About
Today I talked with Tobie Langel, the Founder of UnlockOpen.
UnlockOpen helps companies understand and leverage open source to recruit, retain and foster top software engineering talent. In this podcast, Tobie dived deep into open source contribution policy best practices. For those listening, you’re probably thinking – “I already have an open source contribution policy.” But I promise, you will learn a lot from this podcast about how you can make yours better.
Transcript
hey everybody welcome back to the 26th episode of open source for business brought to you by open teams my name is
henry badgery and today i talk with toby l’engle the founder of unlock open
unlock open helps companies understand and also leverage open source software to recruit retain and foster top
software engineering talent in this podcast toby dive deep into open source contribution policy best practices and
for those listening you’re probably thinking i already have an open source contribution policy but i promise you
you will learn a lot from this podcast about how you can make yours better now whether you’re a user developer manager
or just curious about the industry open source is the place to find the information news training and support
that you need to thrive with open source software now that the introductions are out of the way
let’s jump into this episode
all right toby thank you so much for joining me on the podcast today well thank you it’s my pleasure i’m
really excited to be talking about um what we’re going to be talking about today so am i i’ve definitely been looking
forward to it and so to kick it off you are currently the founder of unlock open which helps companies to understand and
leverage open source uh for many different reasons to help recruit retain but also to foster us
software engineering talent but before unlock open you worked at a number of large tech companies such as
facebook mozilla google intel just to name a few so can you walk me through
your journey into open source so that we can get a better idea of how you actually got here today
yeah sure i mean just to be specific most of the companies that you cited they’re actually clients of mine as part
of my um company uh like consulting firm which is called unlock open um i was though a full-time employee at facebook
for a few years in early 2010. um i came to open source really
completely by accident i’m a musician by trade so i was uh in a band that was touring
um italy um and part of eastern europe uh now a long time ago um and we sort of
all pulled our talents together to do them all of the other sort of like business work that happens around the
band and i had a brother that was computer savvy i wasn’t right and so he
sort of like taught me how to build a website using uh back then it was php and my sequel um you
know the uh the lampstand i think it was called back then the lamp stack yeah um
and so i i just like it really clicked i just loved it i had been like um um
done physics and in math in in high school and so it was just like really my thing um and so i built this website for a
band was a shop where you could order our cd and and then sort of like every musician in
the city kind of came to me and said um your website is really nice like did you
do that could you do one for us right and as folks that uh have um no
musicians or have tried that route like actually making earning a living out of playing music is very very difficult um
and so you know that felt like an awesome sort of like side gig that could maybe possibly make me enough money to
sort of live um and i got you know really into the whole thing we even like try to start a
startup with my brother back then on on on you know sort of that topic
um and it’s very shortly after that or roughly at that time uh ruby on rails
came along right and it was essentially sort of like everything that we had had
to set up to be able to do that using like php was suddenly like there
right um and as part of it beyond rails there was a lot of javascript going on and
suddenly you could like you know pull something into your cart like drag and drop on in the browser just like pure
magic to me no magic totally like you know in love with the whole thing so i started being very involved with the
prototype javascript the project and sort of like really learned javascript by
um going through the source code because there was no documentation nothing right to understand what was going on
and then started actually in a project with a few folks that doc that was documenting the project
right um and then that turned into being increasingly involved contributing to
the project itself um and to the effects library that was on top
and finally becoming a maintainer of the prototype javascript library uh framework i think it was called back
then which for those that uh are haven’t started in tech as long as i i have like
as long as it goes i have um like the prototype javascript library was really the sort of like the the
first foray into what became web um 2.0 um and it was really the library that
sort of inspired jquery but didn’t have its success at all for reasons that are like interesting to discuss
um but it was like a big deal right so um
that got me um a consulting gigs um was a whole bunch of tech companies that
were like moving into that space including google uh that i helped was a number of projects at that time that
ended up paving the way for ecmascript uh sort of like the rebirth of javascript
and ecmascript 5 and beyond um so yeah it’s sort of like this kind of
weird uh journey that you probably probably is way harder to do now um because you know
the ecosystem has changed it has industrialized quite a bit um and
everything is more organized more layered i mean back then you know you would do design and ux
and uh you know code the underlying library and also code the
the app itself and do a bit of rails and so it was kind of like full stack but not the way it’s meant today
