I also recommend Sentry in a lot of projects. The happy path they have created is fantastic, they've grown it out into performance metrics and it looks like they're gonna compete with Datadog and NewRelic on the APM front soon enough.
They've not sold me on that, but their error tracking and the management around it is good enough. Their search interface and the fingerprinting sucks major ass though: most of the time when you click on a Sentry alert you'll actually find a different error.
The UI is basically only good for reacting to immediate alerts. But when you get one of those, you get a lot of info to work with.
I’ve been running Sentry (cloud and self hosted) for various Python apps since 2014 and haven’t had any issues with the fingerprinting. Maybe a language or project specific issue?
> Their search interface and the fingerprinting sucks major ass though: most of the time when you click on a Sentry alert you'll actually find a different error
Isn't that a scoping error on your side? We run the on-prem version at work, and the only time I've seen anything like this is when there weren't different scopes for each goroutine and the error messages got mixed up.
Why would you assume that companies following suit would make symbolic gestures rather than a culture/values shift?
This is a nuanced subject - companies won't just all start donation to OSS because of Sentry. But more and more companies taking leadership over time can compound into an industry perspective shift.
The only thing relevant is the result. Even if some companies start to do symbolic gestures and token donations, the result of Sentry making a positive action is even greater.
> Why would you assume that companies following suit would make symbolic gestures rather than a culture/values shift?
Because companies are generally managed by far worse people. Just this afternoon I stumbled across an email template framework on GitHub in which one of the issues posts had a responder remove HTML templates from a reply to a bug report because he said his boss claimed that was their "intellectual property."
Using an MIT licensed lib for free, think the plain ole html markup they generated with it is "valuable code," that's the CIS + MBA grads I know!
Way to go Sentry! I’ve just finished setting up the early motions of a similar fund over at https://www.gitpod.io/blog/gitpod-open-source-sustainability.... Currently an initial amount of USD 30,000 has been earmarked. One day I hope to triple that (or more). At https://www.gitpod.io/blog/devxconf-wrap USD 10,000 was distributed to maintainers of LSP implementations and “digital infrastructure” that people use day-to-day but seldom think about.
While I appreciate that Sentry stepped up to the plate to fund open source, I'd also like to point out the obvious which is this is just 1.5 person's salary in Silicon Valley, for a year. I hope that companies instead of donating money, can pool their resources together to start a non-profit fund invests their money that will grow in time, so in time, more engineers can be funded.
Because these are maintainers that are working on projects that Sentry depends on for their product, and they can’t write their rent checks with “well intended someday funds”. I mean imagine your boss a work telling you that your not getting a paycheck but not to worry because he invested it and might get around to paying you someday.
Many of these people have kids and mortgages while living off this work.
If they can’t afford to actively continue their work now and go private sector that leaves Sentry holding the bag with abandoned dependencies.
150k direct donation will cover long term investment in the things their company needs to run.
Hopefully, these donations are going to developers outside the US/Silicon Valley since the value/cost ratio is much, much better in other parts of the world.
Adjusted for each company's market capitalization, this is the equivalent of Google ($1.9T market cap) directly injecting ~$290,000,000 into the hands of open source maintainers.
I think instead of getting fixated on the dollar value and its impact, it's more meaningful to think about the message this sends. $2k/engineer is a more meaningful metric.
It is merely an exercise to place in context the scale of the contribution relative to Sentry's size as a company.
FWIW, Google has $136B cash in hand[1], and that figure has historically grown $10-20B year-over-year, so it does not have to raise capital to make OSS donations. The figure I cited – $290,000,000 – might sound like an insane number, but it is a rounding error on their balance sheet.
(Also, to be clear this was not a shot at Google, their history of OSS contribution, or anything like that – I just chose some random mega cap company.)
I'm genuinely curious what they donate, maybe it's already that much? More? Less? No idea. Also, at their scale cost of FTEs dedicated to upstream open source becomes a significant consideration. How many kernel hackers do they employ?
