Post by Ivan Dabić 
June 2, 2020 | 
This interview is with Justin Dorfman who is CodeFund’s Open Source Sustainability Lead and is responsible for growing the platform & championing the needs of the FOSS community. He also co-hosts and produces a podcast called Sustain (Sustain is a podcast that showcases resources and systems so as to reward open source contributions).
Ivan: Hey Justin, how are things with you?
Justin:
Hi Ivan, I’m doing relatively well.
Ivan: How have you been adjusting to the whole home-office arrangement lately due to C-19?
Justin:
I’ve been working remotely close to 4 years so not much has changed, however, I recently found myself working in my car for 1-2 hours a day to change things up. I even bought a power converter for my car. My neighbors have been giving me weird looks. 😂
Ivan: So, I believe we met back in 2012 in MaxCDN, I was working in the support team at the time and you had a role within the development team.
Justin:
I was actually in the marketing department working as a developer advocate & leading our open-source initiatives. Chris (Ueland) and David (Henzel) thought that was what I was born to do and they were right.
Ivan: I know once while I was working on a client’s issue you helped me and commented that your start in MaxCDN was in support as well. Since that moment I’ve started realizing how important it is for a useful member of the team to go through support experience by getting to know the product from the “other side”. Does direct contact with people while working on open source projects offer more quality products? I am guessing there are more frequent iterations through product milestone reviews?
Justin:
To this day I truly believe the support team knows the product better than anyone else in the company. I’ve come to realize over the 8 years working in the open-source community is that its foundation is people. Direct contact with people is required to build quality products whether they are open-source or not.
Ivan: Sharing knowledge is one of our company’s core values, so we truly understand the importance of sharing what we learn. Was this value the same one that attracted you to open source?
Justin:
When a friend of mine installed Mandrake Linux on my computer and showed me how to use KDE I couldn’t comprehend that I paid nothing to have access to something that looked so polished. I wanted to meet those people. This was around 1999 so there was no GitHub that I could go to and look at their profiles. Open-source back then was a black box for those who had no idea what they were doing i.e. me. That was my attraction to open-source. The mystery and how one day I could hopefully become a contributor.
Ivan: What is the health status of the open-source community today?
Justin:
I would say a lot healthier than it was a decade ago. While there are still issues, there are very bright people working on solutions and influencing executives at large, medium, and small businesses to do their part in contributing back any way they can. CodeFund recently onboarded a podcast called CHAOSScast which focuses on “Community Health Analytics Open Source Software ”. I highly recommend checking it out.
Ivan: What attracts enterprises to open source?
Justin:
Two-ways. The first is contributing back to a project that they can then sell. For example, Kubernetes has a lot of enterprises working on it because they can build profitable services on top of it.
The second is releasing projects that they have tight control over (no oversight/steering committees, etc) that they can then use for purposes such as recruiting top talent, branding, etc. Take React as an example, they have successfully recruited engineers like Dan Abramov that have written libraries that work great with React (Redux). As for branding, one project that comes to mind is Airbnb’s JavaScript Style Guide. There are two examples of enterprises with a combined valuation of $695 billion (at the time of this writing) using open-source working for them.
There are probably more, those two come to mind.
Ivan: Let’s say you are to start your new open source project and you find yourself with dozens of contributors. One of the most crucial milestones to overcome is security, so how does one make sure everyone working on it is aligned and working for the same cause?
Justin:
Starting with dozens of contributors (outside of a business) is like finding a leprechaun riding a unicorn. If you run `npm install` (or whatever package manager) and you see the hundreds of packages being installed are usually maintained by 1-2 maintainers (see https://libraries.io/experiments/bus-factor). These are the building blocks that the larger libraries/projects with dozens of contributors rely on. Not a lot of people know about that, they take the dependencies for granted. As far as security goes, you are only as strong as your weakest link. GitHub has done a great job of putting vulnerabilities front and center for maintainers and there are also start-ups like Snyk that have raised serious venture capital to address this very issue. Bottom line, don’t take your dependencies for granted. Check out services like BackYourStack.com to see how you can help these unsung heroes out.
Ivan: What do you see as the most common issues with starting the open-source project?
