Cars, video cameras, chef knives, toilets (kids put other kids’ heads in them), products containing water in general, products containing electricity that can be used accidentally/offensively, any tool for communication that can carry hate speech, any tool for computation that can execute evil plans (eg IBM doing logistics for Holocaust)… the list goes on and on.
I’m with you. The techs are usually purpose-neutral. That someone bad uses it is rarely a reason to avoid creating it for the good it can do. I say rarely because mass surveillance, land mines, and nukes all made my list of exceptions. They seem to always do more harm than good. Better to not be invented or at least super-regulated.
The tech wasn’t the issue and it was never claimed to be. It was IBM structuring its relationship with the Nazis so that it would be undetected. Not sure why you would use that as an example.
It was argued at one point that it would be hard for them to pull the logistics off the way they wanted to without support of computers. They loved processes and records. The computers with customized punch cards helped them imprison and execute people more efficiently. Not giving them computers might have reduced harm to their victims or increased problems for the Nazis to some degree.
My examples, though, were a response to the original comment which was tech (“code”) that could be used for evil purposes. Everything in my comment was tech that was used for evil purposes at some point. Also, stuff we’d likely want to keep anyway. That was my point.
“Cars, video cameras, chef knives”, etc are broad categories. This is not a case of someone saying “don’t use computers, because some people use them for bad things”, it’s “this specific product provides value to a particular company that is doing business with someone I find reprehensible”.
That’s a specific instantiation of the general class of things I just describe. Each thing is something that people have or regularly use to harm others. Sometimes themselves. Yet, we as a society choose to keep them around for the good they do and not internalize evils others use them for.
To be more clear, the comparison you make is a specious one – a specific tool being taken down is not at all like banning cars, video cameras, or knives. The things you list are commodities that have more than one use. This is about a particular tool that makes working with one particular other tool easy. Even talking about banning a specific knife or whatever is different, because knives are a more-or-less fungible commodity; this software is not.
It’s not, but you people seem determined to not understand that. If you want to make an analogy to cars, maybe it would be like someone pulling their Corvette bodykit off the market because Corvette had a giant contract to supply to [some organization that would be objectionable enough for you].
In any case, like Upton Sinclair said, “It is difficult to get a man to understand something, when his salary depends on his not understanding it”, so feel free to ignore this & let your cognitive dissonance tell you I’m just a troll.
Nope. Common misconception. Back then, computers were extremely expensive, hard to operate, and low volume. IBM regularly got close to institutions trying to sell them computers. They cut many scheming deals. The guy I originally watched on this stuff had dug up the contract for the sale. It was with the New York part of IBM, not Germany. They also custom made and sold the punch cards that Nazi’s used for their operation. Probably sent people to service the machines, too. Memory getting fuzzy at that point.
Plus, I don’t usually sit at the table with dictators before telling folks they were a random customer. I owned a Dell but never hung with Dell. ;)
What’s worse, it’s not inconceivable that in a similar situation some well-meaning sabotage (because, let’s be honest–that’s what this is, sabotage) could result in, say, the loss of data records delaying or outright preventing the timely release of people from the camps.
Techies taking the law into their own hands by committing acts of sabotage of this nature are almost assuredly unable to prevent collateral damage.
sabotage (ˈsæbəˌtɑːʒ)
n
1. the deliberate destruction, disruption, or damage of equipment, a public service, etc, as by enemy agents, dissatisfied employees, etc
2. any similar action or behaviour
Sabotage is a form of protest. I’m not even arguing that they’re wrong to be angry–nobody should want kids in camps.
My point is that techies deciding to do actions like this both can’t guarantee the exact impacts of those outcomes and seldom seem to reflect on that point. Everybody cries foul about us making policy with ML/AI…this is not so far afield.
I’d love if we could have this discussion face to face as a group. These kinds of conversations are really really hard online. It’s difficult for everyone not to come across as snarky, pedantic, trite, glib, etc. I struggle with giving others the necessary charity. I do strive to use a tone and form of argument that I would use if I were standing infront of the person. I was in debate, that form of rhetoric is about winning, not about using logic to arrive at the best decisions.
We both know what sabotage is, and this case, deleting the code was protest and not sabotage. Sabotage would be introducing bugs or special cases to actively hurt ICE. Pasting a definition doesn’t make your point stronger.
Of course you can’t guarantee impacts, that is a truism, we can’t even guarantee the code we write has the intended outcome. Putting that requirement on someone before they protest is a hugely imbalanced burden that we apply no where else. I would love it if humanity used science and formal methods to fully understand the impact of our designs and decisions, but we still operate in an open-loop where we react to the problems we cause. No technology is neutral, with every advantage also comes with it a disadvantage, a risk, most of them uncatalogued. My perception of arguments along the lines of the one you are making is that techies should stay in their box working on tools. That there is a clean hierarchical delineation between people (that people are things with labels) and they build technology (neutral) and that it is the application of said technology that does bad things. On the spectrum of applicability, a component of Chef is more neutral than a facial detection library.
Everyone should still have a moral code and realize how the tools they are building could be used. This person was thrust into something they weren’t prepared for, I don’t know how I would react in a similar situation. But the overall impact to ICE was zero and that would be known. This action was purely symbolic act of protest.
Content produced by the US Government is very often public domain.
During WW1, the US forced patents holders on airplane tech to pool their patents, but patents are intellectual property. State power in the US seldom appropriates private property. Eminent domain is an exception.
Yes, this is technically a type of sabotage, and yes it’s the sort of thing that is likely to damage other entities besides the intended target, but I would oppose eatabliahing a norm where removing one’s own code from a public repo is considered punishable in and of itself. It should be considered the responsibility of the clients of open-source code to make local copies of the code they use, whether that’s an entity the code-author likes or dislikes.
