My mother in her wisdom has allways reminded me that it's fine to be alltruistic but to never forget your work and expertice is worth something, if you dont respect your own work no one else will.
Hot take: Open Source authors not getting rich is not the fault of unfair capitalism. It's the fault of Open Source subverting the reward mechanism of capitalism by it's very nature. Basically I'm saying if you give away your best work for free, you can't expect to make money off it. That's just not reasonable.
I did find that framing odd, when she later talks about still believing in gifting software. This is a whole other talk, but ideally automation and AI have a sharp enough uptake curve that we can avoid the longer term sustainability issues that seem likely on the current path. You can't have evil corporations if there's no money after all!
I get a few things, 1. Packages are being held by a private company as it needed money to run. 2. Private means they put the entity's interest first then for anybody. 3. Things are in less control by the people for themselves. But I couldn't get the answers for 1.how entropic, federated package manger, will be sustained and not turn into a company? 2. Will it also be centralized ? 2. How will 10-100x of npm resource usage/traffics requirements will met just by community? I mean the roadmap, path plan etc etc. Would love to know about these things.
From the entropic github Readme: "Entropic assumes many registries co-existing and interoperating as a part of your normal workflow" and "Entropic features an entirely new file-centric API and a content-addressable storage system that attempts to minimize the amount of data you must retrieve over a network" So it doesn't have to be centralized, you can chose to minimize dependency on an external registry if you want to. Entropy is more of a package manager framework, not a new centralized registry. So you get reduced individual registries costs at the expense of the increased complexity of dealing with distributed registries
@@Derpaderpderpp but who will pay for those distributed registries? If there will be 3-4 instead of 1 registry what is the difference it will still face same problem. IMHO.
That's right. How entropic is different. Why many organizations exist with influx of money from big corps, but it didn't happen in NPM? I know that big guys such as Microsoft have nothing against supporting open source, especially with server resources, but there have to be something wrong with people managing NPM. It is strange that this woman making jokes about Microsoft despite many contributions from this corp to open source. I appreciate and respect the courage and perhaps difficult situations that she faced that resulted in slightly overdramatic (I will tell you about money and power...) presentation-advertisement of entropic.dev, but if we look overall, this was FUD based advertising. I would say I will keep an eye on it, but I am skeptical, right from the start about entropic.
@@dxhelios7902 Whoever write a module with dependencies from other nodes will pay to maintain his/her own registry. I know you are not smart enough to understand this, so that's fine.
This is one of the best, most motivating speeches I've seen - and it's about programming. Absolutely incredible, I love it - and want to contribute however I can!
10:23 Criticism of go is outdated (although fair, because it WAS the case, no longer though). Go has a robust package management feature in it now (go modules), that even improves on some of the concepts in node (semantic version imports). It solved the distributed package management problem in a distributed way, and retained many of the advances of the centralized repository. Google "Go modules in 2019" for a blogpost explaining these concepts (proxy, notary, index etc).
Oooooooh this is a really good system! I like that the Index provides a centralized place to discover modules and the Notary provides a centralized authority for signing modules but BOTH of those can be O(N) where N is the number of _package versions released_ instead of the O(N) where N is the number of _packages downloaded_. That makes it much less $$$ to run! If we further subdivided the notary and index into a hierarchy (say Github ran an index + notary for Github repos and Bitbucket ran an index + notary for Bitbucket repos, and the central index + notary simply signed whole batches of entries) then we can improve that to even just O(log N) amount of work on the central server, for the cost of propagation delays.
@@quorkquork Go module proxies are immutable and can be editorialized. Used once, a package cannot be revoked from the proxy unless the owner of the proxy deletes data, although the originating repo can be nuked, yes. An acceptable arrangement imo. Google "Go modules in 2019" for a blogpost explaining these concepts (proxy, notary, index etc). You don't acknowledge these advancements, so I'll assume your ignorance. Let me know if I am mistaken.
I get that centralized servers are expensive to run, but can anyone explain this noob why open source isn't shared via peer-to-peer networks like old Napster? The question has always lingered in the back of my head, but this excellent talk helped formulate it. Throw in a bitcoin-like authentication and a central committee of persons elected by the users approving what is shared and you have an untouchable commmon. Where is the rub in this line of thinking?
