On this episode, we chat with Max Howell, creator of Homebrew, about his new package manager, Tea, and how it aims to solve the problem of providing funding for popular open source projects.
Over the years Homebrew, an open source package manager, has emerged as the project with the greatest number of individual contributors. Despite all that, it’s creator Max Howell, couldn’t make a living off the occasional charity of the millions of people who used the software he built. This XKCD cartoon is probably the most frequently repeated joke on the podcast over the last three years.
While he is not a crypto bull, Max was inspired with a solution for the open source funding dilemma by his efforts to buy and sell an NFT. A contract written in code and shared in public enforced a rule sending a portion of his proceeds to the digital objects original creator. What if the same funding mechanism could be applied to open source projects?
In March of 2022, Max and his co-founder launched Tea, a sort of spirtual successor to Homebrew. It has a lot of new features Max wanted in a package manager, plus a blockchain based approach to ensuring that creators, maintainers, and contributors of open source software can all get paid for their efforts.
You can read Max’s launch post on Tea here and yes, of course there is a white paper. Follow him on Twitter here.
[intro music plays]
Ben Popper Hello, everybody. Welcome back to the Stack Overflow Podcast, a place to talk all things software and technology. I am Ben Popper, Director of Content here at Stack Overflow, joined as I often am by my colleague and collaborator, Matt Kiernander. Hey, Matt.
Matt Kiernander Hello! Nice to be here.
BP So on this show we have talked many times about the wonderful world of open source as well as some of the difficulties that creators of even very popular open source projects have getting funding or support to maintain those projects. And the irony that as these things become more and more popular and bigger and bigger pieces of infrastructure in a sense that lots of folks rely on, the burden often on maintainers grows without sort of this concomitant growth in the support that they're getting. So I'm excited today to have Max Howell, who is perhaps best known as the creator of Homebrew, on to spill some tea about tea, which is his new thing, putting together some of the ideas around how he experienced the world of open source, how to support it, and how that ties in with Web3. So Max, welcome to the program.
Max Howell Thanks so much for having me here.
BP So just to situate folks who don't know, tell us a little bit about yourself, how you got into the world of software development, and your first sort of big brush with creating a tool to solve your own problems that became sort of a part of the open source firmament as it were.
MH So I was lucky, my dad taught me to program when I was a kid so it was a long term hobby of mine, but I never really considered it for a career because I remember I went to a career fair when I was maybe 15 or 16 and I saw the two programmers there at the career fair and I thought, “Well okay, I'll go and go and talk to them because I've been enjoying programming as a hobby. I've been doing it on lunch breaks with a few geeky friends in the school library.” I went and spoke to them and they were the geekiest pair of people I'd ever met and it completely put me off the idea of going into it as a career. I was a self-conscious teenager. I didn't want to be the person at parties that nobody wanted to speak to. So I did a chemistry degree and one year as a chemist in industry I became extremely depressed as I realized that actually I didn't like chemistry, that chemistry was boring. And that this machine that I'd been getting really good at and I was using in the lab, I realized that if I stuck with it I'd be using that machine for the next 10 years and I'd probably put some papers out and everyone would be like, “Wow, Max has cracked this really niche area of chemistry. Good for him.” So I couldn't do it and I quit and I went and lived with my parents for a bit and I tried to figure out what to do with my life and I discovered open source and I discovered Linux and this just basically got me into the industry. I managed to jam myself into the industry by people discovering my open source and thinking it was good. I got a job at a startup in London. And so I never went the traditional path, I got into it via open source so it's always been part of my DNA. And so as a result, solving the problems I was having for myself was always part of how I operated, and that's how I came to do Homebrew. It wasn't the first piece of open source I'd ever done, but it was solving this particular need I had at this company that I was working at in London.
BP What really interested me and I had read your Medium post on this, was the idea that you were frustrated with some of the tooling and wanted to create a better mouse trap as it were, or package manager as it were, and so as you saw that kind of snowball and grow, you discussed at a very personal level not just from a software development perspective, the joys of seeing something grow but also the difficulty of worrying about overdrawing on your bank account and putting yourself in a position to kind of grow up, have a family, support them. Can you talk to us a little bit about sort of that odd duality where you're seeing a project become one of the most popular, you're counting your GitHub stars or whatever it may be, but at the same time you're wondering, “How do I keep this going and how do I financially grow and support myself?”
