By clicking “Accept all”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Cookie Policy for more information.
Implementing a call-home functionality or telemetry within open-source software often raises privacy concerns within the community. Many parties, including enterprise security teams, customer advocates, and developers, express rightful apprehensions about the transmission, storage, and usage of data.
However, if you're a project maintainer or a team member at a commercial open-source company, understanding basic telemetry is often required. It helps you determine whether people are testing your software and continuing its use over time. Such insights not only confirm if the developed software meets users' needs but also help identify which versions are being adopted and which might be vulnerable to the latest bugs or other issues.
How can you strike a balance? The solution is to be as lightweight as possible. Let's explore how to build a minimal, privacy-focused call home functionality using a simple version check and Scarf.
Firstly, it's important to offer something to your users when attempting to gather basic telemetry data, however simple it might be. In my experience, a free version check has proven beneficial. This checks, either at startup or after a certain period, whether your users are running the latest software version and if they potentially have any vulnerabilities. Even this basic functionality should include an opt-out option, as some users may choose not to use this feature.
In the following example, we'll aim for simplicity and minimal invasiveness. I will use a JSON file on GitHub to store the latest version:
{
"current_version" : "1.0.0"
}
In the real world you could host this on your website, embed the response as part of a public api, or put it into your factor CDN. Where this is hosted is less important than having a URL we can redirect to. Next, where your users are installing or running your software you will have a local version of what is installed. For my example, I created a file called: current_version.json:
./current_version.json
{
"current_version" : "0.99"
}
The process of comparing these two files is straightforward. I'll use Python for this example (you'll find a few different examples in the repository):
./call_home_example.py
import json
import urllib.request
import urllib.error
def get_version_data(url):
try:
with urllib.request.urlopen(url) as response:
data = json.loads(response.read().decode())
return data.get("current_version")
except urllib.error.URLError as e:
print(f"Failed to fetch data from URL: {url}. Error: {e}")
return None
def read_local_version_file(file_path):
try:
with open(file_path, 'r') as file:
data = json.load(file)
return data.get("current_version")
except FileNotFoundError as e:
print(f"Failed to open file: {file_path}. Error: {e}")
return None
def main():
url = "https://raw.githubusercontent.com/TheYonk/scarf-examples/master/call_home/data/version.json"
file_path = "current_version.json"
version_from_url = get_version_data(url)
version_from_file = read_local_version_file(file_path)
if version_from_url is None or version_from_file is None:
print("Could not fetch version information.")
return
if version_from_url == version_from_file:
print("Version match. The version is: ", version_from_url)
else:
print("Version mismatch. URL version: ", version_from_url, ". File version: ", version_from_file)
if __name__ == "__main__":
main()
When I run this script it simply says if there is a match or a mismatch in versions:
You could use this information to log to a file, post a message to the admin console, or even send an email to the user via the application. The choice of user notification will heavily depend on the type of software being used.
Setting up Scarf:
To track telemetry for these installs, we'll use Scarf. Scarf is a service that enables open source projects, their maintainers, and the companies that support them to gather growth and adoption statistics securely and privately across multiple endpoints.
Assuming you have a Scarf account and are logged in, go to packages. Here, we'll create a new package, which essentially amounts to a URL redirect. In this case, our URL redirect will point to the version.json that is currently hosted on GitHub.
Click “New Package”:
After creating this, we can confirm that the URL is operational by opening the redirect in a web browser. We can also verify the setup in the Scarf dashboard and view the analytics.
View the setup:
Checking to see if our test was logged:
You can see my 1 view from the redirect, coming from Chrome. Now let's modify our Python script to use the new URL redirect:
After making these changes, you can see two different "downloads" listed, one coming from our Python script, the other from Chrome.
Each time this script (or code snippet) is run, the event is logged. We can also see the geographical origin of the call, gather basic company information, and more.
Tracking Versions:
To further enhance the script, you could track the version your user is currently using by adding a new route to our file and including the version.