um so it was very different very different times clearly um but yeah so that’s kind of like i i really ended up
in open source um like that um and then what happened is um
uh facebook um uh hired me because they were looking for someone that
knew the open source space well and knew the web standard space well which i had
sort of gotten into a bit um but wasn’t didn’t have like a
classical standards background and so i did standards for facebook um then actually um
became a w3c fellow on um on behalf of facebook uh to start the project that is
now known as web platform tests um which is essentially this huge suite
of tests that make sure that all the different browsers actually um support the specs in the same way sort
of like past the same test um and then i moved into really like deeper
into the web standards rabbit hole all the way into actually editing the spec
of the language in which you define apis that then get implemented by browsers so
you know like really dip deep down in that rabbit hole um and after that there
was a sort of like um it’s a small community right essentially web browsers and i wanted to sort of um broaden the
bit of my client base and um i also was interested to sort of like take
a bit of a step back and so i really moved into more of the strategy role in open source and then
standards both sort of like interlinked very often uh
you have open source projects or implementation of standards you have standards that are increasingly built was open source
technology and techniques and practices um and so yeah essentially right now i
really focus more on helping organizations sort of like figure out these open spaces essentially
um and and leverage them in ways that are
good for their businesses um but also in ways that are
just good practices and a great great way of of um fostering
um happy engineers um uh folks that uh that
are able to work um in
in a way that um i like working essentially where there’s a lot of there’s a lot of um
freedom as to where in the stack you’re operating uh when um and where you’re you can always
really focus on doing the right thing at the time where it makes sense rather than having to do
lots of paperwork uh to get to the same uh to the same place in uh you know six
six six weeks later at best sorry that was a super long intro
no not at all i think it’s it’s so fascinating and interesting i haven’t heard anyone who’s rocked their way into
open source um it’s it’s it’s from i was a jazz drummer
jazzed my way into it oh you jazzed your way well it’s really interesting and then
you went from yeah building websites to almost a website entrepreneur to getting involved with open source communities
and actually working within companies who were using open source which is really the topic of this podcast and so
rather than ask broad questions to you today uh things like um what’s the business case
of contributing to open source which i know you have a lot of information on or um how can you it be used to recruit top
software engineering talent i kind of see those questions as things that people have heard a lot at least in this
podcast we’ve heard it a lot and the answers can be found in the internet a lot easier and so i thought we’d focus
this episode really on diving deep you’re def something you’re definitely an expert in and that is open source
software contribution policies so to begin what is an open source contribution policy
so yeah i i think uh before i actually answer your question which is a great question uh i just want to make a quick
point to sort of like uh you know underline what it is that you’re saying um there is a lot of understanding now
across the industry that open source is good for you right not only good for the community but also
good for the business um and yet not that many companies actually do do
it properly right and um one of them one of the ways that you
actually do it properly is understand the how of doing it properly and actually an open source contribution
policy is a great way to actually implement this properly right so um what
is an open source contribution policy well as you’re probably aware um as your
listeners here are probably aware um a lot of um the value that you bring to
a company as an employee is in um the intellectual property ip as it’s often
called um that you create for that company and that that’s essentially true of white collar jobs right but but you know
specifically for software engineering really that’s what you’re hired for right the intellectual pro the code that
you write is an intellectual property that belongs to the company
and um in general um the basic sort of assumption is
that intellectual property is more valuable when you keep it for yourself it’s like that’s a competitive advantage
in practice open source has shown for a very long time that that is not always
the case and that there are scenarios where actually sharing
some of that open source sorry some of that intellectual property and then turning it into open source is
more valuable than keeping it to you for yourself so what an open source contribution policy
actually does is sort of determine when that’s the case and when
your engineers if you’re an engineering manager or own a company when your engineers
should be or could be contributing to open source and when they’re they shouldn’t and it also
open source control open source policies in general also handle how you would um use open source and
comply to the requirements of using open source for your own products so it’s really kind of like uh you know i o in
and out of open source and and sort of like a document that describes that and in practice those documents are kind of
like you know treated as sort of like legalese that like sits in a corner that
no one really wants to touch but they’re really critical in how they can help enable
the right kind of culture that you want in your company um and so that’s actually why i pay particular attention
to them in general like i’ve seen in tech that um areas um there’s
