Technology

This Week in Programming: GitHub Gets in the Open Source Fundraising Game

24 May 2019 3:00pm, by

As the Spring conference season continues, this week saw Kubernetes-focused Kubecon + CloudNativeCon in Barcelona and GitHub hosted its own one-day, self-centered conference in Berlin, GitHub Satellite, where the Microsoft-owned, Git-based repository continued the expansion of its capabilities in directions both new and familiar.

The news perhaps causing the most buzz coming out of Berlin was that of GitHub Sponsors, which brings GitHub into the open source fundraising space — a space that has seen some new additions of late, such as the Linux Foundation’s recently announced CommunityBridge. Alongside the beta Sponsors feature, GitHub also announced the GitHub Sponsors Matching Fund, in which GitHub says it “will match all contributions up to $5,000 during a developer’s first year in GitHub Sponsors” and charge no payment processing fees for the first year, with no platform fees as well. (In all, this all sounds eerily similar to the CommunityBridge announcement.)

You’re not likely to hear too much complaint from competitors in the open source funding space, because GitHub made sure to invite Open Collective, Community Bridge, Tidelift, Ko-fi, and Patreon, with all being integrated from the start. And while the effort to make GitHub a one-stop shop, and to let people contribute money directly where they consume the product, seems like a no brainer, but Techcrunch’s Frederic Lardinois points out that the move could be a bit controversial in its effects.

“That’s likely to be a bit controversial among some open-source developers who don’t want financial interests to influence what people will work on. And there may be some truth to that as this may drive open-source developers to focus on projects that are more likely to attract financial contributions over more esoteric projects that are interesting and challenging but aren’t likely to find financial backers on GitHub,” writes Lardinois, with GitHub responding that the launch is “in beta to get ahead of such concerns.”

While this is one concern, another concern voiced on Twitter goes a bit closer to the heart of the matter: should we really be relying on individuals to fund open source projects?

Of course, more common than the concerned are those open source developers (not to mention documenters and other contributors) who are hoping the launch will mean that they will finally see a payday from their work.

As for the other directions GitHub expanded, the company focused on enhanced security and a streamlined experience for enterprise customers. In terms of security, GitHub has been increasingly focusing on tools for managing security in dependencies, and one way they’ve expanded in this direction is with the acquisition and integration of Dependabot, which will “monitor your dependencies for known security vulnerabilities and automatically open pull requests to update them to the minimum required version”. The company also partnered with the likes of WhiteSource, to increase the scope of their vulnerability data, brought token scanning into general availability, and launched a beta of maintainer security advisories, “a private workspace to discuss, fix, and publish security advisories to people who rely on their projects right within GitHub — without tipping off would-be hackers.”

Of course, others still think the biggest news of the event is hidden in the details of that streamlined enterprise experience (which we’ll let you peruse on your own).

But don’t take my word for it — take a gander at the keynote and get all the deets.

This Week in Programming

  • GitLab’s Multiple Assignee Merge Requests & Container Support: As we’ve noted before, whenever GitHub makes some noise, it’s like GitLab is right there to respond. This time, it’s not a direct response, but rather GitLab’s own release of GitLab 11.11, which includes support for Multiple Assignees for a Merge Request, available for those with GitLab Starter, and enhancements to container support. Long story short, the new merge request feature will “allow multiple assignees so that all people who are responsible for the change can be assigned to merge request.” Other features of the new GitLab include automated deployment event notifications for Slack and Mattermost, support for Windows Container Executor for GitLab Runners, which allows Docker containers to be used on Windows, a Caching Dependency Proxy for your Docker images on GitLab Premium, and the ability of users of self-managed GitLab instances to provision an Instance Level Kubernetes Cluster. GitLab users, check out the post for full details.
  • Twitter Continues its API Efforts: We have been discussing Twitter’s API troubles for nearly a decade now, and ProgrammableWeb continues to track this story, writing this week about Twitter Developer Labs. The company has been trying to fix the error of its earlier ways for a long time now, and with this announcement, the company has laid out “its plans to build what it calls ‘the next generation of the Twitter API.'” Apparently, the first step in this next generation will be “a new program called Twitter Developer Labs, which will allow developers to test and provide feedback on new API features.” That, of course, sounds better than the company’s past methods of moving fast and breaking everything third-party developers created. As ProgrammableWeb writes in summary, “it remains to be seen whether developers will find Twitter’s latest effort to be compelling. Specifically, it is unclear whether Twitter Developer Labs will be successful at re-engaging developers who shifted their focus to other platforms or left the ecosystem entirely as a result of the company’s past decisions.”
  • Facebook Open Sources Deep Learning Framework Pythia: Facebook open sourced a new, deep learning framework built on the PyTorch framework, called Pythia, which the company says allows researchers to “quickly build, reproduce, and benchmark AI models” due to its “modular, plug-and-play design.” The new framework is made specifically for vision and language tasks, “such as answering questions related to visual data and automatically generating image captions” and “smooths the process of entering the growing subfield of vision and language and frees researchers to focus on faster prototyping and experimentation.” Facebook writes that Pythia’s features will include “reference implementations to show how previous state-of-the-art models achieved related benchmark results and to quickly gauge the performance of new models” as well as multitasking and support for “distributed training and a variety of datasets, as well as custom losses, metrics, scheduling, and optimizers.”
  • Windows 10 Makes Python Installs Super Simple: It looks like Microsoft has gone mad, what with adding Linux to the desktop, and now… Python? Apparently so. The Python team at Windows (and Microsoft will have you know that it currently employs “four of the key contributors to the language and primary runtime”) has officially announced that it has made it “easier to install [Python] on Windows by helping the community publish to the Microsoft Store and, in collaboration with Windows, adding a default ‘python.exe’ command to help find it.” They acknowledge that, for years now, Windows has lagged behind as “the only mainstream operating system that does not include a Python interpreter out of the box” for reasons of size and security, but now this has been remedied. The addition of Python to the Microsoft Store will make it easy to install Python on Windows 10 and “automatically makes common commands such as python, pip and idle available (as well as equivalents with version numbers python3 and python3.7, for all the commands, just like on Linux).” To make it even easier, Microsoft notes that with the latest May 2019 Windows Update, every install of Windows will include python and python3 commands that take you directly to the Python store page.
  • Who Owns Go? Not The Community: At least, that’s the argument according to Chris Siebenmann, a “Unix herder” who writes that “Go has community contributions but it is not a community project,” calling this assertion “unarguable”. All in response to a tweet that asked “can’t we have something like OpenGo, where community can implement generics , rather that waiting for official #go generics to happen?”, Siebenmann writes that “there are many answers for why this won’t happen, but one that does not usually get said out loud is that Go is Google’s language, not the community’s.” Siebenmann points to last year’s implementation of Go modules, against the outcries of much of the community, as a case in point that “the community’s voice doesn’t matter very much for Go’s development, and those of us working with Go outside Google’s walls just have to live with that.”

GitLab and Tidelift are sponsors of The New Stack.

Feature image via Pixabay.

A newsletter digest of the week’s most important stories & analyses.

View / Add Comments

Please stay on topic and be respectful of others. Review our Terms of Use.