FLOSS Weekly 697 Transcript
Doc Searls (00:00:00):
This is FLOSS Weekly. I'm Doc Searls this week, Simon FIPs. And I are talking with Brian Bell. Endorf who's the primary author of Apache, which is serving most of your websites that you're looking at right now. And so much more. He is head of long and illustrious career for somebody who's still remarkably young. Um, right now working for the Linux foundation on open SSF. Um, he's worked with the world economic forum. Uh, we just met a Dewe camp, had a good time. There he's a DJ among other things. Uh, he's forgotten more about more topics than anybody else I know. And he says a lot in this show, which is coming up next
Announcer (00:00:43):
Podcasts you love from people you trust. This is TWIT.
Doc Searls (00:00:51):
This is FLOSS Weekly episode 697 recorded Wednesday, September 7th, 2022. The life of Brian, this episode of FLOSS Weekly is brought to you by I R L an original podcast from Mozilla. IRL is a show for people who build AI and people who develop tech policies hosted by Bridget Todd. This season of I R L looks at AI in real life search for IRL in your podcast player and by compiler and original podcast from red hat, discussing tech topics, big, small, and strange listen to compiler on apple podcasts or anywhere you listen to podcasts. And by new Relic use the data platform made for the curious, right now you can get access to the whole new Relic platform and 100 gigabytes of data per month. Free forever. No credit card required. Sign up at new relic.com/floss. Good morning. Good evening. Good. Whatever it is, wherever you are. I am Doc Searls, and this is FLOSS Weekly. I've joined this week from not quite the other side of the world, but another part of it by Simon Phipps. How are you Simon? There he is.
Simon Phipps (00:02:11):
I'm a universal way here, doc. I, I can hear you. You've got the sound of parakeets and I can hear there's probably grass skirting, hula dancers next to you. And I'm here. I've just been checking the sandbags outside my office because we're expecting a flood. And, and I haven't seen the cat for some time. Cause I think she was washed away in the rain earlier.
Doc Searls (00:02:30):
We, we, we expect fire here. <laugh> this is California, right? <laugh> next week back here. Yeah. You keep on fire. And this, this is actually in front of my house instead of Barbara. Um, my it's been wickedly hot here and, uh, hotter for a guest than it has been for me, but it, uh, we have no air conditioning because we share with Northern Europe and perhaps the UK as well, this myth that it never gets hot. You don't need air conditioning. <laugh> and so, and so we is S sweltering. My, my office is, is 106 degrees, which is what, 40 Celsius or something like that. Mm 40 something it's up there, high thirties or 40, maybe not sure. So you're doing good. You're looking good.
Simon Phipps (00:03:12):
Well, thank you. Yes, I it's. Life is busy. I've got, I'm looking after my, my, uh, my elders. Uh, my son just had twins or his, his wife didn't oh, wow. He, he
Doc Searls (00:03:23):
Helped somehow.
Simon Phipps (00:03:24):
And, uh, you
Doc Searls (00:03:26):
Was really busy. Yeah,
Simon Phipps (00:03:27):
They could. No, no, my daughter-in-law definitely had both of them.
Doc Searls (00:03:31):
She's
Simon Phipps (00:03:32):
She remembers it. Well,
Doc Searls (00:03:34):
Well, that's, that's increasing as my uncle who had five sons who all had a lot of kids called them all reinforcement <laugh> coming in <laugh> so, so our guest this morning, it is very special. Um, uh, is Brian Behlendorf who both of us have known for a very long time, I think. Um, yeah. Yeah. Tell us a little bit about your back background with, I just, I know Brian from covering him as a journalist, but you were,
Simon Phipps (00:04:02):
I mean, Brian, Brian is one of the people who I think you could credit as being, uh, the originators of the popularity of the web because of, uh, APA web server. Yeah. Uh, he's also a, a wonderfully human person who loves the right sort of music and enjoys dancing to it. Uh he's he's, he's also one of the people who helped start OSI, where I spent a decade, uh, trying to, uh, help it survive. Um, and he's also, uh, been a, a charming friend to me and to all of my friends for the twenties or so years that I've known him. So yeah, he's a very special person.
Doc Searls (00:04:39):
So I, I would've, I would get into it as fast as I can. So I'm going to, I'm gonna go ahead and give the, the basic introduction because, um, uh, uh, there's so much that Brian's done, but right now he's the general manager of the open source security foundation, which is an initiative. They call it hosted by the Linox foundation, which has lots of these things, which the last time I talked to their people about it, they called umbrellas and other stuff, but they, they, uh, it's a foundation hosting foundations. Um, he also serves on and he is been with another one with Hyperledger. Um, also serves at the board of directions of the FF Illa, the file coin foundation, which is a foundation that both of us were hanging out with last last week, uh, for the decentralized web, uh, <laugh> most famously, uh, as you were putting it.
Doc Searls (00:05:26):
I mean, one of the reasons that we have the web that we have is his work with the Apache, with the Apache web server way back when, um, as an even younger man, as he, then he still is, uh, co-founder of the Apache found software foundation bootstrap, one of the first web consultancies and another company called GitHub, but three generations too early <laugh> and also advised the white house during the Obama years. Uh, he was a CTO for the world economic forum, the we, um, and he said a Bernie man's first web presence. Um, so here he said, bring him on, hi, Brian, Brian, tell me Simon, did you get a laugh out out of, um, Simon just saying that you played music, people could dance to because, well,
Brian Behlendorf (00:06:14):
I think you said I enjoy it, the same music, uh, that he does the right kind of music and, and music. You can the right. I do DJ, but I am not quite the best at the whole beat matching thing. I try, you know, it was easier when it was vinyl. Now that it's all digital, it's harder to get a handle on, but, um, I still play music for friends. I actually did at the DWE camp that we were both at, uh, a week and a half ago. And that's, that's still really fun sharing, good music weirdo and stuff made by predominantly electronic stuff. Right. But, but made by yeah. Uh, really into it for the fun of it.
Doc Searls (00:06:45):
I was, I was laughing myself anyway because, um, the, I mean, your music is, is very moody, very electronic. Uh, uh, and, and this is at de WebCamp, which is under the redwoods, um, in, in far Northern California. And, um, and, and <laugh>, it was, it was kind of music you could, you could stand and zone out to. I thought more than <laugh> more than dance to, that's not a knock. I thought I lo I loved it. It was enjoying it.
Brian Behlendorf (00:07:15):
It's really great. I appreciate that. Yeah, no, it was like, I, I reception music. I mean, it was, I was trying to play something that people could talk over and, and kind of get to know each other too, and that kind of thing. So, um, uh, but no, it's a lot of fun.
Doc Searls (00:07:29):
So, and then you were just a burning man again, which did, to us, you described as dusty, which I think it always is. I still haven't been to burning man and I want to go, but hopefully before, too long, I I'll, I'll get to, but, um, I, I kind of wanna start out with the, the decentralized web or the distributed web and, um, because there's an aspiration there. And, um, as I told you in a, in an email before this there's a, a friend of ours, I think we both know him, but I don't wanna give away who it is that who <laugh>, who wrote a book about saving the web or something like that. And, and his working title for the next book is, well, we tried. And, um, <laugh>, and I'm wondering, cuz I there's a, a sense I got at Dewe camp on the one hand of great optimum as well as great people, a lot of really good developers working in many cases for a fraction of what they would make, um, in the commercial market as a 10 X programmer, um, trying to do good things. Um, and, um, and yet there's a part of it that felt to be sort of like Jackson Browns before the Del huge, you know, where we're, we're actually kind of huddled in a lying in a burned out basement <laugh> you know, so, and I'm wondering, do you have any optimism about this or what is your optimism like?