Every engineer worth retaining is realistically responsible for at least $2000 more in real corporate income or institutional savings than was anticipated in any single year. The bigger the organization the more I would think they leverage the same engineering successes to higher dollar amounts than that.
Many of course get bonuses well in excess of this baseline when even larger contributions are recognized.
I would like to see someone prosperous & generous donate to the Syslinux Project so they can update to a point where they have a Microsoft-signed SecureBoot universal multiboot solution for UEFI so it will be as useful as it was under BIOS booting. Ideally, if a signed "shim" is involved it would be universal so it would boot any form of Linux using either GRUB or Syslinux, once the official update is released and adopted by the distros.
Google probably injects way more than that to fund open source projects: it is called working at Google. $290M is a measly, 600 avg employees or so (let's just assume ~500k for an average gSWE in Bay Area). These cash donations may be nice for indie projects but they are really too small to move the needle at scale. Real-world open source is by-and-large built and funded by corporate employees.
UK Anecdata: xe.com says $155k is currently £112k which is, at best, two maybe-high mid level devs in, e.g., London (outside of FAANG.) Maybe 3 mid or low-senior levels outside of London but even then it'd be a stretch. I think.
I appreciate that "UK Anecdata" might be misconstrued as "Ukraine Anecdata" (and I could have been clearer that it was UKOGBANI or GB, sure) but in what world could "UK" encompass Poland?
If you've got the wherewithal to grow significant wheat and an avocado tree to fruition, I would think you could afford to give out more than just one sandwich along the way.
But when would you have enough to start paying people? When the average return on the investment is $150K/year? Do you start paying at $15K/year? Should you raise more money and wait until you can fund $1.5M/year?
But the point is that using a long-term approach - you will be able to pay people orders of magnitude more than if you take the short-term approach.
Long-term becomes the short-term in the future ;). If some businesses had started such an initiative in the past, people would be getting paid in the present - consistently.
100 companies 100k each gives you 10 mill. Just the return on that on any meager performing stock can fully fund 1 SV dev, indefinitely. Or, you can withdraw a couple mil from the fund per year, fully fund the entire project for 3-5 years or so. Investment is just a way to stretch out the fund.
I JUST LOVE THIS. I thought they were making donations to big names in OS fields but I was pleasantly surprised. neovim, axios, urlib3 and dark reader.
I think I am going to start making a laundry list of small YouTubers, Projects, Browser Extensions, and Maintainers so I can help them out as they helped me out.
That sounds like a worthy project!
I’m sure Gitcoin and others in retroactive public goods funding would benefit from a list and your efforts.
Let’s talk, maybe we can get those people paid!
I'm not actually sure we use Rollup fwiw. The contributions were democratized via our employees - we asked them where we should direct funding for individual projects. So what that ultimately means is some person(s) at Sentry valued the project and your contributions :)
It's tough, I think it depends on the framing and is definitely something worth talking about. Part of what we were trying to do with this initiative is start with some _global_ concept of "fair" and then allocate that amount as best we could. The total amount we came up with is $150,000 which is $2,000 per engineer on staff.
Sooooo ...
> Does [$155,999.89] reflect the value and developer time savings you've received from [all community-run open source projects] over the year[]?
Yes. We believe that contributing $2,000 annually per engineer is a meaningful amount that fairly compensates the value we receive from open source volunteers.
May I flip the question? Does $500 reflect the value and developer time savings you've given to Sentry over the past year?
> > Does [$155,999.89] reflect the value and developer time savings you've received from [all community-run open source projects] over the year[]?
> May I flip the question? Does $500 reflect the value and developer time savings you've given to Sentry over the past year?
It must be frustrating no one would have said anything if Sentry gave $0 instead of $500. Your response seems disingenuous though. They didn't ask about just this year or any other project. The brackets show you knew that.
