paid enough to 221 00:08:33,680 --> 00:08:38,560 maintain open source software about 77% 222 00:08:36,560 --> 00:08:42,240 of people said no. Some of the getting 223 00:08:38,560 --> 00:08:44,640 paid a bit but most of them are not 224 00:08:42,240 --> 00:08:47,040 getting paid either at all or not enough 225 00:08:44,640 --> 00:08:49,279 for me to be doing this as my job which 226 00:08:47,040 --> 00:08:51,279 means it's being cross-subsidized by 227 00:08:49,279 --> 00:08:53,279 something else. 228 00:08:51,279 --> 00:08:56,160 Now why would you do that? Why would you 229 00:08:53,279 --> 00:08:59,040 work on this stuff for free? 230 00:08:56,160 --> 00:09:00,800 Partly it's because we as an ecosystem 231 00:08:59,040 --> 00:09:02,640 have pushed people to do this. All these 232 00:09:00,800 --> 00:09:04,560 VC companies have been pushing out stuff 233 00:09:02,640 --> 00:09:06,320 for free. They have been setting the 234 00:09:04,560 --> 00:09:09,200 expectation that open source software 235 00:09:06,320 --> 00:09:12,160 should be free and that you should work 236 00:09:09,200 --> 00:09:13,600 on it for free. Not that you should 237 00:09:12,160 --> 00:09:15,440 create something and give it away and 238 00:09:13,600 --> 00:09:17,279 here is an artifact. Please have it. 239 00:09:15,440 --> 00:09:20,640 It's great. It's Eliza. Reference it. 240 00:09:17,279 --> 00:09:22,240 Look at it. That's different. 241 00:09:20,640 --> 00:09:23,920 They're saying that not only do you 242 00:09:22,240 --> 00:09:29,320 release it once, but you have to keep 243 00:09:23,920 --> 00:09:29,320 working on it for free forever. 244 00:09:29,360 --> 00:09:33,120 People do this because they think their 245 00:09:30,880 --> 00:09:35,680 expertise is going to be useful. That 246 00:09:33,120 --> 00:09:37,519 it's kind of a marketing exercise. And 247 00:09:35,680 --> 00:09:40,000 that sounds a lot like working for 248 00:09:37,519 --> 00:09:42,480 exposure. And even penguins die of 249 00:09:40,000 --> 00:09:44,720 exposure. 250 00:09:42,480 --> 00:09:46,640 So maybe we shouldn't do that because 251 00:09:44,720 --> 00:09:48,240 this is what the costbenefit allocation 252 00:09:46,640 --> 00:09:49,680 generally looks like for the people in 253 00:09:48,240 --> 00:09:51,680 this ecosystem. Again, I'm not going to 254 00:09:49,680 --> 00:09:52,959 go through this in massive detail, but 255 00:09:51,680 --> 00:09:55,120 if you look here, people who are 256 00:09:52,959 --> 00:09:56,720 hobbyists or just general contributors, 257 00:09:55,120 --> 00:09:58,720 they kind of contribute a bit. It's not 258 00:09:56,720 --> 00:10:01,200 a bad deal for them, but for 259 00:09:58,720 --> 00:10:04,240 maintainers, it's not a very good deal 260 00:10:01,200 --> 00:10:06,320 at all. For vendors, it's awesome. And 261 00:10:04,240 --> 00:10:07,680 one particular thing I want to point out 262 00:10:06,320 --> 00:10:09,600 here is the different kind of 263 00:10:07,680 --> 00:10:11,600 maintainers. For most maintainers, this 264 00:10:09,600 --> 00:10:13,519 is a raw deal. But people do it because 265 00:10:11,600 --> 00:10:15,120 like other uh like the entertainment 266 00:10:13,519 --> 00:10:16,720 industry where you have lots of 267 00:10:15,120 --> 00:10:18,800 maintainers who are well, we can call 268 00:10:16,720 --> 00:10:20,720 them actors who are working as waiters 269 00:10:18,800 --> 00:10:22,640 or they have a day job that subsidizes 270 00:10:20,720 --> 00:10:24,959 this thing that they do hoping that one 271 00:10:22,640 --> 00:10:27,200 day they will be famous ignoring the 272 00:10:24,959 --> 00:10:30,399 fact that for every good kind of famous 273 00:10:27,200 --> 00:10:33,200 like maybe Lionus or Guido Van Rossom, 274 00:10:30,399 --> 00:10:36,560 there is the bad kind of famous i.e. 275 00:10:33,200 --> 00:10:38,560 being a woman on the internet. 276 00:10:36,560 --> 00:10:41,440 This is the purpose of the system that 277 00:10:38,560 --> 00:10:43,920 we have created and we need to change 278 00:10:41,440 --> 00:10:45,680 it. But what do we change it into? 279 00:10:43,920 --> 00:10:48,320 Coming back to this different type of 280 00:10:45,680 --> 00:10:50,320 good. I argue that free and open source 281 00:10:48,320 --> 00:10:52,079 software is a common pool resource and 282 00:10:50,320 --> 00:10:55,760 we should maintain it as a common pool 283 00:10:52,079 --> 00:10:57,360 resource not as a public good. And that 284 00:10:55,760 --> 00:10:59,120 means that we can look at governing the 285 00:10:57,360 --> 00:11:01,200 commons and the work of this wonderful 286 00:10:59,120 --> 00:11:03,920 woman Ellena Ostramm who is a Nobel 287 00:11:01,200 --> 00:11:06,800 Prize winner in economics. Uh she won 288 00:11:03,920 --> 00:11:08,399 the Nobel Prize in I think it was 2012 289 00:11:06,800 --> 00:11:12,320 if I remember correctly. No, that's when 290 00:11:08,399 --> 00:11:14,079 she died. Uh 2005. 