We can try the redirect in curl, wget, or a browser: theyonk.gateway.scarf.sh/callhome/version.json/0.97
Now lets adjust the Python code in a new file called : call_home_example_scarf_version.py to pass the version:
Now, in the dashboard I can see the version 0.97 I called from my browser as well as the 0.99 I passed from Python.
You can add other variables to track other data points as needed by just adding more to the URL you are calling.
Ideas, next steps, and considerations:
There are several ways to enhance this functionality and build up a more robust telemetry setup. But there are some things I would recommend you think through first.
How often will you make this call back? If you make the call back on startup only, some server processes may stay up for months or years, how will that impact the flow of data? Conversely some applications only live for seconds. Will the volume of data be too much for you?
How will you add an opt-out for your users? This is critical to instill trust.
Enhance your calls to be non-blocking, a service outage on something simple like a version check can not impact users (or slow them down).
What minimum set of data do you need to be successful? Which variables and routes will you add to support them?
How will you introduce this to your customers and users? This is a touchy subject even if its lightweight.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.
Implementing a call-home functionality or telemetry within open-source software often raises privacy concerns within the community. Many parties, including enterprise security teams, customer advocates, and developers, express rightful apprehensions about the transmission, storage, and usage of data.
However, if you're a project maintainer or a team member at a commercial open-source company, understanding basic telemetry is often required. It helps you determine whether people are testing your software and continuing its use over time. Such insights not only confirm if the developed software meets users' needs but also help identify which versions are being adopted and which might be vulnerable to the latest bugs or other issues.
How can you strike a balance? The solution is to be as lightweight as possible. Let's explore how to build a minimal, privacy-focused call home functionality using a simple version check and Scarf.
Firstly, it's important to offer something to your users when attempting to gather basic telemetry data, however simple it might be. In my experience, a free version check has proven beneficial. This checks, either at startup or after a certain period, whether your users are running the latest software version and if they potentially have any vulnerabilities. Even this basic functionality should include an opt-out option, as some users may choose not to use this feature.
In the following example, we'll aim for simplicity and minimal invasiveness. I will use a JSON file on GitHub to store the latest version:
{
"current_version" : "1.0.0"
}
In the real world you could host this on your website, embed the response as part of a public api, or put it into your factor CDN. Where this is hosted is less important than having a URL we can redirect to. Next, where your users are installing or running your software you will have a local version of what is installed. For my example, I created a file called: current_version.json:
./current_version.json
{
"current_version" : "0.99"
}
The process of comparing these two files is straightforward. I'll use Python for this example (you'll find a few different examples in the repository):
./call_home_example.py
import json
import urllib.request
import urllib.error
def get_version_data(url):
try:
with urllib.request.urlopen(url) as response:
data = json.loads(response.read().decode())
return data.get("current_version")
except urllib.error.URLError as e:
print(f"Failed to fetch data from URL: {url}. Error: {e}")
return None
def read_local_version_file(file_path):
try:
with open(file_path, 'r') as file:
data = json.load(file)
return data.get("current_version")
except FileNotFoundError as e:
print(f"Failed to open file: {file_path}. Error: {e}")
return None
def main():
url = "https://raw.githubusercontent.com/TheYonk/scarf-examples/master/call_home/data/version.json"
file_path = "current_version.json"
version_from_url = get_version_data(url)
version_from_file = read_local_version_file(file_path)
if version_from_url is None or version_from_file is None:
print("Could not fetch version information.")
return
if version_from_url == version_from_file:
print("Version match. The version is: ", version_from_url)
else:
print("Version mismatch. URL version: ", version_from_url, ". File version: ", version_from_file)
if __name__ == "__main__":
main()
When I run this script it simply says if there is a match or a mismatch in versions:
You could use this information to log to a file, post a message to the admin console, or even send an email to the user via the application. The choice of user notification will heavily depend on the type of software being used.
Setting up Scarf:
To track telemetry for these installs, we'll use Scarf. Scarf is a service that enables open source projects, their maintainers, and the companies that support them to gather growth and adoption statistics securely and privately across multiple endpoints.
