In my unasked-for opinion, he should absolutely give up on this project, and take a salaried job that'll let him support his family and not have to deal with the entitlement issues and lack of perspective the community evidently has. If half of what's in this post is true, he's shown admirable restraint: I'd have burned it all down the first time someone got pissy about a free thing I gave them.
Yes. But I think it also shows a common misunderstanding of "open source" (and even "free software").
What he did was incredibly valuable to a huge number of successful people and corporations. But no one owes him anything. That's the point of open source. If they did owe him something, they wouldn't have used it. They used it because it was great, it was established/known, it was available with no strings attached whatsoever. Again, that's the point, that's why it's popular.
But also, he owes them nothing. He doesn't have to keep maintaining the most comprehensive, up-to-date, and flexible package, as a full-time job, for free. He could could have just stopped after his first couple years where it was an inherently fulfilling passion project, he could just put in a couple hours a week, whatever. People would make do, it would still be quite valuable for a lot of people for a long time. Or those other projects and companies would come up with an more up-to-date alternative when really needed.
You really don't have to be a martyr, and we don't have to "give up on open source" or whatever. You can just make stuff available that you wanted to do anyway. Sometimes it leads to bigger opportunities, sometimes (usually?) not. Don't slave away and sacrifice your personal life because of what you think you deserve if you do, that's not going to materialize that way.
Remember this is all stuff just offered up with NO WARRANTY, NOT EVEN FITNESS FOR PURPOSE etc. And in practice it's super super valuable that way. Even without you sacrificing yourself. Let companies spend the big bucks on it, just work on what's fun in your free time.
I think the disagreement here will continue indefinitely because it is a question of (personal and professional) ethics. Ethics doesn't necessarily offer easy answers, just sometimes hard questions. In every discussion like this on HN you see the direct conflict of several competing Ethical Frameworks that people choose to live by which is why the discussion will likely always recur and it will always seem like two or more teams talking past each other.
"What do we owe to each other?" is a massive, hard ethical question. It's not just an easy economic question with an answer of "well he did the work for free, so obviously it is priced at free" though many ethical frameworks, especially on HN, happily stop there. Some ethical frameworks, on the other hand, don't believe there is any such thing as "free labor", just "exploited labor" and find guilt in every bit of open source usage, expect some amount "owed" in backpay to eventually pay back. Some of those same ethical frameworks still feel that "open source" is an ideal, a community good, but also think that for the health of the community as a whole, some support needs to be given to individuals in that community when/where/as they need it, for the good of the whole, and that both things can be true: "open source creates good software" and "open source sometimes creates the conditions to exploit labor (and we owe it to ourselves to mitigate that)".
I can't tell anyone what their ethical framework should be, just that this discussion will likely remain an impasse because it is about personal and professional ethics. How much I feel that I owe the most exploited of the workers in our industry, is something that keeps me up at night sometimes, and that guilt doesn't come from "nowhere" and I'm well aware of the economics and the license agreements in play: that guilt comes from the ethical frameworks that I hold dear and am unlikely to waver on.
It's the nature of most types of volunteering work. If you sign up to be the conductor of your local choir, you have the same thing. People start expecting you to do stuff. If you're going to be in that role, as ploxiln says, you need to be OK with that part of it. You have to be OK with the thanklessness of the task, and you have to seek your rewards elsewhere. Still, I feel very sorry for zloirock, and I hope that he gets some kind of compensation for his work, at least enough to get his life back together.
> You have to be OK with the thanklessness of the task, and you have to seek your rewards elsewhere.
Is this really how we want the world to be? Someone who is trying to help needs to be ok with being treated badly? I can understand not being put on a pedestal, but I think a "thank you" and a bit of gratefulness is warranted by people actively being helped.
I am not saying either party is better than another but I do not wish to live in a world that people are order of magnitude less willing to donate to FOSS developers than people posting sexy photos online.
Edit: maybe I used wrong comparison. Most of the income of the photo publishers should be from sales (to unlock paywall of exclusive content), not many will donation.
The best way to do open source work is to consult or be employed and release open source stuff as part of your work. Otherwise it turns into politics, competition for money and popularity contest rather than product of passion. If you are as proficient as this guy you will find employers that do not mind open source work
Did he look though? Maybe he is not aware this is a possibility. Even if he cannot leave Russia there are likely russian companies that would pay him and be even happy if he contributes to OSS. I know Qiwi, Yandex publish and maintain packages
Yeah but if the statement is a guy like this could find something like this, then the answer is no. I think mostly because it's not entirely clear how to get such a job and how to do that job without handing over the reigns of your project to the company.
> Yeah but if the statement is a guy like this could find something like this, then the answer is no.
What? Why?
> I think mostly because it's not entirely clear how to get such a job
Same as any other job, by looking. Even I do something like that and I am not even close to corejs maintainer level
> reins
If you do this while working as independent contributor (popular in Russia) then it's not even a question, the company will not have any reins on whatever you do outside the contract. If you are employed then company may have the reins, but you will publish OSS while getting money and recognition for it, which is 80% of the formula.
The part where he spent the year 2020 in a russian slave labour prison might help explain his difficulty getting a job. Plus as a russian national living in russia, FAANG is not exactly knocking at his door.
I used FAANG as a shorthand for "big international tech companies that pay a lot". Glad to hear though that there are lots opportunites for tech folk in Russia to make good money.
> I used FAANG as a shorthand for "big international tech companies that pay a lot".
Uhh… Yes and that's my point? He could earn 50-100 USD per hour, which would get him a more than decent lifestyle in Russia. Why would someone pick between Lots Of Money and begging and not accept an alternative between that would allow him to keep doing OSS while feeding his family? This whole plea just doesn't compute with me.
> Glad to hear though that there are lots opportunites for tech folk in Russia to make good money.
It's not good money, it's just money to live okay. And it's not in Russia, it's everywhere. Internet, it did wonders.
you can't really compare volunteering at a local choir / local homeless canteen to big corporations taking advantage of open source projects (which is perfectly legit) and never ever feel like they should contribute more to make open source financially sustainable. There is a reason why major open source projects are backed by companies selling products or services based on the open source project itself.
If you don't want big corporations using your software, change the license. They are not "taking advantage" of Free/open software, they are using it, and don't owe the maintainer for it. It feels very entitled to me (a Free software enthusiast who wishes more authors chose GPL over BSD/MIT). As G.W. Bush said "Fool me once, shame on you. Fool me twice... I can't get fooled again"
For a while it was a trend for people to use userscripts to delete their old comments on various social media sites after a certain amount of time. I think this practice is unfair, because the user gets the benefits of participating in open conversation but tries not to pay the (IMO absolutely minuscule) costs in terms of privacy.
I see a lot of open source use the same way. Companies use open-source contributions but don't contribute back any of the value they receive. I'm strongly in favor of using strict GPL licensing or dual licensing for corporate and nonprofit use for every open source project. I know people like the MIT license so that people will use their projects, but fundamentally if you want open source to continue then open source contributions need to be enforced, because otherwise it doesn't happen
He's the maintainer of a major software library. Everyone who depends on his work does owe him gratitude and respect. They'd have to pay me big bucks to care enough to do what he did, so I respect him for doing it.
The open source community can be wild sometimes. Back when I was still maintainer and lead dev for Gaim (not Pidgin), I would occasionally get downright hateful people e-mailing me for not implementing whatever feature they thought needed to be implemented, or not getting it implemented quickly enough.
One guy managed to get ahold of my cell phone number somehow and called me at 4am to discuss "his ideas" with me for the project. I ended up having to change my number.
Thankfully 95% of the people I interacted with in the community were great and were great, but that other 5% was rough.
Old coworker of mine was/is(?) secretly the primary contributor to a a major console emulator. He revealed it to me only after working together for about 4 years.
He keeps it incognito because the vitriol his alias receives from impassioned members of the community makes him afraid of getting doxxed. He showed me some of them. I don't blame him.
Maintainers like Denis shouldn't be asking for donations, they should be sponsored the same way Nike sponsors athletes. If you're a burnt out open source maintainer or know someone who is, I'd love to talk to you. My job is to help create awareness about the issue with companies that depend on your package. I reached out to Denis because we all know he deserves better. Appreciate any leads you could additionally share with me.
Edit: I see you work for thanks.dev, which doesn't seem like it would cover the projects I mention below. I leave my original comment in case anyone else is interested in sponsoring the things I mention.
I'd like to find sponsors for a few non-web-related projects. In particular the Linux USB Gadgets userspace stack (libusbgx/gt/gadgetd/etc), a library for the Microsoft PST email format (libpst) and a tool for running linters/etc (check-all-the-things). Happy to chat about these over email.
Thanks Paul, yes I do work for thanks.dev & non-web-projects are on our roadmap. Let me know if you’d like to be a early pilot user when we’re ready for testing…
Your lack of empathy in favor of blind group hatred is a pretty solid example of one of humanity's worst traits.
However, I'm not going to return the favor by ignoring your personal context.
Is the reason you're denouncing core-js's maintainer because you, yourself, have been subject to particularly awful circumstances owing to Russia's war? Are you projecting on him because you've been hurt? What's your situation?
I'm just shocked at the reaction from the HN crowd in this post. The guy lives in the west but returns to Russia, then blames Ukraine for being invaded, actually kills a teen girl and writes shit about her in the very same post added to HN, and blames everyone around him for his situation. Yet HN loves him because he wrote a cool Javascript library. Blows my mind.
I didn't see any part of the post where he blamed Ukraine for being invaded. There was a passage where he stated he can't publicly support either side because he has friends (family?) on both sides, but that's all I read.
The manslaughter came as a shock, yes, and I think there's more to that story than he's telling us. He probably isn't a great human being.
None of that, however, is relevant to the fact that maintaining core-js in particular and FOSS in general is a thankless and awful job.
It's possible to support FOSS, and support remuneration for FOSS, without supporting specific individuals.
What's your reasoning for saying he's probably not a great human being? Assuming what he says is true. If he had no way of seeing that coming, how is that different from blaming / judging a train driver in any way for someone's suicide or going as far to as to say they killed them.
I'll admit it's conjecture based on limited data. However, the tone he takes when discussing the event seems accusatory towards the victims, rather than repentant or horrified, which is what I would expect.
I don't think it's particularly useful to expect that someone would react the same way you believe that you would, in all honesty.
This is like saying that you're not sad about your mother dying because you didn't immediately burst into tears. It's well understood that we all process grief differently and sometimes we even struggle or fail to process it.
