140 comments

[ 6.3 ms ] story [ 170 ms ] thread
Massive wall of text homepage, so many "it's secure!" "it helps teams!" "blockchain!" "monetization!" splats, but I have no idea, not a clue what it is or what it does or what it's for.
As best as I can tell, it's Homebrew, only on the blockchain. Does this help anything? Does this solve any tangible problems? Who knows? The page is so choked with buzzwords, it's impossible to tell.
(comment deleted)
Yeah, it always sets off my bullshit detector when I read 6 paragraphs of platitudes but still have no idea what the software actually does.
These give some more information:

- https://medium.com/teaxyz/tea-brew-478a9e736638

- https://www.binance.com/en/blog/ecosystem/binance-labs-leads...

> Tea controls the graph of open source that underpins all modern digital infrastructure. Packages will be released on‐chain as NFTs with their dependency metadata included. As developers use Tea, governance tokens are available according to their real‐life usage to drive the entire open source ecosystem. ... “We’re not changing the nature of open-source. It’s still free,” explained co-founder Timothy Lewis. “Software wants to be free, but programmers need to be compensated. We’re bringing the creator economy to open source. Our vision is to fix how open-source is funded and create the tools that will accelerate its creation for the benefit of all humanity.”

and

> We’re moving the package registry on-chain (we’ll use a low-energy proof of stake chain). ... We’re not changing the nature of open source. It’s still free. web3 has enabled novel new ways to distribute value, and with our system people who care about the health of the open source ecosystem buy some token and stake it. Periodically, we reward this staking because it is securing our token network. We give a portion of these rewards to the staker and a portion to packages of their choice along with all the dependencies of those packages.

oh my
It's like they used all the business jargon words in that exact order to maximise how shallow and vaporware the whole pitch sounds. NFTs, graph, governance token, (not) changing the nature of open source, creator economy, for the benefit of all humanity.

Yeah, no.

This sounds like the ultimate in monetizing other people's work?
Nah, I'm sure they'll throw some (worthless) coins upstream.
LMAO

I read the page and didn’t really understand what it was, just something vaguely crypto and tons of millenial buzzwords. The fact that they didn’t mention NFT once is interesting.

NFTs have been promoted so hard it's has fallen into the trough of disillusionment with the public. Makes it harder to announce your NFT project that is coming to fruition onw.
So... You can only get paid for your opens source via Tea if you pay massive gas fees to make an NFT for every release? Hobby projects with no funding and few users will be blocked from being available on Tea because they can't afford the gas fees to release an NFT? Perhaps the NFT only has to be issued when you update your dependencies? That's only slightly better and still imposes a huge roadblock for new package adoption, even if it's developers have little or no interest in being paid.

This seems like a very cynical attempt to take what money is going to larger OpenSource projects and divert it towards making cryptobros more money.

Even if all the issues with NFTs and crypto are put aside. I think there serious challenges with the model and how it incentivizes developers if each package doesn't have direct control over how much of their payouts go to each dependency.

(comment deleted)
> We’re moving the package registry on-chain

Oh yes this will definitely result in an improvement of the situation.

> Packages will be released on‐chain as NFTs with their dependency metadata included

Hello yes, a concept called “DRM” is on the phone and it wants its licence money.

> tech giants accrued fortunes on the backs of people they’ve never thanked, paid or even met.

I have a few open-source libraries, and I figure that... since I give them away explicitly for free... there is no expectation of being paid. If one expects to be paid, one should sell their product.

I guess theres the larger point about appreciation, with money being the biggest way of showing that. I've heard horror stories about OSS devs getting hundreds of emails a day ripping into them for not working fast enough to fix an issue or implement a feature. It sounds like murder.

When I was much younger, I used to be in awe of how OSS devs can do all this amazing stuff, put it with no expectation of compensation, get a wall of critiscm and demands back, and continue working on it stoically without burnout. As I got older, I learned that the burnout is very real and only getting worse. I'm still extremely impressed by any OSS developers ability to keep going [so you should know that at least someone appreciates you ;) ], but it doesn't seem right to me now.

It's been long known that having a career as an OSS developer is extremely hard. Most people just work on OSS on-and-off, as part of their day job, or a few hours every other day. I treat it as paying it forward for all the tools I use daily.
> I've heard horror stories about OSS devs getting hundreds of emails a day ripping into them for not working fast enough to fix an issue or implement a feature. It sounds like murder.

So... while I don't get 100s of e-mails a day, I do get a good amount per year demanding I implement a feature. I point out that my personal contact details are there (as well as my corporate entity) and that we can be contacted for custom commercial work.