291 00:11:12,320 --> 00:11:16,959 Uh 292 00:11:14,079 --> 00:11:18,880 I have to mention this briefly because 293 00:11:16,959 --> 00:11:20,560 when I talk about commons generally 294 00:11:18,880 --> 00:11:22,399 people think of the tragedy of the 295 00:11:20,560 --> 00:11:24,880 commons. Go and read that paper and then 296 00:11:22,399 --> 00:11:27,279 never talk about it ever again. The 297 00:11:24,880 --> 00:11:29,360 paper explained why tragedy the commons 298 00:11:27,279 --> 00:11:32,000 is a false and dangerous myth that was 299 00:11:29,360 --> 00:11:33,920 wrong when the paper was originally 300 00:11:32,000 --> 00:11:37,360 produced and Elellanena Ostramm's work 301 00:11:33,920 --> 00:11:38,959 had already proven that. So let's not 302 00:11:37,360 --> 00:11:41,600 talk about that. Let's talk about 303 00:11:38,959 --> 00:11:44,079 Elellanena's work. When you're managing 304 00:11:41,600 --> 00:11:46,800 common pool resources, these are the 305 00:11:44,079 --> 00:11:49,279 eight design principles as as she and 306 00:11:46,800 --> 00:11:52,399 her colleagues call them that you should 307 00:11:49,279 --> 00:11:55,279 be using. Now I say should because if 308 00:11:52,399 --> 00:11:57,519 the the more of these eight principles 309 00:11:55,279 --> 00:11:59,200 that are present in your project or in 310 00:11:57,519 --> 00:12:01,360 your initiative or in in whatever it is 311 00:11:59,200 --> 00:12:03,600 that you're doing, the more of them that 312 00:12:01,360 --> 00:12:06,399 you are doing, the more likely it is 313 00:12:03,600 --> 00:12:08,720 that your project will be successful and 314 00:12:06,399 --> 00:12:10,240 sustainable. You don't have to have all 315 00:12:08,720 --> 00:12:12,240 of them, but the more of them, the 316 00:12:10,240 --> 00:12:13,519 better. 317 00:12:12,240 --> 00:12:15,440 And I'm not going to talk about all of 318 00:12:13,519 --> 00:12:18,079 them because I don't have time. Uh so 319 00:12:15,440 --> 00:12:22,160 instead I'm going to focus on a few of 320 00:12:18,079 --> 00:12:24,320 them because the systems that you use 321 00:12:22,160 --> 00:12:27,120 these design principles to create are 322 00:12:24,320 --> 00:12:29,760 more powerful than the individuals. They 323 00:12:27,120 --> 00:12:32,399 constrain individual behavior and the 324 00:12:29,760 --> 00:12:34,800 systemic design is what I want you to 325 00:12:32,399 --> 00:12:36,320 focus on. We need to look at how the 326 00:12:34,800 --> 00:12:38,079 system functions not about the 327 00:12:36,320 --> 00:12:40,720 individual behavior because the two 328 00:12:38,079 --> 00:12:43,519 things influence one another. And I want 329 00:12:40,720 --> 00:12:45,519 to talk about these three in particular. 330 00:12:43,519 --> 00:12:49,360 The first one is congruence, which is 331 00:12:45,519 --> 00:12:51,200 broadly why people are grumpy. 332 00:12:49,360 --> 00:12:52,959 At the moment, there isn't a lot of 333 00:12:51,200 --> 00:12:54,880 congruence between what people are 334 00:12:52,959 --> 00:12:56,800 putting into a project and what they're 335 00:12:54,880 --> 00:12:58,000 getting out of it. There are people who 336 00:12:56,800 --> 00:12:59,600 are not putting anything into these 337 00:12:58,000 --> 00:13:01,440 projects and extracting a lot of benefit 338 00:12:59,600 --> 00:13:02,800 from it. And there are people who are 339 00:13:01,440 --> 00:13:04,800 not actually extracting very much 340 00:13:02,800 --> 00:13:08,160 benefit, but putting a lot of it into 341 00:13:04,800 --> 00:13:10,959 the projects. That's not very congruent. 342 00:13:08,160 --> 00:13:12,880 Turns out congruence is important. And 343 00:13:10,959 --> 00:13:15,120 the fact that we haven't designed a 344 00:13:12,880 --> 00:13:18,160 system with that in mind is probably 345 00:13:15,120 --> 00:13:20,800 something we need to change. 346 00:13:18,160 --> 00:13:23,040 But how? 347 00:13:20,800 --> 00:13:25,760 Well, we have to figure out what 348 00:13:23,040 --> 00:13:29,040 congruence actually means. So, if 349 00:13:25,760 --> 00:13:31,279 someone isn't putting in as much as 350 00:13:29,040 --> 00:13:34,399 they're taking out and we disagree with 351 00:13:31,279 --> 00:13:36,560 that, we might be in conflict. So, what 352 00:13:34,399 --> 00:13:39,120 do we do about that? How do we resolve 353 00:13:36,560 --> 00:13:40,639 that conflict? I would argue that in the 354 00:13:39,120 --> 00:13:42,639 open source and particularly open 355 00:13:40,639 --> 00:13:46,079 source, but the free and open source um 356 00:13:42,639 --> 00:13:48,160 community, we have done a woeful job of 357 00:13:46,079 --> 00:13:49,920 designing conflict resolution mechanisms 358 00:13:48,160 --> 00:13:51,920 before we need them, before there's a 359 00:13:49,920 --> 00:13:54,480 crisis, even to the point of having 360 00:13:51,920 --> 00:13:56,720 codes of conduct, which we kind of now 361 00:13:54,480 --> 00:13:59,040 do, but not universally. That happened 362 00:13:56,720 --> 00:14:01,120 very late. 363 00:13:59,040 --> 00:14:03,120 We need to design conflict resolution 364 00:14:01,120 --> 00:14:05,120 mechanisms for the conflicts that are 365 00:14:03,120 --> 00:14:08,079 going to exist in our ecosystems, in our 366 00:14:05,120 --> 00:14:09,839 projects before we need them. And I 367 00:14:08,079 --> 00:14:12,320 would also argue that the one that we've 368 00:14:09,839 --> 00:14:15,519 used the most licensing 369 00:14:12,320 --> 00:14:17,360 is the wrong one or it's it's one 370 00:14:15,519 --> 00:14:19,279 choice. It's not the only choice and 371 00:14:17,360 --> 00:14:22,399 it's actually one of the less powerful 372 00:14:19,279 --> 00:14:24,399 ones and we need to have other choices. 