Welcome back, everyone. This is The Changelog. I'm your host, Adam Stikowiak. This is episode 188.
And today is a special show. It's a combo show. We have two shows in one just for you for Christmas holiday. Hope you enjoy it.
The first part of the call, we're talking to Andrew Nesbitt about 2440Quests and also Libraries.io. And in part two, we're catching back up with Jonathan Rudenberg, the creator of Flynn, a next-generation application platform. We had four awesome sponsors for the show, CodeShip, TopTile, DigitalOcean, and also Harvest. Our first sponsor is CodeShip.
In the new year, January 12th, they have a free webinar you have to check out. CodeShip's engineer, Laura Frank, is going to give an overview of Docker's ecosystem, Docker Compose, Docker Machine, which is going to talk about containers and to learn about Docker images, why they're so powerful, and how you can start running services in containers. And when it comes to web apps and Docker, you'll understand how to develop your web apps using Docker, working with images, registries, and running services in containers. The link to this webinar is rather long, so I'm going to put it in the show notes.
But you can also go to resources.codeship.com and look for webinars in that list. It's going to link to the same webinar I'm talking about. Or head to the show notes and click the link there. Again, totally free, January 12th, 2016, from noon Eastern Standard Time to 1 p.m.
Eastern Standard Time. That's one hour. And now on to the show. Hey, everyone.
We're here with Andrew Nesbitt. Andrew is an open source software developer, has done lots of cool stuff, 24 pull requests, libraries.io. Andrew, you've got a longer list than I can even say here right now, but we'll talk about some of these things. But when you come on a show like this, how do you introduce yourself?
As, I guess, an open source enthusiast. Okay. I've been, I kind of built my career off the back of lots of other people's open source work, so kind of the kickstart of the whole thing was WordPress and teaching myself some Ruby on Rails. So it feels like I've been kind of standing on the shoulders of the giants for a long time, and I've got to the point where I feel like I can now start to really contribute back and kind of give back based on the things I've been using for years, to the point where I try and do that all the time now, if I can.
Let's get a little history with you then. I guess, you know, sometimes what we do on the show is figure out where someone came from to kind of make sense of and even establish more credibility to what they're doing now. So where did things begin for you as a programmer? So I originally didn't get into programming.
I went down the robotics route. Okay. At university, I thought I'll try and do something slightly different than just computing. And robotics turned out to be basically just advanced math all the way through.
Every part of it just comes down to math, which at the time I didn't find particularly interesting. I ended up actually kind of setting up a blog and then wanting to customize the blog and basically self-taught myself enough kind of work programming on the side of doing my robotics course. When I finished the university degree, I was so involved in the web stuff I was doing, just getting into Ruby on Rails about nine years ago. And it kind of went from there.
I was able to pick that up much easier than the robotics kind of very industrial, very hard to get into, which it's definitely changed now. But back nine years ago, it was very difficult to really get teeth into and learn in a way that open source helps programmers to pick stuff up really easily just because so much code is available in the robotics world. It's really not like that at all. Yeah.
It seems like robotics might be a little bit easier nowadays and some might even call that internet of things or what have you. There's probably, robotics is obviously one term for it. And then attachment to that might be IoT or whatever. What do you think about it now?
Do you think I can, you know, I've got all these other skills now considering your path through Ruby on Rails and Ruby and the things you've been involved with. Have you had some second thoughts about going back to robotics? So over the last couple of years, I've definitely did back into it, especially around the node copy movement where you can get a Power AR drone and essentially it runs a little BusyBox Linux install on board and it's a Wi-Fi hotspot. You can connect it with your MacBook, turn it into it.
And there's a nice kind of API that you can talk to over UDP. There's a little node module for essentially telling it to take off, land, do flip. And you can even stream the video back to a web browser, all this stuff is open source. And it's really easy to get into.
Obviously, you still run into like the fact that physics isn't very easy to program against. And the real world has a lot of things that are much harder to program for than like in a browser environment. If you run out of range and your drone hasn't been told to stop, it just carries on until it hits something. I see the core team here on nodecopy.com and Felix Gassendorfer has been on the show before way back in the day.
It's been probably 130 shows since we've seen Alexa Phoenix around here, but I also see you as the core team. So you're part of that. Yeah. So I managed to get a number of drones basically by getting companies to sponsor a drone for an event.
And I ran a number of events around the UK, the UK being much smaller than the US. I could drive from one end of it to the other in a day. And I would kind of lug 10 drones around, take them to a big space, like a sports hall, and then say like, okay, 30 programmers a day, see what you can do with them. Fix them up at the end of the day and then drive them off somewhere else.
So part of this big, this give back mentality you have, just kind of thinking, is this something when they sponsored it, is this something that you were doing as like a pay thing or was this because you were just in love with robotics in the community? It's just a brilliant kind of small community of lots of people who never really had that experience before and to enable that. We did a number of things with Codedojo as well, which was basically like kids who had just enough JavaScript to be dangerous, just unleash them on the drones, give them some example code and then let them change and copy and paste bits so that they can actually start the drones doing kind of like maneuvers and trying to fly them around in a square in the room. Like imagine how crazy it starts to get when you've got like 30 kids flying 10 drones in one room with JavaScript.
Well, especially when you think about things like you mentioned before where, you know, you can, I'm familiar with, with no copy of the project and, you know, the syntax and whatnot, like if you're just telling you to, you know, to do a clockwise turn or to go forward, you know, 10 feet, you don't know if there's another kid there or another copy there or a wall there, so it could be kind of dangerous. Yeah, so that's where the kind of, yeah, the robotic aspect starts to come back into it. Once you've got the basics, then you're like, okay, well, I need to learn about feedback and then I need to learn about control algorithms and you get quickly back into that math I spoke about earlier. The initial kind of your first time at a NoCopter event is great because you can do, you can start to do the simple things, but when you really start to get into it, your kind of progress slows down, you get a wall of like, oh, actually, some of this is really hard.
So the open source side comes back and kind of saves you where people with more experience have built things that you can then go and read the source and go, oh, okay, I understand a little bit how this works now based on what someone else has actually already done and shared, whereas in the traditional robotics community, it's all kind of proprietary enterprise software that is written in C++ and not particularly user-friendly. So I'm at your homepage, which is your lastname.io, and look at your, at least the code you have listed here, I'm not on your GitHub repo or your GitHub profile, but libraries, IO is on there, split, Node SaaS, 24-4 requests, contributor, first-4 requests, which is kind of interesting, first-4 requests, Brutler, Xbox controller, history news, and Landred, an unofficial wrapper for the Landred API. I don't see anything in there for NoCopter or anything on the backside, so is there any plans for anything on that front for you? So I've done different pieces.
A lot of the code that is on my GitHub account and it's quite experimental. It's like the basics to get you started with, say, plugging an Xbox controller into Node and then using the output from that to control the drone. So rather than contributing directly to the NoCopter code, I did a lot more, essentially working with other people, pairing with them, to get them started, which doesn't really show up on my GitHub account so much. Right.
What is your current situation now with NoCopter? Anything happening there? Any new events coming up? There isn't much happening right now.
The core team has kind of disbanded off in different directions. Felix is doing a lot of Go, and there's still a lot of good NoCopter-related things going on. Chris Williams of GS Tomp has got the new Parrot drones, I forget what they called it. I think it's the Rolling Spider, a much smaller, more affordable drone.
I was thinking Bebo or the Benbo or something like that. Yeah, but those ones were on the same protocol. Oh, Bebo. Yeah, that's it, with the kind of wide-view camera on the front of it.
They all work over this new protocol, and the Rolling Spider is a Bluetooth, which is much harder to reverse-engineer than the Wi-Fi kind of UDP protocol that you could just listen to. Right. That's interesting to hear your take and background in robotics and NoCopter. It's a shame that the core team has a disbanded, as you mentioned, because I was always a fan of that project, and several times on the show, the hero of people has been Jim Weirich, and he's had a lot of influence in that front, too, and it's just a really fun project, and I didn't know about the Coder Dojo piece, where you're actually working with children and kids doing this stuff.