The way I see it... OSS is my past-time. The moment there are deadlines you need to pony up

Yup. It's been quite a while since I've maintained any OSS used widely enough for this type of thing to happen, but if I get into this sort of situation again in the future, my reply will be:

"My consulting rate to implement this feature is $500/hour. I estimate this feature will take N hours, and I require 50% of that to be pre-paid before I start work. If you agree to these terms, I will send you a contract to sign and we can get started."

Hopefully that will get them to go away, but if by some miracle they agree to that, at least I'll get a nice chunk of change for doing the work.

Max Howell's page freely exudes this sentiment:

https://mxcl.dev/

I can't say I blame him either but the attitude seems to raise a flag.

edit: lol, dude's got history:

https://hn.algolia.com/?q=max+howell

as a mac user I certainly appreciate Homebrew, but I can see why he's not the current maintainer (https://news.ycombinator.com/item?id=26038010).

> Millions of people from all over the world use the software I’ve created.

Statements like this always really irk me. It just feels so pretentious.

If it's true, is it pretentious?
He may have created it, but he is by no means the sole reason for its success.
But he’s trying to build credibility in legitimate way. To push it forward, build that community, and make key usability decisions that massively improved things over Mac Ports, these are not things that are easily done and he absolutely deserves credit for it.
Almost all of the value of homebrew comes from the sheer comprehensiveness of the package catalog, which entirely relies on a large community of users contributing recipes. He should credit those people and not act like the appeal has anything to do with the brew cli itself as a tool.
(comment deleted)
Selling an NFT of his “epic clapback” tweet lol… yikes
That's great as a snapshot - but add in a time axis.

A year down the line, 20 companies are using your code. Two years down the line, 100 companies are using your code.

Now you have a choice: Do you continue donating your time, servers, emotions and experience to making someone else money?

If you choose yes, know that typically at least one of those companies will be hounding you for bugfixes or out-of-scope demands. We have seen how much the internet can vilify people who refuse to do this kind of free work. If your turnaround for a fix on your globally used code is anything more than minutes, you will be hated. At least, until it's fixed, then you'll go back to being ignored.

If you choose no, well you have two choices: Change the license and yank the rug out from under people, or pass it on to someone else - who might pass it on to someone else - who might pass it on to a scammer who breaks the whole internet. Either way, the internet will vilify you for twice as long for your choice.

Many people, especially with programmer brain chemistry, end up going down the high-momentum-low-friction route of burning themselves out for the sake of conflict (and bad reputation) avoidance. Because it's very easy for you to say "sell your product", especially if that's something you're good at (or if you've never done it before and so presume it's something you're good at).

So once you see that, and you know that, and you see fellow developers stuck in the same hole and you see that you are well placed to do something - anything - to help change that, wouldn't you?

> there is no expectation of being paid. If one expects to be paid, one should sell their product.

Like most blasé statements, this statement doesn't help anyone. Not least because that's exactly what Tea seems to be trying to help people to do. Whether they succeed or not, no idea - but I wouldn't be bashing the concept this early on.

> Now you have a choice: Do you continue donating your time, servers, emotions and experience to making someone else money?

No. I'm very clear with demands on my time that either companies have to provide resources to implement features (and I'll charge a consulting fee to train devs) or pay me directly to implement them (and I'll name the cost). Actually, several companies have paid me, and my project is significantly smaller than homebrew (niche Haskell library).

> We have seen how much the internet can vilify people who refuse to do this kind of free work

I don't really care about being vilified online. Have had my fair share. I'm old enough to not give a second thought to online trolls.

> Change the license and yank the rug out from under people, or pass it on to someone else

Or... don't change the license. Stop giving updates, and put up a notice that says you are not actively working on project X but for a fee you will be happy to make updates.

> Like most blasé statements, this statement doesn't help anyone. Not least because that's exactly what Tea seems to be trying to help people to do. Whether they succeed or not, no idea - but I wouldn't be bashing the concept this early on.

I wish them every success, and I may end up using it myself. However, I don't like the accusations of unfairness being levied against open source users (among which I would also include myself) for using freely available code for free.

> No. I'm very clear with demands on my time

That's great for you, and the other commenter who said the same. I'm pleased you feel comfortable enough with that.

Would I be right in thinking that you have spent a significant amount of time being a full-time contractor?

Either way, I'll wager that makes you the 1%, not the typical. The typical developer works a full-time job and does a little project on the side. Their boss may or may not know about it, and if they do, they are happy so long as work on the project does not impact their full-time job responsibilities.

But this presumption of "I feel comfortable with X and therefore nobody else needs help with this" is terribly damaging, and the fact that these over-confident voices shout about how weak and inexperienced and dumb everyone else is for falling into that trap, only serves to cement the impostor syndrome and erode self worth.