there are some areas that are not given the kind of attention that they really deserve
and that sort of like has a lot of influence on company culture
and as a result engineering engineer well-being and so really focusing on those points i think is is kind of
really important so short answer is the open source contribution policy will determine how
you can use software but mostly uh how you can contribute back to it
okay and what companies or which company should have an open source software contribution strategy is it is it any op
policy sorry is it anyone or is it larger companies that are contributing every day to open source they’re kind of
a bucket that these companies fall into so that’s that’s a great question too um in general
everyone has an open source contribution policy right uh everyone um just some companies actually
go to the trouble of writing it down and making it transparent and clear to everyone but those that don’t write it
down still have rules i mean essentially um those rules are tied to your work
contract if you’re an um employee of a company and those work contracts
depending on where you live uh include um
all of the intellectual property that you produce maybe on your work laptop
or maybe all the time there are lots of countries or states in the us where whatever you do uh for a company
even if it’s um asleep you dream about this great idea technically it belongs to the company um so
in essence if you don’t have a written contribution open source contribution policy you have an unwritten open source
contribution policy and that isn’t great because it means that it’s not clear to
engineers what exactly they’re allowed to do or not it’s not clear to management who can do what and so it’s
sort of like it creates um situations where um there are um
expectations that are unclear um and people make mistakes or people don’t do the right thing
because they just don’t know what to do so um everyone has a policy
some people write it down and you probably should do that too regardless of your size a good policy can be like a
paragraph and a half like it you know it’s it’s it can be really simple um buffer the company that uh helps you
sort of like buffer your tweets um has um open source their open source contribution policy um and
like i think it’s like a page right it essentially says like
contribute to i mean i can’t remember the specifics but basically you can contribute to
software if it helps the company that uses those licenses if you have a
doubt go talk to like you know this person um and whatever you do on your own time as long as it’s not competing
against what it is that we do you’re good something of that nature right you know it’s like five lines right it
doesn’t have to be like uh you know this um 20 page like terms of service was like lots of uh
you know uppercase words and like all you know uppercase like uh um things
at the bottom of the page and like tiny text and all of the weirdness that you find in sort of like like these docs can
be like really short okay that’s really useful that comparison i guess that the example of
what what is a good open source contribution strategy something that is small concise and really to the point
because i think i’ve learned definitely in the last few months people don’t read things that you put in front of them so
if it is long and verbose not everyone’s a lawyer and not everyone’s going to spend their time they don’t sorry they
don’t read if they aren’t really making the decision to read it um so that’s really really a great example and what
are some of the other things that you’ve seen companies do that i guess before under the back of a bad policy because i
my understanding is that it’s really important to have it written down but there are any kind of other examples
that you can give of um bad policy decisions that a company can make when
it comes to contributing to open source because i love the listeners anyway anyone who is listening who does have an
open source contribution strategy and maybe they think oh this is if this is fine this is working but i’d like them
to kind of maybe see and open their mind a bit to see maybe it’s not the best approach
okay well there’s a lot in that question um um
and you know i think one of the first thing that you mentioned here is that a good policy is short
um and i think in general sort of like every kind of agreement that you make
between people should be as which is what a policy is right should be as short as and clear as
possible i mean i’m i’m um a strong advocate of clear writing and of like no in general right and
i just think that like pages and pages of like weird causes that no one understands and documents is just a um you know a
recipe for unhappiness unclarity and people just doing whatever it is that they want anyway right so this is
something by the way that i see in large organizations that have extremely restrictive
policies is that their engineers end up like running in circles around it right they
found they moonlight um soft on the open source code they go back at home and they do it
and you know from a legal perspective that still puts the company in exactly the same bad position that they were
that they were trying to protect themselves from except now they don’t know about it right like now it’s done
like in a way that they’re not aware so um i mean i just wanted to be clear about this uh uh
um a good policy is a policy that matches what it is that you’re trying to do from
a business perspective right there’s like no good policy and bad policy there are
good you know good um um good business strategies and bad ones right but the regardless like a
good you know a good policy is going to be bad if it’s um if it’s
matched like a bad business strategy right but the role of the policy is to match the strategy
um so depending on what it is that your company is doing right you will tend to be
more restrictive or or less restrictive in what you allow your engineers to do
um if you’re essentially um selling ip if you you know if your company is
