Hacker News with comments/articles inlined for offline reading

Authors ranked on leaderboard
Last updated:
Reload to view new stories

January 21, 2020 21:38



Front Page/ShowHN stories over 4 points from last 7 days
If internet connection drops, you can still read the stories
If there were any historical discussions on the story, links to all the previous stories on Hacker News will appear just above the comments.

(1332) Apple dropped plan for encrypting backups after FBI complained

1332 points about 8 hours ago by n1000 in 2818th position

www.reuters.com | Estimated reading time – 7 minutes | comments | anchor

SAN FRANCISCO (Reuters) - Apple Inc (AAPL.O) dropped plans to let iPhone users fully encrypt backups of their devices in the company's iCloud service after the FBI complained that the move would harm investigations, six sources familiar with the matter told Reuters.

FILE PHOTO: A woman uses her Apple iPhone and laptop in a cafe in lower Manhattan in New York City, U.S., May 8, 2019. REUTERS/Mike Segar/File Photo

The tech giant's reversal, about two years ago, has not previously been reported. It shows how much Apple has been willing to help U.S. law enforcement and intelligence agencies, despite taking a harder line in high-profile legal disputes with the government and casting itself as a defender of its customers' information.

The long-running tug of war between investigators' concerns about security and tech companies' desire for user privacy moved back into the public spotlight last week, as U.S. Attorney General William Barr took the rare step of publicly calling on Apple to unlock two iPhones used by a Saudi Air Force officer who shot dead three Americans at a Pensacola, Florida naval base last month.

U.S. President Donald Trump piled on, accusing Apple on Twitter of refusing to unlock phones used by "killers, drug dealers and other violent criminal elements." Republican and Democratic senators sounded a similar theme in a December hearing, threatening legislation against end-to-end encryption, citing unrecoverable evidence of crimes against children.

Apple did in fact did turn over the shooter's iCloud backups in the Pensacola case, and said it rejected the characterization that it "has not provided substantive assistance."

Behind the scenes, Apple has provided the U.S. Federal Bureau of Investigation with more sweeping help, not related to any specific probe.

An Apple spokesman declined to comment on the company's handling of the encryption issue or any discussions it has had with the FBI. The FBI did not respond to requests for comment on any discussions with Apple.

More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud, according to one current and three former FBI officials and one current and one former Apple employee.

Under that plan, primarily designed to thwart hackers, Apple would no longer have a key to unlock the encrypted data, meaning it would not be able to turn material over to authorities in a readable form even under court order.

In private talks with Apple soon after, representatives of the FBI's cyber crime agents and its operational technology division objected to the plan, arguing it would deny them the most effective means for gaining evidence against iPhone-using suspects, the government sources said.

When Apple spoke privately to the FBI about its work on phone security the following year, the end-to-end encryption plan had been dropped, according to the six sources. Reuters could not determine why exactly Apple dropped the plan.

"Legal killed it, for reasons you can imagine," another former Apple employee said he was told, without any specific mention of why the plan was dropped or if the FBI was a factor in the decision.

That person told Reuters the company did not want to risk being attacked by public officials for protecting criminals, sued for moving previously accessible data out of reach of government agencies or used as an excuse for new legislation against encryption.

"They decided they weren't going to poke the bear anymore," the person said, referring to Apple's court battle with the FBI in 2016 over access to an iPhone used by one of the suspects in a mass shooting in San Bernardino, California.

Apple appealed a court order to break into that phone for the FBI. The government dropped the proceedings when it found a contractor that could break into the phone, a common occurrence in FBI investigations.

Two of the former FBI officials, who were not present in talks with Apple, told Reuters it appeared that the FBI's arguments that the backups provided vital evidence in thousands of cases had prevailed.

"It's because Apple was convinced," said one. "Outside of that public spat over San Bernardino, Apple gets along with the federal government."

However, a former Apple employee said it was possible the encryption project was dropped for other reasons, such as concern that more customers would find themselves locked out of their data more often.

Once the decision was made, the 10 or so experts on the Apple encryption project - variously code-named Plesio and KeyDrop - were told to stop working on the effort, three people familiar with the matter told Reuters.

APPLE SHIFTS FOCUS

Apple's decision not to proceed with end-to-end encryption of iCloud backups made the FBI's job easier.

The agency relies on hacking software that exploits security flaws to break into a phone. But that method requires direct access to the phone which would ordinarily tip off the user, who is often the subject of the investigation.

Apple's iCloud, on the other hand, can be searched in secret. In the first half of last year, the period covered by Apple's most recent semiannual transparency report on requests for data it receives from government agencies, U.S. authorities armed with regular court papers asked for and obtained full device backups or other iCloud content in 1,568 cases, covering about 6,000 accounts.

The company said it turned over at least some data for 90% of the requests it received. It turns over data more often in response to secret U.S. intelligence court directives, topping 14,000 accounts in the second half of 2018. Because of gag orders, Apple has not given any such data for 2019.

Had it proceeded with its plan, Apple would not have been able to turn over any readable data belonging to users who opted for end-to-end encryption.

Instead of protecting all of iCloud with end-to-end encryption, Apple has shifted to focus on protecting some of the most sensitive user information, such as saved passwords and health data.

But backed-up contact information and texts from iMessage, WhatsApp and other encrypted services remain available to Apple employees and authorities.

Apple is not the only tech company to have removed its own access to customers' information.

In October 2018, Alphabet Inc's (GOOGL.O) Google announced a similar system to Apple's dropped plan for secure backups. The maker of Android software, which runs on about three-quarters of the world's mobile devices, said users could back up their data to its own cloud without trusting the company with the key.

Two people familiar with the project said Google gave no advance notice to governments, and picked a time to announce it when encryption was not in the news.

The company continues to offer the service but declined to comment on how many users have taken up the option. The FBI did not respond to a request for comment on Google's service or the agency's approach to it.

Reporting by Joseph Menn in San Francisco; Editing by Bill Rigby




All Comments: [-] | anchor

hannibalhorn(4249) about 8 hours ago [-]

The iCloud security overview [1] says iCloud backups are encrypted 'in transit' and 'on server', but indeed doesn't say much about the encryption keys. There is 'end-to-end encryption' on just a few items (iCloud keychain, WiFi passwords, etc.)

1. https://support.apple.com/en-us/HT202303

exegete(10000) about 7 hours ago [-]

Apple has a key for iCloud backups. [1]

1. https://fixitalready.eff.org/apple

nonninz(10000) about 6 hours ago [-]

So not even photos are E2E encrypted? Nor Voice Memos, notes... nothing that is not written in the second list?

justapassenger(10000) about 5 hours ago [-]

Wonder if this will help to kill a meme, about how much Apple cares about users and what great values they have, how they're going to stand for the user, fight with governments, etc.

While iPhone itself is pretty secure as a device phone (and Apple makes sure to remind you about that in each ad, public speaking, attacks on competitors, etc), as an ecosystem it's not secure. And it's like that on purpose - there's no good and easy option to backup your phone other than iCloud.

You have to be a tech person to know how to keep an iPhone secure. Average Joe buys iPhone and pays for iCloud. They Apple first $1k to get (on top of other things) a secure device, and then they Apple monthly fee to give Apple all their data and make insecure. Pretty genius business strategy.

wnevets(10000) about 5 hours ago [-]

>Wonder if this will help to kill a meme, aboyt how much Apple cares about users and what great values they have,

Probably not. The keyboards on their laptops are barely functional but it doesn't stop people from saying how great they are.

privateSFacct(10000) about 5 hours ago [-]

Seriously - a big deal to me for sure.

tcookisfakeaf(10000) about 4 hours ago [-]

In the last year Tim Cook has told college grads his generation failed them on the environment, and Apple complained in the EU about being forced to adopt one standard connector for devices.

Lawyers rule the world. Our romantic ideas of law as a just human social framework has always been nonsense. It's to shield the elite from us.

They were designed in an Us v. Them mentality: https://politics.stackexchange.com/questions/8793/what-did-j...

Tim is all, "Sad news kids. My peers and I applied our agency to tasks that made this huge mess. Despite acknowledging this, gonna stick with it. Cause I got fewer years ahead of me than you! Cheers!"

parliament32(10000) about 4 hours ago [-]

The ecosystem is incredibly insecure, despite what Apple's marketing department wants you to think. More than anything I'm surprised at how often their advertising talking points are parroted in tech circles, like here on HN.. in any thread hinting at Google vs Apple you're bound to find a long comment chain about how Apple is 'secure' and 'privacy oriented' and 'cares about their users'. Not that Google is any better, but it makes me wonder whether it's just astroturfing or if their marketing is actually working.

vi4m(10000) about 2 hours ago [-]

> there's no good and easy option to backup your phone other than iCloud.

Just plug your phone, click 'Backup up'. You don't even have to open iTunes anymore, just open 'Finder' window. Can't be easier than that.

neya(761) about 4 hours ago [-]

>While iPhone itself is pretty secure as a device phone

I simply don't understand why people would blindly believe marketing material from a for-profit corporation. It's a device running closed source software. There is no way to prove this claim. If anything, Apple has been caught in the past sending very very personal sensitive information [1].

[1] https://www.theguardian.com/technology/2019/jul/26/apple-con...

natch(4204) about 4 hours ago [-]

As someone who has bought into that meme I will admit this feels like a pretty huge betrayal by Apple. So, yes, I think if Apple sticks with this, their whole privacy stance is going in the toilet now. And a very dirty toilet it is.

Beyond just the facts of not protecting data, there is also the deception. This is some really very, very, nasty stuff for Apple's brand and the reputation of every person who works at Apple. I don't know how to state it strongly enough.

Huge Apple fan until today... see my comment history... this is devastating for them amongst the sliver of their users who pay attention to this stuff. And they should realize that even though we may be just a sliver, we can lead other customers away from them if we want to.

brundolf(1648) about 5 hours ago [-]

> aboyt how much Apple cares about users

No company cares about anything. A company is not a person.

Apple, because of its privacy-marketing, is incentivized to be the privacy player in the market. But only so far as consumers keep them honest about it.

They got away with this loophole because it stayed under the radar; if it gets enough attention and enough customers show that it matters to them, it could change.

On the other hand, it's possible that because we have a smartphones duopoly, Apple only needs to maintain a position where people will say 'well at least it's not as bad as Google'. I'm upset about this personally, but I'm not ditching my iPhone. Of course, this does cement my decision to never pay for iCloud, for what that's worth (much less, but not nothing).

mistersquid(3008) about 3 hours ago [-]

> Wonder if this will help to kill a meme, aboyt how much Apple cares about users and what great values they have, how they're going to stand for the user, fight with governments, etc.

In this instance, Apple decided to continue to not encrypt iCloud backups because, according to one source,

> [...] the company did not want to risk being attacked by public officials for protecting criminals, sued for moving previously accessible data out of reach of government agencies or used as an excuse for new legislation against encryption. [0]

Apple's stance on privacy is more than mere marketing and more than a meme, but their legal team decided that encrypting formerly unencrypted backups, which had already been used as evidence in previous cases, is ill-advised.

Most people, including technically knowledgable users here on HN, were unaware iCloud backups have always been unencrypted. Many of us concerned about privacy have avoided iCloud backups because they are subject to subpoena.

I wish Apple would (have) offered encrypted iCloud backup as an option, and I understand why they chose not to. However, I disagree that their stance on privacy is mere marketing. Apple has a balance to strike between the issues of encryption, privacy, and law enforcement, and their products are not perfect for either users or law enforcement.

That doesn't mean Apple doesn't care about its users and their privacy.

[0] https://www.reuters.com/article/us-apple-fbi-icloud-exclusiv...

GeekyBear(10000) about 5 hours ago [-]

>there's no good and easy option to backup your phone other than iCloud.

Turn off iCloud and do local encrypted backups to your PC or Mac.

This works over your wifi network (if you prefer wireless charging at home) or via a cable connection.

terminaljunkid(10000) about 5 hours ago [-]

That meme should have been diminished earlier. People should understand while Google saves much data within itself, Apple shares it with advertising partners.

By the way, People have come to hate Google all the way for some advertising and easily switch-able data collection. But one should at same time hesitate to vote to apple with their wallets, they are a monster company which patents rounded corners of phones and things like optional chaining in Swift. That just goes unnoticed in circles like HN. IMO apple has always been more evil than Google.

3xblah(10000) 14 minutes ago [-]

'Wonder if this will help to kill a meme, about how much Apple cares about users and what great values they have, how they're going to stand for the user, fight governments, etc.'

Prediction: That meme will not die.

If one reads past HN discussions, it is evident the urge to to try to compare all these companies and choose a 'white knight' is extremely strong amongst people who post comments.

Whereas the truth may be that these companies are actually more similar in regards to certain issues than they are different; and, in fact, none of them may provide the solutions to the problems being discussed. They are all collecting and storing highly personal user data and have invested in building data centers to do so. Apple likes to remove inputs and oututs from their portable computers, preferring all data to travel over insecure wifi.

To a rational, unbiased observer, it should be no surpise none of them can 'solve' these problems considering they themselves are the sources of them. They are purporting to try to solve problems that they themselves have created, because these 'problems' (for users, not for the company) are arising in the pursuit commercial objectives.

Collecting and storing as much user data as possible, regardless of the inherent risks, is intentional.

ksec(1570) about 4 hours ago [-]

>And it's like that on purpose - there's no good and easy option to backup your phone other than iCloud.

I really want the iOS Time Capsule Option. Even if it is expensive.

philjohn(10000) about 4 hours ago [-]

You don't have to use iCloud backups - you can still backup to a computer and have that backup encrypted.

TazeTSchnitzel(2248) about 7 hours ago [-]

This is also why you should never use cloud backups for iMessage or WhatsApp.

jedieaston(4076) about 7 hours ago [-]

This is disabled by default in iOS 13, to keep your messages secure (and because often times it doesn't work properly). You have to go into iCloud settings to turn it on. And then if you aren't using iCloud Backup, the key to your Messages backup is not stored by Apple, so they can't read it anyway (see https://support.apple.com/en-us/HT202303).

For some reason, I doubt Google would do that.

brenden2(4337) about 7 hours ago [-]

I also have iMessage configured to delete messages after 30 days. I wish WhatsApp has this feature, but it does not, so I just periodically clear the history manually (which you can do in WhatsApp as well as Signal).

hartator(3771) about 6 hours ago [-]

Are the iMessages in an iCloud backup encrypted or not? As of now. It seems actually unclear.

snazz(3423) about 6 hours ago [-]

Yes, but the key is stored in your iCloud backup if you use it. As soon as you disable iCloud backups it will roll the key for iMessage and they will be effectively E2E encrypted.

When Messages in iCloud is enabled, iMessage, Business Chat, text (SMS), and MMS messages are removed from the user's existing iCloud Backup, and are instead stored in an end-to-end encrypted CloudKit container for Messages. The user's iCloud Backup retains a key to that container. If the user subsequently disables iCloud Backup, that container's key is rolled, the new key is stored only in iCloud Keychain (inaccessible to Apple and any third parties), and new data written to the container can't be decrypted with the old container key.

https://support.apple.com/guide/security/icloud-backup-conte...

matt-attack(10000) about 5 hours ago [-]

So now that iTunes is gone, how does one do a local iPhone backup?

snazz(3423) about 5 hours ago [-]

It shows up in Finder. Most of the iTunes functionality is still there but split up into more logical places.

thoughtsimple(4120) about 5 hours ago [-]

It's part of the Finder now. Same UI (and probably code) just doesn't come as part of a monolithic application (but now part of a even more monolithic OS).

kohtatsu(4258) about 4 hours ago [-]

PSA: libimobiledevice exists and supports native encrypted backup/restores for iPhones using the idevicebackup2 utility. You can also disable iCloud backups from there for fun.

https://www.libimobiledevice.org/

Not excusing Apple. This is a disgrace, first in China now here.

kohtatsu(4258) about 3 hours ago [-]

With the ifuse utility you can even mount a subset of your iPhone's storage as a FUSE filesystem. (If it's jailbroken you can mount all of it)

Doing so I was able to read the SQLite database Photos uses on my girlfriend's iPhone to migrate only photos she had favourited to her new phone; she hated the idea of moving them all over so much that she was ready to let the best ones perish.

jxdxbx(10000) about 3 hours ago [-]

A completely e2e encrypted backup system would have to include photos (current iPhone backups do not). But true encryption means that when customers forget their passwords, they lose their data.

Already, people who don't use iCloud Photo Library and lose their phones, or forget their passwords, lose the photos that were on the phones.

Anyway, I think the customer experience issues weigh pretty heavily here.

whycombagator(10000) about 2 hours ago [-]

Sure. But they could easily make it opt-in, hidden in the settings, with a warning/confirmation/etc so users know exactly what they are getting into.

skrowl(4181) about 4 hours ago [-]

For comparison, Google end-to-end encrypts Android backups with your lock screen PIN/pattern (which isn't known to Google).

Source - https://security.googleblog.com/2018/10/google-and-android-h...

robocat(4313) about 2 hours ago [-]

So backups are insecure because they can be brute forced then?

Most PINs are 4 digits, and 50% of people use the most popular 25 PINs.

Pattern has 9! combinations (= 51840) but most people use four dots (987*6 combos) and most of those probably use one of a few popular patterns.

Shank(3673) about 3 hours ago [-]

Offline attacks for a motivated adversary, like NSA, are trivial on low strength security measures, like a standard PIN, numeric only PIN, or pattern. Only a strong passphrase would really help you.

aloukissas(3825) about 7 hours ago [-]

Which is exactly why I use Signal exclusively.

newscracker(3529) about 6 hours ago [-]

Signal prohibits backing up chats on iOS. So there's no question of information leaking from a backup when there's no way to create it.

jbverschoor(3507) about 1 hour ago [-]

Time to disable iCloud backup and cancel my iCloud subscription.

christefano(4319) about 1 hour ago [-]

Samesies :(

t4skf0rc3(10000) about 7 hours ago [-]

Privacy? Who needs it, amirite?

I mean, I'm not up to anything illegal, and I don't actually care about people seeing my stuff, BUT... the concept as a whole of 'government should have access to everything all the time, regardless of reasoning' does not sit well with me.

EGreg(1641) about 7 hours ago [-]

Nourong

pfarrell(4314) about 7 hours ago [-]

What happens when what is considered legal gets changed in the future?

lostgame(4301) about 7 hours ago [-]

You don't even, for instance, torrent? Movies, music? (You don't have to answer that. :P ) Ever pirate apps, even just to try before you buy?

The point is, if someone from the law is interested in you, or suspects you of some grander illegal thing, a lot of us do illegal things that might just be a little less grand, and a lot of us have the digital equivalent of a broken taillight.

bronco21016(10000) about 5 hours ago [-]

I believe this has been the case for sometime hasn't it? I vaguely remember reporting indicating this was true during the San Bernardino case and that Apple handed over that backup. Either way I do remember reading the Apple law enforcement guidelines a year or two ago and this was the case. iCloud data is not secure from law enforcement.