People usually cannot be shamed into becoming more confident and assertive. People need to be supported into becoming more confident and assertive. And a project that helps people feel supported cannot be a bad thing imo.

>> tech giants accrued fortunes on the backs of people they’ve never thanked, paid or even met.

> I don't like the accusations of unfairness being levied against open source users (among which I would also include myself)

There's the problem. Unless you happen to be a tech giant, you are not the entity this project is trying to shame.

At this point I'm not really sure why you continue arguing this.

I don't think anyone is claiming that the common case is the developer who stands up for themselves, has healthy boundaries, and doesn't let internet-hate scare them. Most developers fall into this trap, including a past version of myself.

But I think it's a pretty objective fact that this isn't a good way to be. I'd be hard-pressed to find someone that would say that it's awesome to be a doormat who allows others to walk all over them. But with work (possibly with the help of someone like a therapist or professional coach), people can change their attitude in order to have a healthier relationship with their OSS projects, and can develop the assertiveness necessary to enforce their boundaries. If you (not you "you", just the general "you") don't want to put in that work, that's ok I guess, but then maybe you should just accept that you're always going to have a toxic relationship with your OSS projects and with some of your users.

Just to be clear, from your statement:

> But this presumption of "I feel comfortable with X and therefore nobody else needs help with this"

I'm having trouble finding where anyone said this (and if that's what you're reading, maybe you should step back and think about why that is). I see people saying that they're able to set healthy boundaries, presumably as inspiration to others. "If I can do it, don't despair: this is something you can learn too, and it will improve your life." We need not accept that the status quo is the only option, especially when it's a fairly bad option.

I don't know if Tea will be good or useful or will solve any problems, but I do note that it (at least in part) seems like a technological solution to a social problem, and those tend to not work out so well. Or they do work, but serve as a crutch to allow people to avoid confronting uncomfortable truths about themselves.

>> But this presumption of "I feel comfortable with X and therefore nobody else needs help with this"

> I'm having trouble finding where anyone said this

I'm indicating the general tone. I'll be more careful not to misuse quote marks in this comment and use [] to denote paraphrases!

When I itemise the traps people can fall into, and then get the response of "No. I'm very clear with demands on my time" it ignores the vast swathes of people that don't have this luxury. Now maybe this commenter just felt I was talking about them directly; I did, after all, phrase the though process in the third person. (Now YOU have a choice, do YOU continue donating... etc)

But given this is a comment in the public domain, this seems unlikely. More likely is that the commenter is dismissing the problem, because it doesn't apply to them.

In general, I think we're mostly on the same page here:

> I don't think anyone is claiming that the common case is the developer who stands up for themselves, has healthy boundaries, and doesn't let internet-hate scare them. Most developers fall into this trap, including a past version of myself.

Exactly. Me too. The problem is, having addressed it to some extent, some people choose to believe that it's no longer a problem. Often it manifests as kind of a "I fixed myself, so why haven't you?" mentality.

> people can change their attitude in order to have a healthier relationship with their OSS projects, and can develop the assertiveness necessary to enforce their boundaries

Putting the idea of access to therapy aside, you and I can agree that it is absolutely beneficial for people to work on this aspect of themselves, as a general rule.

However, while it is right to say [This is not a healthy stance to take] but we should be careful not to imply [It's your fault you are being weak] or that the recipient is the problem, not the toxic individuals.

And while that isn't overtly being said in these comments, that's still the implication I take from them, even trying to re-read it charitably.

> A year down the line, 20 companies are using your code. Two years down the line, 100 companies are using your code. > > Now you have a choice: Do you continue donating your time, servers, emotions and experience to making someone else money?

Every single number you mentioned is completely irrelevant because your underlying premise is faulty. If you released some very good code to the world for free under an open source license, it doesn't matter whether 0 people or 1 million people use it. You are under literally zero obligation to fix or update anything, just like it says in the text of the license you picked.

Any social obligation that people imagine you have (or in your case perhaps more importantly that you imagine you have), is just that: imaginary. If you can't stand the idea of some stranger on the planet not liking you because you refuse to spend your time fixing their pet bugs, that would be a good topic to bring up with your therapist.

And of course, just because something you did crosses some arbitrary line of popularity doesn't mean the universe suddenly decides you are entitled to compensation for it. If that's how you hoped things would go, then you should have started a business to sell it in the first place.

> You are under literally zero obligation to fix or update anything, just like it says in the text of the license you picked.

That's great for you, and the other commenter who said the same. I'm pleased you feel comfortable enough with that.

> Any social obligation that people imagine you have (or in your case perhaps more importantly that you imagine you have), is just that: imaginary. If you can't stand the idea of some stranger on the planet not liking you because you refuse to spend your time fixing their pet bugs, that would be a good topic to bring up with your therapist.

