FLOSS Weekly Episode 693 Transcript
FLOSS Weekly Episode 693 Transcript
Please be advised this transcript is AI-generated and may not be word for word. Time codes refer to the approximate times in the ad-supported version of the show.
Doc Searls (00:00:00):
This is FLOSS Weekly . I'm Doc Searls. This week, Jonathan Bennett and I talk with Avi Press of Scarf. Scarf the company, not Scarf what you wear. Scarf does open source software analytics. They look at how your open source software is being used, but do it in a privacy respecting way. This is a really tough line to ho and we go really deep into it. It's a very interesting show and that is coming up. Next
TWiT (00:00:29):
Podcasts you love from people you trust. This is TWiT.
Doc Searls (00:00:37):
This is FLOSS Weekly episode 693 recorded Wednesday, August 10th, 2022. Open source analytics with Scarf. This episode of Floss Weekly is brought to you by I R L an original podcast from Mozilla. IRL is a show for people who build AI and people who develop tech policies hosted by Bridget Todd. This season of IRL looks at AI in real life search for IRL in your podcast player and by new Relic use the data platform made for the curious, right now you can get access to the whole new Relic platform and 100 gigabytes of data per month. Free forever. No credit card required. Sign up at new relic.com/floss. And by collide that's collide with a K collide is an end point security solution built around honest security. You can beat your security goals without compromising your values. Visit collide.com/floss to learn more and activate a free 14 day trial today. No credit card required. Hello again, everyone. I am Doc Searls. You are not. That is a good thing. This is FLOSS Weekly , and I am joined this week by Jonathan Bennett, who should appear on screen if a prep correctly. <laugh> we had few glitches coming into the show.
Jonathan Bennett (00:02:05):
<Laugh> hopefully my audio won't hang and my video won't hang, you know, y'all were giving me giving me trouble about running bleeding edge kernels. Like no, no. Today I'm on a stable one. It should, everything should work. <Laugh>
Doc Searls (00:02:17):
There's well Murphy's law always applies sooner or later. Murphy Murphy, if something will break. Yes,
Doc Searls (00:02:23):
Yes. Yeah, yeah. Nobody has nobody ever talks about what can go, right? We'll go. Right. We kind of rely on that all the time, but you know, there's, it's, it's a less interesting law <laugh> there's so, so because as, as always R late start, our, our guests far, Avi Press of Scarf. Are, are you familiar with his work there with Scarf?
Jonathan Bennett (00:02:49):
I am not. And something I need to get after him about is he has not picked a Googleable name. So when you go to start a project, one of the bits and advice that you're given is check Google for your project name and see, can you get easily on the first page of Google results? And I gotta tell you, when you Google Scarf, you get Scarf, you're gonna get a cool open source project. <Laugh>
Doc Searls (00:03:12):
You're gonna get things. So so let's let's not delay too long in this thing and, and bring him on. So Avi let's have you come up on screen for those of you, us who are not visually impaired. There we are. Excellent. Oh, hello. So you're in a room where, where is that room on, on earth?
Avi Scarf (00:03:29):
Yeah, I'm in my house in Oakland, California,
Doc Searls (00:03:31):
Oakland, actually, I'll be passing there. <Laugh> in a couple weeks. I'm in, I'm in a basement in Bloomington, Indiana. Not that you can tell from looking at things. <Laugh> and Jonathan you're, you're still in Oklahoma somewhere. I hope.
Jonathan Bennett (00:03:44):
Yeah. Corporate headquarters here at the home office in Southwest Oklahoma. It's not the middle of nowhere, but we do have a town called that. Not too far from here. <Laugh>
Doc Searls (00:03:53):
Towns in towns in Indiana are named after other places there's Columbus and Nashville. And I don't know, just, it seems like everywhere you go there's but I went to French lick last weekend and there's only one French lick. So so, so anyway, let's, let's get going. So, so Avi well, first I could ask you what made you choose Scarf giving gay, given Jonathan's pushback on that?
Avi Scarf (00:04:15):
<Laugh>, it's a, a very fair critique. The, the name Scarf came from really the first thing that I built for the company Scarf, which was a very novel and a bit extreme idea, which was a system package manager that would install binaries and, you know, just any kind of program on the machine inside of a rapper that would be able to capture things like analytics for maintainers. So, you know, if binary crash, you could get crash reports, you know, figure out, find out what flags were being passed, these kinds of things. And so this idea of wrapping was something that I was riffing on. And I also wanted it to be easy to type from the command line. And just the name Scarf came up and it kind of fit the criteria. That's
Doc Searls (00:04:56):
An easy one.
Avi Scarf (00:04:57):
Yeah. We stuck with it. Yeah. We stuck with it.
Doc Searls (00:05:00):
Yeah. So yeah, that's, that's interesting, like in the Unix tradition, you know, the shortest possible blast of key strokes that should cover it. So, so, so tell us a bit more about, you know, how you got from that to the company and what it does and where it's going.
Avi Scarf (00:05:20):
Yeah. So at a very high level, Scarf is all about getting maintainers of open source projects. You know, companies building open source projects, just any open source project creators, better data about how their work is being used. So we provide some, some of the most advanced adoption and download metrics that you can get anywhere. And really the company is all about trying to help open source creators, be successful in whatever that means to them. And so our business today works with a lot of companies that build open source projects, and we help them get a better understanding of who their potential customers are, so they can go connect with them and sell whatever it is they're trying to sell while still keeping, you know, know things just as free and open for everybody else.
Jonathan Bennett (00:05:59):
<Laugh> all right. Hey a, so it, it sounds like you guys are, are doing tracking of users. Does that make you the bad guys? I say this very tongue in cheek, but you know, this is something that, you know, people kind of go back and forth and, and in some cases is, is really a problem. How do you do analytics with, you know, without being over the top about it, let's put it that way.
Avi Scarf (00:06:23):
Yeah. We've gone through a lot of trial and error here to figure out what works and what doesn't. So at the very beginning, like I said, with this package manager, these kinds of phoning home telemetry mechanisms proved to be very, very unpopular with end users. And so ultimately what we do is we, we try to navigate the you know, the opinions of the open source community about what's good and what's not when it comes to analytics and telemetry. And so today we're actually able to give maintainers quite a lot of information without tracking any personally identifiable information whatsoever. Even just the notion of, you know, if you're, if you're open source package had 10,000 downloads this week, how many of those downloads were unique or what companies were behind those downloads or where in the world were they coming from?