My project list has implementing a WiFi backup Windows/iTunes VM for this specific case. Does anyone know how iOS backups will be handled on personal PCs once iTunes is discontinued?

mindajar(10000) about 5 hours ago [-]

Device backups are handled by Finder in the post-iTunes world, at least on the Mac. I think iTunes is still a thing on Windows?

skandl(10000) about 5 hours ago [-]

Apple has an opportunity to stand separate as a leader in user privacy first. But to do so means constantly standing up to government(s).

marketingfool(10000) about 5 hours ago [-]

It literally doesn't matter. You are talking about their latest ad campaign.

Apple internal is complete detached from the commercials you see. It's about sales, not teaching users.

djrogers(3726) about 5 hours ago [-]

Another case of a headline not being supported by the story:

" Reuters could not determine why exactly Apple dropped the plan.

"Legal killed it, for reasons you can imagine," another former Apple employee said he was told, without any specific mention of why the plan was dropped or if the FBI was a factor in the decision."

And further on: " However, a former Apple employee said it was possible the encryption project was dropped for other reasons, such as concern that more customers would find themselves locked out of their data more often."

So 4 of the 6 sources were speculating (FBI), and one actively admits they don't know the reason, but the lede says 6 sources confirmed this. Hmmm...

chias(10000) about 5 hours ago [-]

In fairness, the title does not say that Apple dropped plan for encrypting backups because FBI complained :P

playpause(3678) about 3 hours ago [-]

I disagree. I read 'after' in the headline to succinctly imply that there are reasonable grounds to suspect a causal link between these events, while acknowledging that such a link has not been admitted by Apple (otherwise it would be 'in response to').

It's true this kind of wording is often used in low quality journalism to float the idea of a causal link when there is no good reason to suspect one, but this is not one of those cases.

kyralis(10000) about 3 hours ago [-]

> However, a former Apple employee said it was possible the encryption project was dropped for other reasons, such as concern that more customers would find themselves locked out of their data more often.

This. It's also the reason why photos are not E2E encrypted on iOS: Apple really doesn't want to be in the position of saying 'sorry, you lost all your data' or 'sorry, it's sad that Grandma just died, but all of her photos are gone and there's nothing you can do about it.'

make3(4296) about 5 hours ago [-]

am HN mod should change the title

minikites(2259) about 7 hours ago [-]

Some companies are better than others but there's absolutely no reason to believe any one of them would ever be on 'your side' for any reason. You can vote for who makes decisions in government, but you can't vote for who makes decisions in companies.

panarky(157) about 7 hours ago [-]

You vote every time you decide to buy or not to buy.

shadowgovt(10000) about 7 hours ago [-]

And at the end of the day, these tools are powerful and it's unclear that it's in the best interests of humanity at large to make it easy for every individual to cipher their data in a way that no other human can ever access. Apple (and their peers in the big-cloud-data-storage world) may not even be in the wrong for not willing to hand the same tool to the just and the unjust for cheaper than those individuals rolling their own.

clarkmoody(3734) about 6 hours ago [-]

Beyond HN and tech circles, is there any detectable groundswell of demand for privacy? When you talk with friends & family about privacy, does anyone care?

When average people care about privacy, the large players will respond. Until then, pressure from the state can be accommodated without irking customers, so Big Tech will play along.

raxxorrax(10000) about 6 hours ago [-]

> does anyone care?

Actually yes. Some even have bought into VPN services without me recommending it and without any missionary ambitions from my part. Generally these are also not people using services of the largest offenders too much though.

I would even say the majority in my circle cares about it. They just have no real clue how to mimimize data exposure. There certainly is an effect that influences consumption though.

From the techies within my cirlce everybody cares, most to a pretty large degree.

chopin(2603) about 6 hours ago [-]

Here in Germany there is a big TV ads campaign by Apple focusing on privacy.

At least their marketers seem to believe that there is a large enough groundswell to justify a campaign.

clowd(10000) about 5 hours ago [-]

Next time you encounter someone who claims they don't care about privacy, ask whether or not they close the bathroom door (or the stall in a public restroom) when they're taking a shit. And if they say yes, ask them why? What's going on in there isn't any big secret. It's not like they're in there plotting a terrorist attack. What are they hiding behind that door?

It turns out most people _do_ care about privacy. You just have to frame it in relatable terms.

I don't want anyone else watching me take a dump because that's private, and it's not any of their business. Likewise, I don't want other people knowing what articles I read on the internet, or what music I listen to, or reading the contents of my business plan, or scoping out my dick pics, or any of a thousand other things, because those things are also private and they aren't anyone else's business unless I choose to share them.

Restrooms have doors, and most people close them for privacy. Data has a privacy door, too, and it's called encryption.

aiisjustanif(10000) about 6 hours ago [-]

Asking the real important questions.

commandlinefan(10000) about 6 hours ago [-]

I seem to recall when Jennifer Lawrence (a famous actress you may have heard of) had her icloud storage hacked and leaked all over the internet, there was a bit of a murmur online and even offline about it.

mhb(82) about 6 hours ago [-]

Maybe they don't care about privacy because they're defining it as secrets that people have. Snowden's description of privacy is much more powerful:

'And if we actually think about it, it doesn't make sense. Because privacy isn't about something to hide. Privacy is about something to protect. That's who you are. That's what you believe in. Privacy is the right to a self. Privacy is what gives you the ability to share with the world who you are on your own terms. For them to understand what you're trying to be and to protect for yourself the parts of you you're not sure about, that you're still experimenting with.

'If we don't have privacy, what we're losing is the ability to make mistakes, we're losing the ability to be ourselves. Privacy is the fountainhead of all other rights. Freedom of speech doesn't have a lot of meaning if you can't have a quiet space, a space within yourself, your mind, your community, your friends, your family, to decide what it is you actually want to say.

'Freedom of religion doesn't mean that much if you can't figure out what you actually believe without being influenced by the criticisms of outside direction and peer pressure. And it goes on and on.

'Privacy is baked into our language, our core concepts of government and self in every way. It's why we call it 'private property.' Without privacy you don't have anything for yourself.'

dudus(3850) about 6 hours ago [-]

General public are generally ignorant about risks in the tech they use. That doesn't mean they don't care about their privacy.

There's an assumption that laws and safeguards are in place so technology in general can be trusted and transacted on.

In other words they trust in us 'the tech circle' to police ourselves and assert security and privacy. It's not circle jerk about privacy. It's a duty we have by being in the frontlines.

buzzy_hacker(10000) about 6 hours ago [-]

There's this popular conception that the average person doesn't care about privacy, but I think that's wrong. I just think that to really get a handle on what it means to be private in the modern digital age is too complicated for the average person. People are concerned but feel overwhelmed by the technical details and don't know where to start. You need to know the fundamentals of encryption, what a key is, backdoors, the difference between E2E and non-E2E, and so on. We, as the tech community, need to do a better job communicating and explaining.

bobajeff(3115) about 6 hours ago [-]

Obviously there is. Otherwise it wouldn't be advertised on billboards and television.

Privacy is just like your personal health everyone wants a convenient solution but no company can honestly offer it. (Doesn't stop then from pretending they do)

throwGuardian(10000) about 5 hours ago [-]

No there isn't, despite repeated high profile hacks.

I've spoken to many in security, selling E2E enablement for the enterprise, and even among CIOs, there is no urgency to implement this. You can imagine the indifference among the less tech savvy

Shivetya(613) about 5 hours ago [-]

the youth are either ambivalent or just not the point of understanding, have you seen how much they freely share with each other on messaging, dating, and other apps? Now for the most part today's schools lean pretty heavily towards indoctrination and with so many distractions at hand at their age they don't see issues we see.

As I posted before, then you get into the so called adult realm and many of them will trade away privacy if it gets them money off their coffee, coupons for grocery, or just to brag about their latest get away. it does not matter if its private or government channels, give them a reward and they want it.

Privacy also tends to be highly associated with identity theft not realizing that not only is privacy important for reasons of protecting your stuff but your person and your interest also need protecting both from government and private parties.

Also, some here seem to think they have more to lose than they do. It seems more about wanting to be part of a victim class as long as people and organizations they don't like are punished

tl;dr no, most don't care, give them a cookie and you can get their email and more

macinjosh(3971) about 6 hours ago [-]

As a big fan of the Mac and iPhone this is incredibly disappointing. I always assumed the privacy situation with Apple was candy-coated but I didn't think they were this spineless.

marketingfool(10000) about 5 hours ago [-]

How can you be a big fan of a product knowing that it's full of lies?

Serious question.

metafunctor(2701) about 7 hours ago [-]

What the... I was under the impression that iCloud backups are end-to-end encrypted. This is a HUGE problem.

rsync(3752) about 7 hours ago [-]

You should look into the 'borg' backup tool - it has become the de facto standard for remote backups because it does everything that rsync does (efficient, changes only backups) but also produces strongly encrypted remote backup sets that only you have a key to ... your cloud provider has no access to the data.

The borg website is here:

https://borgbackup.readthedocs.io/en/stable/

and a good description of how it works and why you should use it is here:

https://www.stavros.io/posts/holy-grail-backups/

mrtksn(3527) about 7 hours ago [-]

Apple has a list for that: https://support.apple.com/en-us/HT202303

These are end to end:

Home data

Health data (requires iOS 12 or later)

iCloud Keychain (includes all of your saved accounts and passwords)

Payment information

QuickType Keyboard learned vocabulary (requires iOS 11 or later)

Screen Time

Siri information

Wi-Fi passwords

The messages also end to end but the backup contains the private key.

The moral of the story is that if you want real protection, do local backups.

mtgx(164) about 6 hours ago [-]

Nope. I actually thought this was well known.

What did suck on Apple's part was that they wouldn't allow you to disconnect the actually end-to-end encrypted iMessages from the iCloud backups for many years.

So since most people kept their iCloud enabled, that meant their 'iMessage end-to-end encryption' was nothing of the sort, as all messages had a copy that Apple could read on its servers.

I actually don't know if this is still true since I haven't used an iPhone in some time, but I sure hope it isn't anymore.

WilTimSon(10000) about 7 hours ago [-]

Reminds me of WhatsApp claiming it had encryption everywhere and then this [0] dropped. Except, in this case, I'm actually surprised. Didn't Apple publicly claim that it wouldn't bow down to any demands from the agencies?

[0]: https://www.theinquirer.net/inquirer/news/3061660/whatsapp-i...

dwnvoted2hell(10000) about 6 hours ago [-]

The way FBI runs things has been a huge problem ever since the drug trade came to the US.

gowld(10000) about 6 hours ago [-]

It's huge problem that you believed something that was never suggested by Apple and never part of the threat model. Apple runs the closed source OS on your phone. You obviously can't hide information on your phone from Apple.

luxuryballs(4333) about 4 hours ago [-]

Nope only local iCloud backups are encrypted, which is why I never backup to the cloud.

But this makes me wonder if they have our local boxes totally owned already which is why the local encrypt feature would not hamper investigations?

parasubvert(4209) about 7 hours ago [-]

iPhone/iPad backups stored locally on iTunes (or Finder, in Catalina) are end-to-end encrypted.

iCloud backups always were encrypted based on a key derived from your iCloud account credentials, since the beginning...

5ersi(10000) about 7 hours ago [-]

Why would you think it was end-to-end encrypted? Did you never use icloud.com where you can simply access all your icloud data with a usernam+password?

djsumdog(919) about 6 hours ago [-]

You ever read the reviews for the MEGA app? Everyone complains that there's no password reset feature. MEGA is fully encrypted so you literally can't reset your password. It says this when you first crate an account and get a recovery key.

I don't think the general public would understand end-to-end encrypted backups. It would probably hurt their company if all backups were totally unrecoverable.

sneak(2841) about 7 hours ago [-]

They can't be; users lose their devices, then forget their passwords and need to reset and restore.

Also, all your photos and notes and email and other stuff in iCloud are available to Apple (and by extension the FBI et al) as well. Even Apple CSRs have a ton of access to the contents of a lot of iCloud services.

The situation is a lot better if you have all recent devices and 2FA turned on, then it can use iCloud Keychain for some stuff which is trust-circle based. You can read more in Apple's latest platform security doc released late last year.

zionic(10000) about 5 hours ago [-]

Not only this, but your iMessage E2E is protected in flight by a key that gets stored in your backup. So anyone recording your iMessages can retroactively decrypt them if they get your backup.

Silhouette(4272) about 6 hours ago [-]

This is a HUGE problem.

Well, you can choose not to use iCloud for that reason (as some of us do).

A bigger problem is that Apple deliberately locks up iDevices so it's hard to get your data off them using only local means, particularly if you don't also want to buy an Apple laptop just to do it.

cr0sh(10000) about 6 hours ago [-]

Between things like this, and the shenanigans Google pulls (with Android, the store, developers, and other things), I'm quickly going in a different direction.

My ultimate plan is to build my own phone; yes, I'll still be stuck with a carrier (I use t-mobile, and I haven't had a problem with them over 10+ years I've used them), and the hardware won't be completely 'open source', but the software and OS will at least be what I make of it myself.

In the meantime, I'll be playing with one of the Pine64 phones; hopefully it will give me most if not all of everything I want and need, and maybe I can help with bug testing or perhaps software development? At any rate, it won't be Apple or Google.

There are times that I have when I sometimes think to myself that going back to simple email on a text screen, and not much else, would be a better thing than what the web has become. Maybe go back to BBS's over ssh or something? 'Dial In' using my TRS-80 Model 100 'laptop' and move out to the boonies...

gonational(4166) about 4 hours ago [-]

It sounds like an awesome idea, and I've considered ordering a pine phone for the same reason.

I don't know why anyone would down vote your comment. On "hacker news" it's no longer considered cool to hack together your own tech?

When did HN become a corporate bootlicking dump?

CiPHPerCoder(1678) about 7 hours ago [-]

End-to-end backup encryption is hard. Apple had faced criticism from cryptographers for failing to implement it.

https://blog.cryptographyengineering.com/2012/04/05/icloud-w...

The fact that they started working on the problem then abandoned it after the FBI complained is disappointing, especially to Apple consumers. But all it means is the status quo marches on.

Headlines like this vindicate my decision to never purchase an Apple product.

nexuist(4112) about 6 hours ago [-]

>Headlines like this vindicate my decision to never purchase an Apple product.

What else can you buy? Surely not Android...do you live without a smartphone (serious question, not judging)?

brundolf(1648) about 6 hours ago [-]

And which phone do you use in its place to participate in basic aspects of modern life?

ifthenelseend(10000) about 7 hours ago [-]

another reason to switch to android

gruez(3840) about 6 hours ago [-]

android does end to end backups out of the box?

louis-paul(1546) about 7 hours ago [-]

Easy fix: back up your iPhone locally on your computer instead of using iCloud: https://support.apple.com/en-us/HT203977#computer

The ambiguous position on true end-to-end encryption shows once again that Apple is in for the marketing (both to consumers—predatory and dangerous, and to engineering talent—dishonest). Same hypocrisy as on the China issue. Not that there is an easy solution when you are one of the biggest companies on the planet and that shareholders essentially expect you to grow forever while playing nice with everyone.

luxuryballs(4333) about 2 hours ago [-]

Makes me wonder why they only mention iCloud specifically, does that imply our local OS is already pwnd?

brenden2(4337) about 6 hours ago [-]

Yep, this is what I do. I have a Synology NAS which I backup my Mac to using Time machine. Works like a charm, and everything is actually encrypted.

nathancahill(2878) about 7 hours ago [-]

Second step: Delete old backups

https://support.apple.com/en-us/HT204247#backups

celeritascelery(10000) about 7 hours ago [-]

But it is nice that you have the option to not backup with iCloud. They are not storing the information whether you like it or not as a lot of companies do.

andreasley(3642) about 6 hours ago [-]

While Apple doesn't force its users to use iCloud, they also don't provide an alternative way to do full backups of iOS/iPadOS devices over a network. Yes, you can plug an iPhone into a Mac, but that doesn't scale.

middleclick(3393) about 7 hours ago [-]

So what about all the privacy billboards, 'What happens on your phone stays on your phone?'. New version: 'What happens on your phone stays on your phone and unencrypted on the cloud'.

marketingfool(10000) about 5 hours ago [-]

Marketing is separate from facts.

Non Apple fans have been screaming about Apple's Marketing being detached from reality.





Historical Discussions: A Sad Day for Rust (January 17, 2020: 1236 points)

(1239) A Sad Day for Rust

1239 points 4 days ago by pjmlp in 231st position

words.steveklabnik.com | Estimated reading time – 9 minutes | comments | anchor

January 17, 2020

actix-web is dead.

This situation is bad, from all sides. When Rust was a tiny, tiny community, I thought to myself, "wow, I wonder how long this will last? Probably 1.0 will kill it." Sort of playing off of Eternal September, I assumed that over time, the community would grow, and we'd encounter problems.

Today is the first day where I say to myself, okay, has that happened?

This story is not super clear-cut. I'm not going to link to a dozen citations, or try to prove that I'm some sort of neutral party here. I'm going to give you account of this story as I remember it and as I felt it. Because this isn't really about playing judge. This is about thinking about the future.

It's been very clear from the beginning that the Rust project saw Rust as more than just the language. The community and the people mattered. From the earliest days, leadership explicitly took the position that it wasn't just the code, but the people around the project were important. Of course, people are also people, and so this wasn't perfect; we've made several fairly large mis-steps here over the years. But Rust has been an experiment in community building as much as an experiment in language building. Can we reject the idea of a BDFL? Can we include as many people as possible? Can we be welcoming to folks who historically have not had great representation in open source? Can we reject contempt culture? Can we be inclusive of beginners?

Rust has a necessary feature, unsafe, that allows you to escape Rust's guarantees. This is a really important part of Rust, but also a very dangerous one, hence the name. But one of the things that's important about it is that, since unsafe means "I have checked this code, and it upholds all of the guarantees the compiler cannot check," you can build a safe interface with unsafe guts.

Interacting with anything outside of the language, for example, using the operating system to print to the screen, or write a file, has to be unsafe, and so without this property, all programs would be unsafe. This premise is treated skeptically by many, but has generally been demonstrated to have worked out. Several folks are in the process of providing tooling to prove that your unsafe code is correct, and provided proofs for a bunch of the standard library's unsafe code. It not only found a few places where there were bugs, but also a few places where the restrictions were too tight!

But "generally" is doing a lot of work in that previous sentence. This setup creates a gnawing fear in the back of people's minds: what if some foundational package uses unsafe, but uses it incorrectly? What happens when this causes problems for every package that uses that package? This relationship between safe and unsafe is also a bit hard to understand, and so, when bugs are found around unsafe, people outside of Rust often use it to suggest that all of Rust is a house of cards. While Rust has "made it" in many senses, it has not quite yet in many others, and so I think this produces a fundamental anxiety in the community.