So is it so unreasonable that one may process any notable or traumatic event differently? I can try to put myself in the shoes of someone who is sent to a gulag for 7 months under circumstances that appear to be unfair, and I can't imagine anything except how much it would fucking suck and how actually, I might have complicated feelings that range from anger to despair.
Whether I like this guy or not, or think he is a good guy or a bad guy, has absolutely no bearing on this. It's just not useful or helpful to police someone's reaction.
I agree that his tone could be better, but if this was really none of his fault (other than being at the wrong road at the wrong time), I could understand why he writes that way given the trouble it has caused him, significant time in prison, criminal record that he will never erase and debt that translated to US standards is way way higher than those 80k and it could end up way worse, too. Like of course, it's a tragedy what happened to the girl, I think a lot of people could relate to doing stupid things intoxicated when young, especially in countries where vodka consumption is high, I do not say that the tone is appropriate, but I could understand the place where he's coming from where the girls' irresponsible behaviour severely impacted his life, he is just quite angry. I wonder how many of the people in this comment section labeling him a killer (I don't say that you did) would speak with the same tone if they were put in the exact same situation given the lack of empathy with his situation.
He's Russian. He returned home, where he was born, where he has friends, multiple generations of family, decades of memories, and could hope to find some support when shrinking his life to fit in a smaller income. Moreover, he has stated that he'll leave if he can, if that's what is required to work on open-source.
While your argument is kinda bad, its also incorrect. They moved to russia before the current war. Also its their home country, the world isn't progressive enough that this isn't every immigrant's default choice.
Right, but it was after the invasion of Georgia, green men in Donetsk, and the annexation of Crimea? So 3 wars started in the span of 10 years and the guy returns because things are cheaper than in the west.
Well, I hope he enjoys his beloved home country now. He will have to stay there for quite a while.
Russia does so many bad things that by that argument all Russians should just move out. I dont know what point you are trying to make with the tweet, I have no context there.
The United States would have emptied itself out a long time ago if we followed the same rule, but somehow I don't think that's an outcome this guy feels is necessary, either.
What in that twitter thread makes you think he enjoys it? The fact that he does not share a certain political opinion? Is a political belief, or lack of it, enough to enjoy life in a country?
Ukraine. I can't leave, another country invaded mine unprovoked and they are killing my people so I kinda have to stay. I am looking forward to your argument why this makes me a bad person.
The point is that it DOESN’T make you a bad person. You’ve just argued the other side. A country is not its government, especially in oppressive undemocratic regimes like Russia. This is basic shit. I am utterly truly sorry for the unimaginable horrors which you are going through. I genuinely couldn’t begin to understand how this must be for you. I hope I never do. This doesn’t give you a blank cheque to jump online and foster divisiveness between two groups of people just because one of them has a fucked up government that can’t possibly be argued to be representing them.
Nike (or a more appropriate entity) wouldn't be able to sponsor him even if it wanted to, given how the ties with the Russian banks have now been severed. Another case for bitcoin, I guess?
> I'd have burned it all down the first time someone got pissy about a free thing I
Sadly this is the state of open source projects. People feeling entitled and doing nothing but complain. It's sad really because negative compacts often have a more lasting impact than positive ones.
From this article, Denis Pushkarev seems to be a remarkably principled developer in a horrible situation, and I admire his commitment to this project. Setting that aside, though, is anyone else alarmed that such a widely used project has exactly one maintainer who is able to push arbitrary changes without review? Especially one already in legal trouble and significant debt, unable to travel, for a project embedded in Fortune 500 e-commerce and (likely) intranet/administrative sites, with an extremely large surface area of used APIs where malicious minified code might easily go unnoticed and is highly difficult to audit?
I absolutely feel for his situation. Right now, the degree to which he could be threatened into allowing a malicious group to push changes in his name should not be taken lightly. Hopefully this article reaches the attention of some of the CISOs at companies who rely on the project, and a path towards a situation where multiple parties have visibility into release management can be explored. And honestly, such a solution might be the best thing to make Denis and his family less of a target.
(In the meantime, pin your core-js dependency, and track https://security.snyk.io/vuln/npm?search=core-js as well as npm audit. Arguably there should be an advisory category for known vulnerable maintenance situation - I'm not sure if such a registry exists. One might say that every open source project is vulnerable in some way, but there's nuance and splash radius to consider here, and core-js does not have much defense-in-depth at the moment.)
I remembered it as an article where a guy semi-jokingly claimed to have hacked most of the web through a supply-chain exploit and listed off a ton of clever things he did to evade all of the immediately obvious ways to notice that such a thing was happening. Pretty sure I saw it here on HN originally, but I couldn't come up with any search terms to find it in Google, Bing, DDG, HN Angolia search, etc.
The author said he updated the article, so if the link changed then maybe; however, I can tell you somebody definitely reposted it last night and it got almost 100 points. Too funny.
I assume you tried punching in keywords like “fake NPM package hack” or something like that?
Pretty much yeah, and no combination I could come up with brought up the article on the first few pages, mostly just infosec blogspam. Of course it might actually show up in searches now, since it's been on the HN front page in the last 24 hours.
Well. There is little doubt that he would be a good fit for at least a normal Engineer position in any of these companies. If they didn't hire him yet your guess as of why is as good as mine.
Edit: This was not meant to be read in a negative kind of way. I'd try to hire him if I had an open position to fit.
> Now I cannot leave Russia, because after the accident I have outstanding lawsuits in the amount of tens of thousands of dollars and I am forbidden to leave the country until they are paid off.
Interesting. I know a person who somehow emigrated from Russia last year with some debt and is paying it off. But perhaps there is some other condition I don't know about.
But anyway it would be more difficult to emigrate to another country long term with a criminal record, they always ask about it on visa applications. If I was more cynical I would think an evil government could use the carrot of forgiving his lawsuits in exchange for pushing some backdoors but I don't think this would go unnoticed
Very unfortunate situation to be in, though my sincere hate for reckless russian drivers I have seen a lot in my life makes it a bit difficult to sympathize.
> Especially one already in legal trouble and significant debt, unable to travel
... and living in a country involved in war, run by a regime for which respect for the rule of law is a "nice to have".
If I were in FSB, I'd be banging at this guy's door right now, and making his life as comfortable as I can. Imagine dropping an obfuscated killswitch on half the global web, that is Real Power right there; or silently siphoning out credentials from FAANG-level companies; or or or...
We are incredibly lucky that Herr Putin's henchmen are actually not very good.
In one of my previous jobs, my CTO asked me who I thought was the most important person in the company was. I wasn’t sure. He pointed to the lady who was responsible for entering and maintaining data, on which the entire business was built upon.
She was a quiet person, who did her job exceptionally well. Yet, most people didn’t know her or didn’t realize her importance. I am certain she wasn’t paid that well either.
Point being, nobody is going to reward you, unless you ask for it. I once spent 4 years at a job, I did my job well. Didn’t get a single dollar raise. I didn’t ask, nobody cared either. Most I got was some praise in team meetings once in a while.
The most disgusting part of the story is all hate and vitriol thrown at him. By people using his software for free, by people who are likely not even a tenth as good as he is - both as a person and as a programmer. All this in an industry with plenty of money. This is super depressing. I genuinely hope he gets to spend his future happy
You have to ask to the appropriate forum though, and that's what he got completely wrong. Getting npm to scream for help when a developer installs your package is equivalent to asking your peer for a raise.
I'd say that over 99.999% of the people who saw that message, created memes about it, etc.. did not have a corporate credit card and the power to use it at their discretion. If you want money from corps, THOSE are the guys you need to find and ask money from.
> I'd say that over 99.999% of the people who saw that message, created memes about it, etc.. did not have a corporate credit card and the power to use it at their discretion. If you want money from corps, THOSE are the guys you need to find and ask money from.
So he should be cold emailing netflix, airbnb, linkedin purchasing managers?
If you look at “real” non-profits, there are a couple of key things that are largely missing from Open Source fundraising today.
First is capital campaigns. A capital campaign is a campaign to raise a large amount of money towards a goal. E.g. “we need 3 million dollars by the end of the year for our building renovations.” Having a concrete target is more motivating that just asking for “whatever you can give” to “keep the lights on.”
Second is cultivating relationships with (large) individual donors. It makes sense to track people who have donated to you, send them thank you cards, and take the biggest donors out to lunch. Then when you need money and you’re running your capital campaign, you can ask previous donors for larger contributions. It’s not cold-emailing, because you have a previous relationship with your donors.
Today, open source funding looks more like begging with a sign—sitting in a prominent place and asking for a small amount of money from a lot of people. Nothing wrong with that, you can get enough to eat, but I’d like to see free and open source software try more sustainable and effective strategies.
I did some work like this back in the day, on the side while doing my normal software dev day job.
It's another acquired skill that you don't get just because you're an excellent programmer. On that basis, adding a donation prompt when installing the package is I think a valid attempt at solving the problem, but it's a solution coming from a developer mindset not a fundraiser mindset; if you code it they will come, all that.
If you had the capital you'd hire someone to help with this or find a suitable volunteer with a goal to making it paid.
What I'm really struggling with is how much this contrasts with the story for the developers of Dwarf Fortress, who don't get that same hate and vitro piled on them, and in fact, people throw money at them because they want the developers to have money. To the tune of like $9 million or something! Whereas this guy, pouring his heart into something useful and not for fun, gets all this hate shoveled his way?
I guarantee they got all kinds of hate and weirdness sent their way, too. Any game with a notable userbase does, including the commercial ones. Like, weird, personal, abusive shit from people who demonstrably (it's pretty clear from their "ideas") have no idea what they're talking about and evidently have unfortunate (for everyone else, anyway) amounts of free time on their hands.
And I don't just mean "you monetized this in a way I dislike" or "boo, DRM" or "you had dozens of game-breaking bugs at launch" or whatever, which, maybe don't be a dick about it, but at least I get why those things upset people and, especially in the last case, why they might get a bit entitled-seeming about it, since they did part with money—no, it's over the tiniest, most trivial stuff, including, often, things that are the way they are for a very good reason and would piss off 100x as many people if the abusive jerk got his (or her, I guess... but realistically, it's just about always a "his") way. But no, this minor thing is wrong so you're incompetent and any idiot could do better and [some names they somehow came up with, sometimes with disturbing accuracy] who worked on that part should be fired immediately. JFC. They'll spam you with this crap, on every channel they can.