Avi Scarf (00:07:14):
And we can expose a lot of that data to maintainers without actually tracking any individually or personally identifiable data, which I think is some of the key innovations here. And one of the things that we've learned from trying various mechanisms for collecting this information is that really what was really unpopular with people was the idea of like these analytics calls that send data off to some, you know, to Scarf or, you know, whoever some third party. And so instead, what we do is we try to actually augment package registries is, is one of our primary ways of collecting this data. And that way the data can really be, can be captured and exposed to maintainers without, without instrumenting any code without any kind of phoning home which is much more you know, accepted by end users and gets maintainers really valuable data, which kind of seems to alleviate both ends of this, but really to answer your question, yes, we are happy to, you know, we're trying to navigate and are okay being the bad guy while we figure out what is the best way to do these kinds of things.
Avi Scarf (00:08:23):
And at the end of the day, maintainers need this data and we will figure out how to get it to them.
Jonathan Bennett (00:08:29):
Yeah, absolutely. You know, I, I'm involved with some open source projects and there's this kind of lonely feeling if you <laugh>, if you don't know what people are doing with your project. Yeah. If you don't know if anybody's using them, you know, on, on the extreme, if you don't even see any download numbers, it, it can be really disheartening to, to put effort in and like, okay, I know I'm using it, but I have no idea how many other people are. And so it seems like there does, there has to be be on some level, there's gotta be some data crunching to, to figure out, you know, is, does anybody actually find this useful? And then you can go beyond that. And there's been some projects that have done things like some analytics to figure out what features are people using in the project.
Jonathan Bennett (00:09:16):
It was I think audacity when a new owner bought out audacity, it's one of the things they wanted to do. They wanted to add analytics and they wanted to see all it. What features are people actually using to, to be able to figure out which of these features should they put their engineering effort into, and that did not go over very well with the community. Now, part of it was that they didn't communicate very well ahead of time. This is what they were going to do. And I think also when they first rolled it out, it was not an opt in, it was a very kind of OPEG opt out. And it sounds like some of those, those very same things to what you guys have thought through. And so do you have does Scarf provide any code that you run kind of in the binary on the user's machine and how does that get handled?
Avi Scarf (00:10:08):
One of the first things that we built that actually had any sort of traction was an NPM package where all it would do, you'd add it as a pendency to your NPM package, and then it would run a post-install hook. So your package gets installed on user's machine Scarf gets installed, and then all it does is have one post-install hook that just sends the version of the package up to us. And so in that way, yes, there was code running on the machine. It was very transparent about what was happening. And so here's the package that is including Scarf. You know, here's what data is being sent. Here's two different ways to opt out. Here's how you can see the JS O payload, all of these things. But just that notion of, you know, this, this, this hook, this analytics call, it was, it, it, it encountered quite a bit of pushback for these reasons, which has caused us to really prioritize other mechanisms that don't do that.
Avi Scarf (00:11:04):
But I think it's one of those things that over time, maybe more and more accepted as more you know, as, as that, as that might make sense for more and more projects. But yeah, we definitely learned that a, the way you communicate this really, really matters the way that you collect the data really matters, even if it's the exact same data, you know, it matters how you are getting it. And, but, but ultimately I think the real, one of the key insights that has led to the product offering that we have now is just that if you actually hook into the, the distribution channel, you know, the package registries, the artifact registries, that's a much more effective place to collect this data that doesn't really have to do all of those things. So ultimately we still provide our, these SDKs that have this kind of telemetry in them, but they are not growing like the other tools that we have.
Jonathan Bennett (00:12:00):
Yeah. And I can imagine people are more acceptable of that because when you download something there's, if, if you're tech savvy at all, there's this, this notion that, okay, my IP address is gonna show up in their logs. Like, that's just the way the world works. It's the way Apache works by default. You know, you, you go and you grab sentos one of the Sento at one of the re clones. You install Apache, you put it up online somewhere. And just by default, it's logging people's IP addresses. So you have this matchup between, oh, Hey, look, this IP address came in, downloaded this file. And everybody is sort of realizes that and is okay with it. So it seems like that's a a much safer way to go about collecting collecting data. Go ahead.
Avi Scarf (00:12:46):
Oh, I was just gonna say, yeah, like it fits people's expectations. I think like you, you don't really want to be collecting analytics at a time. People are not expecting it and people yeah. Basically understand that when I go on the internet, it has to, I have to go ask a server for some data, and there's no way to do that without, you know, making that, that, that call on the internet.
Jonathan Bennett (00:13:08):
Now I'm real curious. We may be getting down into the weeds with this, but you, you mentioned this idea of personally identifiable data. And there's a, there's an acronym that goes with that. And I wanna say it's PII. Yeah. Personally personal identifiable information. And one of the weird things about that is the definition of that changes depending upon what country's laws you're dealing with. I believe in Europe, even in IP address is considered PII. I'm curious, how do you, how do you deal with that? Are, have you gone down the road of hashing IPS? Yeah, we, we have this many individual ones, but we, we don't know what they are. <Laugh>,
Avi Scarf (00:13:42):
That's exactly right. Our system jumps through a ton of hoops to do this the right way. And so what Scarf does is that when we, you know, when, when a download for say a Docker container comes in we will look up all the metadata that we can about the IP address. So, you know, where in the world it came from, if it's associated with a business or a cloud provider, we'll grab all that information. But then we hash the IP and like overwrite their IP address. So if scar for, to get hacked, we don't really have IPS to leak. And the maintainers never actually touch that information. And our whole analytics pipeline is kind of built around this idea that as soon as we process any personally identifiable information, which is really just IP address is kind of the main thing that we have to deal with here. We get rid of it proactively as soon as possible. So we have to handle it as little as possible.
Jonathan Bennett (00:14:35):
That's one of the most interesting places for an online business to be, obviously you, you don't want your database to get breached regardless, but it's, it's real interesting to me, the people that can say, you know, if we get hacked, there's nothing really of value that we're going to lose. All of our, our code is open source and all of our data is scrubbed. So it's not really that big of a deal. <Laugh>
Avi Scarf (00:14:57):
We just gotta take all the measures that we really can handle the data as safely as we can to, yeah, there there's, there's just this optics problem in with just doing telemetry and open source, you know's historically vary against the grain. And so we just have to do every, every single thing we can do to, to, you know, push this forward, get maintainers the information they need and keep their users happy.
Doc Searls (00:15:21):
I, I have a question about how that can be generalized outside of your own experience, because I think it's a really interesting thing, but first I have to have to support the podcast by telling you that this episode of plus weekly is brought to you by I R L an original podcast from Mozilla. IRL is a show for people who build AI and people who develop tech policies. It's hosted by bridged Todd and this season, IR L looks at AI in real life. Who can AI help? Who can it harm? The show features fascinating conversations with people who are working to build more trustworthy AI. For example, there's an episode about how our world is mapped with AI. The data you're missing from those maps tells as much of a story as the maps themselves. You'll hear all about the people who are working to fill in those gaps and take control of the data.