MH Well indeed. Homebrew has been more successful than I ever could have imagined. It’s the case that it's rare that you meet someone who's a developer who hasn't at least heard of it, but usually they use it. I'm incredibly proud of that. And the truth is, when I released it it took a couple of months for anyone to notice it at all, and in that time I was like, “Have I made something that's terrible?” I felt that it was good, but in a way that sort of lack of attention drives you to make it better and better. And I was working at the job in London and I was doing Homebrew a bit there because we were using it and then I was doing it at home and weekends and staying up and I didn't really do much apart from program at that point in my life. It was truly the only passion I had. I feel a little bit more balanced nowadays. And eventually I managed to get someone's attention on Twitter and then it started to take off. And over the next three to six months, it was astonishing how quickly it gained attention. And just partly because of the way I designed it– I designed it from the start so that other people would feel the same urge I’d felt to contribute to this thing. I built it into the command, like brew create, brew edit. I wanted you to participate. I wanted you as a user to instead of how it usually is with open source tooling where you have no idea how to get started and you go to the Readme and you can't even find decent instructions for how to compile the thing or anything like that. I wanted it so that as soon as you had it on your computer you felt you could get involved. And it really happened. There's this video online you can find of the first three or four years of Homebrew and it's one of those diagrams that shows people's contributions and it builds up this tree. And it's astonishing, frankly. You see me at first, just lonely mxcl darting around adding files all over the place. And then suddenly a few other people turn up, and then suddenly again, there's hundreds of people there. And over the years, Homebrew is the open source project with the most unique contributors of all time. There is no other project that has surmounted that. And so very quickly it became something that I barely had the time to maintain, but I found that it was by far the thing that I was enjoying the most and so I quit the job I had. I had two full-time jobs and I quit the one that paid in order to work on Homebrew. And it was some of the best six months of my life, honestly. I loved it because we were creating this community, we were creating a tool together, all of us. And I was meeting all these really interesting talented people and we were combining ideas and inventing something that was becoming popular and useful. But I ran out of money of course, and so I had to get another job. And the truth is, my entire programming career has been one of cycling between doing open source and getting paid for doing other people's work. And usually when I was getting paid, I'd have two full-time jobs, honestly.
BP Right.
MK How does it make you feel as someone who's given so much value to not even just the open source community that benefits from this, it's every developer out there who's using Homebrew has directly benefited as a result of all the contributions for open source. How do you feel knowing that you've put so much time and energy and investment and personal risk as well into getting Homebrew to the state where it is and not having any direct reward or any financial compensation, because there are a lot of businesses relying on these tools to make squillions of dollars.
BP Yeah. Well you did that one successful Kickstarter, but I think that money went to the servers, right? Not to you.
MH Oh, yeah. No, I didn't take any of it and neither did anyone else on the project. At the time, people didn't really feel you could take money for open source, honestly. How I feel about it– honestly I feel fabulous about it. I'm very proud of all the open source I've done. Homebrew is obviously the most successful, the one I'm most well known for. And in many ways I feel kind of privileged, honestly, to have been able to have had that experience and to have contributed so much. I'd like to think that I'm definitely going to heaven. I’ve done my part.
BP That's right. There's a heaven for developers. I just want to get this entered into the record for the oral history books– you said it didn't really catch on until somebody on Twitter mentioned it. What was the tweet that got Homebrew rolling, that got the whole snowball going? I want to put this in the Wikipedia page.
