summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPatrick Spek <p.spek@tyil.nl>2022-01-18 12:01:37 +0100
committerPatrick Spek <p.spek@tyil.nl>2022-01-18 12:01:37 +0100
commitbdf8752458d4209d1c39267681c2b137dd2848c8 (patch)
tree2df09d080de0a243ee0dd61821fb64df96b432e1
parent1b3ec9f2844e93992aefdbad33d686b9726175e5 (diff)
Add missing articles from 2017
-rw-r--r--content/posts/2017/2017-11-01-hacktoberfest-2017.md215
-rw-r--r--content/posts/2017/2017-11-16-perl6-setting-up-a-raspberry-perl.md208
-rw-r--r--content/posts/2017/2017-12-17-on-cloudflare.md136
-rw-r--r--content/posts/2017/2017-12-21-funding-yourself-as-free-software-developer.md236
4 files changed, 795 insertions, 0 deletions
diff --git a/content/posts/2017/2017-11-01-hacktoberfest-2017.md b/content/posts/2017/2017-11-01-hacktoberfest-2017.md
new file mode 100644
index 0000000..95c8688
--- /dev/null
+++ b/content/posts/2017/2017-11-01-hacktoberfest-2017.md
@@ -0,0 +1,215 @@
+---
+title: Hacktoberfest 2017
+date: 2017-11-01
+tags:
+- Contributions
+- FreeSoftware
+- Github
+- Hacktoberfest
+---
+
+# Hacktoberfest 2017
+
+This year I actively participated in the Hacktoberfest event, which is "a
+month-long celebration of open source software". Ironic, given that the
+companies organising it don't have their own software stack open source.
+
+I've found some issues to solve in [https://perl6.org/](Perl 6) projects, and
+that lead to trying to solve issues in some other projects, and eventually I
+got more PRs out than there are days in the month. It did go at the cost of
+some sleep, but in the end it seems worth it. In this article, I'll give a
+small overview of all those PRs, in no particular order.
+
+## Projects contributed to
+
+### Funtoo
+
+#### funtoo/boot-update
+
+- https://github.com/funtoo/boot-update/pull/14
+
+When reinstalling my server to try out [https://docker.com](Docker), I noticed
+an error in the output of the `boot-update` utility, a tool from
+[https://www.funtoo.org/Welcome](Funtoo) to make installing and configuring the
+bootloader easier. The error itself was a small type of a `-` which had to be a
+`_`.
+
+#### scriptkitties/overlay
+
+- https://github.com/scriptkitties/overlay/pull/14
+- https://github.com/scriptkitties/overlay/pull/15
+- https://github.com/scriptkitties/overlay/pull/16
+
+This is the overlay of the [https://scriptkitties.church](Scriptkitties)
+community. It's got some additional software released under a free license that
+is not available in the main portage repository. Most of the packages in here
+are of software made by the Scriptkitties community.
+
+This month I updated the readme to be in asciidoc, my new favourite format for
+documentation. The Travis builds should also no longer throw errors, so those
+can be used again to ensure the overlay is meeting quality standards. One
+package has also been updated to be at it's latest version again.
+
+### Perl 6
+
+#### moznion/p6-HTML-Escape
+
+- https://github.com/moznion/p6-HTML-Escape/pull/1
+
+On this repository, I added a subroutine to also handle unescaping HTML special
+characters. Sadly, the owner of this repository has shown no sign of life, and
+the PR remains open.
+
+#### rakudo/rakudo
+
+- https://github.com/rakudo/rakudo/pull/1180
+
+This is a rather small issue, but I noticed it when compiling Perl 6 with
+[https://github.com/tadzik/rakudobrew](Rakudobrew) and it annoyed me.
+[http://zoffix.com/](Zoffix) was a great help in getting me started on this one,
+and in general with many other Perl related contributions as well.
+
+#### scriptkitties/perl6-IRC-Client-Plugin-Github
+
+- https://github.com/scriptkitties/perl6-IRC-Client-Plugin-Github/pull/2
+
+A neat feature for the Github notification system, HMAC adds a header that can
+be used to verify the body of the request, and can be used to verify the other
+end of the connection knows the right "secret". Inspired by a Perl 6 bot that
+already did this, I made a PR to make this a proper
+[https://github.com/zoffixznet/perl6-IRC-Client](IRC::Client) plugin. It is still
+being tested in [https://github.com/scriptkitties/musashi](musashi).
