POPULARITY
6 episodes with dominic tarr
In this Supper Club episode of Syntax, Wes and Scott talk with Feross Aboukhadijeh about his work on Socket which helps to make sure the code you get from npm is safe and secure. They also touch on his work on Wormhole and Web Torrent. Show Notes 00:30 Welcome 00:57 Who is Feross Aboukhadijeh? 01:33 What is Socket? [Socket.dev](https://socket.dev dominictarr (Dominic Tarr) pull-stream/pull-stream: minimal streams 03:59 Introducing AI package summaries Example of the AI summaries Introducing AI Package Summaries 07:04 Is Socket's focus on visibility of a open source project? 10:01 What was the inspiration for Socket? Introducing “safe npm”, a Socket npm Wrapper - Socket 16:22 How does Socket detect possible security issues? Removed packages event-source-polyfill protestware attack john wick spam attack 18:55 How many projects are you injesting for Socket to scan? 26:00 What kinds of things are people trying to inject in code? CS253 Web Security 29:54 How do I hook Socket up to my project or GitHub? 32:08 Do we still need to use shrink wrap? 36:34 How did you implement the torrent spec in JavaScript for WebTorrent? WebTorrent Desktop WebTorrent FAQ 43:11 Why did you build Wormhole? Wormhole 47:33 How expensive is it to maintain Wormhole? Riverside.fm - Record Podcasts And Videos From Anywhere 50:37 What do you think of decentralized code repos? Radicle Project Fugu Fugu Tracker 54:29 Understanding passkeys 56:15 Supper Club questions GitHub Theme - Visual Studio Marketplace Web Serial API - Web APIs | MDN 01:03:04 Sick Picks Sick Picks Harry Potter audio books Shameless Plugs ChatGPT Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads
Guest Richard Littauer Panelist Karen Sandler Show Notes Hello and welcome to Sustain! In this episode, the tables are turned today as Karen Sandler takes over as host, interviewing our very own Richard Littauer. Recorded at the Free and Open Source Yearly conference, the discussion delves into Richard's evolving perspective on sustainability in open source projects. His experiences attending multiple conferences have led him to question the term ‘sustainability,' advocating instead for a shift towards values such as human rights, joy, and mitigating harm. Also, Richard and Karen explore the significance of user rights, copyleft licensing, and GPL, voicing concerns over the erosion of these rights. They end with a discussion on the systemic complexities in the open source world, the potential for a new community approach to sustainable code, and an emphasis on collective action and personal joy. Press download to hear more cool stuff! [00:00:58] Richard offers a detailed insight into his talk. He explains his perspective on sustainability, suggesting it may not be the most fitting term when applied to the open source community. He shares his experience attending multiple sustain conferences and how it shaped his views, and discusses sustainability for developers, touching upon burnout, recognition, and issues of dependency, supply chain, security, and legal issues. [00:03:31] He notes the wide range of topics covered in the Sustain podcasts, highlighting the complexity of sustainability. He questions the usefulness of the term ‘sustainability' and suggests we need to focus on what truly matters in life, such as human rights, mitigating harm, and seeking joy. [00:04:39] Karen reviews the flow of Richard's talk, and he summarizes his talk questioning the emphasis on sustainability and growth, recommending instead to focus on joy and relieving suffering. [00:05:55] Richard advocates for focusing on personal fulfillment and societal impact instead of simply growth and funding. He emphasizes that the ultimate goal should be about human rights, liberties, and happiness. [00:07:20] Karen wonders if Richard is going to rename the podcast. He maintains his support for open source but stresses the importance of focusing on impact and human values. He emphasizes the importance of considering one's own project in the larger context and evaluating its actual importance. [00:08:47] Richard discusses the importance of GPL for user protections and shares concerns about devices locking users out, he shares his changing stance towards GPL and the impact of his code. [00:09:36] Karen and Richard discuss the potential for a new community approach to sustainable code, and Richard suggests that sharing stories and rethinking relationships with technology is a way forward. [00:10:46] Karen asks Richard about his views on corporate power, and he explains how his view has evolved. [00:12:04] They discuss the systematic problems and individual roles within them. Richard explores the conundrum of trying to change a system from the inside or outside, and he prefers to use his knowledge and privilege to make an impact rather than disengage from the system. [00:13:41] Thinking back to all the conversations Richard's had about the sustain movement, he shares his favorite conversation with Dominic Tarr, who left coding to pursue personal joy. Karen emphasizes the need for collective action to address systemic problems. [00:16:01] Find out where you can follow Richard and his projects online. Links SustainOSS (https://sustainoss.org/) SustainOSS Twitter (https://twitter.com/SustainOSS?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) SustainOSS Discourse (https://discourse.sustainoss.org/) podcast@sustainoss.org (mailto:podcast@sustainoss.org) SustainOSS Mastodon (https://mastodon.social/tags/sustainoss) Open Collective-SustainOSS (Contribute) (https://opencollective.com/sustainoss) Richard Littauer Twitter (https://twitter.com/richlitt?lang=en) Richard Littauer Website (https://www.burntfen.com/2023-05-30/socials) Software Freedom Conservancy (https://sfconservancy.org/) Open OSS (https://openoss.sourceforge.net/) Dominic Tarr (YouTube) (https://www.youtube.com/channel/UCMSmy7qF24q4f_y6L86zNMA) Sustain Podcast-Episode 56: Dominic Tarr on Coding What You Want, Living On a Boat, and the Early Days of Node.js (https://podcast.sustainoss.org/guests/dominic) Credits Produced by Richard Littauer (https://www.burntfen.com/) Edited by Paul M. Bahr at Peachtree Sound (https://www.peachtreesound.com/) Show notes by DeAnn Bahr Peachtree Sound (https://www.peachtreesound.com/) Special Guest: Richard Littauer.
