Most active commenters
  • Alex3917(3)
  • jstarfish(3)
  • jacquesm(3)

←back to thread

“I'm basically giving myself a permanent vacation from being BDFL”

(mail.python.org)
2024 points randlet | 33 comments | 12 Jul 18 15:22 UTC | HN request time: 0.967s | source | bottom
Show context
bla2 ◴[12 Jul 18 16:02 UTC] No.17515883[source]
> I don't ever want to have to fight so hard for a PEP and find that so many people despise my decisions.

Leading a large open source project must be terrible in this age of constant outrage :-(

replies(9): >>17515955 #>>17515972 #>>17516193 #>>17516427 #>>17516776 #>>17516884 #>>17517282 #>>17517716 #>>17517821 #
sjm-lbm ◴[12 Jul 18 16:09 UTC] No.17515955[source]
It's PHP and not Python, but every time I read something like this from a major open source figure, I always think of this old PHP mailing list thread:

https://bugs.php.net/bug.php?id=50696

replies(8): >>17516108 #>>17516130 #>>17516216 #>>17516240 #>>17516461 #>>17516708 #>>17516836 #>>17517666 #
1. Y_Y ◴[12 Jul 18 16:24 UTC] No.17516108[source]
That's a good read. I feel like the "customer is always right" mentality does quite a bit of harm to OSS support.

Also reminds me of that dev (who I can't seem to search up) who had their email printed as part of a open-source software license in a car manual and would get ridiculous email from people who had car trouble.

replies(6): >>17516199 #>>17516206 #>>17516230 #>>17516371 #>>17516964 #>>17517308 #
2. JdeBP ◴[12 Jul 18 16:30 UTC] No.17516199[source]
* https://news.ycombinator.com/item?id=16393228 * https://news.ycombinator.com/item?id=16763618
3. ranko ◴[12 Jul 18 16:31 UTC] No.17516206[source]
You're probably thinking of Daniel Stenberg of curl fame:

https://daniel.haxx.se/blog/2016/11/14/i-have-toyota-corola/

replies(1): >>17517807 #
4. ◴[12 Jul 18 16:33 UTC] No.17516230[source]
5. krylon ◴[12 Jul 18 16:45 UTC] No.17516371[source]
OTOH, way back, when I had a TV receiver card by Hauppage, and a new Linux kernel broke something, I posted a description of my troubles on Usenet, and within 24 hours, the person who had written the Video4Linux subsystem replied asking for more details (which I gladly provided), and a few days later, the bug was fixed.

That, I think, was the most awesome "customer support" experience of my life. I did make a point of being polite about it, however, which I consider a ground rule for dealing with people, especially if I want something from them.

But it was so awesome to post to a random usenet group about a driver problem and have the person who wrote the driver personally approach you for details. You don't get that with Windows, for sure. ;-)

replies(4): >>17517050 #>>17517497 #>>17517581 #>>17519508 #
6. Alex3917 ◴[12 Jul 18 17:48 UTC] No.17516964[source]
> "customer is always right" mentality does quite a bit of harm to OSS support.

It goes both ways. All too often people promote their new library on HN and Reddit, wait until a bunch of people are using it as a dependency, and then abandon it without even telling anyone whether or not it’s abandoned.

replies(2): >>17517068 #>>17517252 #
7. kwhitefoot ◴[12 Jul 18 17:57 UTC] No.17517050[source]
I had the same experience. Suddenly Emacs Gnus reader stopped working, about 11:00 on a Friday morning. I posted the bug and had a reply from Lars Ingebrigtsen with an explanation and a workaround by 13:00. I think it was fixed by the beginning of the following week.

My experience of trying to get help from Microsoft on the other hand is, well let's just say not quite so impressive; they kept me on hold for 45 minutes once and never did solve my problem.

replies(1): >>17517426 #
8. jstarfish ◴[12 Jul 18 18:00 UTC] No.17517068[source]
Not using toy libraries for production systems is a lesson every young developer learns early on in their career.
replies(3): >>17517183 #>>17517245 #>>17517678 #
9. jacquesm ◴[12 Jul 18 18:15 UTC] No.17517183{3}[source]
Fortunately every young developer is also schooled extensively in telling toy libraries apart from serious ones.
replies(3): >>17517708 #>>17517858 #>>17519660 #
10. passiveincomelg ◴[12 Jul 18 18:22 UTC] No.17517245{3}[source]
In what parallel universe are you and how do I find the next wormhole to get there? :)
replies(1): >>17517728 #
11. cf498 ◴[12 Jul 18 18:22 UTC] No.17517252[source]
There is a fundamental difference between the extreme of stuff like GnuPGP, OpenSSL and other extreme of stuff someone created over the weekend and was nice enough to make available

I dont want to know, how much of core infrastructure is resting on the shoulder of overworked and burned out BDFL. This isnt a ego complex in most cases, but the knowledge that without someone with their commitment working at the project it will crumble.