There’s no risk of punishment (the licenses state, among other things, “NO WARRANTY”). I understood friendlysock to mean that developers should keep side effects (such as blocking procedures with positive effects, like getting people out of camps, in undesired organizations) in mind when considering such activities.
I agree with the risk of collateral damage, but see below.
I don’t agree with the term “sabotage” here.
In corporate context, sabotage would be an employee deleting code and backups so that development halts and the company suffers financial or reputational damage.
In this case, Vargo developed the software (apparently when working at Chef), and everyone was best buds and agreed for this to be released as Open Source (I’m assuming that’s a variant of the license used, not a form of the GPL).
Chef proceeded to build their business using software that was out of their direct control, all the while relying on a gentleman’s agreement that Vargo would not impede access to this software.
This is a supply chain problem, not sabotage. Obviously, Chef and others in their situation needs to hedge against contributors to their software stack not taking umbrage to the actions of Chef’s customers. They can do this by keeping local repo copies in the short term, and keeping other developers on retainers to rewrite the software in case a developer removes their repo.
Edit another solution if for the company to identify any repo that is critical to them, and then simply purchase the rights to it (as well as the maintenance overhead, of course) from the developer. Market solution! I love them.
Chef’s business model was to take software written by volunteers for free and package it into a form palatable for corporate customers (and whatever the US term for entities like ICE is), pocketing the proceeds.
Chef assumes the responsibility for maintaining access to the software. Having to hedge against software developer’s “whims”[1] will of course cut into the profit margin of this business. In the long term, it might make sense for companies like Chef to forego open source licensing entirely and develop their stuff in-house, keeping control of the IP. Or they’ll just have contingency plans such as the one outlined above.
[1] I hesitate to use “whim” for Vargo’s decision. But other developers might delete their repos “for the lulz”, to actually sabotage a company per the above, have access to their repos disrupted, or simply delete it all and move to a bunker.
If Chef or any other technology is so key to the core of how ICE works that removing it crippled them, then the protest has proved its point. Imagine applying this cold logic to, say, Japanese internment camps during WWII. (which is not dissimilar to what’s going on now since there are multiple cases of legitimate citizens getting deported as well.)
Sometimes you’ve gotta throw an wrench in. Let’s hope that there are more.
Good praxis. I hope to see more of these in the future. Corporations are heavily dependent on open source packages and repos and they direct dependencies such as this one. Thousands of developers have ticking bombs in their hands that can be triggered with 0 legal consequences and nobody really acknowledges this.
The code is open source. Anyone who seriously depends on these packages will just fork, first privately, then publicly. It’s ultimately a purely symbolic gesture, good for Seth Vargo, but will have very little tangible impact.
This require hours of human work to be fixed on a global scale. The impact is temporary but very tangible. Clearly a single case is not that relevant but an orchestrated operation disrupts to a much deeper level.
The cost of hours of human work is a drop in the bucket to most companies, and virtually every large corporation. It’s certainly not enough to stop doing business with large clients like ICE.
It’s the cost of missed gains that hurts them, not the cost of fixing the system. Modern disruption praxis for example prescribes to block as many crossings and roundabouts as possible and this is similar to dependencies in a automated process. The damage is not on the extra-salaries of the truckers that won’t deliver the goods, the damage is in the missed sales. It’s not in the hours or days of the salaries of your workers that will be stuck in the traffic, but in the goods and services that you won’t be able to provide to your customers. On top you have all the losses from cross-dependencies in “just-in-time” production pipelines that suffer heavily from minimal disruption of the logistics. Code dependencies are the streets on which the trucks of automated pipelines are running. You don’t have to block all the streets to cause disruption, it’s enough to block a few good ones
Shutting down a github page is nowhere near the same as refusing to do work that’s in a company’s critical path to earn revenue. These corporations already have their code and are using a version of it in production, shutting down a github page doesn’t interfere with that. Revenue continues to be made.
These corporations already have their code and are using a version of it in production, shutting down a github page doesn’t interfere with that.
In this specific case, a common pattern when using Chef is for “recipes” - the code executed on each server being managed - to install and/or update gems at runtime. Removing the package from rubygems.org almost certainly meant that Chef stopped working for a large number of companies (until Chef Inc. contacted RubyGems to restore the package that was removed).
A package is removed by it’s owner, and the package registry takes takes action so that users of the package don’t have to do anything. The major difference here is the package registry giving ownership rights of the package in question to a company, rather than just restoring the package and preventing package removals.
Then all those companies, at least the mature ones, have a serious shortcoming in their service/product delivery system. You shouldn’t rely on rubygems.org being accessible for your services/products to be deliverable and work. We have a dozen employees and could rebuild from scratch within hours with rubygems.org (and related sites) down. If the deletion of a gem impacts you, it’s squarely on you.
This is as tricky one as it is getting at something very important, but may be doing so in a half-assed and ill-thought-out manner.
It’s become quite obvious to me over the last decade or so that programmers have a moral and ethical obligation that we can’t continue to dodge. I’ve witnessed many, many discussions on other tech forums where coders basically threw up their hands and said “Hey, it’s only code. All that other stuff is based on what people do with it.”
Then I’d see some of these same people make a lot of money using that code to manipulate people to stay on their sites, click links, and so forth. If that wasn’t direct enough, we had the facial recognition folks who claimed it was all nerd fun and games. Now that stuff is everywhere, and license plate readers are anathema to a free society, but we have them.
Over the past few months, I watched a speaker online tell me that we tech folks are building weapons. We just don’t want to admit it. At least the folks in the Manhattan Project were honest with themselves about what they were doing. We don’t want to be.
So it’s serious. But is it serious enough for every developer in open source to track down every usage of their code to see if they agree with it? Probably not. That sounds far too chaotic and unprofessional. Yes, my code for running waffle makers may also be used to make french fries, which could cause heart disease and kill people. Does that make me responsible for heart disease? Should I turn off my code because I think it does? No, of course not. There’s a point of silliness that is quickly reached, probably one of the reasons we coders refused to talk about this for so long.