I think it's just a fun way, like you said before, of having that heart of giving back. But then, like, a console log as your output, to actually get a robot to take off and hover in the air, even if it's almost identical code. Right. It's just the most engaging way to get someone interested in programming.
Absolutely. I mean, you talk about real-world response, an actual thing they can touch and throw or play with or whatever, that they can, later on in their actual programming, they can actually still hover in their own hand like they would any toy, but to be able to actually write a few characters on the screen, or new words they're learning, and bam, it starts working. That's cool. Yeah.
Well, let's tail off to that and talk about your project, 24 Pull Requests. That's 24PullRequests.com. And this show is coming out in the Christmas holiday season, so I thought it would make sense, even though we're kind of late to the ball, so to speak, because the basic idea of this is to send 24 Pull Requests between December 1st and December 24th. And that's such an interesting idea.
I think it's been around for at least three or four years, so what is this product to you? Yeah, so this is, I think it's the fourth year it's been running, and it started out as not even really, like, it was more of an idea and a challenge, just as, like, why don't you try and do this? It didn't have any kind of code behind it. It was just the original web page.
You go back and look at, like, the first commit on the repo. It's a single HTML page that just says, like, try and do 24 Pull Requests on the 24 days up to Christmas. And that came from a blog that only runs in those same days for 24 ways. Yes, I thought that might be influenced by that.
Yeah, absolutely loved it. But as a developer, which they've got a lot more developer articles now, but back four years ago, it was very much design focused. And as a developer, I kind of felt like, ah, I'd love to do something like this, but maybe a bit more code-related. And I thought, well, why not?
24 Pull Requests has a nice ring to it, and I get people to send 24 Pull Requests. Like, that's quite an ask. But if we can get lots of people doing it, then you're more likely to go, like, yeah, let me try and do this as well. Like, everyone else seems to be contributing back.
And it's kind of every year doubled the amount of people and the amount of pull requests since it first started, which has blown me away. I didn't expect it to have that kind of response. So, I mean, I guess if you did it on a whim, so to speak, in a way to pay some homage to 24 ways, what was your initial, you know, just your initial expectation? What were you thinking at first?
I really just wanted to see what other people thought of. Is this a crazy idea, or is it something reasonable to actually give, if you've been using all of this open source code throughout the year, to actually try and go, okay, well, I'm going to try and contribute back a patch to all of the kind of maintainers who have been supporting my work throughout the year. Can I help them by fixing a bug or making an improvement to one of the libraries I use? Which then will, in turn, help me by improving the quality of the code that I depend on.
And you make it pretty easy, too, because you have a login with GitHub, so pretty easy credentials there. And I think you asked for some very, very sparse, I guess, what do you call that? Authentication back to GitHub. Yeah.
You're not asking for, like, your basic public profile. It's not even asking for much, really, in terms of, you know, clicking one button, using your existing GitHub profile, and getting access to this dashboard, which shows all various languages in ways that, I'm assuming, that you're probing the community based on what they prefer. You're saying, hey, these are projects out there that could use some help. Exactly.
So, when you really, the GitHub login is something that came along, like, after a little while, when people say, well, we're already doing this, all the work is happening on GitHub, like, can we start tracking and showing this as some kind of an advent calendar? So, you get, like, on your profile page, a little calendar that shows the pull request that you sent on a different day. And we detect the languages that you've used on the repos that you have, or that you've contributed to on GitHub, and automatically suggest projects that match with the languages that you have some experience with. And the projects are submitted by the community or the maintainers themselves.
So, you can do a pull request at any GitHub repo, and that will count. But the ones that we send an email to you to go, oh, would you, like, if there's so many days left of Christmas, here are three projects that match languages that you've said you're interested in, why don't you try and send a podcast to one of these today? I think it's really interesting, too, especially the fact that you were fetching stuff I've already contributed to and saying, well, hey, because I didn't even notice that, but you selected, I'm more of a front-end developer than a back-end developer, so you've got things like, you know, SaaS and CSS-related, JavaScript-related, and I didn't even quite notice that those, I thought they might just be smart defaults, but they're actually based on my behaviors on public activity in GitHub. Yeah, yeah, so I used to work at GitHub, went there for almost a year, and kind of had a good, it was actually how it kind of got me the job, because I've been doing all this good stuff with 24Progress.
And so it hooks nicely into the bits of information you have, without being too kind of got some sponsors to help make this possible. So what kind of sponsors do you have, and what roles do they play in making 24Pro requests possible each year? The majority of the things, the sponsorship comes around the services, third-party services that we use to keep the site running. So Heroku, specifically Heroku Postgres, has sponsored it every year to cover the build during December.
Outside of December, the site basically shuts down, stops tracking for requests, it stops running any background tasks, so I can scale it down to one free dino at the small database, and it doesn't cost any money. But over the past few years, it shows up on Hacker News, and suddenly the traffic goes wild. Had to scale it up to a couple of dynos, or add in a little bit of caching, and Heroku Postgres covers most of the cost of those things. So DNSimple jumped straight in on the first kind of week and said, do you want to use our DNS?
We'll cover the cost for, I think they've covered the cost for like 20 years or something of DNS and domain name. And then we sent a lot of emails, I think last year we sent close to 100,000 emails during the 24 days. So got in touch with SendGrid last year, and they sponsored, they basically covered the cost of it, of sending those emails through SendGrid, and they've come back and covered it again this year. That's awesome.
So it covers the, the costs aren't huge, but it means that no one has to worry that there's like any kind of financial pain that could happen from the site getting too popular. Right, well, I mean, most importantly, you know, this is something that you've started as a, as a part of your love for giving back to open source and, you know, just finding more and more ways to include people and share. And it would suck to have you have, you know, a $500 bill every December to make this possible while you may or may not be able to afford it. You know, it's, it's very interesting.
to see the InSimple, BugsNag, SendGrid, Roku, Postgres, and the last one here is scikit.js, just to see them step in and say, hey, we care enough, too, to get these services free. Yeah, yeah, loads of support, and not necessarily always financial support, but having people from each year, there's a few people who step up to kind of help triage the issues and the four requests that come in. We've had, so far, looking on the GitHub page, 175 contributors to the 24 four requests repository, the main project, which is kind of overwhelming during the period of December, the amount of activity that happens on the repo for what is essentially a side project. Yeah, well, it's certainly an interesting project to us, and like I said, I've been watching it for a couple of years now, and every year I'm thinking, you know, I don't think about it until December, and then it comes around, it's like, oh, I love the talk to this guy, and so finally we're able to, you know, four years later, sync up with you and sort of cover this, so.
It's great, I remember listening to the change log way back when, when Win was on it as well. Good times. Good times, yeah, we miss Win around here. He's a GitHub doing his awesome stuff on the API, being an API junkie, as he likes to say, so we miss him around here.
he's fixed a few bugs for 24 four requests where we try and get the best way to pull in the 24 four requests for a user like over a given time period, which, there's different ways of doing it, but now we're using the, like the GitHub firehose, the event feed, to try and pull in 24 four requests as soon as you open it, which is pretty neat. So as soon as, within maybe like 10 seconds of you opening your progress on GitHub, it shows up on 24 four requests. Well, cool, let's take a break real quick. When we come back, we're going to talk a little bit more about contributing, what that means in 24 four requests, how that kind of works.
We'll come back, we'll talk a bit more about 24 four requests, and then we'll move on to library.io and all that is going on with package management, so we'll be right back. Our friends at TopTal launched a scholarship program for female developers to support aspiring female computer scientists, developers, and software engineers to help achieve their goals through planning to support and also mentorship. Each scholarship winner will receive a $5,000 scholarship that can be used towards education and professional development goals. You can spend this money on anything you want from coding boot camps to online programming courses, textbooks, you name it.