+
+#### perl6/roast
+
+- https://github.com/perl6/roast/pull/342
+
+Roast is the test suite for Perl 6. There was an open issue for the IO::File
+tests, which needed expansion. As my first contribution during a Perl 6
+squashaton, I expanded these tests to fix the issue that was open for it.
+
+#### vim-perl/vim-perl6
+
+- https://github.com/vim-perl/vim-perl6/pull/9
+- https://github.com/vim-perl/vim-perl6/pull/10
+
+This first PR has become a bit of a drag, with the maintainers not responding
+for two weeks, but suddenly very eager to respond when I mention I'm going to
+fork off and update the reference on the Perl documentation to my fork.
+Nonetheless, it's sorted out, and the abbreviations for unicode operators
+have been merged in!
+
+#### timo/json_fast
+
+- https://github.com/timo/json_fast/pull/32
+
+`JSON::Fast` is the de-facto standard for dealing with JSON data in Perl 6 it
+seems. For my work with `App::Cpan6` I wanted the JSON data to be ordered, so I
+added that as an option when calling `to-json`. Having the JSON data ordered
+makes it easier to compare diffs of two different versions of the data, making
+git diffs a lot cleaner.
+
+Sadly, timo has not merged the PR yet, so I can't properly depend on it in
+`App::Cpan6`.
+
+#### scriptkitties/perl6-SemVer
+
+- https://github.com/scriptkitties/perl6-SemVer/pull/1
+
+This is one of the new projects I started. It is intended to be used in
+`App::Cpan6`, since that uses [https://semver.org](Semantic Versioning) for all
+modules it works with. This module defines a class that can interpret a SemVer
+notation, and exposes methods to bump any part of the version.
+
+#### perl6/doc
+
+- https://github.com/perl6/doc/pull/1614
+
+This has been one of the more annoying PRs to work on, as the current `zef`
+maintainer insists everything but his module is wrong, and seemed very
+uninterested to improve the situation for users. After some discussion on IRC,
+some more discussion on IRC, and then some discussion on the PR itself, I
+decided to just word the paragraph differently.
+
+I am still interested in improving the documentation here and the ecosystem
+itself, mainly the `META6.json` specification, and getting `zef` to play nice
+with this spec. If anyone else is interested in helping me out on this, do
+message me on IRC!
+
+#### perl6/perl6.org
+
+- https://github.com/perl6/perl6.org/pull/86
+- https://github.com/perl6/perl6.org/pull/87
+
+There were some open issues for the [https://perl6.org](perl6.org) website, and
+I decided to take a look at some and try to fix them. This resulted in NeoVim
+being added to the list of recommended editors for Perl 6, and the list of IRC
+bots being updated to include all bots in use right now.
+
+#### scriptkitties/p6-MPD-Client
+
+- https://github.com/scriptkitties/p6-MPD-Client/pull/1
+- https://github.com/scriptkitties/p6-MPD-Client/pull/2
+
+As I was making `App::MPD::AutoQueue` and `App::MPD::Notify`, I found some
+issues in `MPD::Client`. I fixed those to get my two new projects working
+nicely.
+
+#### melezhik/sparrowdo
+
+- https://github.com/melezhik/sparrowdo/pull/15
+- https://github.com/melezhik/sparrowdo/pull/18
+
+Sparrowdo is a configuration management system, written in Perl 6. I learned
+about it after a reference from the Perl 6 Weekly, and set out to try it. I ran
+into some issues, which I reported and eventually fixed.
+
+In addition, I also rewrote the testing script for Travis, which enables
+paralel builds of the tests. This has nearly halved the time required for
+running the full test suite.
+
+#### perl6/ecosystem
+
+- https://github.com/perl6/ecosystem/pull/371
+- https://github.com/perl6/ecosystem/pull/372
+- https://github.com/perl6/ecosystem/pull/374
+
+These PRs added a module, and removed that one and more later on, since I got a
+PAUSE ID and uploaded my modules to CPAN.