So it’s serious. But is it serious enough for every developer in open source to track down every usage of their code to see if they agree with it? Probably not. That sounds far too chaotic and unprofessional.
Alternatively, they use non-open licenses using the whitelisting model where non-harmful things are allowed by default with examples given of unethical uses they won’t allow. Proprietary vendors already do this except their limitations are things that make it easy to compete with them or otherwise hurt their profits. So, it’s actually very professional given it’s a standard practice of software written by professionals. The same licensing concepts capitalism used for their values can be used for utilitarian values, too.
You are answering a moral question with a legal answer. Do we have the legal frameworks in place to control how our code is used? Sure we do. But the question was much more at the point of creation, what moral and ethical responsibilities do we have when it comes to creation and release, under any legal framework?
So sure, I could write the code to, I dunno, control precision bombs to only kill people who liked Dancing With The Stars, and I could lock that code up so that it could only be used by simulators or something. But by writing and releasing the code itself, should I be concerned that code is freely copyable and could be used for great harm no matter what kinds of license I put on it?
What if it’s used in conjunction with other software? This gets murky quickly. We end up exactly where we are with patents: everybody is technically prevented from doing everything, so big players collect all the rights and then never use them unless they want to control the market. So, assuming this model plays out, what? We assign all rights to EFF or somebody, then they file a lawsuit against some nation for using software in a way the creators didn’t intend?
That feels quite fluffy and ineffective, assuming I were a developer concerned about these matters.
Getting kind of tired of these thinly-veiled off-topic political posts to be quite honest, we’ve had a few of them now. Stick to technology, take your unwanted political views to hacker news.
Ah yes, agreed! Technology is the first known example of Plato’s Perfect Forms. Technology exists on its own abstract, perfect realm that trancends space and time and has no relevance to anything happening in this physical reality.
Stick to technology, I say! And no funny human business!
It’s fine to flag as off-topic and hide the submission so it doesn’t bother you.
While this particular instance and article deals with a current hot-button political issue, the current structure of open source is vulnerable to this sort of disruption. See my comment here, and this comment by @chobeat.
Today’s “This post has no technical merit whatsoever and is pure politics” goes to… this one.
I think pushcx is gonna come in and give all of you a spanking if you’re not careful with the kind of stuff you keep pushing to the front page. Important story? Yes. Interesting? Yes. Technical? No. Lobsters material? No.
The possibility of concerted deletion of repositories by unionized/mobilized tech workers is also a very actual technical problem. I’m not suggesting you should prepare your company to avoid it, quite the contrary, but you know, it’s also a technical problem. It’s also an interesting techinical problem to identify the most disruptive packages that fuel the systemic exploitation performed or enabled by tech companies.
“ I’m not suggesting you should prepare your company to avoid it, quite the contrary”
There’s at least two groups in the anti-politics-on-Lobsters crowd:
Those that genuinely don’t care about it or don’t think it matter.
Those that want it somewhere else so this site is more relaxing or focused on just tech.
The folks in number 1 could use a reality check like what you said. Hell, a bunch of open code not getting supported all at once might even lead to companies actually paying people to maintain the F/OSS. There’s precedent for it where a few projects that were about to go under had large infusions of cash. So, I suggest these developers at companies with piles of money just keep pretending politics doesn’t matter. Or, even better, unionize. :)
I fall into group 2. Politics are an extremely volatile subject and can be incredibly divisive. I would rather not have these types of arguments here. It often derails into something totally unrelated to the original post.
I think I expressed exactly why I think those two things are negative in the previous post. But to try to make it more clear in case you’re sincere, talking politics, especially online, usually descends into name-calling, absolutes, and ultimately derails the conversation from the original post.
I don’t see why it should be the case. I believe it’s more about the relative small size of the community, the invitation mechanism and the general structure of the interaction that keeps the level of the discussion highm
Politics, in every way I’ve seen it discussed on the Internet, enhances the boundaries between tribes even more than they already are. As far as I can tell, we humans aren’t very good at rising above our tribes, especially when it comes to politics. This seems to apply to everyone, regardless of political leanings (although I find those of the left to be the most vocal about it). Tribalism makes it more difficult to have good faith discussions with each other. Even on technical topics, we have our tribes, which makes it hard enough as it is. Politics enhances those tribal boundaries and magnifies the bad blood that comes from it.
It is perfectly reasonable to see how this leads to a community that is unpleasant to participate in for all but the most determined among us. These difficult discussions need to happen somewhere, but it is perfectly reasonable for a group of people to endeavor to avoid the toxicity that comes from this enhanced tribalism in some places. In particular, it is totally reasonable for a group of people to enjoy the privilege of discussing topics other than politics purely so that they might do it at all in a productive fashion. Personally, I see this as the reality that comes from discussing extremely divisive topics that effect us all in profound ways. I continue to hope that lobsters will be one of those places.
All of our current moderators plus the majority of voting Lobsters are in favor of political or other-wise human elements of tech being discussed here. I’m not sure why a few of you keep writing like they don’t exist or that they believe otherwise. You can’t convince anyone of anything by starting from a position that ignores their existing beliefs.
The truth: you, a minority of voters, and I want Lobsters to be tech only with political stuff handled on other sites. The majority does not. It doesn’t even hurt me to say it. It’s the natural progression of sites that start like Lobsters Classic, grow toward Hacker News or Reddit, and eventually toward Youtube or Twitter. Politics and noise grow exponentially with those that don’t like that ignoring/filtering it, splintering off into new places, etc. Lobsters still does it better than most places, though.
And although they profess politics top priority, the submissions and comments are 90+% not politics to focus on their favorite tech subjects. What actually matters to them. There’s one or two people whose submissions line up with their stated, political priorities. So long as the politicos don’t practice what they preach there will be mostly non-political tech stories here and I’ll continue enjoying the site. Case in point: 2 out of 25 stories on front page are political despite all those votes for political content being more important, long-winded posts of importance of social justice, etc. Just a whole bunch of slactivists [1]. Don’t let them worry you.