Brian Behlendorf (00:08:51):
I do, I mean, five years ago, it would've been hard to be optimistic about the prospect of any social network, uh, being able to, uh, uh, compete and challenge Facebook. Right. Uh, but now there's several, um, years ago, it would've been, uh, difficult to be optimistic about, uh, the future of, uh, uh, chat, distributed chat, but now, uh, between between Mastodon, uh, discord, which isn't really decentralized, but at least is warming up. People's appetite for the idea of different servers and different kind of local communities. Um, I, I, I, we have a different world now. I, I, I'm still, I still remain optimistic partly for the same reason, you have to be optimistic about democracy or you have to be optimistic about, I I, um, you know, the, the, the future of the climate, cuz if you're not optimistic kind of, why are we here?
Brian Behlendorf (00:09:38):
I, I, I mean, it's not unlike one of the reasons, you know, I decided to have, um, a kid, uh, with my partner, uh, with, with Kate, my wife was, you know, it's a way to not ride off the future. It's a way to have to be invested in, in making something better and whether you completely win and, and the, the internet is re decentralized, uh, or you've simply been a useful way to counter the power of central platforms and central central markets. Um, uh, you know, having any sort of impact is better than having none. So, so I think it's still a true north worth aligning with, um, and, and, and worth creating opportunities for, and I'm so, and I'm optimistic, not just cuz I have to be, but because of this community, we were, uh, in the midst of, um, the people, there were not just kind of building toys, not just, um, uh, talking about things that are fun, but, but not practical.
Brian Behlendorf (00:10:27):
They were building systems that people could run people that people are running, uh, that are more popular outside the United States than inside, uh, tended to notice a lot of international participation there and folks connecting it to co-op, uh, platform co-ops and, and, um, initiatives in other countries that aligned with different kind of political systems and, and, and priorities in the like, um, and people giving, giving a damn. Um, and as you mentioned, um, on the board of this thing called the file coin foundation, which is, uh, the incentive platform for, uh, uh, the, a big storage network using a protocol called IPFS, uh, as a way to try to, uh, not just provide a decentralized alternative to say, uh, Amazon glacier, but ultimately an alternative to all forms of network storage. Uh, and I, I, I perhaps even CDNs and the like, um, and that, and that's a system that's running today has 15, uh, I believe the current number, although I, this might be outdated 15 exabytes of capacity on that network, which is huge.
Brian Behlendorf (00:11:25):
It's it's several times <laugh> several, uh, Twitters of magnitude, I think, larger than the internet archive itself. Uh, um, uh, and has been bringing many of these kind of organizations like internet archive, freedom of the press foundation, witness, uh, other human rights organizations along to, to, to use this network and, and, and see if it's, if, if it can actually serve a purpose beyond, uh, just decentralizing Amazon, right? That, that the ultimate goal has to be something more beneficial, more, uh, uh, impactful on society than just, um, taking down the, the big daddy or something like that. So, um, uh, that, that that's one reason to remain optimistic and Dewe camp is only 300 people, but there are communities of thousands of people out there, uh, represented at that event. Uh, and, and, and all that gives me hope and, and, and hope that, that even people, a lot younger than you and I, um, have some of the same, uh, principles and ideas floating in their head that we had when we first landed on the internet, you know, so that's, that was really, it was a great recharge four days, you know, if anyone can make it to the next one, we, I highly encourage it.
Brian Behlendorf (00:12:32):
DWE camp.org, if anyone's interested.
Doc Searls (00:12:35):
Yeah. I, I totally loved it. It's been my, my wife who we both know <laugh> is not a camper. She got a cabin. I, I, I, I have a tent and, um, but I made sure that I had a, a 75 foot long, um, extension cord with a power strip at the end of it, going to my tent from her cabin. Anyway, um, you dropped the one liner that I, I loved a few years ago, which is we need minimum viable centralization. And I'm wondering if a kind of car air to that, or kind of following toward one might be, um, what has to be centralized. When, when I, when I started out, um, my web server was under my desk. I had, you know, 16 assigned IP addresses from, from a competitive local exchange carrier. Um, uh, I, it was very slow. Um, it was something that laid on top of DSL. It was 1995, but srls.com lived under my desk. I had my own email server, and I'm not that technical and I could run these things. And now I wouldn't think of having that, even if I had a, an IP address, cuz I clouds are better places to host these things today. I dunno if that's actually true. I sort of feel that way, but I'm wondering what has to be centralized at this point. Um, as we look toward decentralizing and distributing as much as we can.
Brian Behlendorf (00:13:56):
Yeah. And when I, when we first launched wire.com on the web, it was on the slow end of a 28, 8 modem <laugh> provided by the little garden. Remember that ISP, uh, one of the first consumer ISPs, uh, in a, in, in the bay area, um, what has to be centralized? Well, the point of that term minimum viable centralization is to get across that, uh, the idea that rather than these being two binary states, centralized or decentralized, um, decentralization is a, is a vector, right? That, um, uh, there is a principle that the more decentralized or decentralized bull, uh, uh, the better in all sorts of ways that are difficult to measure, but, but which tend to lead to better outcomes. Um, so I use the example of the domain name system. The main name system is not as decentralized as, uh, some might say the Bitcoin network or Ethereum network or the cryptocurrency networks, uh, can be, um, there is an organization called I can, which has plenty of things that it's done over its 20 plus year history that have caused people to, uh, be concerned or critical of it, but has tended to practice at least from my, uh, you know, quasi layman's point of view.
Brian Behlendorf (00:15:04):
I, I, this, you know, doing only what is necessary to maintain the, the trust and the, uh, uh, technical competency to keep the domain name system running, which if you think about it, we all take it for granted. Now, most people don't know how it works, the fact that it does, uh, and the fact that it does not just technically, but also operationally and politically is pretty remarkable. Um, it's not attached to the UN it's not attached to any other, you know, international government, uh, or governmental body, uh, from the 20 years ago, when it's, when the main name system management, uh, spun out from the department of commerce, I think it was, I could be wrong. Um, uh, uh, but it was, uh, it it's, it's, it's managed to keep this network alive by being, by asking itself and asking the world what's the smallest bit of thing it could do, uh, coordinate two things, the root name servers, and maintaining a consistent database across all those 18, you know, top level, you know, domain name resolvers, everyone agrees, you know, by kind of convention to use as the root of the internet, although there's many machines behind each of those nodes.
Brian Behlendorf (00:16:07):
Um, and a second thing, which is the universal domain re uh, a dispute resolution protocol, which means if you are, if somebody registered walmart.com and your Walmart, you can have a process for claiming that as a trademark, whether, you know, and, and that's a human process. There's, that's not a technical process that it involves integrating with legal systems and the like, and Ike's been able to navigate and weave and try to, it seems to as little as possible, um, in order to keep this alive. Um, and I see that in other, uh, networks. I, I, you know, I, I, I see that's, I think the role of foundations in open source networks, I think it's the role for, um, some of the different organizations involved in the cryptocurrency space and the, then the blockchain space. I, um, and one of the things in the open source world as Simon knows well, that, that serves as a check on power of these organizations is the right to fork is the right to be able to go in a different direction than the developers or the people who are attached to the brand, uh, can do. And if somebody had a better idea for how to build an operating system kernel than leans, they can start with the Linux kernel and fork can go in a different direction. And that has forced a minimum viable centralization mode on, on open source software in a really positive way. I think
Doc Searls (00:17:26):
So I have the sun blasting through behind me. So almost look like a religious poster for those of you are <laugh>, who are, who are, who are, uh, watching. But, uh, first I have to, and Simon's chopping at the mic to, for, for the next question. So, but before we get to that, I have to let everybody know that this episode of FLOSS Weekly is brought to you by I R L an original podcast from Mozilla. IL is a show for people to build AI and people who develop tech policies. It's hosted by bridge Todd. This season of IRL looks at AI in real life, who can AI help, who can at harm the show features fascinating conversations with people who are working to build more trustworthy AI. For example, there's an episode about how our world is mapped with AI. The data that's missing from those maps tells as much of a story as the maps themselves.