373 00:14:22,399 --> 00:14:27,199 Austramm particularly values things that 374 00:14:24,399 --> 00:14:29,440 are local, lowcost and fast. At the 375 00:14:27,199 --> 00:14:30,959 moment when we lean on the legal 376 00:14:29,440 --> 00:14:33,600 mechanisms that work for private 377 00:14:30,959 --> 00:14:36,480 companies, they are incredibly slow, 378 00:14:33,600 --> 00:14:38,240 very heavy. they in they incur a massive 379 00:14:36,480 --> 00:14:40,240 cost on the participants of that and 380 00:14:38,240 --> 00:14:42,000 also the rest of the ecosystem. They're 381 00:14:40,240 --> 00:14:44,240 not welld designigned. They're not 382 00:14:42,000 --> 00:14:45,440 congruent. They're not the way that we 383 00:14:44,240 --> 00:14:47,360 should be managing common pool 384 00:14:45,440 --> 00:14:50,079 resources. 385 00:14:47,360 --> 00:14:51,760 But when I say we, well, I'm talking 386 00:14:50,079 --> 00:14:54,079 about who's actually in charge of these 387 00:14:51,760 --> 00:14:55,519 things. Many of the projects that we 388 00:14:54,079 --> 00:14:57,519 part of the reason that we're here, 389 00:14:55,519 --> 00:15:00,320 these projects are run by companies. 390 00:14:57,519 --> 00:15:02,720 They're not really run by people. I hate 391 00:15:00,320 --> 00:15:04,800 to break it to you, but uh corporations 392 00:15:02,720 --> 00:15:06,079 are not democracies. 393 00:15:04,800 --> 00:15:07,600 They're actually authoritarian 394 00:15:06,079 --> 00:15:09,279 dictatorships 395 00:15:07,600 --> 00:15:10,880 and that's how they function. So if 396 00:15:09,279 --> 00:15:12,399 you've got three maintainers for a 397 00:15:10,880 --> 00:15:14,000 project and they're all employed by the 398 00:15:12,399 --> 00:15:15,839 one company, guess who's in charge of 399 00:15:14,000 --> 00:15:17,519 that project? 400 00:15:15,839 --> 00:15:19,519 You're not making collective choice 401 00:15:17,519 --> 00:15:21,519 arrangements. There isn't much 402 00:15:19,519 --> 00:15:23,920 collective choice going on. So I would 403 00:15:21,519 --> 00:15:26,240 argue that we need to get into much more 404 00:15:23,920 --> 00:15:27,839 collective choice. We need to be 405 00:15:26,240 --> 00:15:30,240 designing those mechanisms into our 406 00:15:27,839 --> 00:15:31,839 projects from the outset, not trying to 407 00:15:30,240 --> 00:15:33,519 impose them later on. Having a 408 00:15:31,839 --> 00:15:35,120 benevolent dictator for life might be 409 00:15:33,519 --> 00:15:37,440 very quick and efficient at the very 410 00:15:35,120 --> 00:15:39,440 beginning, but we need to move away from 411 00:15:37,440 --> 00:15:40,959 that model very very quickly. And in 412 00:15:39,440 --> 00:15:42,880 fact, most projects that are sustainable 413 00:15:40,959 --> 00:15:45,440 have done that. They've just done it 414 00:15:42,880 --> 00:15:48,079 much later. We need to design that in at 415 00:15:45,440 --> 00:15:50,959 the beginning because the purpose of a 416 00:15:48,079 --> 00:15:53,040 system is what it does. So if we want a 417 00:15:50,959 --> 00:15:55,920 different outcome from our system, we 418 00:15:53,040 --> 00:15:57,920 need to design it differently. 419 00:15:55,920 --> 00:15:59,680 But change is coming and change is not 420 00:15:57,920 --> 00:16:01,759 coming from within the tech industry. 421 00:15:59,680 --> 00:16:03,600 It's coming from outside because humans 422 00:16:01,759 --> 00:16:05,759 matter more than computers. Particularly 423 00:16:03,600 --> 00:16:07,839 to people who don't like computers or 424 00:16:05,759 --> 00:16:10,160 don't use them very much, i.e. most 425 00:16:07,839 --> 00:16:11,759 people in the world. 426 00:16:10,160 --> 00:16:14,160 It's not coming from in the tech 427 00:16:11,759 --> 00:16:17,120 industry because we don't make very good 428 00:16:14,160 --> 00:16:19,680 computers. They break a lot. They're 429 00:16:17,120 --> 00:16:21,360 getting worse. People are trying to do 430 00:16:19,680 --> 00:16:22,880 things with their computing devices. I 431 00:16:21,360 --> 00:16:25,360 was talking to my mother only this 432 00:16:22,880 --> 00:16:27,600 weekend and she is incredibly frustrated 433 00:16:25,360 --> 00:16:30,480 with her phone because Apple moved where 434 00:16:27,600 --> 00:16:32,399 the delete email button went and she 435 00:16:30,480 --> 00:16:34,399 can't work out how to do something that 436 00:16:32,399 --> 00:16:36,560 simple. And this is a company that 437 00:16:34,399 --> 00:16:38,160 broadly has a reputation for being very 438 00:16:36,560 --> 00:16:40,639 good about user experience and user 439 00:16:38,160 --> 00:16:43,040 interface design. That's what our 440 00:16:40,639 --> 00:16:45,040 perception is from the broader industry. 