+
+#### scriptkitties/perl6-App-Cpan6
+
+- https://github.com/scriptkitties/perl6-App-Cpan6/pull/1
+- https://github.com/scriptkitties/perl6-App-Cpan6/pull/2
+- https://github.com/scriptkitties/perl6-App-Cpan6/pull/3
+- https://github.com/scriptkitties/perl6-App-Cpan6/pull/4
+- https://github.com/scriptkitties/perl6-App-Cpan6/pull/12
+- https://github.com/scriptkitties/perl6-App-Cpan6/pull/13
+- https://github.com/scriptkitties/perl6-App-Cpan6/pull/14
+- https://github.com/scriptkitties/perl6-App-Cpan6/pull/15
+
+`App::Cpan6` is a tool I've started working on to assist me in creating new
+Perl 6 modules. There's been a couple of tasks that I do often in the process
+of creating a module, and those tasks should become easier and faster using
+this module.
+
+If everything works out and I learn enough of the module installation process,
+I might consider letting this deal with the installation and updating of
+modules as well.
+
+## In retrospect
+
+The Hacktoberfest has been an interesting month for me. I've gotten to
+contribute to a project I have come to love a lot, Perl 6. I've also made some
+new friends with similar goals. Sadly I can't put in this much time every month
+of the year, but I would if I could!
+
+I learned many interesting things for Perl 6, new operators, new functions, all
+kinds of cool stuff to improve my Perl scripts with. I also got to learn about
+parallelizing Travis builds with the Sparrowdo project, of which I will write
+another tutorial post later.
+
+I've greatly enjoyed contributing to all the various projects, and would
+recommend other people to check it out too. The people on the respective
+project's IRC channels have been a great help to me to get started, and I can
+help out getting you started as well now.
diff --git a/content/posts/2017/2017-11-16-perl6-setting-up-a-raspberry-perl.md b/content/posts/2017/2017-11-16-perl6-setting-up-a-raspberry-perl.md
new file mode 100644
index 0000000..c9b029f
--- /dev/null
+++ b/content/posts/2017/2017-11-16-perl6-setting-up-a-raspberry-perl.md
@@ -0,0 +1,208 @@
+---
+date: 2017-11-16
+title: "Setting up a Raspberry Perl"
+tags:
+- Tutorial
+- Perl6
+- RaspberryPi
+- Raku
+---
+
+# Perl 6 - Setting up a Raspberry Perl
+
+In this tutorial I'll get you through setting up a Raspberry Pi with
+[Perl 6](https://perl6.org/). I am using a Raspberry Pi 3 myself, but other
+versions should work fine too. However, older versions are slower, so it might
+take a bit longer to install completely.
+
+{< admonition title="Note" >}
+For those who have never had a Raspberry Pi before, you will need
+the following:
+
+- Raspberry Pi board
+- Power supply (5v 2A, micro USB)
+- SD card of at least 4gb, but I would advise at least 8gb
+- Monitor with HDMI cable
+- Keyboard
+{< / admonition >}
+
+Perl 6 will be installed using
+[https://github.com/tadzik/rakudobrew](Rakudobrew), which I'll also be using to
+get [https://github.com/ugexe/zef](zef) installed. Zef is the recommended module
+manager for Perl 6.
+
+## Setting up Raspbian
+
+The first step is getting the OS set up. To keep this tutorial simple, I will
+stick to [https://www.raspbian.org/](Raspbian), but if you feel confident in
+your skills you can use any other distribution or OS. Perl 6 installs the same
+on all UNIX(-like) operating systems.
+
+### Get the image
+
+First, [https://www.Raspberrypi.org/downloads/raspbian/](download the Raspbian
+image from the Raspberry Pi download page). I chose the `LITE` version, but if
+you prefer having a graphical desktop you can go for the `DESKTOP` version
+instead.
+
+At the time of writing, this means I got the
+`2017-09-07-raspbian-stretch-lite.zip`. If you want to verify you got the
+correct download and nothing went wrong saving it to your disk, you can verify
+the checksum. The checksum for your download is noted below the download links.
+To get the checksum of the file you downloaded, use `sha256sum` as follows:
+
+NOTE: Lines prepended with a `$` are to be ran as your normal user, whereas
+lines with a `#` are ment to be ran as "super user". This can be done by using
+a privilege escalation program, such as
+[https://www.linux.com/blog/how-use-sudo-and-su-commands-linux-introduction](`sudo`).