12. bsg75 ◴[12 Jul 18 18:28 UTC] No.17517308[source]
An interesting debate: Are _users_ of FOSS "customers" ?
replies(1): >>17518102 #
13. undseg ◴[12 Jul 18 18:41 UTC] No.17517426{3}[source]
Back in the days Microsoft would have amazing customer support. And I'm talking about "API customers", many times I've seen them go out of their way to fix third party programs not working correctly by adapting their platform, it was a very efficient process. I guess that doesn't work as well at their current scale, or they care less because they're not building up market share.
replies(2): >>17517534 #>>17517999 #
14. eithe ◴[12 Jul 18 18:48 UTC] No.17517497[source]
I used to have similar experience with most of the free source (that, or silence when project got abandoned), until Laravel, where I was yelled at because somebody apparently needed an ego boost that day. I still love the framework, but I don't think I'll be trying to reason there anymore. Still - maintaining projects most of the time is unappreciated job, so kudos if you do it
15. marris ◴[12 Jul 18 18:55 UTC] No.17517534{4}[source]
> go out of their way to fix third party programs not working correctly by adapting their platform, it was a very efficient process

This kind of thing probably doesn't even scale with itself, since there are only so many acrobatics your code can go through before no one can even understand why it's doing something, let alone add new workarounds. So the first K broken programs get special treatment, and the others face a much higher bar to get the same treatment.

16. Kadin ◴[12 Jul 18 19:00 UTC] No.17517581[source]
Yep. This attitude isn't dead, assuming you approach the developer via the right/preferred venue, and are polite, and they are still actively maintaining the project. And it really helps if you give a thorough bug report!

I recently submitted a bug report to a fairly niche OSS package that I use, and within a few hours the author replied (on GitHub) something like "oh wow, yeah that's an edge case but I definitely want to fix it, can you send me the test data you used..." and once I gave him the test data, he had it fixed in two hours and now anybody who grabs the source won't have to deal with that bug.

It was great, and even though I didn't do anything except write up a bug ticket properly (the same way I'd expect anyone on my team at work to do it), the software is a little better now.

17. Alex3917 ◴[12 Jul 18 19:12 UTC] No.17517678{3}[source]
If you put something out there and no one uses it then fine. But once it has hundreds of commits and issues and over 1,000 stars on GitHub, then I think you have some responsibility to people using the thing you’ve created -- if you’ve been actively promoting it as something everyone should use.
replies(2): >>17517913 #>>17518331 #
18. janoc ◴[12 Jul 18 19:15 UTC] No.17517708{4}[source]
And why isn't the young developer being mentored by someone more senior before introducing a new dependency into a business critical system?

Why is what amounts to a clear project management failure the problem of some open source developer who has published their personal pet project?

If dependencies aren't reviewed before being used, how does such organization handle software license compliance (whether OSS or proprietary), for example?

A clear cut case of trying to shift blame for own failings onto an unpaid volunteer that has helped to save the commercial developer time and money, IMO.

replies(2): >>17517787 #>>17518188 #
19. janoc ◴[12 Jul 18 19:17 UTC] No.17517728{4}[source]
Well, that people don't do such things is not really the fault (nor problem) of the developer of that toy library, IMO.

Nobody else but you alone can ensure that your project is managed and developed properly.

20. jacquesm ◴[12 Jul 18 19:24 UTC] No.17517787{5}[source]
> And why isn't the young developer being mentored by someone more senior before introducing a new dependency into a business critical system?

Some critical assumptions:

- a more senior dev is available

- has time

- understand the system well enough to judge the impact

- is actually a better developer than the junior (in spite of being older / in the game longer)

> Why is what amounts to a clear project management failure the problem of some open source developer who has published their personal pet project?

It isn't, that was the point.

> If dependencies aren't reviewed before being used, how does such organization handle software license compliance (whether OSS or proprietary), for example?

Some critical assumptions:

- organizations keep a close eye on developers incorporating code under various licenses

- the people keeping an eye on that are qualified to make the calls

- the resources to keep an eye on this are available

> A clear cut case of trying to shift blame for own failings onto an unpaid volunteer that has helped to save the commercial developer time and money, IMO.

Sure. But that doesn't mean these things don't happen just about everywhere, many times per day.

It is rare to find a company where all of the assumptions labelled above are true all the time. And that's where the problem lies.

It's a clear case of there being no difference between theory and practice in theory but in practice there is, and rather a lot of it. Everybody knows in theory how software should be developed, but in practice hardly anybody actually does it that way. They're either out of time, options or qualifications (or all three) and they will do the job anyway.