Guest Naytri Sramek Panelists Richard Littauer | Justin Dorfman Show Notes Hello and welcome to Sustain! The podcast where we talk about sustaining open source for the long haul. Today, we're super excited to have joining us as our guest, Naytri Sramek, who's the Senior Director of Strategy at GitHub. Have you heard of the GitHub Accelerator and M12 GitHub Fund? Well, this is a great day to be joining us because Naytri is here to talk about these programs that they've been launching to help support and sustain OSS over the long haul. Naytri shares GitHub's journey which began with the GitHub Sponsors launch in 2019, bringing on enterprise sponsors, and how it led into launching the GitHub Accelerator program and the M12 GitHub Fund. Go ahead and download this episode now to learn more. [00:01:23] Naytri reveals the two things they've been launching which are the GitHub Accelerator and the M12 GitHub Fund. She also tells us about bringing on enterprise sponsors since they've benefited from open source. [00:06:25] Peter Thomas, who worked at Intuit and is creator of Karate Labs, is brought up and Justin wonders if he's involved in this venture or if there are others. [00:09:37] A question comes up regarding if the growth of the projects has been tracked with the money that GitHub has given to developers, if they've been able to quit their jobs since the money was given to them, and if those projects have improved. [00:15:35] We hear the focus of the GitHub sponsors, the Accelerator, and the M12 Fund. [00:19:57] Justin brings up the difficult issue of how to deal with developers that build these critical pieces of software, but they don't want to deal with the responsibility and wonders how Naytri and her team deal with this issue. [00:23:18] There's a 10-week course for the accelerator program and we hear how it works, and if it will be available to everyone in the future on GitHub. [00:29:28] Naytri explains how the communities are being funded. [00:32:47] A point is brought up about how long can these strategies and programs live on so maintainers and open source developers can make a good living, and Naytri goes in depth about the need for more sources of funding and funding models. [00:36:34] Find out where you can learn more about the GitHub Accelerator and the M12 Fund. Quotes [00:17:40] “The M12 GitHub Fund is all about how we do invest in the tools that are built on GitHub's platform.” [00:24:33] “I want 20 people making $200,000 a year.” [00:24:58] “The GitHub Accelerator course itself will be open source.” [00:28:08] “As we've expanded the program into more countries, we've doubled the number of countries that sponsors cover right now.” [00:30:10] “Commits aren't universal. You shouldn't just be rewarded for the code.” [00:33:07] “The way we're thinking about the accelerator and the fund is we need so many more sources of funding and funding models to be able to support open source creators as well as communities.” Spotlight [00:37:44] Justin's spotlight is Jessica Lord, who's the GitHub Sponsors Product Lead. [00:38:14] Richard's spotlight is Bill Watterson, author of Calvin and Hobbes. [00:38:23] Naytri's spotlight is Mike Perham and a 10 year anniversary post he wrote to Sidekiq. Links SustainOSS (https://sustainoss.org/) SustainOSS Twitter (https://twitter.com/SustainOSS?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) SustainOSS Discourse (https://discourse.sustainoss.org/) podcast@sustainoss.org (mailto:podcast@sustainoss.org) Richard Littauer Twitter (https://twitter.com/richlitt?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) Justin Dorfman Twitter (https://twitter.com/jdorfman?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) Naytri Sramek LinkedIn (https://www.linkedin.com/in/naytri-sramek-a6872516?trk=people-guest_people_search-card) naytri@github.com (mailto:naytri@github.com) fund@github.com (mailto:fund@github.com) GitHub Accelerator (https://accelerator.github.com/) GitHub Blog- An open source economy-built by developers, for developers by Naytri Sramek (https://github.blog/2022-11-09-an-open-source-economy-built-by-developers-for-developers/) Sustain Podcast-Episode 56: Dominic Tarr on Coding What You Want, Living on A Boat, and the Early Days of Node.js (https://podcast.sustainoss.org/56) Karate Labs (https://www.karatelabs.io/) Hopscotch (https://www.gethopscotch.com/) Justin Dorfman Tweet: The hard decisions popular open source project maintainers need to make…daily. (https://twitter.com/jdorfman/status/1597991465673596935) Jessica Lord-GitHub (https://github.com/jlord) Bill Watterson-Wikipedia (https://en.wikipedia.org/wiki/Bill_Watterson) Happy 10th Birthday, Sidekiq! -by Mike Perham (https://www.mikeperham.com/2022/01/17/happy-10th-birthday-sidekiq/) Credits Produced by Richard Littauer (https://www.burntfen.com/) Edited by Paul M. Bahr at Peachtree Sound (https://www.peachtreesound.com/) Show notes by DeAnn Bahr Peachtree Sound (https://www.peachtreesound.com/) Special Guest: Naytri Sramek.
