Tim Panton: This is the Distributed Future Podcast, a podcast which interviews people who are doing interesting things in the attempt to try and work out what the future might look like, particularly in the intersection between technology and society, which is the place where we're fascinated by. If you are listening to this, thank you very much. I'd strongly encourage you to bookmark it, add it to your playlist or whatever, because otherwise you'll miss out on future things. But most importantly, tell your friends so that they can enjoy it as well. So I'd like our guest for this session to introduce themselves and then we'll get going.
Fiona Krakenbürger: Awesome. Thank you, and thank you very much for having me on this podcast. My name is Fiona Krakenbürger. I'm based in Berlin, and I'm one of the co-founders of the pretty nascent initiative, The Sovereign Tech Fund, a fund that is dedicated to open source infrastructure and the maintenance of open source and also funded by the German federal government. I have a background in open source funding, I've been in this space for a couple of years. I used to work with a prototype fund in Germany, also federally funded funding program, and with the open technology fund that is based in Washington DC and was focused on internet freedom technologies worldwide. So that's where I'm coming from, and I'm very much looking forward to this conversation.
Tim Panton: So let's see if I can understand what the kind of underlying purpose of this. I found a diagram which of course doesn't really help on the podcast, but if you look back at xkcd, there's this diagram of a pile of bricks and it's sort of labeled every internet application or something. But what you see is about two-thirds of the way down the pile of bricks, there's a single little pillar that's holding the whole thing up and it's labeled open source supported by one guy in Arkansas. And that's kind of where we are at the moment, a lot of almost everything we do on the internet is based on open source that is supported by one or two people, and I guess that's the problem you're trying to solve.
Fiona Krakenbürger: That is exactly right. And I think that particular xkcd comic, it's come a long way and it's done a lot of work for us. It certainly is a very, very helpful comic to illustrate the problem at hand. So it's part of our feasibility study that we wrote last year, it's part of almost every pitch deck that we have, it's also actually hidden on our website. If you are a listener and you check out the sovereigntechfund.de website, you can see it, and not a lot of people have noticed it. So here's a little, I guess, Christmas, Easter egg. But yeah, that is pretty much a good description of the problem on a small scale, but also on a large scale. So there are a lot of core technologies. For example, the tool that we are using to talk to each other right now, we see sort of the application, we see the surface, but there are a bunch of technologies lying under the surface. If I understand correctly, you've actually built this technology on your own, so you probably know which sort of core technologies you've been using to put those things together.
We never really built software from scratch, we use a lot of what's out there, and a lot of times that's open source. Even the protocols that we are using to talk to each other so that our tools can talk to each other and understand each other, so that I can talk from a MacBook to another computer, doesn't matter what device we have, those are the internet protocols, the standards. That's also something that has to be developed as well as the programming languages that we use, the databases, so there are a lot of core technologies that are being built and provided and being used. And those are often, as you say, maintained or built by volunteers or really, really small groups. And the problem that we are seeing is that with every day, this becomes more complex. So this is not a static thing and you can look at the comic as it is, but it's actually growing. So oftentimes all the bricks that are on top of that poor person in Arkansas are growing and it's becoming more complex and more people depend on these technologies. So that's something where we want to invest in. It's a chance that we are trying to tackle with the Sovereign Tech Fund. We want to create more awareness for it, we want to find out how we can support those people, how we can make the open source ecosystem more sustainable too.
Tim Panton: Right. So how do you differentiate yourself from some of the other things that are, I think, largely charitable organizations? I'm thinking of maybe things like an LNet and to some extent Mozilla and a few other places have funded kind of specific development in core technologies. I think your reach is a little broader, is that right?
Fiona Krakenbürger: That's correct. So we don't have necessarily a strict topical limitation, where I'm coming from professionally is the open technology fund, which for a long time has been one of the few founders out there supporting core infrastructure. So also protocols [encrypted survey name indication], stuff like this. Also Tor could be seen as some kind of infrastructure, but it always had somewhat a topical limitation when it's linked to freedom. So what we are looking at is much more broad, it's more looking at it from a technical level, even though we focus very much on the people behind the code. You are right that there are some other initiatives there, and it's very heartening to see that there's a lot of movement in the field. So I think a lot of people, organizations have understood the problem at hand and are now creating initiatives. I think the debate is shifting, more people are getting in. It's really, really important. I think the one thing that we are also trying to tackle or also trying to address with this fund is that we are also explicitly funding maintenance. So that's the other sort of, I guess, field that I'm coming from.