Doc Searls (00:18:19):
You'll hear all about the people who are working to fill in those gaps and take control of the data. There's another episode about gig workers who depend on apps for their livelihood. It looks at how they're pushing back against algorithms that control how much they get paid and seeking new ways to gain power over data, to create better working conditions for political junkies, their episodes about the role that AI plays when it comes to the spread of misinformation and hate speech around elections, a huge concern for democracies around the world. Um, and that is extremely relevant. As we know, cause we're entering a, a political period here. We don't talk politics on, on a tech show, but tech plays an enormous role in that. And this is a good episode to check out. Search for IRL in your podcast. Player will also include a link to in the show notes, my thanks to IRL for their support.
Simon Phipps (00:19:08):
So Brian, I'm fascinated by your, your, um, talk about D DWE, um, and particularly by interposing file coin in there, because to me, anything with the word coin in it automatically invalidates the D web concept. Uh, do you think that we are going to be able to pick up on a truly distributed web and get away from the awfulness of the cryptocurrency bubble? Or are we gonna have to, um, uh, have a completely separate community working on that? Because when I look at the people working on activity pub, um, they don't do, uh, blockchain. Uh, they do, uh, peer message passing. Do you think that distraction is actually a distraction or do you think it has a role to play in the future of the distributed work?
Brian Behlendorf (00:19:54):
So there's a tremendous amount of antipathy, uh, well deserved for coins for crypto, um, for, for all things blockchain and I, and I spent five years in, in the blockchain minds, so to speak, uh, working on a project at the Lenox foundation called Hyperledger, which is distinguished from a lot of the rest of the blockchain space by the fact that it didn't require a cryptocurrency. It wasn't about speculative financial instruments as the red blood cells of a network, uh, as the, as the T C P I P packets. And instead it was about, here's a way once you have a community of people, of organizations, of, of whatever actors on the network working together around, um, uh, and, and, and wanting a common system of record, wanting some automation, uh, wanting a smart contracts, essentially, here's a way to do it using a consensus mechanism that does not use burning energy as a proxy for political power, which is what, what this, you know, consensus mechanism called proof of work is all about.
Brian Behlendorf (00:20:51):
Uh, and, and which is horrible. And, and I remember, uh, reading the, the <laugh> the intro and in the first couple pages of Satoshi's paper in 2009, uh, uh, and going, I hope this does not succeed as an, as a, as an environmentalist, because this is a really broken way to, to, um, to build a, build a society, build a network, um, uh, because of this concept called proof of work. But I resonated with the idea of being able to have a payment network that was not dependent upon central actors, central banks, that sort of thing I resonated with, uh, the calls for decentralization and the fact that up to that point, we had not figured out a, I don't wanna call it a monetization model, but a sustainability model or, or something that mirrored how we, we use cash and how we use, uh, um, uh, other kinds of financial instruments, um, very locally.
Brian Behlendorf (00:21:40):
And there's tons of use cases where you're probably familiar with the, with the self-sovereign identity world, the sovereign identity concept needs a decent decentralized platform, or at least minimally centralized platform to be able to handle the key distribution and key verification. Uh, uh, and, and so there's all these use cases that started to emerge. I think the one that grabbed me was, um, verification of, um, uh, uh, diamonds and a supply chain for, uh, uh, uh, you know, uh, to implement something called the Kimberly protocol to try to keep conflict diamonds, uh, out of, out of, out of a diamond supply chain, where there was no central actor you, that everybody could agree to trust you needed a distributed database, resilient to hostile actors that anybody could write to, that you could verify the transactions in, in order to have something trustworthy, uh, uh, amongst a, amongst a community.
Brian Behlendorf (00:22:30):
And so that has been kind of lost and has been buried in the noise of NFTs, uh, uh, which I do think have a, a role in our interesting have being able to say, I have an asset and not have it be attached to, uh, a major institution, but be something again, self-sovereign self self-directed, uh, I really resonate with, um, but the, that community had done itself, no favors, both proof of work. The, the, the scams, the, the, the rejection of institutions kind of, um, as a, as a first principle, I, I caused a lot of people to rightfully write it off. And each time there's been a down swing to claim victory, right. Uh, but at the same time, I think there's something here and, and what pulled me in, uh, to file coin, you know, uh, when, if you'd like around the name, but, but first it was around I P Fs, IPFS being a protocol for, uh, um, uh, uh, you know, using the address of a, of a, of an object is the hash of that object.
Brian Behlendorf (00:23:25):
And so, you know, if you've called, uh, for that object and it arrives that it is the same thing, that is the actual thing that you asked for, not somebody's version of that thing, or some, some hacked version of the thing, or some sensored version of that thing. It, it, it's, it's content address storage, right. Um, and, and kind of like BitTorrent stuff only stays up so long as somebody is seating it, uh, and not everybody can be a seater on the network effectively, right. Uh, you want to be able to, uh, pay other people to seat it, uh, and do that in a, in an efficient way that doesn't just end up decentralizing it on a few payment providers. And so I resonated with that. I resonated with, okay, this is, this is a useful thing to decentralize. This is a useful thing to push out, uh, uh, and, and try to avoid, uh, encumbering with the same things that end up recentralizing a lot of the, the, the, the things that we've loved to decentralize.
Brian Behlendorf (00:24:14):
I mean, this has been the bane of, of folks working on, um, web technologies is every time we come up with something cool, like OAuth, it ends up, you know, we envision a world where anybody can be their own authentication provider, their own, um, uh, third party, uh, at tester to somebody's login. And yet it ends up just reinforcing the centralization plans and, and protocols of a few players. Uh, um, this seemed to be a, a, a great way to address that. It also was full of people, the organization, as I met them, the ones working on IPFS and working on foul point at the same time where people like Juan Bennett, uh, I, and, and, and Molly, uh, uh, uh, me blank, last name, sorry, who, who leads the engineering team, a, around a lot of this work there there're really warm people. There, there are people who got that strength comes from transparency, strength, uh, and technology comes from building a large constituency.
Brian Behlendorf (00:25:06):
It, um, that, that when you've got a protocol, sending it through the internet engineering task force is the right thing to do. Uh, um, but I, I, who just had this really expensive vision for it that resonated with, it reminded me more of those early days of the internet and people using communities to, to, to build constituent constituencies around, around protocols. So, um, so that's kind of why I threw my, my hat in there. Um, the fact that it's a currency people can invest in, uh, is, is kind of a necessary by a, a necessary byproduct of the fact that it's a, a payments platform. Uh, but, uh, it's, I, I think, I, I think it stands apart from the rest of the crypto industry and its consensus mechanism is not based on proof of work it's based on showing you're actually storing people, things for other people. So it's utility is directly connected to its sustainability model, which I really liked as well. Right.