Doc Searls (00:16:12):
There's another episode about gig workers who depend on apps for their livelihood, that looks at how they're pushing back against algorithms that control how much they get paid and seeking new ways to gain power over data, to create better working conditions for political junkies. There are episodes about the role that AI plays when it comes to the spread of misinformation and hate speech around elections, a huge concern for democracies around the world, all of those, by the way, I've been writing all week about this kind of stuff. <Laugh>, and this, this is an excellent podcast that covers, that covers so much of this, our agency, the word agency, big deal word right now. And I've been writing about it for 10 years is finally caught on, and it really matters. These guys know what they're talking about. So search for IRL in your podcast player will also include a link in the show notes, my thanks to IRL for their support.
Doc Searls (00:17:08):
So Avi, it seems to, you were saying is, is against the, against the grain. I mean, the, the, the privacy sensibilities of open source folks are like it, what extreme, but it's actually an extreme where everybody needs to live. So so I'm wondering if what you're learning in working against the grain can be generalized in a way I, you thought of publishing insights that you've gotten out of this, or, or, you know, sharing them more widely. Like what, what are the best practices here? I know at Linux journal we we drop Google analytics cuz go, Google analytics like knew too much about people, you know, as it were. So just wondering what you have to say about that.
Avi Scarf (00:17:49):
Just, just to clarify, are you asking about publishing our findings when it comes to the open source data that we are collecting or no,
Doc Searls (00:17:56):
No, no, no.
Avi Scarf (00:17:57):
What gets the grain broadly?
Doc Searls (00:17:59):
No. Working gets the grain of, of, of,
Avi Scarf (00:18:02):
Yeah.
Doc Searls (00:18:02):
You know, I'm, I'm talking about privacy, basically just privacy period. You know, what are the, what are the best, you know, you're, you're living in a, in a world where people have concerns, you're addressing those concerns you have learning is coming out of that that might be useful to outside your home domain as it were.
Avi Scarf (00:18:24):
Right. Yeah. It's it's actually not something that has, has come up for us to do before, but we really should. I think it's a great idea. You know, I, I would definitely, I would say things to the, you know, to the effect of like people's expectations matter a lot and, and the way that you collect the data matters just as much as the data you're collecting. And yeah, just a lot of very hard fought principles like that as well. But I think the, one of the other really cool things that has come up from all this work that we are doing is that even in times where people were pushing back against, we were doing very, very passionately. Those people were very amenable to get to sit down and talk with us about their opinions so we could work through them.
Avi Scarf (00:19:12):
Cuz I think one thing that, that people seem to really agree on is that we need to support open source maintainers information like this is a way to do it and we do want to get it to them, but it's just a question of what is the right way to do that. And similarly I think when it comes to these kinds of privacy questions I think it's, it's not really a matter of should this data exist or not because the reality is package registries, container registries today, already have this data. It's really a question about who should have access to it. And you know, our opinion here is that if anyone's gonna have access maintainers open source creators absolutely should be one of those parties. Rather than just, you know, the platforms that they happen to be locked into.
Jonathan Bennett (00:19:59):
All right. So you guys are all about collecting data for open source projects. I'm curious when it comes to the open source, do you eat your own dog food there? Have you made, have you made a, a bunch or all of these tools open source in and of themselves?
Avi Scarf (00:20:13):
Yeah. Great question. We are open sourcing as much as we can as early as we can. So you know, our SDKs are open source. We've also open source a couple. For instance, we, we have a backend library that generates our server stubs from open API specs. So we've released an open source project called tie. Our, our main flagship products, Scarf gateway, which is the, the package registry proxy and redirect layer that is kind of a foundational piece. That's the one thing that has yet to be open sourced cuz it's been undergoing some very substantial rewriting, but it will be open source as well. And yeah, I mean, in general we try to embody all of the values of open source as much as we can. And so part of that will be opensourcing every piece of code that we, that we are able to.
Jonathan Bennett (00:21:02):
So you, you foresee a future where for little tiny projects where it may not make sense to bring Scarf in as kind of the, the entity offering, this is a service I can just go and, and check out Scarf code and set it up on my own little web server instance and get information about you know, how many people are downloading this. Well, yeah, let me, let me ask that and then I have a follow on to that, but let, let's talk about that first.
Avi Scarf (00:21:28):
Got it. So yes, definitely. Is the answer like we, we very much want people to be able to just go grab Scarf components and then also, you know, contribute to them and comment on them, et cetera. But I think one of the key things here with, you know, the idea that the, the, the, the phone home style of tele telemetry being a lot less popular with end users, is that really having some kind of, you know, augmentation towards package registries is really where a lot of this stuff ultimately needs to go. That is kind of the, the, the best place for a lot of this data capture to live. And unfortunately, a reality is is that hosting your own package registry or artifact registry is just very expensive to do if you want to be used in a production, great environment and around the world. And so yes, we will definitely make our tools very you know, self hostable and easy for anyone to just get started with. But we also wanna make sure that infrastructure is, is hosted by, or, you know, is, is provided by us as well, so that anyone can actually just go use it in a way that, you know, fits into these best practices that we are developing and refining.
Jonathan Bennett (00:22:39):
So based on that I kind of have to conclude that Scarf is really intended for kinda like NPM Python packages, things where you get very, very high download rates and, and not so much your sea libraries where most of the downloads actually come through, you know, your, your distro repository and only a few handful of people actually go and grab the tar ball. It sounds like you're, you're kind of over in, you know, no JS land.
Avi Scarf (00:23:12):
You know, so today the, the majority of the traffic on our platform is to Docker containers and to, for instance, like binaries and tarballs on like GitHub releases and those kinds of things, we can sit in front of just arbitrary URLs and URL patterns. And so, yes, I think the, you know, the, the like language level libraries are a really natural place to sit in front of. But when it comes to things like you know, Linux packaging and these kinds of things, yes, we can sit in front of those tarballs or we can also just sit in front of like, you know, like a Debbie in repository or these kinds of, of things as well. It's very flexible in this way. And I think in the long run, there's gonna be really good opportunities for us to help, you know, even different like Linux distros start to share information about how different, you know, packages are being used across those distros cuz you know, as a, as say like, you know, a C library author, these kinds of things, it's really hard to like aggregate all of these statistics across all the different repositories and, and and you know, packaging systems that you might be found in.
Avi Scarf (00:24:16):
And so, you know, I think ultimately the thing here is just that I think it, it will be a good thing if maintainers have a bit more, you know, observability and control over the way their code is being distributed and have just some, some you know, visibility into what is going on. And these, these distribution channels are kind of a very natural place to be instrumenting, those kinds of things.