A lot of the funds that I've been working with or a lot of funds that I see out there, especially in technology funding, our laser focus is innovation. So it's sometimes even a limitation that funds have, even if they would like to fund support existing things, they are still oftentimes focusing on the innovative aspects. And sometimes it is a requirement that you build something new and we think that this is part of the problem. I think I would even say it actually tends to many other fields that we are often focusing on the new stuff, on the exciting stuff, but the maintenance of existing infrastructure often falls under the rug and or swept under the rug, but needs as much attention, if not even more attention in order to have a healthy ecosystem that we can build our innovations on. So it's also something that we are trying to do, support really the maintenance and improvement of existing infrastructure and technologies.
Tim Panton: So you mentioned the people were kind of critical to the way that you're putting this forward. And I seem to remember a story I know was trying to fund an open source initiative, and his experience was that you worked for a big kind of financial house and they were using the software and they wanted to make sure that the development was funded. And they said that the people they were trying to fund simply weren't structurally capable of receiving cash from them, there wasn't an organization that they could put money into that would get past their lawyers. And so I wonder whether you've come across that problem.
Fiona Krakenbürger: Very, very much. And I think the challenge at hand is how do you create a funding program that is adapted to the diversity in the field and the many, many different organizational types that we have. I think that's been a problem that's existed in the open source work for a while, so there are some solutions out there already that have been developed. For example, GitHub has set up those program GitHub sponsors where you can donate to a project specifically via GitHub. There's this really fascinating organization Open Collective that has set up a website that makes it easy for projects to receive funding. So they take away a lot of the back office work. And I think probably the holy grail in supporting, especially supporting open source projects, actually fiscal sponsorships. So there are a couple organizations out there. I see a lot of them based in the US, now some of them based in Europe as well, that are functioning as a fiscal host for projects. And personally from my experience, I'm actually glad we get to talk about this, you don't often get to talk about the importance of fiscal sponsorships, and that's probably because of the nature of the problem. Because it's nothing super sexy to talk about fiscal sponsorship, but it's so important and I think oftentimes sort of the missing link that can help projects to grow and maybe graduate to their own sort of organizational structure.
One of them for example is the Center for the Cultivation of Technology, it's an NGO that is based or it's an organization based in Berlin, and they help open source projects to get funding. They channel it through their organization. They take away a lot of the back office work that I think open source projects or developers cannot, don't want to, and maybe also shouldn't be doing. So I think that's a very, very interesting concept of an organization that I would love to see more out there. At the moment it's little spots, it's foundations, it's little GmbHs, it's 501(c)(3)s, it's different organization types that are trying to provide this kind of support for open source projects. But I would love to see that more and maybe even on a more institutional level. So as we are talking about the future, I would love to see more government-sponsored and maybe government-hosted fiscal sponsorships or organizations that might be put together by different companies who want to take more responsibility for open source projects. I would love to see more sponsors. I could see a hundred more, and I think there would be a need for those. Especially not only for taking away all the back office stuff, but sometimes for an open source project it wouldn't be the right way to become their own organization because maybe it's something they are only going to work on temporarily. And then there are also some, if you think in a more international context, there are also sometimes anonymity needs that can be served with fiscal sponsorships. Yeah, I would love to see more of that. I could talk about how great fiscal sponsorships are for the rest of the day, but I don't know if everyone else feels that way.
Tim Panton: Right. So that's actually really interesting because one of the issues with my friend trying to fund this thing was that they were a bunch of old cryptographers who basically didn't want to be anything other than completely anonymous and completely invisible. And the idea of having their name on a bunch of documents in an American organization was they didn't want to be there. That was really not their ethos. But on the other hand, the American organization was using their software, so it was a really difficult kind of decoupling thing that needed to happen there. And I don't actually know the end of that story. I don't know if it played out well in the end or not, but, well, actually I kind of do because there were... Well anyway, long story, that it's ugly that space and it's great to hear that things are improving. What I might ask you to do is after the podcast if you could email me any links to organizations you think might be interesting for our listeners to go and investigate afterwards. I mean, obviously your organization, but any kind of sister organizations or relevant organizations, that would be great. And I'll put the links in the show notes and then people can download them and read them at their own leisure. That would be really helpful if you could do that.