Assuming you have a Scarf account and are logged in, go to packages. Here, we'll create a new package, which essentially amounts to a URL redirect. In this case, our URL redirect will point to the version.json that is currently hosted on GitHub.
Click “New Package”:
After creating this, we can confirm that the URL is operational by opening the redirect in a web browser. We can also verify the setup in the Scarf dashboard and view the analytics.
View the setup:
Checking to see if our test was logged:
You can see my 1 view from the redirect, coming from Chrome. Now let's modify our Python script to use the new URL redirect:
After making these changes, you can see two different "downloads" listed, one coming from our Python script, the other from Chrome.
Each time this script (or code snippet) is run, the event is logged. We can also see the geographical origin of the call, gather basic company information, and more.
Tracking Versions:
To further enhance the script, you could track the version your user is currently using by adding a new route to our file and including the version.
We can try the redirect in curl, wget, or a browser: theyonk.gateway.scarf.sh/callhome/version.json/0.97
Now lets adjust the Python code in a new file called : call_home_example_scarf_version.py to pass the version:
Now, in the dashboard I can see the version 0.97 I called from my browser as well as the 0.99 I passed from Python.
You can add other variables to track other data points as needed by just adding more to the URL you are calling.
Ideas, next steps, and considerations:
There are several ways to enhance this functionality and build up a more robust telemetry setup. But there are some things I would recommend you think through first.
How often will you make this call back? If you make the call back on startup only, some server processes may stay up for months or years, how will that impact the flow of data? Conversely some applications only live for seconds. Will the volume of data be too much for you?
How will you add an opt-out for your users? This is critical to instill trust.
Enhance your calls to be non-blocking, a service outage on something simple like a version check can not impact users (or slow them down).
What minimum set of data do you need to be successful? Which variables and routes will you add to support them?
How will you introduce this to your customers and users? This is a touchy subject even if its lightweight.
This playbook will guide you through the steps to set up and embed a Scarf Pixel on your documentation pages, README files, or any other web properties associated with your project, in this case we will focus specifically on documentation.
Today, the most commonly accepted metrics for open source adoption and growth are heavily focused on the contributors and community (the idea is healthy contributions should equate to healthy adoption). While these are useful metrics, they are only part of the picture. This guide is built for those at open-source-based companies who are responsible for growth and adoption.
We’ve got some exciting news: Scarf just launched a powerful, native integration with Salesforce, bringing Scarf’s rich open source usage data directly into your CRM. No more bouncing between tools or setting up S3 data exports—you can now get all the insights you need where you already do your work.
Scarf, a platform designed to provide open-source projects with deeper insights into their users and usage patterns, was the answer ARMO needed. By integrating Scarf into Kubescape, ARMO was able to regain visibility into which company has been using Kubescape, filling the gap left after their CNCF contribution.
The foundation of Scarf company tracking is IP Address attribution. Our Company Tracking algorithm considers confidence and reputation scores from multiple sources to provide what we believe to be the best matching data in the industry. In a nutshell, Match Feedback allows you to fix and fine-tune your company matches.
We're thrilled to announce that Scarf has successfully completed the SOC 2 Type 2 examination! This might sound like legal jargon at first glance, but let’s break down what this means for us, our users, and the open-source community as a whole.
Exporting data tracked by Scarf is essential for analytics, reporting, and integration with other tools. Scarf adds open-source usage metrics to the data you already collect, giving you a fuller picture of how your project is used. This helps you monitor trends, measure impact, and make better data-driven decisions.
Scarf helps you unlock the full potential of your open source project by collecting valuable usage data in three key ways: Scarf Packages, in-app telemetry, and tracking pixels. In this post, we’ll break down each of these powerful tools and show you how to use them to optimize your open source strategy.
In this playbook, you’ll learn how to integrate Scarf into an Apache Software Foundation project. It details how the Preset team implemented Scarf in their Apache Superset project, as shared during our first-ever Scarf Summit on July 16th, 2024.