[1] There’s a few actual activists and folks that stay aiding others who are too busy doing the real thing to submit the stuff here. I always make an exception to that comment for them. I’ve been in that lately as a union guy in a company likely going to strike soon. Getting reluctant people ready for the mental and financial hardship.
I agree with you that it’s a natural progression of sites. I’ve seen it twice: first on Reddit, then on HN.
And the options are to stay silent and give the impression that no one cares, or to speak out. It’s important to speak out, if for no other reason than to stave off the decline for longer.
Also, thank you for your thoughtful comments on this. I feel like a lot of people would rather yell about what they want than analyze the situation. (I regrettably fall into the former category more often than I should.)
You’re welcome and it’s all good. I just like reminding folks on my side to remember how large the pro-politics side is on top of how long we’ve been doing political discussions. If folks don’t, it might offend those that might have listened.
Edit: To be clear, it’s shawn’s position as to why I don’t frequent Lobsters as much. Sorry, the lines crossed and will forever be after 2016. Welcome to the reality a lot of us have been in for a while.
I’m cool with that. I’m a veteran, I did some things while I was in that I’m not proud of in light of information released after I got out. I’ve been there.
Edit: spaces
Edit edit: I did really in English, I swear.
I for sure would frequent it more if there was more politics. Speaking about tech without discussing its politics is like discussing swimming pretending water doesn’t exist
It ceases to be “open source”, as it violates clause 5 of the Open Source Definition - no discrimination against persons or groups.
If such restrictions became commonplace, the shared commons that we’ve all come to enjoy would be replaced by a balkanised set of microlicenses, and you would be forced to check that your intended use did not run against any pet cause of any author, and recheck this every time any package in the transitive closure of your entire stack updated itself.
The fact that we have this shared commons of high-quality code is nothing short of a miracle, built by people who created intellectual plenty by giving what they could, and getting a lot in return. I don’t have to pay thousands of dollars for industrial-grade compilers, or development tools, or for the ability to browse the WWW. The model is facing some tough times at the moment (e.g., cloud value capture), but it’s worth remembering what things were like before we got here, and what we might give up if we make well-intentioned but ill-considered moves.
by a balkanised set of microlicenses, and you would be forced to check that your intended use did not run against any pet cause of any author, and recheck this every time any package in the transitive closure of your entire stack updated itself.
I have to do all kinds of checks to trust and integrate open-source code. Businesses are also investing in license management to do that kind of thing. Just another thing to glance at before I decide what to use. Worst case, I’ll miss out on a particular component whose owner didn’t want me to use. (shrugs)
Still be plenty of ordinarily-licensed software out there old and new with probably little effect from these new licenses. If there’s a big effect, that could be interesting since some parties (esp License Zero) are making new ones to address actual problems in existing ones that undermine existence of and/or continuing development of software. It could go in many directions with some really useful.
Eventually, the prior art might use the phrase “eminent domain.”
Alternatively, they’ll just pirate the software for “national security” like they’ve done before. They could even classify what they’re doing so it couldn’t go to trial.
This is the sad thing, the best “neutral” act in any of these situations will amount to nothing but a gesture. It’s horrible to feel powerless in being used for what you see as evil, and the basic “I quit” gesture is about the best it gets for “civil” reactions.
Ehh, I don’t know. I see where you’re coming from with that. I’m just not going to adopt that mindset if I’m literally giving code out to the world to be used for any purpose. Of course, people are going to use it for purposes I don’t like. If I wanted to prevent it, I’d make it proprietary, shared-source freeware with restrictions on usage, esp centered on avoiding harm.
To me, it looks like another situation where their goals don’t line up with the tools (esp licenses/practices) they use to execute them. That might be fixable if they make them consistent. If it can’t be fixed, they’re just taking things way too personally. One must teach themselves not to do that given how the world works or they might go crazy or just get very depressed.
In security/privacy, we know our tools (esp encryption) will protect the most horrible crimes you can think about on top of many, many, many more good people and things. I’m not advocating weakened security for the latter because some people and groups are human garbage. Detach myself even if it irritates me here and there. This other company probably should, too, to focus on maximizing good they can do. People should be fighting in political sphere to deal with ICE, etc. Takes different techniques.
Make it in such a way that you’d have to rewrite core functionality to patch it out? I hope lobste.rs knows that my suggestion isn’t necessarily a great/serious one.. but then again, internets.
Most users of software don’t want to incur liabilities. See AGPL adoption by companies. Doing this guarantees many potential users who would’ve done good will dodge it since they can’t know what’s next. If supplier is OK with that, then OK and go for it. If not, then don’t do it.
The developer also stated “It’s not my place to tell somewhere where their moral compass should point”, so I suppose he’s merely asking for having some moral code (and, I suspect, ideally one similar to his own), with no statement made about the chef developers.
I don’t think I could delete code that was doing good, even if it was being used to harm.
Cars, video cameras, chef knives, toilets (kids put other kids’ heads in them), products containing water in general, products containing electricity that can be used accidentally/offensively, any tool for communication that can carry hate speech, any tool for computation that can execute evil plans (eg IBM doing logistics for Holocaust)… the list goes on and on.
I’m with you. The techs are usually purpose-neutral. That someone bad uses it is rarely a reason to avoid creating it for the good it can do. I say rarely because mass surveillance, land mines, and nukes all made my list of exceptions. They seem to always do more harm than good. Better to not be invented or at least super-regulated.
The tech wasn’t the issue and it was never claimed to be. It was IBM structuring its relationship with the Nazis so that it would be undetected. Not sure why you would use that as an example.