Requires incentive to pay for hosting the peers. Think mining. Hosting is not 'serverless'. There is maths. Like the critical number of payers to support a high quality fresh cream cakeshop in an area of given population. Thinking of you, Vanilla Slice.
In practice: GitHub will host an entropic node that will mirror 95% of the other nodes, and everybody will use it as home. Microsoft will save us anyway. BUT if they screw up, it will be easier to move the ecosystem to another host. Is that right?
It would be cool if every company/user who relies on Entropic hosts a node to keep a cache of their dependencies (to protect against left-pad happening in a decentralized ecosystem) that also functions as a public mirror for those same packages.
The key unsaid takeaway for me was that Joyent *did* make Node.js a foundation... If Joyent had taken ownership of npm as well, it would have probably been foundation-ized as well. Hot take: Big companies are *better* short-term owners of Commons, because they can make the choice to give them back to the public, which companies made *specifically for* the Commons cannot, without dissolving the main value asset of the company
It amuses me people go to such height to save the JS community.. that's the best part of being a developer...leave and let live.. I hope entropic is a great success ✌️
I beg to differ. Why does the speaker so conveniently chooses to ignore the service that npm has provided to its users for the past years? And in the process if some people happen to make some money what is wrong with that? Centralization provides stability to an otherwise unstable ecosystem. This talk raises some great questions like finances for open source contributors and users having a voice in the process, but unfortunately ends with the wrong answers. GOOD LUCK managing a decentralized registry!!
Bit late, but I'll try to answer. NPM Inc is the company that owns npm, It's a separate entity from Node Foundation. NPM Inc treated it's employees really really badly when they tried to unionize, they fired the developers without notice and tried to get them to sign NDAs. The open source community is built on developer good will to contribute for free to projects, when the community see a private company treat it's developers this badly, the community freaks out and worries that the company has bad intentions. Bad intentions, like making everyone pay for the use of npm or holding existing npm packages hostage. CJ (the speaker) was the CTO of NPM Inc before they were fired. CJ wants to find a way for Node to avoid being tied to NPM Inc, by creating a new node registry system that relies on Open Source values rather than a company's values. A number of ex-employees from NPM Inc are part of the Entropic project, so hopefully it will get momentum and be a viable replacement to NPM. The reason to make it decentralized it to share the burden of hosting the registry packages and to increase redundancy to make the ecosystem more stable. CJ is helping keep Node as open source as possible, which is good for everyone that develops with Node.
Yahoo Package Manager? I never heard of it. But there was `yinst` (Yahoo Installer) and to the best of my knowledge `npm-cli` mimicked `yinst` not Yahoo Package Manager.
Same question. Please upload a version with the standing ovations. The talk get's even stronger with the immediate storm of enthusiasm. And: Thank you!!
How can we ensure entropic doesn't turn into npm inc and suffer the "costs of success" and we don't end up with another talk like this in JS Conf 2025?
Please reinvent code signing with a working trust model for that! Hopefully such a new code signing infrastructure could be even used outside of the js world. We really need something completely new in this regard!
I watched this entire talk and still don't know why npm is bad and why a federated package manager is better. I guess it's a philosophical position I don't have, but technically, npm does what I need it to do.
NPM Inc fired most of it developers when they tried to unionize. The Node community are worried NPM Inc are not acting in the spirit of Open Source and have worries the VCs that invested in NPM Inc will eventually force the company to charge for npm features. CJ, the speaker, was the CTO of NPM Inc but was fired. CJ wants to find a open source solution that could be a replacement for npm, and making Node more future-proofed away from commercial and VC decisions
A number of NPM Inc developers were fired when they tried to unionize. Company tried to get them to sign NDAs and give them small redundancy packages. The Node community are worried NPM Inc will do more evil stuff in the future
Hold on. People chose it because the story wasn't the truth. You helped the story become. You could have spoken sooner. We did not choose what we did not know.
TL;DR: npm is centralised. Centralisation is bad and unsafe. There is an alternative being worked on right now: github.com/entropic-dev/entropic (not ready for use or production)
Cant it be run like the IRC networks...i used to hand most of my teenage time on Undernet...and from what I know, is that people that love the network can register they own server, and pay a fee to join the network, and server had to be understrict specifications...etc...it was working...IRC was pretty hype back then, and people simply invested in servers because they feel goud about it.....They just had the IRC OP power, and the ability to G-line and Kline....of course under specific set of rules :)...node can work the similar way
It's still doing what programmers expect it to do, but they recently got a new CEO and have been firing people. Probably not making enough money for the board/investors and need to change internally to try something new.