Speaking of making it, actix-web is a good web framework. It came onto the scene, and people generally liked it. It also performed extremely well. Its score on Techempower in particular was impressive, and got more impressive over time. Its author also works at Microsoft, and suggested that Microsoft is using actix-web in production. This was really exciting to people. This was the second project using Rust at Microsoft, and so this seemed really fantastic.

But then, the anxiety.

Before we get into that, though, there's also the matter of Reddit. The team has basically rejected Reddit for said social reasons. We provide alternate forums for folks, but Reddit is a huge place. The Rust subreddit has ~87,000 subscribers, partially thanks to this. And, for a while, the Rust reddit was a decent place. I still think it's better than most reddits, but it's degraded much more quickly than the community at large. "Why Reddit is like this" is a whole other essay; I think it's built into reddit's structure itself. But the point is, while Reddit is not official, and so not linked to by any official resources, it's still a very large group of people, and so to suggest it's "not the Rust community" in some way is both true and very not true. For the purposes of this story, I think it has to be included in the broader community, and I think that this situation has brought new questions about the relationship of the project and Reddit, though this is already far too long.

So, someone takes a peek under the covers, and it turns out actix-web is using a lot of unsafe code. That's not inherently a problem. The problem is, a lot of that unsafe code is not actually needed. This is where things start to go wrong.

The author of actix-web basically says "nah it's fine." This is basically the perfect storm of unsafe anxiety: a big, important, visible library, a bunch of unsafe, and an unresponsive author.

Now, it's important to mention that people were not just complaining: they were writing code. It is easy to frame this as a case of open source entitlement, and it still very may well be, but this isn't just empty complaints. Patches were included, they just weren't welcome. And that's also not inherently wrong either; a project maintainer shouldn't be required to accept a patch just because it exists...

Reddit whips itself into a frenzy. Lots of ugly things are said. More issues are opened, and closed, and locked. Eventually, the author accepts some code that drops the total unsafe count significantly and has more sound usage of what's left.

People were not happy about how all this played out, for a variety of reasons and in a variety of ways. I haven't spoken to actix-web's author, but I can't imagine that he was very happy about it either.

And then it happens all over again. More unsafe, more patches rejected, more Reddit, more bad blood. I thought that at this point, the author said he was quitting, but that may be faulty memory, or maybe he changed his mind. Regardless, how responsive would you be, if you were the maintainer, after the shit-show of last time?

People were not happy about how all this played out, for a variety of reasons and in a variety of ways.

All was quiet for a while, and actix-web kept climbing the Techempower benchmarks, reaching the top of most of them by a lot. It is wicked fast.

And then, yesterday, a post titled Smoke-testing Rust HTTP clients gets published. It focuses on a, well, smoke test of Rust HTTP clients, but it also comments a lot on the complexity of each project, and the amount of unsafe. The author found and filed a lot of bugs.

But:

A quick glance at the dependencies reveals that it relies on actix-service, which underpins all of Actix and has a bespoke and unsound Cell implementation. For example, this method violates memory safety by handing out multiple mutable references to the same data, which can lead to e.g. a use-after-free vulnerability. I have reported the issue to the maintainers, but they have refused to investigate it.

This causes the now-usual Reddit uproar. It's extra nasty this time. Some people go far, far, far over the line.

And now the maintainer has quit.

This means, on some level, this situation is over: there will not be a fourth huge actix-web drama. But it's really left a bad taste in my mouth. It's unfortunate that a well-known project had soundness issues. It's unfortunate that the maintainer wasn't receptive to fixing them. At the same time, I've been there: being a maintainer is tough. It's also unfortunate that there's this style of response, and kind, and volume. It is true that the situation was dangerous. But did it have to be handled this way? You have to understand a lot of nuance here to even know the main points of the story. One version of this story that will certainly be told is "The Rust community says they're nice but they will harass you if you use unsafe wrong." Is that what we want? I, for one, do not. If you're a part of Rust, you gotta ask yourself: are you happy with this outcome? How did your actions (or lack thereof) contribute to it? Could you have done something better?

I'm not sure where we go from here, and I'm not sure what we could have done to prevent this from happening. But I feel like this is a failure, and it's set Rust back a bit, and I'm just plain sad.

6,239

Kudos

6,239

Kudos




All Comments: [-] | anchor

dpc_pw(4218) 4 days ago [-]

To start: any personal attacks against the author are unacceptable. Anyone is free to write whatever the code in Rust they like, and it is wrong to attack them about it.

But .... I think it is showing that the premise of memory safety in Rust is working. Stuff that would go unnoticed in C and C++, is being identified and called out in Rust. Does it lead to drama, personal conflicts, etc.? Maybe. But from the perspective of the potential Rust user it's a proof that it `unsafe` keyword works, leads to higher scrutiny of potentially dangerous patterns and that the culture of other Rust users takes reliability, security and safety seriously.

einpoklum(10000) 4 days ago [-]

> Anyone is free to write whatever the code in Rust they like

Let's take an extreme example: I write some program for common use and intentionally introduce a security hole or make it participate in bot-nets. And don't tell anyone about it. Am I 'free to write it because I like it'? Well, in some sense, maybe, but it would also be something extremely problematic for me to do. Certainly everyone would scream bloody murder when it gets found out.

So, in a less extreme example, there's still some measure of responsibility of mapping out what and how you've vetted, and not making false claims.

epage(10000) 4 days ago [-]

This is a sad day for Rust. Situations can spiral out of control. Who started it? Who escalated it? You can't really define these because communication is sloppy and difficult, especially when there are cultural and language barriers involved. The only way to not get these situations to spiral out of control are a thick skin, forgiveness, and assuming noble intent.

There have been times on here where I see discussions around `unsafe` as if it was a curse. I think the discussions, over time, have gotten more nuanced which helps.

I also wonder if expectations were unclear. It now sounds like the focus of Actix was on performance and creativity / cleverness and not on being a mature product. I never heard that before. Maybe even the author didn't even originally articulate it so clearly but discovered it through these discussions.

Going forward, I hope someone archives their clones of actix and that people fork that and get it moving forward as a product. I hope people don't take a religious view of removing `unsafe` during the fork but instead follow best practices (benchmark to confirm the need, abstract it to test it, offer a feature flag for the paranoid to disable as much of it as possible).

dbcfd(10000) 4 days ago [-]

> I also wonder if expectations were unclear. It now sounds like the focus of Actix was on performance and creativity / cleverness and not on being a mature product. I never heard that before. Maybe even the author didn't even originally articulate it so clearly but discovered it through these discussions.

That's actually my main sticking point on this being mostly on the maintainer. From the actix documentation, releases, and promotion, I never got the feeling that it was _not_ meant for production. Even to the point of the comment 'Microsoft uses this in production'.

And suddenly, 'It's creative/fast/research/whatever'? That really feels like trying to sidestep findings because you don't want to lose your spot in the techempower benchmarks. Even more so, when the documentation, etc. is not updated to reflect this new focus, and there's no announcements about it.

ncmncm(4227) 4 days ago [-]

No, it's a happy day. This won't be the last such event. People who care will learn to keep track of details they care about, and certify -- and de-certify -- without drama. Not all modules are right for use everywhere, but all are right for use somewhere, including those only trusted for personal projects.

Some of the latter will be forked, and the forks certified to higher levels, and those forked again and the forks certified or de-certified again.

This marks a step on the way to maturity, right on schedule. By the evidence, in ten years Rust will be a mature language, much more quickly than some. Most don't get there.

amelius(887) 4 days ago [-]

I think the Rust compiler should write as its final log message 'Resulting binary contains x bytes of unsafe code' (or something similar). That way, people are constantly reminded that their code depends on unsafe code, and they can try to reduce that with visible results.

vngzs(10000) 4 days ago [-]

Given the 'unsafe guts' most of Rust stdlib contains, there's going to be some baseline of unsafe code that every project has. I could thus see this confusing new authors and users - you could have a project with zero unsafe lines that will still report a relatively large unsafe surface.

Besides, perhaps this would reinforce the notion that unsafe is - by its very nature - a bad thing. To quote Klabnik:

> it turns out actix-web is using a lot of unsafe code. That's not inherently a problem. The problem is, a lot of that unsafe code is not actually needed.

If the code were actually needed, then there's no benefit in printing this metric - it just makes a project that is using the feature perfectly correctly look bad.

zozbot234(10000) 4 days ago [-]

You can use cargo-geiger to figure out whether a binary is going to depend on problematic unsafe code.

gmaster1440(3279) 4 days ago [-]

Perhaps we can get at a deeper, more durable insight if we assume for a moment that most individual actors are well-intentioned, and that the described vitriol on one side and perceived stubbornness on the other is an externality of the unfortunate incentives (or lack thereof) that are parasitic on the open source community.

It's almost instinctual/natural to misjudge the popularity of any project for some false sense of security or acceptance. Just think about the numerous issues that plagued the Node community around NPM packages with large amounts of downloads and GitHub stars that turned out to be problematic.

For me the deeper insight here is that we all sort of want our cake and eat it too. Project maintainers/owners want the freedom and enjoyment of working in open source building fun and useful things without any explicit commitments, and that's fair and understandable especially without any formal compensation. And the users want to be able to have access to a growing collection of projects without having much skin in the game, i.e. paying for it.

This isn't a problem with people, this is a problem innate to open source, and the double-edged sword that it is.

gowld(10000) 4 days ago [-]

It is a problem with people, people wanting to have their cake and eat it too. Open source is made of people.

yingw787(4064) 4 days ago [-]

This is an unfortunate, but I think necessary part of community growth. I really don't think it's possible to create a large community around a language that is business critical, and not have these kinds of setbacks where people get worked up and hurt each other's feelings.

Python has many of the same issues, where core devs and key maintainers go dark or behave badly. What Python does do pretty well, and what I like about it, is placing its core user front and center. For Python, that is the beginning programmer, and Python has a lot of empathy for him or her. What I also like about Python is a general willingness to have difficult conversations and back rebuttals with code snippets.

I read difficult conversations by Bruce Patton a while back, and it wasn't an easy read for me because I have problems of responding sometimes in a constructive manner, but I learned a lot and I would highly recommend it .

I'm confident the Rust community will survive this and come out stronger than ever :)

scoutt(10000) 4 days ago [-]

Yes, but I wonder how many of those 50K users are 'business critical' and how many are there just for trolling, gossip and drama.

djsumdog(919) 4 days ago [-]

> Can we reject the idea of a BDFL? Can we include as many people as possible? Can we be welcoming to folks who historically have not had great representation in open source? Can we reject contempt culture? Can we be inclusive of beginners?

I feel like in any language, beginners are more than encourage to write things in said language. Yet when working on language internals, you need to be more careful. Reading the Firefox programming guide on what's allowed/not-allowed in the C/C++ codebase is pretty eye-opening[1]. Have there been issues with core Rust developers not being kind or following their CoC? The author doesn't really include examples or explore this line.

As far as Reddit: I stopped using it the moment one of their CEOs altered someone's comments during the election and was not asked to step down. That CEO is still there. Reddit had their warrant canary removed years before that. All their original values are pretty much gone and they've gone on a community banning spree over the past few years. It's also no longer open source. I'm fine with any community rejecting this as any kind of official communication platform, but no one is stopping enthusiasts or hobbyists from using /r/rust

If actix-web has unsafe code and the authors are not accepting patches, and someone feels passionately about it, they could create a saftix-web fork, include all the patches, and maybe even develop it independently or pull in changes from upstream.

It sounds like things went down terribly, and that's sad. Was it just Reddit people, or core devs? I agree it doesn't help to attribute blame, but the author doesn't dive into where the problem might have started and what could have been done differently. I wish this had some more explicit examples of how the community screwed up, the things they did right, the things that could have been better. But then again, that could lead to call-out culture BS. I feel this article is missing some depth, but it's also something that would have probably washed over without the author going out of the way to write this piece. I dunno. /shrug

[1]: https://firefox-source-docs.mozilla.org/tools/lint/coding-st...

zozbot234(10000) 4 days ago [-]

> I stopped using it the moment one of their CEOs altered someone's comments during the election and was not asked to step down. That CEO is still there.

That was not a CEO but a founder, AIUI. Can't really fire them or ask them to step down, they literally own the place.

Animats(2157) 4 days ago [-]

I have been complaining about Rust's 'unsafe' for years. There's too much 'unsafe' code because there are things that you either can't express, or are very hard to express, in safe Rust. I've pointed out partially initialized arrays and backlinks as key trouble spots. Both are potentially fixable. I've gotten back complicated excuses for not dealing with these design problems. There was a serious denial problem in the Rust community. Now it's come back to bite them.

Language design that forces users to lie to the language leads to this. The classic is C's 'a pointer is also an array' mindset. When you write

   int read(int fd, char* buf, size_t buflen)
that 'char *' is a lie. You're not sending a pointer to a single character. You're sending a reference to an array of unknown size. That design mistake in C has probably been the cause of more serious bugs than any other mistake in the history of programming. If you have to lie to the language, the language is broken.

Rust had so much promise, too.

Cladode(10000) 3 days ago [-]

    there are things that you either 
    can't express, or are very hard
    to express, in safe Rust.
This is true (and in some sense inevitable by Rice's theorem) but it is unclear what can be done about this. Bear in mind that Rust's design constraints are

- decidable (indeed fast) type-inference/type-checking

- simple typing system

- you don't pay for features you don't use

It is easy to get rid of unsafe blocks if you throw complexity at Rust, e.g. use dependent types and / or theorem provers, but all the obvious ways of doing this immediately violate the constraints above. Doing it within Rust's constraints is an open research problem.

   potentially fixable.
What would you use as an objective, measurable criterion that we can use to decided whether a purposed fix is in fact a fix? If you have a concrete design proposal that works (in particular w/o destroying Rust's fast (bidirectional) type-inference/type-checking and the simplicity of Rust's types), and evidence that it's widely applicable (i.e. doesn't just allow to type some trivial edge cases of back-links and partially initialised arrays) that would easily publishable in top PL conferences (e.g. POPL) and a working prototype would help towards getting this into Rust.

I would be happy to help with implementing & writing up such work. I have quite a bit of experience with sub-structural types a la Rust. I have spend some time thinking about this problem space, but didn't manage to crack it. I have an incoming PhD student whom I could ask to help with this.

akamaka(4227) 4 days ago [-]

I'm replying to your message using software written in C, so do you think that it might be a little bit unfair to call it "broken"?

I suppose I'd agree if you're making a general argument that most of the software we use is broken to some degree, but it has an entirely different meaning to directly tell someone "Your library is broken".

layoutIfNeeded(10000) 4 days ago [-]

>You're sending a reference to an array of unknown size.

The next argument is literally the length of the array.

coleifer(2924) 4 days ago [-]

I am disgusted by the cultural phenomenon of making sarcastic call-out comments on twitter/etc., with an eye towards building up enough community outrage to force an issue.

There are people who forget that open-source does not entitle you to anything (read the fucking license).

Maintainers of large projects are not even allowed to have a bad day, to make a brusque comment, or to disagree with a majority -- without someone trying to stir up a lynch mob. It sickens me the lack of balance between the work done by the maintainers, and the expectations of random users.

dbcfd(10000) 4 days ago [-]

> Maintainers of large projects are not even allowed to have a bad day, to make a brusque comment, or to disagree with a majority -- without someone trying to stir up a lynch mob. It sickens me the lack of balance between the work done by the maintainers, and the expectations of random users.

Sure they are. There's a number of projects out there with a massive caveat on the front page that says 'Not for production use'. They are then more than free to close issues with comments like 'Hey I'm researching a new refcell implementation, thanks for finding this, but I'm more interested in speed than safety at this point.'

Actix did not put up a disclaimer, and in a lot of cases, either closed issues/patches without comment, or with a somewhat demeaning comment. It was not just published as a fast and safe production ready web framework, it was promoted as such, so the author should expect patches in that vein.

There were multiple bad actors involved here, but it stems from a maintainer who took issue with anyone finding problems in his code.

quotemstr(3683) 4 days ago [-]

I too am disgusted by this phenomenon. The key thing to remember is that outrage has power only because you let it have power. Twitter snark isn't the real world. Neither is Reddit outrage. If you totally ignore these hives and their angry buzzing, you'll have greater peace of mind and lose nothing.

burlesona(3841) 4 days ago [-]

I agree. I think this is an extension of the general social media mob culture that we have. I see it as one of the major problems of our day, because most people in most situations just bow to the mob, which just makes it worse. I don't know how we solve that, either.

sicromoft(10000) 4 days ago [-]

> read the fucking license

> It sickens me

> I am disgusted

Almost sounds like you're... outraged? Perhaps trying to build up community outrage?

joeblau(3484) 4 days ago [-]

I want to give a heads up to everyone who runs, or is thinking about running an open source project. If your project sees ANY notoriety and you are the maintainer, you will quickly find yourself in this situation. In 2013, I started a little side open source project and put it on GitHub which now has 5.2k stars. I've seen tons of arguments in my PR's over the previous 7 years. My project isn't even that large and I've seen lots of in fighting to the point where I've had to lock threads. The skills required for you to run a successful open spruce project are the same skills required for you to run a business. You're going to need people skills and understand how to de-escalate situations because once the community is large enough, there will be a lot of culture conflicts. The main challenge with open source is that if you're not getting actively incentivized (Paid for me) to maintain something that's super popular, it's easy to abandon it when things get hard.

roca(10000) 4 days ago [-]

It must depend on the project in ways I don't understand. Certainly while working on Firefox I saw tons of toxic behavior from users, and sometimes potential contributors. I've seen it in lots of other projects that I haven't worked on. But for rr (4.7K Github stars) I have seen none whatsoever. I wish I could explain the difference, but I can't.

shadowgovt(10000) 4 days ago [-]

''' But the point is, while Reddit is not official, and so not linked to by any official resources, it's still a very large group of people, and so to suggest it's "not the Rust community" in some way is both true and very not true. '''

Perhaps one could call it 'the unsafe Rust community.' ;)

zozbot234(10000) 4 days ago [-]

The word 'community' comes with some troublesome implications. Just call it 'the unsafe space (and proud of it)'

tus88(10000) 4 days ago [-]

LOL rust is a shit language that will never replace C, and this situation was entirely predicted by doubters, despite the assurances of rustophiles who claimed unsafe was not a problem, won't be abused etc.

The emotion unveiled by this incident shows a deep anxiety in the rust community that the doubters are correct.

C forever!

afshin(4288) 4 days ago [-]

HN has not entered its Eternal September quite yet.