And that's if you're not a woman prominent in the project. Then you get the creeper shit, too.
There's no possible way the DF devs haven't seen their fair share of that.
(though, sure, they were ultimately able to monetize it in a way that very few passion projects of that sort ever can, and certainly not utility open source libraries—that part of the story's way different)
My personal bias is that open source authors and maintainers don't owe anyone anything. They're making their code available to anyone for free, and it's on you if there's something you don't like about it. You can always fork it if you need to. Heck, you don't even have to use it. Write your own thing if something fundamentally bothers you about it.
And yet there's a large group of people who think they're somehow doing you a favor by using your open-source code, as opposed to the other way around. I've tried to talk to some of them, to try to get some idea of it. It typically boils down to either
1. I used and advocated for the project, making it more popular, and therefore they owe me.
2. Using an open-source library is an investment. I'm making a compromise by not writing it myself exactly how I want it. I'm attempting to do things their way, which in some ways is mentally harder than writing it to begin with, so when it changes radically or goes away, or they ask me for support, they have done me dirty. I deserve better.
3. #2, except they recognize that the author/maintainer doesn't owe them anything and hasn't acted maliciously, but they're still bummed that they either have to change things or fork the project and maintain it themselves. It's emotional rather than logical.
Of the three, I can kinda understand the last one, but I'll never agree with it.
People playing the game (Dwarf Fortress) chose to play it and likely enjoy it. Those who use core-js likely need to use it to solve some weird problems, likely occuring while they're working on something else.
Myself i hate working in JavaScript ecosystem and every few months, when i need to update one of my packages, something is broken. I appreciate every person that worked on libs that i use but i hate everyone of those packages.
I do understand that not a lot of people here really understand the sheer direness of his situation. He stuck in Russia because of unsettled problems regarding his conviction. He almost certainly cannot immigrate into most of the countries because of said conviction - to have a work permit one have to provide a certificate of good conduct. He is cut off most options to receive money from abroad and several means to receive support at all. He has a family to provide. The economy of Russia is increasingly deteriorating, the quality of life is following suit. His son will soon feel a taste of state fascist indoctrination, it starts in kindergarten now in Russia. While most commenters here feel sad, I feel an utter horror.
HN is a little bit more “filtered” place: on Reddit and Twitter there are enough people who hate him just for the sake of hatred. He is Russian - they call him “fascist”. He has a road accident - they are intentionally omitting a little detail that a victim was crawling the road at night.
I didn't know about the memes and Twitter jokes. Even after that post, people still try to blame him.
I’m pretty sure this situation will convince some developers to instantly stop maintaining their OSS projects - and the world deserves it.
I would understand some criticism or not politely worded bug reports (especially from young users), but hatred... All of this filth... Today I’ve been disappointed in developers a lot.
I really wish Denis to stop maintaining core-js and find a real job. Haters will get what they were fighting for, his family will get the money.
It's a misconception that people hate him for being rssian. It's more like people dislike finding a consistent genocide apologist who has been publicly supporting the mass murderers for many years. This is a systemic position of his. In his late post he suggests that the murdered Ukrainians are somehow the same as the ruscist rapists who killed them. In the past he was shifting the blame for the rssian fascist ethnical cleansing to Ukraine as well:
https://twitter.com/TheLarkInn/status/1625276917363646465.
This does correlate with the color of his passport but it's just that — a correlation. His actions speak louder than words. Encouraging people to send him money equals indirectly funding the genocidal maniacs. Don't fund the terrorists, it's as simple as that.
The post (I believe) was replacing the 'u' with an asterisk for some reason. In combination with HN's text formatter, a pair of asterisks will make everything between them italics. If that wasn't intended, it can result in some weird character omissions and formatting.
> The fighting continued, the civilians were dying, children as well as adults. OSCE statistics (2017-2020) showed that the number of civilian deaths in the occupied territories was almost twice as high as in the unoccupied territories. Another independent report from the International Crisis Group gives the following explanation: “The higher civilian casualty rate in non-government-controlled areas is due to the fact that these places are more urban and populous[…] Together, the numbers suggest that neither side is trying to hit civilians but also that combatants are not doing all they can to avoid collateral damage.”
> The death of the children should be addressed separately. “Why were you silent for eight years while children were killed in Donbas?” sounds as if Ukrainian army is shelling children. But OSCE suggest other causes of death: 87% of boys died because of being careless with explosives. In this context, the International Crisis Group also recalls Russian propaganda, for example, when “they announced that a Ukrainian drone strike had killed a five-year-old boy in a Donetsk suburb. In fact, the boy had died some 15km from the front, out of the Ukrainian drones’ range, possibly by setting off an unexploded shell he found in his yard.”
> According to the OSCE, mines and other unexploded armaments are the second most common cause of civilian casualties in Donbas after shelling with heavy weapons. The international crisis group criticizes Russian militants in this context: “Meanwhile, de facto officials tend to be unwilling to admit that shooting from positions in areas like the Donetsk suburbs can provoke return fire and lead to civilian deaths. They have baulked at suggestions that they move their troops to keep locals out of the line of fire.” The shelling from residential areas of the occupied territories was also reported by Bellingcat. On the other hand, the International Crisis Group blames Ukraine as well: “Public figures in government-controlled Ukraine sometimes overlook or minimise the problem of civilian casualties from live fire. Losses among civilians frequently do not make it into Ukrainian news reports, partly due to journalists’ lack of access to reliable sources in areas across the line; media tends to focus on the heroism of government troops.” It is possibly the only argument in favor of “eight years of silence” claim.
If you look at the casualty figures, the civilian deaths have been around two dozen per year for the last few years; half of those have been from mines and such. About half the remainder have been from active hostilities, e.g. shelling. Russia didn't start this war over six civilians a year dying from shelling in Donbas.
Ok, thanks for this info - it is unacceptable and below the lowest level from his side. For this I despise him.
Still, all the hatred and memes appeared _before_ the war, so it is an example for other OSS developers of what they will get for their hard work.
Again, I didn't mean that people hate him only because he is Russian. I meant that weak people will use every excuse they can find to blame him. Nationality, felony, bad accent, even his quotes about the war - all of that was not so important when people decided to use his work, but all of that they use now to bark with the pack.
> In November 2019, Denis Pushkarev, maintainer of the popular core-js library, lost an appeal to overturn an 18-month prison sentence imposed for driving his motorcycle into two pedestrians, killing one of them.
> His son will soon feel a taste of state fascist indoctrination, it starts in kindergarten now in Russia.
While I certainly don't know any specifics about what things are like in Russia, I suspect this is not so different from most other countries in the world. Here in America, children are made to pledge their allegiance to the flag of the US every morning with a hand over their heart. This is before they have any concept of what the words "pledge" and "allegiance" even mean.
Can you remind me when was the last time US waged a conquest war under the pretext that neighbor state has no sovereignty right because people there are not a real nation? And to strengthen that point killed tens of thousands of civilians?
Maybe not that exact pretext, but I can certainly point towards similar things done by the US military and intelligence agencies. Look at Iraq and "enhanced interrogation" in Guantanamo Bay. Go back a few more years, and we can observe cases where unethical experimentation was done on America's own citizens (e.g., MKUltra, the Tuskegee experiments, etc).
I would like you to do two things for me, please. First, find some materials describing mandatory out-of-curriculum patriotic classes, introduced September 2022 in schools in Russia. They call it something like "Important conversation" or "Talk about important things". It would be better if you get to it yourself, also I read about it in Russian and not sure which English sources to recommend.
Second, make sure that you are not engaged in a textbook case of whataboutism[0]. Then please tell me what you think of our conversation, concerning these two topics. Thank you!
My point here was that patriotic indoctrination of children is not out of the norm in any country. You may be right that Russia is exceptional in that regard, but you haven't shared any information in what way.
As an aside, I personally consider dismissing points as whataboutism to be an overly and unjustly used deflection in discussions. It's an easy word to throw around when meaningful hypocrisy is called out, for example. Or in the case when the argument itself specifically is about the non-exceptional nature of something, as in the current case. I would also remind you that it was you who had specifically requested examples of similar behaviors in the US. Dismissing the response as whataboutism when you specifically asked for it is a bit unfair.
In the end, I don't have strong opinions or insights to share on this subject. I just wanted to voice my issue with the characterization of my reply as whataboutism, but that itself is a tangential topic on a tangential topic of a tangential topic, so the discussion isn't really worth furthering here.
While Russain economics supposedly "deteriorating", it will be easy for him to found $5000 net a month job working as front-end developer, allowing to paying a mortgage for a pretty good flat and paying for private kindergarten.
Buying property in Russia right now is insanely bad investment. Quality of life includes access to customer goods (which are mostly imported, thus largely sanctioned) and medical care (which is heavily import-dependent too, and also prone to rapid brain drain).
i believe it only takes a national ID to cross the border into Armenia, where there is a flourishing Russian expat community full of IT experts but sure
He wouldn't pass customs check at the border, due to standing debts and/or after-sentence probation. You can only enter Armenia with national ID if you travel by flight - but the boarding will be denied for the same reason. Travel passport is probably frozen as well. The only country he can go to is Belarus - there is no border control. But to travel from Belarus he would be required to pass the same customs check. Moreover, travelling to Belarus would be a violation of probation terms.
I always heard people talk about how "open source is broken", but I'm honestly in shock after reading this.
Is this normal? That one guy can contribute code that is used on thousands of the top websites worldwide and not one of the numerous multi-billion dollar companies that use his code are even willing to donate an amount equivalent to an average developer's salary?
I mean, how is this that possible? It's not like when a company the size of Spotify uses core-js they just add it to their project without thinking. No, they know how important the project is. They know the effort involved in building and maintain a project like core-js. Yet they can't even throw the dude a few thousand dollars a year to say thanks?
Am I missing something here? Is the fact that he's Russian having an impact on the companies willing to offer him support?
It honestly seems insane to me that so many people are able to reach out with messages of hate for adding a donation message to free software, but only a handful of people / business would offer support.
I'd be willing to guess that the vast majority of applications (if not all) dependent on core-js are pulling it in as a transitive dependency of something else-- most via either a direct dependency on `@babel/preset-env` or indirect dependencies on the same through scaffolding projects like create-react-app.
That leaves core-js in a position where it's kind of invisible-- projects like Babel are very visible and pull in a decent chunk of cash via developer donations and corporate sponsorships. Core-js, on the other hand, isn't something most developers ever deal with directly-- if you don't go and dig through your dependency tree, you may never even know it's there. Until it starts making noise in your console on 'npm install', at least-- and then it looks indistinguishable from spam, from something you never even explicitly installed, no less.
