Re: Sweepstake
Heh.
In any case, I'm guessing we have a new student of the Streisand Effect. Kik is going to find out the hard way what it costs to stir a dev's nest.
Who knows, might even teach a lawyer or two a lesson.
Programmers were left staring at broken builds and failed installations on Tuesday after someone toppled the Jenga tower of JavaScript. A couple of hours ago, Azer Koçulu unpublished more than 250 of his modules from NPM, which is a popular package manager used by JavaScript projects to install dependencies. Koçulu yanked his …
...said library call would be compiled into your local image, not yanked in from a remote site in most languages. However I'm not aware of many languages supporting standard libs with a leftpad function so you'd actually write your own, inline that 1 liner function or embed it in higher level string formatting.
I agree with what you are saying, but there is also the possibility a library is full of bloat and dependencies and 'who knows what' and, if an external resource as here, could disappear at any instant or change in some unexpected way which breaks things.
It's not a binary choice of use libraries or don't, it's a more complicated matter than that.
I was surprised how much broke for what is such a simple function which I would have in-lined myself. In this case the library could be restored, but it would have been a different matter if it could not have been.
Hopefully this will be a wake-up call for those who slavishly use third-party libraries without ever considering the consequences of doing so.
In my case, even the ones I "supposedly wrote" can be found in "The Art of Computer Programming" [Knuth] or the literature since. I pretty much wrap it all in validation code and off I go to the next piece. I've had to create whopping two original algorithms in my life to date. I even comment in the code as to where I got something and why I'm using that particular code. To me, that's just being [1] honest and [2] letting the maintainers have a heads up if some future "better technique" should come along and where to fix it.
I'm an engineer which means I build things with the tools and components that Computer Scientists have developed to date. Ain't any different than my approach to nuclear, or any other field of, engineering. Yeah, I really can do the theory end of things (extremely well in truth) but that is not how I want to spend my time, thank you very much.
Given how development is done these days, I'm actually surprised there wasn't truthfully much more breakage. Dreamweaver (a tool I used to beta regularly for Macromedia way back when) was a leading indicator of where web coding was headed.
"Sounds Kool. Where'd the name come from."
I keep seeing on my travels and thought what a clever word.
Kik.co.uk
Kik-Kid.nl
kik-textilien.com
kikschools.org
kikik.net
kikradio.com
...
I wonder if the lawyers sent all of these a threatening email...
I naively thought the whole point of OSS was that the developer(s) couldn't one day just throw a wobbler and tell you that you couldn't use the code anymore. Or suddenly decide to charge you loads of money. Not, of course, mentioning any names such as Microsoft.
As far as I can see this developer has had a spat with the firm hosting the code, and made it very public by pulling all his code from the repository. Obviously effective from the article here.
Just needs someone else to pick up the code and re-publish.
As already commented, hopefully this will make developers think a bit more about where their code comes from. Then again this does make for very Agile coding.
> I naively thought the whole point of OSS was that the developer(s) couldn't one day just
> throw a wobbler and tell you that you couldn't use the code anymore.
...
>made it very public by pulling all his code from the repository
...
>Just needs someone else to pick up the code and re-publish.
But from the bottom of the article:
"Meanwhile, Oakland-based Koçulu has hosted his work on GitHub. "
so it is all still published and accessible - just not from NPM. Ok, that "just" seems to lead to some fun times...
"I naively thought the whole point of OSS was that the developer(s) couldn't one day just throw a wobbler and tell you that you couldn't use the code anymore."
Open Source means exactly what it says on the tin. The Source is Open for all to see. Depending on how it's licensed, that may be all you can do with it. Look. More likely, it will be licensed in a way you can use it and even redistribute it, but there are likely other terms and conditions attached such as "paying back" your changes, or always attributing the original author, or making your own code which uses the licensed code use the same or a similar licence, or any of a million other conditions. It's quite rare for OSS to be completely free simply because in some jurisdictions that means someone else can come along and copyright/patent/trademark it and effectively legally steal it from you. If you want your code to be free for all to use then you have to release it with a licence stating that it's free to use and modify but that you retain your original rights over the original code at the very least.
If you search for "npm as user", one of the top results is a page I wrote in 2011. Five years later, NPM still wants to be installed as root. WTF.
I could easily unpublish this page -- linked to by a bunch of Stackoverflow answers and so forth -- and there's not a damn thing anyone can do to get it back because it says "All rights reserved" at the bottom. And if I unpublish in protest, I *will* follow up with takedowns if anyone reposts it.
I think I'll leave it for now. It's not exactly a ringing endorsement :)
This piece of code is a trivial function that I'd use as part of a standard library package, its not some kind of carefully crafted software component.