Perhaps you'll be better received in another forum, but this is unwelcome here.

birracerveza(10000) 4 days ago [-]

I don't know man, the emotion unveiled by your comment shows a deep anxiety in the C community that Rust is going to replace you.

lidHanteyk(10000) 4 days ago [-]

Sorry to add yet another top-level thread, but my take on this is that, while it is correct that unsafe-blocks are a central and contributing factor to this incident, it is incorrect that languages doing what Rust does fundamentally need unsafe-blocks. As long as Rust both has such an easy way to circumvent the type system, and a desire to supplant C and C++ on the basis of code quality and safety, there will be ready fuel and kindling for these sorts of social conflicts.

zozbot234(10000) 4 days ago [-]

> it is incorrect that languages doing what Rust does fundamentally need unsafe-blocks

But they do need those. Even C# has unsafe blocks, and Java has sun.misc.unsafe. It's a rather boring feature actually, the interesting part is what you can assert about safe code, and at what cost.

steveklabnik(50) 4 days ago [-]

What is your alternate proposal?

Grue3(10000) 4 days ago [-]

I remember when people were claiming Common Lisp community is toxic, but I find that it is the languages which tend to focus on 'building community' with Community Managers and Codes of Conduct that end up becoming truly toxic cesspools in the end. See also node.js. The focus on community attracts people who aren't interested in programming, but rather those who want a playground for gaining clout and trolling. You never hear about C++ drama, why is that?

watwut(10000) 4 days ago [-]

There was incredible amount of Linux drama all the time and they did not focused on community.

The tor project was like, the most dramatic project on Internet for a while till they started to focus on community a bit more.

So I don't think premise holds.

lostmyoldone(10000) 4 days ago [-]

If the community is openly acerbic, toxic, autocratic, etc it sometimes becomes less of an issue because you know exactly what to expect, and expectation management is important for people.

If I in the past would have felt I needed to send a patch to the lkml, I wouldn't have felt intimidated because if my code would've gotten shredded to pieces, I was in very good company. The lkml also didn't really brigade, or bully, even if people sometimes was quite emotional. However, for some people I'm sure it would be hell.

There are however several projects with extensive guidelines that I would feel intimidated to interact with, as the power struggles and infighting is likely to be well and alive although I can't see it, there's also a brigade of attackers available to anyone who manage to convince them I was in the wrong.

Community guidelines unless expertly written and religiously enforced are unproportionally useful for those with either a manipulative streak, or those with good social and language skills, as they often grant them more power. In this respect mirroring society. However, apart from keeping the most blatant misconduct out of the open, it also becomes a weapon to be used against anyone less adept at navigating the social hierarchy. Thus, the extent to wherever a particular community ends up, in reality becomes almost inscrutable to the casual observer.

For me it's the same in real life, in contexts where the societal norms are somewhat displaced I have few issues. The selfish, aggressive, and other bad actors stand out like they would wear neon colors. In society in general, in the workplace, I have all kinds of issues because amid all the unspoken rules there will always be one that can be sufficiently well misapplied to defuse valid criticism.

We don't get pathological liars voted into various offices because people are good at arguing rationally, but they also tend get to stay there because they are protected by the rules, unless the rules are expertly and independently applied.

zelly(10000) 4 days ago [-]

Primates tend to attack each other out of envy when they become too similar and all behave the same exact way. They look to find someone to crucify to get rid of the angst built up from being too similar to the next person.

The Common Lisp community was pretty much the opposite of the Node/Rust crowd. Everyone was different. Lots of people were using different implementations of CL. Most people even had their own custom editors. And of course everyone had their own DSL of macros they carried around with them, so basically everyone had their own language. The supposed toxicity of the CL community was from the constant arguments because they all had strong opinions different from each other.

If this were the CL community, there would be 20 different versions of actix-web or something like it. There would be no need to create drama and make whiny demands of other people, because everyone in CL actually knows how to program.

burlesona(3841) 4 days ago [-]

That's an interesting point of view. I don't know if it's true, but if it were true I wonder what the reason might be.

Perhaps the communities that don't "do community building" don't need to because they already have a healthy community?

Perhaps the projects that do community building are starting from an unhealthy place and fighting an uphill battle?

Or perhaps some percentage of the "community builders" are the ones who like to rage/shame anyone who, even unintentionally, causes any offense? Which naturally escalates the conflict.

Which way does causation run?

boris(4322) 4 days ago [-]

Oh, there is plenty of drama on /r/cpp/.

fortran77(663) 4 days ago [-]

The Rust community is very, very toxic. They fight internally, but externally, they take over any thread about anything and make it about Rust.

rusttoxic(10000) 4 days ago [-]

I've only ever seen it on Reddit. Otherwise the people are very helpful, at least in my experience.

The redditards are basically the task force that things Rust is the greatest thing since sliced bread

tasogare(10000) 4 days ago [-]

Was here to post something along this line. The only place in which I'm (hopefully) in contact with the Rust community is here. What do I see all the time?

- 'rewrite it in Rust' kind of posts on a lot of threads

- upvoting Rust mildly or not interesting projects just because there are written in Rust

- down voting every comment that even slightly criticize Rust (this comment will be gray when you'll read it) or remind that code safety exists in VM language for decades

cthalupa(10000) 4 days ago [-]

I generally believe people should be polite.

But when you open source a project, you are opening yourself up to criticism and critique of your work. You are opening yourself up to that in basically any form the internet wants to take it, and sometimes that really can be shitty.

We have a very promising project making use of a language that has gained popularity largely based on marketing around memory safety, and then that project has unnecessary and flawed use of something that undermines the messaging around rust. This is a risk for Rust - a promising and popular project in a popular space that undermines some of the core rust messaging is a PR problem for the language. The maintainer not being receptive to contributions to resolve this difference is a problem. The maintainer not being receptive to contributions that fix SECURITY ISSUES is a MAJOR problem.

Open source maintainers are, of course, volunteers. I don't think we should hold them responsible for the fact that there are bugs in their code, or even security flaws. People aren't perfect, and no one should be expected to be, especially when contributing something to the open source community. But we SHOULD hold them responsible for not fixing security issues. It's irresponsible to release something to the public that you know puts them at risk.

So is it fair for people to be upset in this situation? I think so. I also think their reaction should be a polite one - but it's totally fair for people to push someone to take responsibility for code they've introduced to the world that has security vulnerabilities in it.

bloodorange(4300) 4 days ago [-]

Exactly! Everyone should demand a full cash refund for all that they paid for the maintenance of that piece of software.

rjbwork(10000) 4 days ago [-]

I disagree, actually. There are no expectations of anyone that releases their code under most licenses. You get to use it as is, and if you want to change it, you submit a patch. Totally up to them if they want to take it or not.

If the current maintainer isn't doing what you, or 'the community' wants, you fork and make the changes you want to see, and maybe eventually work with a group of people.

Maintainers are under absolutely zero obligation to the people who choose to use the code, unless they've specified as such in the license or some other contract. It's the only thing that lets FOSS software be a thing in the first place.

CoffeePython(10000) 4 days ago [-]

Tried reading through this but without context it's very unclear what has happened.

Can someone familiar with Rust and it's communities explain from a high level what all this is about?

cosmic_quanta(10000) 4 days ago [-]

You can take a look at the actix-web repo, which has been wiped. A message has been added:

https://github.com/actix/actix-web/

sampo(892) 4 days ago [-]

Background: Actix-web is a small, fast web framework written in Rust.

Then just read the second last paragraph:

> This means, on some level, this situation is over: there will not be a fourth huge actix-web drama. But it's really left a bad taste in my mouth. It's unfortunate that a well-known project had soundness issues. It's unfortunate that the maintainer wasn't receptive to fixing them. At the same time, I've been there: being a maintainer is tough. It's also unfortunate that there's this style of response, and kind, and volume. It is true that the situation was dangerous. But did it have to be handled this way? You have to understand a lot of nuance here to even know the main points of the story. One version of this story that will certainly be told is "The Rust community says they're nice but they will harass you if you use unsafe wrong." Is that what we want? I, for one, do not. If you're a part of Rust, you gotta ask yourself: are you happy with this outcome? How did your actions (or lack thereof) contribute to it? Could you have done something better?

jerf(3224) 4 days ago [-]

The really short answer seems to be: actix was a Rust web framework. It did some things internally that some people didn't like. The Internet echo chamber picked that up and amplified it to a volume the maintainer couldn't justify working through. The Internet echo chamber is now going to pick this up and amplify it to a volume that probably isn't justified either.

I think this is another story about the destructive power of the internet echo chamber, where the asymmetry of one person vs. a mob of people who are in reality probably not all that engaged with the problem but nevertheless have enough engagement to send a nastygram or two creates a distributed denial of decorum attack that no single human being should be expected to deal with 'nicely'. Our ancient instinctive tribal signals of whether or not you are approved by the tribe, tuned for tribes of 150 people or so, receive a message that 15,000% of the tribe thinks you are a bad person, and our natural human response to that is a lot of stress at best (our ancient instincts tell us that eviction from the tribe is a bad thing, even though in practical terms eviction from this particular tribe won't be much of a problem at all in the modern world).

(I phrase it this way because I think this is, well, not strictly speaking independent of the question of whether or not the maintainer was guilty or innocent of any particular thing, but because the story is the wild disproportionality of the response you can get on the Internet regardless.)

bjornlouser(4243) 4 days ago [-]

The Rust community is filled with Don Quixotes who treat maintainers of popular open source packages like they are dimwitted sidekicks.

NopeNotToday(10000) 4 days ago [-]

IMO, the most telling point of this is when the author rejected a security patch because it was not creative enough. He was more of an artist than an engineer.

What was the patch? It was very strait forward, simple, uncreative change, intention was just to remove unsafe not to fix existing code. I believe software development is one of the most creative work we do, and creativity is part of why we love software development, why it is fun. Especially if you combine it with real world projects constraints. "creative constrains" could be source of very interesting solutions. Being on the edge of your abilities is super fun. So uncreative change felt boring https://github.com/actix/actix-web

pgeorgi(4323) 4 days ago [-]

> He was more of an artist than an engineer.

Assuming this is true: What's the problem with that?

ridaj(10000) 4 days ago [-]

It brings up the question — as a developer, how can you best set boundaries on your customers so that you can have some degree of control over the toxicity of the culture that you're exposed to when interacting with them?

Goronmon(3987) 4 days ago [-]

It brings up the question — as a developer, how can you best set boundaries on your customers so that you can have some degree of control over the toxicity of the culture that you're exposed to when interacting with them?

Personally, I don't think you really can. I think the best thing to do from a developer/maintainer perspective is to identify toxic communities and do you're best to ignore them entirely. That's probably the best long-term approach from a mental health standpoint.

Especially when it comes to social media sites like Reddit, once a community turns hostile there really isn't anything you can do to turn it around.

einpoklum(10000) 4 days ago [-]

As a person, can you set these boundaries for other people in your surroundings? Not yourself. Neither is that the case for developers.

Individuals can't force societal behavior; it's a social/group issue.

teddyh(2588) 4 days ago [-]

Label and present your project clearly, both explicitly and implicitly, so that nobody could reasonably get the wrong impression about what level of development and support can be expected.

chapium(10000) 4 days ago [-]

Perhaps popular libs should have a community maintainer volunteer to buffer these kinds of issues if developers need some distance from the community.

coldpie(2650) 4 days ago [-]

It's a good question. I'm involved in a large open source project that attracts some of this kind of attention. Because of the project's age, much of our infrastructure is old, which actually sort-of works to our advantage here. If you want to be a jerk to us, you need to go find our mailing lists and figure out how to send an email, or register a Bugzilla account and go file some troll bug. Much more effort than posting 'You Suck' on GitHub or whatever. The barriers are insulating, which has pros and cons.

The other part that works well for me is disassociating your self from your project. Set strict hours for when you will work on the project, and don't work on it outside of them. Note that checking issue emails counts as work; remove your 'work' email from your phone. I'm lucky enough to be a paid developer for the project, so I can clearly define my working hours as when I'm in the office, and ignore issues when I'm not at the office. But even for personal projects, there's no need to respond to issues within hours, or even days, if doing so is burning you out.

And the obvious answer that applies to anyone who creates anything online: Don't Read The Comments. In this case, that means Reddit. Reddit is a cesspool of uninformed users giving maximum visibility to whatever is most appealing to other uninformed users; not a good place to get useful feedback. Find spaces that are supportive and provide useful feedback, cultivate them, and spend your time there.

brianzelip(4178) 4 days ago [-]

I'm just a js dev with a whole lotta love for the web. I know enough to respect the hell out of Rust. I'd just like to offer my best wishes to the Rust community, and put a call for folks to be more civil on places like reddit, etc.

In closing, here's a nice little gem from the OP author's final blog post on his old blog[0]:

> if there's one thing I've learned from writing software, it's to blog about error messages.

Cheers.

[0] http://blog.steveklabnik.com/posts/2015-07-05-ember-data--ds...

ssokolow(10000) 4 days ago [-]

> if there's one thing I've learned from writing software, it's to blog about error messages.

I hope I'm not the only one who just realized that 'A Sad Day for Rust' is also an example of '[blogging] about error messages' and appreciated that statement even more.

vunie(10000) 4 days ago [-]

I don't know how to word this so I'll say it bluntly (and probably bear the blunt of this community as a consequence): If you're a developer of a project that is used in a security-sensitive context, you either be receptive to security concerns or you clearly label your project as a toy project.

No one expects you to write perfect code, but we do expect you to fix flaws when you learn about them.

Of course, you could do neither, but don't be surprised when people call you out on it.

mumphster(4308) 4 days ago [-]

More like you should be expected, as a user, to look at the code youre using and determine if it fits your set of criteria. If you dont think its updated enough, or the authors free labor isnt fast enough for your needs, then dont use it. You come off super entitled and arent the only one. This is the kinda stuff thats making me start my new projects closed source instead of open by default.

megaman821(3857) 4 days ago [-]

Is there anything else you would like to demand about people's code they you are not paying them to write?

I demand you go write a tool that lets me query projects and tells me if you think they are a toy or not. I'll wait.

Skunkleton(10000) 4 days ago [-]

> bear the blunt

It's 'bear the brunt'.

coleifer(2924) 4 days ago [-]

How about instead of pushing the responsibility on someone else, you take responsibility for YOUR security-sensitive context and do the research before you start installing libraries?

ixtli(4039) 4 days ago [-]

what code does not run in a "security-sensitive context"? who's responsibility is it really? The person who wrote the code with a disclaimer saying they were presenting it to you AS-IS? Or the person who's choosing to run the code in the "security-sensitive context?"

cmiles74(4240) 4 days ago [-]

The popularity of a project doesn't change it from 'toy' or 'personal' to 'primary focus of developer's time'. The developer might still only have so much time to spend on the project.

jimmydorry(10000) 4 days ago [-]

Why should a project author dictate in what contexts their project can be used? It's on the coder to manage their dependencies and ensure they are a good fit for their needs... not the project author.

And what exactly are you contributing to this project author to match your demands of them immediately fixing flaws that are found?

clarry(4317) 4 days ago [-]

Who is we?

People who write security sensitive toys and don't care enough to vet their deps?

Professionals who profit off security sensitive programs written on top of others' free work without paying a dime?

I don't think either group is in a position to make such demands.

bornelsewhere(10000) 4 days ago [-]

This. The project is considered one of the (if not the) go-to web frameworks in Rust, lives under its own organisation, is promoted and discussed by many other people. It's not a sole property of the maintainer any more. The maintainer does not owe anyone any new code, nor accepting any PRs. But he does have to set correct expectations. If you want to be the sole BDFL and not care about others opinions or contributions then don't promote it as production code, keep it under your own profile, and/or make it clear in the README. Now it's a community project, 'fun' is not necessarily the most important quality anymore. State your position early.

oefrha(4158) 4 days ago [-]

According to https://github.com/actix/actix-web, it appears that the author did accept the security concerns (when an actual use-after-free was found, but maybe not the previous, generic "unsafe oh noz" shitstorms), and wanted to explore some other way to fix the problem instead of accepting the patch as is.

Just because there's a patch that fixes the issue doesn't mean the maintainer has to merge that patch.

egdod(10000) 4 days ago [-]

>people who already volunteer their time for my benefit have to follow my rules when doing so

Ok.

Ragnarork(4318) 4 days ago [-]

What must have gone horribly wrong during the course of software history that led to people acting so entitled about free open source projects?

You use it, you evaluate then accept the consequences. You don't? Well Patch it. You can't? Use an alternative. Nothing else available? Fork it and fix it.

If nothing works for you, then either you're the problem, or the entire field has an unsolved problem (and you're not helping, especially when slamming people working for free trying to solve it, even if not correctly or the way you'd like).

013a(10000) 4 days ago [-]

> If you're a developer of a project that is used in a security-sensitive context

Working in the context of Security does not grant you a blank check to be an asshole.

bla3(10000) 4 days ago [-]

If you're a developer of an open-source project and people start using that, it's on the users to verify that the project is security-conscious.

I open-source lots of my fun hacks for free in the hope that they're useful for someone, but I'm not going to do free unfun work just because someone decided to use my hack in production.

Users of open-source software are acting way too entitled.

ginko(4238) 4 days ago [-]

I'm not sure which license was used by actix-web, but let me quote the last section of the MIT license as a reply:

> THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

carapace(2928) 4 days ago [-]

('bear the brunt' It's one of those weird words that only exists now in that phrase. Brunts are borne but otherwise unmentioned. It's kinda like how you can be over- or underwhelmed, but never just whelmed.)

protomyth(93) 4 days ago [-]

No one expects you to write perfect code, but we do expect you to fix flaws when you learn about them.

Looking at the postmortem[1], it looks like the patches provided were not good enough in the developer's eyes:

I believed it held mutable aliasing invariant and I was very happy that someone found real problem. I wanted to solve the problem, just with a bit of creativity. And use RefCell solution only if it would be not possible to solve it with any other way. Btw, I like the solution I found, it is in master and solves the problem at least one from the issue. If you want to push boundaries you have to touch this boundaries and sometimes you push too hard.

That sounds very much like the developer was headed to fixing them, but I guess the harassment and need for now won.

blackearl(10000) 4 days ago [-]

I'm sure both sides are being childish here. Users thinking they can abuse a dev because they know better, and devs deciding they'd rather take their ball and go home. No one looks good at the end of this situation.

manish_gill(3931) 4 days ago [-]

> No one expects you to write perfect code, but we do expect you to fix flaws when you learn about them.

It's not like he was getting paid to work on this, was it? And people do have a life beyond open source. People could have forked and worked on the issues themselves, but that's asking too much. Why do the hard work when you can just write a comment/tweet blaming someone else, right?

Your comment is precisely what entitlement looks like.

awb(4311) 4 days ago [-]

> you either be receptive to security concerns or you clearly label your project as a toy project.

Or, assume all OSS projects are toy projects unless stated otherwise.