I mean, I'll ignore the elitism in this statement, and presume you meant this sarcastically. But the idea that you associate this kind of unassertiveness with mental dysfunction is probably not a million miles wrong.

However, it is not an unusual mental dysfunction, and one that many more software developers suffer from than the general populace. Assuming that your bravado is matched in your offline life, that would put you in a very small percentage of programmers.

And declaring that as a source of shame rather than an opportunity for support only serves to further entrench the stigma and impostor syndrome. Which then leads to further unassertiveness and self-worth issues. Which then leads to more people feeling they are not worth being paid for their time. Which leads to more people on the internet making them feel shame.

Which means I can agree with you wholeheartedly when you say:

> You are under literally zero obligation to fix or update anything

... and at the same time be pleased to see people attempting to improve the situation for those thousands of developers who, in their own heads, do not feel that zero obligation as a daily reality. I may not agree it's the right approach. I may not even agree that it will work. But I'm not going to dismiss the premise, just because it's not how I personally feel.

> And of course, just because something you did crosses some arbitrary line of popularity doesn't mean the universe suddenly decides you are entitled to compensation for it. If that's how you hoped things would go, then you should have started a business to sell it in the first place.

This on the other hand is just plain naivety. The idea that every small side project would even support the costs of a business is not just assertiveness, it's delusional. Would you buy a shell like fish? A json query language like jq? A context summerizer for your shell like starship? An ad blocker? A file manager? And would you pay more than a payment processor or business bank account would take in fees?

Something can be used by millions and make hundreds of dollarbucks in aggregate, and yet be practically worthless individually.

Which is, again, one of the stated goals of Tea. I'm pretty sure it won't be a through-the-roof success, but again, happy to see people trying new ways to tackle the problem. You know. Beyond telling people to go get therapy.

> But the idea that you associate this kind of unassertiveness with mental dysfunction is probably not a million miles wrong.

I think you're getting a little unnecessarily combative here. Discussing something with a therapist, regardless of level of severity, is a great way to improve your mental health and with dealing with various types of social situations. The parent suggesting that someone discuss their lack of assertiveness in a particular aspect of their life with their therapist is probably good advice! There's no reason to bring up things like "mental dysfunction" here, and there's no shame in realizing that you might not handle certain situations too well and that it could be helpful to discuss that with a professional.

For me, it was a long process of disentangling my feelings of self-worth from my work product. Unfortunately, part of the aftermath was that I don't really maintain much OSS these days, and that which I do is fairly niche and therefore unpopular (which tends to cut down drastically on the entitled freeloaders who demand uncompensated work from me).

I wish more OSS developers would take steps to make their relationship with their work healthier. There's no shame in falling back on these unhealthy reactions to entitled demands, but it's certainly not a good thing.

To be clear, I'm not commenting at all on whether or not OSS developers deserve to be compensated, whether that is even practical for most projects, or whether or not Tea can or will end up being a good or useful solution. I'm merely addressing the fact that (as you have pointed out) many OSS developers have an unhealthy relationship with their code, and it's really unfortunate that most of them will -- instead of changing their approach -- end up burned out as a result.

I think this is one of those cases where my internal model of the world doesn't match many other people's.

The statement "Mental dysfunction" in my mind has absolutely no negative connotations. As far as I'm concerned, most people on the planet have some form of mental dysfunction. And in this case, I am genuinely and totally agreeing that this outlook on life is not necessarily the product of a fully healthy mind - and that's ok.

What I did take exception to was the idea that every Open Source Software developer has access (via money, time, social skills... whatever) to a therapist, and that it is acceptable for the rest of the community to offload the blame onto those developers. In other words, I do not accept the false dichotomy of "Be exploited" vs "Get a grip".

> I wish more OSS developers would take steps to make their relationship with their work healthier. There's no shame in falling back on these unhealthy reactions to entitled demands, but it's certainly not a good thing.

Couldn't put it better myself!

I think there are two solutions to this:

1) You create an anonymous online identity, and release your software under that identity, and be very careful to avoid linking it to your real-life identity. Then you don't have to care at all if you're hated, because they don't know you. If you want even more separation, you can create a separate identity for each type of thing you release. You can even take this to extremes: if you feel like an identity has been "burned" by hate, you can create a new one, start contributing to the project under the new identity, and eventually your old identity can "step down" and hand the reins of the project to the new identity. There are certainly downsides to this, but the trade off may be worth it for some people.