at a point in its in its life where what’s really valuable to it is to
collect say patents and then license those to other organizations
a lot of old tech companies right now are in that position and that’s what they do right
then obviously um in that case well you know you don’t really want to open source and give away
those patents because then where is your revenue going to come from right so you know you want that kind of
alignment on the other hand if you attack you know like a modern sort of like um trend setting tech company that
is really focused on um building uh you know software
kind of like everything that is not part of like the core of what it is that you’re selling you should probably open source there’s
going to be huge benefits for it um so you want to have you know like a good
policy is one that is going to clarify
and match your business needs and what’s interesting and i think like the the sort of like
underlying layer to your question is how do you get there because that’s the hard part yes
um very often um you will see sort of like a mismatch between what the
policy is and what really would be good for the organization and that often comes
for historical reasons in general companies will tend to write down their
policies when they sort of get a a lawyer for the first time a lawyer that
looks at ip for the first time and it turns out that most ip lawyers actually don’t really know open source
that well don’t really understand the culture don’t understand the benefits and kind of like just looking at this and like whoa whoa whoa whoa you know
like why would we do like giveaway ip this is valuable right
um and so um what generally tends to happen is an organization as it’s you
know it’s young starts with unwritten policies kind of like fairly flexible right and then as um as it
grows suddenly like uh you know legal shows up and legal sort of like locks
everything down right um and really that’s where the tension is right
the tension is between essentially on one side engineering who has you know whose role
in the company is to innovate on technological aspects and sort of like create technology
new uh or improved technological solutions for the company’s business and
legal’s role as they are to sort of be really careful uh that the company doesn’t do anything
silly and sort of like try to reduce risk right so how do you reduce risk to
the maximum you prevent everyone from doing everything right if you don’t want to get run down by a car stay home
right makes sense so no it doesn’t right i mean like it doesn’t because like the role of a
company in the role of like a person is to live their life a company is to like you know build a thriving business
and so that involves risk and so once you understand that you see
that you have on one hand legal that wants to reduce risk and on the other hand engineering that wants to sort of
like maximize its velocity and its ability to create new things and build value for the organization
and so you want to um that’s what you want to tie everything down to back to business business goals right because that gives
everyone sort of like the same uh destination and uh helps
um you know find uh sort of like chill engineering events tell them okay you
know we can open source these things but like if we open source everything that’s gonna be kind of problematic for the
business right and on the other hand you can tell legal well yeah okay sure like we’re gonna protect this and we’re going
to be careful about you know like the security concerns that you’re worried about and um
you know sort of avoid leaking stuff like i don’t know credentials and put
stuff in place for that um but like you’re going to give us a bit more leeway so that we can actually
do the things that are good for the business and so it’s this this tension and i think this tension is actually uh very healthy right um it’s it’s it’s how
a company sort of um is in a in the best position to sort of mitigate risk but
not let risk mitigation sort of like stifle everything stifle stifle everything
um so so yeah really um um you know what it’s interesting is it’s
really part of the most of the consulting work that i do really is about sort of like helping these
um conversations happen right creating those channels um and it’s kind of um
difficult because well first of all um it’s you know there’s a in engineering i
mean engineers don’t like lawyers right like that that’s that’s a thing and lawyers kind of
seeing engineers as sort of like you know a bit of like these crazy unruly
children breaking things and exactly there’s that tension and so and
that tension is interesting because um and i give a talk about this like very
often it’s interesting because literally like engine you know engineering and legal
are very different than lots of front right legal is really
law is really a culture of like picking up the phone and talking like synchronously to people right and
engineering is really a culture of like using irc or you know slack and doing like async written right so ooh you know
big big big big yeah big issue here um and then
um really also lawyering is really um uh about um you know manager’s schedule
right we’re like we have meetings we have calls all day right and engineering is all about make your schedule right
like give me these huge blocks don’t expect me to answer an email like five times a day right
so you know again tension different different sort of like way of communicating different ways of blocking
time um another important one is um um yeah well there’s the risk taking
that we’ve mentioned right the role of uh legal is conservative uh and the role of engineering is innovative uh what
were the other ones now that there’s a really oh yeah absolutely um in general engineering is very binary right i mean
now is ai it’s kind of changing a bit but like you know we we think in like if else statements right it’s like
something is true or it’s false uh talk to a lawyer like everything’s like
