40. Operating Open Collective
Hosted by Becky Jaimes and Danielle Adams, with guest François Hodierne.
Open Collective is a platform aimed at simplifying financial contributions to open source projects. Open Collective receives recurring payments and donations from large organizations and redistributes it to open source maintainers to sustain their work. François Hodierne joins us on this episode to talk about how Open Collective sustains itself, through its adoption of Node frameworks, its open code and transparent decision-making, and its successful bug bounty program.
François Hodierne is a lead engineer at Open Collective, and he's joined in conversation by Danielle Adams (the Node.js language owner at Heroku) and Becky Jaimes (the product manager for Heroku Data). Open Collective serves as a legal and banking entity for non-profit tech projects to raise donations and funds. All of Open Collective's repositories are open source, and they run a complete Node.js stack, via a GraphQL API on the backend and a Next.js frontend.
As a core team of just three people, Open Collective relies on public contributions from its community. Recently, they've instituted a very successful bug bounty program, which uses labels to identify the amount of money an issue is worth. By assessing the difficult and urgency of an issue, they've been able to asynchronously communicate to others what they need to do and what they need to achieve to close the bug. Contributions have come in from developers all around the world, but after Open Collective's recent partnership with Open Source Community Africa, the main countries they've seen activity from were Nigeria and Kenya.
Links from this episode
Becky: Welcome to the Code[ish] podcast. My name is Becky Jaimes. I'm a product manager here at Heroku and I'm really excited to introduce you today to François Hodierne; a lead engineer at Open Collective and also Danielle Adams here from Heroku who is the language owner Node.js So welcome Danielle.
Danielle: Hi everyone. I'm Danielle. As Becky said, I'm the Node.js language owner at Heroku. So I work on the Node.js buildpacks and the tooling for your Node apps.
Becky: And François, welcome to the podcast. You want to do a little intro about yourself and tell us a little bit about the Open Collective?
François: Yeah, so my name is François Hodierne. I'm engineering director at Open Collective for a bit more than one year. And for the one who don't know Open Collective, it's a platform that helps communities raise money and operate with a transparent budget and to raise money on Open Collective: you don't need an entity, you don't need the bank account, you can just use a platform like that.
François: Most of the projects are nonprofits. They are- we are having a lot of open source projects. We also have meet-ups and citizen initiatives.
Becky: Oh cool. And you also mentioned that you don't have to be a legal entity, is that correct?
François: Yeah. Open Collective, itself, is a platform where nonprofits named Fiscal Hosts can connect and host themselves; the project and the communities. And so, for example: we have a nonprofit name, Open Source Collective, that is hosting all open source projects. We have a Fiscal Host in Europe, in UK, in Belgium and the projects are, technically, hosted by these nonprofits; not Open Collective itself, which is a platform.
Becky: Oh, interesting. So the hosts are independent entities from you guys.
François: Yeah, exactly.
Becky: So, some of the difference I understand, from Open Collective; from other platforms, is that, well, first of all is a full transparency that everybody can see how you receive and spend the money, but also that you are allowed to have kind-of-like a currency in this, in this collections. Is that right?
François: Yeah, you don't need the legal entity, you don't need the bank account and you can just finance your communities with the platform.
Becky: Oh wow. So, okay. So now switching back a little bit more to the technical aspect of it. You're a lead engineer there?
Becky: How many people work with you?
François: We are a really small company, we are six people full time and three people engineering.
Becky: Okay. And you- most of your project is in Node.js, is that correct?
Danielle: Do you find that- do you think that your teams are more efficient by working with one language rather than two or three languages?
Becky: Do you take care of processing payments and all that stuff or do you use like a library for that? How do you set it up?
François: So for processing payments, we rely on Stripe for credit card transactions and we also support PayPal. We would like to integrate more payment methods and we're going to expand the slowly.
Becky: To store data, do you use a Heroku Postgres database as well?
Becky: Is your team distributed like the people, how many people did you say are in Open Collective engineering team?
François: Right now, we are three and we are currently hiring the fourth person. We are 100% remote.
Becky: Oh cool. So you- where are you located and where is the rest of your team?
François: Right now, I'm working with Ben from France. He's a splitting his time between Paris and the South of France and we have a young engineer working with us from Nigeria.
Danielle: Do you take- since the repositories are public on GitHub, do you take, kind of, outsourced pull requests or, kind of, work with other people that are outside the company?
François: Yes, definitely and there are some things that we are really trying to expand. At Open Collective, there is a core team, but there is also the world community around it and what you're trying to do with the engineering team is to blur the line between the core team and the community and to do that, it's a good start to have the projects open source and to operate as a 100% open company. You can- if you want to join the team, you can just jump on a Slack and you'll see what we're doing on a daily basis.
