I'm working in the "plant" to "internet" space you mentioned and seeing this first-hand. Would be very keen to have a chat if you have the time please. Email in bio.
The linked article actually raises a very interesting point about how solar panel manufacturers' management apps, which mostly operate through server backends they control, have enabled them to acquire very significant, yet currently unregulated (in the Netherlands) control over many gigawatts of electricity, without anyone really noticing. It argues that this should be much more heavily regulated.
But I almost didn't read it, because of the insane accusation of treason in the parent post.
With every haphazard decision we're getting a very public experiment demonstrating the value of "giving people what they want" vs "everything else". It's astonishing how resilient the network effects behind the product in this case are against sabotage. Good lesson in startups there. You just need to laser focus on creating value for the customer – everything else doesn't matter as much as you think it does? Maybe even by power of 10 factors?
I’m not so sure. It probably matters a whole lot more when you’re starting and nobody is using your app. Twitter would likely had a much harder time catching up if was called “X” and looked as ugly as now..
And even for a mature product it will probably cost quite a bit of money/users longterm
The open source community in general needs to pay more attention to this space – not just the python ecosystem. More maintainers need to know that well intentioned people are proposing policies that would in some instances make them financially and legally liable for the code they write.
The new EU AI Act also has this problem, in that it imposes liability for developing components that may at some future point be misused by others.
The source of the problem is a particular approach to legislation that has become popular in the EU that purports to regulate across the entire supply chain for a product. Which might make sense for production of physical items or for software developed completely from scratch 30 years ago under a waterfall model, but is strongly disconnected from the way software is currently built.
“Well intentioned” does not actually describe the strong IT companies that support actions like this to try and recapture value. European big tech companies like Siemens, Ericsson, Nokia and so on are not fans of open source since it negatively impacted their captive customer bases.
Hi! Thanks for trying it out. I have reached out via email but just in case, looks like your account is configured for only first level dependencies. If you increase it to 3 levels it'll show much better results. You're also able to adjust the distribution of funds via boosting in the dependencies page.
Please note the donation will be kept in PENDING state for 5 days to allow time for full dependency analysis, adjustments via boost and/or exclusions. In this time we'll be reaching out to the other projects in your dependency tree to onboard them.
Please ping me if you need anything. Many thanks again!
Ok thanks so much. I assumed first level dependencies were anything that would turn up in a requirements.txt so reduced it from the default.
Thanks for building this and I'm looking forward to seeing how it develops.
I will add my voice to the "allowing this service full access to my repos is uncomfortable" crowd, there's a couple of my clients that have stricter NDAs which has meant those repos have been excluded. But you'll figure that out when you do.
Re gaming the system you're totally right. Although slightly unintuitive, we've also heard the opposite from maintainers. That they'll be motivated to remove the silly one line packages from their dependency trees due to the imbalance of value they provide vs extract.
We also prune self dependencies, circular dependencies and a few other cases to keep things level. Hopefully we'll be at a stage to open source our codebase soon and can better leverage community feedback in this space :)
Our take on this is that funds should distribute across the dependency tree. We currently facilitate trickling your budget 3 levels deep. https://thanks.dev/static/how covers this in more detail.
That seems like a pretty sensible way of doing things.
I wonder: will people find a way to exploit it? E.g. create a simple but useful dependency that uses 100 sub-dependencies, all by the same author? Will larger, more self-contained dependencies lose out to small ones?
Hi Animesh! The biggest difference would be that TD answers both "who should I sponsor AND how much?". It continually calculates the weight of each dependency in your codebase and distributes your monthly budget accordingly.
The next biggest difference is that it distributes micro-payments up to 3 levels deep into the dependency tree. We've noticed majority of people sponsor the top of mind projects, but the deep nested dependencies don't get any love. This automated approach should fix that.
Don't hesitate to ping me if you have any other questions please (email in profile).