Justin:
I see the xkcd 927 problem. Developers love to build things, and a lot of times those things are already made. Whether it’s them knowing or not that a similar project is out there isn’t really the issue. The issue is today, it is extremely easy to start an open-source project, post a “Show HN” or submit to Product Hunt, get that 15 minutes of fame, then the issues start coming in and the maintainer lets the project go stale. I know that because I’ve personally done just that.
Another issue I see a lot is licensing. Just because it’s on GitHub/GitLab doesn’t mean it is automatically open source. Some developers don’t realize how important a role licenses play in people using your project. They should familiarize themselves with the “Open Source Definition” (OSD) and consider joining the Open Source Initiative (OSI). Also, take a listen to An Open Source History Lesson with Patrick Masson, General Manager, and Board Director of the OSI.
Ivan: How does an open-source project get support for its users? Do we still need to count on people to pitch in for the cause or is it the point where some company with a higher agenda may step in and fund support and development for the project in question?
Justin:
Yes, we definitely need people to pitch in. We recently interviewed Bogdan Vasilescu on the Sustain Podcast who published a paper called called “How to Not Get Rich: An Empirical Study of Donations in Open Source” The title says it all.
The way people can help projects are by telling the companies they work for to sponsor a project with consistent MRR via Open Collective or services like TideLift. Donations are awesome but they rarely pay the bills. There is another report released by the Linux Foundation which found that over 75% of the top maintainers for the 200 most active open source projects are paid to work on open source full or part-time.
This demonstrates that most large projects are sponsored by companies, but that happened because PEOPLE within the organizations made it happen. They educated their bosses who then pitched it to the C-Suite. The squeaky wheels get the oil.
Ivan: I know that people are often hiding their ideas and trying so hard to keep the “snake legs” hidden before the product is live so others don’t take their idea and monetize. Do you think this way of thinking can lower the quality of open source projects if people are saving their best ideas for monetization?
Justin:
That’s actually a great question and one that we are starting to see has an effect in the open-source community. The most recent example that comes to mind is Sentry who recently switched to the Business Source License (BSL) which is not an OSI approved license. Sentry started as an open-source project but then turned into a venture-backed start-up. They were running into the problem of people forking the code, creating a website that mirrored theirs and sold similar products as Sentry the company. David Cramer (creator & CEO) goes into more detail on The Changelog. The bottom line is, the BSL is not open-source by definition. It is “source-available” which has limitations, David acknowledges that in the episode. As much as I champion the OSD (open source definition) I can’t blame him. It’s either this or shut the company down and let the project go stale. For those thinking “well, just fork it”. Forks only come with code, git log, and if you’re lucky documentation. The project’s contributors/community doesn’t come with that, unfortunately.
Ivan: What do you think is the most common misconception about open source?
Justin:
- That it’s free.
- If it’s on GitHub, it’s open-source. Always check the license.
Ivan: How do people understand the difference between free software and open source?
Justin:
The definitions. The FSF has written the 4 software freedoms and open-source has the OSD. With that said GPL is an OSI approved license so too me, they are more of the same.
Ivan: You have contributed to some world-wide known open source projects like jQuery and Bootstrap. How did work on these projects shape your further work on open source projects and community?
Justin:
These projects are used on a massive scale. They have an organizational structure and really smart people working on the code, docs, infrastructure, etc. I am super lucky to have been given the opportunity and they shaped me to be a more sympathetic user of open-source software.
There are a lot of entitled users who will open an issue on GitHub saying things like “fixed it now!” Being on the other side of that I’ve seen the professionalism and thick skin that these maintainers (mostly volunteers) have. It made me realize that people get frustrated and say stupid stuff at the heat of the moment. Taking it personally isn’t an option when you have in jQuery’s case 74% of the internet STILL uses and Bootstrap which 13% of the top 1 million sites use BootstrapCDN.
Ivan: What is the world made of?
Justin:
Rock containing silicon, iron, magnesium, aluminum, oxygen, and other minerals according to a Google search I just did. =p
Ivan: We need to work on that last one 🙂 World has got to be more fun than that, hahaha. Well, thank you for your time, Justin, it’s been a long time and, we’ll surely chat more soon as I’d love to pick your brain some more 🙂