If the 'JS community' want to use another package manager tool, they can. NPM's only power is that it's widely used. If they become 'evil', then I'm sure alternatives will appear. There's a lot of bitterness in this video - she talks about how unfair it is that X,Y,Z worked on Node.js and aren't super rich, then says how NPM inc is evil because it might decide to make money one day.
Nearly the entire modern web development ecosystem uses a package registry called NPM as a key component, but unlike other key components like the JavaScript language, engines, and Node.js, NPM is a private company with a business model that has not been proven to be sustainable.
There is currently no registry for Deno packages. deno.land/x offers more or less a redirection service. Haven’t actually look into how Entropic works but seems interesting.
- i don't understand why is it evil to try to monetize your hard work, why should all code be open? it's ok to work for money for everything else but not code? - NPM are not keeping our code hostage, they just centralize its distribution, and that costs money, which sound perfectly reasonable to me, to have 1 company who is motivated to keep it working as it did, - open source projects although nice, i can never take too seriously because who ever is working on it is not getting paid and therefor they cannot take it seriously (e.g linux vs iOS and Windows), this self righteous utopia where all services should be free just doesn't work - how will Entropic be any better? i don't mean the service it provides but the operation of it, can you some how make it costs 0$ ? if not then how will you pay for it?
My understanding of the answers are: - it's not, but it's not npms code that they're monetizing, it's their ownership of what's currently being treated as a public good, and they are doing so in a way that may not be in the public interest. Not in itself evil, but unless something is done, something that strongly encourages evil, without realistic recourse at the moment. - not quite true, they have motivation to make money off of it. This means keeping people using it only as long as that isn't in conflict with introducing measures that make money like scraping data, for example. - except Linux had basically won the server space decades ago. Open source is getting more popular than ever, partially because companies are realising that code in itself doesn't have much value for most products, so they're only getting benefits from doing the work they would already have done in the open, and have no problem with paying to keep the lights on for a project they would have had to pay easily 1000s as much more to contract to create. It's not perfect, but it is unintuitively stable! - I think the idea is that management costs alone can be covered by donation, and having multiple third party package repositories (which bear the brunt of the cost) keeps them honest.
Hey here's an idea - how about you charge people for using *some* of your code and commercial uses of npm (or whatever) require payment. Then you have self-supporting economy in your ecosystem.
It seems you hate your new ceo and are upset about loosing your job. Your main criticism is money, money, money... I don't really see any real criticism. NPMs strategy for profit is private npm what's the point? There is still yarn etc. So why bash npm, your ex employer...thats sounds kind of fishy to me...
You seem to be missing the point. It might have come off that way for a bit but if you stuck around to the end of the video and listened closely, you would have seen that wasn't her intention/motive. She means well for the community
Money is not the only criticism, but it's a big one and you don't seem to fully appreciate the implications of it: They have to make money, but they have no legitimate way to make money. No product or service for sale, only massive costs. Hence, when the day comes and investors want to see some returns, what happens exactly? What we do know for sure, is that at some point, they will have to do something for money and we probably won't like the way they do so. The fact that they are a private company means that you, as a developer (I presume) do not have full control over your own build. You get to work, turn on your computer, run the build and it fails. You look closer and some of your dependencies are gone. Of course, in accordance to Murphy's law, today is the day you have a presentation for a major client, or simply a tight deadline that you won't be able to meet. And the same thing happens for millions of developers. When left pad got pulled from npm repos, millions of devs around the world ended up having to deal with broken builds. One guy's decision broke the build on roughly 0.5% of the web with no warning. Don't you think this is a problem? The de facto access to the "commons" of a programming language is not something that should be controlled by a single private company, there shouldn't be a single point of failure. The money issue is also a ticking clock: What happens when there isn't any cash left to pay for the servers?
this really saddens me. I am currently taking web development in school and got really intergrated into the npm eco-system. Now i am looking to move on.... :|. Omg posted this like 2 seconds to soon. TO ENTROPIC... or yarn.