Fiona Krakenbürger: Yeah, definitely I can do that. And I hope your friend and the project they found a fiscal sponsor and were happily ever after.
Tim Panton: Yeah, things did happen, but long story and probably not suitable for this podcast. I think coming back to the fiscal sponsor thing, I know that we had a really interesting conversation with Amandine Le Pape about how Matrix had structured their funding. Because they wanted to structure a way that they could pay for development and pay for protocol development and specification, but in a way which didn't mean that the venture capitalists were moving the goalposts too much. I know that they spend a lot of time practicing that. So what I think I hear you saying is that there are organizations that will sort of take that burden away and do that, almost kind of startup accelerators, but for existing open source projects.
Fiona Krakenbürger: Yeah, very much. I see that either they're open source projects that are doing that on their own who are sort of... I've seen a lot of people creating stichting, which is a Dutch version of a foundation or stiftung in Germany to take their burden away and separate those things. Sometimes it makes sense, but sometimes it's really just the fiscal sponsor who's really just a fiscal host for organizations and offer different projects. But yeah, I see that around, I see that in the field, and it's really exciting to see that people are testing things and there's some exchange of knowledge happening between those organizations, and we see models being created. And I think that's even more important for when we talk about exchange of knowledge because you mentioned it earlier that companies are also trying to find ways to invest into open source. And it's been interesting. So the Sovereign Tech Fund, we are using federal money, government money, public money, to invest into technologies in the public interest. Of course, we also strongly believe that companies have their fair share as well. They need to take up the responsibility to invest into open source projects. My knowledge stems from anecdotes and having talked to people in companies receiving requests, even anonymous conversations with people in big, big, big companies. There seems to be a lack of exchange about how to approach this. Companies oftentimes there are people on the developer level or the managers of developers who want to invest into open source who understand it's actually critical for their operations to have secured and stable and healthy open source projects at the core. But they run into really, really mundane problems. They don't have a budget number or a finance number that is dedicated to supporting open source projects. They cannot donate anything because there's no recipient of donations. And so no... What do you call it when you receive the donation maybe....
Tim Panton: Right, so a receipt effectively.
Fiona Krakenbürger: Exactly, yeah. Or they just don't have a landing space in the open source community, because I think traditionally that conversation has been tricky in the past. So yeah, I would say there are lots of interesting challenges to run into when you try to get into that space, and we're trying to explore that a little bit, how we can be helpful in facilitating these conversations and also learning a little bit what are ways how companies can also become more active in the field.
Tim Panton: So one of the things on my kind of paid development hat that we've stumbled across is there's a motivation for our customers for us to reduce our exposure to in the bill of materials. So like the software bill of materials, the fewer projects that we have in there and the higher quality those projects are as dependencies for our end product, the more comfortable our customers are. So I've actually spent maybe a few months this year removing open source dependencies from our code base and shifting them to smaller number of more supported and better backed open source projects. Which is kind of a shame because it meant I was doing work that I didn't strictly need to do, but there were a couple of open source projects where the maintenance was starting to look a bit flaky and I thought, "Well, we better move this."
Tim Panton: I'm not sure whether I could say I was paid for it, but money has gone through on that. But I don't know whether that's a sensitive point for big organizations. If they can get their bill of materials to list open source projects that are in some way funded and maybe have some kind of tick mark, check mark like, "We have funded maintenance," that would be a way to look forward.
Fiona Krakenbürger: Yeah, for sure. So the entire SBOMs conversation is a little bit tricky, but I think it's a good conversation to have because along these entire SBOMs or thoughts about what role do SBOMs have, would they be mandatory, what do they mean for companies and also for open source projects, I think it's a good conversation to have because along those lines we can ask a couple of really important questions. So first of all, I think that SBOMs are a good thing to be established. It's actually when you enter the space, you haven't been an active developer for decades, it's kind of shocking to understand that oftentimes there's hardly any knowledge at all about dependencies. I think it often depends on who is in the developer team, who pays attention to that, what kind of security standards do you have, how much do you understand about it. But I also see a lot of movement there or a lot of thoughts that are being invested in small teams and companies to create that sort of maybe not even SBOMs, but at least an overview of all the dependencies. So that's first of all a good thing I think. But then again, a lot of questions are affiliated to that. So when you have the list of dependencies, what do you do with that list, what kind of questions do you have to ask yourself when you use those technologies and when you sort through those, but also if you decide to use new technologies, have new dependencies and open source libraries that you're using.