>It's not like when a company the size of Spotify uses core-js they just add it to their project without thinking. No, they know how important the project is.
The devs at Spotify know how important that project is. But the people who control the money, middle and upper management, might now even know what Javascript is. Why would they spend money for something that's free? They're under pressure to cut costs anyway.
Throwing dollars at MS or Oracle, on the other hand, is nice for managers because you get service, accountability, responsibility, guarantees, and lawyers to talk to for that money. Money is paranoid. Open source can't give you that, it's always only one poor coder.
> Why would they spend money for something that's free? They're under pressure to cut costs anyway.
But isn't this like saying, "what's an AWS? Why do we need that thing?"
Is there really no one technical saying, "look we need to offer support to core-js because core-js is the software that ensures our website works for everyone using it".
And you're a large company who project depends on core-js (like Spotify) it just seems sensible to offer a little support to the project to ensure it continues to be well maintained, and also so if you need anything the maintainers will prioritise you.
Even if your only concern is money, then it probably pays to ensure your software works and isn't dependent on some guy in Russia continuing to make his life a living hell just so your product is functional.
It's a bit like 'whoever moves first loses', isn't it? So many big corpos who could pay, but if one would pay, it might be enough. So why should it be your corpo?
AWS provides an invoice structure that accountants understand how to navigate. Open Source mostly doesn't.
I know this is why some of the "contribution bundling" approaches seem to have good merit for big Enterprise that treat Open Source a bit like a "stock portfolio" and bundle a number of open source sponsorships into a single invoice that you can present to upper management as "IT says we need to pay this bill each month because it somehow helps keep all the software lights on" without needing to get into the specifics of which software does what or how much you rely on it (or the complexity of your dependency trees).
I've heard it's a priority for parts of GitHub to make such "automated open source sponsorship bundles" easier to sell to upper management and smarter in how they manage their funds for the good of the open source community and wish them luck in those endeavors.
The Node.JS library ecosystem (for better or worse) is modeled as small libraries which do only one thing, and often have dozens of dependencies. And those in turn, have their own dependencies.
So when you import a library, you're bringing in a lot of other libraries as well. Some large companies have stringent audits (for licenses etc), but most care (or are aware) only about the library they imported. core-js is probably a dependency for many others, and especially transpiler toolchains which are common in JS.
I completely understand this reasoning for smaller companies, but a company like Spotify will care deeply about the dependencies in their project. Just because core-js is a dependency of a dependency simply doesn't matter and if anything, makes it even more essential. Unless they're extremely incompetent, any 3rd party code that's to be deployed to their entire user base is presumably being reviewed in detail.
And I guess I'm not even sure I buy the argument that most developers don't know about core-js. I know I'd be extremely concerned if I was hiring an experienced frontend dev who didn't know what core-js was. Anyone who's thought about browser capability before should have had to think about polyfills, and naturally their use of core-js. It also comes up a lot when trying to optimise bundle size given the size of core-js.
> That one guy can contribute code that is used on thousands of the top websites worldwide and not one of the numerous multi-billion dollar companies that use his code are even willing to donate an amount equivalent to an average developer's salary?
Well, every multi-billion-dollar company has a mechanism for paying for commercial software. If they need Windows or Photoshop or Solidworks they're more than happy to pay the asking price.
The problem with open source software is the asking price is zero.
Most multi-billion-dollar companies also engage in some charitable giving. They probably use their entire charity budget every year - maybe they're supporting food banks, or earthquake victims, or cancer research.
But getting the Russian polyfill guy out of jail probably isn't a registered charity. And even if it was - there's a lot of charities out there.
Some multi-billion-dollar companies have budgets to sponsor open source projects. Apple, Microsoft, Google and others donate >$125k/year to the Apache foundation, for example [1].
But that money is spread very thinly - how many developers do you think contributed to, say, a basic Ubuntu installation? And plenty of companies don't budget for this at all.
Some open source projects use options like 'dual licensing' where you have to pay to use them in closed source projects (Qt, for example) or offer support contracts or paid add-on products (Ubuntu Pro, for example)
But it's not like Qt are rolling in cash - or that the community had any great love for Ubuntu Pro.
As you'll note, all these options sound a lot more difficult than just getting a job at one of these big corporations.
The problem that a lot of people don't get is that corporations can't just donate money to things like that to be nice. They have accounting and legal obligations, they can't just throw money around for funsies. If you phrase things their way, like selling them a product on contract, you can easily get tens of thousands from them. But a "please donate" link on your site won't get anything.
It's definitely time for him to let this project go, working on it is a literally thankless task and the level of entitlement shown towards his work has been infuriating to watch. The outrage towards him daring to ask the community for help, something done in an act of desperation, is a real wake up call for open source maintainers - the community doesn't give a fuck about you, they want your code and they want it free.
The psychological burden of carrying such an important but relatively unknown project has trapped him in this state of desperation for years now. It's tunnel vision and sunk loss thinking, time to quit.
Agreed, but I think it goes beyond tunnel vision and sunk costs. He clearly likes helping developers! He is a good-hearted person who will feel bad screwing over a bunch of people who depend upon him. The main thing that's getting him to shift is that now he has a spouse and a child who depend upon him much more directly, and so he's even less willing to disappoint them.
I mean, that part isn't really surprising or noteworthy. Lots of people in russian prison don't deserve to be there (the ones detained on protests, political cases etc).
The court documents on that case are publicly available if you're willing to look for them (and can read Russian). I haven't read everything, but I didn't see anything contradicting his side of the story.
he said he was "driving home at 3am," you know, as one does, and two girls were "crawling on the highway." i am honestly not sure i've ever heard a less believable story
I have been driving home after midnight, coming from my where my parents live, a long distance away, and encountered a man who had climbed up into the elevated highway. It was straight and well-lit, but the best I could make out was that he was running at cars wielding a cardboard box (?). I began to decelerate and moved into the lane furthest from him, at the time, and after another car in front of me passed him, he moved into my lane. I'm still braking to slow down, and I change lanes to avoid him again, swerving and praying the lights in my rear view are slowing too and don't hit me as I try to avoid this man.
As I pass him, I manage to be one lane to his left, and he makes a lunge to try and jump in front of my vehicle. With some frequency, to this day I wonder how fucked I would have been if he succeeded in jumping in front of my car. The story I tell myself is that he was mentally unwell and thought he was heroically "tilting at windmills". It is more likely he was belligerently drunk, or was suicidal and wanted some help in it.
I don't know what makes something believable or unbelievable in your mind, but these are the details of an almost-incident that happened to me.
I have a friend who went through almost exactly the same driving event as this guy. Hit a man wearing all black on a country road at 1AM. Could have driven away but called 911, rendered first aid, and stayed through the ordeal. He also ended up spending several years in US prison for it.
Russia does not have a "justice system" in the way that we would understand it in the West. Instead it has (and indeed, always had) a system of patronage and bribery, where your status within the system determines your sentence. If you are an oligarch, or the son of an oligarch, you will walk free, unless you cross Putin. If you are a nobody, you pay off the right people or you go to prison or end up freezing to death in a foxhole in the Donbass (Wagner recruits directly from prison, just as Stalin emptied the gulags for his cannon-fodder in WWII).
That's just how Russia is and always has been, and unfortunately, very likely always will be.
Is Denis guilty? Perhaps, but he will not have had a fair trial by any Western standard, and so we have to presume innocence.
> the community doesn't give a fuck about you, they want your code and they want it free
This is why I'm skeptical about non-free software licenses. Maybe we should all be applying AGPLv3 to our free software code instead of stuff like MIT or BSD. That way anyone who just wants to exploit people's work at their jobs to make a killing while simultaneously hating them for it will have to look elsewhere.
Nobody actually follows the philosophy of "you take, and give as you can"
As the article mentions, nobody else contributed to corejs in a meaningful way. Everyone takes, but nobody gives. This is called tragedy of the commons, and it is a well-known problem in economics
Pretty easy to say when you’re not the guy stressing out about paying bills while six-figure earners whose jobs are made significantly easier because of you trash you.
I generally agree with the idea that nobody owes anyone else anything, but in this case, I think he should’ve been let it all burn to the ground — maybe then the ingrates would be able to understand how critical his library is.
Babel has four paid developers, an almost $200k/year budget and hundreds of contributors. I'm sure that's enough to maintain the polyfills, if someone else wasn't already doing it for free - not to throw shade on them, but that's reality (not one I particularly like).
I do agree with that second statement. It is unfortunate that he got into this situation, but there is absolutely no reason to continue if it's not working out. He has the choice to go make six figures too, and doesn't owe anyone maintaining this library either.
If you would have read the article, you would have seen the image from a Babel maintainer saying they won't fork because they don't have the resources to maintain it.
If the coreJS maintainer stops working on it and it bitrots for a year or two, maybe the babel people will magically find the manpower to maintain it then. As it stands, why should they spend their time maintaining a fork of a project that is still maintained and in good shape?
Yeah, maybe. Or maybe the current subject matter expert that’s been pouring thousands of hours into this project should be funded by the billion dollar companies that rely on him, same as what’s happened to the projects at the top of the ecosystem.
> Or maybe the current subject matter expert that’s been pouring thousands of hours into this project should be funded by the billion dollar companies that rely on him
Ideally yes, but as we've seen time after time, charity as a business model doesn't work with corporations. I think the coreJS maintainer would be fully justified to take another job, and then work on coreJS as a hobby as much or as little as he likes. Nobody needs to martyr themselves so that a bunch of billion dollar advertising companies can save a buck.
Maybe in the future we decide to finance core open source projects as public infrastructure through taxes, or those billion dollar corps set up some kind of foundation to fund them, but for now the whole situation is highly dysfunctional and one cannot blame maintainers who put the financial interests of themselves and their family ahead of producing open source.
Of course they won't volunteer to maintain a massive project that they depend on, when someone else is already doing the work.
But you can bet the minute core-js goes away, the community will pull together to maintain or create something new, purely out of necessity - that's the main motivator. Hopefully with a more distributed model that doesn't overload a single person.
A long post, but the final paragraphs sum up both the problem and the ask:
"This was the last attempt to keep core-js as a free open-source project with a proper quality and functionality level. It was the last attempt to convey that there are real people on the other side of open-source with families to feed and problems to solve.
If you or your company use core-js in one way or another and are interested in the quality of your supply chain, support the project."