Yarn downloads packages from npm -- it does not have its own registry. The maintainer of yarn says they do not have the resources to even set up a mirror. github.com/yarnpkg/yarn/issues/5891#issuecomment-485990637
In case anyone is concerned, your speakers/headphones are fine :)
> Maybe we'll be saved by microsoft
This actually happened when github bought npm earlier this year lmao
My mother in her wisdom has allways reminded me that it's fine to be alltruistic but to never forget your work and expertice is worth something, if you dont respect your own work no one else will.
This talk is very insightful and your honesty is refreshing.
Didn’t know the history of node and npm. This is very informative
One of the best js speech I've ever seen. I can't wait to see the future that entropic will give us!
Hot take: Open Source authors not getting rich is not the fault of unfair capitalism. It's the fault of Open Source subverting the reward mechanism of capitalism by it's very nature.
Basically I'm saying if you give away your best work for free, you can't expect to make money off it. That's just not reasonable.
I did find that framing odd, when she later talks about still believing in gifting software.
This is a whole other talk, but ideally automation and AI have a sharp enough uptake curve that we can avoid the longer term sustainability issues that seem likely on the current path. You can't have evil corporations if there's no money after all!
Thank you for saying this out loud and proud ceej!
Awesome talk with some very serious implications all developers need to ask themselves about how their labor is exploited
I get a few things,
1. Packages are being held by a private company as it needed money to run.
2. Private means they put the entity's interest first then for anybody.
3. Things are in less control by the people for themselves.
But I couldn't get the answers for
1.how entropic, federated package manger, will be sustained and not turn into a company?
2. Will it also be centralized ?
2. How will 10-100x of npm resource usage/traffics requirements will met just by community?
I mean the roadmap, path plan etc etc. Would love to know about these things.
From the entropic github Readme:
"Entropic assumes many registries co-existing and interoperating as a part of your normal workflow" and "Entropic features an entirely new file-centric API and a content-addressable storage system that attempts to minimize the amount of data you must retrieve over a network"
So it doesn't have to be centralized, you can chose to minimize dependency on an external registry if you want to.
Entropy is more of a package manager framework, not a new centralized registry. So you get reduced individual registries costs at the expense of the increased complexity of dealing with distributed registries
What should make us think NPM usage will ever grow to 10-100x its current scale? 😏
@@Derpaderpderpp but who will pay for those distributed registries? If there will be 3-4 instead of 1 registry what is the difference it will still face same problem. IMHO.
That's right. How entropic is different. Why many organizations exist with influx of money from big corps, but it didn't happen in NPM? I know that big guys such as Microsoft have nothing against supporting open source, especially with server resources, but there have to be something wrong with people managing NPM. It is strange that this woman making jokes about Microsoft despite many contributions from this corp to open source. I appreciate and respect the courage and perhaps difficult situations that she faced that resulted in slightly overdramatic (I will tell you about money and power...) presentation-advertisement of entropic.dev, but if we look overall, this was FUD based advertising. I would say I will keep an eye on it, but I am skeptical, right from the start about entropic.
@@dxhelios7902 Whoever write a module with dependencies from other nodes will pay to maintain his/her own registry.
I know you are not smart enough to understand this, so that's fine.
There are many challenges associated with decentralization but it is definitely a noble cause!
Entropic seems to have died 6 months after it was born? :-/
This is one of the best, most motivating speeches I've seen - and it's about programming. Absolutely incredible, I love it - and want to contribute however I can!
And yet.. this had been seen by a handful of 12000 people in youtube so far. How come this is not viral?
Thank you for sharing this story, never knew the background of node/npm and loved you bringing up CPAN's solution.
10:23 Criticism of go is outdated (although fair, because it WAS the case, no longer though). Go has a robust package management feature in it now (go modules), that even improves on some of the concepts in node (semantic version imports). It solved the distributed package management problem in a distributed way, and retained many of the advances of the centralized repository. Google "Go modules in 2019" for a blogpost explaining these concepts (proxy, notary, index etc).
Oooooooh this is a really good system! I like that the Index provides a centralized place to discover modules and the Notary provides a centralized authority for signing modules but BOTH of those can be O(N) where N is the number of _package versions released_ instead of the O(N) where N is the number of _packages downloaded_. That makes it much less $$$ to run!
If we further subdivided the notary and index into a hierarchy (say Github ran an index + notary for Github repos and Bitbucket ran an index + notary for Bitbucket repos, and the central index + notary simply signed whole batches of entries) then we can improve that to even just O(log N) amount of work on the central server, for the cost of propagation delays.
