Invest In The Software That Powers Your World
This is a modal window.
Das Video konnte nicht geladen werden, da entweder ein Server- oder Netzwerkfehler auftrat oder das Format nicht unterstützt wird.
Formale Metadaten
| Titel |
| |
| Serientitel | ||
| Anzahl der Teile | 39 | |
| Autor | ||
| Mitwirkende | ||
| Lizenz | CC-Namensnennung 3.0 Unported: Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen. | |
| Identifikatoren | 10.5446/67223 (DOI) | |
| Herausgeber | ||
| Erscheinungsjahr | ||
| Sprache |
Inhaltliche Metadaten
| Fachgebiet | ||
| Genre | ||
| Abstract |
|
FOSS Backstage 202223 / 39
2
9
11
15
26
30
36
37
00:00
Open SourceReelle ZahlComputersicherheitGrundraumMathematikerinProzess <Informatik>Codet-TestGraphentheorieKryptologieProjektive EbeneInternetworkingDigital Rights ManagementSoftwareentwicklerOpen SourceSoftwarewartungTelekommunikationVollständiger VerbandZweiVorlesung/KonferenzBesprechung/Interview
02:22
PasswortInternetworkingCodeMultiplikationsoperatorComputersicherheitProgrammfehlerProjektive EbeneVorlesung/Konferenz
02:57
WeitverkehrsnetzComputersicherheitInternetworkingSoftwarewartungInternetworkingProjektive EbeneComputersicherheitQuick-SortProgrammfehlerRechter WinkelComputeranimation
03:39
Rippen <Informatik>BaumechanikOpen SourceSoftwareRechter WinkelBitMultiplikationsoperatorProjektive Ebenep-BlockNabel <Mathematik>DifferenteSoftwarewartungTechnische Zeichnung
04:56
BitProjektive EbeneZahlenbereichSoftwareentwicklerSoftwarewartungMultiplikationsoperatorArithmetisches MittelPunktCodeRechter WinkelComputeranimation
06:23
CodeSoftwarewartungZahlenbereichProjektive EbeneHilfesystemMultiplikationsoperatorVorlesung/Konferenz
07:06
SoftwarewartungRechter WinkelProjektive EbeneServerOpen SourceMultiplikationsoperatorProzess <Informatik>SoftwarewartungReelle ZahlPunktwolkeHilfesystemGüte der AnpassungKonfiguration <Informatik>Service providerHardwareComputeranimation
09:07
Konfiguration <Informatik>InternetworkingProjektive EbeneOpen SourceSoftwareentwicklerOffene MengeVorlesung/Konferenz
09:54
Projektive EbeneOpen SourceFormation <Mathematik>Konfiguration <Informatik>SystemplattformSelbst organisierendes SystemDatensatzComputeranimation
11:04
Delay Tolerant NetworkCodeOpen SourceKonfiguration <Informatik>DatenstrukturRandwertRechter WinkelComputeranimation
11:37
KryptologieProgrammbibliothekSoftwareentwicklerDokumentenserverComputersicherheitSSLProtokoll <Datenverarbeitungssystem>Urbild <Mathematik>GradientFramework <Informatik>Arithmetischer AusdruckWärmeübergangROM <Informatik>Komponente <Software>BenutzerfreundlichkeitSoftwareBetriebsmittelverwaltungGruppenkeimBenz-EbeneOpen SourceSoftwareentwicklerProjektive EbeneProjektiver ModulUrbild <Mathematik>Prozess <Informatik>Selbst organisierendes SystemRechter WinkelComputeranimation
12:37
E-MailProjektive EbeneMultiplikationsoperatorAdressraumOpen SourceEINKAUF <Programm>Prozess <Informatik>Ordnung <Mathematik>Rechter WinkelGüte der AnpassungCASE <Informatik>Physikalisches SystemMereologieBitDivisionSoftwareentwicklerInformationBenutzerprofilSoftwareTypentheorieRelativitätstheorieDesign by ContractGreen-FunktionMailing-ListeWort <Informatik>Regulator <Mathematik>DatenmissbrauchGewicht <Ausgleichsrechnung>DatenflussOffene MengeFormation <Mathematik>EDV-BeratungGesetz <Physik>Vorzeichen <Mathematik>KreisflächeKlassische PhysikZeiger <Informatik>Computeranimation
20:30
Quick-SortMaschinenschreibenE-MailAdressraumMessage-PassingMailing-ListeFormation <Mathematik>Vorlesung/Konferenz
22:01
RückkopplungMustererkennungSoftwareentwicklerRechter WinkelProjektive EbeneLeistung <Physik>RückkopplungOpen Sourcep-BlockKollaboration <Informatik>SystemplattformMereologieOffene MengeSystemaufrufAutomatische HandlungsplanungBitSoftwareKontextbezogenes SystemMustererkennungQuick-SortAusnahmebehandlungProfil <Strömung>SchnittmengeBenutzerprofilService providerComputeranimation
25:51
Landing PageRückkopplungOpen SourceMereologieContent <Internet>Projektive EbeneHinterlegungsverfahren <Kryptologie>Computeranimation
27:26
Open SourceOffene MengeSoftwarepiraterieComputeranimation
28:00
Digital Rights ManagementMereologieGrößenordnungProgrammProzess <Informatik>RichtungVorlesung/Konferenz
28:51