Simon Phipps (00:25:59):
Right. Well, I, I mean, I had to go to deploying IPFS, uh, on my own systems and I, I found it was really quite difficult to do. Uh, I found it was difficult to get information material reliably delivered to me. And I also looked into file coin and found that it, it, it seemed to, uh, expect you to be participating on a level on a scale that made it impossible for small, for individuals to participate. Uh, and overall IPFS to me feels like it's conceptually the right place to go, but it's still burdened with, um, uh, a libertarian ideology that is preventing it from going forward and helping people to do things on a human scale rather than on a finance industry scale. Uh, what, what am I missing? What am I getting wrong in trying to do this?
Brian Behlendorf (00:26:50):
Well, distributed storage is really hard. Um, uh, we're used to a, a world where the, the CDNs replicate, uh, uh, content, you know, on a vast scale across, um, many, many different copies and make it really quick to pull down. Right. Uh, and when you compare that to pulling a file down using bit Victorian, for example, Victorian is pretty slow because if there's only a few people seating that network seating, that content, um, pulling it from three different remote IP addresses, even in parallel, uh, can cause things to, to, to arrive pretty slowly. Uh, the more replication there is in the network, the more copies of, of that content and the higher quality that the serving infrastructure is. So F point has been trying to en uh, encourage the establishment of, uh, the calibrated for the right, the right type of, uh, uh, uh, storage providers.
Brian Behlendorf (00:27:40):
Uh, the, those who can run, uh, somewhat beefy servers, well connected to the network, uh, that can deliver the content quickly, uh, and get paid for that as an alternative to people seating from their home boxes. Um, now that means it's not perhaps as decentralized as Astor as, uh, where people might be seating from over their, their home, you know, uh, uh, DSL connections or, or, or cable modem connections with the, like, but it's trying to address that concern about, about performance. Um, this is, this is a hard thing to do is all I can, uh, say about that. And, and I do think a lot of the funding model right now is dependent upon attracting investment. Uh, this is not easy technology to write. So, so if it has that, that kind of era of at least on the, on the websites of a little bit of a, of a corporate chain, uh, that's, that's out of a desire to be taken seriously. Yeah.
Simon Phipps (00:28:32):
Uh, so I think that's, that's really partly my concern. I, I, again, I don't see any of these technologies showing up in, uh, master on or in plume or in, uh, pixel fed. Uh, all of those are using very simple, um, uh, peer-to-peer message passing mechanisms. They're not using systems that require you to, uh, own a data center to deploy them, or require you to be a, a Bitcoin whale in order to get enough coins, to be able to float them. Uh, and, and that, that's what makes me feel there's this divide between the world that, that Farco is in and the world that, uh, uh, uh, that actually Lenox foundation is in and the world that mastered on and pixel fed in where it seems to be individuals who are highly motivated to create truly distributed human scale applications. And really none of this technology is anything that they even could use if they weren't dis timeful of it.
Brian Behlendorf (00:29:28):
Well, message passing is a very different thing than serving, you know, medium size, large files, right? Like I, I just sending, sending 256 bites around, or, or, uh, uh, 280 characters. So that kind of thing is just a very different kind of use case than, than sending around large, large media, uh, and the, you know, so it's gonna be lend itself to different protocols and, and, and different kinds of systems that, the cultural thing though, Simon, I wish you were at D WebCamp because you, you, would've seen, um, a lot of folks mixing between these technologies in a way that doesn't come across. When you look at the websites, I, I, I, you know, like to bring you into the slack channels for, for IPFS, you could talk there about, uh, I, um, you know, getting, uh, seeing where the emerging support is for IPFS into not just some of the other, um, distributed web and, and self-hosted, uh, uh, an indie web kinds of kinds of approaches kind of technologies, but into things like WordPress and Droople as a, as a storage platform. Right. Um, so I'm not, you know, look, it has, it has its own challenges. Uh, again, it's, it's, it's trying to do a hard thing. Um, and at this point I kind of feel like supporting everybody, trying to do hard things, uh, uh, and doing it with, with varying degrees of success, but with, with a measure of success, right. It's more important than trying to draw lines around around communities.
Simon Phipps (00:30:49):
The only reason I ask it is cuz I, I, you know, I did have a, a, an idea, um, over in the document foundation in the, the Libra office community about, uh, how we could use IPFS to get away from having Google docs and, uh, office 365 as our document, uh, models and that, that really involved bringing those two worlds together. And, uh, so I've actually had a go at doing it and I've discovered it's really hard to bring those worlds together, to do something real, uh, because the side that's doing all the corny stuff, doesn't really like working with the side, that's doing all of the, um, the, the chatty stuff and vice versa. And, uh, so I, I keep on drawing a blank. I'm quite interested in, in the DWE camp. I was just a pity. It was in America because, um, uh, I'm unfortunately I'm not gonna go there, uh, for reasons that I'm not allowed to discuss on this program. Um,
Brian Behlendorf (00:31:48):
So, well, the, the, the host of this all is the internet archive. It was Brewster. Um, and yeah, I have a sense that he would be, he would really resonate with the idea of replicating DWE camp in other, other, other places, other countries. So, um, maybe the thing to do is for us to, to go approach him and, and, and see what doing one in the UK soon,
Simon Phipps (00:32:07):
Glue it onto Debian, uh, onto, you know, onto Deb comp, cuz they always pick places that, uh, people, uh, who don't like, uh, invasive, international security are still able to get to.
Doc Searls (00:32:17):
I, I know that, uh, this Simon has a follow up on that, but first I have to let people know that this episode of FLOSS Weekly is brought to you by compiler an original podcast from red hat, discussing tech topics, big, small, and strange compiler comes to you from the makers of command line heroes. And other of our sponsors and is hosted by Angela Andrews and, and Brent semio technology can be big, bold, bizarre, and complicated compiler unravels, industry topics, trends, and the things you've always wanted to know about tech through interviews with the people who know it best. And there show, you'll hear a chorus of perspectives from the diverse communities behind the code. Compiler brings together a curious team of red hatters to tackle big questions in tech. Like what is technical debt? What are tech hiring managers actually looking for? And do you have to know how to code to get started with open source episode two, for example, covers what can video games teach us about edge computing?
Doc Searls (00:33:18):
The internet is a patchwork of international agreements and varying infrastructure, but there's something coming to change. The ways we connect in this episode of compiler host explore what edge computing could be for people who enjoy video games and what this form of entertainment could teach us about the technology episode nine, how tech hubs changing traditionally, if someone wanted a career in tech, they've had to make the move to a tech hub, a city packed with startups and talent, but things are starting to change the host of compiler. Speak to a few of the change makers who are thinking outside of the physical and social dimensions. They've come to associate with innovation. Um, actually I'm a living example of somebody who came west to join a tech hub. That's where I met, um, our guest today and many others. Um, but, um, uh, I'm always moving now. And in fact, the place where I'm living most of the time is not a tech hub and wants to be, I'm not even sure that's still a, a viable concept. So really good episode, episode nine there learn more about compiler red.ht/twit. New episodes are out now, go and download them at any time and be sure to check back for new shows, listen to compiler on apple podcast or anywhere you listen to podcasts. We'll also include a link on this episode show, page, my thanks to compiler for their support.