Guest Ashley Williams Panelists Richard Littauer | Justin Dorfman Show Notes Hello and welcome to Sustain! The podcast where we talk about sustaining open source for the long haul. We are super excited to have Ashley Williams joining us. Ashley is the Founder and CEO of Axo. She is also a former member of the Rust Core Team, founder of the Rust Foundation, and served as its first Executive Director. She was the leader of the Node.js Community Committee and founded the NodeTogether educational initiative. Today, Ashley shares her background with us from working at NPM, joining Mozilla, building the Rust Foundation, and she fills us in on Axo, which she explains is the tool company for tool companies. She also has some suggestions on how open source projects can get money to become successful in the long term. Go ahead and download this episode now to learn more! [00:01:41] Ashley explains what Axo does. [00:04:07] When Ashley moved from Node to Rust, she tells us what she took to the community there from the lessons she learned from Node, and how she wanted to build great communities in Rust. [00:09:35] We learn more about the process of building the Rust Foundation and why building it was necessary. [00:15:02] Justin wonders what it was that made the organizations calm again and why did they stick with Rust. [00:17:07] Ashley explains what the difference is for her and why one is better for open source software sustainability. [00:21:24] How do open source projects position themselves in the future to continue to have stake in their own governance and their own sustainability and where does Ashley think they should be investing their time? [00:23:28] We hear some tips from Ashley about the best way for a project to have a conversation with each other about setting goals and intentions for their project in a way that isn't alienating. [00:30:02] Ashley shares a little of her background with us after leaving NPM, joining Mozilla, and she tells us about a tool she built called, wasm-pack. [00:33:35] We find out where can you learn about Axo, get involved, and if it's open source. [00:35:15] Ashley shares some tips on what open source projects can do to get money to help themselves go forward and become financially viable in the long term. [00:40:11] Find out where you can follow Ashley on the web. Quotes [00:05:57] “I got super burned out of community work and Node and everyone kept throwing it in my face that I wasn't technical. If I wasn't so busy doing all this other stuff maybe I would commit some code.” [00:06:59] “When you build a community in reaction to something, when you stop reacting to that thing it's hard to figure out what you do next and how you grow it.” [00:10:18] “It's way worse to have a foundation too early than having a foundation too late.” [00:17:49] “I love to say ergonomics is eighty percent familiarity, and it appears to be true for organizations that are doing fundraising,” [00:18:31] “The goal of that Linux Foundation generation was to get corporations to use open source, which in a way is the opposite of making it sustainable because it adds an incredible burden.” [00:20:20] “I don't think charity is the same as sustainability.” [00:24:23] “Try and get people to itch the same way.” [00:24:42] “Having really strong communication brand and marketing helps drive that shared collective vision.” [00:24:50] “I think Rust had really fantastic marketing for a really long time and that helped drive the community to have as much of a shared vision as is possible in a group of software engineers.” [00:29:00] “I don't know if open source wants to be sustained.” [00:32:42] “Pay attention to the types of open source maintainers that are getting hired versus the ones that aren't, because there are some patterns that no one should be proud of.” [00:35:57] “Get a company that loves your project and then get them to hire you to work on it.” [00:39:49] “The era of open source we're in, there's need for more safeguards.” Spotlight [00:41:01] Justin's spotlight is axii.axo.dev. [00:41:34] Richard's spotlight is an animated Chobani yogurt commercial. [00:42:25] Ashley's spotlight is the Embroidery Trouble Shooting Guide. Links SustainOSS (https://sustainoss.org/) SustainOSS Twitter (https://twitter.com/SustainOSS?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) SustainOSS Discourse (https://discourse.sustainoss.org/) podcast@sustainoss.org (mailto:podcast@sustainoss.org) Richard Littauer Twitter (https://twitter.com/richlitt?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) Justin Dorfman Twitter (https://twitter.com/jdorfman?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) Ashley Williams Twitter (https://twitter.com/ag_dubs) Ashley Williams LinkedIn (https://www.linkedin.com/in/ashleygwilliams) Axo (https://www.axo.dev/) Axo Twitter (https://twitter.com/axodotdev?lang=en) Sustain Podcast-Episode 135: Tracy Hinds on Node.js's CommComm and PMs in Open Source (https://podcast.sustainoss.org/135) Sustain Podcast-Episodes featuring guest Ewa Jodlowska (https://podcast.sustainoss.org/guests/ewa-jodlowska) Sustain Podcast-Episode featuring guest Deb Nicholson (https://podcast.sustainoss.org/guests/debofthenorth) Sustain Podcast-Episode featuring guest Karen Sandler (https://podcast.sustainoss.org/guests/karen-sandler) Sustain Podcast-Episode 56-Dominic Tarr on Coding What You Want, Living On A Boat, and the Early Days of Node.js (https://podcast.sustainoss.org/56) Sustain Open Source Design Podcast (https://sosdesign.sustainoss.org/) Sustain Podcast-Episodes featuring guest Mike McQuaid (https://podcast.sustainoss.org/guests/mcquaid) axii.axo (https://axii.axo.dev/) Eat today, feed tomorrow-Chobani commercial (YouTube) (https://www.youtube.com/watch?v=MS-sJQkr0H4) Embroidery Trouble Shooting Guide (https://web.archive.org/web/20140310190221/http:/www.sewingandembroiderywarehouse.com/embtrb.htm) Credits Produced by Richard Littauer (https://www.burntfen.com/) Edited by Paul M. Bahr at Peachtree Sound (https://www.peachtreesound.com/) Show notes by DeAnn Bahr Peachtree Sound (https://www.peachtreesound.com/) Special Guest: Ashley Williams.