Usually the serious ones offer a support license for a fee, or are supported financially by companies. Otherwise, it's just someone building cool stuff for free.

Also, it's probably fair that most OSS maintainers aren't marketing their projects too aggressively outside of a blog post or a Reddit submission. When they take off, it's usually other developers hyping them and that hype usually comes from being lightweight, easy to configure or super fast. It's not until a project has been hyped by the community do people start trying to put it into production and looking into security issues.

Karunamon(3099) 4 days ago [-]

People reading your comment as entitlement really need to pay more attention to the last paragraph. People really need to stop bandying about 'entitlement' as if it deflects any and all criticism.

You are, of course, free to write whatever unsafe, insecure code you want. You are, by leaving the issue tracker in Github enabled, inviting public feedback on the quality of the code you write.

When you implicitly rescind that invitation by closing issues demonstrating concrete safety problems, people are well within their rights to call out the safety issues in the project as well as your violation of reasonable expectations and community norms. And don't bother posting the 'warranty disclaimer' from FOSS licenses, that's not what anyone was ever talking about.

Deleting the entire project as he did is an incredibly petty and immature response. If he just wanted to quit, the project could have been archived (made read-only) and marked unmaintained.

velcrovan(10000) 4 days ago [-]

Backing up another level...it's concerning to me when a language relies heavily on single-maintainer libraries for commonly needed functionality.

If actix-web was this important, it should have been adopted by the community before now. Maybe languages need a way of setting the expectation to that if your library becomes essential to the community (and if licensing allows) the core developers are going to fork it and find a way to govern/maintain it the same way they maintain the rest of the project.

I think about this a lot with Racket lately. Some of the core packages that everyone uses for date/time, Markdown parsing, etc., were written by a single guy in his spare time, who a few months ago was making noises about quitting the language (so far so good though).

lostmyoldone(10000) 4 days ago [-]

I'll be blunt too.

If you use other peoples work for free and makes demands, then you should really stop using others free work and start paying for what you need.

It's your responsibility to choose what code you use, and unless the author has explicitly given specific guarantees they promise to uphold come hell or high water, it IS a toy project until proven otherwise.

It's such absolute nonsense to expect other people to submit to your wishes and whims without any compensation or prior consent.

But chastising someone in public for not submitting to your wishes?

That's straight up bullying.

andonisus(10000) 4 days ago [-]

If you aren't satisfied with the code, fork it and fix it yourself. You are owed nothing. What right do people think they have to call someone out on it? Why do they feel entitled to other people's time and energy?

fsloth(4321) 4 days ago [-]

'we do expect you to fix flaws when you learn about them.'

If hope the plural we is also ready to monetarily compensate the developer for their time. Otherwise you don't have any basis for your expectation.

mtalantikite(4175) 4 days ago [-]

A few years back I started using Rust after spending many years working with Go full-time and the first thing I noticed was that the team really focused on only providing the language, that libraries like HTTP were being pushed out to the community to contribute. It's a totally fair position for a language to take, but I found it disappointing coming from Go where I knew I could just use 'net/http' and move on to solving problems.

This is the first I've heard of this conflict in the Rust community, but honestly it's not at all surprising. People write lots of web servers and if you're relying on your community to provide critical libraries (http is pretty critical in 2020) things like this are bound to happen. I really wish Rust core could provide a standard library of tools more akin to Go as I really enjoyed working with it when I was learning it.

steveklabnik(50) 4 days ago [-]

The language team has been focusing on providing the primitives needed for an efficient HTTP client and server, that is, async/await. That only got stabilized a few weeks ago. If we had put HTTP in the standard library before then, it would have only been synchronous. That would have been a huge drawback.

zelly(10000) 4 days ago [-]

That's okay, Rust should never be used for web anyway.

I don't like the idea of Rust, C, C++, or Assembly for directly web-facing services. Any non-GC language should be a non-starter. There are literally (uncountably?) infinite ways you can have memory errors in a native program. The consequences of any of these can be devastating because absolutely anyone can access your endpoint. Notice the asymmetry: One small, unnoticeable error can lead to devastation. Like running across of a field of sparse landmines, eventually you will get destroyed.

umanwizard(4026) 4 days ago [-]

The set of all computer programs is countable, so I don't think there can be uncountably many ways to have memory errors.

jswizzy(10000) 4 days ago [-]

Depends on how you define web. IOT should be done in low level languages. but yeah I agree that a REST server is better of in something like GO, C#, or JAVA.

username90(10000) 4 days ago [-]

This is the reason why Rust will never go mainstream. People say 'You can get the same performance and features as C++ with unsafe!', but as happens in every language such hacks gets ostracized by the community and therefore basically unusable. So instead we just write our code in C++ which is unsafe by default so nobody complains.

zozbot234(10000) 4 days ago [-]

Nothing whatsoever was 'ostracized' in this case. A fix was provided for code that could cause UB in some cases, the former maintainer rejected the fix as 'boring' and denied that a problem existed. This could have happened just as easily in C or C++ code.

dashwav(10000) 4 days ago [-]

I can see where Steve is coming from about the difficulties of maintainer-ship - I only have a few projects that I am actively maintaining and obviously nothing close to the scale of a popular library. But at the same time I really think almost all of the blame in this case rests solely with the reception (or lack thereof entirely) of PRs/issues that are intending to improve the quality of a library that many people have come to rely on.

Our entire ecosystem that we have built (for better or for worse) by using these libraries as the foundations for countless projects necessitates that when a community is willing to give their time to improve a library that you maintain, the minimum that is to be expected is that you treat sincere contributions respectfully and not dismiss them out of hand.

It's unfortunate that the maintainer has stepped down entirely instead of changing how they are interacting with the community, but purely from a security standpoint I would rather a slower (but more secure and receptive) library take it's place than have a very popular library maintained by someone who doesn't seem to care about the overall code quality of the library they are a steward of.

lifthrasiir(2470) 4 days ago [-]

The problem is that people didn't choose Actix only for performance. I personally haven't used Actix, but it seems that all other contenders were lacking in some way, not only performance but also feature sets and flexibility and easiness. And thus we are now left with a horde of safe but otherwise lacking libraries instead of what could possibly be the best of breeds.

lostmyoldone(10000) 4 days ago [-]

Publicising a project doesn't imply anything.

If people come to rely on your project, you are not more responsible.

I've been in the business since before open source was much of anything but a dream, and frankly, I wish a lot of more people would shutter their projects when/if they face these kinds of unreasonable expectations.

The vitriol and entitlement towards maintainers is sickening at times, and unless those affected close the doors, I'm afraid it'll continue to be ignored, and maintainers will continue to burn out.

Burn out is a real problem in the industry, and we really shouldn't help burn people out when it comes to work they do for free!

withoutboats(10000) 4 days ago [-]

This situation is the sad and absurd result of two processes going on in the Rust community.

The first is that the Rust community on Reddit is in a feedback loop of groupthink and outrage, making it into a powerful vector for harassment. The maintainer of the actix project had a particularly terrible experience of escalating harassment from the users of this subreddit, and its extremely sad. This has caused a lot of grief for the maintainer of actix and prevented real (but far overblown) code issues from being fixed in a productive way.

But I think Steve undersells the absurdity of the unsafe anxiety. Some Rust commmunity members are conflating two wildly different scenarios together. The first is a library exposing an API which, if used in an unlikely and contrived way, could result in a program using that library containing undefined behavior. Then, since that program has undefined behavior, it could contain a memory bug. If that were the case, someone could potentially exploit that bug to attack a user of that program. You'll notice this is a series of conditional statements - its a funnel of decreasing probability.

So yes, library APIs which can allow UB in safe code - even unlikely and contrived safe code - must be fixed. The goal of Rust is that safe APIs can never cause UB. But people should have a proportionate understanding of the risk profile of these bugs (again: a programmer using this API in an unlikely way could create a program with a bug that could potentially be exploitable). This is a miniscule increase in the risk of another heartbleed, it is not the same thing as heartbleed.

The spark that lit the kindling of the toxic Reddit community was a blog post by Shnatsel, a member of the RustSec team. This blog post didn't get attention here, but I want to take a moment to look at how ridiculously it frames things by examining its analysis of a different project: reqwest (sort of the most standard HTTP client library in Rust).

Here's the link: https://medium.com/@shnatsel/smoke-testing-rust-http-clients...

The fuzz test, which is what the library is about, found no security issues. It found some hangs in 6% of cases and Shnatsel traces them to a known deadlock issue. This is a great result.

But Shnatsel spends most of this talking about a custom hashmap implemented in the http library, which the RustSec group did a security audit of just a few months ago. That security audit found only two issues, both UB that would result from a contrived use of a minor library API (they are linked in the blog post, but not explained). These two issues were fixed, and the fix released, by the maintainers of the http crate in 10 days.

This is an incredible success! The security audit of a foundational library found two minor issues which were promptly fixed, and the fuzz confirms that the entire stack on top of it seems to contain no memory issues. Wonderful result, but how does Shnatsel frame this?

> First things first: it didn't segfault! I am actually impressed because I had really low expectations going into this.

Come on! The blog post is full of these kinds of snide zingers which are totally unfounded in the face of the actual evidence presented. When you have someone writing in this disingenuous, meanspirited way about open source maintainers and then putting this in front of a groupthinking rage machine community like Reddit, of course you're going to get harassment. This behavior is totally unacceptable, and it's very sad to see it promoted in the Rust community.

zozbot234(10000) 4 days ago [-]

Didn't the Rust stdlib just gain a high-performance hash map recently? Is there a real case for using a custom implementation in reqwest? I could see Shnatsel getting a bit frustrated wrt. that choice.

Traster(10000) 4 days ago [-]

That article from Shnatsel is really stunning, just everything about is negative and snarky- to a comical point. His avatar is a cartoon pony doing a facepalm! I find it kind of funny that the author of this has singled out reddit for criticism when seemingly prominent members of the Rust community are perfectly willing to be so openly toxic.

olah_1(10000) 4 days ago [-]

I actually think the 'code of conduct' culture that Rust embodies exacerbates this kind of drama. Ironically, it creates a more unsafe environment where everyone feels anxious and judged by the CoC Police. Under the CoC, I am entitled to a wonderful experience, and if I don't get it, the culture has failed in its commitment to me.

downerending(10000) 4 days ago [-]

I noticed a whiff of this early on and just moved on. I deal with enough politics at work. At play, I want to do fun tech and that alone.

steveklabnik(50) 4 days ago [-]

This kind of drama has happened many, many, many times, in many places where there's no code of conduct.

GolDDranks(3211) 4 days ago [-]

That's hardly what happened, though.

DagAgren(4334) 4 days ago [-]

I have literally never felt 'judged by the CoC police' in any project that has one. I have no idea why you would ever feel that way. Pretty much every CoC says 'do not be a raging asshole'. I am fully capable of not being a raging asshole, and if I slip up and am, I would be happy to be told off for it.

ernie24(10000) 4 days ago [-]

I think Github (and other services that host OS software) needs something like 'thank you box', that's just alongside Issues. Even if I am not able to contribute to some project I use and like (mostly because I don't have enough technical knowledge yet) very often I would like to - at least - say how much grateful I am for what this person is doing. There is some need for positive energy or gratitude, as we - who are happy - won't usually post an Issue saying that we are happy, everything is working fine. It seems then that there are only issues, and people who are angry or unhappy seem to be the loudest. How else, we who are grateful but silent users - can help maintainers and contributor to know that there is large or even larger amount of people who are happy and even amazed by their work?

333c(4127) 4 days ago [-]

GitHub has a donation feature, which is up to the maintainer to enable for their project. Otherwise, it seems to me that a stream of positive comments would get old quickly.

btrask(3113) 4 days ago [-]

If your language promises some kind of new feature (e.g. 'safety') but offers a back door you could drive a truck through (e.g. 'unsafe'), then ensuring that back door is used appropriately and in good taste comes down to culture policing, which, as we've learned in other areas, is something the internet does not handle well.

As the Rust community grows, how can it ensure that people use 'unsafe' tastefully? Well, in general, it can't. But maybe Cargo could exercise some editorial control, and delist (or flag) packages that don't follow the 'community standards'. I'm not saying this would be a good idea, it's a tradeoff. But you can't force open source volunteers to write code in a way you like.

jpab(10000) 4 days ago [-]

I would prefer to see a positive badge for 'this project doesn't directly use unsafe' or similar, which maintainers can choose to put in their README in the same way that they currently put build-status, test-status and other badges. The actual badge state is produced by tooling (a CI system) so it stays up to date and you can follow a link to a (tooling generated) report with more info, so it's relatively easy to verify.

Maintainers that don't care don't have to use the badge (even if their project does in fact avoid unsafe), but the choice to include the badge acts as an implicit signal of intent. When I see a crate with green CI status badges (or in this case a green safety badge) that's a signal I can use to help judge whether I want to depend on the crate.

No one needs to be flagged or called out if they're not interested in that aspect of maintainership.

I think the hard part is that actual quality is a spectrum and no-unsafe-at-all isn't necessarily the best goal for many crates. So ideally the badge would show some more granular safety score. But scoring effectively is difficult, and the so is correctly interpreting a heuristic score.

mileycyrusXOXO(4195) 4 days ago [-]

I understand maintaining open source is a lot of work and why someone might want to call it a day - but this is probably the least professional way someone could do it. People depend on this software. It is inconsiderate to just move it to private instead of taking the time to hand it off to someone else.

I'm 80% through building an API using actix-web. Time to reassess whether or not I should start over - wonder what my client will think if I bring that one up? I hope there is a community fork with enough momentum to keep the project alive.

wfdctrl(10000) 4 days ago [-]

If you don't understand how opensource works don't use it. If you paid nothing you are not a client and nobody owes you anything...

lostmyoldone(10000) 4 days ago [-]

You don't get to invoke professionalism, or lack thereof in regards to some individuals work they've made available for free.

Open source gives you access to source code to do with as you please. Storing your own copy is a good idea if it's something critical to your endeavors. The possibility of having to maintain anything of that nature yourself is always a risk.

Expecting, demanding, or begging for anything except what the author willingly, and happily takes upon themselves is exploitation, pure and simple.

If you think about it, trying to coerce an author/maintainer into doing anything they willingly and explicitly have commited to, is no different than employing bullying, group pressure, and other social/psycholgical manipulation techniques to get whatever outcome others deem useful to themselves.

Yes, something as trivial as complaining about the lack of response to a question can easily be seen as being abusive when there is no established relationship or expectation, no quid pro quo, or similar.

Getting free access to someones work is amazing, and nobody should ever have to face what so many maintainers have to face today in the form of unreasonable expectations and outright bullying.

foldr(4334) 4 days ago [-]

>I understand maintaining open source is a lot of work and why someone might want to call it a day - but this is probably the least professional way someone could do it.

Why would he be obliged to do it in a professional way? He's not being paid.

umanwizard(4026) 4 days ago [-]

> People depend on this software

That is their own problem.

> I'm 80% through building an API using actix-web.

Feel free to pay someone to maintain it for you.

Twirrim(3481) 4 days ago [-]

One question that you should be asking yourself with some urgent priority is: Can I even trust an application I've built with actix-web?

Ignoring the drama around it, there were some very serious security concerns with the liberal use of unsafe.

jmull(10000) 4 days ago [-]

It's easy to get any bug fix you want: pay for them.

If you think loading your expectations on to an unpaid volunteer and then harassing them over it will work out, hopefully this moment is a good learning experience for you.

(Unfortunately, I can see from reading the comments that not everyone is getting it.)

Perhaps someone should create an OSS contributor agreement where contributors explicitly agree to work long hours, for free, in perpetuity, prioritizing issues based on reddit heat, and see how many developers agree to those conditions. Those are the expectations that appear to have driven this developer to quit their project.

BTW, for those that don't know: acting on bug reports and accepting pull requests is often a lot of work in its own right. Bug reports are often vague, incomplete, contain incorrect assertions and assumption, lack clear steps to reproduce or even a clear description of what happened vs what was expected. It takes time a effort to clarify these things. Even then you may need to, e.g., build an environment to reproduce or correct the issue. Changes from developers that aren't highly experienced with the project typically have gaps, new bugs, misunderstand requirements, don't build, ignore style conventions, lack unit tests, and have various other issue that have to be ironed out before the change can be accepted. It's all a lot of work.

status_quo69(10000) 4 days ago [-]

I want to preface my comment with 'I agree with you'

However, in this case patches and reproductions were submitted and rejected as 'boring'. Whether the author really meant to use the word 'boring' is neither here nor there, the result was that the fix was ignored, even though that's how open source works!

I've watched from the sidelines with no skin in the game (I use Rocket) and my conclusion from all of this is that the maintainer should have created an actix committee or group of maintainers to help shield from the inevitable bugs and issues that crop up. If the OG author wanted to step back to take a break from all of this, then fine, the rest of the group can continue to churn and work.

The original article that called out the behavior also called out other incredibly popular crates, like reqwests, for their underlying HTTP stack, yet there's not a shitstorm about those libraries. The obvious difference that I can see is the maintainer response to said criticisms.

EDIT: I also want to make clear that I hated the comment about never writing rust again. I'm not condoning that behavior at all

nomel(10000) 4 days ago [-]

I imagine GitHub could make a reasonable amount of money if they implemented a bounty system, taking a little off the top for each bounty.

Each issue could have a donate button. The bounty would be split to the authors that contributed, with some remainder left for unfinished work (documentation, unit tests, etc).

To settle how the bounty is split for multiple authors, they could go through an anonymous round of 'bids' to propose splits, with the bounty locked until they agreed. Maybe the maintainer/reporter able to settle disagreements by choosing a split ratio that lain somewhere between the range of those bid on.

giancarlostoro(3272) 4 days ago [-]

> Rust has a necessary feature, unsafe, that allows you to escape Rust's guarantees. This is a really important part of Rust, but also a very dangerous one, hence the name. But one of the things that's important about it is that, since unsafe means "I have checked this code, and it upholds all of the guarantees the compiler cannot check," you can build a safe interface with unsafe guts.

This blew my mind. I had no idea this was happening! I really hope Rust continues to evolve. Still no idea why JetBrains wont adopt it officially like they did Go.

steveklabnik(50) 4 days ago [-]

JetBrains does sponsor the development of the Rust plugin, IIRC.

brundolf(1648) 4 days ago [-]

Rust is unique in that it attracts:

- Language theory enthusiasts, a famously pedantic group

- Systems programmers, a famously exclusionary group

- Unwashed masses of web developers who have never done either of the above before

Frankly I'm amazed it's been as civil as it has been

0xdead(10000) 4 days ago [-]

I wish I could upvote this many times.

AaronFriel(3096) 4 days ago [-]

This is very difficult. I feel badly for the author of actix-web, and I agree with Klabnik to the extent that Reddit can be a terrible place.