PunktInformationsmanagerElement <Gruppentheorie>Rechter WinkelSummierbarkeitOpen SourceCASE <Informatik>GrößenordnungGüte der AnpassungProzess <Informatik>InformationStrategisches SpielFormation <Mathematik>Grundsätze ordnungsmäßiger DatenverarbeitungOrdnung <Mathematik>Vorlesung/KonferenzBesprechung/Interview
30:56
Benutzerprofilsinc-FunktionProjektive EbeneSoftwareVorlesung/Konferenz
31:32
BenutzerprofilSoftwareentwicklerProjektive EbeneSignifikanztestInformationMereologieGüte der AnpassungBesprechung/InterviewVorlesung/Konferenz
32:25
Projektive EbeneDifferenteBitOpen SourceCASE <Informatik>UnternehmensarchitekturFreewareFormation <Mathematik>PunktMathematikBesprechung/InterviewVorlesung/Konferenz
34:50
Open SourceProjektive EbeneRechter WinkelGüte der AnpassungProzess <Informatik>SoftwareKlasse <Mathematik>SchnittmengeBitOverhead <Kommunikationstechnik>Quick-SortVerknüpfungsgliedBesprechung/Interview
37:08
MultiplikationsoperatorSelbst organisierendes SystemLokales MinimumBitMAPOpen SourceProjektive EbeneSoftwareCoxeter-GruppeSoftwareentwicklerProzess <Informatik>Vorlesung/Konferenz
38:42
Prozess <Informatik>Güte der AnpassungOpen SourceMultiplikationsoperatorRechter WinkelBesprechung/Interview
39:29
OrtsoperatorRechter WinkelService providerWeb SiteGeradeMagnetkarteGüte der AnpassungVorlesung/KonferenzBesprechung/Interview
41:11
Open SourceVorlesung/KonferenzComputeranimation
Transkript: English(automatisch erzeugt)
00:04
Thanks very much, thank you Paul. Wow, you know, it's just so cool to have an actual real live audience, real people with real faces. Okay, eyes mostly.
00:23
Alright guys, I would like you to meet Steve. This is Steve, say hi to Steve. Hi Steve. So this is not his real picture of course, but Steve is a real person. He exists in reality. He is a mathematician. He has special
00:42
knowledge in cryptography. He has a PhD in graph theory and he's 54 years old now and he lives in Staffordshire, England which is near Birmingham. He works as a software developer and Steve is really good at his job, so that means his day job isn't exactly just 9 to 5. And he also loves his job which is why
01:05
he has a little side project of his own, a little open source project that he started a few years ago. And this open source project has to do with cryptography, has to do with internet security, online communication. And well, at first you know a few people found out about it
01:24
and used it in their projects and then a few more and then it was finally a few dozen projects and then a few hundred, a few thousand and now it's literally millions of projects that use Steve's tool. So Steve started to work
01:41
more and more and more. Yeah, this was all in the evenings and on the weekends and some more and some more. So you can imagine he started to work a lot. Now he was the only maintainer, the only code maintainer for this project until another guy, coincidentally also named Steve, joined. The second Steve was actually more of a business project manager kind of guy. Very helpful
02:05
but he didn't actually do code reviews. That was still Steve's job. Okay, so in 2012 a German student from the University of Münster contributed some code to Steve's project. Steve reviewed it, accepted it into the codebase
02:24
and was happy with it. Unknown at the time that this did introduce indeed a bug that was only revealed in the public in 2014. And when it was found out it was a really, it was a big problem. It was the single largest breach
02:42
in internet security compromising passwords and sending governments and companies scrambling. This project is called OpenSSL and you probably have heard of it, yeah. And in 2014 this was the so-called heartbleed bug that
03:00
was revealed. And only then did this project get some attention and people were actually curious who are actually the maintainers behind this project. And then they found out, oh, it's these two Steves, yeah. And then this gave rise to sort of funny headlines like this. The internet is being protected by two guys named Steve. And one was Steve, one was Steven actually, right. So the two
03:24
Steves and they were these two underpaid, overworked guys who just, you know, yeah, took care of our of our internet security. Alright, so you've
03:40
probably all seen this. We just saw it in a talk earlier by Thomas, right. And this depicts a very typical situation. I mean it's, I know it's been used a lot this picture but it's still, it's just spot-on, right. In software, you know, one building block builds upon the other and then you get to a situation where you have this one small piece of software and if you remove it, it all