Implementing telemetry in your open source project helps you determine whether people are testing your software and continuing its use over time. Such insights not only confirm if the developed software meets users' needs but also helps identify which versions are being adopted and which might be vulnerable to the latest bugs or other issues.
Prisma turned to Scarf for a monthly Strategic Insights Report. By integrating Scarf into various parts of their web and software delivery infrastructure, Prisma now knows relevant details about their users in terms of company size, industry, location and much more.
This playbook will walk you through setting up Scarf to get a clearer picture of how people are interacting with your open-source project. You’ll learn how to create and use Scarf Pixels, track open source project documentation views, measure engagement across social media, and more.
CopilotKit implemented Scarf to gain visibility into their open-source community. By adding Scarf to their documentation, they could see which companies were actively engaging with their resources, providing valuable insights into potential leads and customer segments.
Tracking downloads of your open-source projects is key to understanding user engagement. With Scarf, you can see which businesses are using your project, which versions are popular, which platforms are being targeted, and more. This playbook will show you how to set up Scarf to monitor your project’s downloads.
On July 16th, we hosted our first-ever Scarf Summit, celebrating analytics for open source and the significant improvements we’ve made to the Scarf platform. In case you missed it, here’s a recap of all the key updates shared by our Engineering Leader, Aaron Porter.
In this episode of the Haskell Interlude Podcast, Joachim Breitner and Andreas Löh sit down with Avi Press, the founder of Scarf, to discuss his journey with Haskell, the telemetry landscape in open source software, and the technical as well as operational challenges of building a startup with Haskell at its core.
Scarf Basic and Premium tiers have long had the ability to sort their open source usage data by company, domain, events, last seen, and funnel stage. But our customers have been wanting more. Now you can hyper target by combining region, tech stack, and funnel stage, making outreach as refined and low friction as possible.
Understanding open source user engagements and usage is obscured by a lack of actionable data, a result of its inherent openness and anonymity. Embracing a data-driven approach to open source projects helps them not only grow, but also understand the keys to their success, benefiting everyone involved.
As an open source company, Garden knew how hard it was going to be to get usage data. Adding Scarf for analytics on open source downloads turned anonymous numbers into company names. Using Scarf’s privacy-first analytics also helped Garden to know what kind of companies were using their OSS and where they were located.
Once Heroic started using Scarf, they learned that they were even more popular than they thought they were. Using Scarf, they were able to determine where, by country, their users were downloading from, and how many per day.
Any LF project maintainer can use Scarf without needing any further approval from the foundation. Scarf is offering all LF projects free accounts with a few additional features over our base free version. LF projects will get usage data like docs, downloads, and page views with unlimited free seat licenses and data retention.
Union is an open source first company. It uses Scarf to drive their DevRel strategy and improve their open source project. It also uses Scarf to power its consultative sales approach to help customers where it makes sense. Union has been successfully leveraging Scarf funnel analysis to shape the product to better fit the market so that they can focus on ensuring that companies can get value from Flyte sooner.
In this latest episode of "Hacking Open Source Business," Avi Press and Matt Yonkovit sit down with Adam Jacob, the co-founder of Chef and current CEO of System Initiative. With a rich history in the open-source world and numerous thought-provoking opinions, Adam delves into the intricacies of open-source commercialization, offering valuable insights and alternative strategies to the commonly held Open Core model.
Smallstep wanted to understand the impact of their open-source project on enterprise adoption of their commercial security solutions. Smallstep uses Scarf to better understand user interactions and software usage, providing insights into its user base and potential customer segments as an important signal for commercial use.
Diagrid was founded in 2022 by the creators of the popular Dapr open source project. Making data-driven decisions for a commercial company built on an open source project that had no real concrete data, was a real challenge. Diagrid translated Scarf data into valuable insights for marketing and product development of their commercial product.
When we approached the project of building Scarf, we turned to our favorite language: Haskell. Little did we know, this decision would shape our story in more ways than one.