The world's richest person put US$44 billion to make Twitter his personal property. Social media pioneer Evan Henshaw-Plath - who co-founded Twitter's forerunner Odeo - is now here in New Zealand trying to break down the big social platforms. But if they are worth billions of dollars because they have billions of users - isn't a bit late for that?
The world's richest person put US$44 billion to make Twitter his personal property. Social media pioneer Evan Henshaw-Plath - who co-founded Twitter's forerunner Odeo - is now here in New Zealand trying to break down the big social platforms. But if they are worth billions of dollars because they have billions of users - isn't a bit late for that?
Guest Ele Diakomichalis Panelists Richard Littauer | Eric Berry | Pia Mancini Show Notes Hello and welcome to Sustain! The podcast where we talk about sustaining open source for the long haul. We are very excited to have as our guest today, Ele Diakomichalis, who is one of the Co-Founders and one of the core contributors to Radicle. What is Radicle? It's a decentralized stack for code collaboration that enables developers to collaborate on code, govern code, and fund code in a decentralized way. Ele fills us in more about Radicle, how many people are on the team, how many people use it, the financial commitment to using Radicle, and he explains the three layers to the Radicle stack. Also, we find out Ele's pipe dream for long-term usage of Radicle and his thoughts on how he thinks he can change the coding space for JavaScript and Ruby coders, and people who want to make open source better. Go ahead and download this episode now to find out more about how to get involved in Radicle! [00:01:28] Ele fills us in on what Radicle is and why it's so awesome. Also, we learn how Radicle is different than using GitHub and then paying people through Open Collective using Ethereum. [00:08:39] We learn more about the financial commitment that somebody using Radicle might be obligated to or not obligated to. [00:15:29] Richard wonders what the current scope of Radicle is, how many people use it, and how big the team is. [00:18:09] What is Ele's pipe dream for long-term usage of Radicle for the average contributor who doesn't want anything to do with P2P or Crypto, and how does he think he can change the coding space for JavaScript coders, Ruby coders, or people who are interested in just making open source better and working on stuff? [00:22:42] The topic of finding a path for open source creators to capture more value out of their creations through a coin or token is brought up by Pia and she wonders how that's looking now for Ele with Radicle, as well as challenges of paying or getting paid for value creation in open source. [00:32:12] If you want to get involved in Radicle find out where you can go. [00:33:25] Find out where you can follow Ele online. Quotes [00:06:25] “One of the things that we actually do with Radicle is actually leveraging Ethereum for code governance.” [00:13:28] “The last thing is basically what we call Radicle Funding, and this is basically our contribution to the open sustainability problem where you, as a maintainer, you can actually raise funds from your supporters, either as donations or in exchange for something within your community.” [00:19:17] “The second thing that it's more of a dream or a hope, but I really feel that what we're doing with Radicle works is introducing a non-hierarchical model for collaboration.” [00:19:57] “We really hope that we're going to see a lot of these developers actually realizing that if we can also coordinate in a non-hierarchical way and sometimes this actually looks more beautiful.” [00:30:56] “Because we think that we need to create new cultural norms. We want to make this a norm that every time that you get paid, more developers get paid and try to create this more cyclical, regenerative, someone would say, open source economy.” Spotlight [00:34:31] Eric's spotlights are iPad mini 6, Gitcoin and Kevin Owocki, and the immense value that Richard Littauer provides to the community, as well as his videos to check out on YouTube called, “Francis Bacon and Eggs.” [00:36:09] Pia's spotlight is the Lex Fridman Podcast. [00:36:50] Richard's spotlight is Nassar Hayat. [00:37:29] Ele's spotlights are Abbey Titcomb, Nassar Hayat, IPFS, SSB, and other decentralized workers. Links SustainOSS (https://sustainoss.org/) SustainOSS Twitter (https://twitter.com/SustainOSS?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) SustainOSS Discourse (https://discourse.sustainoss.org/) Eleftherios Diakomichalis Twitter (https://twitter.com/lftherios?lang=en) Eleftherios Diakomichalis Linkedin (https://de.linkedin.com/in/eleftheriosd) Elefttherios Diakomichalis Website (http://eleftherios.io/) Radicle (https://radicle.xyz/) Radicle Community (https://radicle.xyz/community.html) iPad mini (https://www.apple.com/shop/buy-ipad/ipad-mini) Kevin Owocki Twitter (https://twitter.com/owocki?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) Francis Bacon and Eggs-Richard Littauer (YouTube) (https://www.youtube.com/playlist?list=PLYqf3zgG7JNPtk2z5Hnyh4-xEhLBkRfIG) Lex Fridman Podcast (https://lexfridman.com/podcast/) Nassar Hayat Twitter (https://twitter.com/nassarhayat/) Abbey Titcomb Twitter (https://twitter.com/abbey_titcomb) IPFS (https://ipfs.io/) Sustain Podcast- Episode 57-Mikeal Rogers on Building Communities, the Early Days of Node.js, and How to Stay a Coder for Life (https://podcast.sustainoss.org/guests/mikeal) Sustain Podcast- Episode 56-Dominic Tarr on Coding What You Want, Living On A Boat, and the Early Days of Node.js (https://podcast.sustainoss.org/guests/dominic) Sustain Podcast- Episode 68- Kevin Owocki-Introducing FundOSS.org: A new way of funding open source, by Gitcoin x Sustain (https://podcast.sustainoss.org/guests/kevin-owocki) Sustain Podcast- Episode 50- Kevin Owocki- Gitcoin, Quadratic Funding, and how Crypto can sustain Open Source (https://podcast.sustainoss.org/guests/kevin-owocki) Sustain Podcast- Episode 14-Kevin Owocki- Funding Open Source With Gitcoin (https://podcast.sustainoss.org/guests/kevin-owocki) Credits Produced by Richard Littauer (https://www.burntfen.com/) Edited by Paul M. Bahr at Peachtree Sound (https://www.peachtreesound.com/) Show notes by DeAnn Bahr Peachtree Sound (https://www.peachtreesound.com/) Special Guest: Ele Diakomichalis.