04:02
comes crashing down and we're gonna spend a long time reassembling civilization from the rubble, right. And so this is what happened with Open and SSL. And this kind of thing happens again and again. The OpenSSL was really, really grave and of course you all remember log4 shell. Obviously I need to
04:21
go into this, this is just very recent. It was the same situation, right. The only difference being with Open, with log4j, it was actually three guys who were the main maintainers and they are not, they don't have the same name. They were called, or are called Ralph, Matt and Gary, right. Okay, but
04:41
essentially it's the same thing. So this presents a bit of a problem and in the talk by Thomas Fricke just now, we heard, he gave us a few more examples of open source projects that are maintained by one or two people. Alright, so what can we do? Well, there is a few things that we can do. One, for
05:03
example, would be go and contribute to these projects, right. Contribute code. It doesn't have to be only code. You can contribute documentation or UI, UX stuff. Anything helps, yeah. We ask our developers at
05:21
Mercedes-Benz, please contribute high quality code or make high quality contributions. Why? Because obviously, you know, if you contribute stuff that is not thought through and that is not good, then it creates even more of a burden on the maintainers. This is also not to say, however, if you're a
05:46
newbie and it's your first contribution, like, oh no, I can't do this, no, please do it anyway. The maintainers are usually nice people and they welcome any contribution, but what I mean is high quality, well as good as you can, but don't just, you know, throw random stuff at them and it's like,
06:03
here, no, this needs to be in, but you can work it out, okay. Not like that. A bit more diligence, alright. High quality diligence. So, now it turns out the number of contributions that OpenSSL was getting was never the problem.
06:21
At any given point in time, they had about 200 contributions, at least waiting to be reviewed by Steve, yeah. So, the number of contributions wasn't the problem. It was, you know, the bottleneck Steve. He was the only guy, or the two Steves, but, you know, for code it was only the one Steve. So, you could, for example,
06:45
it would be extremely helpful, become a maintainer for a project, alright. If this is a project that you use a lot and maybe you have already done some contributions and you know the code well, maybe you can become a maintainer. That would really help Steve, alright. Become the third Steve, maybe.
07:04
So, become a maintainer. Now, obviously, not everyone here does have the time. You can be a maintainer for 10 other open source projects. But, you know, as I said, if you're already familiar with the project, you use it a lot, why not become a maintainer? Think about it. That would really help. So, if you can't be a maintainer, what else can you do?
07:24
Well, okay, simple. You can just actually maybe donate, give them some money, provide funding. How does that help? Well, so Steve had a day job that was being paid and his open source
07:41
engagement wasn't paid. If Steve had enough donors and sponsors, maybe he could quit his day very small salary, but a decent and adequate salary, right.
08:02
These projects need servers. They have costs for hardware, for all kinds of things. So, they actually need money and a lot of times these people are paying it out of their pockets as well, right. So, that helps for funding, okay. So, funding is a good thing. I'm going to concentrate the rest of my talk mainly on funding and how to do this.
08:24
Another option, just to mention this, is foundations. Become a member of a foundation, your company, right. For example, we are founding members of the Eclipse Foundation. We have Michael Tlage here from the Eclipse Foundation. We are members of the Linux Foundation,
08:43
cloud native and Hyperledger Foundation. Why is that useful? Well, because foundations provide a lot of help for projects, right. They really are also open source heroes and, you know, all the Apache Foundation and so forth, right. So, become a member in foundations.