+
+ $ sha256sum 2017-09-07-raspbian-stretch-lite.zip
+
+If the checksum matches the one noted below the download button you used, it
+should be fine, and you can continue with extracting the image from the zip
+using `unzip`:
+
+ $ unzip 2017-09-07-raspbian-stretch-lite.zip
+
+This will result in a similarly named file, but with a `.img` extension instead
+of `.zip`. This is the image that you can write to the SD card.
+
+### Write the image to the SD card
+
+This step is pretty easy, but typos here can be disastrous for the system
+you're using to write to the SD card.
+
+Open a terminal and run `dmesg -w` as super user (usually doable using `sudo
+dmesg -w`). This will give immediate feedback when you insert your SD card, and
+shows which device it is being assigned to. In my case, this was `sdb`, which
+means the device file resides at `/dev/sdb`.
+
+Now, to actually write the image, I'll use `dd` since this is everyone's
+favourite tool, it seems. If you feel adventurous enough to try out something
+different, feel free to read up on
+[https://www.vidarholen.net/contents/blog/?p=479](Useless Use of dd).
+
+Make sure to make the `if` argument point to the correct path with your
+extracted raspbian image, and `of` to point to the correct device as identified
+earlier. In order to be allowed to run this command, you must be root, which
+can be achieved by using `sudo` or `doas` again.
+
+ # dd bs=4M status=progress if=/path/to/2017-09-07-raspbian-stretch-lite.img of=/dev/sdb
+ $ sync
+
+Afterwards, plug it into your Raspberry Pi and attach all cables you might
+need. Think of stuff like a keyboard, mouse, monitor, internet, power. Do power
+last, as the Raspberry Pi will start immediatly once it receives power.
+
+### First boot
+
+The Raspberry Pi should start booting the moment you supply it with power. If
+you attach the HDMI after the power, it's possible you won't have display
+working, so make sure HDMI is attached before powering up.
+
+You'll see some text scrolling by, up to a point where it asks you for a
+`login`, and accepts keyboard input. The default username is `pi`, and the
+default password is `Raspberry`. You are strongly advised to change the
+password upon login, which can be done in the next step.
+
+### Configuration
+
+The Raspberry Pi comes with its own configuration tool, `raspi-config`. Run
+this with `sudo` prepended in front of it so you gain the right privileges. I
+would advise you to at least change the user password from here. After this you
+should go to `Advanced Options` and expand the filesystem. This will grow the
+filesystem to the entire SD card's size.
+
+TIP: To get to the buttons on the bottom (`Select`, `Finish` and `Back`), use
+the arrow keys to go left or right.
+
+You can look around the tool for other interesting things to modify. Once you
+are satisfied, go back to the main menu and choose `Finish`. It will ask to
+reboot, which you should accept. This will apply all the new configurations you
+just made.
+
+### Updating and installing additional packages
+
+It's rare for the system to be completely up to date after installing the image
+on the SD card. Additionally, you also need some extra packages in order to get
+rakudobrew, and to install Perl 6 itself. For this, we use the package manager
+bundled with raspbian, `apt`:
+
+ # apt update
+ # apt upgrade
+
+This will update the package lists, and then upgrade all outdated packages to
+their newest versions. You should do this at least once a week to make sure
+your system stays up to date.
+
+Once the upgrades are finished, you can install some new packages which are
+needed later on in this tutorial:
+
+ # apt install git build-essential
+
+`git` is required to get the rakudobrew repository and is also used by
+rakudobrew itself to get the sources needed to build Perl 6 and to install zef.
+The `build-essential` package comes with all sorts of tools to build software,
+which is required to build Perl 6.
+
+## Installing Perl 6
+
+Now, we've got a working Raspberry Pi installation. We can start doing things
+with it, such as playing around with Perl 6.
+
+### Setting up Rakudobrew
+
+Rakudobrew is a nice tool to manage Perl 6 installations on your system. It can
+also install `zef` for you, so you don't have to deal with this manually. This
+is all documented on the repository's `README.md` file as well, but I'll
+explain it here too. I do make a few small tweaks here and there to match my
+preferred setup more closely.
+
+Clone the repository to your system, and add it to your `$PATH` to be able to
+use the scripts bundled with it:
+
+ $ mkdir -p ~/.local/var
+ $ git clone https://github.com/tadzik/rakudobrew.git ~/.local/var/rakudobrew
+ $ export PATH=${HOME}/.local/var/rakudobrew/bin:$PATH
+ $ hash -r
+
+The `hash -r` call will rehash your PATH, so you can tab-complete `rakudobrew`.