Guest Leslie Hawthorn Panelists Allen "Gunner" Gunn | Eric Berry | Eriol Fox | Richard Littauer Show Notes Hello and welcome to Sustain! The podcast where we talk about sustaining open source for the long haul. We have an excellent guest on today and she is here to talk about real stuff! Our guest is Leslie Hawthorn, who is the Manager for the Vertical Community Strategy in Red Hat's Open Source Programs Office in the Office of the CTO. She has spent her career creating, cultivating, and enabling open source communities and we are so fortunate to have her with us today to speak her eloquent words of wisdom. We learn more about what Leslie does in her position, the Open Source Program Office and how she sees it growing and changing, and a deep conversation of European digital sovereignty and how it is both a threat and opportunity for open source and open standards. Also, Leslie keeps it real and shares awesome advice on what it takes to be the best kind of corporate open source program officer. Go ahead and download this episode now to learn much more! [00:02:37] We learn what Leslie she does in her position. [00:05:13] Richard is curious about what Leslie thinks about the OSPO concept in general and how does she see it growing and changing in the past five years. [00:07:43] Leslie talks about digital sovereignty and the movement towards open source program offices focusing on that. [00:13:13] Eriol brings up a design phrase “human-centered” and asks Leslie to talk more about examples she has seen where humans, users, and citizens have been centered at the creation of various open source software projects. Leslie mentions a really great panel discussion to check out with Claudia Barrosa and Pia Karter where they talked about Open Source and Open Standards, Supporting European Innovation. [00:18:21] Leslie tells us what made her move to Germany and how that's reflected in the work she's doing at Red Hat. [00:23:16] Richard wonders why Leslie feels that the OSPO at Red Hat is the place where you can affect the most change, how is she doing ecosystem level change in her current position, and where does she think it will lead her over the next few years. [00:27:42] Gunner is curious to know if Leslie has a taxonomy of how she thinks about different types of open source program offices and their motivations or contributions to open source communities, and any guiding principles that she thinks any accountable open source program office or officer might want to be following or guided by. [00:33:02] Find out where you can follow Leslie online. Quotes [00:02:49] “And when we think about traditional community management, quote on quote, there's typically a community focused human who is looking at the universe from the perspective of, how does my singular community engage with other entities?” [00:07:45] “Those who are not familiar with this concept of digital sovereignty, just the really quick rundown is this idea that folks in Europe are, I would say for some good reasons and for some bad reasons, deeply concerned about making sure that there is control of IT infrastructure and data and everything associated with just having a technological life, which turns out is now true of every citizen.” [00:08:14] “And there is, I will say, especially given my past employer, there is legitimate concern for what does it mean if your IT infrastructure is outsourced to someone far, far away from you who is not necessarily beholden to the same laws or to the same values system of the place in which you reside.” [00:09:31] “Pia Karger, who is the head of the Open Source Program Office in Germany, you know, pointed out that one of the reasons why there was this change in the name of the office that she shares was because this notion of digital sovereignty and being, let's create open source that is exclusively to be contributed to by Europeans, that is explicitly to be used by Europeans, was not in keeping with the value system that folks in her office wanted to enact nor with Germany in general.” [00:10:04] “So instead, you know, she pointed out digital sovereignty is not about excluding people from contribution or excluding people from participation, it's about ensuring that that there is freedom of choice.” [00:10:22] “You don't want to do any single sourcing of any particular vendor or any particular, you know, one place where you're going to get all your technology if you're any organization.” [00:11:10] “The ability to collaborate amongst one another and share best practices, and this moniker of the OSPO is this critical anchor because turns out, if you described your work using common language, it's very easy for folks to connect to one another and be able to do that knowledge sharing and best practice and collaboration because they can actually find each other.” [00:11:43] “Yes, OSPO is a locus of collaboration, my friends.” [00:14:45] “And then not only did she take us through their entire evolution, but then pointed out the different ways in which their agency also accounted for the fact that this digital first future that they were envisioning was going to leave a lot of citizens behind.” [00:15:50] “If you do not talk to your actual users, you have absolutely no idea what they need and whatever you produce is going to not actually meet the needs of anyone.” [00:29:38] “And I think that my charge to folks who are working in open source offices is to think back to the words that Richard said earlier, projects come and go, your employer is going to come and go.” [00:30:11] “And, if you're going to be looking at your investment strategy as a corporate open source officer, don't just be looking at whether or not you think that your open source strategy is going to provide you with developer acquisition that's going to provide you with specific ROI, or allow you to hit some vague milestone.” [00:31:47] “And that's the kind of corporate open source program officer that you want to be. You want to be somebody that is genuinely respected because you show genuine respect for other people regardless of what the dollar Euro pound won value is that interaction.” Spotlight [00:34:52] Richard's spotlight is the legendary, Cat Allman at Google. [00:35:10] Eric's spotlight is a show he highly recommends called, Ted Lasso. [00:35:36] Eriol's spotlight is a project she's been following by Daniel Burka called, Resolve to Save Lives, on GitHub. [00:36:04] Gunner's spotlight is a community he's been working with called, Gathering for Open Science Hardware. [00:36:45] Leslie's spotlight is a project in Sweden called “Smarta Byar.” Links SustainOSS (https://sustainoss.org/) SustainOSS Twitter (https://twitter.com/SustainOSS?