09:05
That's a good thing as a company. As a private person, you can do that as well, of course. All right, so let's look at funding. How to do funding? There are now more and more options, how you can actually get the money to the open source projects and to the developers.
09:27
You know, companies when they pay money, they somehow, they have to do it somehow. They can't just, you know, pay some random guy in the internet, here's some money. It doesn't work like that. So, you can go through, for example, GitHub. GitHub sponsors has been introduced about
09:43
a year and four months ago and you can use that to donate money to the projects. Or, another option is Open Collective and they're open source. We open source collective and they're also here, a recording partner, sponsor for this foundation. So, the fees when you have to pay,
10:06
what you have to pay. Open Source Collective takes 10% on incoming funds. They're a non-profit organization. That means they really use this money only for their costs, okay. So, that means if you have a thousand dollars, you want to give a thousand dollars
10:22
to a project, either you give a thousand dollars and then they will receive nine hundred or you give eleven hundred and twelve to Open Source Collective and then they will get a thousand, 10% deducted. All right, GitHub right now, they're still doing it for free. They will introduce fees sometime this year, I expect. They don't know exactly how much,
10:44
but it will be under 10% somehow, probably nine, I don't know. There are other options and, for example, here Linux Foundation has a crowdfunding platform. They're really good with the fees. They don't take any fees for the first ten million dollars
11:01
and then five percent after that. And then, whoops, here I have listed a bunch of other options. I'm not very familiar with these myself. I haven't really examined them very well. Some of them are kind of niche ideas, but they may be interesting, so why not take a look. Liberapay, Bounty Source, Stake Social, Tidelift, Issue Honda, and Excess Code.
11:24
I don't know exactly their fee structure. There are a lot of options out there now, how you as a company or actually even as a private person can donate money. We are partners with GitHub. We use GitHub for our software development and we have started
11:46
donating money to the open source projects. Right now we're sponsoring 27 organizations and developers. So it could be an organization, it could be an individual developer. Here are just some, Curl, Fyber, Synder Sol. I don't know if you know this guy. He's one of the
12:04
really big open source heroes. He has hundreds of projects. He's really cool and he lives off of it. He has enough projects and enough funding now that this is his actual job. He does his own open source stuff and he receives enough money from a lot of companies and people that he can
12:21
actually live off of this. So this is good. OpenSSL, we have started funding them as well. And Log4j, we're funding them also now because it makes sense. I would like to tell you a little bit about how you actually do this because up until now it
12:44
sounds easy, right? But when you now think, okay, this is a great idea. I want to do this in my company. And you go to your company and your financial people and you say, hey, I want to pay X amount of money to this open source project. Then they're going to say, uh-huh, okay, so
13:02
wait a minute. It's not so easy because you have to set up all the processes. It's easier in small companies and the bigger the company, the more difficult it gets because the processes are. Okay, so first of all, in general, the idea of how it works is like this. So we give money to
13:23
GitHub and then GitHub gives the money to open source developers or projects and takes a deduction or not. GitHub doesn't, as I said, not yet, but real soon. Okay, this is the money flow. But now, as a company, when you want to implement this, I struggled a long time
13:46
really setting this up. So I would like to give you some insights, maybe some pointers, if you want to do this as well. So when a company pays money to somebody, they usually do it either through a purchase order or through a classical sponsorship.
14:11
So purchase order, you buy something, whatever it is. It can be a screw, a part, something small, something big. It could be a supplier, whatever.
14:25
What is the word I'm looking for? A consultant, thank you. So you buy something, you pay money. Fair enough. The other way to get rid of your money as a company is a classical sponsorship. So for example, Mercedes-Benz sponsors athletes for wearing our logo on their sleeve, right?
14:46
Famous athlete, it's nice, he or she's on television, you know, Mercedes-Benz, nice, so we pay money. That works as well. But now what is open source sponsorship? It's called sponsorship, but is it actually sponsorship? Not really, because the person is not wearing our logo
15:03
anywhere. I mean, maybe it shows up on their GitHub profile. Okay, fine. But it's just not classical sponsorship. At the same time, we're also not buying something. We're not going to these open source developers and tell them, hey, we give you money, we want to support you, you have to implement a feature for us. It doesn't work like that. And even if it did
15:24
work like that, then we need to sign a contract with this guy. He might be working in South Africa. Now, okay, we can wire money to South Africa, but we need to set up a contract with him. We have to have a supplier relation with this guy. And he might be anywhere in the world.