You also get one-on-one mentoring, an entire year of weekly one-on-one mentoring with a TopTal senior developer, and this person is going to help you with topics like project guidance, choosing an academic or career path, and also preparing for interviews. Head to top.com slash scholarship to learn more and also to apply. All right, we're back again from the break with Andrew Nesbitt, and we've been talking about 24 four requests, an interesting way to give back to open source during the holiday season here at Christmas. So between December 1st and December 24th, Andrew and the rest of the gang that's a part of this is asking everyone to find ways to give back to open source that matters to them.
So Andrew, the next part I'll talk about on this is ways people can contribute. On your contributing page, you have guides and things like that. Like, where did this come from and how you guide people into contributing? Is it like people who are new to GitHub or new to open source?
You know, who are you trying to reach when it comes to this? So initially, it was aimed at people who use a lot of open source and I kind of felt like, as someone who uses a lot of open source myself, I should be actively trying to contribute to some of these projects. But it's kind of moved towards much more of a way of making it kind of okay to get into open source because so many people are doing it at the same time and sending their first four requests as part of 24 four requests. Right.
This move towards like, okay, well, you can get started here and then continue. And we've got a chat room which is full of really friendly people so people will hop in and go like, I'm not sure where to send my four requests. Can you give me some tips? Here are like some things that I'm interested in.
And other people will be able to point me in the right direction, help them rebase their branches and do all the kind of the different, learn about the different pieces involved in contributing to a project. I see also have some other ways to find projects and not only just ways that 24 four requests is using that GitHub login to kind of get to know who's logging in and allowing them also to choose their own ways which you also mentioned some of the places like Code Montage, Code Triage and a couple others. How do you find this list and if someone out there is like, hey, I have a similar site, how do they go about getting in touch with you? Is the site forkable?
Can someone update the site themselves and send a four requests for this? Absolutely. All of the pages are part of, it's a really unraised application and there's kind of a static controllers section that has all of this content in it. So you can, if you have some kind of site that will help people to be able to get into sending progress and contributing to open source, definitely open up progress or even just an issue and say, can you add this to the contributing page?
All of the projects that are listed on the contributing page also get shown on the homepage when it's not December. So because 24 four requests doesn't really do anything for you outside of Christmas, it goes, here are some other different ways of getting involved or finding out about projects that might be useful for you. You mentioned that another way this has kind of morphed over the years or changed over the years is originally it was sort of focused on those who use a lot of open source and encouraging them to give back during the season and now kind of transitioning into a way to help people get involved in open source and you have another project called FirstPR which I actually used about a month ago when I first kind of picked up this conversation internally here and I was like, that's pretty interesting and I went and looked at my first for request and I was like, that's embarrassing. So I don't know about you but my first for request is kind of embarrassing.
It's a good way of seeing what kind of your heroes, how they got started sending their first for request and that may not be their first ever open source contribution. It only works from the introduction of for request 2.0 on GitHub which is I guess kind of like five years ago or so but for a lot of people it will be their first time that they've contributed code to a project or documentation if it's part of their GitHub repo which I think a lot of projects and I don't really care for wikis not being, well I don't care for how the wikis are actually set up. I actually prefer an actual repo for it and that whole method to me just seems a bit better for docs. Yeah definitely and it aligns with all the similar kind of things you could set up essentially Travis S to check the typos and different things if you wanted to or have those docs automatically publish to GitHub pages when you merge the for request.
So before we transition this conversation to libraries.io is there anything else about 24 for requests that we need to know about that we didn't cover? So I think we covered most of it. If you're interested in actually helping move the site forward or implementing other functionality I'm always open for that. Most of the code now is kind of being written by someone else for the project I'd like to say that I've lost control of it and if you're interested in either helping triage issues or kind of make improvements across the site especially for translation the site has been translated into like 16 different languages completely done by open source contributors and if you want it in your language then dive in it's using standard Rails like IATN translation so it's easy to pick up that one file and translate it into another language and enable that for everyone else who speaks that language to have a better experience with contributing to open source.
Very cool and that's on its own org too so it's github.com slash 244requests slash 244requests that's where the actual Rails app repos at. Alright let's talk about well obviously there's some pricing here so I can't tell if this is your startup what is libraries.io? The libraries I've been working for about eight months as another side project which is kind of like how can I given the incredible range of open source libraries if I want to compare a load of them to work out what is the best reddest client if I'm writing some node that was kind of how it initially started I wanted to index every open source library into one place in a standard format so that I could have a good quality search that followed the best project for the top that I could be sure that was making the right decisions when picking the dependency and from there it's kind of wildly expanded and gone up in lots of different directions now pulling out the dependencies for every library as well and essentially building out a graph of the dependency network for each package manager and I think it supports about 29 different package managers at this point about 1.1 million different libraries that's a bit yeah so it's slightly grown beyond my side project but it currently doesn't really make any money to support itself so I've just started to look into ways of making it be able to support itself so that I can spend more time on it with some private repository tracking how that works and it works exactly the same for open source and it's completely free you can log in with a GitHub account and it will given any repository it will pluck out all the dependencies across every different package manager that it supports so you might have a package.json and a gem file and maybe even a bower.json it will find all the dependencies in that repo and it will tell you whenever there's a new version of one of those things that's released but rather than just doing it at that snapshot it will also hook into GitHub and go whenever you add a dependency or remove a dependency I'll automatically start watching that as well so you've got this kind of real-time view of everything that your application depends upon and then you can be notified about anything that happens related to those dependencies so say that one is marked as deprecated or it has a license change or potentially removed from the package manager so there's like a good 7,000 libraries that have been removed from NPM since I started tracking NPM about 7 months ago which is crazy you think I'm just going to do an NPM install and something is gone imagine if that happens whilst your machine is auto-scaling say it's making a new version of another server in your cluster if it does an NPM install during that process that is just going to be a huge pain libraries just tries to give you that total view of everything that you use are going to tell you about things when they change rather than you having to remember to go and review dependencies on a regular basis can you talk about the role of example I'm assuming there's some sort of pain you personally felt and you mentioned the original version of the idea and how it's scaled since then but when you start to get towards more of the model that's in now which is tracking all these different package managers and dependencies and all that you mentioned it does what are some of the real problems that you faced yourself that led you to build this well so running a number of open source projects like 24 progress and a number of rails apps as well having either internally or as private repos or open source project the amount of times like oh there's a new version of rails which applications do I need to go and update to make sure that I pick up whatever changes are made or potentially there may be performance fixes unless I'm actively going to look for all of these changes there's no good way for me to know when something moves in the transitive dependency tree of that application and over time especially working in Node project the size of that dependency tree is getting bigger and bigger and bigger and people depend on more and more libraries and those libraries depend on more and more I just didn't feel like I had good visibility on all of the code that I depended on so if one of those things breaks I really may not even realise for a good few weeks before I'm actually going back and reviewing those things I felt like I had no idea of all the code that I was depending on and I wanted to be able to get a hold of that and then start to automate it because otherwise it just becomes a collection of scripts which are useful to me but they should be useful to everyone else as well at the same time picking all that data up and using it for the search engine so it feeds in things like the number of projects that depend upon a particular project so it will highlight the projects that are highly dependent upon in a community for example imagine you're looking for libraries to convert XML to JSON in Node that there could be 10 different options to do that probably the one you want is the one that depends upon the most by the community which works basically the same as the Google page rank where the site that gets the most links to it is essentially being crowd sources the source of it's a trusted website yeah that makes a lot of sense and then that passes down as far as Ruby on Rails depends upon a small library like MindPytes then you can pass a lot of that authority that Ruby on Rails is a trusted high quality project therefore if it depends upon MindPytes that must be pretty good as well even if people don't depend on it directly as much interesting and so with it being a discovery service I'm just going to the UI itself it seems like it's a lot of manual drilling where you can actually search how you feel about where it's at right now what is the utility of going to the site and searching or poking around what is the true value there for those that are listening going there and checking it out the real valuable bit that I see people using is given any application you can see a snapshot straight away of all the dependencies without having to go poke around in different files and work out which versions of which I'm currently using and potentially any warning so you can go to if you're logged in or we can look at the 24 progress repo and basically the URL structure is libraries.io slash github and then the owner slash name so it mirrors a github URL structure after that and that will show you the list of dependencies for that repo along with any potential warnings the licenses of those things the current latest version so you can get a good view of if you've got anything that's out of date or potentially has a conflicting license which is a whole area that I've only just started to touch on but say MIT projects that depend upon GPL libraries which is a grey area potentially means that that project needs to be relicensed as GPL instead of like a derivative work or they need to pop out that dependency or something and for companies that kind of like licensing compliance stuff can cost a lot of money to have that reviewed manually or even get like a lawyer involved so if you can get a good view of like oh we seem to have like a conflicting license to swap out soon before we become really dependent upon that particular library I'm also noticing in the explore area in your folder you have a bus factor that's a fun turn to throw around anyways so for those of you listening what is a bus factor at least the way I know it is is if you're the only person that has onus of something that if for some reason you got hit by a bus and you couldn't come to work today how would we pick up and carry on is that pretty much what you mean by this? Exactly yeah how many people in your team need to get hit by a bus before the project is essentially disabled or can't move any longer?