What I think this is, is a sad day for the Rust community.

But it is probably a good, and necessary step for the Rust ecosystem. The bottom line is the creator of Actix made something really attractive, but not necessarily good1, which pulled a lot of people in to using it. It did extremely well on benchmarks, which brought Rust positive attention.

But the project was fatally flawed unless another maintainer forked it. The author was not obligated to accept patches from anyone else, but it was and should be unacceptable to the Rust ecosystem for the most popular web framework to have severe vulnerabilities that can be exploited. And for the author and maintainer to disregard patches to those issues as 'boring' or other derisive terms should also be considered unacceptable.

Perhaps that would have been the right way to fix this actix-web issue, to produce a better project. This is basicaly what happened with cabal (package manager for Haskell) and stack (a wrapper that made it easy to build Haskell packages). But at the same time I can't in good conscience recommend anyone use cabal, nor could I recommend anyone use actix-web. It may very well be for the best that they just won't be used.

1 - Good has lots of different connotations. Is there a lot of code? Yes. Is it largely well written? I think so, based on what I've heard. But in the long term having a benevolent dictator for life controlling a major piece of the Rust ecosystem is extremely dependent on them being benevolent, and rejecting critical security fixes and declining to engage the community in any meaningful way is not this. On the other hand, I think projects like async-std and tokio have a much more benevolent (and less dictatorial) leadership.

whateveracct(10000) 4 days ago [-]

Not the point of this thread, but cabal is quite good now with its Nix-style local builds. The meme of 'cabal is bad' perpetuated during the rise of stack is just wrong now :)

rukittenme(10000) 4 days ago [-]

I want to add two (maybe very) controversial comments.

1). It should be considered RUDE to contact a solo maintainer in any way relating to the project (email, issue, pull request, etc.). You should ALWAYS fork the project and use the forked project on your own terms.

Most people write their projects, on a whim, on a Saturday, for a bit of fun. They do not want to be shackled to a hobby for the rest of their lives.

2). Opening an issue and opening a pull request are IDENTICAL requests for effort.

Think I'm wrong? How many people were so incensed by this renegade maintainer that they FORKED the repo?? Why didn't people FLOCK to the safer fork? Why did people still care about the original repo??? The answer to those questions underlie the fundamental problem of open source. No one wants to do the work. People want to work on what they're passionate about. But they don't want the responsibility of ANOTHER FULL TIME JOB.

An issue is a request to write 'native' code. A pull is a request to maintain 'foreign' code. I have never had a large, successful open source project. To date, I've had one repo with ONE issue and ONE pull request. Both required more effort than I ever wanted to give.

I have stopped opening issues completely. If a project is maintained by one person, you will never hear from me. Large projects with paid maintainers will receive issues because I believe it the only appropriate time to do so.

---

Here is a simple flow chart for contributing to a solo maintainer's open source project.

1. A problem has been discovered.

2a. I do not know how to solve the problem. -> Move on. Don't reach out to the maintainer in any way.

2b. I can write a fix for this problem but I don't want to maintain this project in its totality. -> Move on. Don't reach out to the maintainer in any way.

2c. I can write a fix for this problem and I want to maintain this project in its totality. -> Fork it. Don't reach out to the maintainer in any way.

zozbot234(10000) 4 days ago [-]

A maintainer that you can't reach out to is no maintainer at all. If that's the behavior they expect from others, they should clearly state that the project is not being maintained, and be open to others taking up that effort instead.

endothrowho333(10000) 4 days ago [-]

> "Why Reddit is like this" is a whole other essay; I think it's built into reddit's structure itself.

Classic Eternal September.

Around 60k subscribers, the cultural identity starts degrading, as the amount of 'old guard' is outmatched by 'new blood.' Therefore, the old 'monkey see, monkey do' phenomenon, where new users would slowly mimic the culture of the prevailing older users to 'fit in,' is replaced with new users mimicking other new users, and the culture shifting towards the platform's identity instead of retaining the sub's identity.

Generally, the type of person to post on Reddit frequently enough, has social cohesion problems that may preclude him from fulfilling his social needs through more healthy avenues, like real life. The same is true for the majority of people that post online frequently. Usually the pyschological profile that follows that point is one built on abrasiveness, distrust and aggression towards authority, an inability to adopt social manners and participate in social contract, low emotional intelligence, etc.

All of the aforementioned behaviors culminate into the toxicity and vitriol you usually see -- and as well why it's so prevalent.

einpoklum(10000) 4 days ago [-]

> the [psychological] profile ... is one built on abrasiveness, distrust and aggression towards authority,

Hey hey hey, 'aggression towards authority' is not a psychological trait, but at most and pattern of action. Also, I disagree with your implicit maligning distrust of authority without generally distrust of others.

> ... and participate in social contract,

The claim of the existence of a 'social contract' is part of the self-justification of authoritarian aspects of social structures in capitalist democracies.

rusttoxic(10000) 4 days ago [-]

Well said- sometimes i feel that HN is basically a practice for people on how to reply to toxic emails from coworker. 'I should have framed it like this'

Youden(10000) 4 days ago [-]

A forum being large doesn't have to lead to a loss of cultural identity.

My favourite counter-example is /r/AskHistorians. Over a million members (16x larger than 60k) and it has some of the highest quality posting and discussion I've seen anywhere on the internet. I think it serves as a prime example of how a well a forum can scale, if done properly, so long as there are strict rules and moderators.

disintegore(10000) 4 days ago [-]

A community grows and eventually reaches the point where users cannot recognize who they're interacting with nearly every time, where the submission queue is trailing down too fast for any single reader to process. When that happens, it can no longer function as a cohesive community. It becomes about as personal as a magazine about the very same topic. Furthermore, the incentives to post change due to the higher potential for 'karma' (and posts therefore become more like clickbait), and the barrier for the admissibility of submissions becomes lower as a result of the 'expert' or 'enthusiast' segment of the population becoming a tiny minority.

In my experience, these larger communities typically grow less tolerant of antisocial behavior, most likely due to acceleration of the process known as 'dogpiling'. Trolls get more exposure, and better reactions, in small-to-medium communities.

It's still conjecture, but I think I prefer my hypothesis.

nkkollaw(2810) 4 days ago [-]

A lot of guesswork and generalization, right there.

stanferder(10000) 4 days ago [-]

It might not be just reddit though. The author's summary points to a volatile combination of elements in Rust itself:

1) [T]he Rust project saw Rust as more than just the language...

2) unsafe... is a really important part of Rust, but also a very dangerous one, hence the name.

If a project is considered to be not just a project, but something closer to a cause, people are going to defend their understanding of that cause fervently.

And introducing the language of 'safe' and 'unsafe' isn't just descriptive, it's a value judgment. It has connotations of recklessness at least, and explicit threat at worst.

People who perceive themselves to be defending a cause against danger are going to react very strongly, much more so than people who are criticizing an implementation choice on purely technical grounds.

newsgremlin(10000) 4 days ago [-]

>distrust and aggression towards authority

Not an exclusive characteristic of a reddit user, there are many different levels and types of authority. Perhaps the aggression towards all authority, or weighted to certain personalities of authority rather than the ones in the background, especially the ones that don't really matter i.e. internet forum moderators

I agree with your general point that reddit fills a social vacuum in people's lives, like most social media does for others in different ways. Validation and expression etc.

Personally I think think that's why society in general has become generally more toxic, everyone is really telling it straight to others but not being honest with themselves.

toyg(3768) 4 days ago [-]

Person posting on online forum says people posting on online forums have social problems.

If that statement is true, you (and me, and everyone else here) have those same issues, surely?

davedx(2341) 4 days ago [-]

> Generally, the type of person to post on Reddit frequently enough, has social cohesion problems that may preclude him from fulfilling his social needs through more healthy avenues, like real life.

You mean like making sweeping generalisations about a platform with millions of users?

adonese(10000) 4 days ago [-]

Not to compare or anything. But I'm active at r/Golang and I find that the community is comparatively better there. I was shocked as to how would someone told anyone to never write a code again!

Maybe this because some members on Rust subreddit believes that they are more intellectual than others? It seems like a cultural thing, go people don't bother to be seemed as smart or so and that's possibly reduce the aggressive competition that naturally arise in places where intellect, high performance etc are very important metrics?

strbean(10000) 4 days ago [-]

Psh, do you even know what time the narwhal bacons? /s

I think Reddit is interesting because its design is more resistant to Eternal September than other communities. See the trend of creating r/TrueX when r/X gets Septembered.

Unfortunately, this hits diminishing returns when more and more obscure subreddits need to be created. Tons of oddly specific niche subreddits have popped up and completely gone to shit in a flash. I think we're nearly due for the next migration (maybe a federated alternative?).

spamizbad(4174) 4 days ago [-]

Question: why didn't the more safety-focused developers just fork the project? I feel like fork-o-phobia causes 90% of the incidents like this.

hjek(3133) 4 days ago [-]

Exactly. Like the GraphicsMagick fork of ImageMagick.

ansible(4177) 4 days ago [-]

Forking the code is 'easy' (OK, maybe not based on the other comments), but anyway...

Another (persistent) problem has been the crates.io namespace.

You can fork actix, but then you'll need to come up with a new name for it, and then educate the wider community of that. It is a big hassle, and slows adoption.

Adding onto the issue is that crates.io does not (yet) support the username/projectname naming scheme as on github and other popular code repositories. So it isn't enough to just people to go to a different username, you must use a new project name.

steveklabnik(50) 4 days ago [-]

Forking is extremely aggressive, and just because someone has the time to write a patch doesn't mean they have the desire or time to run a project.

XelNika(10000) 4 days ago [-]

I think it's worth pointing out that this is about an article and a Reddit discussion posted literally yesterday. A fork might already have been on the way. Maybe someone was working in a private repo. It's clearly a worse solution than fixing the original so even assuming someone was willing to maintain a fork, it's not surprising that they wouldn't do so at the first sign of trouble.

If you do look at comments by safety-focused developers from earlier actix drama, you'll see that quite a few simply use a different project. The answer might be that actix doesn't provide enough value compared to alternatives to be worth forking for those people. The people aggressively attacking actix might not even be interested in the project for their own use, but merely there for the outrage.

thrower123(3111) 4 days ago [-]

It is so much less work to whine and complain and poke holes in other people's work than it is to roll up your own sleeves and dive into the shit yourself.

JohnFen(10000) 4 days ago [-]

I have to wonder -- is this a real problem in the Rust community? The essay makes it sound like it's just the usual Reddit toxicity.

steveklabnik(50) 4 days ago [-]

That's what I was trying to get at with the "is /r/rust part of the community or not" bit. Inside official spaces, none of this happened. If you don't read Reddit, it follow certain folks on twitter, you wouldn't have seen any of this.

TiccyRobby(10000) 4 days ago [-]

The article mostly consider both side and the main point is to flourish open source community, which is highly appreciable.

I think, as an outsider, both side had its wrongs and corrects, the author could consider changing unsafe code and the community could be at least civil.

As a personal opinion, i can say that we have to consider the fact that the authors of open source software are mostly doing it for hobby or fun. And if we ever want to keep open source alive and magnificent, we should be very civil and and at least thankful for the programmer and their time.

The only way out i see that could solve the issue was to fork the project and do the desired changes there. I dont know why they did not do that when it got to that point.

dbcfd(10000) 4 days ago [-]

> I dont know why they did not do that when it got to that point.

I think most people kept hoping they weren't at that point, and could actually move forward without forking.

Maxious(3289) 4 days ago [-]
steveklabnik(50) 4 days ago [-]

That situation is a little different for a number of reasons, but the broad strokes are the same.

Sam tweeted at me recently about this situation: https://twitter.com/sstephenson/status/1167856878673694728

transect(10000) 4 days ago [-]

Here's the reddit thread in question:

https://www.reddit.com/r/rust/comments/epoloy/ive_smoketeste...

I have no doubt it led to some github issue brigading, but it's not really that big of a deal. Ostracizing /r/rust in a mealy mouthed way probably won't make that community better...

jeltz(4161) 4 days ago [-]

Yeah, I feel people here attack /r/rust with even more vitriol than /r/rust attacked the author of Actix. Plenty of kettles here.

davedx(2341) 4 days ago [-]

Yeah, I agree. "It's all reddit's fault" is not helpful at all and simply wrong from reading that thread.

Klonoar(3581) 4 days ago [-]

I love Rust and use it daily.

Unsafe isn't something you live without, you just avoid unless there's a decent reason. Setting aside actix-web, the community has this really annoying obsession with not using unsafe anywhere. You're not replacing decades of computing overnight, though, and it's not the end of the world if it's there sometimes.

It often feels like newcomers and zealots preaching the unsafe issue, too. I have to wonder if the Rust docs couldn't better point out "the goal is less unsafes, but unsafes will exist - this is fine". I know it kind of explains this already, but perhaps being more blunt?

Actix-web even with a few unsafe is still more sound than most frameworks IMO. I'll take slightly better with crazy good performance over not better at all with no guarantees.

Also, look, the other problem is Reddit: I'm starting to think larger projects should squat their name there and redirect to better discussion places. I comment on Reddit sometimes and I roll my eyes every time I've done it lately.

End rant, I guess.

thu2111(10000) 3 days ago [-]

I think the issue with Rust and unsafe is that people can't really handle and don't really want ambiguous shades of grey. Rust is harder to use than C or even C++, let's put that out there at the start. It expects a high degree of developer effort and skill, in return it gives memory safety without a garbage collector.

But if the Rust ecosystem has developed in such a way that most popular libraries don't actually give you guaranteed memory safety, then this quid-pro-quo breaks down. Now you're making a lot of effort to use the language and in return you get ... maybe sorta safety, some of the time? That's a rather difficult tradeoff to weigh up. How unsafe is the Rust ecosystem, really? As a Rust outsider I had thought it was used only very rarely and mostly in the standard library, by way of analogy to the Java ecosystem where that's the case. From this situation it sounds like it's widely used, and often for unclear reasons. So does using really Rust deliver the advertised benefits?

The fact this question even has to be asked is going to upset the Rust community because Rust is like most non-JVM languages, it has very poor interop with other codebases which makes it reliant on building a large community to be sustainable. The Rust community has to make Rust as attractive as possible for its own competitive survival. High profile libraries that undermine Rust's only value proposition is therefore a self-destructive trend. Actix Web gets great TechEmpower benchmarks, but at the cost of undermining that whole community's marketing pitch. Not surprisingly things get heated.

As for Reddit, I don't think that's the problem. Reddit is just threaded discussions with a large userbase. There are plenty of languages with active reddits and way less drama than Rust seems to have. Java, Kotlin, C++, Swift etc all have big subreddits and all have had zero community dramas that I remember in recent years. The issue is pretty clearly something related to Rust and its userbase. My guess is it's a combination of small size, lack of interop and the Mozilla leadership setting bad examples. There was a huge Rust drama a few years ago where they went ballistic and censored an entire discussion from Reddit because they appointed as their community manager a feminist ('kill all men' being one of her slogans) who had just finished creating a massive idpol drama in the NodeJS community, and not surprisingly the community didn't like it. That sort of immature move is something you don't see from more professionally managed languages.

plopz(10000) 4 days ago [-]

You can't squat and redirect subreddits to external sites. I have personally been granted mod of a subreddit that had been redirecting to another website. Its against the rules and the subreddit will be banned at which point anyone can use /r/redditrequest to take it over.

Even if that did work however, people would create adjacent subreddits that would end up to be defacto sureddit, for example /r/competitiveoverwatch.

efxhoy(10000) 4 days ago [-]

> It often feels like newcomers and zealots preaching the unsafe issue, too.

A little knowledge is a dangerous thing. This is true for so many topics.

shadowgovt(10000) 4 days ago [-]

I haven't seen the phrase 'contempt culture' before, and I want to thank Steve for bringing it to my attention in this article.

Thanks Steve. :)

steveklabnik(50) 4 days ago [-]

You're welcome; I think it's one of the most important concepts for programming communities to understand. Felt like a revelation when I read it, as someone who was previously very contempt-ful and regrets it.

ddevault(505) 4 days ago [-]

A lot of this thread has it wrong, and this wrongness contributes to the problem which led to this.

I have two simple mantras which establish my philosophy here:

1. YOU are responsible for your dependencies.

2. Open source participants are volunteers and owe you nothing.

It was never Nikolay's job to vet actix-web for you, nor did it become his job when the library became popular, nor does invoking 'security' change anything in the slightest. Your dependencies are your responsibility. Responding with vitrol, anger, or hate when failing to uphold this responsibility bites you in the ass is just being a jerk.

User entitlement is totally unjustified and will burn out maintainers faster than almost anything else. I don't stand for it. If any other maintainers out there are struggling with this, please send me an email: [email protected] I'm sympathetic to your cause and I can likely lend some pertinent advice.

dcolkitt(10000) 4 days ago [-]

> 1. YOU are responsible for your dependencies.

This is a nice idea, but in an era of one-button package managers it just doesn't work like that. You're trying to fight against New Jersey style. Which in the entire history of software has never been a winning approach.

The reality is that for 95%+ of active software developers, done is better than perfect. Yes there may be a small subset of developers working on super-critical defense systems or nuclear reactors. Who have the time, resources, know-how and organizational support to meticulously and carefully audit all of their dependencies.

But the vast majority of developers are not in these types of environment. The mantra of the entire tech industry is 'move fast and break things'. Try being a Silicon Valley startup engineer and trying to justify to your manager that you could standup functionality with one call to 'npm install', but that's not sanitary and you need to audit the entire dependency tree. Now assume that the next round of VC funding for your cash-strapped startup is on the line. How well do you think that concern will go over?

The reality is that if something can be instantly installed in 30 seconds, then it will be. We can give as many 'caveat emptors' as possible, but convenience trumps safety every single time.

The way to solve this is to enforce consistency on an ecosystem level. The best example of this is the Debian project. There's very firm guidelines about QA and safety before a package is allowed into stable. The Debian people are probably right about another thing too: language-level package managers should be considered harmful.

Many of these problems could be avoided if we strictly used apt-get instead of pip, crate, and npm. For one distro maintainers tend to have a lot more experience and competence at evaluating stability and safety. Two, since a system only has one distro package manager, but potentially many runtime environments, it prevents a race to the bottom. Harried developers will just gravitate towards the least strict runtime with the most low-quality packages.

This lesson is probably very tough for the Rust community to swallow. Crate is considered one of, if not the most, compelling features of Rust. If we acknowledge that it was a mistake, it really undercuts the argument for adopting Rust.

trunnell(4319) 4 days ago [-]

That's good advice on how to treat others-- don't act entitled toward open source maintainers. Thank them for their work.

But what exactly are the responsibilities of a maintainer? How far should you go to fix bugs? How thorough should you be about your code's limitations?