2) Or, you can develop a thicker skin and just not care if entitled freeloading losers "hate" you (because, seriously, why do the opinions of people like that matter?). Have a form-letter response to such demands that quotes a somewhat-outrageous hourly contracting rate, with a time estimate and a requirement that half be paid up-front. Include a reminder that otherwise the work is done in your spare time on a volunteer basis, and those paying $0 for the software get $0 worth of support. (And optionally point to the warranty disclaimer that is a part of pretty much all open source licenses.)

I think if more people would do #2 it would get normalized, and then no one would be "hated" for this, because it would be the common case. But too many OSS developers tie their identity and self-worth to their code, so any criticisms or deficiencies feel like personal failures that need to be fixed.

I don't maintain anything popular anymore, but I used to be a core maintainer of Xfce during the 00s. I got a lot of entitled demands from various people who hadn't contributed a line of code or a sentence of documentation. My only regret is that I wasted time and energy getting into arguments with some of these people, when the best thing for me to do would have been to cut them off immediately, or just ignore them entirely. (The overall project maintainer, Olivier Fourdan, was very good at dealing with this. He would calmly reply with his reasons for not wanting to do whatever it was that someone was demanding, and then completely disengage and not reply further.)

To be clear, I absolutely agree with you that many many developers handle this sort of thing poorly and contrary to their own best interests. But it doesn't have to be that way, and each individual can choose to take a healthier approach to their open source work. We have no one to blame but ourselves if we choose to engage in self-destructive behaviors in response to the entitled leeches.

I agree with you, but it also irks me that, especially for the most popular packages, hundreds and thousands of companies derive so much value from them, but the original developer gets nothing.

And then we have something like the recent Log4j vulnerability, and all the companies come rushing to the developers, filled with entitlement, demanding immediate fixes, throwing shade on the developers for "causing" this problem in the first place, and all that. Open source developers certainly deserve some amount of compensation for having to deal with that garbage, even if we agree that there's no expectation of being paid for the software itself.

This whole thing about how OSS developers should be compensated for their hard work is something I can absolutely get behind, but I'm not sure how this fixes that, or what this even is.

It seems to be something do with blockchain? I'd like to say it could be one of the few decent/non-scammy implementations of a blockchain in recent years, but yeh, I can't really say that until I know what it is.

It is slogan- and buzzword-heavy but my best understanding is that it is a blockchain-based attempt to reward open-source contributors. As an example, lots and lots of software depends on sqlite and curl but their respective authors did not benefit proportionally from their successes. My guess: the idea is to combine dependency information with popularity scores to allow cryptocurrency flow down to the contributors in the same way reputation flows to the most referred links via PageRank.

The most important question I see here is how the money is supposed to flow into that system.

I'm guessing based on the information in page they plan to set up DAO and issue a token. I'm guessing users and developers can then buy-in, with tokens flowing to projects based on usage as determined by the graph stored on the blockchain.

At the core if you strip away the "web 3.0" language then it's a decent idea. There is a lot of devil in the detail so it will be interesting to see how it plays out.

In the case of sqlite (created by D. Richard Hipp) the software is public domain. Development was funded (at least in part) by corporations. The author isn't expecting payments from "ordinary" users.

The author's firm charges hefty fees for consulting services. These are directed at enterprises needing "certified" versions of sqlite. I'm assuming these are companies providing software under military/government contract.

So it's an interesting strategy: release sqlite as public domain. The software is used everywhere, so much so it's an indispensable part of the infrastructure. Then when giant enterprise uses it charge huge fees they gladly pay.

Hipp is without doubt a genuine genius.

  $ sh <(curl tea.xyz)
Is there a technical benefit to using this versus

  $ curl tea.xyz | sh
Obvs they've paid some graphics designer to say the first one looks cooler, more like a spaceship.
curl-ing the script and looking at the examples - the goal is to pass the arguments from the same command line into the script that is installed, cached, and run, e.g. "sh <(curl tea.xyz) install Thing"
When I read web3 co.'s product/ tech description it almost always feels like some form of tech. literacy gaslighting. I always feel initially like there's something elusive that I'm not grokking b/c I'm not a blockchain zealot.

Then I sit back and realize that it's usually because most of the examples I read are trying to solve non-technical problem (attribution, trust, etc.) with a buzzy tech solution all wrapped in a serious bit of speculation.

I think there's a lot of room for improvement in the tech of our law, banking, and logistics systems (COBOL--> anything else?), but the kneejerk to some "decentralized" system that needs total but in from it's participants to work actually seems more fragmented and fragile than our current institutions...

Edit: is Max Howell even involved with this? If not then it's just another cryptocurrency scam trying to monetize someone else's work.

Look at:

https://brew.sh

The donations link is at the very bottom. If they need money they should put it up at the top the way Wikipedia does and make it a one-click easy thing with an embed that takes things like Apple Pay.