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) SustainOSS Discourse (https://discourse.sustainoss.org/) Leslie Hawthorn Twitter (https://twitter.com/lhawthorn?lang=en) Leslie Hawthorn Linkedin (https://www.linkedin.com/in/lesliehawthorn/) Cat Allman Twitter (https://twitter.com/catallman?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) Ted Lasso (https://tv.apple.com/show/umc.cmc.vtoh0mn0xn7t3c643xqonfzy?ign-itscg=MC_20000&ign-itsct=atvp_brand_omd&mttn3pid=Google%20AdWords&mttnagencyid=a5e&mttncc=US&mttnsiteid=143238&mttnsubad=OUS2019863_1-535101970956-c&mttnsubkw=106182847425__rdMG7cVq_&mttnsubplmnt=) Resolve to Save Lives-Health Icons (https://github.com/resolvetosavelives/healthicons) Gathering for Open Science Hardware (https://openhardware.science/) Smarta Byar (https://veberod.nu/category/smarta-byar/) Panel discussion: Open Source and Open Standards, Supporting European Innovation OSL2021 (featuring Cláudia Barroso and Pia Karger) (https://www.youtube.com/watch?v=IHzVsEAxpnA&t=6s) Sustain Podcast-Episode 49-What OpenUK Does with Amanda Brock & Andrew Katz (https://podcast.sustainoss.org/49) Sustain Podcast-Episode 56-Dominic Tarr on Coding What You Want, Living On A Boat, and the Early Days of Node.js (https://podcast.sustainoss.org/56) Sustain Podcast-Episode 82-Steve Helvie and the Open Compute Project (https://podcast.sustainoss.org/82) Credits Produced by Richard Littauer (https://www.burntfen.com/) Edited by Paul M. Bahr at Peachtree Sound (https://www.peachtreesound.com/) Show notes by DeAnn Bahr at Peachtree Sound (https://www.peachtreesound.com/) Special Guest: Leslie Hawthorn.
Panelists Allen "Gunner" Gunn | Eric Berry | Justin Dorfman | Richard Littauer Guest Dominic Tarr Show Notes Hello and welcome to Sustain! Our special guest today is Dominic Tarr, an open source sailor hacker person, calling from his boat in New Zealand. He’s been instrumental in the early JavaScript scene. Dominic tells us how he got into open source, coding, and how he got involved in JavaScript and Event Stream. We will also learn what Dominic is doing now and how does he envision open source going forward. How does Dominic fund his life living on a boat? Download this episode now to find out! [00:01:35] Dominic tells us how he got into open source, how he got into coding, how he ended up where he is today, and how he got involved in JavaScript. [00:06:45] Richard informs us that Dominic was in a group of influential people in Node JS who made a bunch of modules, one of them being Event Stream, which is Dominic’s. He also tells how many modules he’s written for NPM. Dominic also talks about how he initially dealt with the “fixing the bug” issues, since he was making these modules in his spare time and coding for fun. [00:10:00] Justin wants to know how Dominic got 700 modules and how did he manage it for as long as he did. [00:12:02] Richard wonders what Dominic is doing now and how does he envision open source or JavaScript going forward if it’s not fun to work on. [00:14:07] Eric wants to know if Dominic has any reflections or thoughts around the shift in the overall view of NPM over the years. [00:20:19] Richard wonders how Dominic’s funds his life because he lives on a boat. [00:24:55] Where can you find Dominic on the internet? Find out here. Spotlight [00:25:16] Eric’s spotlight is called Mind Stream. [00:25:47] Justin’s spotlight is EthGasStatio.info. [00:26:15] Gunner’s spotlight is signal desktop. [00:26:48] Richard’s spotlights are Scuttlebutt and Patchwork. [00:27:11] Dominic’s spotlight is the Project Gemini. Quotes [00:11:13] “We had this one SquatConf where we just had our own conference, and we kind of timed it with some other, like more boring conference that would fly people in and then we would be like, okay, now we’re all in this place and let’s just have our own thing.” [00:14:17] “So, for a long time, I guess before it became a corporation, I believe incorporated, before that it was very much open to everybody contribute and then it became a business, which obviously there’s good reason for it to become a business.” [00:23:13] “I’m not a terribly big fan of schemes to pay open source developers, especially the ones that are like based on some kind of charity thing. Either they’re like straight forward charity things like Gratipay, then you never got very much money or you have strings attached or something.” Links Dominic Tarr Twitter (https://twitter.com/dominictarr?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) NPM (https://www.npmjs.com/) Mindstream (https://www.mindstreaminteractive.com/) EthGasStation (https://ethgasstation.info/) Signal (https://signal.org/en/) Scuttlebutt (https://scuttlebutt.nz/) Patchwork (https://www.electronjs.org/apps/patchwork) Project Gemini (https://gemini.circumlunar.space/) Credits Produced by Richard Littauer (https://www.burntfen.com/) Edited by Paul M. Bahr at Peachtree Sound (https://www.peachtreesound.com/) Show notes by DeAnn Bahr at Peachtree Sound (https://www.peachtreesound.com/) Special Guest: Dominic Tarr.
