Open Source Software Community - it's about ethics in Code of Conducts

CrunkLord420

not a financial adviser
Supervisor
True & Honest Fan
kiwifarms.net
As opposed to making another salt mine thread I decided to try to make a community thread about the larger OSS community. Examples of this community include Coraline Ada Emhke and the NodeJS CoC Salt thread. The Drupal governance dispute. Firefox+Mr. Robot scandal. James Damore. I also really want a place to comment on all the exceptional shit Isaac Schlueter says on twitter.

Currently returning to the spot light is Ashley Williams (who was at the center of the NodeJS CoC controversy) taking position of Community Team lead on Rust-lang.

https://internals.rust-lang.org/t/announcement-ashley-williams-joins-the-core-team-and-taking-lead-of-the-community-team/6453 (https://archive.fo/wvPt5)
upload_2018-1-6_3-37-38.png

upload_2018-1-6_3-37-59.png

upload_2018-1-6_3-38-7.png


Rust Reddit isn't happy (locked thread): https://www.reddit.com/r/rust/comments/7nx3cm/announcement_ashley_williams_joins_the_core_team/ (https://archive.fo/tmKkN)
Manish Goregaokar (of Mozilla, moderator of the subreddit and official site board) in the comments
upload_2018-1-6_3-49-24.png

upload_2018-1-6_3-49-56.png

upload_2018-1-6_3-51-31.png


other peanut galleries
https://www.reddit.com/r/Drama/comments/7o7w2p/last_years_nodejs_drama_just_rewrite_it_in_rust/ (https://archive.fo/ledyq)
https://www.reddit.com/r/KotakuInAction/comments/7oeecg/socjus_ashley_williams_joins_the_rust_core_team/ (https://archive.fo/fEZ2g)
https://boards.4chan.org/g/thread/64176897 (https://archive.fo/5enVk)
 
Last edited:

CrunkLord420

not a financial adviser
Supervisor
True & Honest Fan
kiwifarms.net

CrunkLord420

not a financial adviser
Supervisor
True & Honest Fan
kiwifarms.net
Between the time I posted this and now they've purged the original reddit thread completely, except a few congratulation messages. My archive has the original comments: https://archive.fo/tmKkN

Someone posted it on HN and another Mozilla employee (Stefan Arentz) comments: https://news.ycombinator.com/item?id=16085545 (https://archive.fo/fqbbM)
upload_2018-1-6_7-41-39.png


https://news.ycombinator.com/user?id=st3fan (https://archive.fo/UZ9PT)
upload_2018-1-6_7-41-5.png


Once I saw his twitter avatar I recognized him immediately from the NodeJS CoC Salt thread: https://keybase.io/st3fan (https://archive.fo/myyZU)
upload_2018-1-6_7-42-47.png
 

CrunkLord420

not a financial adviser
Supervisor
True & Honest Fan
kiwifarms.net
NPM just had another left-pad incident with another dumb, two line package called pinkie-promise and effectively broke the NodeJS ecosystem for a day: https://github.com/npm/registry/issues/255 (https://archive.fo/6wZDx)

pinkie-promise author states that it's not possible for him to remove his own package, and that it was all a bug on NPM's side: https://twitter.com/floatdrop/status/949868296551223296 (https://archive.fo/oNRXD)
upload_2018-1-6_22-38-28.png


NPM Response: https://status.npmjs.org/incidents/41zfb8qpvrdj (https://archive.fo/jThYw)
Hacker News: https://news.ycombinator.com/item?id=16087024 (https://archive.fo/ffFAF)
/r/javascript: https://www.reddit.com/r/javascript/comments/7olgo0/today_is_leftpad_20_pinkiepromise_pulled_from_npm/ (https://archive.fo/L29hf)
/r/node: https://www.reddit.com/r/node/comments/7olop7/xpost_rjavascript_today_is_leftpad_20/ (https://archive.fo/1ZNv0)

Isaac (CEO at NPM) is too busy tweeting about Trump, he doesn't seem to even acknowledge it on twitter.
upload_2018-1-6_22-46-2.png


Other NPM people like Ashley Williams and Kat Marchán are also effectively radio silent on this. Just telling people to follow the statusbot. I like how these people talk a big open source game while ignoring they're a fundamentally centralized, closed-source repository that no one can fork away from them. As soon as something bad happens they go corporate-style silent. Isaac might be coming around to accepting his corporate shill status, if this tweet is of any indication.
upload_2018-1-6_22-52-46.png
 