I've never been prompted or asked to donate to Homebrew at all.

This basically popped into existence 30 days ago with a discord instance and not a whole lot else.

https://twitter.com/mxcl 'ceo @teaxyz_'

https://www.binance.com/en/blog/ecosystem/binance-labs-leads...

Does look like they just got caught up in making cryptobro scams though.

So here's the problem with this naive model...

As soon as they start paying app creators, a bunch of hustle culture shonkwankers will git clone a bunch of repositories and spam a bunch of bogus apps just like they currently do with other artists' work with NFTs.

Compensating creators will turn into compensating people who front-run creators and squat names and stuff.

"It will be gamed. No exceptions."

... and my own new law:

"The Internet is a dark forest." Announcing an opportunity to make any amount of money is the equivalent to announcing your existence in a literal dark forest. You are instantly overcome by tidal wave of spam, scams, and fraud.

NPM has a market force towards people spamming uselessly small libraries, and the result has been obviously extremely poor software. I can't imagine how terrible it would be is you made direct, open financial incentives to do so.
Max Howell is involved in this and it still is just another cryptocurrency scam.
Max is not involved with Homebrew in any capacity, and hasn’t been for almost a decade.
Okay, so definitely cryptocurrency shonk then.
please license brew/tea to enterprises. Most of them are willing to pay for license, if the developers ask for it. It can be opensource, but add some licensable features that company will pay for.
This. At a previous job I ended up writing quite a bit of tooling around installing and updating developer tools, for 1000+ devs. Some things that would have been a very easy sale:

- private, managed brew repos

- linux support

- onboarding / workstation setup via Brewfile

- maybe a graphical interface for that

- enterprise support plan (would have been handy when `/usr/local/bin` stopped being writable some OSX versions back)

Eventually a lot of it moved to NPM via artifactory for the ease of publishing & consumption.

> linux support

What distro are you using that doesn't have a proper package manager? Brew exists precisely because this has been standard for years/decades on linux but OSX hasn't had anything built in.

Of course they all do - the desire for good homebrew support (linuxbrew already exists) comes from the ease of writing formulas and scripting in Ruby, it's infinitely easier than packaging for apt / apk. Plus the fact that 80% of developers use Mac, but you can't leave the 20% out in the rain. This is for in-house software, not third party.
Hmm, at a glance this looks like it’s aiming to share funds of big, top-level projects to it’s dependencies. And for that, a big component of the project is a package manager… and the whole system is notably designed by the creator of homebrew. Seems like the blockchain is involved to guarantee that the fund sharing happens automatically.

I’m almost always doubtful on blockchain projects, but this does feel like something that might have a slightly bigger chance to succeed than other more scammy projects. I’d appreciate a less buzzword-heavy site though.

My main objection of this would be that dependencies might start gaming the system though. Would expect a bit more info on this in the webpage.

Another issue might be dependencies that are not in the system. Does someone else keep that money? Can someone else publish your work to this system and take the money?
> Can someone else publish your work to this system and take the money?

I had the exact same question. What sort of controls will the Tea team have to add/remove packages, or modify owners. And how would this be any different from centralized package managers?

There's a simple formula for deciding on Blockchain...

Does your platform have user created content? If so, you will need a delete operation.

Is the technology you use capable of permanent and complete removal of user data? If the blockchain is only for payments, then maybe it is admissable, but there are still further considerations.

This whole thing just stinks of web3 BS and another victim of the cult therein.

Re: gaming the system... If this became popular, I could totally see project X, which depends on projects Y and Z, to start vendoring Y and Z into their X itself, so that when someone else depends on X, X's maintainer gets all the teacoins (or whatever they are) and Y and Z get nothing.
Do the naysayers have any actual points as to why this is a bad idea, or is it just another instance where people see the word "blockchain" and immediately start calling it bad and high-fiving each other?

It seems they're going to be releasing a whitepaper. I'm willing to hear out ideas for how OSS developers could be compensated, especially if it's coming from someone who has already created a successful and well-loved project from scratch.

All for compensating OSS devs, and doing so automatically and implicitly via contributors and the packages they built on is a neat idea. But the blockchain. Ugh.