15:42
We might not even know where in the world, right? So it's really difficult. And now, you have to talk to the people in your company who are responsible for sponsoring or are responsible for purchasing. In the case of Mercedes-Benz, it gets really complicated
16:01
because, you know, purchasing in itself is a big division. Yeah, purchasing parts and purchasing software and purchasing anything. So you need to find out who's the right person. And then you kind of get pushed around. He's the right person. Okay. Then, oh, but it's get up sponsors. You need to talk to the people from sponsoring.
16:22
It's like, okay, good. I'll talk to them. And they're like, yeah, but this doesn't sound like sponsoring. You're buying something. So it's purchasing, you know, and it's going circles. The thing is because it doesn't fit any existing process. All right. And so you have to figure out a way. You have to talk to all these people, make sure they're on board, and then you can finally decide, okay,
16:40
we're either going to establish our new process for open source or we will call it purchasing or we will call it sponsoring. Okay. Either is fine. New process usually is really complicated. Sponsoring. Yeah, why not? Purchasing. Why not? As long as it fits
17:00
whatever fits your purpose. Okay. But I'm just saying it can get complicated. Okay. And another thing that you need to pay attention to is compliance. All right. When a company pays money to somebody, you want to make sure you know who this person is
17:22
because you don't want to finance some dark channels and then it ends up in the presence as Mercedes-Benz is sponsoring the dark net of evilness or something. Yeah. So that's why when we pay money to someone, to anyone, we check their names
17:46
against sanction lists. Yeah, there's a system and you type in the name and then it comes back green or red. If it's red, you have to actually look closer into it. Doesn't necessarily yet mean this person is evil, but check. Green is good.
18:06
But now that's, by the way, banks, everybody does this, right? But if I want to pay money to Anna, I need, so I punch her name into the system and then the system comes back.
18:25
But in order to do that, I have to ask for her permission. Anna, is it okay that I put your name in our system? Yeah. I have to ask you for permission. Is it okay? I have to tell you exactly why I'm doing this and I have to give you the right to revoke your consent as well.
18:42
Okay. So, but now the thing is, open source developers, yeah, you don't know their names a lot of times, right? Because they have like whatever username that maybe a lot of times they do reveal their real name, but a lot of times they don't. And so now I go to GitHub and I say, dear GitHub, I want to
19:04
sponsor these people, but I need to have their contact information so I can ask them for permission that I put them in the sanction list check, right? But now GitHub tells me, huh, Wolfgang, that's really great. That's really kind of you, but we cannot give you the names of these people because of data protection laws, right? GitHub with these guys signs,
19:28
you know, they have a contract or like the user regulations and they say, we will not give your name to a third party and we are now a third party. We want to give
19:41
them money, fine, but we're a third party. So GitHub says, sorry. Okay, they helped you there. Yeah. Okay, what's the way out? I mean, a way out would be GitHub will change their regulations and tell the users, hey, if somebody wants to sponsor you, then we will ask you for permission
20:01
if we can give the names to the company. Okay, that's a possibility. But that wasn't implemented yet because we, you know, we were one of the first companies that started this with the GitHub sponsors thing. And so I just had to go there and find these people's names. So some had their name. Okay, fine. But then I had to send them an email. I couldn't just use
20:25
their name and punch it into the sanction list check system because as I said, I have to ask their permission. So if they don't publish their email address on GitHub, you know, then how do I get in touch with them? Well, sometimes I found them on LinkedIn and I said, hey, can I send you
20:40
an email, please? Sometimes they had their email there. Sometimes I just placed an issue on GitHub. I said, hey, we would like to sponsor you. Can we talk? Can you send me an email, please? You know, and so that way I did get a hold of all of these people, but it was really complicated.
21:00
Every git commit has an email. Yeah, I don't think every, I don't know. I'll check it out, but yeah.