If you're doing a project just for fun, should you discourage others from using it in production?

tolmasky(3234) 4 days ago [-]

There's an interesting gray area here: am I as a customer responsible for knowing the dependencies of a service I use? Most of the time that's impossible. And things like GDPR seem to imply that people believe users are entitled to some degree to demand certain standards (privacy/security) from all web services.

This is the potential problem with "just fork it". If the library is used by a great many products, and you know of a security vulnerability, merely providing an alternative that fixes it could be argued is not sufficient, while fixing it in the root library will patch the vulnerability in every product that has it in the next update.

It seems we still haven't figured out (and perhaps never will) the exact responsibilities between all the parties at play.

dbcfd(10000) 4 days ago [-]

> 1. YOU are responsible for your dependencies.

They not only created issues, they also created patches. That is taking responsibility. They were contributing time and expertise back.

Having a project maintainer then call those patches boring or otherwise disregard them? That's childish. He showed time and time again he would respond without civility when an issue was demonstrated in his code.

Sadly, that led to some comments by people frustrated with the project, since they had likely invested considerable time at least using, if not more. But this was a situation that is entirely avoidable if Nikolay would have stopped promoting Actix as for production use.

hinkley(4237) 4 days ago [-]

> Open source participants are volunteers and owe you nothing.

And a lot of the internet has this wrong, including you.

Let me start by saying that Open Source is not a zero-sum game. I can make a library like your library and it doesn't have to be an adversarial relationship. I have users, you have a few less users.

But there are costs to having more. There is still only so much space in the ecosystem for so many actors. The more logging libraries we have the harder they are to find, the more drama there is over picking one...

The best analogy I have is a party. If I throw a party this weekend, and your birthday is next month, then I'm not hurting you. If I throw it the weekend of your birthday, knowing it's your birthday, I'm kinda being a dick. That's not cool, and you have every right to be upset.

Okay, but what does any of this have to do with Open Source projects, hinkley? I'm within my rights to throw a party. But my guests are within their rights to be upset if I throw a shitty party. They showed up. They could have been doing something else. But I insisted on taking up space and now I'm being ungracious about it. It's my party and I can treat people how I want is technically the truth, just like 'I can do Open Source and ignore the concerns of my users' is technically the truth.

What I'm saying is that the people who show up don't have to like it. They're entitled to complain to people about it, especially if I don't apologize and say I'll do better next time, or get help.

It's my party, I can cry if I want to, but people are gonna talk.

[edit to add]

I think the problem is that we have a bunch of people who throw themselves into software at a young age because of or at the expense of social awkwardness, and we insist on treating things and other people as if they are machines instead of people who are also just trying to do the best they can. I'm fully aware that this observation cuts against my argument as well as supporting it, but we can't go on coddling people and organizations for ignoring the very real social aspects of our work. For being poor hosts.

And it's really hard, believe me I know. But people want to see that you're at least trying, or they will paint you the villain.

streb-lo(10000) 4 days ago [-]

Exactly this.

If it doesn't meet your standards, don't use it.

Alternatively, go fork yourself.

thrower123(3111) 4 days ago [-]

When open-source gets up in arms over some guy doing or not doing something on his own time and dime, I just can't muster that level of ire and self-righteous anger.

If you as a user don't like it, ask for a refund.

dashwav(10000) 4 days ago [-]

> It was never Nikolay's job to vet actix-web for you, nor did it become his job when the library became popular, nor does invoking 'security' change anything in the slightest.

I don't think the anger is directed at there being security issues, the anger is directed at the fact that even when security vulnerabilities where found and patched, there was major pushback even getting those patches merged into the library. And regardless of how strongly you feel about 2), the community is extremely validated in saying 'Hey this library in a language that professes security isn't secure and the maintainer doesn't seem to care'. These statements aren't mutually exclusive

bcrosby95(10000) 4 days ago [-]

I completely agree. This is why, as a small company, we prefer languages that have large organizations backing their open source libraries - such as Java - and prefer not to touch things like Rust with a ten foot pole.

rhodysurf(10000) 4 days ago [-]

As someone who works for a dod contractor this whole situation sounds crazy. Just because something is available as a crate doesnt mean you are to assume it safe or appropriate for your use. The onus of verifying the dependencies should always be on the consumer.

MadWombat(10000) 4 days ago [-]

While it is tempting to agree, I feel that if you take these principles to their logical conclusions, you lose any incentive to actually participate in any open source projects. If I cannot expect the author to even look at my code or read my issue reports, there is no reason for me to write the reports or share my fixes. If all my dependencies are my responsibility, the logical way to go is to fork every code base I am going to use, review all the code, fix whatever issues I find in my fork and never share any of it with the original project because there is no reason to.

Wowfunhappy(4119) 4 days ago [-]

> Open source participants are volunteers and owe you nothing.

I can't agree. Not for all participants.

Let's take Linus. He's in charge of the Linux project, which thousands (millions?) of people contribute to every day. If Linus suddenly stopped merging any and all patches—but refused to officially step down—what do you think would happen? Oh, the project would more than survive—someone would fork it and that would become the de-facto new mainline kernel—but there'd probably be a couple weeks of chaos. Does Linus bear zero responsibility because he's a volunteer?

---

Every Saturday, I volunteer as an assistant teacher (they call us 'facilitators') at a Girls Who Code club, a free weekly class to teach computer science to young girls. I don't get paid for it, but that's okay—the kids are adorable and teaching them is fun. The primary teacher is also a volunteer.

If we both decided to just not show up one week, and parents brought their children to the library and found an empty room, would that be okay?

Personally, I do think I owe something to those students, and to the primary teacher. I've made a commitment to show up every week and do what I can to help a group of children. My commitment is what matters, not whether it generates income.

Now, there's actually second GWC class for slightly older students which starts right after the first one. Sometimes I help teach that one, and sometimes I go home. I told the primary teacher I'll stay 'when I can', which actually means 'when I feel like it'.

There's certainly a place for doing work without a commitment to continue, but your intentions need to be clear. Most large projects are not going to function without a commitment from someone somewhere in the chain.

One weekend in October, the primary teacher had plans to go traveling in Europe. She asked if I could cover both classes that week. I said I would, and I did.

TheRealDunkirk(4335) 4 days ago [-]

Seems like there should have been some sort of response from the maintainer about the _philosophy_ of why he was doing things the was he was, and people could either get onboard with the connecting points of that, or get lost. So far, in all of this drama, I have yet to see where any of that might have been explained. I don't use Rust, but I understand the significance of the experiment, and I think I for one, would have liked to read the author's thoughts about 'why.'

tolmasky(3234) 4 days ago [-]

> 2. Open source participants are volunteers and owe you nothing.

If this were true in the strictest sense, then they would be free to put malicious code and trick you into using their stack just to then steal credit card numbers from your database. Of course this is not true, and they would appear to at the every least owe us 'good faith' or perhaps some basic guarantee that they are not purposefully trying to criminally attack you. This may seem like a useless edge case to bring up, except for the fact that the law does have some amount of consideration for negligence.

Arbitrary people you don't know owe you nothing too, and yet if you walk onto their premises and get hurt, the law has found in certain circumstances that they are indeed at fault. Expectations and responsibilities evolve with time, and as new scenarios come up. It is not clear to me that putting up a project that invites people to use it in production could not be argued to some extent to be negligent if it willfully blocks and delays fixes that could affect real world customers.

At the end of the day, if people were using my code in production, and a discovered exploit was used to steal people's data and I could have prevented this by merging in code that wasn't 100% to my aesthetic liking, then I think I would feel bad. Fault isn't binary, maybe its the fault of a random company using my framework for not being up to the minute on all vulnerabilities and manually patching the code themselves, maybe its their fault for using my framework in the first place given the youth of the project too. But I don't think I would go to sleep that night feeling great is all I'm saying.

I'm not super familiar with this particular case, but the OP blog post was phrased as kind of wanting to open up a dialog or discussion on the nature of these issues. I am bringing up some thoughts about this stuff I've had for a while and I think at least help to understand some of the moving parts involved. For the record, I don't really know where I stand 'absolutely', or if its possible to have a clear principle that doesn't take into account some number of additional variables (how the project was portrayed, how many users it has, etc.).

elefantastisch(10000) 4 days ago [-]

Meta-comment:

Thank you. Online discussion would be much more productive if everyone clearly laid out the principles on which their viewpoint was based.

Fundamentally, there are only a few ways honest people can disagree: Different principles, different information, different interpretation, or just plain misunderstanding. (Meta-meta: This is the principle that I believe and based this comment on.)

Much of what makes online (and offline) arguments so unproductive is confusion over where exactly people are disagreeing in the first place. There's no point in discussing whether someone did the right or wrong thing if you don't even agree on the principles by which that rightness or wrongness will be judged.

If I disagree with one of your principles, we need the discussion to be at that level, or more likely, we simply must agree to disagree. If I think there's another principle you aren't considering, we can debate its relevance. If you're missing key information, I can provide it. If you're misinterpreting something, I can offer my alternate interpretation and justification for why I think it's better. In any case, if I disagree, it's clear how to proceed because your line of reasoning is clear. We can engage in a productive discussion without talking past each other.

As it stands, I agree with you 100%, but more importantly, you have raised the bar for discussion on this contentious issue. Thank you again.

pdimitar(10000) 4 days ago [-]

Agreed 100%. May I add one point?

The OSS maintainer should clearly, upfront, preliminarily, outline how do they govern the project: how much are they open to change the project's core values, how responsive on average will they be in terms of opened issues and PRs, roughly how often would they engage in technical architectural debates -- stuff along those lines.

I feel many people get toxic if they had unrealistic expectations -- and that's of course not okay.

But IMO the OSS maintainers can be a little more preliminarily proactive in managing expectations from earlier stages.

johannkokos(10000) 4 days ago [-]

Given that Chromium is a open source project, and lost of people here are strongly against Google's proposal to limit the ability of ad block extensions, with much stronger words compared to this incident. What's your opinion on that?

bionicbits(10000) 4 days ago [-]

I wish I could up-vote this 1000 times.

ckdarby(4152) 4 days ago [-]

> Open source participants are volunteers and owe you nothing.

Equally, someone gets hit by a car while crossing the road. I don't owe them anything to go help them but society, morality and being decent are these unwritten rules that kind of do force you into owing something.

Yes, I agree, volunteers don't owe anything but there are some unwritten rules that when broken should be frowned upon and I'd probably go as far as saying should be held against them.

As a reader of this, you could be thinking, wow this sounds extreme but here is the easiest example I can give.

- Someone writes library

- Library comes insanely popular

- Author refuses to allow the community to take over original project

- Author wants to maintain status, ownership, etc

- Entire community now suffers because the author doesn't owe anyone anything

'Just fork the repo', is the most common response but let's be real, nearly nobody uses the forks and every other repo that uses this popular library is using the non-forked repo.

kenan_warren(10000) 4 days ago [-]

I'm glad you said something because I felt like I was going crazy reading some of these replies. People sometimes seem to forget the phrase 'Remember the human' when they interact with maintainers. It's a really frustrating situation to watch because one of the main reasons I make software is as a creative outlet. So, I can see where Nikolay is coming from being frustrated and upset. Sometimes people want to just go around kicking over other peoples sand castles.

P.S. Thanks for making Sourcehut.

lallysingh(4204) 4 days ago [-]

The best justification for this attitude is that it's the most encouraging of open source development. Other attitudes raise the cost of open source development -- considering that it's already a losing proposition (w.r.t. lost time + opportunity) -- and will result in less quality open source software. People just won't put the work in if all they get back is this entitled bullshit.

anaphor(2983) 4 days ago [-]

This is a good reason to use Github only as a read-only mirror and just do all development elsewhere. That way you don't have to deal with drive-by issues / PRs from people who just want to complain or won't put in follow up effort.

mlthoughts2018(2417) 4 days ago [-]

> " 2. Open source participants are volunteers and owe you nothing."

Absolutely not. They are compensated with prestige, enjoyment, decision-making power, future employment rewards, and sometimes even money, all of which was their choice to pursue through their labor and time spent on the open source project.

The users of open-source projects, upon which the projects themselves depend, are also not obligated to anything, and can for example (very reasonably) become angry and complain if people prioritize pet features instead of community needs, or unilaterally take projects in unsupported directions.

There is compensation for the work, and there are still social norms. Nobody cares one bit about who is entitled or not entitled to what.

fnord77(4137) 4 days ago [-]

> It was never Nikolay's job to vet actix-web for you

Imagine if the linux maintainers took this attitude.

This attitude severely undermines the credibility of opensource.

If users of opensource libraries can't have confidence that those libraries are written correctly, we might as well all go back to commercial software.

skywhopper(10000) 4 days ago [-]

I've worked with Rust only rarely, and never built anything real from scratch with it myself, so I'm curious: what tools are available to assess the safety of dependencies? I agree with you in principle that 'you are responsible for your dependencies', but how would you go about doing that for a large complex dependency like this?

braythwayt(985) 4 days ago [-]

My viewpoint is as follows:

1. Just because a thing exists, does not give you the absolute moral right to criticize it, especially in a way that is toxic for the person or persons that created it.

Criticism affects both the people criticized and the community/universe at large, and not always in positive, productive ways.

2. Just because a thing is free, does not grant the thing or its creator absolute immunity from criticism.

Things that exist have an impact on communities or the universe in general, and people are going to be affected. And not always in positive, productive ways.

1 and 2 can both be true, and I think they are both true.

There is a judgment call involved as to when criticism is unfounded, unproductive, a distraction, and/or outright toxic, just as there is a judgement call involved as to when a thing's existence in its current form is a net negative.

You are not wrong about user entitlement being a problem, as noted by #1, and you are not wrong in a commercial sense about maintainers not owing any one person anything.

But as per #2, I do not believe that is an absolute blanket injunction to never have an opinion about their choices or about the net positive or negative effect of the existence of the thing they maintain in its current form.

ssokolow(10000) 4 days ago [-]

However, everything has its downsides. For example:

> 1. YOU are responsible for your dependencies.

This contributes to the prejudice against `unsafe`. If I wanted to be a full-time auditor, I wouldn't be steering clear of C and C++.

Since I'm a responsible coder, I avoid depending on `unsafe` outside of `std` or the simplest of FFI wrappers with extreme prejudice, to the point where I consider NIHing an alternative or just sticking to a managed language with a more mature ecosystem, depending on the project.

agentultra(4238) 4 days ago [-]

> 1. YOU are responsible for your dependencies.

This is an understatement.

I work in regulated environments where a software error has consequences. Dependencies must be vetted. If we end up relying on a dependency with known vulnerabilities the auditors are going to want to know what we did to mitigate the risk of this out-come. You need to have an answer for that question.

I recommend packaging your upstream dependencies. That way you can patch vulnerabilities you find and ship those fixes today before those patches make it up stream. That's a risk mitigation strategy and often good enough to fend off auditors.

Many (all?) open source licenses provide the software without any warranty or guarantee of merchantability or fitness for use. None. At all.

einpoklum(10000) 4 days ago [-]

> It was never Nikolay's job to vet actix-web for you

Perhaps, but if he claimed that it _was_ vetted, then he took on some responsibility for it (which he probably should not have).

Also, the blog post article claims, that you are never supposed to use 'unsafe' code without having vetted it. Honestly, I doubt that very much, but if it's true than that's some responsibility taken too.

ksec(1570) 4 days ago [-]

Thank You, you nailed it. There are always a high chances of being heavily downvoted on HN every time the question of entitlement comes into discussion. So I am glad this is the top reply at the moment.

And I think that is the problem I have with this blog post, It reads to me as trying to spin it as something else with anxiety or Reddit, when what I see the problem is something very different based on principles and values.

nathell(3525) 4 days ago [-]

> User entitlement is totally unjustified and will burn out maintainers faster than almost anything else.

That's correct. Here's Rich Hickey's take on it: https://gist.github.com/richhickey/1563cddea1002958f96e7ba95...

bpfrh(10000) 4 days ago [-]

The article was not about that, this is not about vetting anything.

The problem was that PRs which would have fixed security issues where not accpeted.

Do I expected perfect code from maintainers or a answer the next day? No, never

Do I think maintainers/creators should merge prs in a timely manner, or ask for help if it get's too much? Yes, otherwise you have multiple forks and the project is not usable anymore.

nickbauman(4332) 4 days ago [-]

When you write '... the Rust project saw Rust as more than just the language. The community and the people mattered.' I have to ask why anyone thinks this isn't true for ANY code/stack/dep out there?

When I evaluate a technology for its appropriateness I first look at who's using it: Literally 'Who are these people and what are they working on with this stuff?' The answer to this question determines more than 80% of the decision on whether the thing is going to be my choice.

Rust seems to be being used most by people who are interested in blockchain and crypto. They tend to be of a near monolithic ideological caste, too, which has its own problems. Do I want to get into a situation where I might have my hat in my hand with these folks? Not really.

(also the rust compiler is so slow I cannot believe it)

nabla9(481) 4 days ago [-]

As a someone who don't use Rust..

I started to suspect that this was satire with all the talk of inclusive and the use or 'unsafe'. I kept reading and reading in anticipation of gradual escalation that reveals it's satire. In the end there was none. I had to come here to read comments and to see if this was real or just very subtle satire. Apparently this is real.

I just can't wrap my head around the 'inclusive community building'. What happened to 'Those who write the code decide everything' and 'You are free to fork if you don't like where this is heading'. Any free community is as much about exclusion as inclusion.

juped(10000) 4 days ago [-]

I would add one more: your patch isn't good just because it exists. Maintainers should, in general, refuse more patches, or they're not really maintaining anything, just overseeing a disaster.

temac(10000) 4 days ago [-]

While I 100% agree with you, project having chronically technical issues are bound to get a bad reputation.

So what is 'missing' is a common way to discuss about that kind of issues, as a community, while staying civil and not in a way that is worse than the initial issue. In some cases the end-result could be the kind of the same (if most users flee), but the goal is obviously to improve the ecosystem and if managed more appropriately, it is possible that some maintainers are wanting to improve their software to the state of the art.

zpallin(10000) 4 days ago [-]

Agreed. I think there is quite a lot of entitlement on the internet and as Klabnik pointed out: on reddit. And while it's definitely a maintainer's responsibility to make their code serve the interest of its users to the best of their ability, fundamental disagreement should result in forks, not vitriol.

It's moments like this that I reflect on the past and the public and virtual forums I have participated in... and how my own attitude shifts in favor of cooperation when I must couple my face with my words. And I wonder if others feel the same.

Alex3917(452) 4 days ago [-]

> Open source participants are volunteers and owe you nothing.

Of course they do. It's not legal for you to distribute software that puts others in harm's way. You're not allowed to give poisoned food to homeless people as long as it's free.

wbl(4055) 4 days ago [-]

Do you think we get software like zlib and libjpeg and BLAS and linpack by people shrugging off working for the community and failing to fix bugs?