So when you pull back this list of improve the bus factors does that mean that there's not enough contributors not enough? Yeah so it looks at the number of contributors to that library which basically connects through to GitHub and will go and it'll order by the projects that are depended upon by the most either other libraries or applications and then ordered by the number the lowest number of contributors so most of the time it'll show here's a project that's depended upon by 200 projects and has one guy who's done all of the commits which basically means if he stops working on it or if he decides to delete it then that's 200 projects that could potentially just be made unusable so it's a good way to kind of go like ah well here are some places that essentially are a weak spot in your dependency tree maybe you should like offer a helping hand or try and get him to share the commitment with a few other people just to make sure that this is like a key piece of infrastructure essentially in the open source world that we need to make sure continues to work even if that guy's not interested in looking after it that someone else can come along and make sure it continues to work okay let's take one more break uh when we come back i want to talk a bit about the api and the docs you have for that because it kind of dovetails from that conversation we just had into this because i'm thinking if you can pull back searches for bus factors for example you know there must be the sky's the limit so to speak if you've got you know enough creativity in your mind on how you can actually use libraries i.o to to kind of pull all these different dependencies and package managers to really have some fun with it so i'm imagining that the api is going to power a lot of that so let's take a quick break we'll come back we'll dive deeper into this full project and the api of it we're back i have yet to meet a single person who doesn't love digital ocean if you've tried digital ocean you know how awesome it is and here at the changelog everything we have runs on blazing fast ssd file servers from digital ocean and i want you to use the code changelog when you sign up today to get a free month run a server with one gig of ram and 30 gigs of ssd drive space totally for free on digital ocean use the code changelog again that code is changelog use that when you sign up for a new account head to digitalocean.com to sign up and tell them the changelog sent you all right we're back with andrew talking about library.io and we talked a bit about the bus factor what that is and interesting ways you can probe and kind of fine-tooth comb what's available and you have this pretty awesome api can we talk about the api what uh how does it work what do you expect to happen with this yeah so there's a few different kind of apis going on at the moment there's for all of the searches there's an rss feed uh version of the search so you can keep track of say any new libraries that work with twilio that are written in copy script and that you can plug into your rss feeder or programmatically consume that to find out about new things that happen or there's a more traditional rest api which is pretty new and if anyone has any feedback then or any feature requests things it's missing please do let me know because it's really only existed for a couple of weeks and lovely more people kicking the tires on that would let you essentially pull out all the information about every different library across every different package in a very standard way which is exactly how i envisioned like if i wanted to work on an api that works with all these different kinds of libraries that i'd need some standard way of talking about them to try to normalize out the differences between different package managers and there may be some information missing for some package managers like bauer doesn't really have a good concept of versioning in that everything is in git tags in github uh there's no real like part of publishing a new version of a bauer library but i've tried as hard as possible to make it completely standard so you can essentially look at the same use the same tools against different package managers so if someone builds something for one language then it can be useful to everyone rather than kind of a siloed effect of people building say things just for npm all the other communities can also benefit from those kind of things and during the break we had a kind of interesting conversation too about uh i guess ways this api can be extended and just different fun things and we talked a bit about in a way kind of linting a repository or a pull request whenever someone contributes back we talked a bit about some hypothesis some future ideas something that maybe it's not even quite there yet where where do you see this going yeah so the the nexus of the of where i'm moving towards the kind of all the pieces i'm trying to put into place with the deprecation warnings the license conflicting warnings and the security vulnerabilities which are pretty closely getting shipped is to be able to do that on a snapshot of a branch or the difference between a branch and master so you can imagine a service kind of like travis that hooks into your pro request and goes okay you've opened a new request for this repo you've added dependency and let me review that new dependency and see if it matches the different options that your that your organization has decided like with no quality so that might be we're not going to let you merge any new dependencies that have security vulnerabilities that match that particular version that you've included or that have no license uh that we can find for them or say have a really high bus factor like there's only one contributor to this project that's not necessarily a good thing to depend upon because there's no one else there to support it you can imagine actually having like the the red green come out of that where it goes yes your dependencies you're adding look fine or no they don't you can't merge this pr because it's red and i can see that being a really helpful thing for open source as well to kind of you would at least i personally don't review every dependency i add to an application manually or to look at its transitive dependencies and see like is there something that i should be worried about in any of these things we should be able to do that fairly automatically and then warn you kind of proactively don't add this thing to your application because it might cause you pain further down the line do you have any ideas for how someone might list or manage that will be there will it be like a library's file for example almost listing so much so much like a gem file for example kind of saying this is what we want to keep or we want to avoid you know gpl3 for example because we're mit you know whatever it might be yeah inspector code or whatever you know however you can kind of like throw in there how does that work so i imagined it working by essentially an org level that you configure inside the library's io dashboard but you can also do it on a per repo basis with like a dot libraries io dot yaml file where you can go like for this repo actually it's already inside a firewall we don't need to worry about security related things because this is running completely internally and not a problem then let's skip all the security ones we don't need to worry about that or for this project it's public domain open source project it doesn't matter if there's dbl things here or whatever the whitelist of licensing things here as a little config file that you could overwrite the all wide settings i think that's a really interesting take towards it too i mean i really i was slightly skeptical at first like okay this is a pretty useful thing but i wasn't really sure how many people out there would actually you know we go to the site and check dependencies and then i was going to ask questions about the notification process but i really see the utility in having it you know at the level where you're you know in the command line you're already you know doing port request you're already pushing to your ci server whatever it might be and having that real-time feedback whenever you might be even doing a port request i really see a lot of usefulness in that utility part of it yeah you can imagine hooking that into say even into atom where it could link the gem file as soon as you save it i haven't quite worked out if that is a peaceful thing but the the api would allow you to do that anywhere that you run any other kind of linter it just might take a little bit longer because it's going to go past but depending on the language some programming languages have really nice formats like all their manifest files are written in json or toml or yaml other ones need like to actually run the code in the language that was written in things like lure and closure all of their manifest files are written in lure or closure which is difficult to reject out of all the dependencies we've been talking about a couple of these features and some of them some of them are there and some of them seem like they may be dreams of yours how far are we away from this linting world we've been talking about it the linting is working internally and so libraries track its own dependencies which is pretty neat to get the project to be able to kind of eat its own dog food uh and it will it uses a lot of the webhook api uh as well so it will open an issue on github and the webhook api is pretty poorly documented on the site at the moment but there's a lot of little uh open source github project on the libraries io github uh org to show you different ways of doing things so it will rerun its test uh automatically every time there's a dependency updated it will open an issue if there's a dependency that's not a pre-release that's been uh the version has been bumped um and it will even potentially you could have that tweet or post your slack room to say hey there's a new version of this thing i've got it tracking and kind of reviewing the dependencies that i add to the project itself but it needs work mostly around the configuration of the options as you say like there needs to be that yaml file to be able to say here's the things i care about which may not be the same as other people and i reckon it's probably another a month away before that's live on the site so this is a open source focus but it's not an open source project right not at the moment no i'm trying to work out exactly what to do with that i'm kind of halfway between the two i haven't landed on do i open source at all as like a gpl or do i continue to run it as a proprietary software a lot of the pieces of it are open source but the main rails app is currently private that's certainly interesting especially when you start talking about um i know so many developers and teams are using slack and obviously using twitter so those two mentions like tweeting to you know that seems somewhat okay to me but i think you know maybe a lot of ears perked up when you said slack integration potentially so i know for us you know anytime we have you know here the teams will be having a private kind of activity area where if things happen things get triggered and it's