I was recently asked by the Tagesspiegel about my or our opinion, it was actually a response by the entire STF team. And we said that we think SBOMs are a good thing, also potentially it could be included some kind of regulatory purposes and steps. But I think often when you do introduce something like a regulation, there could be something very positive, for example, the German government uses certain kind of technologies, there should be a standard or minimum requirements, actually pretty high bar for what needs to be true for these technologies, having SBOMs available for all the technologies they're using. But the sort of downside would be if we don't at the same time support open source projects in having those SBOMs or having tools available that we could also invest in or procure for that help them to create those SBOMs. And also I think if you do introduce any regulatory steps, then you also have to... If you say A, you have to say B and invest into the open source ecosystem so we don't put all the small organizations and projects and teams at huge disadvantage by not having the resources or the tools available to comply with these new regulations. That's actually sort of a threat that I see on the horizon. So I want to make sure that if we talk about SBOMs, dependency graphs, and all those kind of things, that we also think about what does it mean for smaller teams that might just be as good at what they're doing, but do not have the tools or the resources available to provide all the information. Can we support them with automated testing and tools? Can we support them with significant funding into the ecosystem that puts them on more solid so they actually do have active maintainer?
Tim Panton: Right. I mean, I totally take your point there. For me, there are two pieces of that. There's the active maintenance thing, and I think that's a given. And to some extent that's already something that kind of people almost subliminally when you're choosing a project to use to solve a particular problem in your code base, you'll look and see, get a sense of how active the project is and you go and look on GitHub or wherever and get a sense of whether they do a reasonably regular release or how many active maintainers there are, that kind of thing. So you do that when you adopt a project, but you don't always check on four years later. And I think there's a sort of continuing responsibility thing there that's super interesting. But the tooling thing is also really interesting because there's starting to emerge, some ecosystems have got really good tooling for it. I mean, frankly for Java in particular, it's really easy to tell what you're incorporating. One liner and it'll tell you, which is great. For C and C++, that's way harder. And to some extent things like GitHub is starting to help because you can tell GitHub what your upstream dependencies are and it will then monitor when there are new releases and that kind of stuff. So there is some tooling emerging, but I take your point that it's still quite weak. And I think the problem with all of that is that it's really hard to interpret if you're a manager. It makes sense for a coder, but any further up the chain, I think all of this is just words and none of them make much sense.
Fiona Krakenbürger: Yeah. And I think that's a problem, it stretches across so many areas of this trade, lots of people, I'm not even a coder. But I get it. And then of course developers get it and they get so many things. They get that you have to have a good overview of your dependencies, and they also get that you have to support these open source projects. You can't just consume and exploit, you have to invest into them significantly. Maybe not just time, but also money. But then I think the higher it gets in an organization or a company, the harder it gets to get buy in. So it's also something, how do we approach that? And I think there's also some ideas out there, there are people working on models like OSPOs, open source program offices, that are in organizations, but that's already step one, but what is step zero? How do we create more awareness for that? And it's something when we started working on the Sovereign Tech Fund, I'm sure my colleagues ears already bleed from me saying that and repeating that like a broken record. But I always say the Sovereign Tech Fund there's a lot of potential for what we can do, but I always say the Sovereign Tech Fund is a campaign besides all the things. It's great that we have all that money, we actually just secured some funding for next year, and it's pretty significant for a pretty new fund. So we have about 10 to 11 million for next year. And then we also secured some funding for 2024, which is great.
But I think one of the biggest impacts that we can have is create awareness and also ring a couple of alarms about the issue at hand. And I keep talking to other open source funders or people that are invested into the field, and we've been notoriously bad at telling the story of this field. So it's exciting to see that others are also trying to stitch together narrators and the stories that we can tell about this field. It's a very, very technical thing that we are talking about, but it affects everything, and I'm very excited to learn more about how we can talk about open source infrastructure and how it's connected to sustainability, how it's connected to human rights and privacy and also to free speech or democracy and the freedom to access information. I think we're kind of still at the beginning of understanding how we can create more awareness and tell the story so that everyone understands.
Tim Panton: So picking up on one of the things there, how do you see kind of your mission in terms of its relation to effectively policy and politics? I mean, if you're spending time with the government and spending government money, do you have a set of policy goals almost in a political sense?