Unstructured had so much usage of their open source, but so little data. Prior to Scarf, they mostly had GitHub information for things like downloads and stars. It was difficult to separate the good signal from the noise without any specific information that would help them to better target this large and growing open source user base or data to influence their product roadmap.
It’s happening! Scarf is part of the Common Room Signal Partners program. Soon, you will be able to integrate your Scarf data into your Common Room platform for a more complete view of all of your user signals.
We are thrilled to announce that we have successfully completed a Type 1 System and Organization Controls 2 (SOC 2) examination for our Scarf Platform service as of January 31, 2024.
When Scarf emerged back in 2019, many people expressed skepticism that usage analytics would ever be tolerated in the open source world. 5 years later, Scarf has shown this once solidified cultural norm can indeed change. Learn how Scarf's journey mirrors a broader shift in open source culture and why embracing usage analytics could shape the future of open software development.
Apache Superset is an open-source modern data exploration and visualization platform that makes it easy for users of all skill sets to explore and visualize their data. We spoke with Maxime Beauchemin, founder & CEO of Preset, and the original creator of both Apache Superset and Apache Airflow, who shared with us Superset's experience using Scarf.
Haskell, a cutting-edge programming language rooted in pure functionality, boasts static typing, type inference, and lazy evaluation. The language's ongoing evolution is bolstered by a diverse array of organizations, including the Haskell.org committee. This committee strategically leveraged the Scarf solution for testing purposes.
We’re pleased to share a final recap of the latest Scarf updates for December and 2023 as a whole. Join us in this last edition of our 2023 newsletters.
In the open source ecosystem, user behaviors are diverse and conversion tracking poses unique challenges frequently leaving traditional marketing strategies insufficient. Recognizing this gap, we are excited to introduce a brand new way for businesses to make sense of this opaque and noisy signal – Open Source Qualified Leads (OQLs).
In recent years, a notable development in the open source landscape is the growing number of large corporations considering the transition from open source licenses to more restrictive models like the Business Source License (BSL). This trend raises further questions about the sustainability and future of open source projects, particularly when large players alter their approach.
A recent release of Scarf added the ability to track and report on custom URL parameters. If you are looking to gain more intelligence around how you open source users interact with your project and download your software using link parameters in key situations can reveal interesting and helpful trends that can help you grow your user base and unlock open source qualified leads.
In the ever-evolving landscape of open source software, data collection has become a hot-button issue. As the open source community grows and software becomes increasingly integral to our daily lives, concerns about data collection ethics have emerged.
In today's fast-paced tech world, the Developer Relations (DevRel) role has moved from the periphery to the center stage. Companies, irrespective of their size, are now seriously considering the worth of having a dedicated DevRel team. But, how do you quantify the success or failure of such an effort? What metrics should companies use? This post dives deep into understanding the commercial Return on Investment (ROI) of DevRel.
Monetizing open source software is a challenging task, but it can also be highly rewarding. Unlike traditional software, you're essentially competing against a free version of your product. So, how do you sell something that is inherently free?
In the dynamic realm of community management, marketing, and developer relations, success depends upon more than just attracting attention. It's about fostering meaningful relationships, nurturing engagement, and amplifying your community's impact.
This guidebook shows you how to implement a call-home functionality or telemetry within your open-source software while at the same time being transparent and respectful of your users data. Let's explore how to build a minimal, privacy-focused call home functionality using a simple version check and Scarf.
Many open source contributors are reluctant or skeptical about metrics. They think metrics are overrated, irrelevant, or even harmful to their projects and communities. But in this blog post, we argue that metrics are essential for making better decisions, improving the experience for users and contributors, and demonstrating the impact and value of your open source work. We also share some tips and examples from OSPOs and DevRel teams on how to choose and use metrics effectively.
Many open-source developers rely on GitHub as their primary documentation source. But this can be a costly mistake that can affect your project’s success and adoption. In this blog, we’ll explain why you need to build your own docs site and how to do it easily and effectively.