It was argued at one point that it would be hard for them to pull the logistics off the way they wanted to without support of computers. They loved processes and records. The computers with customized punch cards helped them imprison and execute people more efficiently. Not giving them computers might have reduced harm to their victims or increased problems for the Nazis to some degree.
My examples, though, were a response to the original comment which was tech (“code”) that could be used for evil purposes. Everything in my comment was tech that was used for evil purposes at some point. Also, stuff we’d likely want to keep anyway. That was my point.
“Cars, video cameras, chef knives”, etc are broad categories. This is not a case of someone saying “don’t use computers, because some people use them for bad things”, it’s “this specific product provides value to a particular company that is doing business with someone I find reprehensible”.
That’s a specific instantiation of the general class of things I just describe. Each thing is something that people have or regularly use to harm others. Sometimes themselves. Yet, we as a society choose to keep them around for the good they do and not internalize evils others use them for.
To be more clear, the comparison you make is a specious one – a specific tool being taken down is not at all like banning cars, video cameras, or knives. The things you list are commodities that have more than one use. This is about a particular tool that makes working with one particular other tool easy. Even talking about banning a specific knife or whatever is different, because knives are a more-or-less fungible commodity; this software is not.
It’s stopping the sale of Corvettes because someone used one to run down a kid.
It’s not, but you people seem determined to not understand that. If you want to make an analogy to cars, maybe it would be like someone pulling their Corvette bodykit off the market because Corvette had a giant contract to supply to [some organization that would be objectionable enough for you].
In any case, like Upton Sinclair said, “It is difficult to get a man to understand something, when his salary depends on his not understanding it”, so feel free to ignore this & let your cognitive dissonance tell you I’m just a troll.
Agreeing with animatronic… IBM sold counting machines (the holorinth?) to Germans under a subsidiary. That’s like selling dells to isis.
Nope. Common misconception. Back then, computers were extremely expensive, hard to operate, and low volume. IBM regularly got close to institutions trying to sell them computers. They cut many scheming deals. The guy I originally watched on this stuff had dug up the contract for the sale. It was with the New York part of IBM, not Germany. They also custom made and sold the punch cards that Nazi’s used for their operation. Probably sent people to service the machines, too. Memory getting fuzzy at that point.
Plus, I don’t usually sit at the table with dictators before telling folks they were a random customer. I owned a Dell but never hung with Dell. ;)
[Comment removed by author]
What’s worse, it’s not inconceivable that in a similar situation some well-meaning sabotage (because, let’s be honest–that’s what this is, sabotage) could result in, say, the loss of data records delaying or outright preventing the timely release of people from the camps.
Techies taking the law into their own hands by committing acts of sabotage of this nature are almost assuredly unable to prevent collateral damage.
It was his code, under his name, how is deleting your own copyrighted code from the internet “taking the law into their own hands”?
It wasn’t sabotage in any form, it was protest. They knew full well it would get restored and the license allows it to be used for any purpose.
Sabotage is a form of protest. I’m not even arguing that they’re wrong to be angry–nobody should want kids in camps.
My point is that techies deciding to do actions like this both can’t guarantee the exact impacts of those outcomes and seldom seem to reflect on that point. Everybody cries foul about us making policy with ML/AI…this is not so far afield.
I’d love if we could have this discussion face to face as a group. These kinds of conversations are really really hard online. It’s difficult for everyone not to come across as snarky, pedantic, trite, glib, etc. I struggle with giving others the necessary charity. I do strive to use a tone and form of argument that I would use if I were standing infront of the person. I was in debate, that form of rhetoric is about winning, not about using logic to arrive at the best decisions.
We both know what sabotage is, and this case, deleting the code was protest and not sabotage. Sabotage would be introducing bugs or special cases to actively hurt ICE. Pasting a definition doesn’t make your point stronger.
Of course you can’t guarantee impacts, that is a truism, we can’t even guarantee the code we write has the intended outcome. Putting that requirement on someone before they protest is a hugely imbalanced burden that we apply no where else. I would love it if humanity used science and formal methods to fully understand the impact of our designs and decisions, but we still operate in an open-loop where we react to the problems we cause. No technology is neutral, with every advantage also comes with it a disadvantage, a risk, most of them uncatalogued. My perception of arguments along the lines of the one you are making is that techies should stay in their box working on tools. That there is a clean hierarchical delineation between people (that people are things with labels) and they build technology (neutral) and that it is the application of said technology that does bad things. On the spectrum of applicability, a component of Chef is more neutral than a facial detection library.
Everyone should still have a moral code and realize how the tools they are building could be used. This person was thrust into something they weren’t prepared for, I don’t know how I would react in a similar situation. But the overall impact to ICE was zero and that would be known. This action was purely symbolic act of protest.
Doesn’t the US government have additional rights on other people’s intellectual rights (like patents) in certain cases?
Content produced by the US Government is very often public domain.
During WW1, the US forced patents holders on airplane tech to pool their patents, but patents are intellectual property. State power in the US seldom appropriates private property. Eminent domain is an exception.
Yes, this is technically a type of sabotage, and yes it’s the sort of thing that is likely to damage other entities besides the intended target, but I would oppose eatabliahing a norm where removing one’s own code from a public repo is considered punishable in and of itself. It should be considered the responsibility of the clients of open-source code to make local copies of the code they use, whether that’s an entity the code-author likes or dislikes.
There’s no risk of punishment (the licenses state, among other things, “NO WARRANTY”). I understood friendlysock to mean that developers should keep side effects (such as blocking procedures with positive effects, like getting people out of camps, in undesired organizations) in mind when considering such activities.
I agree with the risk of collateral damage, but see below.
I don’t agree with the term “sabotage” here.
In corporate context, sabotage would be an employee deleting code and backups so that development halts and the company suffers financial or reputational damage.
In this case, Vargo developed the software (apparently when working at Chef), and everyone was best buds and agreed for this to be released as Open Source (I’m assuming that’s a variant of the license used, not a form of the GPL).