Is this what programming has degenerated into? A random collection of source code fragments, each owned and guarded by some individual (or, worse, some corporation)? Doesn't this show the inherent weakness in relying on distributed script fragments for a code distribution? Doesn't it highlight what a mess Javascript is -- its worse than BASIC because at least BASIC doesn't have pretensions towards being a properly structured language.
"Is this what programming has degenerated into?"
Nope. It is what JavaScript has degenerated into and it is debatable whether it has actually degenerated. It has always been the case that if your JS program is more than a hundred lines long then you've probably chosen the wrong language. At the time JS was introduced, it was intended to let you fine-tune a web-page with a few DHTML events, but if you wanted to do any actual programming then *obviously* you'd use a proper language and Java was available.
Sun and Oracle between them have more or less killed off Java in the browser (with years of consistently shit implementations and legal barriers to third parties doing something better), so *now* we have no other language for this platform except JS. The fact that no-one is sufficiently worried to fix this problem means either that nothing important is actually done using browser-side code or that everyone involved is an idiot. You choose.
Edit: For the avoidance of doubt, I should say that I *like* JS. It's typeless nature makes it really good for really small tweaks, which was its intended domain. I'm just aware that the same characteristics make it really bad for anything really large.
this problem was created by lazy J.S. code authors.
Think about it: how hard _IS_ it to write your OWN 'left script' function? Well, if you KNOW how to CODE, it's trivial.
But you see all of these javascript 'things' out there depending on other 'things', which depend on other 'things', apparently TRIVIAL things, because nobody knows how to CODE any more [except for a handful of 'thing' authors].
Everyone ELSE is just chaining up a bunch of 3rd party schtuff into an "app" and calling THAT 'coding'.
This has grown into a kind of 'DLL Hell' for Javascript. Personally, I'm *GLAD* to see this happen, because I'm *SICK* and *TIRED* of the *ABUSE* of scripting on the web.
For safety, I surf with the NoScript plugin BLOCKING it, unless I see some compelling reason to ENABLE scripting, and on a site by site basis. Example, I have to enable SOME of the scripting [and temporarily unblock cookies] to post HERE.
As a result, my pathetic-bandwidth connection isn't hauling gigabytes of CRUFT behind every web site I visit, with that CRUFT being MOSTLY due to embedded TRACKING and ADS anyway. (who wants THAT downloaded, especially if it causes 'overages' in your bandwidth cap)
CDN's are equally *EVIL*, like enablers of script addicts. It's hard to say WHAT gets enabled if you unblock one of them.
Often it makes a *LOT* more sense to host the script YOURSELF, on YOUR web server, and maintain it YOURSELF, and trim out everything you DO NOT NEED, instead of relying on CDNs to refresh that MONOLITHIC MONSTROSITY library every time someone adds a comment or changes spelling in some text thing, forcing *THE* *WORLD* to waste MORE bandwidth re-downloading the "package" because it's not smart enough to only refresh 'small changes'. Or whatever.
[OK some of this is exaggerated to make a point]
But, if it's possible that "3rd party thing" can BREAK YOUR WEB SITE, you should WAKE UP NOW and FIX this problem (host script on YOUR server), instead of waking up at 0-dark-30 in the middle of a hangover when your cell phone won't stop ringing, and it's work calling, and YOU have to fix it (and it's not YOUR fault - except that you used "that library").
Kik's head of messenger has posted his version of the story on Medium:
https://medium.com/@mproberts/a-discussion-about-the-breaking-of-the-internet-3d4d2a83aa4d#.lblcg37oa
With liberal sprinklings of my favourite twattisms; "awesome" and "reaching out", it's only helped reinforce my impression that KIK are the dicks of this piece of drama.
Definitely there are a lot of dicks: Kik.com/KIK Interactive (and patent agent) are the really big one's throwing their weight around for little real reason, NPM in the way they handled their end of the matter and 'Azer' who's responses don't do much to encourage people to support his case...
A quick look at the EU trademark database ( https://euipo.europa.eu/eSearch/#basic/1+1+1+1/50+50+50+50/KIK ) shows that they aren't the only company to have 'KIK' as a trademark and the others have been registered for longer...
A further search gives a total of 10 trademarks registered in the name of Kik Interactive/Kik.com
( https://euipo.europa.eu/eSearch/#details/owners/470259 ) - these include: KICK, KEEK and K...
Best summed up by this post, I believe....
Will Fife
20 hrs ago
Kik -> Azer: We want your name.
Azer -> Kik: Nope, already have an open source project
Kik -> Azer: We’ll sue you and make your life a living hell… but really we are nice people.
Azer -> Kik: Go AWAY
Kik -> NPM: Halp, developer mean :(
NPM -> Azer: Company nice… help us make friends with company.
Azer -> Kik: Fine… 30k and I’ll do whatever you want… everyone has a price.
Kik -> NPM: LAAAAAWWWYYYEEERRRSSS!!!! But really we are nice.