Fiona Krakenbürger: Yeah, very much. I mean, you definitely putting your... How do you say that in an English idiom? But putting your finger in the wound, I suppose. You're asking about our mission. So the Sovereign Tech Fund is still pretty nascent. We just learned that we had funding I think in July, so we've been sort of hitting the ground running and we set up a pilot round of really amazing cool projects that we are funding. I can talk about that maybe in a minute because it's exciting stuff. But we've been sort of starting to set up this pilot round and show what we are capable of doing, trying to tell the story of open source infrastructure along the pilot round. And so next week we're going to lock all the team members in a house in the countryside and sit down and think about what is our mission for the next upcoming years. So I'm just saying this as a disclaimer that what I'm answering right now is something that we are going to bring to the table next week with the team, but it's mostly I think my perspective. As I said before, one of the overarching goals is to create more awareness and actually getting more people into the room. I think we need more actors to become part of it. I want to see more governments taking up responsibility, I want to see companies taking up responsibility, maybe private and public funders and those that are already supporting open source in technology to also think about open source infrastructure. I also wanted to think about how they can create support mechanisms for existing things and maintenance and also support the ecosystem in a more sustainable way. How can we create more healthy communities? How can we make sure that new people are coming into this field? How can we make it more attractive for people? Because to put it pretty bluntly, the field partly is growing very old and we need just more people in there to take up the work that's there. Because there's a lot of worry, we just don't have I think enough people. So there's one of them.
The other thing, so we have public money, so we have about 10 to 11 million for next year, I think companies should probably invest like a hundred million or even a billion or 10 billion a year into open source infrastructure so they have [unintelligible 26.08]. But I still think that there's virtue in making sure that there's some public investment as well. When companies invest into open source infrastructure, understandably so, there's always a specific interest namely the company interest. So they're going to invest into features, into development that is good for their products. They're going to invest into open source projects that are important for their products. So taking up the lens of the public and thinking about what can I support in curl, for example, that is good for the public interest? What are open source projects that I can invest in that are important for the public? How can I be something like a public interest customer who's investing into open source projects? We think that is always going to be a different question and another response will yield from it than as if a company is going to invest into an open source project. And there's a funny German word [unintelligible German word 27.01]. So it's basically the German word for-- if you literally translate it, it's bit of care for things that are important for your existence. So it's very descriptive [German 27.11]. And it covers things like the state is responsible for basic needs like water, clean air.
Tim Panton: Oh yeah, the famous triangle of basic needs whose name I've blocked on at the moment.
Fiona Krakenbürger: Yeah. And I mean there's even some some legal wording around it I think. I think it's Estonia where even access to the internet is part of your public needs. So there's some responsibilities off the government, also health insurance and all that kind of stuff and health infrastructure. We want to make sure that open source infrastructure is understood just as much as something that needs to be part of digital care, as part of a government responsibility. That's sort of the overarching policy arc that we have or the policy goal that we have is that this is becoming something that governments feel responsible for. Because especially open source infrastructure is a resource that we all need. You could think about it even further that open source applications are also resources that everyone needs. But that's just not what we are active in, but I do think that this is also an interesting conversation to be had. So the Sovereign Tech Fund I think is a stepping stone and a start, but I would love to see how this can be done in a more long term way. And there are so many different ideas and possibilities out there, it's just we have more questions probably than answers, but we have some thoughts. Just to put this out there, maybe there are some open source projects that should be hosted by a government, that should be permanently paid for by the government. Then a lot of other problems emerge from that. How do you make that selection? What happens if you permanently fund something, don't you sort of stifle innovation and movement? So lots of other questions come up with that.
Tim Panton: So picking up on one thing you said there, what strikes me as being different about what your government money from pretty much every other piece of government money I've ever come across in software is it sounds like you are not match funding, you're choosing projects explicitly and then maybe inviting other people to join in with you, but you are taking the lead decision here on your own criteria. And certainly in Europe that's pretty novel. I think that's really interesting.