441 00:16:43,040 --> 00:16:46,720 We also managed to take down a lot of 442 00:16:45,040 --> 00:16:48,800 important infrastructure systems all 443 00:16:46,720 --> 00:16:51,360 over the world in a single day because 444 00:16:48,800 --> 00:16:53,199 one company pushed out an update a 445 00:16:51,360 --> 00:16:56,160 little bit too quickly without testing 446 00:16:53,199 --> 00:16:58,160 it. Whoops. 447 00:16:56,160 --> 00:17:00,480 That's the industry that everyone else 448 00:16:58,160 --> 00:17:03,440 has to deal with and they're not happy 449 00:17:00,480 --> 00:17:06,160 about it. So, they're starting to make 450 00:17:03,440 --> 00:17:08,240 it more difficult for companies to do 451 00:17:06,160 --> 00:17:11,439 this. It's particularly coming to the 452 00:17:08,240 --> 00:17:14,000 IoT device section of the uh of the 453 00:17:11,439 --> 00:17:16,959 industry mostly for national security 454 00:17:14,000 --> 00:17:18,959 reasons. It turns out governments don't 455 00:17:16,959 --> 00:17:20,640 like it when it's really easy for you to 456 00:17:18,959 --> 00:17:22,480 take out an entire country's 457 00:17:20,640 --> 00:17:23,919 infrastructure. So they're passing 458 00:17:22,480 --> 00:17:25,439 various laws about critical 459 00:17:23,919 --> 00:17:27,839 infrastructure and how that needs to be 460 00:17:25,439 --> 00:17:29,840 man maintained. It's also being passed 461 00:17:27,839 --> 00:17:31,760 in laws around IoT and I want to point 462 00:17:29,840 --> 00:17:33,200 you at particular couple of bits of 463 00:17:31,760 --> 00:17:35,039 legislation that I recommend that you 464 00:17:33,200 --> 00:17:37,440 familiarize yourself with particularly 465 00:17:35,039 --> 00:17:38,960 the EU cyber resilience act but there 466 00:17:37,440 --> 00:17:41,440 are some elements around IoT and the 467 00:17:38,960 --> 00:17:43,360 Australia's cyber security act 468 00:17:41,440 --> 00:17:45,520 essentially if you are a manufacturer of 469 00:17:43,360 --> 00:17:48,080 a device that can that will be able to 470 00:17:45,520 --> 00:17:50,080 be connected to the internet that 471 00:17:48,080 --> 00:17:51,679 warranty disclaimer thing at the 472 00:17:50,080 --> 00:17:53,520 beginning of software where you've used 473 00:17:51,679 --> 00:17:56,160 the software and if it sets fire to your 474 00:17:53,520 --> 00:17:58,400 data center and your cat too bad uh 475 00:17:56,160 --> 00:18:00,000 that's going away. 476 00:17:58,400 --> 00:18:02,799 We are not going to be able to get away 477 00:18:00,000 --> 00:18:05,840 with that anymore because there are 478 00:18:02,799 --> 00:18:07,520 going to be consequences for doing that. 479 00:18:05,840 --> 00:18:09,280 And interestingly, open source is in a 480 00:18:07,520 --> 00:18:11,520 good position for that. Now, this is 481 00:18:09,280 --> 00:18:13,440 important because when companies incur 482 00:18:11,520 --> 00:18:16,080 consequences for shipping buggy software 483 00:18:13,440 --> 00:18:18,160 that they refuse to fix, governments are 484 00:18:16,080 --> 00:18:19,679 going to start imposing costs on them. 485 00:18:18,160 --> 00:18:22,559 That's going to make them more 486 00:18:19,679 --> 00:18:25,200 interested in paying people to make that 487 00:18:22,559 --> 00:18:28,320 liability go away 488 00:18:25,200 --> 00:18:31,919 by increasing their willingness to pay. 489 00:18:28,320 --> 00:18:34,080 That money can go into the people and 490 00:18:31,919 --> 00:18:35,679 the projects that maintain and look 491 00:18:34,080 --> 00:18:36,640 after that software. Remember what we 492 00:18:35,679 --> 00:18:38,000 had back at the beginning about 493 00:18:36,640 --> 00:18:40,320 maintenance being more important than 494 00:18:38,000 --> 00:18:42,640 creation. It's not about this thing that 495 00:18:40,320 --> 00:18:44,960 exists. It's about how it gets changed, 496 00:18:42,640 --> 00:18:47,440 how the bugs get fixed, how we update it 497 00:18:44,960 --> 00:18:50,880 later on after 5 years have passed. And 498 00:18:47,440 --> 00:18:53,679 it turns out things are different now. 499 00:18:50,880 --> 00:18:56,160 But stable systems resist change. That's 500 00:18:53,679 --> 00:18:58,880 what stable means. 501 00:18:56,160 --> 00:19:00,480 But we have an advantage there. Now, the 502 00:18:58,880 --> 00:19:02,080 current system of doing this where it's 503 00:19:00,480 --> 00:19:03,440 all extractive and we make loads of 504 00:19:02,080 --> 00:19:05,919 money because other people like working 505 00:19:03,440 --> 00:19:08,160 on our stuff for free for reasons that 506 00:19:05,919 --> 00:19:11,360 we don't want to disturb. Shh, don't 507 00:19:08,160 --> 00:19:13,039 tell anyone. They're getting a bad deal. 508 00:19:11,360 --> 00:19:14,640 Turns out this was a great deal for 509 00:19:13,039 --> 00:19:17,520 everyone for a long time. So, open- 510 00:19:14,640 --> 00:19:20,160 source is everywhere. 