Simon Phipps (00:34:41):
Uh, so we were talking a little bit earlier, you know, let's move on to thinking about, uh, your, your current day job, you know, uh, and, uh, security systems here, um, is that, you know, what, what's your motivation for being involved in that is that to do with big corporate supply chains or is that to do with, uh, protecting civilization? You know, which end of the scale is that
Brian Behlendorf (00:35:04):
<laugh>, um, you, you speak of those at least as if those are opposites, but, uh, um, uh, you know, which they might be no, I, about a year ago, uh, after five years in Hyperledger, I tend to go through, I don't say career a D but, but the longer I tended to spend on a thing, the more I've regretted it <laugh>. Um, so I, I, I always keep my ear open for what's what's going on. And, um, uh, at, uh, there had been two efforts, uh, that had started one centered around, uh, GitHub, the other centered around Google, uh, looking at how is it that we're writing software in the open source world from a security point of view. And could we be doing that better? Uh, uh, not with a specific exploit or approach in mind, but simply to say, you know, there seemed to be quite a few CVEs and open source, which you'd expect because the code is open.
Brian Behlendorf (00:35:50):
It's easier to audit. It's easier for people to crawl through and find things, uh, and more and more frequent, uh, which you'd also expect as open source getting used, used in more critical infrastructure kinds of applications, more and more people trust it. Um, but the kind of trust that we earned in the open source world, uh, in the early days where, which was really because of a sense of stewardship, a sense of a community taking responsibility for each release, you know, at Apache, we tended to, to say, you can't cut a release until two other people have signed off on it. Uh, uh, you know, uh, um, the kinds of diligence and processes we had, um, uh, that led to people trusting open source software, you know, by default, which was great and helped us scale up, uh, um, wasn't something that, that was necessarily earned in every situation.
Brian Behlendorf (00:36:35):
Um, there was a lot of open source. There has been a lot of open source release that has not been built to the levels of diligence, perhaps that we said in those early days. And that there's new kinds of attacks that, that take advantage of the fact that open source emerged when things were high trust when finding a package under an appropriate license on a website you'd never been to before or a GitHub, or you'd never seen before tended, you tended to trust that rather than not trust it. You might scrutinize it. You might look at the code, but, but let's be honest, Simon, even as developers or people who could crawl through code, most of the time, we did not before pulling in a package, uh, or using it at the very least, perhaps even incorporating it into our, our work. And so a couple of these, uh, developers and, and, and, and companies started to put some ideas together about how to address some of these issues.
Brian Behlendorf (00:37:21):
Some of it was supply chain related, um, meaning things like when you're a developer and you're pulling in dependencies, how do you choose which dependencies to use? How do you avoid getting caught by, you know, uh, uh, uh, the kind of typo squatting bugs that had started to hit where you think you're pulling in one package, and instead you're pulling in a fork of that package that implemented a cryptocurrency minor behind the scenes, that kind of thing. Um, uh, some of it was around specifications, you know, there's this whole world now that I still don't understand entirely called the DevSecOps world. A part of which is as you're pushing things from development to, uh, release and deployment on the cloud, you have different risk tolerances and, and that risk tolerance for, uh, uh, should, should be associated with your processes for developing software, where you might choose to use riskier younger modules in one path and, and more, uh, stable things in another path, or simply want to know that the things that were built from source, how verifiable is that how many people were involved in cutting that release, that sort of thing.
Brian Behlendorf (00:38:19):
So that's a specification called salsa. Other things were simply a matter of education. You know, if you look at major CVEs out there, they tend to fall into patterns such as, you know, a, uh, Tru too much trust in user contributed input, um, off by one errors in memory allocation and freeing that lead to memory, corruption, bugs, uh, uh, you know, these, these kinds of recurring things, which are hard earned experiences for many developers, but you could put into a package and teach people about which we, uh, did. There's a training course called secure softer development, which goes through many of these kinds of issues. Um, and so, so these two efforts were kind of put together into kind of a lightly resourced, um, uh, thing called, uh, uh, which was then called open SSF. I, I, and, uh, there wasn't any kind of funding around it so much as like, let's figure this out.
Brian Behlendorf (00:39:08):
Let's, let's see if we can do something one step better than the original core infrastructure initiative effort, which stepped in after the, uh, heart bleed incident to try to fix open SSL had some, some success there, but also some challenges. Uh, and instead let's, let's really get to how software is written and, and not just open source software open source is now by some measures, 90% of an average software stack. Uh, uh, so fixing this for open source means really trying to fix it for the entirety of the software world. Um, uh, and I, I, uh, and so, uh, it was what, what really crystallized things though for us, was in December, uh, the log for Jay breach, the, the compromise known as log for shell, uh, that caused some pretty serious earthquakes out there, because it was so easy to compromise because log for J was so pervasive throughout so many applications, and many people didn't realize they were even using it or what version they were on that sort of thing.
Brian Behlendorf (00:40:02):
And that prompted, um, uh, uh, some attention at the kind of highest levels of at least the us government, where they, uh, um, we got a call at the Linux foundation and at open SSF, um, to <laugh> to attend a meeting along with Apache, uh, uh, and, and, uh, 10 other companies, uh, convened by the national security council, which by the way, when the national security council invites you to, uh, an event, it's not a birthday party, it's, uh, a pretty serious conversation. And after six hours, the, the result of that was a little bit of a pro to the, to, to, to both, um, us as nonprofits and, and to the companies to say, well, how are you going to fix the problems that you note out there? I see you've got some interesting starts to fixing these issues, but how do you actually get towards closing these issues, these, these larger systemic kinds of issues that, that are partly supply chain related, partly education related, et cetera, um, and, you know, open SSF by that point had accumulated, uh, a couple dozen different initiatives, uh, uh, software specifications handing out multifactor off tokens to developers of important projects, funding of, uh, third party code reviews, audits, that kind of thing.
Brian Behlendorf (00:41:11):
Um, and so we developed something called the, uh, open SSF mobilization plan, uh, which was a, um, uh, which is a document that outlines 10 different, uh, uh, systemic issues and how we might go try to have a double digit percent impact on, on those issues. Uh, and the community wrote these 10 different streams. They put together targets, they put together a rough sense of how much it might cost to fund the, the, the center of those of those solutions, but how much, you know, depending upon volunteerism and depending upon working with the open source community to get the kind of leverage to have the impact you want. Um, we, uh, put this out there and, and realized that these different initiatives would, uh, cost some money cuz you have to pay for some things. Um, especially when those things are more like let's encrypt, they're ongoing services, uh, than they are necessarily about writing code, uh, uh, and, and, and put together this plan that called for 150 million in funding, which, um, it sounds like a lot for an open source project.
Brian Behlendorf (00:42:10):
And sounds like it's a bunch of corporates asking, you know, the government to pay for something. But, uh, instead it was, here's $150 million worth of, um, prevention that hopefully can lead to several billions or more of cure, right. Help avoid spending billions of dollars in curing things after the fact, uh, and log for J cost a whole lot more to the industry and to government than a hundred, 150 million. So, so this was the big idea and, and, uh, we're executing on that now. Um, open SSF is still very much a bottoms up volunteer, open source community. All these initiatives are public facing. Anybody can join. We're really desperate for people to join, uh, these different initiatives and working groups and the like, uh, and part of what I'm doing now is going out and trying to get resources for these different parts of the plan, not just from the private sector, um, but, but from grants, from other organizations and from countries that finally realize that, Hey, they need to pony up. They need to, uh, help ensure the long term viability of this software as critical infrastructure. If this is the roads and highways and water and power systems of the modern world, um, there's a role for government to play in ensuring their long term safety, uh, in their long term viability. And so, uh, and that's not something, not just something the us government realizes now, but, but quite a few others around the world. So, um, yeah, so, so that's what we're doing at open SSF. <laugh>
Simon Phipps (00:43:34):
Brian, you know, that was, that was a, a very good introduction to, to the, the predict that you're working in. Um, just stepping back from that slightly, uh, do you think that you are covering all of the risks that face software or, or just the ones that impact, um, uh, companies that are building software into their products? For example, um, you know, what happens when, uh, a project decides to, uh, corrupt the code because they are disgusted by some of their downstream users as happened on node. Uh, what happens when a company decides that they're leaving money on the table and changes to a proprietary license, like just happened with, uh, with, uh, with ACA today, are you covering those sorts of risks as well in your thinking?