This is not the type of FOSS ecosystem that Stallman wanted to achieve; it's the ecosystem that big business wants: people work for free and profits multiply and accumulate at the top. That is what MIT licensing fosters. If you want a different world, use a different license model.
Unfortunately, the JS world is effectively built on freeloading, so any licensing restriction is seen as a capital sin against "the community" of temporarily-embarrassed-FAANGs. Meanwhile, actual FAANGs laugh all the way to the tax-haven-based bank, and the lone guy in Nebraska/Russia continues to starve.
Completely agree. I think I'm going to start using the AGPLv3 for everything from now on. It's not like I'm making anything so critical as this core-js library but still.
This old post's made a huge impression on me but it never really sank in until today:
He should 100% try to find regular sustainable work somewhere instead of working on this project.
Secondarily, find a lawyer to write up a contract for $80/hr for companies to sign and have him do work on core-js when they need an update or a feature. He can give an estimate on hours, send them a contract, get it signed and have the work done. If the people asking for feature requests and updates don't want to pay, then that's fine, it doesn't need to get done.
AFAIK: technically only a limited amount of companies and people are sanctioned, but the sanction list includes most if not all Russian banks... So I think Patreon, etc, or their banks would be scared about transferring money to his bank account.
I wonder if external banking is possible: a Russian goes to a supermarket in Russia, he buys food, he pays by transferring money from his e.g. Swiss bank account to the supermarket owner's Swiss bank account. The supermarket owner wins because s/he basically managed to trade local goods for foreign currency (the Ruble is on shaky ground), the customer wins because he gets to eat.
I think I remember paying for a hotel in Russia using PayPal but transferring the money to a German bank account of the hotel owner's cousin or something...
Only a small fraction of russians needs to pay online for foreign stuff. Besides that, UnionPay cards are available, you can use them to withdraw money in most countries and shop online sometimes
I’m very sorry for the guy. He really should focus on his family well being.
Open source is not feeding of the poor nor helping victims of crime. People give it too much emotional weight and think that it’s important for the whole human kind. But it’s not. It’s just some nice to have utility. And, to be honest, it’s not the OS as it used to be. Now it’s mostly big corps wanting some internet fame or free labor or companies wanting to use your software for free. If you do it for fame or better job, sure, try your luck. But don’t base your income on it. It has almost never worked.
I wish you all the best Denis. Hope it all ends good for you. Please don’t feel sorry if you abandon the project. You gave people something good and don’t owe them anything. And don’t be worried, no one will suffer if you do it. It might sound harsh, bit it’s also relieving. You are not responsible for internet people inconvenience.
Please, if you are capable of doing development at this level, take the high-paying job, save for a decade, and get FI. Then you can work on OSS 120 hours a week if you like.
I contribute what amounts to a few euros a month to a few open source projects. I do these because these projects have significantly helped my career and added to my personal enjoyment. Perhaps not much in the grand scheme of things, but I feel I owe at least that much, especially if I'm not able to help in other ways (PRs for example).
However, when I've asked employers to do the same - just throw what to them is would be tax-deductible chump change at some projects that have helped them make fortunes - there's lot of muttering and foot-dragging. More trouble than it's worth to do the paperwork, apparently.
So we end up in a ludicrous situation where essential software, used by companies with revenues in the billions, depend on a single, relatively impoverished and stressed out developer toiling in obscurity. Google or Facebook or Microsoft could, for what amounts to a rounding error, have just put him on an annual salary or grant.
I understand and expect most of the comments here would be about the state of open source, and I know we of course, by definition, are only getting one side of the story, and I also know that no country is perfect.
But holy shit, I had immense sadness and sympathy for his legal woes and the fact that he was imprisoned. Again, obviously the US is no panacea when it comes to incarceration, but holy shit, first thing I was screaming was "GTFO of Russia!" The entire legal system there is now basically one man's corrupt enterprise.
He was imprisoned because he hit pedestrians and one died. I don't know about you, but the way I drive I wouldn't hit pedestrians if they were laying in the road, maybe if they ran out in front of me. It doesn't sound like he has any sympathy for killing a woman at all, so the "woe is me I'm not a governor's son so I went to jail when others wouldn't have" is distasteful at best.
I live in the middle of a medium sized city in the UK, and drive late at night a couple of times a year for various reasons (day out in another city, late gig, visiting friends, etc). On pretty much every artery road here, if someone was sitting in the middle of the road and I was travelling at 60mph, there's absolutely no chance whatsoever that I would see them. For example, see [0] - this is a major road within a few miles of Edinburgh that is completely unlit with a sidewalk/pavement on one side.
I drive in Edinburgh all the time. Not a single time have I ever driven where I couldn't either see what was up a head, or where my headlights didn't illuminate far enough out that I could not perform a safety stop. If that means you have to drive at 40 on an unlit national road instead of 60, then you drive at 40.
There simply is no excuse where "I didn't see them" is acceptable unless they literally run out into the road, or appear from behind a blind corner (and you should slow down around blind corners anyway for this reason).
I've never once been in an accident, I have seen plenty of bad drivers around Edinburgh. The limit is not a target, but a legal maximum. You drive to your conditions.
Anything else is just blaming the dead manslaughter victim. Which the author seems to do, or at least has zero sympathy for killing a woman and is salty at the "idiot laws" that put him in jail for ending someone else's life.
There is a difference. He hit them on a crosswalk, not in the middle of nowhere. While not totally blaming zloirock, I don't understand why a driver shouldn't be punished for killing a pedestrian on a crosswalk.
There are court documents detailing the case available online, and zloirock himself admits it in GitHub comments after being pointed at it (although his tone is somewhat passive-aggressive):
> and where did I write that it was not in the zone of action of the pedestrian crossing sign?
There is also no reliable information whether the accident happened inside a city or on a highway, but multiple witnesses are mentioned, and I doubt that there are many people on highways at 3 AM.
You drive to your conditions, there's no excuse. If you are driving so fast at night that your lights don't illuminate enough ahead to perform a safety stop then you are driving too fast.
It's astounding that anyone defends this person for the manslaughter, and blames the women he harmed, and the completely lack of empathy... "deadly drunk", one of them is now, because of the author.
Yeah no-one drives on a highway to conditions where there might be a human laying on the road waiting to be killed. Even self driving cars killed people in better conditions (person was walking on highway not laying there).
This is such a depressing post about the sad state of open source. I can't imagine continuing to maintain the package after what happened.
I want to encourage zloirock to forget about this and move on. I think it would be best for him to take a good paid job, live with his family and enjoy a vacation.
> This is such a depressing post about the sad state of open source.
But it's also a depressing post about the sad state of single source. I work in a portion of the software world that interacts with real world widgets, 5 factory buildings are right next to mine. "Single source" is a cuss word around here. We do everything we can to avoid it. I think it's awesome what this guy has done; terrible that it's just one guy. A whole aspect of open source was that it shouldn't become reliant on a single source like this. It's supposed to leverage the gestalt of cooperation. I agree with you, it really is too bad.
I wrote this sentiment earlier[1], but I'll repeat it here.
If a dev wants money for his work, he should license his work as appropriate and demand payments. If a dev releases his work free-as-in-libre and/or free-as-in-beer, they don't get to complain if the donations are "insufficient".
Or to put it another: Of course a company won't pay up if they don't have to.
This guy seems to be considering making his work into a commercial product, so at least he has the correct idea. Speaking objectively I hope it works out for him.
> If a dev releases his work free-as-in-libre and/or free-as-in-beer, they don't get to complain if the donations are "insufficient".
Of course they get to complain. Complaining and doing nothing to change the situation is what's problematic.
Doing work without reward, even if you did not expect any in the first place, can be soul-sucking, and it is totally normal to complain about it.
You don't do FOSS for the recognition/glory, but complaining about the hatred, hypocrisy, and complete lack of respect of the industry towards FOSS is normal.
The backlash he got after he "dared" ask for help was completely uncalled for. I'd even say this, it's the user who does not get to complain, let's remind everyone of what most FOSS licenses include:
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
You get a message during `npm install` from the dev asking for funding and a job? Tough shit, you don't get to complain because you're not paying him.
No, they don't. They specifically waived any compensation by licensing their work for free-as-in-libre and/or free-as-in-beer. If they want to have social and legal standing to complain, they should have demanded compensation upfront.
>You don't do FOSS for the recognition/glory, but complaining about the hatred, hypocrisy, and complete lack of respect of the industry towards FOSS is normal.
FOSS doesn't ask for money. -> Users proceed to pay no money, because why would they? -> FOSS is pissed they don't get money.
This whole saga is hypocritical on FOSS's part. If devs want money they should demand money with appropriate licensing. It really isn't hard, it's dead simple.
Users and companies are happy to pay up if you can get them to sign the contract.
>I'd even say this, it's the user who does not get to complain, ... You get a message during `npm install` from the dev asking for funding and a job? Tough shit, you don't get to complain because you're not paying him.
Absolutely. Users don't get to complain about something they got for free.
And to echo the top reply to your original comment, nope you don’t get to decide to for everyone.
I personally think that releasing free software and then complaining that the multibillionaire (trillionaire?) companies that rely on it refuse to fund you even after you’ve expressly asked for it is perfectly justified.
Okay, and now half the devs simply decide to not deal with the issue of licensing and just business source everything. Congrats, that's definitely the better world to code in, right?
Yeah, I saw that victim-blaming take last time and I still say it's bunk. They do get to complain.
It would be a better world if this guy could just be building his extremely useful package and making a modest living. We are not in that world yet, but we will never get there if people can't talk about problems. I understand this can be a shock to free-market fundamentalists, but not every issue is best solved through capitalism. Forcing an excellent developer to become a probably-mediocre startup CEO is not a clear step forward here.
So I'm grateful to him speaking up. If you don't want to hear it, maybe exercise your freedom to stop reading articles like this.
> If a dev wants money for his work, he should license his work as appropriate and demand payments. If a dev releases his work free-as-in-libre and/or free-as-in-beer, they don't get to complain if the donations are "insufficient".
The author might still do it (it's one of his options) but please note that proprietary core libraries (and proprietary software in general) are immensely less useful than open source software. The value proposition of core-js is that it's a basic piece of infrastructure that other open source projects build upon, and if it were proprietary, no OSS could depend on it.
The problem is that as soon as he turns this into a billable enterprise solution it will artificially inflate the price. He’s giving all the people who depend on this project a chance to get it at a discount.