Chef proceeded to build their business using software that was out of their direct control, all the while relying on a gentleman’s agreement that Vargo would not impede access to this software.
This is a supply chain problem, not sabotage. Obviously, Chef and others in their situation needs to hedge against contributors to their software stack not taking umbrage to the actions of Chef’s customers. They can do this by keeping local repo copies in the short term, and keeping other developers on retainers to rewrite the software in case a developer removes their repo.
Edit another solution if for the company to identify any repo that is critical to them, and then simply purchase the rights to it (as well as the maintenance overhead, of course) from the developer. Market solution! I love them.
Chef’s business model was to take software written by volunteers for free and package it into a form palatable for corporate customers (and whatever the US term for entities like ICE is), pocketing the proceeds.
Chef assumes the responsibility for maintaining access to the software. Having to hedge against software developer’s “whims”[1] will of course cut into the profit margin of this business. In the long term, it might make sense for companies like Chef to forego open source licensing entirely and develop their stuff in-house, keeping control of the IP. Or they’ll just have contingency plans such as the one outlined above.
[1] I hesitate to use “whim” for Vargo’s decision. But other developers might delete their repos “for the lulz”, to actually sabotage a company per the above, have access to their repos disrupted, or simply delete it all and move to a bunker.
If Chef or any other technology is so key to the core of how ICE works that removing it crippled them, then the protest has proved its point. Imagine applying this cold logic to, say, Japanese internment camps during WWII. (which is not dissimilar to what’s going on now since there are multiple cases of legitimate citizens getting deported as well.)
Sometimes you’ve gotta throw an wrench in. Let’s hope that there are more.
pardon me?
I could definitely see myself doing it to protest a company selling it to do something I disagreed with.
Good praxis. I hope to see more of these in the future. Corporations are heavily dependent on open source packages and repos and they direct dependencies such as this one. Thousands of developers have ticking bombs in their hands that can be triggered with 0 legal consequences and nobody really acknowledges this.
The code is open source. Anyone who seriously depends on these packages will just fork, first privately, then publicly. It’s ultimately a purely symbolic gesture, good for Seth Vargo, but will have very little tangible impact.
This require hours of human work to be fixed on a global scale. The impact is temporary but very tangible. Clearly a single case is not that relevant but an orchestrated operation disrupts to a much deeper level.
The cost of hours of human work is a drop in the bucket to most companies, and virtually every large corporation. It’s certainly not enough to stop doing business with large clients like ICE.
It’s the cost of missed gains that hurts them, not the cost of fixing the system. Modern disruption praxis for example prescribes to block as many crossings and roundabouts as possible and this is similar to dependencies in a automated process. The damage is not on the extra-salaries of the truckers that won’t deliver the goods, the damage is in the missed sales. It’s not in the hours or days of the salaries of your workers that will be stuck in the traffic, but in the goods and services that you won’t be able to provide to your customers. On top you have all the losses from cross-dependencies in “just-in-time” production pipelines that suffer heavily from minimal disruption of the logistics. Code dependencies are the streets on which the trucks of automated pipelines are running. You don’t have to block all the streets to cause disruption, it’s enough to block a few good ones
Shutting down a github page is nowhere near the same as refusing to do work that’s in a company’s critical path to earn revenue. These corporations already have their code and are using a version of it in production, shutting down a github page doesn’t interfere with that. Revenue continues to be made.
In this specific case, a common pattern when using Chef is for “recipes” - the code executed on each server being managed - to install and/or update gems at runtime. Removing the package from rubygems.org almost certainly meant that Chef stopped working for a large number of companies (until Chef Inc. contacted RubyGems to restore the package that was removed).
Wow, so this is the
left-padsituation all over again?It’s a very similar situation, yes.
A package is removed by it’s owner, and the package registry takes takes action so that users of the package don’t have to do anything. The major difference here is the package registry giving ownership rights of the package in question to a company, rather than just restoring the package and preventing package removals.
Then all those companies, at least the mature ones, have a serious shortcoming in their service/product delivery system. You shouldn’t rely on rubygems.org being accessible for your services/products to be deliverable and work. We have a dozen employees and could rebuild from scratch within hours with rubygems.org (and related sites) down. If the deletion of a gem impacts you, it’s squarely on you.
Why don’t we have both?
This is as tricky one as it is getting at something very important, but may be doing so in a half-assed and ill-thought-out manner.
It’s become quite obvious to me over the last decade or so that programmers have a moral and ethical obligation that we can’t continue to dodge. I’ve witnessed many, many discussions on other tech forums where coders basically threw up their hands and said “Hey, it’s only code. All that other stuff is based on what people do with it.”
Then I’d see some of these same people make a lot of money using that code to manipulate people to stay on their sites, click links, and so forth. If that wasn’t direct enough, we had the facial recognition folks who claimed it was all nerd fun and games. Now that stuff is everywhere, and license plate readers are anathema to a free society, but we have them.
Over the past few months, I watched a speaker online tell me that we tech folks are building weapons. We just don’t want to admit it. At least the folks in the Manhattan Project were honest with themselves about what they were doing. We don’t want to be.
So it’s serious. But is it serious enough for every developer in open source to track down every usage of their code to see if they agree with it? Probably not. That sounds far too chaotic and unprofessional. Yes, my code for running waffle makers may also be used to make french fries, which could cause heart disease and kill people. Does that make me responsible for heart disease? Should I turn off my code because I think it does? No, of course not. There’s a point of silliness that is quickly reached, probably one of the reasons we coders refused to talk about this for so long.
More work is needed here.
Alternatively, they use non-open licenses using the whitelisting model where non-harmful things are allowed by default with examples given of unethical uses they won’t allow. Proprietary vendors already do this except their limitations are things that make it easy to compete with them or otherwise hurt their profits. So, it’s actually very professional given it’s a standard practice of software written by professionals. The same licensing concepts capitalism used for their values can be used for utilitarian values, too.