Right, I was intentionally reframing the question. As a company we wanted to arrive at a budget through a global view and then allocate from there. Rather than look at 100+ projects individually and build up from "How much value did we get from this one? Or that one? And that one?" ... we wanted to reason about a fair amount overall. Is that bad?
What's a good (practical, repeatable, reasonable) way to determine fairness?
> If, by magic, these OSS components you use disappeared: How much would it cost to build them?
Hmm... I'm not sure that's a reasonable metric. If Microsoft disappeared it would no doubt cost millions to rebuild SQL Server. That doesn't meant that it would be reasonable for them to charge a 1 million dollar license fee to use it. The cost is amortized across their entire customer base. Similarly I don't think it's reasonable to expect Sentry to pay the NGINX developers 1 million just because it'd cost them that to redevelop in house. One would instead hope ALL dontations summed to something reasonable.
MSSQL isn't foss; you pay what it's worth to you as part of the licensing. That's one of the issues at play here, paying for software licenses versus using foss components to build your own saas, and then donating something to the foss maintainers.
A simpler way to say this: What's the average compensation for a developer, and how many hours do you think it would take for one of your developers to build some small foss component? I bet it's more than the $500 donation.
I'm still now following this logic. In this scenario, I can either use Microsoft Office for $200, or I can use Libre Office, where a $500 donation is insufficient because I can't pay a programmer <$500 to contribute to it?
This feels like a great incentive not to use Open Source.
Appreciate the additional insight. It wasn't something I gleaned from the blog post. It's something extremely difficult to measure, and open source funding is nebulous in reason and highly inconsistent due to difficulty in gauging value, among other reasons.
The flip-question leaves me a little confused. I hope it wasn't asked out of irritation or to be snide, as my question was very much asked in earnest. I've only ever used Sentry through employers who had a subscription. My experience with the product is mostly positive and I'd say that the folks I worked for thought it was a good value.
Not meant to be snide, no. It's something we thought about when allocating our budget: how are projects going to perceive this? Is giving $100 or $500 worse than giving nothing at all? So my question was also asked in earnest! :D
Back to your original question, then:
> Does $500 reflect the value and developer time savings you've received from the project over the years?
I guess the binary answer is yes, though I quite agree with you that it's difficult to gauge value in open source a priori.
Thanks for the kind words about Sentry ... and thanks for making Rollup! :)
Likely much lower than the value and developer time savings, but (a) that's usually the case even with licensed software (nobody buys Microsoft Office nearly the amount of "developer time savings" coming from not having to reimplement an office business suite) and (b) by setting up your project as open source, you're essentially saying that you're not interested in capturing any of that value anyways, so I don't really see how it's relevant.
That's a great question and I have some thoughts as an outsider.
It's pretty much impossible to reflect/match the value received over time. Think about a SAAS that charges 5$ per month, even though the time it saves you is months, if not years.
It's also impossible to accurately know what the value received over time is.
The best we can all do is support OSS in a way in which we are comfortable, whether that is more or less than the objective received value.
This is amazing. I'm CTO and co-founder of a (much smaller) monitoring company. We have as one of our core values that we donate 1% of MRR to non-corporate backed Open Source.
I was very confused by this. Why the 11 cent offset for currency conversion? Are there some laws around sending $155k in foreign payments? From a PR perspective, that extra 11 cents provides a pretty good ROI since you can just say that you've donated $155,000
P.S. This isn't intended to be criticism, just curiosity. Kudos to Sentry for the donation. If every profitable company donated $2k per developer, we can expect some pretty amazing innovations in OSS
The amount you're quoted for an international funds transfer often varies slightly from the amount that's actually charged.. So if you initiate a $500USD -> EUR transfer quoted at 0.8591 so the recipient receives EUR429.55, it might actually clear at 0.8593 meaning it only cost you $499.88 to send.