+Next, initialize rakudobrew:
+
+ $ rakudobrew init
+
+This will give you a notification to automatically load rakudobrew next time.
+It is advised you follow that message, so you won't have to do it manually each
+time you log in to the system.
+
+### Installing Perl 6 with MoarVM backend
+
+Now that rakudobrew is installed and available to use, it's time to make use of
+it to install Perl 6.
+
+ $ rakudobrew build moar
+
+### Installing zef, the module manager
+
+Getting zef to work isn't much harder than installing Perl 6, but its a lot
+faster. You can have rakudobrew take care of this too:
+
+ $ rakudobrew build zef
+
+## Final words
+
+And that should be it, you now have a working Perl 6 installation with the zef
+module manager to take care of installing and upgrading modules. Now you just
+need to come up with a nice project to work on to start using and learning the
+wonders of Perl 6.
+
+If you need any help on getting started, try the `#perl6` IRC channel on
+Freenode, or check out some of the Perl 6 documentation and introduction sites:
+
+- https://docs.perl6.org/
+- http://perl6intro.com/
+
+For starting projects that are easy to start with and can bring quick results,
+consider making an IRC bot using
+[https://github.com/zoffixznet/perl6-IRC-Client](`IRC::Client`), or a small web
+application using [https://github.com/Bailador/Bailador](`Bailador`).
diff --git a/content/posts/2017/2017-12-17-on-cloudflare.md b/content/posts/2017/2017-12-17-on-cloudflare.md
new file mode 100644
index 0000000..5010377
--- /dev/null
+++ b/content/posts/2017/2017-12-17-on-cloudflare.md
@@ -0,0 +1,136 @@
+---
+title: On Cloudflare
+date: 2017-12-17
+tags:
+- Cloudflare
+- Security
+- Privacy
+---
+
+# On Cloudflare
+
+## Foreword
+
+Cloudflare is a threat to online security and privacy. I am not the first on to
+address this issue, and I probably will not be the last either. Sadly, people
+still seem to be very uninformed as to what issues Cloudflare actually poses.
+There also seems to be a big misconception about the benefits provided by using
+Cloudflare. I would suggest reading the
+[http://cryto.net/~joepie91/blog/2016/07/14/cloudflare-we-have-a-problem/](article
+on Cloudflare by joepie91) for a more thorough look at Cloudflare.
+
+If anyone is using Cloudflare, please tell them to stop doing it. Link them to
+this page or any of the articles referenced here. Cloudflare is harmful to your
+visitors, and if you do not care about them, they will stop caring about you
+too.
+
+## A literal MITM attack
+
+Cloudflare poses a huge risk by completely breaking the TLS/SSL chain used by
+browsers by setting itself up as a
+[https://en.wikipedia.org/wiki/Man-in-the-middle_attack](man in the middle).
+Cloudflare doesn't do actual DDoS protection, they just make the request to the
+origin server for you. Once they have received the data, they decrypt it and
+re-encrypts it with their own certificate. This means that Cloudflare has
+access to all requests in plain text and can optionally modify the data you
+see. TLS/SSL is meant to prevent this very issue, but Cloudflare seems to care
+very little.
+
+If we would consider Cloudflare to be a benevolent entity and surely never
+modify any data ever, this is still an issue. Much data can be mined from the
+plain text communications between you and the origin server. This data can be
+used for all kinds of purposes. It is not uncommon for the USA government to
+request a massive amount of surveillance information from companies without the
+companies being able to speak up about it due to a gag order. This has become
+clear once more by the
+[https://whispersystems.org/bigbrother/eastern-virginia-grand-jury/](subpoena on
+Signal). It should be clear to anyone that end-to-end encryption has to be a
+standard and implemented properly. Cloudflare goes out of its way to break this
+implementation.
+
+### Cloudbleed
+
+The danger of their MITM style of operation was shown be the
+[https://en.wikipedia.org/wiki/Cloudbleed](Cloudbleed) vulnerability. It also
+shows that they make use of their MITM position to scan the data your site and
+a visitor are exchanging. This includes private data, such as passwords.