an area where jared and the rest of the team we kind of keep an eye on it and those are like critical things happening so if those things instantly gets posted there we know it's not a good thing it's somewhat a bad thing and we get on it right away so i can kind of see some utility in that too because you know it removes the buzz factor so to speak whenever something bad happens and if you've got a team and you're kind of triggering notifications back in slack or via email i'm kind of less interested about email because i think you'll get a lot of that but i think slack seems to be like the next better thing to an email response on notification yeah i haven't written a slack bot for it yet most because i'm working on this on my own most of the time and i didn't feel the need to hang out in my own little slack room uh so i have open issues on github for me instead but that's definitely something that can be built on the webhook api that's there already i just really need to write some documentation for the thing and then you can have that either only post me like major versions or like new big versions updates or maybe even only go like i just want to post about any potential security vulnerabilities that are um that are announced on the things that any application across the whole github org uh depends upon i'm not sure if you heard about it yet but uh there is a brand new report yesterday when slack made that announcement about um the app store they're having and stuff like that this ecosystem and whatnot they also uh released a thing called bot actually i don't think it was them directly releasing it it was a team or it's an org on uh on github and i think it's just howdy but it's h-o-w-d-y-a-i and uh so on that user so it's you know that name slash bot kit is the repo so there's a block out there for you know a toolkit for building by applications for slack so they may have just made it so much easier for you okay so maybe by the time that this podcast goes out there may be a library's io slackbot available there you go we love that so i mean it's also available via npm with that so it seems like it's you know we're actually thinking about doing something like that ourselves around here i was telling jerry this the other day i was like it would be pretty interesting that uh if we can have something where it integrated into slack and rather than just subscribe to what we do here between our podcast our email things we tweet and different stuff that we plan to do in the future i was like it'd be kind of interesting to be able to pipe that into some sort of slack bot and allow people to subscribe to it yeah and so i think that's a really interesting way the teams are hopefully doesn't get too spammy that's my only concern honestly with that if it becomes too noisy you just fuzz it out in the background yeah exactly so i think there's a happy medium that we have to all be mindful of and that was my only worry with it was like should we do this are we like just enabling you know not our spammers but are we enabling us to become known as maybe spammers because somebody integrated us and another person's like well i'm tired of the changelog who knows why but just always a total line of of you know too much noise not enough signal we always focus on signal around here yeah maybe having the ability to folks to have the slack bot and tell you about episodes of the changelog that are about a particular language so i could just go i i'm not interested in any java uh related changelog episodes um so don't tell me about that to try and reduce the amount of noise yeah well let's uh what else could we cover that we may not cover well enough for libraries before we tell off the call um i think we've covered things pretty well so they i've not got to the point that i'm balancing on whether to actually turn it into into a real business or to turn it into kind of because it's built on so much open source and the data should be open source should it be open source project how can i make it like continue to support itself because it gets quite a lot of traffic now i think like 50 000 visitors a week um from google which ends up costing money so i need to have some way of running it do you have any any ideas about how i could potentially support that a couple ideas might be to potentially find somewhere i guess not so much to be employed but somewhat somewhat where it's almost a partnership so this would benefit someone else really greatly you know and they may essentially foot the bill of you being the developer of it and kind of bankrolling you essentially become an employee that can have its own pros and cons um you might even do other ways where you have sponsored things where you're not really but it really kind of depends on your motives right like if i don't know what you do for your day job or what you're doing for freelance or how you you know earn your living i do freelance um application development and performance tuning and things like that uh which is fine but i'd really like to spend more time on libraries uh especially that around the side kind of the area of the bus factor and there's also like an unlicensed libraries uh page ways of producing calls to action for in a similar way for progress with more focus like here's some pain points in the community that would be sold or helped with or here's some maintainers who might need some help because they're completely overwhelmed by the amount of people using their project uh be able to use the harvest the data inside of libraries for ways kind of as a force multiplier for open source given these projects we know are dependent on by a lot of people can we what ways can we support that project or like expose it to people so they're more aware that this project might need some help yeah it's a it's borderline public service borderline you know utility for enterprise or commercial so there's a certain angles for it for sure yeah yeah there's a kind of uh of enterprises seeing those projects potentially as a center of risk and so they could if we can encourage enterprises that that really heavily depend on those projects to maybe give some financial support or some developer support if they have a team of say 200 developers and one of those developers help to maintain that library for a certain amount of time right would be a great way to potentially help solve this current and i'm pretty sure it's gonna get worse the problem of open source maintainers kind of burning out from essentially giving out all their time for free and getting very little support back it is a tough problem to solve and i've heard before that if it's a hard problem to solve uh and you're already trying to solve it it's good that you're trying to solve it that's also meaning that you could be in the right direction because anything that's easy isn't worth doing yeah which isn't exactly a perfect thing but what i mean by that is if it was easy everyone else would do it too so it could be something that's very profitable to you it could be something that's um not but you gotta put in the work to do it and it seems like you're going you're heading on the right path that's for sure so i think that uh i don't have any particular exact advice i can give you here but what i can say is that if there's listeners out there that have some ideas uh how can they get in touch with you is it an issue they should open up or uh yes it is an open source uh github repo on the libraries io github called support which is essentially just an issue tracker probably the best way to kind of publicly put out those ideas or you can get out with me on twitter cool we'll put the link to that repo and issues in the show notes so if you're listening now head to the show notes you'll see a link there to get in touch with you guys some ideas i mean i think it's really really interesting i'm sure there's people listening to the show now thinking that's really interesting um how you can turn into a business that's the hard part well here's a here's a chance for you to highlight somebody that's been really influential to you we asked this question on the show it's who's your programming hero and uh so who's been really influential to you i can't do this today uh and there's a few people but one person stands out in my mind who's a yesbo um she's a developer based in london and she also helps a lot with 24 progress and a couple years ago and she started a project called codebar which is essentially a movement to help diversity and kind of underprivileged groups to get into programming uh focused in the uk but she picked it off and kind of completely open source everything she was doing and has turned it into like this movement which is sweeping across the uk as a way of saying like how can we get more women and more uh underrepresented groups into programming by producing lots of free um courses and tutorials and everything has been done and kind of she set herself up as a way that it wasn't dependent on her so it spread and i think she's got like five or six groups now running around the uk on a regular basis they're introducing more and more people into programming and i think it's just amazing if i can have that kind of impact yeah so i think that's her name exactly but it's codebar.io if you're listening what's her name again despo how do you spell that for me d-e-s-p-o d-e-s-p-o she's on twitter and github is despo as well all right we're gonna put a link to her twitter account in her github account in the show notes so if you want to check out despo here's not her full name her real name maybe she's being honest for a reason i like real names but uh if you're curious about her and she's the one you can go to codebar.io or you can check out the show notes and find her twitter links also despo so well today we're actually doing a little bit different so this is our unusual holiday episode we wanted to team up two shows we did so we talked to jonathan grudenberg about flynn uh about three four weeks back and it wasn't quite long enough of a conversation to have the full episode so what we're doing is we're combining this 60 minute show with that 35 minute show so it's roughly an hour and a half but that gives us our full length show so we've combined 24 full requests libraries.io and flynn into one single awesome christmas holiday episode so hopefully everybody listens to it and really enjoys it and at this time we're gonna take another break but it's just the goodbye for andrew but it's not the goodbye for the show so we'll take a break uh and when we come back we'll be talking to jonathan grudenberg before we go on that break and do you have anything else to say to the audience any more advice you want to share back to the community uh then just have a great uh christmas holiday well thank you for coming on the call we're gonna go into the break when we come back we're talking to jonathan about flynn we'll be back if you thought harvest was only about time tracking check again fast invoicing and payments you can easily create and send invoices and accept payments with paypal stripe and many more you got expense tracking without the mess you got an iphone or an android have to go on the go with you snap those receipts and store them in