On the contrary, having a bizarre number creates marketing buzz and curiosity. $154,999.89 got me to click. $155k can get lost in the shuffle of all the other numbers getting thrown around on HN.
I'm guessing one project required currency conversion and so the 11 cents is the cost of conversion for that one project. Maybe they gave the project $10 and 11 cents got eaten in conversion making it $9.89. It's possible they spent $155,000 but projects only got $154,999.89 so the note the latter.
If you spent $155K, that's how much you donated, regardless of the transfer fees.
But if you spent $154,999.89 because the exchange rate slightly improved while you preparing the transaction, after you chose a number of Euros to donate, then you spent $154,999.89
Some people say the best charity is anonymous. I used to believe that
In my experience in the non-profit world I’ve found that its merely convenient that there is zero public transparency if you dont want it and so I have a different view of its “best” “good” “utility”, some people have an interesting in keeping the “anonymous good” perception
The opposite is announcing
It is completely amoral to me, as in it doesnt make a difference and I dont care and I have all options
But I was wondering what others think [so I can amplify my standing in society, when convenient]
Donate anonymously and have the collection of donations “leaked” in the future?
Donate publicly and announcing it?
Do both like McKenzie Bezos where some people get to be satisfied and inspired by the list and never question if there are others done?
I have shared this link with my company in the hope that we can do something similar. It encourages people like me (I'm only an engineer) to bring it up with people who can make decisions in a small company. ,
Imagine my surprise seeing https://news.ycombinator.com/item?id=28693731 surface serendipitously three weeks ago. That post from four years ago during Gratipay's final days is linked in today's announcement. :D
My new startup, Coherence, also is committed to giving back to the open-source we all build companies on. We're going to divide our budget up per-engineer, and give individual devs discretion on what projects they want to support.
I'd suspect it's because Sentry offers client-side telemetry as one of their services, and they might be using the same domain for both commercial and technical stuff (hosting both the main site and backends) so blockers have no choice but to block the entire thing if the enforcement is DNS based
I'm only speculating though, as this is a pretty common mistake
They provide javascript / browser integration into sending sentry events, aka "tracking data", to their servers.
Just as one might block "googleads.g.doubleclick.net" to avoid google tracking, it is very reasonable to blacklist sentry to avoid various companies tracking you.
I don't want to derail this thread, but Sentry isn't tracking. Can you hypothetically track users with Sentry? Sure. Do we provide any of those capabilities? No.
Treating products like Sentry the same as advertising and analytics companies can only be harmful for our industry.
> Can you hypothetically track users with Sentry? Sure.
> Do we provide any of those capabilities? No.
Yes you do. When I view a bug in Sentry it tells me how many users have hit the particular bug and which users they are. I can even search by user and see what bugs they've hit.
These things aren't necessarily bad, but they're 100% the building blocks for various forms of badness, and I can fully understand track-free users just saying no to all of it.
In any case, the solution for Sentry-the-company is just to have a separate domain for receiving events, so getting that blocked doesn't block your corporate landing page.
I don't think you would if your upfront goal was "telemetry" and you actually evaluated solutions for that. But if you had the Sentry pipeline in place already for crash reports, it would be very easy to slide into using it for tracking other kinds of custom events.
If it looks, walks, and quacks like a behavioural advertising/tracking/analytics platform... why should it not be treated like one? Especially when you consider Sentry seems to be moving towards enabling these use-cases even further.
A way to opt out of personal data collection that is provided by Sentry to end-users would put Sentry back on track. Until then, I'll be running my own solution.
One thing to note is that I think a website is different than a software product that you install on your local machine (in terms of privacy).
When you access a website you access resources on a remote server, this means that is almost impossible to not leave any trace of you visiting that website (access logs, ISP logs, DNS logs, etc).
I do think there should be explicit consent for a locally installed software to send logs or analytics to an external server, but I don't think explicit consent must be given when the user is the one accessing the server.