Fiona Krakenbürger: Yeah. So for the pilot round, we have nine projects now, we used a scouting mechanism. But in general the Sovereign Tech Fund, we envision it has three different streams along which we identify and find projects. I personally think having worked in funding for a long time, in an ideal world you have two different mechanisms. One of them is a push mechanism, the other one is a pull mechanism. So ideally you actively identify projects, but you also have something like an open application to make sure that you are not narrowed down to your own context and perspective, but you always have the possibility to get applications from beyond your own horizon. But I think it's always good to have some kind of mechanism too that allows you to specifically make decisions. So for the pilot round, for example, the way that we did it and how we want to do it in the future is we want to identify community ambassadors, so people that are typically not very well known but deeply embedded into their communities of practice. So we have a couple people out there who could provide recommendation and then we can look at these recommendations, that's how we did it for the pilot round as well, and make something like a pre-selection or think about criteria like is it very critical? Is it being used a lot? Is it underfunded? So there are different sets of criteria that we can use. The pilot round was a bit specific because it happened so fast. We also had to make sure that the recipients had some organizational maturity to get new tasks, because you can break an organization's neck easily. And then there's a very interesting third mechanism that we have, and that is research-based. So there are a lot of approaches out there already of people trying to think about metrics for criticality, so how do you define that a project is critical? There are different possibilities. One of them could be it is included in a lot of dependencies, so a lot of products depend on it. Maybe it's how many stars it has in GitHub, very bad metric I think. But there are different ways that you could look at it, and we want to identify these metrics, and potentially, really thinking or fantasizing, it could be a tool that automatically particularly detects critical software projects that are underfunded. And so that could also be an avenue along which we find and identify projects. So we have these three streams.
Tim Panton: So it would be interesting maybe to talk about one or two of the pilot projects in that light. You've selected them, what kinds of things have you selected? What were your first go-tos?
Fiona Krakenbürger: Yeah. So we asked around in our communities. So we are very well connected, fortunately, to a lot of open source communities and also technical communities. And in a very short amount of time, we got about 50 recommendations, and we looked at all of them. And one of the things that we wanted to do is with the pilot round showcase the bandwidth of open source infrastructure. So we selected a couple people working on [Colton standards]. One of them is OpenMLS, which is still a pretty new standard that people are working on. It enables encrypted group communication and it's a new standard for instant messaging. The other one is OpenSSH, it's being used so much and it's very widespread. The other protocol one is OpenBGPD, Border Gateway Protocol Daemon. And we chose that one, and that's maybe an interesting case specifically because in the BGP world, the protocols that are out there was a lack of diversity in the field. So most of the Ps basically referred to [BIRD] from what I understand, and there was OpenBGPD, but it couldn't create parity to the existing implementations out there. And there were different funders already investing into OpenBGPD and we thought that's actually a good place to invest in because we can help this open implementation become an alternative, we pair it to the existing projects out there. Another kind of projects we are investing in is developer tools. So RubyGems and Ruby servers is one of the projects. Then another very obvious choice is curl actually, so we are supporting Daniel Stenberg's work and the curl community. What else? There's WireGuard, which is a super secure and highly performant PPN client and protocol, just to name a few. And all of them it showed the different aspects and types of open source infrastructure and how important it is.
Tim Panton: Certainly OpenSSH and OpenBGP, BGP is the unspoken, it's one of those core things that nothing works without it and only about 17 people on the planet understand how it works. It's absolutely one of those building blocks that is vulnerable. So I think that's a fantastically good choice and not an obvious one either I wouldn't have thought.
Fiona Krakenbürger: Yeah. And also, I have to bring it up, it's hard for me to leave one of the projects out because they're all kind of my favorite. But the very, very interesting choice we made based on recommendation and some research as well is we are actually supporting Fortran. Because, and everyone seems sort of pretty confused about it, but there was this blog post, I can send it to you, that virtually all climate modeling is based on Fortran. Fortran is still extremely important for the scientific community, but it's so old and it needs so much love that actually a couple years ago a new Fortran community was created and they wrote the white paper and said, "We really want Fortran to become more usable and easier to use. We want to work on the Fortran package." And we initially thought about supporting Julia because we thought a lot of people would switch over to Julia. But then very much in line with the philosophy of supporting existing rather than creating new things, we decided to actually invest into Fortran instead, and the community's pretty vivid, it's alive, and it's working really hard on improving Fortran, considering that climate crisis is real. We think it's really beautiful that we might have one way to support the scientific community by doing lots of climate modeling where you have so much data. I mean, you're basically imitating the planet so that Fortran is actually the best choice, but we could make their lives maybe a little bit easier.