François: What was missing is an incentive for community members to contribute and what we are exploring since last February is a bounty program and the goal is to attach a small amount of money on some key issues and to invite the community to contribute. And we use like a simple model; $100 for a really simple issue, $200 for a medium one and $500 for more complex issue. This is was a great success; we saw something like 45 issues solved in the last month by 15 contributors and we paid over $7,000 in this bounty program and we're going to try to expand that even more in the next month.
Danielle: Okay. So bug bounty programs are, I think, becoming more popular because there's an increase in, kind of not-awareness, so-not popularity of security- but more of awareness and a lot of companies don't have the funds so doesn't even- bug bounty doesn't have to be security related. But so, if someone wanted to get involved with a bug bounty program or get started, how would they do that at Open Collective?
François: The first thing if you want to contribute to Open Collective is to, maybe, clone the Open Collective project on your computer. And so we have many projects, but the main one would be the front end, which is a website and all the interface. You can just create on your computer and it would be running with the staging API, meaning that you don't need a complex dependencies, you just do a git clone npm style and npm start and you can already execute it on your computer with some data. If you want to start contributing, you can look at the classic labels issues, like a good first issue, but for a bounty program, we were using a specific label, just bounty and you can use this label to search all the open issues with a bounty.
Becky: So wait- so you're already labeling them as bounty and you're just expecting people not to find these vulnerabilities, but to show them- to help you fix the code and show them or...?
François: So it's important to understand that it's not just about the vulnerabilities; it can be bugs, it can be really small features, small enhancements. Today, we have many, many issues in our GitHub, but everything we do is a transparent. Today, it's maybe 300 open issues and we are only tagging the small portion of that with this bounty label. Which kind of issues are we picking? Issues that easily understandable for newcomers, that are easily deliverable; so the person working on it understand what they need to do and what they need to achieve. And of course it needs to be simple enough to be solved in a few hours, a maximum one day because after that it's too much asking for community members.
Becky: And these community members that you mentioned 45- 45 this past month, 45 bugs or bounties?
François: Yes. This was the last time you wrote a blog post. Maybe we can give the link?
Danielle: Oh that's really cool.
François: And there's also a spreadsheet with all the data, but last time I checked it was around 45 issues solved from 15 contributors.
Becky: And where are these contributors mostly located?
François: From all over the world, really; Europe, from Japan, but a lot of them are actually in Africa right now. The reason for that is that we partnered with a movement named Open Source Community Africa and we had small events there to introduce our operating program and this was really well received because I think the developers there. They're really happy to have access to a great project like Open Collective and be able to contribute to it and get money for it cause the main countries we've seen activity are in Africa were Nigeria and Kenya.
François: So our stack, as I said before, it's two main projects. So one API on one side; GraphQL API, the other side is our front end, which is running with Next.js and React. And so these two completely separated projects on Heroku and in the code base also and for each of these projects, we were running one staging and one production. And so when we want to do a release we don't have to push to these two projects at the same time; we do either an API release or a full time release and we first were using a staging and if everything is fine, we went in on deploying to production and we actually are not using anything fancy for these deployments. We just have a screens that is deploying with git and it is a feature of Heroku. I really like this deployment with and it's still there and for me this is the best.
Danielle: So I was going to ask you, it's kind goes back to the project that you all have open sourced. I did take a look at it and I was curious, I saw that you're using Next.js instead of- kind of, home rolled like React application, you're using Next. I was curious like what went into that decision? Did you look at using create-react-app or did you try that and it didn't work? What was the appeal to use Next?
François: I joined Open Collective a while ago and Next was already there so I didn't pick it myself, but I would have picked because I think it's really brilliant. In the past, I've built and worked with React App and we had to do all the configuration manually; especially the server side rendering and also the babel configuration, webpack configuration and the fantastic thing with Next is that you, everything is done for you and you can just code and all the basics are really sensible and it just works. We are really happy with Next. We are upgrading every time there is a new version and I'm working closely with the next year's team. Actually, I recently learned that the team at Google in Chrome is, is currently working on next year's performance and they're using our application; a full time project, as a benchmark for the optimization because they're really happy to have this, this complex app that is realistic and open source.
Danielle: So I was also curious because this is- Next is a framework that uses React and some of the React tools in the ecosystem and there's also other web frameworks like Angular and Ember. What is the, so like what are the differences in like using Next, I mean you do get react but against using something like Angular, which is, or Ember, which is like a little bit more opinionated or are there any differences at all?
François: So first one thing I really appreciate is the ecosystem is all this fantastic libraries that are well tested and that you can always rely on. And for example: we're using Express, we're using the GoDash, we are using Moment and this is when one of my highlights; they're always working great, but they also have a great website with a fantastic documentation and we take care of the upgrades properly. And I really liked these kind of libraries.