So long as compensations are optional (note: donations are voluntary, aka optional), most users/companies are not going to give monies. That's just how society rolls, to say nothing of the professional business world subset.
This sort of thing highlights that FOSS isn't even close to free, ever.
If we were to compute the developer hours invested in a project like Linux we would easily determine it likely is the most expensive software project in history. The cost of the time is borne by individual developers, companies and universities, all of whom require some form of financial support in order to do so. Or, at the individual level, starve and not have a life (unless wealthy and the work is a hobby).
Denis Pushkarev, CoreJS's developer, abandon this project and move on. The list of large companies benefiting from his work who have not moved a finger to make sure he is able to continue working on this while supporting a family with dignity is massive.
Short list of notable companies from the screen grab:
baidu.com
amazon.com
yahoo.com
microsoft.com
taobao.com
openai.com
instagram.com
twitter.com Elon: Give this man a job!
weibo.com
reddit.com
twitch.tv
zoom.us
aliexpress.com
adobe.com
patreon.com
pinterest.com
etc.
Yeah, this is silly. Move on. Immediately. The people who care do not care enough to help or support you.
Denis, if you are reading this:
DO NOT FEEL BAD ABOUT DISCONNECTING FROM THIS PROJECT! THESE PEOPLE DO NOT VALUE YOUR WORK. MOVE ON. IMMEDIATELY.
> The recipient's mailbox is full and can't accept messages now. Please try resending your message later, or contact the recipient directly.
I hope he is getting the help he deserves (I dropped a message on twitter after seeing this)
The messages he received are so vile, why would someone attach their name to something like that? I personally would immediately avoid employing anyone who posted like that, doubly-so in a semi-professional space like Github.
I can sympathize with the author's troubles, and wish he finds a well-paid position that still allows him to work on OSS.
That said, the idea that companies would pay for a JS library that is patching browser support is wild. Practically nobody pays for JS modules except for very specific niches (e.g. a charting library) or product/technical support. Especially when it's an indirect dependency of tools you use. Maybe Babel could pull off having a paid tier, but that's already a stretch, as there is still a lot more software up the chain. There are many commercial ideas in the JS ecosystem worth pursuing, but this doesn't look like one of them.
Projects like Babel, ESLint, Rollup etc get significant funding from corporations, but these are the very top of the food chain, and even then the amounts are still barely enough to pay for full-time dev salaries at market rate. It's just not a model that works.
There is also no particular reason these hundreds of polyfills have to be maintained by a single person, and kept in one central package. The maintenance overhead is massive. Any project using this as part of their core offering, like Babel, would certainly be able to keep up with a bunch of smaller modules, and deal with churn.
Finally, the reach and numbers are very impressive, but I'm afraid they are an artifact of building a monolithic package, more than a reflection of the value companies might attach to it. If core-js stopped being maintained today, it would hurt momentarily, but there are hundreds if not thousands of people who will step in to fill the void. There is no reason to sacrifice your personal well-being for a project that is not bringing you happiness.
The idea that they _don't_ pay for it is wild, honestly. There's no FOSS equivalent in so many other industries - they pay for every part of their supply chain and yet still somehow make a profit. You can't open a hotdog stand and use "FOSS hotdogs".
The whole point of the post is that the FOSS model doesn't work and that sucks. I don't know what the answer to that is, and neither does he, but the answer certainly isn't "oh well."
Also, I feel you should read or reread the article - he explicitly responds to your last two paragraphs in there. Babel specifically has said they're not interested in doing the work that core-js is doing, and there are clearly _not_ thousands of people willing to step in and fill the void of core-js. They've had many opportunities before, including when everyone hated him for asking for financial support and the web seemingly united against him, and when he was stuck in prison for months, not maintaining anything. And yet core-js is still there at the forefront, because of the passion and his willingness to put up with too much abuse.
But who said the FOSS model doesn't work? It's been working for decades. Having a well-paid, full-time job as an OSS maintainer is what doesn't work - it's the equivalent of becoming a celebrity, not achievable for 99% regardless of effort.
But seriously, depends on your definition of "works". It works for large companies, doesn't seem to work for anyone else. It seems the only opensource that "works" is when large companies are nice enough to open source and maintain something that is accidentally useful to someone else (IE, never the crown jewels obviously) otherwise you mostly hear stories of harassment and burn out.
> - The idea that companies would pay for a JS library that is patching browser support is wild.
Companies make more money by having their websites work in older browsers. If it wasn't for core-js, they would be paying developer time to write polyfills or compile and maintain them from various other single polyfill packages. Surely if they are willing to pay developers to do this in return for increased profits they would also be willing to pay someone else to do it, just as businesses outsource all kinds of tasks.
Yes, they would be paying for developers' time, and most likely never notice the difference.
The value added doesn't automatically translate into a viable model where that money ends up in the library author's hands. Companies sponsor projects for exposure, street cred, or pay for commercial features and support. They will not hand out the realized savings out of goodwill.
That's what I thought until I read the entire post and got to the part about duplicate polyfills due to the whole dependency mess. At that point I would give up on maintaining such a project.
Not exactly. 3.4 BTC received. Depending on when the donations were made it could be more or less than $73000.
Though it does look like he held ~1 BTC until Nov 2020 and then transferred it out. So it's possible he's actually received roughly the equivalent of $73000 USD from those donations
I was trying to check if my transaction went through, but then I started to wonder if I should fact check him on his claim that he didn’t have 80k usd to evade prison sentence.
But to answer your question - years of work for such a widely used project should be compensated more in my opinion. An engineer at google with similar skill will make 2-5x, maybe 10x as much.
Well, this just proves unless you are willing to actually walk away you pretty much have zero leverage. I think he should have quit on the project long time ago to either have forced the big Co's to fund him or let someone else to take over. It's just what it is. The Github project in itself should provide him though with good prospects to get a good software engineer job.
I myself have as well restrained from working on / releasing certain projects because I know it would just bring me more hassle than benefit even if people did use them. World doesn't work on charity, sadly. But if you need the thing you build yourself as well, it shouldn't be that bad as long as you know to set your boundaries for what you're willing to do.
This is an industry with so much more money than it knows what to do with, and yet critical software rots for the want of a few thousand dollars here and there.
It really angers me that he, of all folks, struggled to raise even a percentage of $80K while I personally know FAANG engineers who got $50K+ in signing bonuses alone.
The top 100 companies who depend on this software should be slinging millions at this guy.
That's my simple ethics take on it. The value created is that large at least. The amount of money he saved them in dev time.
"Then he should license it as xyzsksudhsj, he should have released it as a commercial product, he should have put on a tie and pulled himself up by his bootstraps" no. Highly unlikely the tool would have become as useful as it as, or as widespread and thus a source of truth (and a guiding force in the world of web standards). That's victim blaming.
It's time for the top 100 companies to pony up, straight up. They don't "have to..." until the outrage gets high enough, until the internal pressure gets large enough.
So we should all do our part and start sending emails up the chain, start the conversation, start being a little annoying.
> Shit happened 3 weeks after the core-js@3 release. One April night, at 3 AM, I was driving home. Two deadly drunk 18-years-old girls in dark clothes decided somehow to crawl across a poorly lit highway - one of them lay down on the road, another sat down and dragged the first, but not from the road - directly under my wheels. That's what the witnesses said. I had no any chance to see them. One more witness said that before the accident they were just jokingly fighting on the road. Nothing unusual, it's Russia. One of them died and another girl went to a hospital. However, even in this case, according to Russian arbitrage practice, if the driver is not a son of a deputy or someone like that, he almost always will be found guilty - he should see and anticipate everything, and a pedestrian owes nothing to anyone. I could end up in prison for a long time, IIRC later the prosecutor requested 7 years.
> The only way not to end up in prison was reconciliation with "victims" - a standard practice after such accidents - and a good lawyer. Within a few weeks after the accident, I received financial claims totaling about 80 thousand dollars at the exchange rate at that time from "victims'" relatives. A significant amount of money was also needed for a lawyer.
I don't know the full details but this is incredibly sad. It must be a lot to have killed someone and then spent 18 months in prison. And he is still maintaining this library used by over 19 million repos full-time. Even though some of zloirock's actions have been rude and combative, I think he deserves sympathy.
This was right before the "author of core-js is looking for a good job :-)" debacle, I think if more people realized the full context they would've been more sympathetic. Or even if it happened today, when more people seem to realize the importance of funding open-source. Fortunately he is out of jail now, I hope he finally gets a decent amount of funding and everyone can move on.
> I don’t wanna say many words about prison and I have no great desire remembering this. It was slave labor at a chemical factory where my health was significantly ruined and where I 24/7 had a great time in a company of drug dealers, thieves, and killers..
This story is one of the reasons why I don't understand why people are so enamored with FOSS. The entire ecosystem is a gigantic free-rider problem. If you cannot exlude people from using your software despite the fact that they don't pay, you're not capturing the value you provide. The result is, in line with econ 101, undersupply and lack of investment.
It's not just the author but this is how many free software projects look. People living on 1800 bucks a month providing millions in value to billion dollar companies. Completely bizarre status quo.
Imo zloirock should work for himself and get rid of the core-js project (or make it least of his priorities). It's a liability to him at this point, just making himself look like a fool desperate for handouts.
His freedom is on the line and not one company seems to care.
If the open source community turns its back at you, turn your back at them.
Irritates me that some FAANG isn't just paying this, but they are not. He wants $80 an hour, so I've set up a monthly contribution for that much. If you can afford it, I'd strongly encourage you to do the same.
The actual details of the killings he committed are different to what he claims. The girls were on a pedestrian crossing and he ploughed through them anyway. I have no sympathy for this guy and I hope he gets what is coming to him.
Reminds me of that other guy who flashed his penis at children multiple times over many years and then expected us all to feel sorry for him and give him advice.
Both of these abusive criminal scum can fuck off, I hope they rope themselves.
https://words.filippo.io/full-time-maintainer/ represents an attempt to find a sustainable answer to some parts of this issue. I'm not sure whether it's appropriate to attempt that model wholesale in your particular case, but it may be worth reaching out to Filippo for a conversation.
That was an interesting writeup and I hope Mr. Valsorda succeeds in this; certainly funding paths for bottom of the stack open source code is sorely needed.
However, I don't really think the coreJS maintainer is in a position to do an experiment like this. He should focus on getting a well paid job so he can support himself and his family, pay off the damages he owes, and GTFO of Russia before he's drafted for cannon fodder in Ukraine. Then build up a comfortable buffer, and only then, if he still feels like it and coreJS is still relevant in the world, does he have the financial security that would allow him to do such an experiment.