Tim Panton: What I love about that is that's an investment that absolutely no VC on the planet could make. You couldn't walk in with a pitch deck saying I want you to put a million into Fortran development and come out with any money from any VC on the planet. So I think that's a really interesting example. And I mean, I totally buy into why you would want to do it, but I also think it's almost impossible to fund any other way, which is really fascinating actually. I wanted to kind of come back to something else you said earlier about giving people, and I don't think you actually said it, but it was like the implication was about having a stable income and how that might change the kinds of developers who were able to work on a project. Do you have specific goals in mind in there or am I just imagining you said that?
Fiona Krakenbürger: No, it's a very good question, and it's also something that we're thinking about, and it has to do with what is going to be the mission of the Sovereign Tech Fund and what can we do. So I think there are different ways to look at it and different dimension of this. So one of them is definitely the fact that there's often not a stable income and the fact that all the open source work is so volunteer-based is great, but it also creates some structural or sort of amplifies some structural problems that have been even more evident during the corona crisis. So participation of women, for example, in open source project has plummeted during corona because having time for open source work, working in the evenings, any kind of night job and hobby is even more hard if you are more responsible for care work. So I mean, there's not a very good analysis of why the numbers have dropped, but I think it's pretty clear that you're in corona, all these structural issues have just been manifested.
Tim Panton: I hadn't picked up on that, it's a really interesting observation. Yeah, thank you for that. That's fascinating.
Fiona Krakenbürger: I have to figure out if I can find the link. I definitely read about participation of women has shrunk, but I think GitHub always does some kind of analysis on integration and diversity and their contributors. But yeah, it always has been notoriously bad, while we have more women coming into the tech field, the number of women or non-binary people in open source has always been historically low. Which from what I know and what I learned and studied, I actually studied a lot about diversity and tech, that is always something to the fact that it's volunteer-based, and having time for volunteer work is just really hard for a lot of people, especially those that are responsible for care work. But yeah, what I was trying to say there, I think money can be part of the solution. It doesn't have to, it's definitely not the solution, but it can enable new people to come into the field. And I think when we were exchanging emails initially about this podcast, I also told you that I'm also invested into diversity, and, for me, those things really go hand in hand. As soon as you are able to provide funding to people who usually don't find their way into this field, you can create more diversity or foster it.
So I think that that's one way to look at it, and the other one is stable income. That's one of the ideas or let's say speculations that I have about maybe creating something like a little program at the Sovereign Tech Fund, even though I'd rather see other entities do that. But maybe we can try something, we can experiment. Let me frame it as a question. I'm wondering whether we could employ two really smart people, developers who are excited or who are willing to work on existing things for a year or two and just the only job is they're hired to work on open source projects. So kind of what companies are doing. They have their own developers and they can dedicate 20% of the time or 10% of the time or their Fridays to working on open source projects. I don't know if the companies usually have a say in which projects they are supporting, but I would love to toy around with that idea a little bit. What does it mean if a public entity, the Sovereign Tech Fund or maybe potentially also government, employs five or 10 developers who are just responsible for working on open source projects? Maybe three or five different projects in a year that they can feel familiar with, they can get accustomed to, how do you find these people? But yeah, it's something that I find really interesting to think about. It could be maybe something that we try, maybe not next year, but maybe the year thereafter, and figure out if it works. And if it does, then we made our case, and others can copy it and there are no excuses. If it doesn't work out at all, then we figure out why, and then others can benefit from us.
Tim Panton: That's a fascinating idea, I like that one. I'm conscious that we're now running out of time. So I'm going to ask you a kind of our catchall end question, which is, if you look kind of five years into the future, what would you hope might have happened as a result of what you're doing now?