+
+Even if you have an SSL connection to Cloudflare, they still decrypt it on
+their end. They then serve the content under their own certificate. This makes
+it look to the visitor like everything is secure, the browser says so after
+all. But in reality, they don't have a secure connection to your server. They
+only have one up to Cloudflare, and when it reaches Cloudflare, they decrypt it
+and re-encrypt it using your certificate again. If you use one, of course,
+otherwise they'll pass it on in plaintext back to your server, which is even
+more dangerous. Whether or not you do, the content exists in plaintext on
+Cloudflare's servers, which is not what you want, if you truly care about
+security.
+
+## Eliminating your privacy
+
+If Cloudflare were to fix their MITM behavior, the privacy problem would not
+be solved all of a sudden. There are more questionable practices in use by
+Cloudflare.
+
+People who are using a VPN or an anonimization service such as Tor are usually
+greeted by a warning from Cloudflare. Let's not talk about this warning being
+incorrect about the reason behind the user receiving the warning, but instead
+about the methodology used to "pass" this "warning". Cloudflare presents you
+with a page that requires you to solve a reCaptcha puzzle, which is hosted by a
+well known third party that tries to harm your privacy as much as possible,
+Google. If you do not wish to have Google tracking you all the time, you will
+not be able to solve these puzzles, and in effect, unable to access the site
+you were visiting. It is also interesting to note that this reCaptcha system is
+sometimes broken if your browser does not identify itself as one of the regular
+mainstream browsers such as Firefox or Chrome.
+
+Some site administrators disable this specific check. However, this still means
+all your requests are logged by another third party, namely Cloudflare itself.
+As noted in _A literal MITM attack_, this data is still very interesting to
+some parties. And do not fool yourself: meta data is still very worthwhile and
+can tell a huge amount of information about a person.
+
+### Forcing JavaScript
+
+This issue generally does not concern many people, as most people online
+nowadays use a big mainstream browser with JavaScript enabled. However, there
+are still people, services and applications that do not use JavaScript. This
+makes sites unavailable when they are in the "under attack" mode by Cloudflare.
+This will run a check sending Cloudflare your browser information before
+deciding whether you are allowed to access the website. This is yet another
+privacy issue, but at the same time, a usability issue. It makes your site
+unavailable to people who simply do not wish to use JavaScript or people who
+are currently limited to a browser with no JavaScript support.
+
+It is also common for Cloudflare to
+[http://www.tedunangst.com/flak/post/cloudflare-and-rss](Break RSS readers) by
+presenting them with this check. This check is often presented to common user
+agents used by services and programs. Since these do not include a big
+JavaScript engine, there is no way for them to pass the test.
+
+## False advertising
+
+### DDoS protection
+
+Cloudflare is hailed by many as a gratis DDoS protection service, and they
+advertise themselves as such. However, Cloudflare does not offer DDoS
+protection, they simply act as a pin cushion to soak the hit. Real DDoS
+protection works by analyzing traffic, spotting unusual patterns and blocking
+these requests. If they were to offer real DDoS protection like this, they
+would be able to tunnel TLS/SSL traffic straight to the origin server, thereby
+not breaking the TLS/SSL chain as they do right now.
+
+It should also be noted that this gratis "protection" truly gratis either. If
+your site gets attacked for long enough, or for enough times in a short enough
+time frame, you will be kicked off of the gratis plan and be moved onto the
+"business" plan. This requires you to pay $200 per month for a service that does
+not do what it is advertised to do. If you do not go to the business plan, you will
+have about the same protection as you would have without it, but with the
+addition of ruining the privacy and security of your visitors.
+
+### Faster page loads
+
+This is very well explained on
+[http://cryto.net/~joepie91/blog/2016/07/14/cloudflare-we-have-a-problem/](joepie91's
+article) under the heading _But The Speed! The Speed!_. As such, I will refer
+to his article instead of repeating him here.
diff --git a/content/posts/2017/2017-12-21-funding-yourself-as-free-software-developer.md b/content/posts/2017/2017-12-21-funding-yourself-as-free-software-developer.md
new file mode 100644
index 0000000..ee68582
--- /dev/null
+++ b/content/posts/2017/2017-12-21-funding-yourself-as-free-software-developer.md
@@ -0,0 +1,236 @@
+---
+date: 2017-12-21
+title: Funding Yourself As A Free Software Developer
+tags:
+- FreeSoftware
+- Programming
+- Funding
+---
+
+# Funding Yourself As A Free Software Developer
+
+I've been meaning to spend more time on developing free software, helping out
+new users on IRC and writing more tutorials to get others started. All of these
+cost time, and time is money - so I've set out to set up donation accounts.