François: Some projects that we- we really love and, but it's not just Open Collective because I think everyone using them is a Prettier and ESLint. I don't know if you know Prettier, but it's a format and it's so much better since we have this tool because in the past when someone was doing a pull request; half of the time was spent arguing about the formatting, the indentation. And with Prettier, it's automated and there is no discussion after that. So that's really a time-saving. And we are using ESLint in a similar fashion, it's doing just a bit more than just formatting, so doing some static analysis to tell you when you have a variable that you're not using, or some things that doesn't look right in your code. And it's the same way. It's saving so much time, especially when you have subpar contributors contributing to your codebase.
Becky: Since you are such a Heroku advocate and Heroku user, I want to know what are the top three-or like your top features you love from Heroku that you think everybody should like love too? Or if you have any-any, I mean, I am part of a product team so if you have any things that need- that you want us to change, or enhance also this-this will be great opportunities. So the floor is yours
François: Overall, it's not just with Heroku, but usually, I'm a really happy user. I don't complain that much, but I mentioned that before in the discussion. But for me the, the top feature of Heroku who is deploying with Git. I don't see that in all the services and-or any platform that makes that so easy; so never change that please. And the second thing that I really appreciate the Heroku dashboard because everything is there. You have the last activity we deployed, when--if you were in a big emergency and you need to roll back, you can just login in the web interface from your phone and just push the roll back button and here you go. And same for scaling. If you are on the team and there's a lot of traffic suddenly that you need to scale and that the automated scaling didn't trigger, you can just go into the web interface and adjust it. It's really handy.
François: Also the integrated metrics; they're kind of basic, but they cover what is really needed and at Open Collective we have a project to have more detailed metrics that we are going to, we pulled from our app, but why we didn't do that yet is because overall the metrics we have in the Heroku dashboard, they're good enough. Oh they were good enough until now. And that's the things that you have that out of the box, it's really pretty cool.
Becky: That's really the, yeah, that's, I totally agree with you. Those probably are also my favorite. And how about something that is not there, you wish was there.
François: I think this will be an opportunity to, and answer this question is to first mention something I like are the Postgres and where these integrations. We liked them because they're first class citizen and you can do the administration also from new dashboard and they're pretty reliable. But this is the only one that will be integrated in Heroku. In the end it feels really better when it's integrated right in your Heroku dashboard and that you don't have to go somewhere else. And for example, advanced logs will be really great to have integrated.
Danielle: Yes, that's true.
Becky: I'll make sure to pass that over to the other product managers. But yeah, it was great. It was great having you. Thank you so, so very much for your time, we're coming to the end here.
Danielle: Thank you.
Becky: Anybody. So this is actually a good moment too. I learned a lot about Open Collective in preparation of this podcast, but I think it's a great platform. The two major differences it has with other fundraising for- from our crowd funding platforms really do make a big difference. The full transparency and letting everybody see how you receive money, how you spend it, and also having the ability to have those recurrently help you like that. It allows you to raise money with recurrence so for example, getting membership or donations on a monthly basis is really nice. So if anybody wants to help any of the cool projects that are in Open Collective, just head over to opencollective.com. You do have also a Slack channel. So if more people have more questions and they want to engage with you, can I send them to slack.opencollective.com?
François: Yeah, we are 100% open communities. This is a way we operate and everyone is welcome to join our Slack or GitHub. And we also have some meetings that are public. For example, our meetings on Friday where we demo new features, what we work on. So yeah, this is a way you can join our community.
Danielle: Wonderful. Well thank you so very much. It was a pleasure having you.
Becky: Thank you for chatting with us.
François: Thank you for having me.
A podcast brought to you by the developer advocate team at Heroku, exploring code, technology, tools, tips, and the life of the developer.
← Previous episode
39. Evolving Alongside your Tech Stack
Next episode →
41. Architecting Multi-Tenancy
March 3rd, 59. All About the Cloud
Product Manager, Heroku
Incurable optimist. Surf wanderer. Data Aficionado. Colombian to the bone. Eats soup for breakfast.
Node.js Language Owner, Heroku
Code writer & Node.js language owner @heroku.
More episodes from Code[ish]
Emmanuel Levijarvi, Teddy Ward, and David Morgenthaler
We're all familiar with using data and analytics to monitor the performance of our applications, but Kevala is applying those software fundamentals in new industries. Kevala tracking energy grids in cities and neighborhoods, to map the ways... →
Bret Fisher and Mike Mondragon
Docker has emerged as an extraordinarily popular way to safely and predictably deploy applications. But because of its rapid evolution, changing business targets, and technical composition, it can still be a bit daunting to understand when... →
Joe Leo and Corey Martin
Legacy code is everywhere. Software is also being modified, whether as a result of new requirements, new security issues to patch, or new hardware and operating systems to target. Whether you're working with code from three months or three... →