Meet Sovereign Tech Fellow Stefan Eissing

I officially became involved in open source in 2015 when I implemented HTTP/2 for the Apache web server and joined the Apache Software Foundation. But my journey with computers began back in the 1980s, when we shared software under labels like 'Freeware' and 'Shareware.’ Without any real network infrastructure, it wasn’t feasible to collaborate on the same source code from different locations. Instead, you worked with local friends, regularly meeting up in each other’s homes to sync the changes you had made.

Like-minded enthusiasts worked together without any money changing hands, simply aiming to make the computers we all owned better—more useful for everyone. That spirit from back then is something I still see as a vital part of open source today.

For example, back in the 1980s, a group of friends in my hometown Münster developed mailbox software that allowed people to dial in via modem and exchange messages. It was a big hit, though it also made quite an impact on my parents’ phone bill, since calls were expensive at the time. They eventually added networking capabilities, allowing people in other cities to set up their own boxes and connect them with each other. By the end of the decade, more than 120 cities across Germany, Austria, and Switzerland were part of the network. It was all completely voluntary work, free and shared at no cost. The project could not compete with the later internet, of course, so it eventually died off. But it was a sign of what a small group of people can achieve when they come together and build technology collaboratively. That spirit of openness, collaboration, and what they make possible got me into computers and has never left me.

After nearly two decades of commercial software development, the open source projects I started in 2015 and the years that followed have been incredibly fulfilling. In 2021, I made the decision to pursue open source full-time: I quit my job and became a freelancer. The following year, I joined the curl project.

My commercial work had already focused heavily on networking, particularly HTTP, the protocol that enables communication between web browsers and servers. That’s how I ended up implementing HTTP/2 for the Apache server. The importance of Transport Layer Security (TLS) and securing everything grew significantly after the Snowden revelations, when even Google discovered that their unencrypted backend traffic was being monitored. This growing need for secure communication made services like Let’s Encrypt essential for everyone. Before its launch in 2016, securing websites with Transport Layer Security (TLS)—crucial for both privacy and data integrity—was technically complex and often expensive. As a result, many small website operators, and even some public administrations, struggled to implement it. Thanks to the technology, standards, and services developed by Let’s Encrypt, today around 90% of websites are secured with TLS. I was glad to support this important shift by contributing an integration into the Apache web server, sponsored by Mozilla. With just a few lines of configuration, people can now have secure web servers up and running in seconds, automatically kept up to date, again and again. At this stage, the project is progressing with ongoing improvements to the Automatic Certificate Management Environment (ACME) protocol, which powers Let's Encrypt. The Online Certificate Status Protocol (OCSP), the standardised certificate revocation mechanism, will be abandoned this year by Let's Encrypt. Additionally, short-lived certificates, valid for just six days, are expected to be introduced soon, reflecting a move toward increased automation and security.

In 2022, Daniel Stenberg, the creator (or perhaps the face?) of curl, invited me to get involved in the project. It was one of the first projects the Sovereign Tech Fund commissioned, and we achieved quite a lot over the six months it ran. I had known Daniel since 2015, when we both worked on HTTP/2, and over the years I had also taken part in several “curl-up” meetups, where contributors from the project came together in person.

Today, around 25% of the curl production code has been touched by me. I carried out significant internal refactoring of the curl library to make the handling of different protocols, protocol versions, TLS backends, and proxy scenarios more modular and maintainable. We also improved HTTP/2 performance by a factor of two to three—fun work!

As much as I love working on my projects, even for free, it’s undeniably more satisfying when that work also helps pay the rent. Securing funding for open source is always a challenge, and it has become even harder over the past year, as many U.S. corporations have scaled back their support. Some are willing to invest in the development of new features, but few are prepared to cover the ongoing cost of maintenance.

That’s why the Sovereign Tech Fellowship is such a remarkable initiative. I was genuinely excited when I first heard about it, and thrilled to be part of the inaugural group of fellows. I hope the program continues and offers more people the opportunity to be financially rewarded for their contributions to the digital infrastructure that surrounds us all.

Like other forms of infrastructure, open source software is often neglected by the market when it comes to long-term care. Yet, in many areas, open software has outpaced its commercial counterparts in both innovation and stability, benefiting everyone, including businesses. In that sense, I believe public investment is not only justified, but necessary.

Talking to other makers who share the same passion is deeply rewarding, something that's true in almost any profession. But with software, the circle of people you can really talk to is quite limited. We've all experienced the frustration of trying to explain our work to non-tech-savvy people, only to hear them summarize it to others as, “He does something with computers.” Finding like-minded people is vital for your own sanity, because they’re the only ones you can truly communicate with. The same level of crazy, if you will.

Open source is where this works best. Most projects have no real barriers to entry, they often have more tasks than time and are genuinely happy to see new people join. You can simply try it out, see if it’s a good fit. And if it’s not, you just move on.

If you look at the list of contributors to curl, you'll find nearly 1,400 people who have contributed to the project. Most of them made just a single change—but that doesn’t mean their contribution was small. In a closed source project, many of these improvements would likely never have happened, simply because those contributors wouldn’t have had a way in.

Another advantage of openness is the high quality of most issue reports we receive. People often take the time to investigate the problem and identify the specific part of the code that’s causing it, making it much easier to develop a fix. Then there are others who may not go quite as deep, but are still able to build a patched version themselves. A proposed fix can often be tested in their environment with minimal delay. This makes maintenance more efficient and significantly improves overall quality.

In that light, collaboration in open source isn’t limited to the people writing the code, it also includes the users. Especially when a project is run in a responsive way, as we strive to do with curl, users become an integral part of the development process.

Playing video games, reading books, watching Anime on Netflix. Having pizza and a movie together with my daughter. The usual things. ;-)

We’re grateful to Stefan for being part of the first cohort of the Sovereign Tech Fellowship and for his continued contributions to the FOSS ecosystem. If you're interested in Stefan's work, you can check out the websites and repository listed below.

• https://httpd.apache.org/
• https://curl.se/
• https://github.com/icing/mod_md