MH Yeah. I'd like to thank Josh Peek, who at the time worked at 37signals. So it was a Ruby on Rails kind of oriented influence essentially. And he said that when the new version of OS X was released, because it was still OS X then, and I think it was Snow Leopard 10.6, that he was going to install Homebrew rather than MacPorts, and he linked to it. And I'm pretty sure that was the moment that I had all the forks suddenly appear. And this was before stars, so the only way you could show your interest in a project was to fork it. And it was even before pull requests, so I had to manually clone other people's forks to find contributions. And the first major contributor to Homebrew I discovered that he was doing tons of formulary package descriptions in Homebrew. And he hadn't even messaged me, he was just doing it for fun. You could message people on GitHub at that point, and they removed that feature after pull requests probably. So I messaged him. I was like, “Can I merge this stuff?” And he was like, “Oh, yes. Please.” And then he stuck around for years, and that was very common. People were just enjoying making the formula, and that kind of gamification that I added to brew was quintessential to its success. And I often talk about how you have to think about that aspect when you are designing your open source and if you want it to catch on, if you want people to use it.
BP Yeah, you mentioned that in the Medium post. Design it to go viral in some way to have that sort of contagion. I like that. So let's fast forward in time here a little bit. I think we've established kind of the premise here for the film. And now is the turn, this is the second act. You are not into crypto, but you're talking to a friend who is and he's getting into NFTs and you're experimenting with buying and selling them, and you notice something that kind of makes a light bulb at least start to turn on about how maybe open source could be better supported. Can you talk us through that?
MH Yeah, absolutely. As I say, my programming career was one of off and on where I really wanted to work on open source, but obviously we live in a capitalist world and whether you like it or not, you need to be able to pay the bills. So for years I’d been trying to figure out how to fund myself and I tried a few things. Four or five years ago I started a Patreon in an attempt to fund myself there, but the truth is I hadn't been that active in Homebrew for a while so my name had started to drop. And I spent six months trying to build it up to a level where it would allow me to live off the Patreon. I didn't need a good salary, I just wanted enough to pay the rent. And it's America, so I needed to pay for health insurance and things like that. And I couldn't get it above like 800. It was really difficult. And I felt bad, honestly, begging essentially for money. And I spent probably 40% of my time trying to market myself. I came up with ideas like, I'll release a new open source project every two weeks, and things like that. And I was doing that. They weren't great, but they were neat little micro frameworks and things. But it was just too much work and so I stopped and got another job. GitHub sponsorship came along eventually, but I think I make $11 a month with that currently so it's not really much to speak of. I know some people have more success than me so good for them, but open source in general is not funded. We know that. Log4j was a great example from last December. It enormously affected the world of software. Crazy how many enterprises were using this little logging library and they didn't even know it. They didn't even know they were using it, it was buried deep enough in the stack. Something was using it, then something else was using that, like a deep dependency, and then you could root Minecraft with a message in the chat window. And they went on Twitter and were like, “Okay, we're going to fix the bug,” because they were getting all this abuse. People don't know that these projects are open source still a lot of the time. The Coal developer has a famous email that he showed where someone was like, “Don't we pay you money?” And he's like, “Please pay me money.”
BP Right. Yeah, I've had these open tickets for weeks. This is completely unsatisfactory customer service.
MH So they said, “Well, we'll fix it, but it'd be nice if some of you could fund us.” And so they fixed it and the enterprises said they'd fund them, and I'm pretty sure they still have no funding. So the world's just waiting for that next thing. And that's also a reason that we need to fix funding because the entire internet, the entire software industry depends on open source. We know this. And these projects, they can't afford to do a proper security audit. They can't afford to put the time in to make sure that these things are secure. Every other month OpenSSL has some major exploit. We need to fix that. So I've been looking for years. And it was mid last year during the last crypto bull run, and obviously when it's a bull run everyone's starting to pay attention again. And so I've had a friend who's been in crypto since pretty near the beginning and he's been trying to get into me for years. And I remember in 2016 he was like, “Hey, Max. You could do a theory in digital contracts and make $500 an hour.” I was like, “Well, that's a very good hourly rate. However, I don't really find it that interesting.” And that's the truth for it for me. Money was always not the motivator. I need it, and I’d like to have more, it's nice to live comfortably. But if I'm not enjoying the work I get depressed. Like just when I had my career in chemistry, I discovered it just killed my motivation completely. So I never got into it. But last year I was finishing up another open source project that wasn't paying and I was like, “Maybe there's something here. Maybe I can figure out something.” And he was calling it Web3 and that was interesting to me as well because if you're going to be confident enough to put a whole new integer value on top of web, then there's got to be something there, otherwise