Going by the owner's blog, which is a bit more in-depth on his reasoning and less hyperbolic:

- Packages will be immutable (no more left-pad incidents) Don't need blockchain for this. Just add a ToS that you can't pull packages from the centralized repo. - Packages will always be available (we’ll use decentralized storage) NPM availability hasn't been an issue, but could be. Blockchain still not needed for decentralization. Anyone who has to download the entire chain... yeesh, gonna be huge. Scaling issue greater than NPM or Github in my opinion. - Releases will be signed by the maintainers themselves (rather than a middleman you are told you can trust) Doesn't seem to be an issue with NPM? When this happens they usually hijack an account or the github. Some sort of token to sign with can also be grabbed, especially shared between maintainers or (inevitably, because no one actually enjoys decentralization) just becomes an automated feature of Github etc. Even then this issue is solvable with NPM, don't need a blockchain to sign releases. - Tools can be built to fundamentally verify the integrity of your app’s open source constitution Don't need a blockchain. I've thought of building these myself for NPM, maybe something to check VCS release tag hash vs package. - Token can flow through the graph (this is re: financing devs) Don't need a blockchain for this, though my inner dev likes the automation.

As far as I can understand, the project distributes and measures open-source software usage in order to collect revenue on behalf of the authors.

I don’t necessarily think that’s a terrible idea but I can’t even begin to imagine why it needs a blockchain or what a blockchain could offer that couldn’t be achieved otherwise.

I release my software as open-source because I am happy for people to use it for free, I don’t fully understand what problem this is solving — most open-source software usage is so widespread because it’s free, the problem is not that there’s no way to charge companies for usage — but it’ll be interesting to see how they set about doing this.

What the hell is this even?
(comment deleted)
(comment deleted)
This is actually a good idea: something like homebrew or a package manager but with a convenient way to fund packages you use, or donate money to a pool so that widely-used packages are funded, or maybe just pay a monthly fee like $5 like Coil.

But blockchain is not the way to implement it. “Every project exists as an NFT.” Does that mean I’ll have to pay roughly $500 (the price to create an NFT in Etherium) if I want to deploy a package? Will I have to pay gas fees to download packages? How will I, with no interest in cryptocurrency, transfer money?

Is actually a lot more straightforward to do this centralized without blockchain. There are already projects like ‘npm fund’ whose goal is to create a graph which you can use to figure out how to divide $X among package contributors, and how yo send that money to their bank accounts. If the developer actually cares about funding package maintainers they should realize that blockchain is overhyped and pivot to distributing real money, managing it through something like a PostgreSQL database instead.

> Every project exists as an NFT.” Does that mean I’ll have to pay roughly $500 (the price to create an NFT in Etherium)

He says they don't want to use Ethereum mainnet so no - gas fees may be fractions of a cent.

> Will I have to pay gas fees to download packages?

Read operations do not require gas.

The hallmark web3/crypto scams is that they will go on for pages and pages throwing in every buzzword under the sun, but will be unable to tell you – in simple words and under 3 sentences – what the product is what what it does.
Past the marketing, it's all at the very end (though poorly worded):

> graph of open source [software] on‐chain creating a map we’ll use to guide value redistribution... compensated without direct payment

Perhaps what they mean to say is.. `tea` facilitates a relationship between payer (commercial user of open source) and payee (open source developer of that software) with a smart contract.

So.. replace payment processor and middle-man fees with smart contract and gas fees? That's mildly interesting, but I'm not even aware of a "centralized" version of this if it exists so not sure it's called for.

I think Tidelift is the centralized version.
> Homebrew has been used by tens of millions of creators to build things we all use every day, and yet Max Howell—the creator of brew and co‐founder of tea—was unable to make a living from Homebrew alone.

Homebrew is far from the foundations of Open Source or Linux. It mostly serves to prop up MacOS using Linux originated tech and make it a usable developer experience. Everyone says Apple users are more likely to pay for the things they use and that's why developing Mac and iOS apps is so important. So what happened here?

Exactly. Somehow Debian and Arch package maintainers manage to make it work without resorting to Blockchain Bullshit.
At least for Debian a lot of the mirror operation costs are covered by universities.
(comment deleted)
> tea’s decentralization offers tangible benefits to ecosystem security. Every layer of your apps and dapps is signed and verified on‐chain. Users can rest assured that the software they are using is what all its creators intended. In day to day development our decentralization increases reliability (leftpad is a sore memory) and gives developers the flexibility they need to turn inspiration into empires; when a single proprietry vendor controls how your stack is composed and deployed your stack is centralized and under their control.

and then

  sh <(curl tea.xyz) install deno.land

?
Exactly, and:

>In day to day development our decentralization increases reliability (leftpad is a sore memory)

...leftpad became a problem when a commonly-used deep dependency was ripped out of the ecosystem. And because npm is centralized, they can now prohibit anyone from causing that kind of damage again, ever.

Whereas in a decentralized system where people are pointing at random GitHub accounts? Yeah, they could totally delete the GitHub account (or force-push an empty repo) and cause the same exact problem as leftpad.

They are claiming to solve a problem using decentralization that was caused by too much decentralization. And then using Deno as an example install...which has the exact same problem in its ecosystem.