511 00:19:17,520 --> 00:19:22,880 How many people uh have used a computing 512 00:19:20,160 --> 00:19:27,080 device that includes zero open source 513 00:19:22,880 --> 00:19:27,080 software in the last year? 514 00:19:27,120 --> 00:19:34,240 How would you even know? 515 00:19:30,400 --> 00:19:36,160 But I can almost guarantee that everyone 516 00:19:34,240 --> 00:19:37,919 in this room has used software that 517 00:19:36,160 --> 00:19:40,480 contains open source software in the 518 00:19:37,919 --> 00:19:43,360 last year. In fact, today it's almost 519 00:19:40,480 --> 00:19:45,440 impossible to get away with. And that 520 00:19:43,360 --> 00:19:49,200 means that these companies who need to 521 00:19:45,440 --> 00:19:50,799 make changes have two choices. One, they 522 00:19:49,200 --> 00:19:52,640 can rip out all the open source software 523 00:19:50,799 --> 00:19:55,440 they've been using for the last 25 plus 524 00:19:52,640 --> 00:19:57,039 years basically for free and replace all 525 00:19:55,440 --> 00:20:00,160 of it with proprietary software that 526 00:19:57,039 --> 00:20:03,120 they get from somewhere. 527 00:20:00,160 --> 00:20:04,880 Or they can pay someone to uh maybe fix 528 00:20:03,120 --> 00:20:07,919 some stuff and make the problem go away. 529 00:20:04,880 --> 00:20:10,640 Which one's easier? 530 00:20:07,919 --> 00:20:13,760 There are other options. Turns out 531 00:20:10,640 --> 00:20:15,360 socialism is a thing. Uh, and this one's 532 00:20:13,760 --> 00:20:17,679 gotten a lot more interesting in the 533 00:20:15,360 --> 00:20:20,160 last, let me count how I can't count 534 00:20:17,679 --> 00:20:22,240 from January, but this year because a 535 00:20:20,160 --> 00:20:24,240 lot of people have realized that, oh, 536 00:20:22,240 --> 00:20:25,760 turns out one country is kind of the 537 00:20:24,240 --> 00:20:28,720 center of the tech universe. What if 538 00:20:25,760 --> 00:20:31,440 they're not a reliable partner anymore? 539 00:20:28,720 --> 00:20:32,880 Maybe sovereign technology is a thing we 540 00:20:31,440 --> 00:20:35,440 should look at a bit more. So the 541 00:20:32,880 --> 00:20:36,960 sovereign tech agency from uh Germany 542 00:20:35,440 --> 00:20:39,440 was already doing good work in this 543 00:20:36,960 --> 00:20:41,840 space but it was a bit it was a bit out 544 00:20:39,440 --> 00:20:44,159 here on the edge. Now we have talk of 545 00:20:41,840 --> 00:20:45,840 Euro stack for example where maybe 546 00:20:44,159 --> 00:20:49,440 Europe should have a cloud that isn't 547 00:20:45,840 --> 00:20:54,159 completely welded to one country who may 548 00:20:49,440 --> 00:20:55,679 not actually like us very much today. H 549 00:20:54,159 --> 00:20:57,679 I think we should be doing more of that. 550 00:20:55,679 --> 00:20:59,360 That is collective action. It's not rely 551 00:20:57,679 --> 00:21:01,360 it's a systems change. It doesn't rely 552 00:20:59,360 --> 00:21:03,440 on individuals doing things differently. 553 00:21:01,360 --> 00:21:05,039 Um, we also see a bit of a public health 554 00:21:03,440 --> 00:21:06,880 response. Again, this is mostly coming 555 00:21:05,039 --> 00:21:08,880 from the cyber security angle, not so 556 00:21:06,880 --> 00:21:10,559 much from a wouldn't it be nice if we 557 00:21:08,880 --> 00:21:12,559 actually paid people to do this. Like, 558 00:21:10,559 --> 00:21:14,400 we don't want stuff to break so much. 559 00:21:12,559 --> 00:21:16,159 People are grumpy. They're not really 560 00:21:14,400 --> 00:21:17,760 going fast enough for my liking. They're 561 00:21:16,159 --> 00:21:19,280 going to put stickers on things. If you 562 00:21:17,760 --> 00:21:21,280 would like one of those, you don't have 563 00:21:19,280 --> 00:21:23,039 to take a photo of it, or you can go to 564 00:21:21,280 --> 00:21:24,880 that QR code and you can design one of 565 00:21:23,039 --> 00:21:26,400 these and print it yourself. Please go 566 00:21:24,880 --> 00:21:28,720 and put cyber ratings on all of your 567 00:21:26,400 --> 00:21:30,640 documents. That would amuse me no end. 568 00:21:28,720 --> 00:21:33,360 Um, Australia is actually going to come 569 00:21:30,640 --> 00:21:35,039 up with a cyber rating kind of labeling 570 00:21:33,360 --> 00:21:37,360 scheme. Uh, they haven't finished 571 00:21:35,039 --> 00:21:38,960 designing the labels yet. Um, they 572 00:21:37,360 --> 00:21:41,200 aren't licensing this from me, which is 573 00:21:38,960 --> 00:21:43,600 I think is a shame. Uh, but they will be 574 00:21:41,200 --> 00:21:45,120 doing this. That's fine. This kind of 575 00:21:43,600 --> 00:21:46,640 labeling thing, it does work, but it 576 00:21:45,120 --> 00:21:48,559 takes about 10 years to actually have 577 00:21:46,640 --> 00:21:50,799 any effect. So, it might start working 578 00:21:48,559 --> 00:21:52,960 eventually. It's better than nothing, 579 00:21:50,799 --> 00:21:55,360 but it's not sufficient. Let's not let 580 00:21:52,960 --> 00:21:57,840 them give up on that. But this I think 581 00:21:55,360 --> 00:22:00,720 is the most powerful thing and I don't 582 00:21:57,840 --> 00:22:02,720 think we do this enough. 