you're being pretty pretentious. And so I discovered all the stuff I'd missed, like digital contracts are pretty interesting. I love the way you can automate whole categories of legal issues and monetary issues with digital contracts, and as long as they’re coded correctly of course, they’re completely impossible to bypass. And so I tried buying an NFT and I tried selling an NFT, and it was when I sold the NFT that I had the light bulb, because there was a digital contract there that forced 10% of the sale to go to the original creator of the NFT. I was like, “Ooh.” You can't bypass that. That's forced. There's no way around it. And it started me thinking about how open source is in a way a similar kind of system where you have a graph of packages and those original creators are the dependencies of those packages and they go all the way down. Because part of the problem with sponsorship models is they only sponsor the top of the stack, or maybe the first two layers– the things people know about. And even then it's only personal favorites. There are all these dependencies like Log4j that are very lucky to get anything. So you need an automated approach that can feed some kind of value to all the dependencies. So I found my friend and I was like, “Can we build something like this?” And he was like, “Let's see.” And we managed to raise so far $18 million to pursue this idea of building two things. Essentially tea is a package manager, it's my successor to brew. Over the years I have been keeping an awful lot of notes about what some sort of successor to brew could be, but I never found the motivation to build it because I've done it previously enormously successful. And I didn't want to take away from that by diluting the market unless I had a reason. And this idea of being able to remunerate the entire open source ecosystem, to make it so that people like myself can work full time on open source, it added that extra value prop that made me go, “Yes, we can build this.” And using a package manager to do it makes a lot of sense because then we build up the graph and we create a usage straight away for that ecosystem so it creates value for the crypto token.
[music plays]
BP From the wild west days of early SSO to the future of adaptive MFA, hear about the identity topics that matter from those actually building them. Identity Unlocked is a podcast that discusses identity from a dev perspective. Listen today at auth0.com/podcast.
[music plays]
MK Could you go a little bit more into how, say for example, Log4j as a home runner for this podcast, Log4j, within the ecosystem they're using tea. How is it that they would get compensated for everyone using their libraries, using their open source frameworks?
MH So I have to say this every time because people assume that basically what I've done is build a package manager where when you do tea install open Log4j or Node or whatever that you're going to have to pay 0.5 cents or something.
MK That was my kind of assumption. Yeah.
MH It's a logical progression of what we understand about markets and economics but I knew from the word go that if I did that it wouldn't work. No one wants that. You can't change the entire nature of how open source is used and then expect that to be a successful product. So I knew from the word go that I'd have to figure out some kind of indirect payments model, so that's what we have essentially. So we haven't built it yet, we're building it. We have a white paper out. You have to have a white paper apparently with these kinds of things. Although that's how I felt.
BP Hey, Satoshi set these rules, okay?
MH Yeah, exactly. I thought, “Well, do we need one?” But we wrote it and actually it really helped formulate the ideas more concretely so I don't poo-poo them so much anymore. So we have a proof of stake chain essentially, which the items in that chain are package releases. So every time you release a package, you'll do probably tea publish, but it's open source, it's an open API, the blockchain's open, so you wouldn't have to use tea for this. Tea, the company and tea the blockchain are going to be completely separate. Tea the company will never take any money from the blockchain. We're not taking a percentage or anything like that, it's a nonprofit organization. But we're building tooling on top of it to bootstrap it essentially. So package releases will go into the graph basically as NFTs, but it's just an immutable data point of some kind. And then that contains not only information about the release like the version, the package url, but also the dependency information as a small chunk of extra data in there. So essentially whenever any token enters the chain at any point, it will go to that project, and then a small percentage will go to the dependencies in that project, and then it'll keep splitting off until it gets all the way down. So every package in the open source graph can effectively be compensated. The more useful you are, the more token you get. So then it's just a matter of making sure stuff at the top gets token. Well, it's fairly easy as it stands because people typically do sponsor the stuff at the top anyway. But with our system, essentially you as someone who uses open source or cares about open source, will stake some value into that system. You're saying, “I care about the entire software industry and making sure that it's funded correctly so I'm going to put–” I don’t know, if you are a casual user maybe you'll put 50 bucks staking in there. With proof of stake systems there’s periodic epochs and a reward is generated for the people staking. It's like getting an interest payment from your bank, essentially. With our chain though, we're going to split that reward probably 50/50, so you'll get 50% of the rule because you are staking the open source ecosystem and saying you want to secure it, you value it, and then 50% will go to the packages you've picked to stake. So tea will help you with that. You'll be able to run a tea command and it'll say, “You're using these 10,000 packages. Do you want to automatically state that?”