In this week’s episode, we meet with Dominic Tarr (https://dominictarr.com/), a protocol designer and security auditor at Least Authority (https://leastauthority.com/) who works on Scuttlebutt (https://www.scuttlebutt.nz/) - a decentralized secure gossip platform. We discuss P2P messaging and the challenges of sending messages within a p2p network in a truly decentralised manner. Here are some links we mention: https://github.com/ssbc/ssb-server https://www.allthingsdistributed.com/files/amazon-dynamo-sosp2007.pdf For more on Scuttlebutt, please have a look at these resources. https://www.scuttlebutt.nz/ For more on Dominic, check out this article in the Atlantic - https://www.theatlantic.com/technology/archive/2017/05/meet-the-counterantidisintermediationists/527553/ If you like what we do: Follow us on Twitter - @zeroknowledgefm (https://twitter.com/zeroknowledgefm) Join us on Telegram - https://t.me/joinchat/B_81tQ57-ThZg8yOSx5gjA Support our Gitcoin Grant - https://gitcoin.co/grants/38/zero-knowledge-podcast Support us on Patreon - https://www.patreon.com/zeroknowledge Or directly here: ETH: 0xC0FFEE1B5083230a5154F55f253B6b6ae8F29B1a BTC: 1cafekGa3podM4fBxPSQc6RCEXQNTK8Zz ZEC: t1R2bujRF3Hzte9ALHpMJvY8t5kb9ut9SpQ
Epicenter - Learn about Blockchain, Ethereum, Bitcoin and Distributed Technologies
We’re joined by Dominic Tarr, a sailor, and the Founder of Secure Scuttlebutt. This curiously named project has a fascinating approach to creating a truly distributed social network. One might even say that Secure Scuttlebutt is “localized” as it gracefully degrades to Sneakernet, something few blockchain projects can claim. In actuality, the SSB protocol isn’t a blockchain in the traditional sense – each user’s feed acts as a sort of localized chain of posts, signed by their public key, and possibly encrypted for a friend's key to decrypt. When users meet, the system syncs their local databases using a gossip protocol and replicates the data. Encrypted data is transported from peer, to peer, to peer (or friends of friends) until it reaches its intended recipient. User may also optionally rely on public servers to sync data over the internet. Topics covered in this episode: Daniels background and life living on a boat off the coast of New Zealand How being at sea gave him the idea for Secure Scuttlebutt What is Secure Scuttlebutt and what are the goals of the project The issues with centralization and redefining decentralization as a positive statement The notion that the technological singularity only serves the goals of centralized power How SSB stores information and how posts get propagates from between friends, and friends of friends How the network leverages “Pub” servers to sync data over the internet Usage of the platform and the communities which thrive there The cost of spam and how users protect against DDoS attacks The project’s funding and roadmap Episode links: Secure Scuttlebutt website Scuttlebutt Protocol Guide Manyverse mobile client Designing a Secret Handshake: AuthenticatedKey Exchange as a Capability System EfficientReconciliationandFlow ControlforAnti-Entropy Protocols Scuttlebutt: an off-grid P2P social network that runs without servers and can fall back to sneakernet The Nomad Who’s Exploding the Internet Into Pieces Counter-Anti-Disintermediation “The Third Web” interview with Dominic Tarr Dominic Tarr on Twitter Sponsors: Trail of Bits: Trust the team at the forefront of blockchain security research - https://trailofbits.com Azure: Deploy enterprise-ready consortium blockchain networks that scale in just a few clicks - http://aka.ms/epicenter This episode is hosted by Sebastien Couture & Friederike Ernst. Show notes and listening options: epicenter.tv/290
Adam and Jerod talk with Dominic Tarr, creator of event-stream, the IO library that made recent news as the latest malicious package in the npm registry. event-stream was turned malware, designed to target a very specific development environment and harvest account details and private keys from Bitcoin accounts. They talk through Dominic’s backstory as a prolific contributor to open source, his stance on this package, his work in open source, the sequence of events around the hack, how we can and should handle maintainer-ship of open source infrastructure over the full life-cycle of the code’s usefulness, and what some best practices are for moving forward from this kind of attack.