583 00:22:00,720 --> 00:22:04,480 When someone comes to you and says will 584 00:22:02,720 --> 00:22:08,159 you please maintain your software for 585 00:22:04,480 --> 00:22:10,559 free for me? You should tell them no. 586 00:22:08,159 --> 00:22:12,400 Please sign up for a support contract. 587 00:22:10,559 --> 00:22:14,159 Otherwise I am not going to fix your 588 00:22:12,400 --> 00:22:17,200 bug. 589 00:22:14,159 --> 00:22:18,720 What are they going to do? 590 00:22:17,200 --> 00:22:20,159 Now, for many of us, that will be 591 00:22:18,720 --> 00:22:22,240 difficult because we feel that there is 592 00:22:20,159 --> 00:22:24,159 a moral imperative that we fix security 593 00:22:22,240 --> 00:22:26,720 flaws in software that we gave everyone 594 00:22:24,159 --> 00:22:28,400 for free years ago in some cases, and we 595 00:22:26,720 --> 00:22:29,840 feel like, well, it's I'm responsible 596 00:22:28,400 --> 00:22:31,600 for this. If you're not being paid for 597 00:22:29,840 --> 00:22:33,520 it, no, you're not. You gave something 598 00:22:31,600 --> 00:22:35,520 away for free. No one was under any 599 00:22:33,520 --> 00:22:37,440 obligation to pick it up off the side of 600 00:22:35,520 --> 00:22:39,280 the street, whack it into a commercial 601 00:22:37,440 --> 00:22:41,039 product, which they then push out to 602 00:22:39,280 --> 00:22:44,320 millions of people all over the world, 603 00:22:41,039 --> 00:22:46,000 charging a fortune for it, and uh then 604 00:22:44,320 --> 00:22:48,000 never fixing any of the bugs in it. 605 00:22:46,000 --> 00:22:49,600 Also, you're legally prohibited from 606 00:22:48,000 --> 00:22:52,240 reverse engineering my thing and fixing 607 00:22:49,600 --> 00:22:54,159 it yourself. That's a raw deal. Just say 608 00:22:52,240 --> 00:22:56,320 no. 609 00:22:54,159 --> 00:22:57,760 And at the end of all of that, I think 610 00:22:56,320 --> 00:23:00,240 that we are in a good position to 611 00:22:57,760 --> 00:23:02,000 actually change this because of the leg 612 00:23:00,240 --> 00:23:04,640 the legislation changes that are 613 00:23:02,000 --> 00:23:06,480 happening from outside the industry. We 614 00:23:04,640 --> 00:23:08,400 could do a lot more to fix this 615 00:23:06,480 --> 00:23:11,120 ourselves, but so far it hasn't 616 00:23:08,400 --> 00:23:12,880 happened. But I encourage you to do 617 00:23:11,120 --> 00:23:15,280 everything that you can to push it in 618 00:23:12,880 --> 00:23:16,880 that direction and to support the 619 00:23:15,280 --> 00:23:18,640 endeavors of those who are coming from 620 00:23:16,880 --> 00:23:21,280 outside 621 00:23:18,640 --> 00:23:24,159 to impose costs on the industry to make 622 00:23:21,280 --> 00:23:26,400 it more costly to not do the right 623 00:23:24,159 --> 00:23:28,000 thing. So that if you are a commercial 624 00:23:26,400 --> 00:23:30,640 company putting open source software in 625 00:23:28,000 --> 00:23:33,440 your product, selling that to people and 626 00:23:30,640 --> 00:23:36,480 it's not fit for purpose or it has 627 00:23:33,440 --> 00:23:38,320 security bugs or it doesn't support a 628 00:23:36,480 --> 00:23:40,559 marginalized community or it's not 629 00:23:38,320 --> 00:23:43,280 accessible, they can come at you and 630 00:23:40,559 --> 00:23:44,720 say, "No, that is not acceptable in the 631 00:23:43,280 --> 00:23:46,720 same way that it's not acceptable that 632 00:23:44,720 --> 00:23:49,840 you sell me bread that is full of 633 00:23:46,720 --> 00:23:52,320 sawdust or coffee that is poisoned. We 634 00:23:49,840 --> 00:23:54,320 don't accept it from other products. The 635 00:23:52,320 --> 00:23:56,159 period of time in which we did accept it 636 00:23:54,320 --> 00:23:59,120 for software is coming to an end and 637 00:23:56,159 --> 00:24:02,480 it's coming to an end quickly. Get ready 638 00:23:59,120 --> 00:24:04,320 for it because it's happening. I think 639 00:24:02,480 --> 00:24:06,159 we should encourage it to happen faster 640 00:24:04,320 --> 00:24:07,840 because then we will all be better off 641 00:24:06,159 --> 00:24:10,480 and the software that we make will be 642 00:24:07,840 --> 00:24:12,640 more sustainable. And that is the pretty 643 00:24:10,480 --> 00:24:15,120 much the end of my talk. Remember these 644 00:24:12,640 --> 00:24:16,720 are the four ideas. Maintenance is more 645 00:24:15,120 --> 00:24:18,400 important than creation. Ecosystems 646 00:24:16,720 --> 00:24:19,840 matter more than artifacts. Systems 647 00:24:18,400 --> 00:24:21,600 matter more than indivi sorry systems 648 00:24:19,840 --> 00:24:24,320 are more powerful than individuals. And 649 00:24:21,600 --> 00:24:27,840 humans matter more than computers. The 650 00:24:24,320 --> 00:24:31,080 purpose of a system is what it does. 651 00:24:27,840 --> 00:24:31,080 Thank you. 652 00:24:31,670 --> 00:24:34,839 [Music] 653 00:24:35,440 --> 00:24:38,480 I think we have time for questions. 