Kik -> NPM Developer mean :(
Kik -> NPM: LAAAAAWWWYYYEEERRRSSS!!!! Developer mean :(
NPM -> Azer/Kik: Sorry bro… Company nice.. company have lots of users.. sucks2bu. Kik.. tell me where to send the stolen goods.
Kik -> NPM: Thanks.
Azer -> NPM: Fine… I’ll take my ball and go home.
So, no it wasn’t just a polite request, once you threaten with Lawyers, its not polite anymore and its not a request. Your app has been uninstalled, and I hope all the bad press you receive destroys your brand completely.
Well, from reading the email exchanges made public and so on, it looks like everyone involved is coming off as a dick.
Koçulu seems to be less than professional and not particularly polite in his responses. The Kik people seem to have opened by threats of legal action if they didnt get what they wanted. When they offered compensation, Koçulu asked for $30K, and there was no negotiation on either side.
It would have been easier for Kik to have opened with "we'd like to take over the name, because trademark, and offer $10k in compensation". Even paying the asked $30k would have been so much easier and amicable all round. And, Koçulu should have responded a bit more professionally to the initial contacts, and not throw his toys out of the pram so soon - though I doubt anyone could have predicted how much would break from his removing the code.
> Koçulu seems to be less than professional and not particularly polite in his responses.
That.
Not impressed with Kik and not entirely convinced by NPM either.
But frankly when interacting with a community there's a minimum degree of politeness required and interacting with a business a minimum degree of professionalism.
Koçulu displayed neither and stamping his feet and taking his toys elsewhere just reinforced that impression.
Koçulu displayed neither and stamping his feet and taking his toys elsewhere just reinforced that impression.
He's probably done the rest of the world a favour though, assuming the world wakes up and takes notice. At least the pitfalls of using something hosted elsewhere have been highlighted. If you want it, it should be on your own server. If the licence doesn't let you host your own copy then don't use it, because you are vulnerable to it going away or being replaced by something dodgy.
"At least the pitfalls of using something hosted elsewhere have been highlighted. If you want it, it should be on your own server."
I think it was demonstrated about 5 seconds after the web was invented that if you depend on an image from a third-party site then the site can replace your image with something defamatory. Translating that experience to "code from a third-party site" doesn't seem a very big leap IMHO.
On the other hand, I suspect that if web browsers started refusing to load images from third-party sites, we'd discover that people hadn't learned this lesson at all. (There must be a Firefox extension that flags up cases where this is being done, but it probably counts as a terrorism tool now.)
So my guess is that *we* already knew that third-party code was a rubbish idea, just as *we* know about source code version control systems. But I'm sure there are a lot of people out there whose web-sites were hit by this and who told their bosses in all honesty that it wasn't a problem with *their* web-site. It was a problem elsewhere and could (and did) have happened to anyone.
I suspect that if web browsers started refusing to load images from third-party sites,
We get THIS ;-)
"""
Here’s The Thing With Ad Blockers
We get it: Ads aren’t what you’re here for. But ads help us keep the lights on.
So, add us to your ad blocker’s whitelist or pay $1 per week for an ad-free version of WIRED. Either way, you are supporting our journalism. We’d really appreciate it.
"""
I got name-clashed by MySQL (and now MariaDB too) no less - they include a binary called "replace" (despite almost all their binaries having a "mysql" prefix), which was first shipped years after the "replace" utility I wrote was released. A polite request from me asking them to rename it to "mysqlreplace" was ignored, which is annoying because MySQL's replace command is not good to say the least...
To show that some people can see the humour in all this, someone has just added a joke Python version of left-pad to Pypi. https://pypi.python.org/pypi/left-pad/
However he also says: "Make sure to add left-pad to your dependencies in your next project. Or, if you want to reinvent the wheel, go ahead and try to do it with the standard library. s.rjust(len(s) + 2, '+')"
I had a look at the source, and it's just a one line function wrapper around the standard "rjust" string method.
One of the really WTF issues with this whole thing is that such a trivial feature has been such a popular third party Node.js module.
Apache Java StringUtils has a leftPad which bears a lot of resemblance to the Node.js version. I suspect the Node.js Javascript version was inspired by the Apache Java version.
I hate when people think that older = smarter.
Why do you need to link javascript with "kids".
As someone mentioned, get down off your high horses.
Be humble, learn from the youngers, from the older.
Life is made of experiences, not of how long you have lived doing nothing, watching TV or stuck in your bubble of old-days tech and languages.
The more you talk about all this stuff from the past, trying to look smarter or the knowledge king, more you look like a kid, trying to get acceptance and reward in the world that you wrongly think you don't fit anymore.
"I hate when people think that older = smarter.
Why do you need to link javascript with "kids"."
False. Older = More experience, so they don't do stupid stuff like this.
Because no-one older than 30 is using javascript (with 2 year experience, on average), it's literally for youngsters. From my point of view these people are kids.