This episode is all about attack vectors in crypto. We look at a 51% attack on Vertcoin, and how ASIC resistance is turning out to be a massive security bug, not a feature. We also look at Ethereum Classic and a social engineering attack on the ETCDEV team. Finally, we discuss the event-stream attack which robbed crypto wallets that used that npm library, and what that means for open source governance. Topics: ASIC resistance is a massive security bug, not a feature What ASIC resistance is Vertcoin is currently being 51% attacked What NiceHash is ETCDEV shutdown What ETC is Who ETCDEV is Event-stream situation Links: Vertcoin - MIT Digital Currency Initiative - https://dci.mit.edu/video-gallery/?tag=vertcoin About NiceHash - https://www.nicehash.com/about About Crypto51 - https://www.crypto51.app/about.html Vertcoin is currently being 51% attacked - https://medium.com/coinmonks/vertcoin-vtc-is-currently-being-51-attacked-53ab633c08a4 On Dec 3, Igor put out the following statement - https://twitter.com/etcdev/status/1069625401515872256/photo/1?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1069625401515872256&ref_url=https%3A%2F%2Fwww.newsbtc.com%2F2018%2F12%2F04%2Fcrypto-bear-market-strikes-ethereum-classic-etc-development-group-folds%2F Event-stream situation Synopsis: - https://github.com/dominictarr/event-stream/issues/116#issuecomment-441759047 - https://github.com/dominictarr/event-stream/issues/116#issuecomment-441749105 Dominic Tarr’s response: - https://gist.github.com/dominictarr/9fd9c1024c94592bc7268d36b8d83b3a Kate Sills - https://twitter.com/kate_sills/status/1067202990690291712
Adam and Jerod talk with Dominic Tarr, creator of event-stream, the IO library that made recent news as the latest malicious package in the npm registry. event-stream was turned malware, designed to target a very specific development environment and harvest account details and private keys from Bitcoin accounts. They talk through Dominic’s backstory as a prolific contributor to open source, his stance on this package, his work in open source, the sequence of events around the hack, how we can and should handle maintainer-ship of open source infrastructure over the full life-cycle of the code’s usefulness, and what some best practices are for moving forward from this kind of attack.
Dominic Tarr is a hacker who resides on a sailboat, usually found in New Zealand's beautiful Hauraki Gulf. In recent years he has risen to fame as the creator of the Secure Scuttlebutt protocol, Scuttlebutt for short. Scuttlebutt is comprised of a standardized message format and a subjective append only log stored locally by users. The first application has been a multi-client decentralized social media platform that is an absolute joy to use, and I encourage everyone to download my favourite desktop client, Patchwork, or Manyverse for Android. As an autonomous software system, like Bitcoin, Scuttlebutt rewards the provisioning of resources to support the network, only rather than a point system and money myth, Scuttlebutt offers something far more valuable, conversation. This mostly covers the origin of the protocol but I will definitely conduct more interviews with Dom and others close to the project, which is today one of the most impressive, and well used decentralized applications in existence. Visit scuttlebutt.nz for more information, https://twitter.com/thethirdweb @ecfGe81VMJ3iko5++/KfD51omfNtLSd50nS1omUyj/Y=.ed25519 History of Secure Scuttlebutt The name is coincidental. It comes from an old amazon paper describing a subsystem of the amazon dynamo database that used a gossip protocol. Gossip protocols are robust because, like human gossip, messages can be passed through third parties ensuring that if a network is disrupted communication can still take place. However as the message is passed from party to party there is the opportunity to manipulate its contents. This is easily countered using cryptography What is secure scuttlebutt? Came from looking at the problem of getting two databases to store the same information. Dom was looking at building something like IPFS he called Cyphernet Cyberspace is the space made by signals, cypherspace is the space made by algorithms Hyperlinks tell you where to go to find a piece of information, a hash is the primary identifier in cypherspace. The hash tells you what the thing is once you have found it but not where to find it. With hyperlinks the server can give you anything. With a hash you always know you have the right thing but another system is required to help you find the thing. Dom found that in private software development there was an incentive to make poor software because that results in more billable hours for the service industry This is because software contains a power structure encoded in it Today we live in an age of digital feudalism From reading the Dynamo paper and learning node.js dominic became recognised as a distributed systems expert. This was the toolkit needed for the data replication he imagined. After presenting at a javascript meetup people responded well He got a job at a company, nearform, to build a distributed database. Through this project the idea for secure scuttlebut emerfged and dom gained the skills he needed to build it Disappointment with blockchain There is so much potential in cypherlinks - hashes and signatures - an opportunity to create a “third web” In the early days of the internet everything worked so well just being free, why would you make everything cost money? Insisting on strict ordering makes it really hard to “get life done” Additional third web projects IPFS Dapp Git Gun Swarm SSB Maidsafe
This episode is about Secure Scuttlebutt - a database of unforgeable append-only feeds, optimized for efficient replication for peer to peer protocols. Scuttlebutt in slang usage means rumor or gossip, deriving from the nautical term for the cask used to serve water (or, later, a water fountain) https://en.wikipedia.org/wiki/Scuttlebutt A gossip protocol is a style of computer-to-computer communication protocol inspired by the form of gossip seen in social networks https://en.wikipedia.org/wiki/Gossip_protocol History of Scuttlebutt with Dominic Tarr https://www.gwenbell.com/dt-interview/ Dominic Tarr http://dominictarr.com/ Twitter @dominictarr Secure Scuttlebutt consortium https://github.com/ssbc Peer-to-peer audio publishing and streaming application. Like SoundCloud but decentralized. A mashup of ssb, webtorrent and electron http://ferment.audio Decentralised git git-ssb https://github.com/clehner/git-ssb
© 2020-2025 Ivy Podcast Discovery LLC