Also, there is a big difference between technical logs (app crashes, 404 pages, resources that fail to load) and storing user-specific information or actions (exact location, products purchased, items viewed) most importantly when this information is used for marketing purposes, not for improving the user experience (by making the website faster/easier to use/more secure, etc.).
But Sentry can be used for the same analytics as ads. You can send events manually, it doesn't have to be an actual error, with all the info attached.
I'm a very satisfied user of Sentry, but I use it for an internal project. I also use LogRocket which is far more intrusive. For public projects, I would use Sentry but certainly understand that many people would block it. I would never use LogRocket without informing users though.
Often times much more is being collected than than what would be required for performance monitoring, it's not at all clear where this data ends up ("why does Bob from marketing have an account on our Sentry?" is literally something I overheard), and opt-outs are rare.
Obviously this is a good thing that we want to see more of. I like the approach of asking engineers what projects to support. My first thought was that this doesn't seem like a large amount. Maybe we need a thread listing large SAAS companies that have donated nothing to OSS projects, though.
I'd love to see other companies express their open source donations in terms we can compare across companies. Yes, in absolute terms $155k (rounding up ;) is not that much, but Sentry is not that big. We have ~75 engineers. How much do other companies with 750 or 7,500 engineers donate to open source, per engineer?
IMO every company should give something to OSS projects no matter how little, even if its a few hundred dollars or a small commit. Everyone benefits from OSS and how it does not occur to companies to give back is beyond me. I think us developers fail to educate management on how simple and vital to support OSS projects. I dream of the day when it becomes normal for job candidates to ask potential employers "how do you support OSS?"
We have no Nim usage in the company. One of our engineers nominated it as something they find personally interesting, and we wanted to give at least a little bit to every project that our employees nominated.
That's absolutely fair and we appreciate the donation a lot.
One additional thing that would have been fairly cheap: call out the smaller open source projects you donated to. To some the exposure can mean a lot in a blog post like this :)
We're thinking through how to follow up on this post with additional signal-boosting throughout the year, point taken about exposure value to small projects. We'll keep that in mind!
Then the value received for Sentry most likely also pale in comparison.
I've never heard of Nim before this comment. It looks pretty cool, especially the self-contained aspect. Do you know of any big company using Nim in production?
> Bountysource is the funding platform for open-source software. Users can improve the open-source projects they love by creating/collecting bounties and pledging to fundraisers.
Usually people use that term for security concerns these days, which definitely exist for open source. I've seen stuff over the years where people have attempted to do bounties for implementing a feature/bugfix/etc, but its never really taken off.
Yes. There's the Internet Bug Bounty[0], which is administered by HackerOne and funded by a number of companies.
It's paid out three quarters of a million dollars since its foundation in 2013. It was relaunched last month. The pace is picking up, too: $100k has been paid out in the last 90 days[1].
Disclosure: I know of it because I work for Shopify, which is one of the donors.
Upon the suggestions from other commenters, I've had recent interaction with huntr.dev. I maintain an open source project and had a few members on there report vulnerabilities over the last month or two. They seem to pay out both to the finder of the vulnerability and the maintainer (me). The process seemed a janky at first but they've improved the platform since my first interaction and they seem to be encouraging a good thing. Had a few false reports but that has been outweighed by well-defined genuine reports.
It seems like it would create some bad incentives for open source maintainers/submitters - someone submits a PR to fix a bug, gets rejected, maintainer commits a similar bug fix, claims reward. Dunno. Interesting idea, execution might have bad knock on effects
> It seems like it would create some bad incentives for open source maintainers/submitters - someone submits a PR to fix a bug, gets rejected, maintainer commits a similar bug fix, claims reward.
Perhaps after giving each open source project 11 cents? That made me curious about the numbers, and I found a paper which says "Daffara estimates that there were 18,000 active open source projects in September 2007 worldwide"[0] which would mean donating about $2000.