the harvest app you can also connect favorite tools like slack and use chat commands to start and stop your timers head to getharvest.com and start your free trial and once that trial is over use our code change law to save 50% off your first month all right we're back from our break here in the special christmas holiday episode part two talking to jonathan grudenberg the creator of flynn a next generation application platform the last time you were on the show was december 20th 2013 nearly two years ago you were on episode 115 most recently and then once before that again on episode 99 so it's been about two years since we caught up with you caught up with flynn so kind of catch us up with the last couple years of flynn yeah so we've had several major releases uh the most recent uh was our stable channel which was a week and a half ago and it is the first release of flynn that has an updater that can just update flynn in place with near zero downtime and it's basically good to go and you don't have to use the nightly like bleeding edge release anymore so what is this what is a channel when you say channel that mean think of it like a browser release channel so like firefox has several release channels there's a release channel there's a beta channel there's a developer channel and there's a nightly channel we currently just have two channels we have a nightly channel and a stable channel and we may like adjust that but we're doing this kind of browser style rolling release model where um it's like release trains so you end up with a new release every um every so often currently we're doing it every week or two and we're just rolling out a new update and we're not like we're really concerned about version numbers we're just um just rolling stuff out so working is all that really matters you're not caring about you know breaking changes in the past um yeah so the goal here is to have uh backwards compatibility with the past um for now like quite a ways back so the command line tool will work with forwards and backwards and you know the dashboard won't break when you update but any api integrations that you build won't break but we'll be adding new apis in a backwards compatible fashion interesting so let's uh before we go a little bit further let's kind of break it down for those who didn't catch episode 115 episode 99 which were awesome episodes uh you weren't alone you had definitely with you um is Jeff still part of the picture i think he moved on like beginning of 2014 um he's been doing all sorts of other stuff with docker and so on and we've just been like hyper focused on building a platform that helps you deploy your applications and super easy to deploy anywhere so the um the idea is that you write code as a developer um and getting that code into production currently is really painful you end up having to duct tape together a whole bunch of components um that you might like want to use containers and now you've got a whole like new set of challenges and we found that a lot of people were spending a ton of time just working on the deployment and orchestration of their applications and so our goal is to make it as easy as possible to deploy your applications in a highly available full tolerant way and um not just stateless web applications but also things like your backing stores so we have what we call postgres appliance which um it is fully highly available and if you're running across three nodes and one of those nodes fails it'll just keep on working and it won't beat your data and um it's safe to use kind of reminds me a little bit of the conversation we had with Mitchell recently i'm sure that auto was kind of interesting for you to see and it's promising a process how does something like auto fit into this world is it a competing thing is it a competing ideology i think it's a competing ideology so what we have is we have this um this idea that you should not have to worry about how things are deployed on your servers i know auto is doing some of that but it's doing it slightly differently in that um there's a whole bunch of like underlying stuff that you're going to need to know about like um are using nginx and how does that hook up to php and so on um with flynn you may need to worry about that but probably not it's just gonna work out of the box and we've got uh it's set up in such a way that you can just go to production right away you don't need to worry about um the difference between development and staging and production and so on i think auto's not concerned about where you're putting your stuff whereas uh it seems like flynn is more the platform you're deploying to and part of that platform you're deploying to you have the ability to deploy as part of this platform is that yeah describing it yeah i find the whole space just really confusing and we're trying to unconfuse that's part of the show is to demystify some of the stuff yeah um so my i really don't like i haven't actually used auto i've looked at a bit um if you think of something like kuroku where you're just like pushing your app and you don't need anything running on your local machine except for git in that case but you can also use our web dashboard which will clone from github and you don't need to have any local development tools installed on your local machine in order to use flynn um if you if you want you can install the flynn command line tool and manage your using that but you don't have to you could just like add your code on github and then go to flynn dashboard and click deploy so rewind back in time a little bit uh since we're back uh december 30th sorry 20th 2013 f so 115 at that time your page title on uh flynn.io was open source platform as a service powered by docker uh your page title now which to me that's just like a little quick description of like a snapshot of who you are yeah and now it says the product that ops provides the developers but then on your github it says next generation application platform a lot of buzzwords in there a lot of confusion if you kind of just trace back a bit right what does all that mean okay so originally we were very much designed as a platform that was built around docker and it was designed to be a bunch of components that were like easily composable and you could like use a single component without using the whole thing and what we found is that well a few people are interested in the idea of that very few people use that in practice and what people actually want we've talked to many many potential users and um people that were using what we are like prototypes and our mvps and so on and what we found is that everyone just wanted something that left them deploy their apps and they don't really care how it worked um so this is very much for if you if you don't actually like want to think about individual components flint is for you it's absolutely all open source and all the components are really easy to wrap your head around and you can totally modify it if you want but you don't need to it's just it just works that's the idea i know before we talked about fundraising and uh that line gets a little bit blurred when you talk about where money's coming from was it vc funding that it was this private investment from the community with an obligation for return what can you talk to us a bit about the fundraising version you've done what that was like as your company is it a company what is uh what is what is behind the actual software yeah sure so when we started uh we were not a company we were just a project that had a single web page that said we would like to build a platform along the lines of pro but open source um and you can deploy it anywhere and that really resonated with especially the hacker news community and we ended up raising close to 120 000 just in like kind of a kickstarter type thing uh in order to build that and so then we took that money and we built out uh an mvp of the platform and um we actually got the whole thing working you could put it up in a vm and deploy and we decided that we wanted to like take it much further than that to be like actually production ready and um and like much more full featured so we evaluated a few options we talked a lot of the original contributors and some new ones and we found that there wasn't a whole lot of interest in putting like more kickstarter style money into it so around that time that was uh in uh 2014 we applied to y combinator which is a startup accelerator uh in silicon valley and we got in and so uh we did a seed round in the summer of 2014 and we hired a team and so flynn is actually prime directive incorporated and we um we make flynn which is entirely open source and we will uh it's not open core it's just an open source product that you can run anywhere you want you don't pay us anything for it and we continue to develop that and in the future we'll have mostly sas products that integrate with flynn uh in a way that doesn't compromise the open source nature of it i'm really interested in the process of applying to y combinator can you talk a bit about as much as you want honestly i mean from the process of actually pitching to you know what was the real idea they bought into because as you said it's sort of more over time so what was the pitch then yeah uh applying to y combinator is i guess strange is one way of describing it there's just a a application with basically infinite questions on it and um it's really a flip of the coin whether you get an interview or not just because there's so many applications and after you do it you apply there's like an interview process where you do this rapid fire 10 minute interview with like three or four partners at yc um and i think what uh what they really liked was that we had a like a working thing that allowed you to deploy apps from github with basically near zero friction and um that is something that they got and so that's what i got is this unique to you i mean being being what you just said like is there anything else out there like you um there are other platforms uh i'd say the vast majority of them are limited in some way they're either very hard to install or like not easy to install or they most of them only run stateless web applications they don't have stateful services built in like our postgres appliance i'd say just i don't think there's any other platform out there that is trying to do the same thing that we're doing which is to be that like super easy to use super easy to deploy and manage and does everything you need out of a platform you don't need additional tools or components uh to use with it so maybe can be an example of a typical flynn production setup like uh be agnostic if you'd like to i mean i'd imagine people are thinking about aws or even uh our friends at digital ocean who sponsor the changelog so we have an affinity towards them but you know you an idea of what it looks like to have flynn production what servers are actually bare metal hardware needs to be in place um what languages people are dealing with what are some of the things that requires flynn to be in production what's it like yeah sure okay so we have a super easy installer um that basically installed the flynn command line tool but you don't actually have to use the command