You are answering a moral question with a legal answer. Do we have the legal frameworks in place to control how our code is used? Sure we do. But the question was much more at the point of creation, what moral and ethical responsibilities do we have when it comes to creation and release, under any legal framework?
So sure, I could write the code to, I dunno, control precision bombs to only kill people who liked Dancing With The Stars, and I could lock that code up so that it could only be used by simulators or something. But by writing and releasing the code itself, should I be concerned that code is freely copyable and could be used for great harm no matter what kinds of license I put on it?
What if it’s used in conjunction with other software? This gets murky quickly. We end up exactly where we are with patents: everybody is technically prevented from doing everything, so big players collect all the rights and then never use them unless they want to control the market. So, assuming this model plays out, what? We assign all rights to EFF or somebody, then they file a lawsuit against some nation for using software in a way the creators didn’t intend?
That feels quite fluffy and ineffective, assuming I were a developer concerned about these matters.
Response to incident from Chef blog:
Archive.org of Github repository:
Getting kind of tired of these thinly-veiled off-topic political posts to be quite honest, we’ve had a few of them now. Stick to technology, take your unwanted political views to hacker news.
Ah yes, agreed! Technology is the first known example of Plato’s Perfect Forms. Technology exists on its own abstract, perfect realm that trancends space and time and has no relevance to anything happening in this physical reality.
Stick to technology, I say! And no funny human business!
It’s fine to flag as off-topic and
hidethe submission so it doesn’t bother you.While this particular instance and article deals with a current hot-button political issue, the current structure of open source is vulnerable to this sort of disruption. See my comment here, and this comment by @chobeat.
Today’s “This post has no technical merit whatsoever and is pure politics” goes to… this one.
I think pushcx is gonna come in and give all of you a spanking if you’re not careful with the kind of stuff you keep pushing to the front page. Important story? Yes. Interesting? Yes. Technical? No. Lobsters material? No.
(ง’̀-’́)ง
The possibility of concerted deletion of repositories by unionized/mobilized tech workers is also a very actual technical problem. I’m not suggesting you should prepare your company to avoid it, quite the contrary, but you know, it’s also a technical problem. It’s also an interesting techinical problem to identify the most disruptive packages that fuel the systemic exploitation performed or enabled by tech companies.
I didn’t think about that. Great point. This…
“ I’m not suggesting you should prepare your company to avoid it, quite the contrary”
There’s at least two groups in the anti-politics-on-Lobsters crowd:
Those that genuinely don’t care about it or don’t think it matter.
Those that want it somewhere else so this site is more relaxing or focused on just tech.
The folks in number 1 could use a reality check like what you said. Hell, a bunch of open code not getting supported all at once might even lead to companies actually paying people to maintain the F/OSS. There’s precedent for it where a few projects that were about to go under had large infusions of cash. So, I suggest these developers at companies with piles of money just keep pretending politics doesn’t matter. Or, even better, unionize. :)
I fall into group 2. Politics are an extremely volatile subject and can be incredibly divisive. I would rather not have these types of arguments here. It often derails into something totally unrelated to the original post.
Why are those two things negative?
I think I expressed exactly why I think those two things are negative in the previous post. But to try to make it more clear in case you’re sincere, talking politics, especially online, usually descends into name-calling, absolutes, and ultimately derails the conversation from the original post.
That is true only for toxic communities. While I agree that’s the case I many environments, I don’t see why it should happen here.
Have you considered that the lack of toxicity of Lobsters is due to discouraging political discussions?
I don’t see why it should be the case. I believe it’s more about the relative small size of the community, the invitation mechanism and the general structure of the interaction that keeps the level of the discussion highm
Politics, in every way I’ve seen it discussed on the Internet, enhances the boundaries between tribes even more than they already are. As far as I can tell, we humans aren’t very good at rising above our tribes, especially when it comes to politics. This seems to apply to everyone, regardless of political leanings (although I find those of the left to be the most vocal about it). Tribalism makes it more difficult to have good faith discussions with each other. Even on technical topics, we have our tribes, which makes it hard enough as it is. Politics enhances those tribal boundaries and magnifies the bad blood that comes from it.
It is perfectly reasonable to see how this leads to a community that is unpleasant to participate in for all but the most determined among us. These difficult discussions need to happen somewhere, but it is perfectly reasonable for a group of people to endeavor to avoid the toxicity that comes from this enhanced tribalism in some places. In particular, it is totally reasonable for a group of people to enjoy the privilege of discussing topics other than politics purely so that they might do it at all in a productive fashion. Personally, I see this as the reality that comes from discussing extremely divisive topics that effect us all in profound ways. I continue to hope that lobsters will be one of those places.
All of our current moderators plus the majority of voting Lobsters are in favor of political or other-wise human elements of tech being discussed here. I’m not sure why a few of you keep writing like they don’t exist or that they believe otherwise. You can’t convince anyone of anything by starting from a position that ignores their existing beliefs.
The truth: you, a minority of voters, and I want Lobsters to be tech only with political stuff handled on other sites. The majority does not. It doesn’t even hurt me to say it. It’s the natural progression of sites that start like Lobsters Classic, grow toward Hacker News or Reddit, and eventually toward Youtube or Twitter. Politics and noise grow exponentially with those that don’t like that ignoring/filtering it, splintering off into new places, etc. Lobsters still does it better than most places, though.
And although they profess politics top priority, the submissions and comments are 90+% not politics to focus on their favorite tech subjects. What actually matters to them. There’s one or two people whose submissions line up with their stated, political priorities. So long as the politicos don’t practice what they preach there will be mostly non-political tech stories here and I’ll continue enjoying the site. Case in point: 2 out of 25 stories on front page are political despite all those votes for political content being more important, long-winded posts of importance of social justice, etc. Just a whole bunch of slactivists [1]. Don’t let them worry you.