Another analysis from 2013 calculated that "87% of projects have 5 or fewer committers per year"[1] so if we unreasonably assume that each developer only works on one project, that might mean 5 times as many developers as projects, so $10,000 to donate 11 cents to every open source developer.
I thought I was going to pay almost three thousand dollars a month for a subscription until I saw the punctuation. The point is the overall length of the number looks to be in the thousands.
HN, a pretty high quality crowd at the best of times, is confused about numbers now? Fixed point decimals at that! And reacting to that temporary double-take?
If I see a dollar sign I automatically go to the back and work my way forward, not sure if others who work with finance often do that but I'm pretty sure it's common.
I'm just a bit disappointed that HN had to simplify the title to satisfy the audience.
I'm more disappointed that the suggestion was upvoted enough to distract from any substantial discussion.
The title change can bring the discussion back on-topic but this really does feel like a massive brainfart. HN literally decided that a factual number was not appropriate and a sensational milestone is.
If you want to argue, "well, they put the .99 cents on the end to confuse people and make it look like they donated 1.5 million instead" then that really only speaks to your own desperation to twist facts and make them sound favourable to your agenda. You're literally admitting to jumping to a conclusion before even processing the information.
Sorry, I'm just sad that HN decided that they needed to editorialise this specific title.
FWIW, Sentry employee here, I promise nobody here ever planned to present this figure as a means of manipulating readers into thinking we donated millions.
The original blog post draft originally had $150,000 in the title, but when the receipts came back and we realized that we "saved" 11 cents, someone jokingly updated the title and we thought it was a cutesy change. That's it.
Honestly, I wasn't expecting the comment to get upvoted to the very top and take away attention from the more deserved discussion. Fortunately it seems like things have gotten corrected now and it's many other comments have risen above it.
I'm not actually sure what you're referring to (as CTO I promise you I am not managing any of our GitHub repositories or anything at that level). If you think there are concerns with the PHP SDKs you seem to know where to express those, but a lot of our SDKs start (or are) maintained by contractors as well as contributors from the open source community.
That said, none of this has anything to do with these donations to the open source community. We fund a lot of other initiatives outside of this one thing, and it seems you have some gripes with how we do that, which you're welcome to, but it doesn't take away from this investment.
> and it seems you have some gripes with how we do that
Actually, I have a gripe with the fact you left unpaid volunteers to deal with an angry customer. I have a gripe with the fact you just left an emjoi response when a volunteer pointed out they were volunteers and weren't getting paid. I have a gripe with the fact I gave them greive for several replies in hope that a Sentry employee would finally step in and the company that I was paying money to would provide basic techincal support which I was told by the volunteers the company would be unable to do because only volunteers worked on it.
In my opinion, open source maintainers of your offical products in your offical github org are part of your team. You didn't even stand up for them. You didn't even get a product manager or customer success manager to intervene. It's the bare minimum.
And before you carry on with what issue this is. It doesn't matter at this point. Personally, I would just like it if in the future you stepped up for your maintainers.
It's true that we do have a lot of great volunteers working on our SDKs. We value them and appreciate them, and if/when we let them down we do our best to make it right.
Sorry for letting you down as a customer. We'll keep trying to do better.
Wow this post triggered some serious PTSD. A previous employer got bit hard by Sentry's PHP SDK, which still (to my knowledge) has unresolved serious bugs. It was used as collateral by me and some coworkers to convince the powers that be to jump ship to a competitor, along with other serious problems with the platform.
I too wish they'd invest in fixing their own broken libraries.
In this case boasting about the virtuous deed is adding a great deal of extra value to the world, because it is likely to inspire other companies to step up and do the same.
It's not even about the amount, since in the grand scheme of things, it's nothing.
It's about the leadership they are exercising and the influence it can have on other businesses.
Most of our daily work as programmers involves us benefiting from OSS, yet so few of us are part of a culture that values this kind of support.