← Graph

Reforging (or rather rebrewing) the support for open-source

talk 27 connections

Tomasz Donarski's wroclove.rb 2023 talk, structured in two parts. Part one catalogs the pollutants of the open-source landscape: maintainers with no sustainable funding (dramatized via the fictional-then-revealed story of Homebrew and Max Howell running out of money repeatedly in the Bay Area), the lack of industry understanding of OSS (log4j maintainers abused after the vulnerability; a Fortune-500 company demanding curl respond to a security questionnaire in 24 hours with no SLA), the depressing state of core-js (~30M weekly downloads, barely funded), the insufficient support for mid-tier gems (Peter Solnica's GitHub sponsorship progress bar), sabotage (the left-pad yank after an npm trademark dispute; colors.js and Faker.js deliberately broken by the author in protest over lack of sponsorship), malware (event-stream back-door stealing Bitcoins; typosquatted gems leaking environment variables to attackers; GitHub's estimate that 17% of OSS bugs are planted deliberately), and the failure of current support modes — sponsorship (only reaches the most visible packages; unicorns like Shopify can't manually sponsor thousands of transitive dependencies) and bounties (distract maintainers and risk hijacking libraries toward one paying customer's needs). Part two introduces tea by Max Howell — a new package manager (Homebrew successor), a centralized package registry, a reputation system, and a rewards engine. Tokens are distributed on a proof-of-stake blockchain through a mechanism called 'steeping': staking tokens against a specific library, with a fraction rewarding the steeper (incentive to start sponsoring), part going to the package, and the rest recursively split across its dependencies, so leaf nodes like core-js and log4j are automatically remunerated. Participants include maintainers, developers, supporters who tip tokens, and 'tea tasters' who validate new releases — backing their review with staked tokens and earning rewards (or getting slashed for malicious/negligent reviews, with responsible-disclosure workflow modeled after Rafał Rothenberger's Devise talk). NFT/multi-contributor design is work-in-progress; a revised white paper is due. Dedicated to Ukrainian Ruby committer Victor Shepelev. Q&A covers Hacktoberfest, Mike Perham's Sidekiq monetization article, whether developers should just learn sales and marketing, and how tokens translate to real money (currently unanswered — community-driven, similar to Ethereum; initial metric may be download counts, later runtime vs build-time dependencies and actual usage).

date
2023-03-31
type
talk
talk Reforging (or rather rebrewing) the support for open-source
about
tea project
The second half of the talk explores tea's design and how it addresses OSS funding problems.
talk Reforging (or rather rebrewing) the support for open-source
about
Homebrew tool
Opening fictional-then-true story of Max Howell cycling between day jobs and maintaining Homebrew.
talk Reforging (or rather rebrewing) the support for open-source
about
log4j tool
Used as an example of maintainers abused after a severe vulnerability and then forgotten once patched.
talk Reforging (or rather rebrewing) the support for open-source
about
curl tool
Cited as an example of a Fortune-500 company demanding a 24-hour security response with no SLA.
talk Reforging (or rather rebrewing) the support for open-source
about
core-js tool
Used as an example of an underfunded leaf-node dependency present in ~99% of websites.
talk Reforging (or rather rebrewing) the support for open-source
about
left-pad tool
Cited as a sabotage/yanking case that broke CI pipelines globally after an npm dispute.
talk Reforging (or rather rebrewing) the support for open-source
about
colors.js tool
Cited as an example of deliberate sabotage in protest over lack of sponsorship.
talk Reforging (or rather rebrewing) the support for open-source
about
Faker.js tool
Cited alongside colors.js as deliberate package sabotage over lack of funding.
talk Reforging (or rather rebrewing) the support for open-source
about
Event Stream concept
Cited as a social-engineering malware attack stealing Bitcoins.
talk Reforging (or rather rebrewing) the support for open-source
about
Max Howell person
Donarski's fictional developer story is revealed to be about Max Howell, and Howell is the creator of tea.
talk Reforging (or rather rebrewing) the support for open-source
about
Peter Solnica person
His GitHub sponsorship page and progress bar are shown as an example of an underfunded Ruby maintainer.
talk Reforging (or rather rebrewing) the support for open-source
about
Nate Berkopec person
Donarski references Berkopec's RubyConf EU argument that customers should pay the OSS maintainers they use.
talk Reforging (or rather rebrewing) the support for open-source
about
xkcd Dependency / Nebraska Problem concept
Donarski shows the xkcd comic to frame the fragility of OSS dependencies.
talk Reforging (or rather rebrewing) the support for open-source
about
Steeping concept
Steeping is explained as tea's primary mechanism for supporting OSS contributors.
talk Reforging (or rather rebrewing) the support for open-source
about
Tea Taster concept
The tea-taster role is presented as a third-party reviewer role staking tokens on release quality.
talk Reforging (or rather rebrewing) the support for open-source
about
Proof of Stake concept
tea's rewards are distributed as tokens on a proof-of-stake blockchain.
talk Reforging (or rather rebrewing) the support for open-source
about
npm tool
npm appears in the left-pad story and in typosquatting malware examples.
talk Reforging (or rather rebrewing) the support for open-source
about
Victor Shepelev person
Donarski dedicates the talk to Victor Shepelev, who is fighting for Ukraine's freedom and could not attend.
question How does tea's token scheme monetize?
asked_at
Reforging (or rather rebrewing) the support for open-source talk
Audience Q&A at the end of the wroclove.rb 2023 talk.
question Should OSS developers learn sales and marketing instead?
asked_at
Reforging (or rather rebrewing) the support for open-source talk
Audience comment during the Q&A proposing an alternative to tea.
person Tomasz Donarski
authored
Reforging (or rather rebrewing) the support for open-source talk
Donarski delivered the talk at wroclove.rb 2023.
takeaway Pay the open-source maintainers you depend on
from_talk
Reforging (or rather rebrewing) the support for open-source talk
Donarski endorses and extends Berkopec's 'pay maintainers' message in the talk.
takeaway OSS support needs automation, not goodwill
from_talk
Reforging (or rather rebrewing) the support for open-source talk
Central argument of the talk and motivation for tea.
takeaway 17% of OSS bugs are planted deliberately
from_talk
Reforging (or rather rebrewing) the support for open-source talk
Cited by Donarski as the unaddressed need that tea's taster role is designed to fix.
talk Reforging (or rather rebrewing) the support for open-source
presented_at
wroclove.rb 2023 event
Presented during the wroclove.rb 2023 single-track program on 2023-03-31.
talk Reforging (or rather rebrewing) the support for open-source
related_to
Devise pitfalls and way to tighten security talk
Donarski cites Rafał Rothenberger's 2022 Devise disclosure as the model for how tea tasters would handle negative reviews responsibly.
event Hacktoberfest
related_to
Reforging (or rather rebrewing) the support for open-source talk
Q&A at the talk noted that Hacktoberfest's 11th edition was starting next month as a way to begin contributing to OSS.

Provenance

Created
2026-04-17 16:17 seed
Last updated in
Reforging the support for open-source (wroclove.rb 2023) 2026-04-17 22:12
Read by
13 extractions