Open source projects and companies need data to grow and enhance their performance. However, many open source leaders and communities overlook or reject metrics and depend on intuition, relationships, or imitation. Data can help you spot problems, opportunities, and false positives in growth strategies. In this blog post, Matt Yonkovit shows you why data is important for open source success and how it can offer insights and guidance for open source projects to reach their goals and make better decisions.
Open source software continues to be a vital part of enterprise operations in Q2 2023, as more and more companies adopt open source solutions for their business needs. In this blog post, we will examine the state of open source usage in Q2 2023 and the trends that are shaping the future of open source.
DevRel is a vital function for any organization that wants to engage with the developer community and grow its user base. However, there is no one-size-fits-all solution for where to place DevRel within the organizational structure. In this blog post, we explore three common strategies for DevRel placement: marketing, product, and hybrid. We discuss the advantages and challenges of each strategy, and provide some tips on how to decide which one is best for your organization and goals.
In the open source industry, identifying and engaging users is a major challenge. Many users download software from third-party platforms that do not share user data with the software company. Gating content behind a login or an email form can help, but it can also alienate potential users who value their privacy and convenience. In this blog post, we explore the pros and cons of gating content in the open source industry, and we offer an alternative solution that can help you identify and connect with your users without compromising your content.
Open source software depends on the power of its community. But how do you know if your community is healthy and thriving? In this blog, you will learn how to use metrics to track and evaluate your community’s activity, engagement, growth, diversity, quality, and impact. You will hear from founders, DevRel experts, and investors who share their best practices and tips on how to measure and improve your community’s performance and value.
Learn how to overcome the challenges of open source software marketing and turn anonymous data into qualified leads. In this blog post, we’ll show you how to use download data, web traffic, and documentation views to identify potential customers and grow your sales pipeline. Discover how to track downloads, website traffic and documentation views with Scarf Gateway and the Scarf Tracking Pixel.
This blog post outlines ten common mistakes made by founders of open source startups, from failing to ask the right questions to neglecting the standardization of key metrics. By offering guidance on how to avoid these pitfalls, it provides a roadmap to successfully commercializing open source projects.
Many people believe that making money from open source projects is an arduous or even impossible task. However, with the right strategies it is possible to build a sustainable business while keeping the spirit of open source intact. By evaluating the market fit and commercial viability of an open source project before considering funding and monetization, one can realistically begin to explore the financial potential of an open source project. Here's how to do it.
This blog emphasizes the importance of a comprehensive approach to lead generation in the open source software space. Amid the challenges of anonymous usage and privacy regulations, strategies focusing on download activity, community engagement, and web traffic can maximize lead identification. Employing lead scoring and maintaining a list of active software users can further enhance sales outcomes in this unique market.
Here at Scarf, we've developed a solution to help open source projects and businesses gain more insight into their users and their download traffic - Scarf Gateway. Here's how it works.
We are thrilled to announce our latest partnership with Clearbit (https://clearbit.com/). This collaboration will offer Scarf users and customers an enriched array of data about their user base, significantly enhancing the quality of information you already value from Scarf.
The popularity of open source software is not in doubt, but little concrete public data exists beyond human-generated surveys on adoption usage. In this blog post, we will explore the state of open source usage in Q1 2023 and the data illustrating how open source is becoming an increasingly important part of enterprise operations.
The success of DevRel (Developer Relations) and community efforts in open source can be challenging to measure, as there is often a disconnect between the goals and expectations of the community and the business. This blog post discusses the challenges of measuring the success of DevRel and community efforts in open source.
Successful open source projects don't always translate into successful open source businesses. However, by focusing on building a kick-ass product, raising awareness, making the product easier to use, and fostering a strong open source community, you can set the stage for converting users into paying customers.
You can use the open source Scarf Gateway to switch hosting providers, container registries, or repositories without impacting end users in the future.