21:23
Yeah, so anyway, I can tell you, we tried all kinds of ways. In the end, we got there, but it was actually complicated. Okay, so these are just things you have to think about. That's sort of my main message at this point because at first we thought, yeah, we're just
21:41
gonna do this. It's great, yeah, and then you get to the details and then these things come up. Yeah, but you can't just put their name into a sanction list check because you have to ask their permission. What else, right? Okay, but in the end, it's all good. So,
22:00
now that I had the email addresses of these people and they had mine, you know, they gave me feedback when we sponsored them, and here's just a few things of feedback. So, here, I'm humbled by the fact that people found out about my project and actually use it. They weren't aware. They're like, it's just there, but nobody uses it. No, we use your
22:21
project. Oh, and even Mercedes-Benz uses my project. Wow, how cool. Thanks, it really gave me the kick I needed to continue working and that good feeling one gets from contributing to something. And this helps the team to be even more motivated to increase the quality of the project.
22:41
Thank you again for the recognition. I'm also receiving a lot of contributions from your team, which I greatly appreciate. Or, here's one more. We're very happy to get this sponsorship and hope it will open up all sorts of new avenues for collaboration. So, this is really good, right? After, you know, you do all this and you go through and then you get this feedback.
23:00
It's like, good. It reaches its goal, hopefully, and makes people happy. What is more than the money that they received? I think it's the pat on the shoulder they got, the reward, the recognition. Of course, you can't buy bread with thin air, thank you.
23:22
But I think the people were really more happy for the recognition and for for the pat on the shoulder. So, that was really nice. Okay, so far so good. We are continuing the sponsorships.
23:41
How do we find out the projects? Which projects do we sponsor? Well, we asked our developers. We asked our own internal community. So, we made calls. He's like, guys, we're going to do this. Who should we sponsor? Which projects
24:00
do you use in your projects? Which open source people you think need sponsorship, like sponsorship? Who are your heroes? Which is the software that we depend upon? Which is the software that powers our world, right? And so, we made these announcements. Hey, please
24:23
tell us. And then we got lots and lots of ideas. Not all of them were sponsorable or sponsorable yet, right? They hadn't set up a GitHub sponsorship profile. They were on another platform. We don't currently support open source collective
24:41
yet, but I plan to do this in the future. But now you've got a little bit of an idea why this is kind of a complicated thing for a new platform, but we'll try anyway, right? Yeah, so we got feedback. We also had a project that we want to sponsor and they said, you know,
25:01
it's okay. We don't want to receive sponsorship. We're open source and we do this for free as a hobby. Let's keep it that way, right? That's the exception because usually people aren't too heartbroken when you give them money, right? But some are like, no, it's okay. Some also, by the way, had some like one or two projects that we wanted to sponsor. They said,
25:24
we can't accept sponsorship in our country where we live because we have a tax problem when we just receive money, yeah? So that means there's some work to do, maybe for the governments, maybe for the providers of the sponsorship, GitHub, for example, or Open Collective.
25:42
Yeah, but so there are some roadblocks still, but for the main part it's going very well, I think. All right, so to wrap this up, here's just a little, if you want to find out more about our open source way at Mercedes-Benz, you can go to opensource.mercedes-benz.com
26:04
or Google it. This is our open source landing page. We just took it online a few months ago, so there's not that much content there yet. We're working on it, published some articles. You can see our own open source projects that we are publishing.
26:25
There aren't that many yet, just a few, but we're adding more and more as we go along, it's a start. You can read our Mercedes-Benz FOSS Manifesto that I think could be quite interesting for you. This is our commitment, basically, to be open, to be a completely
26:44
open source savvy company. And in the Manifesto, it has two parts. It has a company part and an employee part. The company part says, we as a company, we want to support open source, so we encourage all our employees, please become active members of open source. Contribute,
27:05
create, and use open source. Become members of a foundation. Go to a conference, give a talk, perhaps. Something like that. All on this open source landing page. If you like it, give us your feedback. If you don't like it, also give us your feedback.