[1] There’s a few actual activists and folks that stay aiding others who are too busy doing the real thing to submit the stuff here. I always make an exception to that comment for them. I’ve been in that lately as a union guy in a company likely going to strike soon. Getting reluctant people ready for the mental and financial hardship.
I agree with you that it’s a natural progression of sites. I’ve seen it twice: first on Reddit, then on HN.
And the options are to stay silent and give the impression that no one cares, or to speak out. It’s important to speak out, if for no other reason than to stave off the decline for longer.
Also, thank you for your thoughtful comments on this. I feel like a lot of people would rather yell about what they want than analyze the situation. (I regrettably fall into the former category more often than I should.)
You’re welcome and it’s all good. I just like reminding folks on my side to remember how large the pro-politics side is on top of how long we’ve been doing political discussions. If folks don’t, it might offend those that might have listened.
This is why I don’t frequent Lobsters as much.
Edit: To be clear, it’s shawn’s position as to why I don’t frequent Lobsters as much. Sorry, the lines crossed and will forever be after 2016. Welcome to the reality a lot of us have been in for a while.
You don’t frequent it because there’s not enough politics?
There’s not enough of a realization or acceptance by the audience that their code has implications beyond their systems.
What if I’m totally ok with building weapons?
I’m cool with that. I’m a veteran, I did some things while I was in that I’m not proud of in light of information released after I got out. I’ve been there.
Edit: spaces Edit edit: I did really in English, I swear.
Everyone realizes this.
You don’t frequent it because there’s not enough politics?
I for sure would frequent it more if there was more politics. Speaking about tech without discussing its politics is like discussing swimming pretending water doesn’t exist
Why not introduce something that prevents it from running in conditions that are likely met when the system/config is an ICE thing?
I think the easiest path would be to adapt what Mozilla did with the MPL/GPL/LGPL tri-license to explicitly deny certain groups.
Any prior art here to look at?
It ceases to be “open source”, as it violates clause 5 of the Open Source Definition - no discrimination against persons or groups.
If such restrictions became commonplace, the shared commons that we’ve all come to enjoy would be replaced by a balkanised set of microlicenses, and you would be forced to check that your intended use did not run against any pet cause of any author, and recheck this every time any package in the transitive closure of your entire stack updated itself.
The fact that we have this shared commons of high-quality code is nothing short of a miracle, built by people who created intellectual plenty by giving what they could, and getting a lot in return. I don’t have to pay thousands of dollars for industrial-grade compilers, or development tools, or for the ability to browse the WWW. The model is facing some tough times at the moment (e.g., cloud value capture), but it’s worth remembering what things were like before we got here, and what we might give up if we make well-intentioned but ill-considered moves.
I have to do all kinds of checks to trust and integrate open-source code. Businesses are also investing in license management to do that kind of thing. Just another thing to glance at before I decide what to use. Worst case, I’ll miss out on a particular component whose owner didn’t want me to use. (shrugs)
Still be plenty of ordinarily-licensed software out there old and new with probably little effect from these new licenses. If there’s a big effect, that could be interesting since some parties (esp License Zero) are making new ones to address actual problems in existing ones that undermine existence of and/or continuing development of software. It could go in many directions with some really useful.
Eventually, the prior art might use the phrase “eminent domain.”
Alternatively, they’ll just pirate the software for “national security” like they’ve done before. They could even classify what they’re doing so it couldn’t go to trial.
This is the sad thing, the best “neutral” act in any of these situations will amount to nothing but a gesture. It’s horrible to feel powerless in being used for what you see as evil, and the basic “I quit” gesture is about the best it gets for “civil” reactions.
Ehh, I don’t know. I see where you’re coming from with that. I’m just not going to adopt that mindset if I’m literally giving code out to the world to be used for any purpose. Of course, people are going to use it for purposes I don’t like. If I wanted to prevent it, I’d make it proprietary, shared-source freeware with restrictions on usage, esp centered on avoiding harm.
To me, it looks like another situation where their goals don’t line up with the tools (esp licenses/practices) they use to execute them. That might be fixable if they make them consistent. If it can’t be fixed, they’re just taking things way too personally. One must teach themselves not to do that given how the world works or they might go crazy or just get very depressed.
In security/privacy, we know our tools (esp encryption) will protect the most horrible crimes you can think about on top of many, many, many more good people and things. I’m not advocating weakened security for the latter because some people and groups are human garbage. Detach myself even if it irritates me here and there. This other company probably should, too, to focus on maximizing good they can do. People should be fighting in political sphere to deal with ICE, etc. Takes different techniques.
Lerna added a clause banning usage by ICE collaborators. The change was reverted the following day.
If hostname == “ice” go boom();
Because that can’t be trivially patched out? How much do you need to know about the ICE config to write such a test to begin with?
The hope is that they execute it before they notice it’s there.
Make it in such a way that you’d have to rewrite core functionality to patch it out? I hope lobste.rs knows that my suggestion isn’t necessarily a great/serious one.. but then again, internets.
Hitting everyone because there’s a high chance this 1 evil person will be hit as well? I’m not sure I can see many advantages of such action.
It’s hitting everyone to attract their attention and accrue bad rep for Chef. It’s working.
Most users of software don’t want to incur liabilities. See AGPL adoption by companies. Doing this guarantees many potential users who would’ve done good will dodge it since they can’t know what’s next. If supplier is OK with that, then OK and go for it. If not, then don’t do it.
Do the chef developers have no moral code or a different moral code?
The other developers? Undefined.
Chef the company? Pretty clear.
The developer also stated “It’s not my place to tell somewhere where their moral compass should point”, so I suppose he’s merely asking for having some moral code (and, I suspect, ideally one similar to his own), with no statement made about the chef developers.
This is peak tone-deaf pedantics
[Comment removed by author]
Explain this tone please, I can’t seem to hear it either.