What is driving all this tech layoffs? , What is their impact on the open source software industry? We will walk through all the potential reasons from an economic downturn, herd mentality, excessive borrowing and spending due to low interest rates, and growth at all costs as the main reasons behind the layoffs. Companies can continue to grow in this tight economic market if they are focused on optimizing efficiency and sustaining the right growth.
At the All Things Open conference, Emily Omier, a seasoned positioning consultant, sat down with Avi Press (Founder and CEO, Scarf) and Matt Yonkovit (The HOSS, Scarf) to discuss how to message, position, and validate your open source product on The Hacking Open Source Business Podcast. You can watch the full episode below or continue reading for a recap.
On the Hacking Open Source Business podcast, Joseph Jacks aka JJ (Founder, OSS Capital) joins Avi Press (Founder and CEO, Scarf) and Matt Yonkovit (The HOSS, Scarf) to share what you need to know before starting a commercial open source software (COSS) company and how you can set yourself and your project apart in a way that attracts investor funding. As an investor who exclusively focuses on open source startups, JJ provides a VC perspective on what he looks for when evaluating investment opportunities.
On The Hacking Open Source Business podcast, CEO Chris Molozian and Head of Developer Relations Gabriel Pene at Heroic Labs elaborate on their usage and shift to open source and how it accelerated their adoption.
In this recap of the first episode of the Hacking Open Source Business Podcast, co-hosts Matt Yonkovit and Avi Press, Scarf Founder and CEO, dig into a recent controversy that highlights the challenges open source projects face trying to create sustainable revenue streams to support a business or a non-profit that funds the project’s growth.
Scarf Sessions is a new stream where we have conversations with people shaping the landscape in open source and open source sustainability. This post will give a recap of the conversation Scarf CEO, Avi Press and I had with our guest Stefano Maffulli.
Community is important to the success of open source software. To understand and grow a community, project founders and maintainers need visibility into various technical, social, and even financial metrics. But what metrics should we be using?
Should Python eggs be deprecated in favor of wheels? What does the data show? This post explores how the right data can make decisions like this easier for maintainers and Open Source organizations.
In a new blog post series, we'll highlight great OSS projects that are using Scarf. Today, we are featuring IHP, a modern batteries-included Haskell web framework
Our mission here at Scarf centers around enhancing the connections between open source software maintainers and end users. Learn how Scarf + Nomia can reduce the complexity and increase the efficiency of the end-user open source integration experience.
Today, the most commonly accepted metrics for open source adoption and growth are heavily focused on the contributors and community (the idea is healthy contributions should equate to healthy adoption). While these are useful metrics, they are only part of the picture. This guide is built for those at open-source-based companies who are responsible for growth and adoption.
We’ve got some exciting news: Scarf just launched a powerful, native integration with Salesforce, bringing Scarf’s rich open source usage data directly into your CRM. No more bouncing between tools or setting up S3 data exports—you can now get all the insights you need where you already do your work.
Mastering Telemetry in Open Source: A Simple Guide to Building Lightweight Call Home Functionality
Facebook
Twitter
linkedin
Email
Implementing a call-home functionality or telemetry within open-source software often raises privacy concerns within the community. Many parties, including enterprise security teams, customer advocates, and developers, express rightful apprehensions about the transmission, storage, and usage of data.
However, if you're a project maintainer or a team member at a commercial open-source company, understanding basic telemetry is often required. It helps you determine whether people are testing your software and continuing its use over time. Such insights not only confirm if the developed software meets users' needs but also help identify which versions are being adopted and which might be vulnerable to the latest bugs or other issues.
How can you strike a balance? The solution is to be as lightweight as possible. Let's explore how to build a minimal, privacy-focused call home functionality using a simple version check and Scarf.
Firstly, it's important to offer something to your users when attempting to gather basic telemetry data, however simple it might be. In my experience, a free version check has proven beneficial. This checks, either at startup or after a certain period, whether your users are running the latest software version and if they potentially have any vulnerabilities. Even this basic functionality should include an opt-out option, as some users may choose not to use this feature.