27:23
I hope you find something useful there. All right, that's it. I would like to send you off encouraging you. Go to your companies and think about whether open source sponsorship would be something that you can do as well. I think it would drive forward open source as a
27:44
whole very much. So do it, okay? Thank you for listening and may there always be wind in your sails. I had to do a pirate reference. Yeah, something. Okay, thanks guys. Thank you very
28:04
much Wolfgang. So, oh, let's start here then. Thank you very much. This is really enlightening. I have two questions. One is, what was the process to decide, to convince your management to hand out money without any direct return of invest? And can you disclose the orders of
28:27
magnitude of sponsorship that you're doing? Like, you know, 10% of your revenue or whatever? It's more like 25. So first of all, how did we get this through? Well, the
28:43
opportunity rose up with GitHub sponsors. GitHub approached me and said, hey, we're doing GitHub sponsors program, blah, blah, blah. Would you like to be part of it? And I said, yes, great. And then I had the fortunate possibility to, with one step of indirection, talk to our CIO
29:02
at Mercedes-Benz and he said, wow, that's a great idea. Let's do it. Yeah, no return on investment is true, but he is very convinced that open source is the right thing to do. We have open source in our IT strategy, have had it for a few years now, four years or so, I think. And so he is convinced, you don't need to convince him
29:21
anymore that open source is a sensible thing and the way to go. So return on investment, thank God, I didn't have to present the case. Because actually, you can present this, you probably know this. There is a good return on investment in open source. Let me think, let me think. I forget the source, but somebody just recently mentioned
29:45
a research where it pays back twice. So there is a return, but okay, I had a short way to the CIO and he said, let's do it. And then that was it. Order of magnitude,
30:00
I don't want to disclose that information. You know why? Because we're just starting. So I think it's a nice sum, but somebody could say, oh, that's really nice Mercedes, but that's a nice sum. Good job Mercedes. And somebody else could say, that's 0. something percent of your revenues. You can do much more. Yes,
30:23
we can do much more for sure. So I don't want to either side really, that's why. I can tell you, as I said, membership in foundations is one way. That tends to be really expensive. You can look that up. Is it okay that I mentioned how much it is? So if you're a real strategic member of the Eclipse Foundation, that's 250,000 euros a year.
30:45
So for example, for sponsorship, we're below that still, we're working on it. So first off a plug, if you want to be a platinum sponsor for the Apache Software
31:02
Foundation, it's half of that. If you want to be a platinum sponsor for the Apache Software Foundation, it's like half of that. So putting that one aside, you mentioned Log4j and that you were sponsoring Log4j. Since that's an Apache project, I was curious how you went about doing
31:20
specifically Log4j. Oh, why we specifically did Log4j? How? How? Well, we found out who are the main... Log4j itself doesn't have a GitHub sponsors profile set up, but the three main developers have a sponsorship profile, and so we picked the three developers and picked them as
31:43
recipients of the sponsorships, Ralph and Gary and Matt. Okay, so if you wanted to do a targeted sponsorship for the Log4j project, that is also possible through Log4j. It is? Yes. Okay, good. Thanks for that. Thanks for that information. Thanks. I would have a follow-up question
32:05
to the targeted sponsorship, maybe it leads to this discussion, because I'm part of another Apache project and we got the targeted sponsorship, but we got the restriction to not spend it on development work, but just on infrastructure testing devices and stuff like this. So we found it really tricky to do something with the money. Okay, yeah, that can be. As I said,
32:27
we had like one project that said, sorry, I don't even know what to do with the money. And oh, and another one, they said, you know, I'm doing this, I work for an IT company and they're paying me for this, so I don't need sponsorship. Thanks. I have a bit of a different
32:42
question or base for another discussion, I mean the evening is long today, and do we have the danger of getting in a two-class open source society, where some projects are exposed enough? I mean, OpenSSL and Lock4J in the end might come out as winners in that sense,
33:04
that people know them now and may give them money for their work, but there are thousands of other people in Nebraska that thanklessly maintain other projects we rely on. And Oklahoma. Which leads to the follow-up question, we just had it in the discussion before, if we may need something like the GEMA, the Germans may know the GEMA,
33:25
well, GEMA is not directly associated with something sympathetic, but that's the way how musicians get money for the music that's played in the radio, because not everybody in the radio, or if you have a club or something, pays directly to the guy due to the situation that Wolfgang mentioned, but they just take money from everybody and some money they give back
33:43
to the artists, basically. And the other thing, I wonder, I had a discussion some weeks ago about how open source is some kind of culture, because all those, I would say, low impact open source projects were built upon, you could also see as like an effort for the society. So,
34:05
why isn't there a way to do a donation to them? And a donation is, for the company, it may make a pretty big difference, because donations are handled totally differently tax-wise, because the donation basically helps you in saving taxes. So, do we see,