BP Right. I love this for two reasons. One, as you point out, there's a bit of self-interest in there so incentives are always important. You can stake it to earn your own rewards and to show your support for the project. And two, as you pointed out, it has this internal mechanism similar to what you experienced with the NFT, and this could be used for any number of open source projects that are able to capture that web of contributions and reward people. And that's a very complex thing to do, to understand, as you pointed out, among this big tree of folks who may be working on or relying on something. I wonder also if you could show in a sense, to Matt's earlier point, who is using it a lot without contributing. Not that we want to name and shame people, but would that also be a portion of this? Like, “Hey, Corporation X. I noticed you're making quite a bit of use of this. Have you thought about staking over here at all?”
MH Well, I really hope that's going to happen. That's my goal. You talk to normal developers every day who work for a company or work on their own stuff and they feel bad about not helping out open source, but honestly it's not their responsibility in my opinion. There's so many huge companies that have made trillions of dollars, and 90% of their stack is open source. And yeah, usually they feel a little bit bad so they throw a few million a year at a various project or two. But the truth is, figuring out how to contribute to all the open source used, and I reckon they probably use 50,000 different open source packages, probably more, it's impossible for them to figure out how to give money to 50,000 different packages. But with a system like tea, we've essentially automated that for you. So I'm really hoping that the community will step up and say, “We know you use this, so why aren't you staking against it? Why aren't you showing your commitment to open source and the security and stability of the open source ecosystem by putting a few million dollars a year staked up against it?”
BP You've got some cash reserves earning interest somewhere. You could be earning it here. I mean, I guess just to timestamp this, we're recording this Thursday, November 10th. There's a lot of stuff happening in the news about coins and exchanges and things in the world of crypto. Have you thought about what token or stablecoin you would use in order to just sort of ensure that people who stake can get compensated? There's some feeling of security or safety there. That's, I guess, one of the big issues. I love the idea of stablecoins and I love the idea of tokenized rewards, but the ecosystem has really struggled with trust over the last six to six to eight months.
MH Yeah. Crypto justly gets scorn and skepticism from most developers and so I always have to start with my story of how I was similarly skeptical. But the truth is, anyone who's gotten even vaguely interested in it sees that there is some genuine utility in that technology. And yeah, there's been a lot of scams and corruption, but money tends to corrupt, and this is literally making software money like digital gold. So I'm hoping projects like tea will be some of the first that show that it can have genuine value to something that is sorely needed. In terms of what token we're going to use, we're almost certainly going to be a layer two at this point in some capacity, delegating that security to some established player, whether or not it would be a stablecoin or to some other independent token. We're still figuring out the details of that but we're going to start building it probably, hopefully this year. I have a Chief Blockchain Officer and he's very experienced and knowledgeable in this area, so I delegate most of these decisions to him. See, my experience is more with general open source than that.
BP I love that title. Glad that exists in the world.
MK The old CBO. I guess one of the questions I have, and I'm not sure how on the nose this is, is obviously you've cultivated a really good reputation with all the work that you've done with brew and a number of other open source projects, and then coming into the blockchain ecosystem with crypto and everything else, I feel like there's a high amount of trust for the work that you do, but as Ben's point, there isn't as much trust around crypto and the blockchain. So with your collaboration with blockchain folks, can you talk to some of the people that you've got on board that might help kind of establish a little bit more of a trust network with tea and what you are hoping to achieve?