PhantomDiploma

kiwifarms.net
From The npm Blog:
npm team said:
The npm registry had an operations incident Saturday that caused 97 packages to be temporarily unavailable for download for approximately 30 minutes, and an additional 9 packages to be unavailable for approximately three hours.
[...]
Automated systems perform static analysis in several ways to flag suspicious code and authors. npm personnel then review the flagged items to make a judgment call whether to block packages from distribution.
In yesterday’s case, we got it wrong, which prevented a publisher’s legitimate code from being distributed to developers whose projects depend on it.
A completely unrelated incident 3 months earlier:
upload_2018-1-7_20-4-36.png

upload_2018-1-7_20-5-28.png


npm team said:
npm operational incident, 6 Jan 2018
The npm registry had an operations incident Saturday that caused 97 packages to be temporarily unavailable for download for approximately 30 minutes, and an additional 9 packages to be unavailable for approximately three hours. Early this coming week, we will share a full analysis and technical explanation of the incident. We wanted to communicate with you sooner, however, to eliminate any doubts: no malicious actors were involved in yesterday’s incident, and the security of npm users’ accounts and the integrity of these 106 packages were never jeopardized.
The incident was caused by npm’s systems for detecting spam and malicious code on the npm registry.
We don’t discuss all of our security processes and technologies in specific detail for what should be obvious reasons, but here is a high-level overview. Automated systems perform static analysis in several ways to flag suspicious code and authors. npm personnel then review the flagged items to make a judgment call whether to block packages from distribution.
In yesterday’s case, we got it wrong, which prevented a publisher’s legitimate code from being distributed to developers whose projects depend on it.
We identified the error within five minutes and followed defined processes to reverse this block. Unfortunately, the process was complicated by well-meaning members of the npm community who believed that a malicious actor or security breach was to blame and independently attempted to publish their own replacements for these packages. Ensuring the integrity of the affected packages required additional steps and time.
We are fully evaluating the processes and technologies involved, and we’ve already made immediate changes to prevent what happened yesterday from happening again. My most important job is ensuring the reliable delivery of safe code to the millions of developers who depend on npm. I promise you a full accounting of how we fell short this weekend, and my continued focus on improving our systems and processes — you deserve no less.
 

CrunkLord420

not a financial adviser
Supervisor
True & Honest Fan
kiwifarms.net
If all the node modules are in github, why not have a tool that works as an intermediary between github and the local module directory? It’s just a matter of writing new .json files. There wouldn’t even be a need for npm.
The entire architecture of NPM is silly and can only be justified as a method to maintain control and monopoly over the package ecosystem. As I alluded to earlier it annoys me when I see Isaac talk about being an open source project because their interpreted language client is, uh, interpreted and thus "open source".

That said, you can use npm to pull from github, but so can my text editor (Vundle for nvim).
 

LillyTheBestGirl

Red Wine and Blindfolds
kiwifarms.net
Let's not forget how SJWs chased out Mozilla's CEO for his views on gay marriage
https://www.cnet.com/news/mozilla-ceo-eich-resigns-after-controversy/
And how the next CEO promised to fire employees for """hate speech"""
https://www.fastcompany.com/3050357/mozilla-ceo-vows-to-fire-anonymous-employee-for-hate-speech-on-reddit
And how Mozilla launches a new initiative to combat "fake news". Gee, I wonder SJWs fighting fake news would lead to.
https://blog.mozilla.org/blog/2017/08/08/mozilla-information-trust-initiative-building-movement-fight-misinformation-online/
 
L

LH 909

Guest
kiwifarms.net
Unlike other threads where I laugh from a distance, this stuff is uncomfortably close to home. I wish programming didn’t become the defacto millennial career option.

People have asked me how to get into the field because they have an agenda, not because of any actual interest. Nobody I know has gotten that far but you some times have the Zoe Quinn types that do.
 

The Fool

True & Honest Fan
kiwifarms.net
Unlike other threads where I laugh from a distance, this stuff is uncomfortably close to home. I wish programming didn’t become the defacto millennial career option.

People have asked me how to get into the field because they have an agenda, not because of any actual interest. Nobody I know has gotten that far but you some times have the Zoe Quinn types that do.
I think it's funny, because all these idiots only stick to the shittiest and most hipster languages they can. I always get a laugh when they trip over themselves and break their fragile ecosystem when I'm using languages with actual professionalism and infrastructure.
It's hard to worry when you realize all these morons can do is essentially play web page lego with their toy languages because they don't know any actual theory at all.
 

CrunkLord420

not a financial adviser
Supervisor
True & Honest Fan
kiwifarms.net
Here's a developer who's saying he stopped working on his 12K+ stars project due to harassment from SJWs. He also name drops some of them. A lot of familiar names, to no one's suprise.
https://github.com/Marak/faker.js/issues/583#issuecomment-353873245
Marak was also all over the NodeJS salt thread too, https://github.com/nodejs/community-committee/issues/117 (https://archive.fo/WSijd)
upload_2018-1-9_10-24-9.png

upload_2018-1-9_10-25-0.png

upload_2018-1-9_10-25-8.png

2017-09-25-143708_620x566_scrot.png


He made his twitter private, deleted his reddit account. Old twitter profile from the NodeJS thread:
2017-09-02-114240_924x476_scrot.png


I remember seeing direct conversation between him and Ashley Williams/Isaac Schlueter/Katerina Marchán on twitter but that's all probably hard to find with his account made private.
 
Tags
None