34:21
probably it's also a question to you, I mean, do we get to the point that donations to open source projects may be seen as donations? Because this, yeah, I mean, with Apache, it is surely the case, as Apache is an NGO, and donation to Apache is totally, like, yeah, tax-free, because this would change, probably,
34:43
yeah, the way it is seen by Apache Big Enterprises. Yeah, that is true. Okay, so I guess that was actually three questions, Julian. That's good, that's fine, I hope I can remember them. Okay, first one is, are we going to see a two-class society? You know what, I don't know. I think it might happen, but, I mean, let's look at it. Only two percent of
35:07
all open source projects are actually called successful, or actually considered successful, so they will probably receive most of the donations, and out of those two percent,
35:20
probably the majority of donations will go to 0.5 percent. Yeah, so I think there is that danger, maybe it's an incentive for all the other open source projects that want to receive funding to just become better. Huh? Yeah, I don't know, but I see that danger,
35:45
but I don't want to actually keep that us from starting it anyway. If in five years, you know, all the big and the medium and small companies donate to open source, and then this is a problem, then we need to discuss and address that problem. Right now,
36:04
I would just hope that it will do something good. Then, schema, interesting idea, I don't know what to make of it, to be honest. It sounds sort of reasonable, because then maybe, you know, these open source projects that are the most successful will also receive the
36:23
chunk of the money. But then again, I think it goes a bit against open source idea, you know, because free and open source software, all of a sudden it's not free anymore, and I get to decide whether I want to pay for it or not, then I have to, then it's like, schema or even gate set is even worse, right? So I don't know, maybe not, right? And now the third question,
36:47
what was the third question? Oh yeah, exactly. That sounds like a great idea, because it would certainly cut down all of this process overhead, a lot of it anyway, and it would be more attractive for companies because they can deduct it from taxes probably,
37:04
right? That's fantastic. Microphone? Oh, Michael. I just want to say, I love this presentation. We went through the same process, working early
37:22
with GitHub sponsors to see how we could move some public money into open source projects, and we failed. I appreciate your persistence in moving it through, but the donations actually proved very, very challenging, because the donations have an extra accountability that comes
37:43
with how that money is spent, and we never could break that down to the individual level. An additional problem is that the due diligence required to be able to report on that leads to, in many organizations, a minimum donation size, whether that's $50,000 or $100,000
38:02
or $200,000, that became our problem. If we only wanted to move a little bit of money to a developer, that was the challenge. If I wanted to move $100,000, now it was worth the time to do the diligence, and that's a very interesting kind of twist on the problem.
38:21
We do need to solve this, because to me this is how we really are able to maintain software, because there are people willing to give money, there are organizations willing to give money, and there are public institutions willing to give money, but how do we get it to the right place when that increment is so small? Yeah, exactly. What do you do with a billion
38:41
dollars, right? By the way, the donation thing is probably a good idea, because it would make it easier, I think, the process side, because I have spoken to other big companies in Germany, and they said, you know what, we wanted to do open source sponsorship, but we failed,
39:03
we couldn't make it work with our processes, so we gave up. And that's very sad, right? I'm not going to disclose their names, but it was like, and they said, how did you do this? I was like, well, it took a lot of time, but in the end I hope it's worth it.
39:26
Keep that in mind then. Thanks, Michael. Have you discussed the risks that this could raise problems among the community? The risks this could raise, so that people say how my contributions are more valuable than your contribution, I should receive more money
39:41
than you? Money is not always a positive thing, right? Have you discussed this internally before you started the sponsorship? Not this particular, I mean, we have discussed risks, of course, right? Especially the risk of the money ending up in someplace where you don't want it to be, right? What I mentioned earlier with the sanctionless checks. Now this kind of
40:00
risk, again, it's something along the lines what Julian mentioned, it's possible that this happens if in a few years we see that this is a problem, we need to address it or maybe before it becomes a problem. But right now we just thought, okay, let's do it and hopefully achieve something good. Also with the dark places that you don't want the
40:27
money to end up and then your name is in the press, the same of course is true for GitHub and then Stripe is their payment provider as well. So they're doing these very same sanctionless checks as well on their site because they also have zero interest that their
40:44
name gets connected to a dubious payment somewhere, right? And we have to do it on top, it's like our Mercedes people said, yes we have to do it on top. Maybe we can trust GitHub in the future. Actually we have already started that we can rely because it's Stripe and GitHub.
41:08
Okay, thank you very much. Thank you guys. Thank you.