Jonathan Bennett (00:24:41):
All right. I, I had a thought occurred to me and I hit on this because I think it, it might help people feel better about you guys <laugh> running Scarf can actually give your end users more privacy, can't it? Because we, we, we covered this at the top of the show, but you know, when you go and you install Apache say you have logging turned on by default, which means everybody that visits their IP addresses are stored in that log. Whereas when you turn the Scarf tools on I would, I would imagine that that would essentially replace a lot of that logging. And so by going to Scarf, you then are in a, a world where you don't have IPS in your logs and you would end up, you would end up a little bit more privacy respecting, let's say by using these tools, as opposed to just the default that all of our Linux distra shipped with. Is it, am I thinking in along the right lines here? Is that right?
Avi Scarf (00:25:43):
I think this is close. So one, one important thing to note when it comes to our our registry gateway tools is that we're actually not hosting the artifacts. We're merely just redirecting traffic to it so that, you know, someone can say distribute binaries on their own domain, even when those binaries actually live on like, you know, AWS or GitHub or something like that. And so, yes, we are not going to be logging IP addresses that can leak, but you know, the, the actual host of these artifacts might be doing that. But what's really crucial to mention here is that because we are letting or we're, you know, we're enabling people to easily start to distribute software from their own domains. There are no longer actually locked into these registries. And so if you're using Scarf, distributing packages through your own domain, and then, you know, six months later, your host provider says, we're actually gonna start collecting all of this invasive data deal with it.
Avi Scarf (00:26:40):
Basically we give you these tools for free, and this is, is what we're about to do today. You have to have the very disruptive, you know, cut over to some new registry, start pushing things there, get all your users to now go to this new place. Some people are not gonna get updates anymore, cuz they're never gonna update. With Scarf, the URL that users are going to doesn't have to change. You can just, you know, reconfigure where we're pointing that traffic to, and that way it's decoupling the project from the place where they store their artifacts, which I think is giving maintainers more choice over where they host their, their software basically means that the end users benefit because the maintainer can now switch and pick the best tool for them, not the one that they're locked into because it's just what everybody is using.
Jonathan Bennett (00:27:29):
So mechanically speaking of Scarf actually has a similar a similar model to something like CloudFlare. You, you guys have almost moved into the realm of being a CDN then haven't you,
Avi Scarf (00:27:40):
It's very close. Yeah. And I think our, our infrastructure is also moving that way to be more CDN, like over time you know, for like, I mean, we serve a lot of bandwidth than just optimizing that saves us lots of money. So yeah, we're kind of moving in that direction, but I think overall, like this is just one of the tools like we still do have, you know, these SDKs that, that lots of people are using. We also have things like pixel tracking for open source docs. You can actually start to see like what part of my docs are most confusing of people who visit my docs? How many of them actually go download, you know, the, the, the artifacts of those people, how many do we see upgrade? And so you can start to actually watch you know, watch the user journey with your open source and start to optimize it for, for whatever it is that you're trying to achieve. But I think what you're saying here with kind of the, the, the CDN approach. Yes. I think the distribution channels for which we distribute software from my machine to yours is a very, very good place to be to be giving more leverage to the actual creators of the content.
Jonathan Bennett (00:28:49):
Yeah. So it'll be interesting to see. And as, as the company grows and as time goes by, which becomes your killer feature, you know, right. Are people gonna get more excited about, oh, there's this CDM that's made specifically for open source projects or, you know, it, it helps me figure out my documentation or it gets me, it lets me see how many downloads I'm getting. And I, I kinda like this idea of, of, okay, we've got this kind of this core competency and then we've got multiple multiple different tales coming off of it. And, and some of those are gonna be more useful to people than others. And I think that's real fascinating when you see company do that.
Avi Scarf (00:29:26):
Yeah. I mean, I think with open source, like a lot of different places, there's not really a good one size fits all for a lot of projects. And so we definitely have to build lots of components that fit together really well. And just the trick is figuring out the best ones to do in the right order and just to, to have, have the most impact that we can have as quickly as we can.
Jonathan Bennett (00:29:45):
Yeah. absolutely. So we we've gotten some questions from the from the chat room <laugh> and as you, as you might guess, the Flos weekly crowd are also a little skeptical <laugh>, that's fair of anything that's telemetry. And let's see, let me see if I, can I condense a couple of these we've got one guy that's asked the couple of questions and essentially he says, what, what qualifies you to have access to this data? And I think, I think there is an interesting question in there. And then he also asks is if, if the telemetry is done, you know, on the user's machine, how long does that code stay there? Like how, how what's the, what's the half life, what, what's the lifetime of that code in, in your, your different your different techniques for doing this? Is everything pretty much just that post-install hook that it runs once and then it's done, or do have you guys developed some tools that have a longer lifetime than that.
Avi Scarf (00:30:52):
Right. So today we have nothing with a runtime footprint when it comes to SDKs or just code that's actually being installed on the user's machine. It is purely at build time. And that's, that's the only kind of hooks we do. I think in the future, for some projects, we may do more you know, kind of like product analytics for open source projects, but there's already other companies that, that are doing this and doing it very well. And so that's not really the realm that we are trying to step into right now in terms of what qualifies us to be collecting this data. Really this is the maintainers that decide to use Scarf. If the maintainer decides that this trade off is right for them they will, you know, they will start to instrument, Scarf and you know, update their docs so that download URLs, et cetera, are updated to be Scarf powered.
Avi Scarf (00:31:47):
And so really this is a project by project kind of decision and surely using Scarf is not appropriate for all projects. I mean, we, we, we would like it to be one day. But ultimately this is, this is a, a decision that is just made by the people building the software. And if this kind of data can give them the tools they need to maintain their project better then they'll, you know, they'll, they'll make that, that decision. But I think, you know, it's, it's, it's worth, it's worth mentioning that when it comes to the tools that we use in our everyday lives, you know, whether that's, you know, Google products or, you know, whatever app you might wanna look at on your phone, we all make these kinds of trade offs with, you know, the, the utility that we are willing to get from a piece of software to, you know, the trade off of you know, what kinds of data we're willing to provide them to do that.
Avi Scarf (00:32:40):
And I don't think we should be saying open source maintainers should never collect anything and like hold maintainers to this higher standard than we hold Google. I think with any kind of product, it's just the trade offs that you're wanting willing to make. Some amount of value is worth some amount of, you know, anonymized data that you might be willing to provide, but ultimately with all Scarf tools, you can opt out. We respect, you know, do not track headers that come through. We will not track those things. We always wanna make sure there are ample ways to say you know, I, I don't want this, my, you know, my data being being used and we will always always respect those things. We only, we just wanna have the Gar, you know, the defaults, the, the path of least resistance to be one where people are always contributing to the open source that they use. This is a really great way to do that while still giving the, you know, the same kinds of mechanisms to, to opt out like any other kind of thing on the web.