MH Well we're doing our best to present ourselves as this is a product of someone who's been in open source for a long time and he sees this as being something that could fix a number of problems the open source communities have. And I've had a lot of outreach from various other people who were in my shoes who were passionate about open source, but never figured out how to actually do it full time, and they're very excited and hopeful about what we're doing. I get a lot less skepticism from genuine open source people than the consumers of open source, so I really hope that's going to help us get going, because people are going to be using tea because they're hoping it will work for them and then persuading their user base to participate. And at the end of the day, I've also built what is, I think, a truly wonderful new piece of software– the tea-CLI as we call it, the tea package manager. We released it last Thursday, so it is out now, and it's a different way of looking at the open source ecosystem and how you use it. With tea, you don't think about, “Do I need to install foo?” You think, “I need to use foo and I use tea to do that.” And it's not the same. I came at it thinking that dealing with a package manager sucks. Everyone loves Homebrew because it tries to get out of your way as much as possible. But even better than loving Homebrew would be to never think about Homebrew at all and just be getting onto the parts that Homebrew enables. And so with tea that's what I've tried to do. Tea is not exactly a package manager, it's more like a set of packaging infrastructure that enables new things, entirely new things. So I'm hoping that those who are skeptical about the Web3 component and what we're doing will be unable to not enjoy tea the command line interface– tea-CLI, and want to participate in that and then be brought around to what we're doing which is a noble cause rather than another attempt at a Ponzi scheme and things like that. I totally get why people are skeptical about this market. I totally do. So we are quite separated, you can use the tea command line tool and never participate in the blockchain parts, never participate in the Web3 parts. Now it will, with time, be using that blockchain for its package database and I'm hoping other people are going to use it for the package database as well. One of the things I've set out to do is stop this endless duplication of packaging infrastructure and data that has happened time and time again. Every Linux distribution does it itself and every system packager. And what also I would like is for things like NPM and RubyGems and Hyper and stuff like that to consider using our blockchain as the registry for themselves as well. We're going to be building out libraries and tooling to make that super simple. So that's a long term goal.
MK In terms of what people can expect from a roadmap perspective, are there any new features that you are really pumped to launch in the next year, two years, five years? Can you give people kind of a brief highlight reel of what you're expecting to achieve over the next little while?
MH Well some of the stuff I'm most excited about, apart from obviously remunerating open source as a whole, but realistically that's going to take more than 12 months to happen. So in a more short term roadmap, we're going to have to test that out next year so that'll be fun for sure. I'd love to see what people think of doing on top of essentially a set of digital contracts for the value of open source software. But for the package manager, we're going to release an app for a start. I've often felt that package managers are basically app stores for developers, so we're literally going to release an app to do that. And one of the things I'm excited about with what we are doing is that tea itself is really something that uses all of open source. It pulls in the open source tooling and uses them inside of itself, so I want the app to be something that that is a major feature and all these different tools can be used together. So effectively I want us to become like a Zapier for your desktop essentially, where people can add scripts– we call them tea scripts– to the app and then you can just open it up, click a button, and it can do things using multiple tools, taking files from your computer, ingesting them, dumping them out, running a web server in postgres, whatever. All the power of your computer I feel is kind of under-exploited essentially. So I'm pretty excited about what we're doing there. And the idea of tea scripts we have in the command line tool as well. You can write a script, you can pull in anything from the entire open source ecosystem inside that script, and then you can share it and people can easily do rather complex things.
[music plays]
BP Thanks for listening, everybody. I am Ben Popper, Director of Content here at Stack Overflow. You can always find me on Twitter @BenPopper. I have one of the old blue checkmarks, so look for that. You can always email us, podcast@stackoverflow.com, with questions and suggestions. And if you like what you hear, leave us a rating and a review. It really helps. Or stake us. Stake us and we'll split it with you.
MK And I'm Matt Kiernander. I'm a Developer Advocate here at Stack Overflow. You can find me online on YouTube and Twitter at @MattKander.
MH I've been Max Howell. Thanks so much for having me on. Certainly Stack Overflow is one of the most useful tools that has ever been written. And you can find me at twitter.com/mxcl, and go check out tea– it's at tea.xyz. And click that authenticate button because we'll check out your GitHub and if you've got some open source then you'll be put on the list to receive some tea token when we launch the main net next year.
BP Very cool. All right, everybody. As always, thanks for listening and we will talk to you soon.
[outro music plays]