He should close access to his repo immediately and try to get paying job. Anyone wants access, help, new version - pay money. It is very depressing reading his story. Feel almost like: do no good for humanity as you will get punished for it.
BTW: Zloirock is a transliteration, translates as bad karma, evil fate, bad luck etc.
Sorry but no. This is poor planning of life in general. I know you should be earning more but why bet your life and your family's life on an open source project? To "make the web a better place"?
Go for the best paid position you can go and do open source work in your spare time if you can't help yourself. Don't risk the comfort of your family for this stuff. It's not the first time I hear people complain about OSS; why don't we learn? Esp since we have kids, problems with the law, ilnesses or whatnot.
This guy should make a pro version, you want the absolute latest pollyfills, you have to be a paid supporter of the project. Otherwise your polyfills lag a year behind.
I'm pretty sure a bunch of people on HN were complaining about this exact postinstall notice when it was set up. People saying "it's his right" were the downvoted minority.
This wide usage of core-js comes from being used by some very widely used libraries. Most developers don't install core-js directly. It always comes as an indirect dependency through other projects like babel, so if he wants to work full-time on OSS and earn good money, he should maybe look at becoming a member of Babel or a similar funded OSS project.
Here's simple solution: create a product and sell it for money. Seriously. Stop giving stuff away for free.
EDIT: let me elaborate.
Writing open source is not a business strategy. At best, it's a gimmick, or outsourcing infrastructure maintenance to the public.
What you should do is the following:
1) Project authority.
This is easy. You are the creator and maintainer of a critical piece of infrastructure. You are THE EXPERT!
2) Project non-neediness
None of this "guys I'm struggling here". People should come to you because you have value to provide, not because they pity you.
3) Value proposition
Create a compelling value proposition where you get money in exchange for something.
That something could be a product, a subscription, a consultation service, or something else. The possibilities are endless.
You are a smart person. If you dedicate a week or two you can figure this out.
I don't know many people who are successfully making money from open source. I only know of Zig. Here's what Andrew Kelly did:
- He projects authority. You can watch him programming live. He has many live streams and talks.
- He does not project neediness. He talks frankly about his finances but none of this "omg you guys are so thankless for all my work". It's more like: hey guys, I'm working on this, if you are interested in this and would like it to continue, consider donating.
- He did the drudge work of setting up a non-profit foundation to receive the donations
- He got help from people: he doesn't run everything, he doesn't code everything. There are several people working in the Zig Foundation.
Now, I don't think you can do this with core-js. It's already pretty mature and any donation you get is basically going to come out of pity. You don't want to be in this situation.
That's why I think it's better for you to create a consultancy and provide some kind of service where people are compelled to pay you money because you are just so valuable.
My man, there are people out there making over $10k/mo from things like "copywriting" a few emails a month for a few high class clients.
I can, it sounds like a world where people are more fairly compensated for their work.
I’m increasingly cynical about open source as time goes on. There really need to be better licenses that deal with the funding issue, because huge companies shouldn’t have any right to freeload.
We should call people who moan about license choices and donation messages in postinstall scripts what they are: leeches.
If you take time out of your day to complain about an OSS project and spread negativity you're literally a detriment to the wider ecosystem. That includes purity testing.
I hope zloirock does what is good for him going forward.
The motivation to correct someone else who is (IYO) incorrect or to express your point of view is stronger in many people than the motivation to transfer money from your pocket to someone else’s without a direct quid pro quo.
More people will spend 30 minutes looking after an infant that might be abandoned in the cold than would give $1 to a beggar in the same weather, even though that 30 minutes is far more valuable. I will often shovel my neighbor’s sidewalk and steps while I’m already out there doing mine. I’d never pay someone $20 to shovel their walk. You can look at those differences and decide if humans are good to each other or not depending on which part you focus on.
Such a good question, the short answer is I don't know why we have Wikipedia or OSM, I could think of reasons for the specific examples but the heart of the question would still not be answered.
Another example you could have added is pro bono or volunteer work, one answer I could come up with is they wanted too. Maybe my response was a bit dramatic since we do have examples of humans being good to each other.
I'm willing to accept that I could be wrong. What do you think?
I understand it must be frustrating to have massive companies using your code without paying, while you struggle to make ends meet.
But that is the reality of open source. The very reason that all those BigCo’s are using your code is _because_ you offered it to them for free.
If you actually want payment for your code, but you’re not being up-front about it, then people are going to be annoyed with you when you show up asking for money, because they feel you’re pulling a “bait and switch” on them – because you kinda are.
The reality is that every one of us are relying on thousands of open source projects on a daily basis. Everything from glibc to our web browser itself are mostly if not completely open source. The number of open source projects involved in me writing this comment likely number in the thousands. I can’t practically support all of them directly.
Hard as it may be to hear, your open source project is not special. It’s just another among hundreds or thousands like it in the dependency stack. Only a tiny minority of the people who use it will even know it’s there, much less care that it exists. If you can’t accept that, you should probably get out of the open source business.
It's hard to make OSS sustainable without millions of $ and VCs trying to turn that OSS tech in a huge business. With OrientDB we got lucky, not it's the past... Now I'm experimenting with a different approach of redistributing GitHub Sponsorships to the developers that actively work to the project:
After almost 18 months it's still far from being sustainable. Pure OSS is one of the hardest field to make some money because of the average developer: they just take without giving anything back in terms of work (contributing) or money.
The patience and resilience this man must have. I would have left Foss development way earlier if I was in his place.
He has every right to just deprecate or remove the package from npm and give everyone the middle finger.
He posted that classic XKCD comic about critical infrastructure.
So while thousands of principal engineers at companies around the world hold meetings today on what to do about this critical bus factor issue, I'm going to do something else.
I'm going to go outside, drop off some library books (i don 't always finish them, that's ok), and wonder what critical infrastructure component exists in my life that I'm responsible for. Is it a person? A pet? A future idea?
Or who's supporting me? The parents and all the rest.
I'm not naive about what happens in OSS projects. And I wouldn't want to be this critical in a project, but this can be a message of future hope even if the world is dark right now.
I dont know the immediate solution. Maybe the engineers scrambling today can slowly remove this stress bomb over the next couple months.
Yeah, I have to respect how hard he sticked to his conviction.
I truly hope that companies, especially bigger ones, show more willingness to donate some money to FOSS projects that they use.
Iw ould would still be cheaper than to buy some expensive enterprise solution, and idk maybe they can write it off as donations on their taxes and get some good PR.
If you're working for a company that relies on OSS, please suggest establishing an OSS fund to specifically support projects like core-js. Have the company pledge some percentage of profits, where employees decide how the funds get appropriated. E.g. by popularity, relevance, love, or whatever other criteria feels right. Think of the Humble Bundle sliders, for example.
It's heart breaking to know that the world's largest companies are using software whose author is struggling financially. That xkcd is 100% right, but this situation is far from amusing.
> employees decide how the funds get appropriated. E.g. by popularity, relevance, love, or whatever other criteria feels right
FWIW this is not the way. Distributing based on these criteria means most of the funding will go to those who already receive most of the funding. It does not solve the XKCD/2347 problem, which is exactly what this guy is encountering: People who maintain unknown software, software you don't even realize you're using, but which is so useful it ends up used everywhere.
OpenSSH (via OpenBSD) faced that issue in 2014 (https://www.osnews.com/story/27519/openbsd-will-shut-down-if...), and got funding because the story got attention. I suspect core-js after this post has also solved his problem for the time being thanks to this post (assuming it gets enough attention; seeing as it's at the top of HN now, I bet it will). But this is not viable. People in open source often do not see money as a resource, but as a corruptor, so they refuse to touch it unless strictly necessary; to a fault. (I should know; I was in that situation as well for years. Out of idealism I also refused to touch money. Now I work in fintech, so clearly I changed my outlook; but old me would probably hate current me.)
What a soul-crushingly sad and difficult read this was, though. Jesus.
At this risk of some self promotion, we developed StackAid (https://stackaid.us) to help fund the long tail of open source because of the exact problems you mentioned. People only tend to remember the popular/direct dependencies.
Am I interpreting it right, and your service acts as an escrow? Even though you seem to solve the payment headaches, I'm not sure I'd trust a middle-man to do the right thing in these matters. Would it be possible to use your tool entirely offline and just get a list of dependencies, and suggested payment per month for each depending on available funds? And then allow me to tweak it depending on whatever criteria I want, similar to the Humble Bundle sliders?
Getting the payments out to every project would be a hassle that you already solve, but I think it would be preferable to deal with those than with a centralized service that everyone depends on.
Yes, we do hold payments for projects and pay them out monthly. However if you don't want to claim your funds on StackAid but do accept donations elsewhere, we will use those service to pay you out instead. Running the tool offline would be challenging because we a large index of dependency->repository mappings across various ecosystems so we can resolve your dependency tree. You would also still be stuck manually paying out to possibly hundreds of projects. FWIW we are completely transparent about the payments we make to each project as well as how much goes to us.
> Distributing based on these criteria means most of the funding will go to those who already receive most of the funding.
It depends on the strategy used. If we define "popularity" as "number of our projects that depend on this OSS project", then the distribution should be fair, and projects like core-js would be well compensated. This could all be automated, and the popularity ranking could be fixed and used by default, so that employees could add additional funding by voting on their most used and loved projects. I think both approaches would work well.
In any case, my suggestion was to create a company-wide OSS fund to begin with, which most companies don't even bother with. The strategy of how they're appropriated can always be improved after that.
the problem, in my opinion, introduced by the so-called full-time open source developers (making money via contributions) is the distortion in how free & open source software should be organized. no one should have a full-time job maintaining an open source software, on their own. they should be doing in through a user-company. see the ruby and rails core team/structure for example. they all work full-time at companies with significant investment/commitment to the framework. they’re paid by these companies not randos paying money into some opencollective, patreon, &c.
the javascript ecosystem sets and perpetuates a bad example here. it has sometimes even lead to accusations of leeching (see babel) where a ‘full-time’ maintainer who has honed the evil art of extortion refuses to kickback to the original creator-inventor or share proportionally with all contributors. or so the story goes.
it’s imperative that we save open source from these evils. github sponsor, patreon, opencollective, tidelift, npm fund hurt, rather than help, the cause. they’re the sort of simple & straightforward ideas that make sense to simple-minded people, but eventually break under the messy rules and expectations of reality. if rails has succeeded without begging for money (even without starting a foundation) then, of course, their approach to free & open source software should be promoted.
i'm not sure i understand what you mean. how's rails 'completely owned by private companies' for example? i'm not sure you wish to imply that private companies hiring and paying people to work full-time on open source equates to 'owning' such software. there's open source software started by and owned by private companies (the go programming language, apple's swift, meta's react, among other). regardless, they have big adopters. even so, i won't put rails or python or postgresql or rust in the same category.