line tool you just type flynn install and it opens up in your web browser uh from a local web server that's in the command line tool and there's uh installation wizard that is very easy you can point it at aws you can point it at digital ocean azure or even um give it as state credentials to a few of your own hosts so you if you wanted a highly available cluster you'd tell it to boot up three instances on say digital ocean and it would tell the digital ocean if you had to boot those instances up and deploy flynn to them and configure it and you'd be ready to go take probably about 10 minutes and most of that is just waiting for the instances to start and install packages and so on so how much of that is kind of like magic inside of it to start it off easy and how much does the developer have i guess control over gene format um there's absolutely control over you don't have to use the installer you can use uh we have a script that um is much more minimal in that you can just run it on existing hosts um there isn't that much to configure in flynn uh we've designed that intentionally just so that you don't have to think about too much it's just configured to work out of the box and we're just getting best practices with it so you get stuff like for instance uh like i mentioned postgres that's just highly available out of the box you don't have any configuration whatsoever is there a reason why it's postgres and not my sequel or something else like maybe rethink or yeah you know insert database name here right um so we started postgres because we wanted to keep uh heroku compatibility and heroku has postgres as a first class citizen so we're using heroku build packs to deploy apps as well but we'll be adding more data appliances in the future so um stuff like rethink db and redis and mongodb and all these things that um are used quite extensively uh will be coming to flynn in a way that is just as easy as our existing postgres clients in that you just say hey i need a mongo database for my app and it sets it up for you so in your own words what is the problem and then the dream of a developer that is like man flynn is awesome i love it okay so the problem uh i assume you're asking like why would someone choose right um i'd say that this is the um currently it is the hardest that's ever been to deploy an application like think back to when you could just ftp php files up to a share to somewhere in that work right and it's actually the easiest it's ever going to be to deploy apps so there's more and more tools you have to worry way more about security you have to worry way more about high availability and backups and disaster recovery and so on just because people expect way more out of the products that you're selling them on the internet as sas and so on even just a static website needs to stay up the whole time so i'd say that is the problem that we're solving this problem of how do i get stuff into production and keep it up and running so when flint solves a problem it was designed to solve what's the dream of the developer what's that look like yeah and so that is a single cluster where you can just run everything whether that be a stateful app that is legacy in some way or you wrote internally like there's many companies out there that have um they have special databases that they wrote like a graph database that's specific to their use case and so on you can run that on flint as well as um all of their apps whether they be from like open source from github or developed internally as internal apps or developed as customer facing stuff all of that can be deployed and on a single platform and you don't need any other tools to manage that in production so all you have to do then is just pick your host yourself and have fun i guess is that right yeah absolutely um and i should mention that like there are definitely some areas where we're like still working on it so we're i'm currently working a lot on the security parts of flint we um we basically have no internal authentication and um there's uh there's a bunch of there's no user management and so on so we're working really rapidly to fill out these gaps that we see as barriers to adoption i was reminded when you said that of your twitter handle uh not your handle but uh your bio and your twitter and it's like security focused computer i've never really heard anybody say that but that's interesting yeah um i really think that where we are with computing is um it's not great it's just computers are very unreliable they don't do what you want them to do they're very insecure and so i'm working on fixing that gotcha so flynn uh in the past when you were on with uh with jeff we um we talked about doku which was something he'd written and then you got uh deus out there and for those out there listening now and thinking okay flynn doku deus and xyz that i may not even covered that we haven't heard of yet where does flynn fit in what what is the future of what flynn is in comparison to the other options out there as the same or something like platform as a service it really depends on what we're talking about here i think for the most part we can generalize and say that there are um there are many platforms that are like successors to roku in that they have basically the same functionality except they are open source or not there's some non-open source platforms that are roku clones that you can run elsewhere and so like i think of some of the ones you mentioned as being in that bucket doku is the one case where it's even more limiting that it's only designed to run on a single host and it's very very minimal but most of the other existing platforms are they're just direct copies of roku in that they run state-less web applications that serve http traffic okay and so i guess maybe that makes me think about what your inspiration was then so if those seem to be successors were inspired by a roku situation what was the beginning of flint like for you definitely inspired by roku um but we really want to take it further and say hey i got you know apps that i can deploy on broku or a roku-like platform but what about all the other stuff like my databases and like an irc server or a mail server like where do i deploy those and the answer at the time was oh you spend a while writing some configuration management scripts that are like very specific to the host you're deploying on and you manage those separately and our goal is to make it so that you don't have to do that you can just deploy all your stuff on flint when you look at the platform as a service i guess landscape if i can say that what does it make you think of like does it encourage you more to what you're doing with flint or are you like wow we've really got a you know i think i'd rather expand that to not just platform the service but like there's a whole there's this whole like new infrastructure space um and the focus seems to be a lot on very specific tools so you have you know service discovery tool or container management tool or an overlay networking tool all these things are components of a well-built platform there are very few well-built platforms and if you don't have one of those then you're still kind of blooming these tools together and ends up being a lot of work and it's a lot of time and it's just not as resilient as it could be we talked about getting started to a degree we talked about being production ready so when you say stable channel that means that it is stable it does work and you were suggesting that it should be used in production is that correct yeah with a few caveats so we definitely have people that are using in production um there are like we're certainly not bug free in that there are people are finding issues now and then we fix those pretty fast but um the main thing right now is that uh we don't have like multi-user support or the ability to run even like close to untrusted code on the platform so there's a bunch of like internal apis that are exposed that we need to lock down more um that is the main thing we're focused on right now is making sure that it's secure enough to be able to deploy anything that you found on github without worrying too much about it this is sort of a slight tangent to a degree but i had it down here i can't leave this conversation without asking it which is what's a typical day in the life of johnson like you know what do you do what's what's money for friday for you or is it monday through monday i don't know is it seven days before you know that would definitely be like monday through sunday um yeah uh so today looks like i have a bunch of github emails in my inbox uh various requests and issues and so on and so i do a bunch of code review and respond issues um catch up with people in irc um and then get to work on my list for the day of software that i'm developing um whether that be actually software writing documentation um and all the while like watch irc and our internal chat or issues that come up so um we try to be super helpful in irc if you have any issues with fling you can get ahold of us really easily um and we actually uh have people in different time zones so the coverage tends to be pretty good we haven't really talked about the size of your team really what's the size of fling like these days uh we're about half a dozen people wow okay yeah so i guess being through y combinator coming out what is what is the state i guess of dare i say runway i mean that's what it is i mean somebody's got to pay for your time you're worth a lot and so the rest of your team so there's funny there's money there uh what is it like on the funding side do you have a long-term partner who's like hey i'm just interested in the long-term future this pay me back when you get a chance or um i'd say the answer is that the funding ecosystem is complicated um and i don't really want to get too much into the weeds here but uh we have no uh concerns about our our runway um and hopefully yeah we have absolutely no concerns about the runway we'll keep developing for the for the foreseeable future some backstory on that that question to you wasn't loaded i promise but we had a conversation with as i mentioned before with slava open chat talk about rethink you being there and we're both surprised by the um patients that not so much they're not doing what they should be doing but you just seem to have investors who are like just more flexible i don't know how to describe it and then obviously initially he took a little funding recently with uh with uh hashi corp and then we also had the guys kind of metabase obviously was also vc funded and uh so we're seeing a trend here and i can't help but ask questions like okay if you're taking investment and you're building a company but you're also completely focused on like you are you know just not so much like a devil's advocate kind of thing but like how do you as a software developer navigate that world and how can you share or encourage other developers out to have just as much dreams and ideas as you do accomplish some of their goals yeah um okay so i think there's a few things we should unpack here um the first one is uh vc funded open source which i think the jury's still out on there's um there there are a lot of new companies that