GitHub or other repos can just be yanked by the author at any time, so the criticism still stands
@@quorkquork heard of a fork?
@@quorkquork Go module proxies are immutable and can be editorialized. Used once, a package cannot be revoked from the proxy unless the owner of the proxy deletes data, although the originating repo can be nuked, yes. An acceptable arrangement imo. Google "Go modules in 2019" for a blogpost explaining these concepts (proxy, notary, index etc). You don't acknowledge these advancements, so I'll assume your ignorance. Let me know if I am mistaken.
@@wmhilton-old I've found there to be some unfortunate dev ergonomics issues, but node had those too. I really like the system they came up with.
This is honestly more convincing for pushing for libre software to me, more than anything else. I never knew npm wasn't Free software.
This is why I love JSConfs ❤️
Ryan is trying to correct this when building Deno
Search it, Deno looks like a nice alternative in a future
I get that centralized servers are expensive to run, but can anyone explain this noob why open source isn't shared via peer-to-peer networks like old Napster?
The question has always lingered in the back of my head, but this excellent talk helped formulate it.
Throw in a bitcoin-like authentication and a central committee of persons elected by the users approving what is shared and you have an untouchable commmon.
Where is the rub in this line of thinking?
Requires incentive to pay for hosting the peers. Think mining. Hosting is not 'serverless'. There is maths. Like the critical number of payers to support a high quality fresh cream cakeshop in an area of given population. Thinking of you, Vanilla Slice.
Loved this! Hope their project gets the adoption it deserves (when its ready)
In practice: GitHub will host an entropic node that will mirror 95% of the other nodes, and everybody will use it as home. Microsoft will save us anyway. BUT if they screw up, it will be easier to move the ecosystem to another host. Is that right?
It would be cool if every company/user who relies on Entropic hosts a node to keep a cache of their dependencies (to protect against left-pad happening in a decentralized ecosystem) that also functions as a public mirror for those same packages.
I don't care much about JS or Node, but that ending, damn.
Why don't you care?
@@PJBrunet Not everyone who writes code uses JS or node, but the issues node and npm had could easily show up in other similar communities.
Thing that sucks about this is that GitHub will win.
Centralized wins, money wins.
The key unsaid takeaway for me was that Joyent *did* make Node.js a foundation... If Joyent had taken ownership of npm as well, it would have probably been foundation-ized as well.
Hot take: Big companies are *better* short-term owners of Commons, because they can make the choice to give them back to the public, which companies made *specifically for* the Commons cannot, without dissolving the main value asset of the company
Great talk. Really interesting history.
It amuses me people go to such height to save the JS community.. that's the best part of being a developer...leave and let live.. I hope entropic is a great success ✌️
leave and let live? I hope that's just a typo because I'm not leaving js anytime soon 😁
LOL... Microsoft did buy NPM just like she was joking about. NPM >> MSNPM :)
I beg to differ. Why does the speaker so conveniently chooses to ignore the service that npm has provided to its users for the past years? And in the process if some people happen to make some money what is wrong with that? Centralization provides stability to an otherwise unstable ecosystem. This talk raises some great questions like finances for open source contributors and users having a voice in the process, but unfortunately ends with the wrong answers. GOOD LUCK managing a decentralized registry!!
Bit late, but I'll try to answer. NPM Inc is the company that owns npm, It's a separate entity from Node Foundation.
NPM Inc treated it's employees really really badly when they tried to unionize, they fired the developers without notice and tried to get them to sign NDAs. The open source community is built on developer good will to contribute for free to projects, when the community see a private company treat it's developers this badly, the community freaks out and worries that the company has bad intentions. Bad intentions, like making everyone pay for the use of npm or holding existing npm packages hostage.
CJ (the speaker) was the CTO of NPM Inc before they were fired. CJ wants to find a way for Node to avoid being tied to NPM Inc, by creating a new node registry system that relies on Open Source values rather than a company's values. A number of ex-employees from NPM Inc are part of the Entropic project, so hopefully it will get momentum and be a viable replacement to NPM. The reason to make it decentralized it to share the burden of hosting the registry packages and to increase redundancy to make the ecosystem more stable.
CJ is helping keep Node as open source as possible, which is good for everyone that develops with Node.
Wonderful speech. Thank you.