Brian Behlendorf (00:44:26):
So, uh, I, I think, I think the answer is partly, yes, I, I, in that some of those attacks are supply chain attacks where I, uh, somebody's either you talk about some of these credentials getting compromised in a world like MPM, where there are many, many, many modules with one developer behind them, uh, of small pieces that are incorporated everywhere, right? Uh, I, and the prospect of one of those either getting hacked or deciding, Hey, they need to pay off some debt, so they'll sell their credentials and they're kind of anonymous anyway. So they'll move on to the next I identity, um, or, uh, deciding, uh, to protest, uh, the invasion of the Ukraine or, or a sense of, uh, um, you know, being taken advantage of, uh, because their code is used everywhere and they don't seem to be getting any help, um, uh, and deciding to, I think it was colors dot JS that, um, yeah, that's that's messages and, and there was another one that was the, the, the Ukrainian innovation protest wear that sort of thing.
Brian Behlendorf (00:45:26):
Yeah. Um, and there are some techniques to try to prevent against, uh, the kind, those kinds of surprises, many of which are caused by the fact that there in so much of the C I C D pipelines that incorporate, uh, NPM and JavaScript, they pull off the, the, the tip of the trees <laugh> for many of their dependencies without really adequately testing, you know, behavior, and, and then they push live. Right? So, so part of, part of, uh, uh, one of the approaches called scorecards, which is trying to develop a objective measure for the, uh, safety of a piece of software and the risk, uh, um, uh, around using some code, what, one of the things it looks for is, are you pinning your dependencies, meaning are you, um, pulling from the tip of the tree and those dependencies, or are you locking into certain version that you've tested and, and no work, which is one way of protecting against surprises like that, but ultimately, you know, it still depends upon this thing.
Brian Behlendorf (00:46:17):
We have an open source, which is if you're pulling from upstream, if you're pulling from the GitHub repo, you're kind of responsible for its behavior and you need to be testing it, there's nothing that absolves you of that. There's nothing also inherently in this, that absolves, um, the developer burnout issues and that sense of free ridership that happens. Although, um, I do think that greater security comes from code that is written by teams of people rather than by loan gunman, right. Um, that come from, uh, development process that has things like people signing off on, uh, poll requests, people signing off, uh, cut on releases and putting their names behind it, putting their reputations behind it, then, you know, uh, individual modules aggregated by the thousands, uh, uh, and, and, and pushed out. Um, and it, it also, there's, there's a thing about around identity here that I think is, um, worth kind of just acknowledging, I think a lot of us nearly days, you know, the world was smaller.
Brian Behlendorf (00:47:09):
We could know people by their first names. Um, we could meet people face to face often in what we're doing, and we could trust their software, uh, partly because of a sense of assurance of, you know, if this is Linas looking over the, the Linux Nel process, right. And, and, uh, or, or, or Simon working on open, uh, office that kind of social trust doesn't scale to the thousands of components that are pulled into modern platforms. And so how do we approximate that with, with, uh, uh, other kinds of measurement of trustworthiness of code, but also, uh, uh, we might need to look at reputation systems, uh, uh, that don't, that take into account the other projects you're involved in. And, and I, I, you know, the kind of the longevity you've had in a community and that sort of thing, um, and really frankly, should not take into account things like nation of origin or, or, or, um, you know, IP address of your contributions or anything like that, uh, which is an ongoing debate. In some circles.
Doc Searls (00:48:03):
I have a question that you're probably not anticipating. It's not on the list of topics. We went over ahead of the show, but, uh, and may not be answerable. But first I have to let everybody know that this episode of lost weekly is brought to you by new Relic. Devs are some of the most curious people, the first to explore the newest tech, wanting to know how and why things work. That's why so many engineers talk to new Relic. New Relic gives you data about what you build and shows what's really happening in your software. Lifecycle is a single place to see the data from your entire stack. So you don't have to look into 16 different tools and make those connections manually new Relic, pinpoints issues down to the line of codes. So, you know, why the problems are happening and can resolve them quickly.
Doc Searls (00:48:49):
That's why more than 14,000 companies use new Relic. When teams come together around data, it allows you to triage problems, be confident in decisions and reduce the time needed to implement resolutions. Using data, not opinions. Use the data platform made for the curious access, the whole new Relic platform, and 100 gigabytes of data per month free forever, no credit card required. Sign up at new relic.com/floss. That's N E w R E L I c.com/floss, new relic.com/floss. So, so Brian, um, you grew up in, in either involved with, or in the shadow of the jet propulsion laboratory in Southern California. Do I have that right? I think I do, yes.
Brian Behlendorf (00:49:38):
Yeah, yeah. A little town called lock where all the scientists kinda lived and yeah, it was right at the street from my high school.
Doc Searls (00:49:44):
Yeah. So, so you were around space is a thing. And I'm wondering about open sources space. Um, I'm an I'm on a, a list and it's, uh, a couple people have been on the show are on the same list of people who are trying to in an very open sourcey kind of way to get through to Elon Musk and star link and, um, not having a lot of success in spite of their really, you know, alpha credentials. And I'm wondering if, if open sources space works together very well yet. Um, what, what do you think about that? Do you have thoughts about it at all? If not, we'll go on to another topic.
Brian Behlendorf (00:50:22):
I, I, I, I can't say I've, I've thought about that much. I, I, I, you know, look, model rocketry seems like, um, one of those domains where amateurs, uh, have tended to be a source of a lot of innovation where there's now model rocket clubs that are getting things into lower orbit, uh, uh, but it, but space, the space industry almost tends to be the definition of heavy, heavy industry. And, and, and, and, um, uh, it's hard to imagine putting substantial amounts of payload or people into space using open source software. I can sooner manage an open source car company than I can imagine in an open source space industry in terms of at least like the lift capacity, but, you know, it, it, it, the, the microsatellite spoon spoons suggest that, uh, the cost of being able to get something sitting in space, uh, that is sending and receiving data might come down to a point soon where it's reasonable to think about a hobbyist, getting, getting a platform up there, or small companies getting, uh, uh, uh, you know, uh, hardware into space.
Brian Behlendorf (00:51:23):
Um, and I, and I also think Starling isn't isn't, um, in a position where others won't be able to replicate what they do, although I worry about that from the point of view of space junk and, uh, uh, visual pollution, uh, for ground based observatories and that sort of thing. Um, but, uh, but I don't know if space ever, uh, goes com you know, completely open sourced the, you know, in the way that the internet has, I'm trying to think of other real world comparisons, but, um, I, I, it's easier for me to envision like the car industry going a bit more open source than, um, the, uh, the space industry right now.