654 00:24:37,279 --> 00:24:39,679 Thanks very much. Yeah, we do have time 655 00:24:38,480 --> 00:24:40,159 for a couple of questions. 656 00:24:39,679 --> 00:24:42,480 Excellent. 657 00:24:40,159 --> 00:24:43,200 Anybody out there like questions? 658 00:24:42,480 --> 00:24:44,960 One over here. 659 00:24:43,200 --> 00:24:46,559 Please go. While the mic goes back 660 00:24:44,960 --> 00:24:49,039 there, I would like to just point out 661 00:24:46,559 --> 00:24:50,400 this. This is a fabulous book that I am 662 00:24:49,039 --> 00:24:52,000 annoying everyone with. It's called The 663 00:24:50,400 --> 00:24:54,159 Care of Things: The Ethics and Politics 664 00:24:52,000 --> 00:24:57,840 of Maintenance. It's fab. Please read 665 00:24:54,159 --> 00:25:00,960 it. It's great. The authors are French. 666 00:24:57,840 --> 00:25:03,679 It's The book is so French. I'm with a 667 00:25:00,960 --> 00:25:06,320 big corporation, 1600 people with a 668 00:25:03,679 --> 00:25:09,919 gazillion users of Python. What's our 669 00:25:06,320 --> 00:25:12,240 obligation to support Python? 670 00:25:09,919 --> 00:25:16,240 Your obligation according to society is 671 00:25:12,240 --> 00:25:19,039 zero. I think that should change. 672 00:25:16,240 --> 00:25:22,159 uh your moral obligation I think is to 673 00:25:19,039 --> 00:25:24,159 yes support it your fin your how your 674 00:25:22,159 --> 00:25:26,480 company is structured and what risks you 675 00:25:24,159 --> 00:25:28,559 you as a company face if you don't 676 00:25:26,480 --> 00:25:30,320 support it i.e. If the people who do it 677 00:25:28,559 --> 00:25:33,520 suddenly turn around and tell you, 678 00:25:30,320 --> 00:25:36,240 "Yeah, nah, not today. We're not gonna 679 00:25:33,520 --> 00:25:37,520 um what leverage do you have? If you 680 00:25:36,240 --> 00:25:39,679 pick something up for free and the 681 00:25:37,520 --> 00:25:42,080 people who the people who maintain that 682 00:25:39,679 --> 00:25:44,080 decide that no, not going to or like 683 00:25:42,080 --> 00:25:46,559 we've seen in a few places, I'm going to 684 00:25:44,080 --> 00:25:48,720 sell access to Russian hackers today cuz 685 00:25:46,559 --> 00:25:51,039 I make loads of money doing that." Does 686 00:25:48,720 --> 00:25:52,880 that place you at any risk? Have you 687 00:25:51,039 --> 00:25:55,880 hedged against that risk? Something to 688 00:25:52,880 --> 00:25:55,880 consider. 689 00:25:57,919 --> 00:26:01,440 I don't normally do this, but I'm going 690 00:25:59,679 --> 00:26:02,799 to give give a comment. I'm with the 691 00:26:01,440 --> 00:26:04,240 Python. 692 00:26:02,799 --> 00:26:04,960 Please raise your questions in the form 693 00:26:04,240 --> 00:26:06,400 of a question. 694 00:26:04,960 --> 00:26:08,159 If you want to figure out how to give 695 00:26:06,400 --> 00:26:09,840 the Python Software Foundation money and 696 00:26:08,159 --> 00:26:11,520 support Python financially, do come and 697 00:26:09,840 --> 00:26:13,600 speak to me. I'm with the foundation and 698 00:26:11,520 --> 00:26:16,159 we would love to talk. 699 00:26:13,600 --> 00:26:18,480 Please do. So, 700 00:26:16,159 --> 00:26:20,960 any other questions? 701 00:26:18,480 --> 00:26:22,559 Yep. Right. 702 00:26:20,960 --> 00:26:25,200 Uh you mentioned a couple piece of 703 00:26:22,559 --> 00:26:27,279 legislation which as I got it sort of 704 00:26:25,200 --> 00:26:28,720 have liability and consequences for 705 00:26:27,279 --> 00:26:30,720 things not working properly. 706 00:26:28,720 --> 00:26:32,799 Does that imply to just the end product 707 00:26:30,720 --> 00:26:34,480 or also components like little libraries 708 00:26:32,799 --> 00:26:35,520 that'll say this has no warranty express 709 00:26:34,480 --> 00:26:38,159 or implied? 710 00:26:35,520 --> 00:26:40,159 Yes, it does. Um there is some nuance in 711 00:26:38,159 --> 00:26:41,279 it because in the original formulation 712 00:26:40,159 --> 00:26:42,640 it was going to apply to everything 713 00:26:41,279 --> 00:26:43,760 which would have meant that open source 714 00:26:42,640 --> 00:26:45,600 projects would have been liable for 715 00:26:43,760 --> 00:26:47,760 stuff they gave away for free. Uh people 716 00:26:45,600 --> 00:26:49,200 realize that that's not good. That'll 717 00:26:47,760 --> 00:26:51,679 basically kill everything. Also, it's 718 00:26:49,200 --> 00:26:53,679 not workable. Uh they were quite smart 719 00:26:51,679 --> 00:26:55,840 about how they've designed it. Liability 720 00:26:53,679 --> 00:26:58,240 actually flows through um through the 721 00:26:55,840 --> 00:26:59,760 supply chain. If and there's ways to get 722 00:26:58,240 --> 00:27:02,080 