+In the hopes of helping other developers who struggle to fund their work, I've
+written up this article to talk about my experience. This is a living
+document! As you explore this yourself, please send me your thoughts on each
+platform and turn me on to interesting platforms I missed.
+
+I'll be focussing on platforms allowing for recurring donations, as these are
+more useful for procuring a stable income.
+
+## Platforms
+
+### BountySource
+
+{< admonition title="Warning" >}
+- Requires 3rd-party [/blog/2017-12-17/on-cloudflare/](Cloudflare)-hosted
+ JavaScript sources to function.
+{< / admonition >}
+
+BountySource lets people donate money towards an issue on Github your projects.
+Once an issue gets fixed, you can claim the "bounty" that was on this issue.
+This can also help in making clear which issue you should aim for next, and
+can increase interest in contributors for your project.
+
+There's also BountySource Salt, which is a recurring donation platform.
+Projects or teams can use this to gain monthly income to sustain the
+development of their project(s).
+
+Support for this platform is offered through the IRC channel
+[https://kiwiirc.com/client/chat.freenode.net:+6697/#bountysource](`#bountysource`
+on Freenode).
+
+The BountySource platform itself is also free software, and the source code
+for it can be found [https://github.com/bountysource/core](on github).
+
+You can find BountySource at https://www.bountysource.com/.
+
+### LiberaPay
+
+This service seems to be completely free as in freedom. They even
+[https://github.com/liberapay/liberapay.com](publish their source on GitHub).
+Their own funding comes through donations on their own platform, instead of
+taking a cut of each donation like most other services.
+
+It's possible to connect other accounts to your LiberaPay account. While this
+feature in general is pretty common, they allow you to link to sites which are
+interesting to show as developer, such as GitHub, GitLab, and BitBucket. They
+also let you link to a Mastodon account, if you have one.
+
+To let people know you're accepting donations through LiberaPay, you can use
+one of the widgets they make available for you. This will show a donate button
+which will link to you profile. Do note, this is not a regular HTML button or
+cleverly implemented anchor tag, but a JavaScript-based button.
+
+Another thing LiberaPay lacks is a rewards system. Most other platforms allow
+you to set reward tiers, which allow you to give certain benefits to donors.
+
+You can find Liberapay at https://liberapay.com/.
+
+### MakerSupport
+
+{< admonition title="Warning" >}
+- The site requires a 3rd-party hosted jQuery.
+- You have to solve a Google reCaptcha in order to register a new account.
+{< / admonition >}
+
+MakerSupport seems to be another option, aimed at content creators who might
+need freedom of speech more than others. It seems to be less focused on
+software development, as you cannot link to any of the major git hosting
+platforms.
+
+There are options here to set up "tiers" for your donors; which is a convenient
+way to provide them with perks for their support. For a free software
+developer, this might be something like access to more direct support from the
+developer.
+
+Sadly, registration wasn't as smooth as most other platforms. My preferred
+username, "tyil" is too short. There's no indication of the requirements of any
+of the fields, you just get a popup on submission of the form saying a field is
+wrong.
+
+Additionally, the registration form requires some 3rd-party JavaScript to work,
+and a Google reCaptcha to be solved in order to get the submit button to show
+up. As I have set up uMatrix in my browser, this cost me some extra time to
+finish registration.
+
+Setting a profile image proved to be a little harder. First off, I'm still
+using uMatrix so I had to allow a 3rd-party (Amazon, in this case) XHR
+requests. Secondly, their error when uploading a "wrong" format is also not
+very user friendly, as it won't give you any details on why it's disallowed,
+nor what images are allowed instead.
+
+{< admonition title="Note" >}
+It seems they check the extension of the uploaded image's filename. As far as I
+can tell, you're allowed to upload files that end with `.jpg` and `.png`.
+{< / admonition >}
+
+You can find MakerSupport at https://www.makersupport.com/.
+
+### Patreon
+
+{< admonition title="Warning" >}
+- Requires 3rd-party link:/articles/on-cloudflare[Cloudflare]-hosted
+ JavaScript sources to function.
+- You have to solve a Google reCaptcha in order to register a new account.
+{< / admonition >}
+
+Patreon is possibly the most famous donation-based funding platform available
+right now. Its popularity is a good thing, since this means there's probably
+many donors already using this platform.