Fail piled on to more fail.

It seems like he's promoting the wrong aspect of blockchain here; the benefit is immutability. The fact that you can't `npm unpublish` from the blockchain does fit the use case.

But you don't need blockchain for immutability, you just need it for trustlessness. And I think in general people don't care about trustlessness enough to deal with the overhead that blockchain requires. Plus the perverse incentives that I imagine will result from having a currency that you need to buy/spend in order to publish your packages.

You might find Sigstore and Cosign interesting
> Whereas in a decentralized system where people are pointing at random GitHub accounts? Yeah, they could totally delete the GitHub account (or force-push an empty repo) and cause the same exact problem as leftpad.

To be fair, they explicitly say everything would be backed by a distributed file store like IPFS. Nobody will be able to randomly delete their own Github account and leave anyone in the lurch.

what if the tea.xyz domain is deleted? or the site serving it is down? even if it's using something like AWS there is some downtime there..
That depends on what the site itself is doing. It might be easy to setup mirrors or run your own version locally. The package registry data and hosted content would be available whether the site existed or not.
Didn't see that, but...

Now if someone successfully publishes a hack that steals everyone's data and/or creates a botnet everywhere it's installed, there's no way to actually pull it down and override it.

Unless there's a centralized authority with the ability to do that, in which case it's not decentralized and we're just changing who controls it.

Right, but any existing package registry could do the same thing if they wanted to. You don't need a blockchain for this.
> $ sh <(curl tea.xyz)

Nope

    #!/bin/sh

    set -e

    if [ -n "$VERBOSE" ]; then
      set -x
    fi

    if [ "$1" = "--show" ] && [ $2 = "twitter" ]; then
      echo "https://twitter.com/teaxyz_"
    elif [ -n "$1" ]; then
      # Hi, I know you’re excited but genuinely, pls wait for release
      # I added this so I can do CI :/
      case $(uname) in
        Darwin) suffix=macOS-aarch64;;
        Linux)  suffix=linux-x86-64;;
        *)
          echo "unsupported OS or architecture" >&2
          exit 1;;
      esac

      if [ "$1" = "brew" ]; then
        d="$HOME"/.tea/bin
        mkdir -p "$d"
        curl https://tea.xyz/dist/tea-$suffix -o "$d"/tea
        echo "$d" >> $GITHUB_PATH
      else
        mkdir opt
        curl https://tea.xyz/dist/tea-$suffix -o ./opt/tea
        chmod u+x ./opt/tea
        shift
        ./opt/tea "$@"
      fi
    else
      echo
      echo "418 I’m a teapot"
      echo
      echo "thanks for your interest in tea."
      echo "alas, we’re not quite ready to serve you yet."
      echo
      echo "while you wait why not follow us on Twitter:"
      echo
      echo '    open $(sh <(curl tea.xyz) --show twitter)'
      echo
    fi
you can run and check the script:

$cat <(curl tea.xyz)

--- #!/bin/sh

set -e

if [ -n "$VERBOSE" ]; then set -x fi

if [ "$1" = "--show" ] && [ $2 = "twitter" ]; then echo "https://twitter.com/teaxyz_" elif [ -n "$1" ]; then # Hi, I know you’re excited but genuinely, pls wait for release # I added this so I can do CI :/ case $(uname) in Darwin) suffix=macOS-aarch64;; Linux) suffix=linux-x86-64;; *) echo "unsupported OS or architecture" >&2 exit 1;; esac

  if [ "$1" = "brew" ]; then
    d="$HOME"/.tea/bin
    mkdir -p "$d"
    curl https://tea.xyz/dist/tea-$suffix -o "$d"/tea
    echo "$d" >> $GITHUB_PATH
  else
    mkdir opt
    curl https://tea.xyz/dist/tea-$suffix -o ./opt/tea
    chmod u+x ./opt/tea
    shift
    ./opt/tea "$@"
  fi
else echo echo "418 I’m a teapot" echo echo "thanks for your interest in tea." echo "alas, we’re not quite ready to serve you yet." echo echo "while you wait why not follow us on Twitter:" echo echo ' open $(sh <(curl tea.xyz) --show twitter)' echo fi ----
imo, if you want to fix open source funding then you need to address these problems:

- a lot of companies that use open source don't donate to open source

- a lot of companies that adopt open source refuse to contribute to it or try to takeover the project

- companies will always fulfill bare minimum license requirements at most. At least, they ignore the license completely.

- companies ignore any open source which isn't a first order dependency.

I couldn't really tell from this page whether this product will somehow address one or multiple of these items.

I read this and it doesn’t mean anything to me. It’s like that crappy AI bot that writes IT marketing phrases built the whole site.