Doc Searls (00:33:36):
You know, I, I, I wanna get into some of your discrete offerings cuz you actually have products and services that you sell. And so I'd like to give you a chance to, to detail those a little bit. But first I have to let everybody know that this episode of Flo weekly is brought to you by new Relic. I know lots of devs and some of you're the most curious people, the first to explore the newest tech, digging into documentation, not only wanting to know how things work, but why that's exactly why so many engineers turn to new Relic, new Relic gives you data about what you build and shows what's really happening in your software life cycle. It's a single place to see the data from your entire stack. So you don't have to look into 60 different tools and make those connections manually.
Doc Searls (00:34:19):
New Relic, pinpoints issues down to the line of code. So you know why the problems are happening and can resolve them quickly. That's why Devon ops teams at door dash GitHub, epic games, and more than 14,000 other companies use new Relic to debug and improve their software. When teams come together around data, it allows you to triage problems, be confident in the decisions and reduce the time needed to implement resolutions, using data, not opinions. So use the data platform made for the curious, right now you can get access to the whole new Relic platform and 100 gigabytes of data free per month forever. No credit card required. Sign up at new relic.com/floss. That's N w R E L I c.com/floss, new relic.com/floss. So, so obviously, you know, looking at your website and you've got you've I see there are four products listed S STKs for package authors, the Scarf gateway, which gives you the advanced metrics, documentation, insights, and support. So tell us how you pull 'em apart. People come to you for something, which one of those are they getting, they getting 'em all at once. They're getting them separately. How's that how's that work. If there are, are customers out there that wanna use you?
Avi Scarf (00:35:39):
Yeah. So when it comes to our analytics tools, all of those are provided for free. So, you know, whether it's the, the registry side downloads with Scarf gateway. Yeah. The packages Ks for these kinds of post installation metric collection, as well as the documentation analytics. So those, all of those anyone can, can come in and do. And I think the, the open source support aspect to what we do is that if we can help a project, you know, uncover look, these, these five companies are using your library. Here's the versions they use, you know, here's the platforms they're using it on. We can help those projects get in touch with those companies to broker things like a support contract or to, you know, ask the, ask the company to sponsor them or, you know, what, whatever kind of business model those projects might be, might be working with.
Avi Scarf (00:36:34):
We, for our customers, we do sell like premium tooling on top of these kinds of analytics. So we can do things like lead gen and figure out kind of the right people they should be getting in contact with for like their sales teams, if they have one we can also allow things like raw data export and have, you know, like unlimited data retention windows for customers that want to be able to, you know, go two years back and have line by line you know, data at the ready or, you know, things like data integrations as well for if you wanna push that data to like, you know, big query or these kinds of things or segment. And so ultimately this whole platform is, is just a bunch of pieces that fit together to give you the best picture of how users are using your open source and the best ways that you can you know, connect with those users to, you know, get in, get in touch and get in touch with people, find new, you know, advocates and evangelists find new customers, et cetera. I think it's just our goal to help open source projects generally be successful with whatever that means to them. So whether that's building a successful business or whether that's just knowing that your work has impact and how, and, and optimizing that impact and making sure you're working on the right things and not spending your time on things that matter less.
Doc Searls (00:37:55):
So tell us a bit about your team. How, how big is it where you distributed? Are you, and I know you're in Oakland it started as your, your itch that you scratched and it's obviously bigger now. So tell us about that a little bit.
Avi Scarf (00:38:08):
Yeah. yeah, so this all started, I guess, almost four years ago now. And I was just building projects that were, I was just building things that were helping alleviate this issue of, it's really hard to know how my open source is being used. Fast forward to today. The company is 15 people distributed around the Americas in Europe. We have some, yeah good bit of our developers are in Europe and some in south America on the east coast we're really spread out. I'm actually the only one in California as, as it's kind of shaken out with high building a company during COVID, we don't really have, you know, a central head office or anything like that. It's all distributed. But the kind of cool part about that, that I really like is just that the company has a, a feel like working on an open source project. A lot of the time where we're, you know, collaborating online with a lot of people who just live and breathe open source. We were fortunate enough to raise some VC funding for it, which is what was, you know, allowed us to, to hire people and build this, you know, very complex and big piece of infrastructure that keeps people's packages very FA quickly available anywhere around the world.
Doc Searls (00:39:21):
I, I, I'm curious, you say you're the only one in California, so you may be the only one even in a Pacific time zone and having lived in a Pacific time zone and worked with people in Europe and on the east coast and beyond, I, I find that I'm getting up at like 2, 3, 4 in the morning. Are you doing that? Is that part of your
Avi Scarf (00:39:38):
Life? <Laugh> it's it's getting earlier and earlier I try not to wake up that early if I can avoid it. But yeah, I think the, the reality of a distributed time zone team is sometimes it's tough to manage, but the, the team is really, really great and talented. And so O overall, I, I, I, I love, I, I love what I'm doing. But yes, I think the, the, these attributed time zones definitely poses quite a challenge.
Doc Searls (00:40:05):
<Laugh>
Jonathan Bennett (00:40:07):
I, I've gotta, I've gotta jump in and ask one of the questions. I, I love asking guests and I figure this may be an interesting one here as well. What's something odd or unexpected that a company or an individual has done with your code and tooling.
Avi Scarf (00:40:23):
Hmm. Unexpected. I'm trying to think. I mean, one of the, I mean, one of the things that we, I wouldn't say it's odd, but it, it wasn't something that we were, you know, immediately thinking was what happened was just that a lot of Scarfs data was powering like logo walls on people's read MES and these kinds of things of like, oh, here's all the companies that use our tool and kind of using Scarf data as like a marketing tactic for their project to say, like, look, if these companies trust us in production, it's gonna be fine for you too. So that's been very cool to see, and then the other thing that's been great is everything on Scarf is drivable via our API as well. And so some people have made like slack bots and these kinds of things of like pulling Scarf data out and having a slack bot give you a breakdown of all the new companies and, you know, dump that raw data into influx DB or these kinds of things.