Doc Searls (00:51:55):
And I don't even know what network this cell phone in my car, this naing naing on us is talking to. Um, so I don't, I, I don't have as much hope for that as I would like, so, but let me pivot from that to, since the space, all the space programs are, you know, they originally were government and now they're more private than well private in additional to addition to government. Um, and, but you've worked with a we, um, and, and other organizations like that you've worked in DC or with DC, how do we get governments to care about open source standards, culture, data, um, and the rest of it?
Brian Behlendorf (00:52:41):
Yeah. Well, I, you know, when I, when I worked in the Obama campaign in 2008. And then, um, when I went to go work at the office of science and tech policy in 2009, I don't think there was anybody in the executive branch who had ever, you know, written a line of code, uh, in their lives. It had been so much the case for 30 years that the principal was technology was what the private sector does, government actors, whether political appointees or, or, you know, the, the, the, the massive people in government, you know, the people employed by the government, all shouldn't, shouldn't deal with technology. That's something you push out to, uh, the vendor community, and that is broken because even to be a, a smart consumer of technology and of companies providing that, you have to know what you want to have built.
Brian Behlendorf (00:53:23):
You have to know to evaluate what's been built for you all this. So, um, I, I, 2009 me was very frustrated, uh, in DC trying to get, um, talk to people, not just about open government, which was kind of more the premise I was brought in, but about open source software in particular as, um, a, a form of public good as a, as a, a way to, uh, help entrepreneurship, uh, help avoid concentration of power. Um, I'm still re you know, still remember kind of the ownership of a platform by, uh, of the desktop by Microsoft, right? Those sorts of things. And, and that remediating that wasn't about, uh, um, I, uh, breaking up monopolies so much as it had to be about providing better alternatives. So, um, uh, that was a very frustrating experience.
Brian Behlendorf (00:54:07):
13 years later, um, I'm sitting on a panel, uh, or sorry, a congressional committee, the house science, uh, space and technology committee, uh, interviewing me and the CIO of the air force. Uh, and, um, I'm Emily Koran, uh, who is in DC and has done technology for agencies for a long time, uh, about software supply chain security and open source software security, and the questions coming from the, the Congress people, not just what was prepared for them by their staffs, but, but the responses, uh, um, that they gave themselves to, to, to the, to, to, you know, the questions, the banter back and forth indicated they knew what they were talking about, that they had been either developers themselves. And I know that's in the history of some of the, the, the folks on that committee, uh, or worked with technology organizations and genuinely wanted to figure out what's the right thing for, uh, for, for American American citizens was the right public policy, that sort of thing.
Brian Behlendorf (00:54:58):
And we're very clue about threats that are out there, but also opportunities. They wouldn't, uh, uh, have a dismissive attitude towards open source software that, that I think we're so used to. So part of it has been the long slog of the last 30 years of educating, uh, both Congress and, and people who are, um, the, the long term folks in government and policy makers, uh, about, about open source software and open technology. One of the, uh, I, I think best sources for this has been the Kennedy school at Harvard where so many future policy makers, you know, take courses now has a, a, a, a huge number of people teaching technology policy, who are very wise to open technology culture and the like, um, and I decided to spend some time in DC, not because I wanted a career shift, but because I kind of wanted to, to do my part.
Brian Behlendorf (00:55:45):
And, and I think, um, every technologist, everybody listening to this podcast, um, has a, an a, a duty, I, I almost said obligation, but I kind of feel that way obligation to find a way to participate, uh, and can lend their expertise to the systems of government to help help people, help them make smarter decisions, help, uh, educate them about open software, open standards, open technology culture, the like, um, whether you work for government or simply work for an organization that exists around government is kind of fine. Just don't do it to, to build a career, do it to, to have an impact. Uh, and, um, you'd be, be amazed how far you can go when you're worried more about the latter than the former. Um, uh, and, and I think as a result of many people doing that, especially from the Obama years forward, uh, I, and planting seeds and helping rescue healthcare gov and, and other things like that, I think we're in a much better spot in the United States and many other countries are following suit. The us right now is clearly taking the lead on security and open source software. I, I, and, uh, I, I, uh, you know, other countries are, are watching what's going on there and the EU and, and Japan and Singapore and the like, um, but, uh, but I'm, I'm much more reassured about this than I've ever been, uh, that, uh, uh, that they get it. Um, and, and hopefully that getting it can also be connected to the resources to address the kinds of issues that we, that we see out there.
Simon Phipps (00:57:08):
Yeah. So I, I have to say, I, I agree, Brian, um, you know, I, my day job is, uh, being the standards and policy director for Europe for the open source initiative. And, uh, we are just staffing up, uh, in that area, uh, because we are discovering that governments are taking open source so seriously that they're beginning to frame policy that, uh, both uses it and influences it. And as a consequence that needs, uh, input a voice that's coming from the, uh, uh, every person developer, rather than only from the big corporate lobbyists that, uh, the 5 0 1 [inaudible] trade associations represent. So I I'm with you completely. I think that that is, that is beginning to happen. Uh, I, I see the divide as being, um, in the us. The focus is very much on security in supply chain in Europe. The focus is very much on, on privacy and on, uh, the control of technology. Um, do you think those two things can be reconciled or do you think we are gonna see a war, uh, so to speak between, uh, Europe and the us over open source and regulating it? I'm told we have to have, I'm told we have to have a quick answer. So that's probably a really bad question to ask you.
Brian Behlendorf (00:58:26):
I, I don't see a dicho there Simon. Uh, I, I don't see, you know, corporations care about their privacy too, just as much as individuals do, uh, uh, their own privacy, of course. Uh, yes. And I, and I think there's, there's so many of the privacy technologies come from the bottoms up, but are, are, uh, seize and grab a hold of and, and, and taken further by by companies. But I, this whole dichotomy between companies and developers, I don't, I don't see software developers and open source have been, uh, uh, you know, funded and resourced by, by companies startups to, to large ones since the earliest days. And I think we just need to do less of this kind of, you know, positioning of battle between the two than, than we tend. We, we tend to see some, yeah,
Simon Phipps (00:59:06):
No, I, I, I don't think I'm pointing at a, a dichotomy there. I think I'm what I'm suggesting is that, uh, Europe is very much focused on the privacy of the individual and that is being weaponized by the European corporations. Uh, whereas in the us, it's very much about the security of the supply chain and that's being weaponized by the us corporations. And I think both are going to result in attempts to regulate open source in one way or the other, uh, or, uh, enact regulations that affect open source. Uh, and I think that's where there's going to be a conflict between the two sides.
Brian Behlendorf (00:59:40):
Hmm. Okay. Well, I, maybe it's the optimist of me. Um, but I, I don't see them as they're reconcilable. I, I, I see them as additive. Yeah.
Simon Phipps (00:59:50):
Uh, doc go that way.
Doc Searls (00:59:53):
<laugh> and you'll mute yourself. I have to get off mute before I start talking. And then I don't, um, this is, <laugh> an old dog that yeah, there it is. Anyway. Um, so, so Brian quickly, is there anything we haven't asked that you'd like to have touched on if we can touch on it briefly?
Brian Behlendorf (01:00:14):
No, I, I, you know, the, the work we're doing at open SSF is work that we hope helps every open source project, uh, that we hope I, I addresses some of the long term, uh, uh, issues we've had an open source around sustainability, uh, recognizes the role that open source now plays in critical infrastructure. Uh, and, and, um, and the need that society has for us to try to reduce the number of log for shells out there, or make it easier to recover from when they happen. Um, and that's really the, the, the message I'm on these days and, and wanting to, to raise awareness around and that we, we could use everybody's help. There's actually a really small core group of people making open SSF happen. Uh, and, uh, I think every open source project and every open source using organization has a role to play in this fight. So, so I would love to see you, uh, is, is love to see folks help help us with that fight.