have been funded recently that are working on open source either full-time or part-time um whether they have commercial products or not there's also there's a whole gamut of stuff and i think the interesting question i don't think it's been answered yet is what how does that play out like what are the business models that end up being successful because the there are very few like successful open source companies that you can point to that have been around for a while and i think the big one you can think of is red hat and they have a very like relatively enterprise-centric support contract business model which works well for them but i'm curious to see how that that scales and whether um these new companies are in that that same position um we're very focused on not compromising the open source nature of the project so as i mentioned before we don't want to do open core which is where you have like enterprise features that you're selling and you're actually selling binary software to run on servers and we're just not interested in doing that so we're really focused on um how can we uh you know be successful as a company without having to compromise the open source nature of the project and so far we think the answer to that is uh sas products that are like really a huge value add uh to flynn without having to um install any binary proprietary software on your computer and um the other thing that is worth discussing is um this like if i have an open source project how do i you know take it to the next level and i don't i don't know the answer to that uh i know that one answer is absolutely raising venture capital um it is it is complicated and it really depends on your situation like that's a very person specific thing there's yeah yeah i kind of figure that because it's um you know i think with y combinator it would just make sense the process of going through that and you obviously get exposed to a lot of uh people who are willing to invest so through that you might come out with new connections maybe no particular ties with yc i don't know the terms are but i think it's like five percent or ten percent they take some sort of equity they take uh seven percent they give you 120 000 um and the uh the big deal of y combinator is you get to go to demo day which they have a whole bunch of uh like early stage investors right and so it ends up being relatively easy compared to not going through y combinator to raise a round of you know a million or two or three million dollars any other particular insights or advice that you if you have the ear of the open source world on on accepting money taking pc what this process like for you anything i want to share i think that it's important to think really carefully about the um the goals of the project before you're considering funding and how the funding will impact that so whether you can find uh investors who are willing to like go with the open source nature whether they will pull you towards selling proprietary products which that's definitely happened so you mentioned that uh some particular sas models that you have uh ideas or is right i'm not asking for product names or whatnot but is there anything in particular you can share about what the future of i guess revenue generating things will be for flynn um i don't really i think it's i think it's too early we're like super focused right now on getting people happy with flynn so if you are a um if you are like have the problem that we're trying to solve which is deploying stuff is too hard and takes too long and you need something like flynn then we're really interested in getting you using flynn and that is our focus 100 and our investors understand that and are totally up for that and so i think that the uh the monetization will come a bit later after we have this really great core of community and we already have over 90 contributors to the open source project and our irc is pretty active we're we're super interested in building out of the user base and community of flynn as we're talking earlier about the day of life of jonathan i was thinking okay you got 237 open issues right now on the flynn repo uh so your day must be pretty busy just considering the traffic of issues on the on the project alone uh i think you mentioned the popular bit so 400 or sorry 4,025 stars uh so it's definitely popular if you have the ear of the world to step in and help out how could you know how could our listeners step in and say okay i'm interested in flynn how can i be of service what can i do from an open source perspective to move things along with you yeah there's lots of cool stuff to do so uh the very easiest is absolutely just installing flynn and trying it out with your apps that work or your side projects and so on and um seeing if it works for you and if it doesn't telling us why it's not working and we really want to fix that uh if you actually want to commit some code or docs there's lots of stuff to do there's um the reason why there's so many issues is we actually attract feature requests on github too so there's uh we've got an easy tag on github and if you just click on the easy tag you should see a bunch of like things that you could get done in an hour less and um flint is really easy to contribute to it's written in go and we have a development environment that um spins up in a vm using vagrant so you can just um have like one command and be ready to go and like develop them locally i love this easy tag it's so cool we got 52 open issues i don't like the column issues because that doesn't mean like you got you know 230 whatever bugs out there it's you know legitimate community focused conversations basically yeah absolutely this easy tag is really interesting though i don't know if we connected a little bit there or had a bit of lag the easy tag i think it's really interesting i don't know i've seen that before did you get that idea from for easy tag um to be honest i don't really remember i think i've seen it in a few repos i couldn't get one off the top of my head um the idea though of having these like relatively small chunks of work that don't require a ton of knowledge and um and get you started contributing to the project i'm i'm really excited to help new contributors um work on flint because um it's really neat to see the new perspectives and um there's it's always nice having someone else write code for you yeah whenever you can get the community step in and help out with the actual mission of the project is always going to be a good thing so yeah absolutely okay uh i guess we haven't talked too much about language but i know flint's been written in go since the beginning am i right on saying that that's absolutely correct okay so having been what's about four or three or four years old now the project uh yeah we started in um like july end of july august 2013 okay so two and a half years so that's about two years after go was actually written maybe three years after it went public yeah i want to say we started with like go 1.2 or so okay and the reason why i'm asking is just kind of getting a heartbeat on like you're happy this level with go quite happy um yeah i have i have no meaningful complaints go is really great because it allows our new contributors to get up and running really quickly it's not a hard language to pick up um and you can come to it from any other language so whether you used to program and you know you're a c kernel hacker or you wrote rails apps you can contribute to flint using the go language really easily has there been any other attraction for you to other languages like rust or crystal or anything else you can think of that might have drawn your attention not that go isn't good enough but has there been any other attraction to other languages that you think man if flint would have been written that it'd be better i keep trying to find an excuse to do something in rust um and i have like i've been reading some rust projects recently i haven't actually written any uh that is the only like language that i think i would be um that i think has a future currently in flint i'm always excited to see new languages that people are targeting at production because there's there's kind of a few different classes of programming languages that people develop and uh only a few of them seem to be like really like laser focused on use in production and i think that that is something that the go community has gotten sorted out if you have the ear of the go community which i'm sure you do in your own ways not just with our help but uh any sort of congratulations anything you want to say back to the go community that you're excited about with go i think that just in general quality of the community is great uh there's a really strong focus on just um on writing code and doing stuff with code as opposed to um like kind of rehashing the language um which i think is some people get upset about you know oh the go people aren't super interested in changing language but from the perspective of someone who's like using this all day every day it's a solid language it has you know i think there are like reasonable complaints about some of it but it's um it's overall really really really easy to get started with and um and the the quality of the tooling is pretty great i think the last thing that uh that is problematic in go is the whole like vendoring and package management situation but they are finally sorting that out so in the next few releases we should have that like totally fixed did you happen to make it to go for con this past year i did not unfortunately do you have to make it to any go for con i know i've never been to go for con i haven't mostly been hold up working on yeah i haven't really been out to any conferences uh the first conference i'm going to um this year is uh at the end of the year 32c3 i'm really interested to uh because we plan to be a part of go for con next year i'd be really interested to see um a talk submitted from you on just a lot of the stuff you've done because i mean it seems like you're solving really interesting high-level problems that that you can share a lot back to the community and when we were there it was really interesting you know a lot of things you're saying about the community we saw that firsthand so you know you have that perspective without going to the go conference you know yeah absolutely i'm definitely going to consider what conferences to submit talks to this upcoming year cool all right let's let's tell the show then so github.com slash flynn is the org on flynn you've got flynn.io so that's f-l-y-n-n so two n's dot i-o and i never even mentioned this but your tagline on the home page is just stunning throw away the dictate say hello flynn yeah just in retrospective of our conversation here it's very fitting thanks and then you're also available on twitter at titanous that's t-i-t-a-n-o-u-s through.com of course so jonathan thanks so much for taking the time to come back on and just catch us up with what you're doing i'm super curious what's going on is there anything else you want to cover before we close out no thanks for having me you're welcome it's a pleasure to be back on the show uh in that case let's go ahead and say goodbye then bye everyone bye