The direction that rails goes in is the direction that Basecamp wants it to go in. Basecamp is a privately owned company. Who do you think owns the IP?
Look, no judgment for open source maintainers who take a job in order to get paid. But the idea that this is the only viable model for open source is abhorrent.
> The direction that rails goes in is the direction that Basecamp wants it to go in. Basecamp is a privately owned company. Who do you think owns the IP?
it’s demonstrably false. both github and shopify have made significant contributions to the direction of rails. also individuals who were eventually hired by big rails/ruby users. i think such was the case for tenderlove and schneems for example. according to the rails license[0], dhh owns the ip.
you could shift your perspective to see if this makes sense. companies heavily invested in certain open source projects hire (1) people already familiar with and have been contributing to the project, or (2) people totally new to the project but mandated to participate in maintenance and development given its a key infrastructure. this, imo, is how open source should be maintained: companies with skin the game commit to its survival. the current model of paying money to someone not in the employ of anyone (and so maybe doesn’t use the project themselves) is bound to lead to the current pay me or i abandon the project.
I doubt this is really practical but I wonder what would happen if it just became a commercial project in a few weeks. He has given fair warning many times in the past and again today.
So out of all of those large companies, if he sets the license at say $5000-10000 per year, would they all really just pin the old version or something and leave him hanging?
Honestly this is the type of thing that makes me want to roote for the AIs in the future. They can't possibly be worse than humans.
Seems unlikely to work given (if I understood correctly) the main direct consumer is Babel, another OSS project that is known to have had trouble with funding in the past. If he starts asking for license fees, Babel eill just be forced to make do with the latest OSS version, fork it or whatever, and the rest of the world will never know.
This guy should approach the OpenJS Foundation [0] (previously it was the JQuery Foundation). It's sponsored by the big guys. There are a few more Open Source Foundation he can approach.
Could be that successfully funded OS projects are being maintained/leaded by charismatic guys? Those that can do marketing and get the project known and eventually get fundings. e.g.: tailwind, jquery, vue, sveltekit
Sounds like it’s time for him to move on. I’m sure it’s incredibly difficult to give up on a passion project which is also very popular, but he doesn’t sound happy and in a good mental space. Besides, I highly doubt that companies will suddenly start supporting open source devs.
A break and a paid job might be what he needs to reboot mentally. Hope he gets through this tough time!
I'm halfway through the comments and haven't seen anybody mention faker.js. Companies need to figure out a way to support these creators that they profit off of. How many more times do we have to see the same story play out?
oh, I almost cried reading this drama story. Until I googled what happened that night when he killed and injured another girl. And what a surprise, they were crawling on zebra and it was his responsibility to let them finish their maneuver.
and... the guy, who supports russian invasion doesn't deserve anything.
“Modern ESM” is a moving target. There’s always some new functionality that’s being added to the APIs that devs inevitably want to use. From his article, ‘structuredClone’ is a good example of something that everyone’s lusting over but isn’t quiiite there yet.
There are also still browser quirks etc for some of the newer stuff, and Safari tends to be a laggard, which cuts you off from iOS traffic.
Urgh.. It's so unsettling how easy people fall for the "innocent act" of the person who routinely supports genocide. And it's a known systemic consistent behavior in the public statements — he's been supporting the mass murderers for many years. In his late post he suggests that the murdered Ukrainians are somehow the same as the ruscist rapists who killed them. In the past he was shifting the blame for the rssian fascist ethnical cleansing to Ukraine as well:
https://twitter.com/TheLarkInn/status/1625276917363646465. He'd probably also blame black people for being enslaved, and rape victims too.
This does correlate with the color of his passport but it's just that — a correlation. His actions* speak louder than words. Encouraging people to send him money equals indirectly funding the genocidal maniacs. Don't fund the terrorists, it's as simple as that.
> If he weren’t Russian and subject to OFAC sanctions
Wrong. OFAC has sanctioned a number of Russian individuals and entities, including many of the country's banks. OFAC has _not_ sanctioned all Russians.
You are welcome to look up my contribution via OpenCollective.
It’s dangerous for individuals to take liability on themselves by using Bitcoin to send funds directly. The OFAC sanction search above is for compliance officers at financial institutions. If, as an individual, you take it on yourself to send funds via Bitcoin and you’ve misunderstood the scope of sanctions then you may find yourself in violation. OpenCollective pays out through Stripe which handles the regulatory compliance issues.
He has made multiple posts like this and it always reeks of entitlement and disdain for his user base. Charge money if you want money. Don't give something for free and then complain.
The real reason he doesn't charge is nobody would pay or someone would immediately fork the project and do it for free.
The point of large open source projects like this is to parlay it into career opportunities, not expect every installer to give you a dollar.
> ... someone would immediately fork the project and do it for free
He said he's tried to find others to maintain the project and no one will help. Dunno why it'd be any different if there was a fork.
> ... not expect every installer to give you a dollar.
He isn't asking for every installer to pay. He's asking for enough financial support to work on core-js full-time, which seems reasonable given how depended-on the library is.
>> The point of large open source projects like this is to parlay it into career opportunities
> Yeah, you are in the minority with that belief.
The OP does have a platform, thanks to his work. If he did not diligently pour his creative talent into core-js & without it's widespread usage, he would probably not have the audience & we wouldn't be having a discussion about him or his situation. He does have a platform which he most likely could monetize.
He does have a platform which he most likely could monetize. It's like a Youtuber who gains a large audience. Youtube does not pay much & many subjects are demonitized, yet many Youtubers are creative in monetization. Of course a big advantage of having one's face on the screen talking to a large audience is attention, making it easier to get the message out & to create a market.
I do plenty of open source work & my partner was a prominent early Youtuber. It's not easy & takes a mostly different skillset than just creating code or content, but the opportunity is there. Some are quite talented at creating code/content & monetizing code/content. I'm not so talented at the monetization aspect, but I see the opportunity is there. I for one, use open source as a way to share code between my projects...making it easier, via IP licensing, to reuse code.
I would personally love to see more people sharing on how they use their creative talents, hard work, & audiences to earn a living. I think there is a better way than relying on donations. For example, the creator/audience relationship on platforms like Patreon or Rumble seem like a way to earn money in a dignified manner.
I want to follow up with a couple more thoughts as Open Source developers, particularly important ones, earning a decent living is important:
The OP author deserves to earn a living for himself & his family. He has put in many hours of hard work & has proven to be selfless in doing so. The question is, if one dedicates one's life to Open Source development, how will one earn a living?
My contention about relying on donations is that donations are not very reliable. They require frequent PR to bring attention & the will of the donators. I'm confident that this post will bring in a rush of donations, but for how long? I hope Mr. Pushkarev can find a sustainable way to earn the living that he deserves. I just don't think relying primarily on donations is going to get him (or any Open Source developer) there. He has a platform & attention & I hope people in a better position than myself can rally around that to offer him sustainable opportunities. Who know where he will take it from here. I'm optimistic that some great opportunities will emerge from this.
I see a lot comments here suggesting the he should just pack his bags and get a corporate gig. How many other great open source projects will we miss out on because developers see this advice and not even bother in the first place.
Sure, but you (maybe not you specifically) _solve problems_ by using a lot of open source. Your ability to do your job and get paid depends on the labor of others. Why not compensate them for it.
What would you say if you were in Russia? Would you publicly pour out your complete thoughts, whatever they may be, in a popular blog post with your name signed underneath? With an unfunded OSS project, a family to support and criminal history? Don't forget, you can't just "say stuff" in most corners of the world.
It looks like Denis is actually supporting russian government and their lies about this war - https://twitter.com/roman01la/status/1625254253156528147 . He literally spreads russian propaganda points and blames Ukraine for being attacked.
I understand that his perspective is not consonant with Western views and that he does place some blame on Ukraine, but he literally says "I'm against war. I'm against the current Russian government." which I hardly think is fair to represent as supporting the Russian government and the war!
If you don't support the war and afraid to express your opinion, you can just remain silent and don't say that "both sides are equally bad". This kind is rhetoric is exactly what Russian war supporters use.
His comments were in response to an issue opened in the repo, it's not like he went out of his way to bring the problem up. If you take concern with him speaking with his family's best interests in mind (especially the "indoctrination" he is concerned about for his child), then stop using core-js.
He only said "I don't want to choose between two kinds of evil. I will not comment on this in more detail, since there are people close to me on both sides of the border who may suffer because of this."
I don't think "two kinds of evil" is meant to imply that both sides are equally bad. Just that there are no good options for him. After all, when we say "the lesser of two evils" we don't (usually) mean evil in the literal sense. We mean that we are being forced to pick the least-bad of two bad options.
I'm shocked I have to scroll down so far to see someone complain about that. He absolutely is shifting 100% of the blame for him killing someone onto the person he killed.
Honestly, I feel really sorry for the guy and I'm willing to take him at his word that it wasn't his fault, but I found the bit about him hitting the girls a little off. It almost seemed like he was more angry at them for being in the road than himself for hitting them.
As some who has hit someone in my car before and was not to blame (legally at least) I'm more than aware these things happen, but I think if I killed someone, especially if it was someone as young as 18, I'd be tormented by guilt. Even if it were an accident.
Assuming we take his story at face value, from a legal standpoint you are correct. However, if I accidentally ran somebody over and even if I was not at legal fault I would certainly feel guilty and it feels wrong to me how quickly he pushed it off.
I also find it a bit weird he implied he was driving a car but in the news article it said he was driving a motorcycle.
Not really, no. As an ex-convict with massive fines he can't pay who is unable to leave the country and a newborn child, I cannot really blame him for not sticking his neck out publicly in an increasingly totalitarian state, nor for being angry about the sanctions obliterating his already bad financial situation and freezing a portion of the already small amount of money that had already been given to him.
Imagine how you would feel if you worked for minimum wage at McDonalds and the police froze up your savings accounts for more than a year because a distant uncle you've never seen was discovered to be a hitman for the mafia.