[Music] like what you know what’s your risk tolerance that kind of stuff right and
so i mean you can imagine that these two sort of like really easily go head to head and like don’t get anything done
right lawyers come out you know thinking oh god these engineers are like um but if you actually sort of
understand these two things sit in the middle know these two cultures you can create amazing outcomes where
all of them come out super happy he’s like oh it turns out we can actually do all the things we want to do and even
more right and on the other hand they’re like oh wow turns out like we’re going to have a lot less work now and we have a lot more clarity into like what are
actually the big legal issues that we have to watch out for so if you do it properly like you can like you know i hate the win-win thing it’s like it
sounds like uh uh you know like bad uh ceo sort of like marketing
uh but uh you can totally do that um in that space um yeah i can i can give you i’m going
to give you one example actually i i mentioned um earlier
that um we talked about the web platform tests and when i joined w3c
um the the contributor license agreement that
you had to sign to actually be able to contribute to that test suite
was nuts like i don’t have any other word for it yeah i mean i can’t remember
it was like 15 step you had to upload your tasks to a server of yours then you
had to find the chair of the working group for which the test the spec of the
task where then you had to email them and then they would get back to you then you had to like sign of um like fill in
the form print it sign it ship it it was ridiculous right
so you know i had looked at that it was just like i think this is kind of a bottleneck to get this off the ground
like it’s been in like five or six years nothing has happened like you know maybe we should consider sort of like
a bit streamlining that process and so i had like this whole setup in my in my head right like using bots and
like you know i went to the meeting um and i actually by sort of by accident
like shut up at the beginning of the meeting didn’t say much and so essentially like i let the lawyers talk
and they were like yeah these are the things that we need would you be okay if
we just sort of linked to a cla in contributing.m
and it was just like really wait did did they hear that properly like
can you please say this again um and so literally you know we went from
a huge complicated mess to amazingly streamlined solution
in 16 minutes because
they had this sort of gray area of risks that they were comfortable with
right that i as an engineer would have never envisioned as
somewhere we could land on right it was literally um
more or less than any solution that had come up was it was like in that you know a different sort of plane
you know and and that was such a huge lesson for me because it was like oh like actually when you listened i mean i
know this sounds really stupid now right but when you listen to other people’s needs um it’s actually easier to fulfill them
you know like wow big surprise right um and so yeah so i think really that’s
really what’s important is um to not go into conversations like these with preconceived ideas
and to have to try to build policies that work for everybody right and so everyone has to be reasonable too i mean
i’ve been in positions in organizations where it’s just like yeah i mean that’s not gonna cut it you know like the company just bought all of the software
or you know bought all these uh patents to protect themselves against like this other player in the field
is nothing i mean you know sure you’d love to be able to work on that stuff in the open but that’s not gonna happen right because like it’s you know it
doesn’t doesn’t match like it’s not gonna work so it’s kind of like that two-way street obviously but if you do it properly like it can be a really fast
two-way street um and it can like lead on to like this amazingly new highway that works really well
sorry i’m stretching that metaphor way too far i think that definitely makes a lot of sense people just have to communicate
and like you said actually understand the person’s needs and i know we talked about lawyers and how they’ve got a
completely different almost role and purpose of their job and so their mentality is completely different just sit them both down in the room kind of
have a third party mediator and say okay what do you both need now let’s come to an agreement and then put into it short
concise policy easy to read it sounds like sounds a bit too good to be true but um
that is all you have time for today i really do thank you toby it’s been it’s been great chatting and it’s been a lot
of fun and definitely i think everyone listening is going to learn a lot particularly about open source contribution strategies so if you’re
listening uh is there anything where can people find you and is there any exciting events or anything coming
up that you’d like to share with the audience so i’m i speak regularly i’m actually giving this uh sort of like a deeper
dive into this topic in a number of places i don’t know when the podcast is going to be out
um but i’m talking at ospo con about this and uh i think later at um open
source experience in paris um also on this topic um so um and i have i have videos of
that talk that you can find on my website and i think that the easiest actually would be if you’re interested
in these topics for you to go at speaking.unlockopen.com um and you’ll find lots of lots of
resources there i’m also on twitter just at toby um and i write on medium also using at
toby so yeah at toby and speaking.unlockopen.com fantastic well thank you for your time
and thanks to everyone who’s listening thank you very much and this this was great and if you like what listen to today then check us out on youtube like
subscribe but also leave a review if you’re watching this on apple podcast it really does help get the word out there
so thank you very much everyone thank you toby and until next time see you [Music]