Avi Scarf (00:41:20):
And so it's been cool to see what people build on top of our platform which also I think is, and, you know, these things are always open source as well. So it kind of just continues to strengthen the community in that way. Oh, and I guess the one other thing that I can mention as well is one thing we weren't expecting you know, Scarf gateway was designed to sit in front of people's packages on people's registries, but people have actually just put their like entire website behind it as well. Which was not something that we were expecting then you basically are just getting like, kind of these web analytics with absolutely no cookies or any JavaScript or anything which is not a use case that we had in mind and still not one that we've really optimized for at all. But I think it's been very interesting, cuz like you could technically use Scarf gateway to like host podcasts or like any file or URL on the internet. So it's kind of turned into this like very powerful link shortener thing that is really optimized for open source packaging <laugh>
Jonathan Bennett (00:42:20):
Yeah. You know, there could be some legs to that idea of putting podcasts behind it because I, I know with the TWI network we have advertisers, so we have to do some analytics to keep the advertisers happy and let's
Avi Scarf (00:42:32):
Talk, we should be <laugh>
Jonathan Bennett (00:42:35):
Hey, I am, I am not the man wearing the hat that makes those decisions, but we'll, we'll poke him and he he'll watch the podcast maybe <laugh> but it it's, it's a challenge. It's a challenge for everybody. And I'm, I just have to say, I'm glad to hear that you guys are going through the struggle and trying to do this right. And trying to do it in a way that you know, re respects the end users and with, with analytics, it's so easy to not do that. And so we'll have other, a couple other questions, but I just wanna say first kudos
Avi Scarf (00:43:08):
<Laugh> thank you. <Laugh> it's sometimes it's sometimes very tough because you know, not everyone is very understanding right away online about it. And we definitely have to try to, you know, make our case and ultimately we are gonna do this the right way or we're not gonna do it at all. This is not gonna be successful without, you know, the buy in from the open source community broadly. And so we just gotta navigate people's opinions and work with the community as much as we can. And that's kind of really the only path that's gonna lead anywhere.
Jonathan Bennett (00:43:37):
Have you had any, if you're willing to tell us have you had any ideas that, you know, on the whiteboard looked like an amazing idea and then you rolled it out and the community went that was dumb and you look at it later. You're like, yeah, that was a bad idea. <Laugh>
Avi Scarf (00:43:51):
That was really what happened with Scarf JS like this JavaScript package. It got adopted by some big libraries. We were in like react table and final form and like some big libraries. And you know, this is still being downloaded like over 300,000 times a week. Like there's lots of downloads to it, but what happened there was this huge uproar in the react community about it. And people went to every GitHub repository that had Scarf and opened an issue, telling them to remove it and a very big discussion erupted in the reactive flux discord about this. And it ended up kind of pressuring a lot of the, a lot of, of those maintainers to remove Scarf from their, from those JavaScript packages, which they did. But that's actually where we had some difficult, but really, really productive conversations with these folks, you know, about like, okay, well, like what's fundamentally different about what we are doing from NPM or what's different about this from say pixel tracking on a website that, you know, you're already looking at to go download the, the stuff in the first place.
Avi Scarf (00:44:54):
And what people told us was like, I, I expect it here. I don't expect it there where you're doing it. And that's actually where our documentation insights product came to be was from that feedback with people who were like hating, hating, hating what we were doing which I think is just a very valuable lesson generally about building any kind of projects just to listen to the feedback and the criticism, even when it's tough to hear. Absolutely. And yeah, there you go. <Laugh> and you know, I think that yeah, I mean our, our, our products that have came that, that, that we built in response to this feedback was very successful because every single maintainer that removes Scarf JS is still using documentation insights today because ultimately it got them, the data that they needed and came to us for originally without, without doing the things that we've been told we're not good to do.
Avi Scarf (00:45:49):
And so, you know, I think at the time seeing all this happen on GitHub and discord was one of the most stressful days of my life. Honestly, it was, it was, it was really tough to see all that happening, but we came out of it a lot better for it. And so we're gonna continue listening to what people say and work with people's you know, opinions and preferences on this to figure out the best way to get this data to maintainers and, you know, try to just make open source a more fair place.
Jonathan Bennett (00:46:23):
I'm I'm gonna real quick tag one question onto that. So that Scarf JS that's listed as a, oh my goodness. I, I, I apologize. I'm having a, an absolute brain freeze on camera. It it's listed in all of those packages. You know, you, you can list the, the other packages that you have to grab scar JS is a dependency. Thank you. Tip of the tongue syndromes, terrible. Some days it's listed as a dependency. Right. And so if someone really, really, really didn't want this, they could just say blacklist Scarf JS. I, if it's found in a dependency.
Avi Scarf (00:47:03):
Yeah. Yeah. And, and you could also disable post installation hooks as well, which like in a lot of settings is completely reasonable to do. And you know, one of the things that we did with it was it aggressively turns itself off if there's any indication that it shouldn't. And one great example of this was yarn, actually, the yarn package manager for JavaScript actually suppresses console output for transitive dependencies. And so we were not able to print the big banner saying like, Hey, this is what's happening. Here's the data that we're sending. And so Scarf does not execute in the yarn environment because we just can't tell the user about it. And like, we can't tell the user, you can't do it. And so it's, it's this principle of always tell the user what's happening. Always let them opt out. And if there's any issue with anything just abort, it's not like this is a, if you can kind of thing, not a we're doing this kind of thing. Yeah.
Doc Searls (00:47:59):
Wow. This is, this is, this is a <laugh>, there's so many great things.
Avi Scarf (00:48:03):
Here's a lot here.
Doc Searls (00:48:04):
And, and there's one I wanna get to, which is you have, you talk about funding, new OSS features. But first as I tend to say, here, we have to let you know that this episode of Flos weekly is brought to you by collide that's collided with a K it admins often feel like they have to choose between their commitment to cyber security and their duty to protect their employees. Privacy. Naturally, you need to safeguard company data against tax and breaches, but you don't want to turn your workplace into 1984. Traditional MDMs, give the it team complete access and control over company devices. But since employees are inevitably trying to use their work laptops for personal activities, these tools can saddle you with surveillance capabilities. You never wanted like access to photos and browser history before you know what your end users are complaining about.
Doc Searls (00:48:52):
All the security agents slowing down their laptops, developers are frustrated by their lack of autonomy. People start secretly working on their personal devices just to get things done. It's easy to fall into the trap of top down security, but it's not the only option. Collide is an end point security solution built around honest security. Their philosophy is that employees, aren't your biggest security risk. They're your biggest allies. And your relationship with them should be based on transparency and informed consent. Collide works by notifying your employees of security issues via slack, educating them on why they're important and giving them step by step instructions on how to resolve them themselves for it. And security teams collide provides the right level of visibility for Mac windows and Linux devices, and it addresses high risk issues that can't be solved through brute force or automation. What's more, your end users can see exactly why and how every piece of data is being collected via collides user privacy center and their open source code base. You can meet your security goals without compromising your values, visit collide.com/floss to find out how, if you follow that link, the hook you up with a goody bag, just for activating a free trial. That's K O L I D e.com/floss.
Doc Searls (00:50:20):
Okay, so, so you mentioned funding, new OSS features. So I'm wondering what that is. That's,
Jonathan Bennett (00:50:26):
You know, a one liner there that caught me.