Yahoo Package Manager? I never heard of it. But there was `yinst` (Yahoo Installer) and to the best of my knowledge `npm-cli` mimicked `yinst` not Yahoo Package Manager.
32:14 that aged well
Awesome talk! Really eye opening.
why did you cut the standing ovations?
Same question. Please upload a version with the standing ovations. The talk get's even stronger with the immediate storm of enthusiasm. And: Thank you!!
good
What an important talk.
Story begins at 2:30
Open source has to be fought for tooth and nail every step of the way. There are no benevolent corporations.
Seems like Microsoft did save us at the end....
Excellent talk, very informative
Anyone else here after GitHub / Microsoft acquired npm?
I've had so many problems with npm that I'm really looking forward to this.
That ending was great... i think the next deculation will be awesome as well
How can we ensure entropic doesn't turn into npm inc and suffer the "costs of success" and we don't end up with another talk like this in JS Conf 2025?
Because there is no cost to scaling that's the point of federation anyone can host a server and join the network.
Crypto/blockchain
That's a really interesting subject, why would a p2p solution not be viable ?
This is so powerful
"Pork bellies" . . Trading Places reference????? 26:00
After that leftpad and kik problem, yes, the problem became obvious.
Please reinvent code signing with a working trust model for that! Hopefully such a new code signing infrastructure could be even used outside of the js world.
We really need something completely new in this regard!
I watched this entire talk and still don't know why npm is bad and why a federated package manager is better. I guess it's a philosophical position I don't have, but technically, npm does what I need it to do.
NPM Inc fired most of it developers when they tried to unionize. The Node community are worried NPM Inc are not acting in the spirit of Open Source and have worries the VCs that invested in NPM Inc will eventually force the company to charge for npm features.
CJ, the speaker, was the CTO of NPM Inc but was fired. CJ wants to find a open source solution that could be a replacement for npm, and making Node more future-proofed away from commercial and VC decisions
Sometimes, open source people just like to disagree.
Its a company. Ask yourself if they're providing a quality service. They are
its funny cause microsoft just bought npm 2 weeks ago
npm just got saved by microsoft
Can someone fill me in on the problems or evil things npm did? Other than the well known leftpad/Kik incident.
A number of NPM Inc developers were fired when they tried to unionize. Company tried to get them to sign NDAs and give them small redundancy packages. The Node community are worried NPM Inc will do more evil stuff in the future
Hold on. People chose it because the story wasn't the truth. You helped the story become. You could have spoken sooner. We did not choose what we did not know.
NPM acquired by Github/Microsoft... it happened!
I'll have to keep my eye on this and see how I can contribute. :)
C J in 2019: "Maybe we'll be saved by Microsoft" 32:15
Now, Microsoft/Github acquires npm: github.blog/2020-03-16-npm-is-joining-github/
why use go then?
Godspeed, hacker.
TL;DR: npm is centralised. Centralisation is bad and unsafe. There is an alternative being worked on right now: github.com/entropic-dev/entropic (not ready for use or production)
And now Github bought npm, oj oj oj.
Cant it be run like the IRC networks...i used to hand most of my teenage time on Undernet...and from what I know, is that people that love the network can register they own server, and pay a fee to join the network, and server had to be understrict specifications...etc...it was working...IRC was pretty hype back then, and people simply invested in servers because they feel goud about it.....They just had the IRC OP power, and the ability to G-line and Kline....of course under specific set of rules :)...node can work the similar way
a company can't love me, even if one of their employees used an emoji heart in a tweet reply _to me???_
wait, what happened with npm? I haven't been looking at JavaScript for a few years
It's still doing what programmers expect it to do, but they recently got a new CEO and have been firing people. Probably not making enough money for the board/investors and need to change internally to try something new.
If you scroll back up and watch the video you might get your answer.
6:37
8:05
12:26
If the 'JS community' want to use another package manager tool, they can. NPM's only power is that it's widely used.
If they become 'evil', then I'm sure alternatives will appear.
There's a lot of bitterness in this video - she talks about how unfair it is that X,Y,Z worked on Node.js and aren't super rich, then says how NPM inc is evil because it might decide to make money one day.
It will need to make money and the only things they can sell are... fill in the blank and see how happy you are with the answer.
Thank you CJ!
should npm be a peer to peer network aka blockchain
Can anyone summarize what is being said please?