+
+At Patreon, you can set up so-called goals. Goals are the thing I haven't found
+with other funding platforms. It allows you to set a goal for an amount of
+money, and add a reward to this. This way, you can inform your donors you will
+be creating a certain kind of content once a one-time goal has been reached.
+Basically, you can show your donors what you're going to do with the money
+they're donating to you.
+
+Another interesting thing that I haven't seen on other platforms is the option
+to charge donors per creation, instead of per month. While this may seem less
+fitting for software developers (unless you want to get paid per commit, I
+guess), it's an interesting feature that's pretty unique. If you publish many
+tutorials, guides or other posts, this might fit you very well.
+
+You can link your account to other services, similarly to other platforms, but
+it seems to only allow you to be linked with proprietary social media
+platforms.
+
+You can find Patreon at https://www.patreon.com/home.
+
+### (Dis)honorable mentions
+
+#### Hatreon
+
+I've included this because I found people talking about it on IRC. However, it
+seems to be nothing more than a joke that's gone too far. Its main reason for
+existing seems to be to get away from the political correctness found with
+earlier crowdfunding platforms, yet their site is invite-only, so those who are
+actually interested can't even use it. It seems that pledging is currently
+disabled as well, and has been for at least 10 days.
+
+## But that's not all
+
+Just setting up an account on a funding platform isn't enough. There's more to
+keeping a healthy and happy supporter base.
+
+### Spread awareness of your work
+
+Whether you're writing articles or publishing new releases of projects, tell
+the world you're doing whatever it is you're doing. If nobody knows about your
+project, they won't be able to give any kind of appreciation for it. Use social
+media outlets, public forums, mailing lists, anything! Tell them what you made,
+why it's useful and how they could use it to improve their digital life.
+
+{< admonition title="Warning" >}
+Ofcourse, don't spam it to unrelated communication channels. This will only
+backfire.
+{< / admonition >}
+
+### Using the rewards system
+
+On the platforms that support a rewards system, make use of it. There's some
+little things you can do that go a long way with your supporters. For instance,
+you can offer things like stickers to donors that donate a certain amount of
+money to you. These are reasonably cheap to produce and ship, and many people
+like these.
+
+Another idea that seems to strike well with donors is having a way to talk with
+the person they're supporting directly. This can be done by giving them access
+to an IRC channel for you and your donors. You can use another platform for
+this, but most free software enthousiasts are already on IRC, and there's few
+real-time communication alternatives that they're already using.
+
+### Don't stick to a single platform
+
+There's multiple platforms out there, use them! Not all of them have the same
+userbase, and you can reach more people by giving them more options to work
+with.
+
+### Let people know you're accepting donations
+
+If people don't know you're even accepting donations, chances are pretty high
+you won't get any. Or if it's too hard to figure out how to donate to you,
+people will simply not take the effort. Make sure people can easily find out
+that you're accepting donations, and how to donate to you.
+
+### Show what you're doing with donation money
+
+Have a page with information about what you're using with the money. This can
+be as simple as just saying you pay the rent and buy food with it. Most donors
+don't mind too much what you're doing with the money they donate to you, but a
+few do appreciate having this information available to them.
+
+It can be as simple as adding a `/donate` link to your site where you explain
+how to donate to you, and what you do with the donation money.
+
+{< admonition title="Warning" >}
+Don't let it turn into an annoying advertisement though, this will surely have
+an opposite effect.
+{< / admonition >}
+
+## Further reading
+
+There's more places to go for tips and tricks in getting funds to sustain your
+free software development work. I've listed a couple of these here for those
+interested.
+
+- [https://wiki.snowdrift.coop/market-research/other-crowdfunding](snowdrift.coop wiki on crowdfunding/fundraising services)
+- [https://github.com/nayafia/lemonade-stand](A handy guide to financial support for open source)
+
+## RFC
+
+I'd love to receive feedback on this, as I think being able to get donations
+easily for the work free software developers put in to their projects is
+important.
+
+Getting to know more platforms and giving them a small write-up should help out
+other developers like me looking for the best platform for their use case. I'd
+also like to hear from developers already using a platform, to extend this
+article with more useful information on how to successfully get donors for
+their work.
+
+If you want to contact me, do take a look at the [/#contact](Contact) section,
+and let me know about your experiences with funding.