Avi Scarf (00:50:29):
Yeah. I think the, the idea is that we can help open source projects, broker any kinds of, you know, consulting or support contracts with, with their customers. And so you know, what that looks like sometimes is just that, you know, a company will want some feature to exist. In the open source project, the project doesn't have the bandwidth for it, but if they were getting paid, they might be able to dedicate some time to it. And you know, a lot of developers are not enterprise software sales people or lawyers that, you know, have all the resources to, to broker a deal that protects them. But we can, we can provide those services that help with those kinds of things. And so, you know, really the idea is like we want to help connect projects to their users. And then we also wanna facilitate you know, any kind of commercial transaction that helps support the project and you know, whatever companies are needing.
Avi Scarf (00:51:21):
And so that is sometimes feature development, sometimes just someone to call when something goes wrong, you know, if, if I'm a company and I'm using an open source dependency, I just want to know that someone's there when I need something and I'll be able to plan around, you know, getting that help. Or if there's a bug that I can plan around when the fix is going to happen you know, in open source, that's not something that's traditionally offered or guaranteed, of course. But a lot of maintainers would do that if there was a company paying for it.
Jonathan Bennett (00:51:55):
Yeah, yeah. That, that's really interesting. You know, we've, we've talked with some other, some other groups like tide lift is one that comes to mind that that are kind of trying to, to, to move into that space of doing some assurances and then handing some money back to the, the maintainers that are, that are doing the work. It, how did, I've gotta ask, how did you go from analytics into assurance contracts for, for open source? How did, what did that journey look like? Those almost totally different spheres of influence <laugh>
Avi Scarf (00:52:35):
Right, right. I mean, really the, the, like the, the main thing with, with Scarf was just I was wanting to build a business around some of my open source tools, but it was just really hard to do and I was not successful at it. And I was just trying to solve the pain points that I was having. And so, you know, I think ultimately trying to help maintainers, you know, build these businesses. We got, we have to be able to answer the question of, you know, well, what happens once, you know, a company is using the software, you're talking to them and connecting with them, what do you do then? And I think I really like the model that tide lift has. We're just taking a little bit of a different approach in that we are actually more directly facilitating relationships directly between the maintainer and the, and you know, the company, the customer, et cetera, without necessarily creating like a bundle subscription that, that, that we offer.
Avi Scarf (00:53:29):
And so I think the, you know, the monetization pieces were always kind of a, were, were, was an early on consideration for us and ultimately we're building a business here. And so we need to be able to help people make money one way or another and support contracts. And these kinds of things are just one of the more common ways where people are actually already successfully monetizing open source projects today. But we can just make it a lot more effective with things like, you know, this kinds of data that we can provide as well as all the resources that we can provide for these things like contracting.
Doc Searls (00:54:06):
So we're getting down toward, toward the short row here. And so the, one of the first questions we, we like to ask is what haven't we asked that you would like us to have asked that you'd like to cover in, in, in our, less than an hour, including ads and everything that we have here.
Avi Scarf (00:54:26):
Yeah. I think one thing that yeah, one thing that maybe I would've liked to talk about with this is you know, why should people who don't necessarily have like a financial stake in an open source project care about this, or want maintainers to have this data? And I think to a question like that, there's two things that I like to, to, to talk about. One of them is that even when people have absolutely no commercial ambitions or goals with a project, they just wanna know that their work has an impact and that's what keeps them going and makes open source like a, a fun thing to do. And so I love, love, love to see when some Scarf users will tweet things like, oh my God, NASA is using my library. I had no idea. Or like Tesla is using my library.
Avi Scarf (00:55:17):
That is so cool. And it fires them up and it, it, like, it just makes the whole thing so much more rewarding and those kinds of insights are like my favorite thing to provide it just, it just yeah, it just makes it all worth it. I think. And the so code I wrote is running on Mars right now. <Laugh>, it's really cool to know that. Yeah, absolutely. I like it's the best. And I think the other thing that's really important to point out here is that maintaining, you know, as, as I'm sure a lot of listeners know, like maintaining a successful open source project is so much work and some, and sometimes very thankless work. And if we can help maintainers be more proactive and solve the problems that matter to the user base as a whole, and not the problems that matter to just the loudest person on GitHub, we can, we can make a community of less burnt out maintainers who are more happy and fulfilled and satisfied with their work. And that benefits everyone that gets better software to everybody. And so it's really important that we do this you know, for the community at large, there's a lot more at stake and there's a lot more reason to do this than just let's make lots of money and monetize open sources a lot more to this than that. And I think that's a really important thing to underline and to, to get everyone behind this and to be more supportive of maintainers in more ways than I think are obvious.
Doc Searls (00:56:44):
I, I have one quick one that, that maybe may follow up on something you said earlier, which is what have you seen change most in the last four years you've been at this for four years, what's change most in the open source world.
Avi Scarf (00:56:56):
Yeah, I think that I think that just general sentiment on both the topics of sustain like financially sustainable open source has changed quite a bit. As well as just the attitudes towards these analytics have changed a lot as well. And I think that's, you know, we can hopefully take credit for some of that. Certainly not all of it, but I think that, you know, the notion of, if I am doing work in open source space and that work contributes to the bottom line of some big company, I should take part in that value that I'm creating that's I think a lot less of a controversial thing than it was when we started. I think it was all that, that, that movement was already something that we were definitely seeing, but it's certainly it's certainly getting moving in the right direction, I think here over time. And I think another interesting change that we've been seeing is just a,
Avi Scarf (00:57:53):
A more, I think people are being a little bit more explicit about the incentives that are in play here when it comes to things like hosting open source. And I think, you know, you see these kinds of things with, you know, like when GitHub was acquired by Microsoft, we were having this big discussion about like, what does this mean for open source? And, you know, what are the incentives of Microsoft versus open source maintainers and all of these things when Docker hub started rate limiting free accounts for downloaded containers, like over and over were seeing how the incentives, the economic incentives that are in play and open source are actually impacting us day to day and being much more explicit about those and, and, you know, kind of requiring the platforms that we are locked into to actually, or to, to maybe loosen their grip or to be more explicit about their financial incentives. I think over time we will be less hand wavy about the economics that are in play here and confront them and, and work with them and align them and get more people aligned about why we are building in the open here and, and, and building these communities.
Doc Searls (00:59:00):
Well, this has been outstanding, two final questions, actually one that has two parts, which are, what is your favorite text editor and scripting language?
Avi Scarf (00:59:10):
<Laugh>? My favorite text editor is space max. It is EAX with like evil bindings and like a really nice configuration layer that I really like. I don't really get to write code so much anymore, but I still take all my notes in in space max highly recommend. It's a great thing. I think doo EAX is a good alternative as well for those VIM folks that also really want everything from EAX. I couldn't decide between the two. I had to have both my favorite scripting language. <Laugh> so when I need to just knock out a script really quickly, I tend to reach for Python myself. But I've actually one weird thing about Scarf is that we are a has school shop and I will, from time to time, if I have time, I'll write my scripts in has school. Cuz I just, I, I just really enjoy it. <Laugh>
Doc Searls (01:00:00):
Wow. Let's a more complete answer than we generally get. This is great. I really
Avi Scarf (01:00:04):
Appreciate it. That's probably the most controversial thing I'll say today. <Laugh>
Doc Searls (01:00:10):
Well done. So obviously it's been great having you on the show. We'll have to have you back to, to get a progress report and, and another, you know, sensible passage of time. So thanks for, thank you so much for having me. Yeah. Great.