In the following example, we'll aim for simplicity and minimal invasiveness. I will use a JSON file on GitHub to store the latest version:
{
"current_version" : "1.0.0"
}
In the real world you could host this on your website, embed the response as part of a public api, or put it into your factor CDN. Where this is hosted is less important than having a URL we can redirect to. Next, where your users are installing or running your software you will have a local version of what is installed. For my example, I created a file called: current_version.json:
./current_version.json
{
"current_version" : "0.99"
}
The process of comparing these two files is straightforward. I'll use Python for this example (you'll find a few different examples in the repository):
./call_home_example.py
import json
import urllib.request
import urllib.error
def get_version_data(url):
try:
with urllib.request.urlopen(url) as response:
data = json.loads(response.read().decode())
return data.get("current_version")
except urllib.error.URLError as e:
print(f"Failed to fetch data from URL: {url}. Error: {e}")
return None
def read_local_version_file(file_path):
try:
with open(file_path, 'r') as file:
data = json.load(file)
return data.get("current_version")
except FileNotFoundError as e:
print(f"Failed to open file: {file_path}. Error: {e}")
return None
def main():
url = "https://raw.githubusercontent.com/TheYonk/scarf-examples/master/call_home/data/version.json"
file_path = "current_version.json"
version_from_url = get_version_data(url)
version_from_file = read_local_version_file(file_path)
if version_from_url is None or version_from_file is None:
print("Could not fetch version information.")
return
if version_from_url == version_from_file:
print("Version match. The version is: ", version_from_url)
else:
print("Version mismatch. URL version: ", version_from_url, ". File version: ", version_from_file)
if __name__ == "__main__":
main()
When I run this script it simply says if there is a match or a mismatch in versions:
You could use this information to log to a file, post a message to the admin console, or even send an email to the user via the application. The choice of user notification will heavily depend on the type of software being used.
Setting up Scarf:
To track telemetry for these installs, we'll use Scarf. Scarf is a service that enables open source projects, their maintainers, and the companies that support them to gather growth and adoption statistics securely and privately across multiple endpoints.
Assuming you have a Scarf account and are logged in, go to packages. Here, we'll create a new package, which essentially amounts to a URL redirect. In this case, our URL redirect will point to the version.json that is currently hosted on GitHub.
Click “New Package”:
After creating this, we can confirm that the URL is operational by opening the redirect in a web browser. We can also verify the setup in the Scarf dashboard and view the analytics.
View the setup:
Checking to see if our test was logged:
You can see my 1 view from the redirect, coming from Chrome. Now let's modify our Python script to use the new URL redirect:
After making these changes, you can see two different "downloads" listed, one coming from our Python script, the other from Chrome.
Each time this script (or code snippet) is run, the event is logged. We can also see the geographical origin of the call, gather basic company information, and more.
Tracking Versions:
To further enhance the script, you could track the version your user is currently using by adding a new route to our file and including the version.
We can try the redirect in curl, wget, or a browser: theyonk.gateway.scarf.sh/callhome/version.json/0.97
Now lets adjust the Python code in a new file called : call_home_example_scarf_version.py to pass the version:
Now, in the dashboard I can see the version 0.97 I called from my browser as well as the 0.99 I passed from Python.
You can add other variables to track other data points as needed by just adding more to the URL you are calling.
Ideas, next steps, and considerations:
There are several ways to enhance this functionality and build up a more robust telemetry setup. But there are some things I would recommend you think through first.
How often will you make this call back? If you make the call back on startup only, some server processes may stay up for months or years, how will that impact the flow of data? Conversely some applications only live for seconds. Will the volume of data be too much for you?
How will you add an opt-out for your users? This is critical to instill trust.
Enhance your calls to be non-blocking, a service outage on something simple like a version check can not impact users (or slow them down).
What minimum set of data do you need to be successful? Which variables and routes will you add to support them?
How will you introduce this to your customers and users? This is a touchy subject even if its lightweight.
By clicking “Accept all”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Cookie Policy for more information.