Doc Searls (01:01:05):
That's great. And, uh, I, I, I hope people watching and listening will do that, um, final, um, pair of questions. Uh, what's your favorite text editor in scripting language?
Brian Behlendorf (01:01:17):
<laugh> so, uh, I'm still, uh, uh, an Emax, uh, uh, guy, although I, I obviously end up writing a lot of emails in, in pine, so I have to count Pico, I guess, uh, uh, informally for that. Uh, yes. I still use a text mode, male client for, for like my personal emails, uh, work mails, still Thunderbird, but I, um, I, I'm still, I'm still a, uh, I still love kind of text mode and terminal kinds of apps. Uh, I think there's a reductionism to it. That that is just lovely. Uh, what was the other question?
Doc Searls (01:01:46):
Oh, uh, did, uh, text a scripting language, I guess.
Brian Behlendorf (01:01:49):
Oh, scripting language, uh, you know, it, it, it's kind of like you, it's hard to give up your first love, uh, or your first, uh, uh, kind of thing that you really immersed in. And so, um, if I had had a gun pointed in my head and I had to write software and frankly, none of you wanna see the software that I would have to write these days, it would still be Pearl.
Doc Searls (01:02:06):
Yeah. Wow. That's, uh, that's a minority answer, although we, we do do get more than a few of those. So, um, <laugh> somebody wrote here. Favorite code repo, favorite web server. We probably guess the favorite web server. Um,
Brian Behlendorf (01:02:23):
<laugh> uh, yeah. Um, yeah. Uh, the favorite web server is easy it's engine X, of course. Uh, um,
Doc Searls (01:02:32):
<laugh>,
Brian Behlendorf (01:02:33):
Uh, I, I, I can't use it though. I'm not Russian. Um,
Simon Phipps (01:02:36):
Yeah.
Doc Searls (01:02:38):
<laugh> yeah, there's a little of the back channel on the, on the, uh, you
Brian Behlendorf (01:02:43):
Pearl yuck. Yeah, I know on the, I know on the screen <laugh> <laugh>
Doc Searls (01:02:48):
So this, this has been great, Brian. Um, it's been awesome having you on the show. Um, you always managed to pack a lot into every answer and I'm, I'm glad, I'm glad. Uh, I'm glad to have you on, we'll have to have you back soon to see how everything's going.
Brian Behlendorf (01:03:04):
Thanks, doc. It's really great to see you and thank you Simon too.
Doc Searls (01:03:09):
So Simon <laugh> a lot packed in there. I think, I think Brian, I was, I was, I was joking at the back chat that I don't think anybody's gonna listen to Brian at 1.5 or even 1.4, because <laugh>, I think he talks faster than anybody who had on the show, which is a good thing, actually. Yeah,
Simon Phipps (01:03:27):
It's good to have, you know, it's good to have the show extended out to an hour and a half, uh, and, uh, you know, it's as always, I Brian's, uh, as, um, upbeat and, uh, thoughtful and, you know, what is there to say on those issues? There's plenty of discussing that we can do around every one of the topics that we were discussing there.
Doc Searls (01:03:49):
Yeah. I, I, I love how much he works on making the world work. And, um, I suppose every open source developer is doing that, but I think Brian is much more global than many others and, uh, doing, you know, taking on the hard thing. Um, now before that he was with Hyperledger, which is really difficult, um, as a, I mean, not Hyperledger, but the general, the general, uh, category with, with blockchain and all of that, just to, you know, to, to go, to go to the crazy places and make the best of it. I really like what he's doing. And he's a hell of a Jo dish jockey too, by the way. <laugh>
Simon Phipps (01:04:31):
Well, absolutely. Uh, you know, one of the things that we did at, uh, uh, um, the ApacheCon in Oakland was put on a, uh, a rave disco in his honor at the, uh, a Patrick on there. And, uh, it's, I, I don't think people realize the effect, the influence that, uh, the underground music scene has had on the world of open source through bringing Brian into, uh, developing software publicly in the way that he has, uh, that, that, that it's definitely worth covering at some point. Doesn't it,
Doc Searls (01:05:02):
That's an interesting thing. I, I wish I knew the music better. Um, when we were D WebCamp, Brian was, was showing me his controlled and on the laptop and what he was doing and all the different, and lots of interesting things about the artist and about which, of course I know almost nothing, um, probably nothing is it I, nothing will do. Um, and I've probably already forgotten which Brian was showing me, but it was totally interesting while I was standing there watching him, you know, play his muddy Wurlitzer <laugh> it's it's great stuff. So what, what have you, what have you got to let's see life of Brian <laugh> oh, that's an interesting, so yeah, we come up with names for the show life of Brian. Well, people might actually think it is muddy Python though.
Simon Phipps (01:05:48):
Well, and, and what, with Brian always looking on the bright side of life.
Doc Searls (01:05:53):
Yeah. So, okay. We can, we can go over other look at the bright side. That's an interesting thought. Well, this is great. So, so what do you, what do you wanna plug there or did I already ask you that? Well,
Simon Phipps (01:06:06):
I, um, no, you haven't, uh, you know, the, the, the thing that, um, I think a lot of listeners and viewers will be interested in, um, is at OSI. One of our new directions has been to start a podcast on, uh, some big issues. And, uh, we've started a podcast about, um, the licensing and ethics of artificial intelligence called deep dive. So if you go to deep dive.opensource.org, uh, the podcast is there, um, completely unaffected by, uh, the identity of any sponsors. Uh, we've gone out and found, um, the key individuals around the, uh, the ethics licensing and direction of AI, and, uh, we've interviewed them. And then our next phase will be to hold some panels where we begin to work through the, the deep issues. And I think I would love to see, uh, the folks who, uh, follow, uh, FLOSS Weekly going along to deep dive.opensource.org and, uh, listening to the podcasts, and then maybe watting the panels when they come out. Cuz I think they're gonna be really good. They're gonna be, um, very much determining the future that they're not committed to being, uh, upbeat and positive. We are willing to, uh, say that there are some, some difficult and bad things. Uh, but on the other hand, we are trying to be constructive and to drive the argument from the perspective of the individual rather than of the corporation that is trying to leverage AI.
Doc Searls (01:07:38):
Yeah. It might be the most important topic. I think I've tried to list the most important topics is one of the, I think the, the mysteries of AI, um, I, I think we need human comprehension of whatever we're doing, whatever that is and to not have it or to have some other form of comprehension competing with ours or manipulating ours, um, um, is hugely, hugely interesting. So people should go go there, check that one out, check that one out. Um, we, we don't, we haven't confirmed I guess for next week, so I'm not gonna plug that. Um, um, but I will plug the show <laugh> please come back next week. Um, and, uh, uh, in, in the meantime I will be back in my, in my office in Indiana where, um, where I'll have the right microphone and the right everything else, the sun will not be moving across my face like it has here <laugh> and, and the screen anyway, it's been great having it, having Brian on the show. Thank you, Simon. And we'll see you next week.
Speaker 5 (01:08:43):
Listeners of this program get an ad free version. If they're members of club TWiT $7 a month gives you ad free versions of all of our shows plus membership in the club, TWiT discord, a great clubhouse for TWiT listeners and finally the TWiT plus feed with shows like Stacey's book club, the untitled Lenox show, the gizz fizz, and more go to twit.tv/club TWIT. And thanks for your support.