Fiona Krakenbürger: Yeah. Just three hours ago I had that discussion with my dear colleague Tara, who's also on the team. And we had very interestingly differing perspectives on that. So I'm going to tell you what I think or maybe what I thought until I had that conversation with Tara. I would've said, until today 1:00 PM, that the Sovereign Tech Fund maybe shouldn't exist anymore in five years because we've been successful in instigating, creating, inspiring way more actors to come into the field. So in the speculative future style, in five years, the Sovereign Tech Fund has done such a great job that the German government has decided to institutionalize the support that we are providing with not just 10 million a year, but actually a hundred million a year with an independent entity, a foundation that does all these different programs. They hire developers, they also provide long term support, five-year contracts, no problem, with open source projects. They created lots of fiscal sponsors, and not only the German government, but then also the Spanish government, the Taiwanese government. Many basically used it as a blueprint and created their own Sovereign Tech Funds or open source infrastructure funds or whatever. Then also private companies went into the field and said, "We saw what the Sovereign Tech Fund is doing, we want to create small programs like this. We are investing, we are paying something, an open source tax, that is paid directly to this independent entity." So more actors became part of the field. A lot of international cooperation is happening, the entire world is understanding that open source are a common good that they need to invest into just like our air, our water, and our streets that connect us. So that was my idea. Five years might be a little bit of a stretch.
Tim Panton: So success is kind of succeeding yourself out of a job. It's creating infrastructure where you are no longer necessary. That's a hugely ambitious goal and a rare one I think as well. Most people don't think that way.
Fiona Krakenbürger: Yeah. But then again, I would start a couple different projects in my path, especially social projects, and I always like to think of how do I make myself obsolete, first of all, and then maybe also how do I make an organization obsolete. Just to add one more thing to the previous answer, of course, then also Germany understands that open source infrastructure is part of the [unintelligible German 43.44] and maybe it's even part of the law that the German government is responsible for that. But that's one way to answer it. And then today I had this conversation, and actually Tara said there are more problems and it's not good to sort of plan your own exit when all these problems are probably going to take more time. And there are equally pressing problems in the way how we can create, how we can change and improve the open source ecosystem and that's not going to be changed. In five years if there are more actors in the field, then we won't have solved that problem, we will have solved the problem that it's just us. So hopefully there will be even more people in the field, but there are going to be maybe more long term challenges that we need to address. Something like how do we create open source communities where more people are part of the communities where we have actually active and very vivid and changing and diverse communities of practice that are working on these projects. So not every open source project will and should be funded by the German government or the company, so how do we create solid, healthy, diverse, attractive, and sort of welcoming open source communities that will always be the most important and critical part of an open source ecosystem. We need the money, yes, but the money doesn't go anywhere if you don't have any people in the open source community. So I think Tara was absolutely right in saying there are some very, very important challenges and questions to be addressed. We don't really have all the answers yet, but we should start working on these and testing just as much, but we can do it in regard and how can we support these open source projects in their governance and in their diversity efforts and in their growth in a really reasonable way. So that's something that's probably going to take much longer. And hopefully in five years we have some answers.
Tim Panton: Right. That reminded me of a conversation I had actually on Mastodon earlier on in the week. A friend of mine who's done a lot of open source development actually in telephony was having a bit of a guilt attack about he gets robo called by his own software. And he's kind of like, "How do I process that? What shouldn't I have done? What should I have done differently to stop myself from feeling guilty for having enabled robo calling?"
Fiona Krakenbürger: Yeah, tough.
Tim Panton: I know, right? But is there some sort of kind of... I don't know, they were speculating in that conversation about a moral license. You take something like GPL but you add in criteria about not using it for X, Y, and Z or some kind of construct that would allow the developer to feel reasonably comfortable that this thing wasn't goning to be misused. But I mean, the consensus we came to is that was unrealistic. So it is an interesting discussion, and maybe that's something you could work on in five years time.
Fiona Krakenbürger: Maybe, yeah. We've got a lot of work to do for sure. I hope there'll be more people in the field that can help us address these questions. Just like, why did I work on diversity in tech? Because I strongly believe that everyone codes differently, has different moral backgrounds, has different things they think about, has different experiences that add up to the way that technology is being developed. So that's why I'm big proponent of diversity, and just as much, I think, the diversity in the field of open source infrastructure is going to help us to find other and maybe better answers to all the questions that are deeply enshrined into this.
Tim Panton: Right, right. And that's very much on message for this podcast. So I think that's a fantastic point to stop the conversation. I want to thank you so much for doing this, I really do appreciate it. And particularly experimenting with this new tool, which does seem to have sort of worked, which is good. So I will thank you so much for that. And anyone who's listening, I hope you've enjoyed it. And if you have, please mention it to your friends, give them the link, and follow up in the show notes, where we'll have some links on whatever we think is relevant as further reading for the subject. Thank you so much.
Fiona Krakenbürger: Thank you.
Tim Panton: Okay, bye.
Fiona Krakenbürger: Bye.