around it, but essentially if you're 723 00:26:59,760 --> 00:27:03,919 selling a product for free with and 724 00:27:02,080 --> 00:27:06,400 software is a product, then you are 725 00:27:03,919 --> 00:27:09,360 liable as a manufacturer, but also as 726 00:27:06,400 --> 00:27:11,360 someone who incorporates it. So both 727 00:27:09,360 --> 00:27:13,039 parties are liable and you can't just 728 00:27:11,360 --> 00:27:14,240 contract away the liability either. So 729 00:27:13,039 --> 00:27:16,080 you can't just say, "Oh, we'll sign a 730 00:27:14,240 --> 00:27:17,120 support contract and you are now on the 731 00:27:16,080 --> 00:27:18,559 hook for billions of dollars of 732 00:27:17,120 --> 00:27:20,240 liability." doesn't work that way 733 00:27:18,559 --> 00:27:21,679 either, but there's a bunch of nuance in 734 00:27:20,240 --> 00:27:23,760 it which I'm more more than happy to 735 00:27:21,679 --> 00:27:24,000 talk to people about. Another question 736 00:27:23,760 --> 00:27:26,480 there. 737 00:27:24,000 --> 00:27:29,760 Thank you. Yeah. 738 00:27:26,480 --> 00:27:31,919 Hello. Uh do you have any commentary 739 00:27:29,760 --> 00:27:35,679 about um the balance of I know that 740 00:27:31,919 --> 00:27:37,600 there's things about artists uh creating 741 00:27:35,679 --> 00:27:39,600 um work and then being told to monetize 742 00:27:37,600 --> 00:27:41,360 it straight away and a lot of hobby 743 00:27:39,600 --> 00:27:42,480 programmers are in the same kind of 744 00:27:41,360 --> 00:27:44,880 direction. Do you have any commentary 745 00:27:42,480 --> 00:27:47,279 about the balance of doing something 746 00:27:44,880 --> 00:27:48,799 that you enjoy in your own free time 747 00:27:47,279 --> 00:27:50,240 versus doing something that you then 748 00:27:48,799 --> 00:27:53,120 want people to pay you for versus 749 00:27:50,240 --> 00:27:55,440 something that you feel responsible and 750 00:27:53,120 --> 00:27:56,799 removing the joy from creating uh is 751 00:27:55,440 --> 00:27:57,200 sometimes the effect that I've seen out 752 00:27:56,799 --> 00:27:59,440 of that. 753 00:27:57,200 --> 00:28:02,080 Yeah. So it's it's tricky. Um on the one 754 00:27:59,440 --> 00:28:06,240 hand I would say yes it's like it's fine 755 00:28:02,080 --> 00:28:09,679 if you want to uh to a point. 756 00:28:06,240 --> 00:28:11,279 Um but I would it's nuanced. So on the 757 00:28:09,679 --> 00:28:13,360 one hand, if if that's what you want to 758 00:28:11,279 --> 00:28:14,480 do and it's and it's relatively minor, 759 00:28:13,360 --> 00:28:16,000 it's not a big deal because you're doing 760 00:28:14,480 --> 00:28:17,279 it for joy and for love. It's also a 761 00:28:16,000 --> 00:28:18,960 finished thing that doesn't need to be 762 00:28:17,279 --> 00:28:21,200 maintained. So a thing that needs to be 763 00:28:18,960 --> 00:28:25,039 maintained is a little bit more nuanced. 764 00:28:21,200 --> 00:28:26,799 But you also are part of society. So if 765 00:28:25,039 --> 00:28:28,159 you ignore what the rest of society does 766 00:28:26,799 --> 00:28:29,520 and you particularly if you are 767 00:28:28,159 --> 00:28:30,880 prominent in a field, I would say 768 00:28:29,520 --> 00:28:32,640 there's a greater responsibility. With 769 00:28:30,880 --> 00:28:34,480 great power comes great responsibility. 770 00:28:32,640 --> 00:28:36,640 So if you're a very powerful person in 771 00:28:34,480 --> 00:28:38,799 that particular ecosystem, what you do 772 00:28:36,640 --> 00:28:40,480 matters more. So if you are setting the 773 00:28:38,799 --> 00:28:42,799 precedent that hey all of you should 774 00:28:40,480 --> 00:28:45,120 work for free I'm fine because I have a 775 00:28:42,799 --> 00:28:47,440 trust fund because I inherited wealth. 776 00:28:45,120 --> 00:28:50,559 So I can totally work for free in the 777 00:28:47,440 --> 00:28:52,640 arts or in the library or wherever I 778 00:28:50,559 --> 00:28:54,000 want to do and we have a whole bunch of 779 00:28:52,640 --> 00:28:57,039 industries that are structured more or 780 00:28:54,000 --> 00:28:59,919 less in that way. That's not fair on all 781 00:28:57,039 --> 00:29:01,360 the people who didn't inherit wealth. 782 00:28:59,919 --> 00:29:02,960 There are of course other possible 783 00:29:01,360 --> 00:29:04,960 solutions to inherited wealth that are 784 00:29:02,960 --> 00:29:06,960 possibly beyond the scope of uh this 785 00:29:04,960 --> 00:29:09,600 particular talk but we are on collective 786 00:29:06,960 --> 00:29:12,159 action day today so we can also talk 787 00:29:09,600 --> 00:29:14,000 about that. I remain long guillotine 788 00:29:12,159 --> 00:29:15,520 futures. 789 00:29:14,000 --> 00:29:17,840 I think that's all we have time for for 790 00:29:15,520 --> 00:29:20,480 the questions. All right round of 791 00:29:17,840 --> 00:29:21,919 applause for Justin Warren please. I'd 792 00:29:20,480 --> 00:29:25,640 like to offer you that on behalf of the 793 00:29:21,919 --> 00:29:25,640 convention as a thank you.