Nearly the entire modern web development ecosystem uses a package registry called NPM as a key component, but unlike other key components like the JavaScript language, engines, and Node.js, NPM is a private company with a business model that has not been proven to be sustainable.
Any comment on Ryan Dahl's new project deno.land/ with respect to this new package registry ?
There is currently no registry for Deno packages. deno.land/x offers more or less a redirection service. Haven’t actually look into how Entropic works but seems interesting.
But cloud is cheap RIGHT?!
you are Great .
- i don't understand why is it evil to try to monetize your hard work, why should all code be open? it's ok to work for money for everything else but not code?
- NPM are not keeping our code hostage, they just centralize its distribution, and that costs money, which sound perfectly reasonable to me, to have 1 company who is motivated to keep it working as it did,
- open source projects although nice, i can never take too seriously because who ever is working on it is not getting paid and therefor they cannot take it seriously (e.g linux vs iOS and Windows), this self righteous utopia where all services should be free just doesn't work
- how will Entropic be any better? i don't mean the service it provides but the operation of it, can you some how make it costs 0$ ? if not then how will you pay for it?
My understanding of the answers are:
- it's not, but it's not npms code that they're monetizing, it's their ownership of what's currently being treated as a public good, and they are doing so in a way that may not be in the public interest. Not in itself evil, but unless something is done, something that strongly encourages evil, without realistic recourse at the moment.
- not quite true, they have motivation to make money off of it. This means keeping people using it only as long as that isn't in conflict with introducing measures that make money like scraping data, for example.
- except Linux had basically won the server space decades ago. Open source is getting more popular than ever, partially because companies are realising that code in itself doesn't have much value for most products, so they're only getting benefits from doing the work they would already have done in the open, and have no problem with paying to keep the lights on for a project they would have had to pay easily 1000s as much more to contract to create. It's not perfect, but it is unintuitively stable!
- I think the idea is that management costs alone can be covered by donation, and having multiple third party package repositories (which bear the brunt of the cost) keeps them honest.
Wait. "What happen next?" Who is going to pay for this new federate company?
Hey here's an idea - how about you charge people for using *some* of your code and commercial uses of npm (or whatever) require payment. Then you have self-supporting economy in your ecosystem.
GO ENTROPIC!
32:14 Ha-Ha-Ha
Decentralization FTW.
true about the capitalism in giving out the rewards;
It seems you hate your new ceo and are upset about loosing your job. Your main criticism is money, money, money... I don't really see any real criticism. NPMs strategy for profit is private npm what's the point? There is still yarn etc. So why bash npm, your ex employer...thats sounds kind of fishy to me...
Agreed
You seem to be missing the point. It might have come off that way for a bit but if you stuck around to the end of the video and listened closely, you would have seen that wasn't her intention/motive. She means well for the community
Money is not the only criticism, but it's a big one and you don't seem to fully appreciate the implications of it:
They have to make money, but they have no legitimate way to make money. No product or service for sale, only massive costs. Hence, when the day comes and investors want to see some returns, what happens exactly? What we do know for sure, is that at some point, they will have to do something for money and we probably won't like the way they do so.
The fact that they are a private company means that you, as a developer (I presume) do not have full control over your own build. You get to work, turn on your computer, run the build and it fails. You look closer and some of your dependencies are gone. Of course, in accordance to Murphy's law, today is the day you have a presentation for a major client, or simply a tight deadline that you won't be able to meet. And the same thing happens for millions of developers. When left pad got pulled from npm repos, millions of devs around the world ended up having to deal with broken builds. One guy's decision broke the build on roughly 0.5% of the web with no warning. Don't you think this is a problem?
The de facto access to the "commons" of a programming language is not something that should be controlled by a single private company, there shouldn't be a single point of failure. The money issue is also a ticking clock: What happens when there isn't any cash left to pay for the servers?
Mithril.js
Yes, overthrow these capitalists!
this really saddens me. I am currently taking web development in school and got really intergrated into the npm eco-system. Now i am looking to move on.... :|. Omg posted this like 2 seconds to soon. TO ENTROPIC... or yarn.
Yarn downloads packages from npm -- it does not have its own registry. The maintainer of yarn says they do not have the resources to even set up a mirror. github.com/yarnpkg/yarn/issues/5891#issuecomment-485990637
there is no way around it... just use the npm ecosystem...