Avi Scarf (01:00:24):
Thanks so much. Yeah. I was really happy to be here and it was a really fun conversation.
Doc Searls (01:00:28):
It did a lot of fun. Thanks man. So Jonathan, that was a good one.
Jonathan Bennett (01:00:34):
Yeah.
Doc Searls (01:00:35):
We got deep on some stuff
Jonathan Bennett (01:00:37):
We did and you know, you go to talk to somebody about analytics and capturing data on customers and there's always, it's always a little nerve wracking and it sounds like, well, no, for sure they have carefully, in some cases been forced to carefully think through these issues and they they're in a position where the thing that they're dealing with, it's like, okay, if you're gonna run a reasonable, well, a large-ish open source project, you've gotta get some data about who's using it. And just the world we live in, you have to to make a business case, you've gotta have some data about how many people are using it. And then how do you do that in a way that is ethical and not onerous to your users? And you know, like I said, good for them for doing the work, the hard work like toil in, in figuring out with their users what makes sense and <laugh> and what actually respects the privacy of the end users.
Jonathan Bennett (01:01:42):
I think it's great. I, I think it's hilarious that, you know, they, they came up with this idea that on the whiteboard just looked great you know, Scarf JS, oh, it's just a post install. Look, all it does is sends us a version number and they rolled it out and everybody lost their minds over it. And you know, in retrospect, of course they did. <Laugh> I imagine that you do a lot of yes, yes. And I'm sure a lot of companies have those kind of stories, but you know, maybe not all of 'em are willing to, to tell those stories. And so, you know, good for them for, for being transparent about kind of this, this pain point, like you said, that this, this scab that we <laugh>, we kinda picked at,
Doc Searls (01:02:24):
I know on the back channel, I said you picked a scab on that one. Yeah. Well, there's, you know, I, I think that, you know, and they have an awful lot of wonderful raw intelligence about what's happening. And I mean, using the term users, you know, the, the users, they are developers also <laugh>, you know, they're not just ordinary, schlubs using a computer there, there are people, you know, downloading stuff, they gotta build their company and their lives and other things on it's, it's, it's important stuff. It's important to know what's going on. And it's it. I, I sort of think there's a larger context here, which is underneath all of that T C P I P wants us all to be peers and all of us to have agencies. So how do we, how do we make that work? Because you have to have, you know, there's still a, there's still a top down structure to the way client server works. And you know, and struggling with that and struggling with having to get knowledge without intruding on people's spaces one way or another is interesting. And also, I think for many of these users, you want, you want the intelligence to go out there, you want to be helpful, right. So how do you do that? It's that, there's a, there's a lot of interesting balances going on there that have to be worked out. Yeah.
Jonathan Bennett (01:03:37):
And, and one, one other really interesting thing I see about Scarf is so they, they started and one of their core competencies is this, this data collection. And, you know, that's mainly what we talked about, but in the next four years, it almost the, the more interesting story may be the different things, the different tales off of that, that really become their offering. That data collection allows them to do to, to the point to where, you know, in four years, people may not think of Scarf as a data collection company. It analytics may not be their thing at all. They may be known for you know, this idea of, of managing releases and helping developers get funded, or they may be known for you know, some other totally seemingly unrelated thing. They, they may be the open source CDN and it's, it's just, it always fascinates me when you have this, this idea of you've got a core competency and it enables you to go off and do something else totally unexpected, but you kill it because of the core competency that you've got. And I, I think that it'll be, it'll be real fun to watch them for the next, the next four years to see where they go.
Doc Searls (01:04:45):
Yeah. It, it's funny that calls to mind that it's, it's irrelevant. And except in this, the larger sense you just brought up. I, I knew Evan Williams from way back, Evan Williams, who was one of the founders of Twitter, but they had this company called OEO and he was talking to me, he showed it to me, something with video. I don't remember what audio did and Twitter was this thing hanging off the side. They, they did it just like an internal thing. And then Twitter's what happened. And nobody remembers audio at all. You know? So there are lots and lot of stories like that. So <laugh> what was that?
Doc Searls (01:05:20):
It may have been podcast. Yeah. Cuz F came out of the pod, he created blogger, you know, which he sold a Google, you know, or he and his cohort sold a Google. Then he came out and he did O and then that did Twitter and he did medium after that. He just left that. So I don't know what he is doing now, but in any case I wanna let you know that next week we have Dave tat on, again, he's been on before. He's one of the authorities on buffer bloat which goes by different names now, but basically it's what actually slows things down. We talked about Starlink last time. We're probably gonna talk about Starlink again, plus some other stuff that he's been talking to us about. So I think Jonathan, you're gonna cohost that one again. Did you hosts that? Co-Host that one last time?
Jonathan Bennett (01:06:05):
I don't remember. Yeah. I, I was on with Dave last time. Apparently he follows my work over at Hackaday and so there's just kinda a, a a, a neat crossover there, David David, and I kind of move in some knows
Doc Searls (01:06:17):
Corbit section. He,
Jonathan Bennett (01:06:19):
Yeah,
Doc Searls (01:06:20):
For a guy who lives on a boat and appears to relax too much. He's on top of all of it.
Jonathan Bennett (01:06:25):
<Laugh> those are the ones you gotta watch out for. <Laugh>
Doc Searls (01:06:27):
Exactly. So, so so plug something and we'll, I'll get
Jonathan Bennett (01:06:33):
Ahead. Okay. I, I, I kind of got a stealth plug in there, but follow me on hack a day, Friday mornings, the security column goes live. We keep you up to date on the things that are, you need to know about, and that I find interesting in the world of security, follow it long enough, and you'll get a reasonably decent education on computer security. And then the other thing is the untitled Linux show on club TWI. And if you're not a club twit member, what are you waiting for? Oh, see there.
Doc Searls (01:06:58):
<Laugh> that's great. Okay. So it's been, it's been, it's been a fun show and again, we have Dave tad coming on next week with Jonathan again, I'm doc soles. We'll see you then.
TWiT (01:07:11):
The world is changing rapidly so rapidly. In fact, that it's hard to keep up. That's why Mikah Sergeant and I, Jason Howell, talk with the people, making and breaking the tech news on Tech News Weekly. Every Thursday. They know these stories better than anyone. So why not get them to talk about it in their own words, subscribe to tech news weekly, and you won't miss a beat every Thursday at twit TV.