That doesn't excuse it, but it does help you to understand it.

21. luhn ◴[12 Jul 18 19:26 UTC] No.17517807[source]
Ha, hadn't seen that one before. I did enjoy this related post about him hacking someone's Instagram. https://daniel.haxx.se/blog/2016/01/19/subject-urgent-warnin...
22. gaius ◴[12 Jul 18 19:33 UTC] No.17517858{4}[source]
Then explain nodejs and MongoDB existing in production systems?

Or did you forget the /s...

replies(1): >>17517882 #
23. jacquesm ◴[12 Jul 18 19:35 UTC] No.17517882{5}[source]
> Or did you forget the /s...

Yep. It's been a long day after a particularly long week. I will take a break from HN, too much on my mind. Thanks for the reminder.

replies(1): >>17518713 #
24. titanix2 ◴[12 Jul 18 19:37 UTC] No.17517913{4}[source]
No they aren’t. The code is open source anyway so if the dependency is important enough for your project, fork it. Or pay for support.
25. TheDauthi ◴[12 Jul 18 19:45 UTC] No.17517999{4}[source]
They once shipped my company a custom MSVCRT.DLL to fix a crash bug in a third-party application under heavy load. True, it was a bug in the C runtime itself, but they got us a fix for it about a day after we (along with the third party) got in touch with them.

Just a few years later my team had to contact them for a BSOD that kept happening after one of their patches. We were put off for about a week before throwing our hands up on it.

26. dhimes ◴[12 Jul 18 19:56 UTC] No.17518102[source]
I think "consumers" is the better term.
27. rhizome ◴[12 Jul 18 20:08 UTC] No.17518188{5}[source]
And why isn't the young developer being mentored by someone more senior before introducing a new dependency into a business critical system?

Because they're already the senior. CEO said it shouldn't be that hard, and besides, they only wanted to pay $40K/yr.

28. jstarfish ◴[12 Jul 18 20:27 UTC] No.17518331{4}[source]
It's a free product, not a child support obligation. Even if you do walk away, it's open source and can be maintained by anybody interested in stepping up. This is the price of adoption, not guaranteed updates for life from the creator.

But I get where you're coming from. It's even worse on Steam, where developers will actually collect money during the "early access" phase and then walk away once a (closed-source) tech demo is half-complete.

replies(1): >>17518396 #
29. Alex3917 ◴[12 Jul 18 20:38 UTC] No.17518396{5}[source]
> This is the price of adoption, not guaranteed updates for life from the creator.

I’m not saying anyone should be obligated to do free work. This issue is that most people don’t feel comfortable publishing a public fork without the blessing of the creator, or at least knowing the creator no longer intends to work on the project in the near future. So you end up with these situations where there are thousands of people running production systems with unmerged security patches because the creator can’t be bothered to spend 30 seconds to write a one sentence reply to an email.

Short of being in a coma, I consider that toxic behavior.

And just to be clear I’m taking about situations where there are lots of open PRs but no signs of life for months or years on end, not situations where the creator just went on vacation for a few weeks.

replies(1): >>17519628 #
30. gaius ◴[12 Jul 18 21:20 UTC] No.17518713{6}[source]
Have a great weekend, catch you on the flipside
31. bigger_cheese ◴[12 Jul 18 23:39 UTC] No.17519508[source]
Years ago I purchased a motherboard with a built in Raid controller. There were no drivers for it in mainline Linux kernel but there was code for a kernel module on the chipset vendor (Via's) website. The provided code wouldn't compile because there was a bug.

People from Fedora IRC channel helped me live debug the code over irc and we found the bug and were able to get code to compile and my raid controller working. Was an awesome experience.

32. lstodd ◴[13 Jul 18 00:07 UTC] No.17519628{6}[source]
eww, that's called entitlement.

no one promised you anything. you merged some code into your project. now deal with the consequences. be responsible for your work.

33. jstarfish ◴[13 Jul 18 00:18 UTC] No.17519660{4}[source]
By definition, they aren't though-- for the truly green, that extensive schooling comes from `npm/pip/gem install`ing random packages with implementations they don't understand or can't account for, then having to deal with the fallout in whatever form it chooses to manifest itself. Could be a maintainability nightmare, or it could be losing your job.

My advice to mentees is that if installing a package to achieve x saves (a significant amount of) time/money that outweighs the risks to self/company or has value added by means of product maturity or domain expertise, then by all means do not roll your own crypto, web framework, db connector or machine learning library. But if one is going to introduce dependencies on things as trivial as leftpad or someone's Show HN single-pass weekend hackathon proof-of-concept, they will soon learn why we don't bring toys to work.