Otherwise we get dozens of half broken forks all over the place. That's no fun for anyone.

This wasn't a drive by beg. This was a patch solving real demonstrable problems and at minimum there should have been a transition plan due to basic decency.

WalterBright(4242) 4 days ago [-]

Steve, you have done a fantastic job. Don't let these issues get you down.

As an indication of that, I've been implementing an ownership/borrowing system for D. I expect to see some of the same issues you brought up. But for the people that want to use it correctly, it will produce the benefits. And that's what I care about.

steveklabnik(50) 4 days ago [-]

Thanks Walter. I've been following along with your work, actually, though I don't know enough D these days to really understand it fully. Neat to see though!

fapjacks(3534) 4 days ago [-]

Man... Wouldn't it be great if this same attitude often seen in users of open source software was had by regular people toward civil liberties? Like where people just pile hate on the codifiers day in and day out, because they are owed their entitlements by birthright.

_wzsf(4266) 4 days ago [-]

That's kinda how politics works. Sorry to have to tell you :(

duxup(4059) 4 days ago [-]

Help me out here is actix-web some sort of software that is integral to Rust?

If not ... I get the idea he wasn't really welcoming of the changes but at the same time. It's his code man.

I came from the world of networking and etc and the world of programming has a great deal of personal preferences / hypothetical problems / 'we don't do that at my workplace' stuff pushed under the guise of technically correct ... sort of technical bullying.

Under that sometimes there's little room for mistakes / other points of view, other working styles, and etc... and it's really horrible.

steveklabnik(50) 4 days ago [-]

Integral? No. Used in production, by companies? Yes. Outwardly visible? Absolutely, due to Techempower.

Rust will survive without actix, but losing it is a setback for Rust in the web space.

AdmiralAsshat(1427) 4 days ago [-]

The larger pity, to me, seems to be the maintainer's decision to not only quit the project, but to take down the repo with the intent to delete it:

https://github.com/actix/actix-web

I get it, they feel personally harassed and slighted. And it's their project, they can do with it what they like. But it still feels like the decision is motivated more by spite than by a desire to simply wash one's hand of the project. Surely there are not hostile developers who would've been willing to take over the maintainer role.

steveklabnik(50) 4 days ago [-]

It got moved to their personal github account, not deleted.

kemenaran(3710) 4 days ago [-]

I see what you mean. But how about seeing it in the other direction:

Imagine how much the maintainer must has been burned, in order to take the decision to shut down their entire love-work – in hope that the toxic situation will stop.

From our point of view, this may not be the best decision. A desperate one, maybe. But to imagine how the person must be feeling to think this is the best way out.

trunnell(4319) 4 days ago [-]

This seems to be a case of mismatched expectations.

Many want Rust to save us from our current nightmare hellscape of vulnerability-ridden foundations.

So actix-web comes along-- a Rust web framework that is faster than everything else including the C and C++ frameworks-- and people are filled with hope. It's fast and safe, right?

But the actix-web maintainer says he built actix-web just for fun and to see how high he could get in the TechEmpower benchmarks. So he took license to use a lot of unsafe Rust code to improve speed. He apparently was not trying to make the world's best web framework, one that is safe and fast. Just one that is fast. Oops, expectations busted.

Everyone is to blame. No one should believe that all Rust code is perfectly safe, and we need better ways to know which Rust crates are trustworthy. And the actix-web maintainer could have taken more responsibility for setting people's expectations that the project prioritized speed above security.

I love the Rust Book by Steve Klabnik and Carol Nichols. But I think Steve is off base in this post when he implies that Davidoff is wrong about unsafe code increasing a library's security risk. Of course unsafe poses a risk. Of course it's legit to avoid libraries with lots of unsafe code, especially unnecessary unsafe code. Actix-web was taking a lot of risk, more than people expected.

travisgriggs(4126) 4 days ago [-]

I am not a Rust guy (yet?). Are safe and super fast mutually exclusive? As I reas the article I sensed your explanation was probably the case. Did the many safety-making patches cause the performance to go down?

steveklabnik(50) 4 days ago [-]

I do think it's legit to avoid libraries with a lot of unsafe code. I myself started avoiding actix after these situations. If folks had simply stopped using it, that would have been a fine outcome here. That's not what happened though.

rusttoxic(10000) 4 days ago [-]

I agree with what another person has said on github- the rust community on reddit is incredibly toxic. The last time such a thing happened, there were losers who made personal attacks on Nikolay. Then Nikolay showed up in comments being angry that he had helped that particular loser only a few days back.

Its easy to create blog posts and comments about RIIR, its not easy to actually write code.

If anybody actually wants to fix this issue and prevent it from happening again, I'd start by instantly banning /r/rust users for 3 days anytime they do a circlejerk.

munmaek(10000) 4 days ago [-]

Blaming 86k people for the actions of a few is toxic.

Brave-Steak(10000) 4 days ago [-]

All discussion I saw about the issue was quite civilized.

https://old.reddit.com/r/rust/comments/epzukc/actix_web_repo...

https://old.reddit.com/r/rust/comments/epoloy/ive_smoketeste...

I get that people hate Reddit around here, but pushing this on them as vitriol by the Rust community there is wholly unfair. The impression I've gotten is that the developer of actix used unsafe too much, made no attempt to inform users that his framework was thus not safe to use (to the level expected of a Rust project), and rejected plenty of PR's where these issues would've been fixed, while being belligerent about continuing to write unsafe code.

https://cdn.discordapp.com/attachments/648807492931026953/66...

He'd even started deleting comments and entire issues just for pointing out unsafe code. And it seems like he's had the archives deleted, since the archived pages which used to exist are no longer accessible (I didn't even know that was possible?).

http://web.archive.org/web/20200117043715/https://github.com...

Frankly, after years of seeing people defend C/C++ projects because 'well, just get better', I think it's a good thing that security-consciousness is at a point where developers are being rightly criticized for playing fast and loose with security. There are always complaints about how we have no idea what kind of code being used on NPM or other package systems. But make some effort to improve it and now they're the bad guys? Oh, come on. You can't have it both ways.

And as somebody else has already pointed out, plenty of other projects also had PR's regarding safety issues, as linked by the original article which tested all these projects. The actix author is the only one who rejected them, and he's the only one facing complaints.

Brave-Steak(10000) 4 days ago [-]

Found a working copy of the original Github issue: https://gist.github.com/mafrasi2/debed733781db4aba2a52620b67...

Aside from maybe the second to last comment, I don't see anything here that deserved deletion.

_-___________-_(4178) 4 days ago [-]

I've written a lot of Rust code that's in production in web, messaging and telephony contexts. I considered using Actix early on, but as soon as I saw the large amount of unsafe code, I stopped considering it at all.

I did not go on the Internet and try to convince other people not to use it. I did not complain at the maintainer that he should manage his project differently. I just didn't see why a library doing what Actix does should use any unsafe code at all, so I didn't use it.

When I later saw the way the maintainer responded to well-meaning bug reports, including patches, that validated my decision.

There's no need to flame people for running their open-source project the way they want to run it. You can just not use the code.

namibj(10000) 4 days ago [-]

I'm curious what you'd recommend instead for async pgsql requirements as a Rust web framework. Actix seemed interesting, but I didn't know about the masses of unsafe. These too eliminate it, because it'd be able to crash/break a cluster that uses deliberate unsoundness for its serialization/deserialization needs in the vain of speed (timely-dataflow), allowing memory issues to spread (at least in theory)... I thus can't use a framework that uses this much unsafs/has known stray pointers or similar bugd/issues.

mumblemumble(10000) 4 days ago [-]

I hit a same conclusion about a popular framework (that shall remain unnamed) on a different platform a few years back.

It feels like it should be simple: I disagreed with how the maintainer was doing things, so I decided the package was not for me. No need to hassle them about it. I wish it could be that simple.

Instead, I had to weather a fair bit of defending my choice to use a different, less popular option, and there's apparently no honest answer I can give that won't be taken as an attack on the framework or its users. And refusing to engage with the question is, of course, rude.

I'm finding that Internet culture wears me down, these days. Even when you don't go looking for flamewars, they come looking for you.

With less-popular libraries, it's easier. Open an issue, say hi, make sure the maintainer knows what you're planning on doing, do it, learn a few things, have a nice day. Once or twice I've been asked to more-or-less rewrite the patch because the maintainer didn't like something about my coding style, which is also fine, and often a good way to try a different way of doing things on for size. It's all pretty benign. But popular, well-known projects have this way of getting political.

I suspect that the worst thing that could possibly happen to one of my labors of love would be for lots of other people to like it, too. A few people, great. But I don't want my free time to become Internet politicized.

infinity0(4203) 4 days ago [-]

I don't like contempt culture either but there's a balance to be made here - if you let everyone do everything and encourage them all as special snowflakes that can't create anything crappy, a community will also go to shit.

In this case it does sound like people initially were very nice and tried to give the author very polite suggestions on improvement, and it was only after the author being extremely dismissive[1], not admitting to his own flaws, not wanting to learn from others, and abusing his own power in shutting down valid discussion, that things turned nasty.

The fact that the author deleted many of the linked issues e.g. https://github.com/fafhrd91/actix-net/issues/83 really feels like he is playing the victim here and taking everyone for a ride, denying his own responsibility in all this drama that's unfolded.

Yes a community should be open and forgiving, but blindly forgiving someone who doesn't even admit their own mistakes, who doesn't even understand what they are being forgiven for, is naive and also will result in community destruction.

I also don't buy the 'if you don't like it just don't use it' argument. If it's actively dangerous and you know this, and you know that other people don't know this, you do have a responsibility to (politely) inform others about it. Simplying 'not using it' is plain negligence.

[1] 'the patch is boring', LOL WTF I would never have even come up with something this insulting even when I wanted to actively piss someone off, kudos for imaginativity

kbenson(3536) 4 days ago [-]

Part of using any piece of software, professionally or privately, open source or commercial, is assessing how well if will meet your needs now and in the future, and possible complications you might anticipate.

Doing this well and thoroughly is extremely hard, and commercial enterprises spend a lot of time and money doing so (or pay the equivalent of insurance to not worry about it). Doing a minimal amount of research entails doing what you did. Look at the current and past state of the item in question, and decide whether it's worth putting the significant amount of time and effort into using it.

I can't help but feel the vast majority of people complaining failed to do this minimal amount of legwork. They're upset about their lack of forethought for what they view as a bad investment, but that's on them. Unfortunately, I find people often have a hard time accepting blame onto themselves, but feel there is blame to be assigned, and so it needs to be directed somewhere.

They say don't look a gift horse in the mouth, but if you are responsible for dealing with whatever diseases that horse might introduce to your stable, or even if you are just legally obligated to deal with the care and feeding or removal on death of such a large animal, you definitely look that horse in the mouth for red flags.

munmaek(10000) 4 days ago [-]

What do you use now? Warp?

C14L(4266) 4 days ago [-]

Or fork the code. That's the great thing about FOSS.

dunkelheit(4292) 4 days ago [-]

This is the standard voice vs. exit dilemma. Rust community is, for better or worse, very worried about 'fracturing the ecosystem' so they generally prefer voice. Well, some of these voices can get ugly.

strbean(10000) 4 days ago [-]

I have to question your position from a moral standpoint though.

If you were a rollercoaster engineer, and you saw that a rollercoaster had an unsafe design, would you follow a similar approach? 'I'm not going to ride that, but I'll let this line of people ride it without warning them.' Obviously the stakes are wildly different, but still...

bachmeier(3870) 4 days ago [-]

> There's no need to flame people for running their open-source project the way they want to run it. You can just not use the code.

It works both ways. You put something out there, you need to be ready for the response. I'm not a Rust user, but presumably there was a reason other than charity that he put it out there (show off his brilliance, use it to get jobs, I don't know - but it was something he did for his own benefit). If you don't like that, don't make your code available to others, and don't complain if others act in a way you don't like. There's so much posted on HN about 'open source entitlement'. Well, the entitlement seems to run in both directions. That's the simple the reality of the situation.

p1esk(2609) 4 days ago [-]

as soon as I saw the large amount of unsafe code, I stopped considering it at all

So in that case you wouldn't use any software written in plain C, right?

kragen(10000) 4 days ago [-]

> There's no need to flame people for running their open-source project the way they want to run it. You can just not use the code.

Also, you can change your copy of it to work the way you want, and if you decide to share it, other people can choose to use your version if they like it better. You don't have to bully other people to get your needs meet, individually or collectively. These are among the core benefits of open source.

Probably in this case most people would have ended up using the less-unsafe fork of the project, and the original author would have tried harder to extract the potential performance benefits of his more-unsafe version, while both groups constantly learned from one another. Everyone would have benefited.

I've written a bit about the history of some such friendly forks at https://news.ycombinator.com/item?id=22080672

weiming(4204) 4 days ago [-]

The 'unsafe' keyword should probably just be called 'unchecked,' otherwise it is a bit of a misnomer.

saityi(10000) 4 days ago [-]

I think 'unchecked' would be a bit of a misnomer; code inside of unsafe blocks is still checked by the compiler for many things. The borrow checker is even on IIRC.




(1099) Tricks to start working despite not feeling like it

1099 points about 13 hours ago by vitabenes in 10000th position

www.deprocrastination.co | Estimated reading time – 4 minutes | comments | anchor

3 tricks to start working despite not feeling like it

Ever wish you felt like creating that presentation? Felt like doing that research? Felt like doing the dishes?

Most of us do.

It's easy to start when we feel like it.

Unfortunately, we often don't.

We don't feel ready. We don't feel like the work is going to be good enough. We don't feel like we have the motivation.

The list goes on.

But here's the thing: we don't have to feel like it to start.

We can start writing, even if we think the words are rubbish.

We can start creating, sketching, planning,... even though we're uncertain of the results of our efforts.

Every time we consciously go 'Okay, let's do this' instead of checking Twitter for the tenth time this hour, we're training this ability.

Tricks on how to start

'Screw it, let's do it'

Billionaire Richard Branson has a catchphrase: 'Screw it, let's do it'

He even wrote a book by that title. The lesson of it is simple: despite all the doubt, all the fear, all the negativity, let's take the leap.

Publish that post. Message that person. Start that company.

It's a simple mantra that can inspire you to approach, instead of avoid.

When you get tired of thinking about a piece of work and feeling bad for not finishing it yet, go 'screw it, let's do it' and start with something, anything.

Start sloppy

Another trick to start sloppy - you might have high expectations of your finished work.

You want to write a great book, not just a good one. Or create a stellar artwork, or start a great business.

All those expectations can put more pressure on you than you can bear, leading you to avoid it by procrastinating.

Instead, you can escape those expectations by starting deliberately badly.

Write a chapter of a book by hand - you know that's not what will get published. Start designing a poster with a sharpie, instead of the latest high-tech illustrating program. Create a working prototype for your first product that you'd never ship to anyone else.

When you know that you don't have to make the greatest thing ever right from the start, it's easier to start. And then it's easier to continue.

Start small

You probably don't feel like creating a 20 slide presentation right now from scratch and presenting it in 2 hours.

You don't feel like writing a whole final thesis on a topic you barely know.

You don't feel like running a marathon.

But you might feel like looking up a couple pictures or articles for the presentation.

Or feel like writing a paragraph or two before lunch break.

Or feel like taking a 5km walk.

All those are small steps along a possible longer journey. And taking those steps, while they may seem tiny, is what can lead to ultimately completing the longer journey.

Every small win is motivating. Every small win builds momentum. Momentum energizes.

So there you have it.

Is it time to go 'screw it, let's do it'?

Could a deliberately sloppy start help you move forward?

Or what's the smallest step you can take right now?

Follow @deprocrastinate



All Comments: [-] | anchor

e19293001(2687) about 11 hours ago [-]

I'd like to share this post[0]:

The last two weeks I made it a goal to run 5km every morning. A few times, particularly today, I felt lazy and run down, but I got out of bed anyway and told myself that I'll at least walk. The next thing I know I'm running and feeling amazing and on to set one of my better times.

The point: When you tell yourself 'just one more game' or 'just one more post', or 'just one more video' and end up doing 3-5 hours more, do that with your other tasks too! 'just one line of code', 'just one tutorial', 'just one rep', 'just one line of reading/writing'.

We all have this amazing mental tool that we've been honing for years, the tool of self deception. Time to use it for good and not evil.

Copied from: [0] - https://www.reddit.com/r/productivity/comments/cdir3g/trick_...

agumonkey(880) about 9 hours ago [-]

I did this last summer. Simply walking early to get some bread. It quickly turned into an automatic alarm clock, gave me a good 30 min of 'warm up' walking that also let my brain coast while watching the woods. You come back both refreshed and all warmed up blood wise. It was very very beneficial altogether.

If it wasn't for the wrong job I took next and winter killing the morning sun I'd still be doing this. Actually now that spring is here, I feel the need. The need for .. walk.

itchynosedev(10000) about 10 hours ago [-]

I damaged my shin bones because I was running too much too soon and currently taking 2 months break. Side note, I used to run 20k every week, then stopped.

Be careful of the problem on the opposite side of the spectrum: your body might not be able to keep up with your motivation.

yodsanklai(4155) about 9 hours ago [-]

Sometimes I have a really hard time to start working on some tasks and I think it is linked to anxiety and stress, not mere laziness. As long as there are no big expectations (like when exercising), I have usually no procrastination issues.

vimota(4050) about 2 hours ago [-]

James Clear calls this the 2 minute rule: https://jamesclear.com/how-to-stop-procrastinating, I too find it super helpful.

jonpurdy(10000) about 7 hours ago [-]

This helps me get to the gym every morning at 6am. I go every morning, even if I don't plan on working out and just stretching. The simple 8 minute walk to the gym is the main blocker, so once this step is done it's easy to start working out anyway.

spodek(4129) about 8 hours ago [-]

People ask me why I take cold showers regularly, post to my blog daily, and never miss my burpee-based twice-daily calisthenics over more than a decade (approaching 150,000 cumulative burpees).

Among many reasons, developing the skill to do what I said I would is tremendously valuable. Without these habits, I lacked discipline and thought to avoid tricks, which I thought of as short-term cheats. The habits developed discipline in me and revealed that developing tricks is the way to make habits work.

I have no doubt that the most accomplished people use tricks to do their most valuable activities -- athletes, politicians, business leaders, whatever.

nyxtom(3687) about 9 hours ago [-]

Just waking up at the same time every day and kickstarting yourself (practically no matter what time you end up going to bed) seems to work absolute wonders.

lazyjones(4256) about 6 hours ago [-]

Fitness routines and work are not the same thing. The former is IMHO pretty much a pointless waste of time (nothing bad will happen if you skip one day) and work usually just needs to be done eventually or there are serious consequences. The former thus needs self deception, while the latter just requires realization/visualization of its necessity and of the dire consequences.

bengale(10000) about 11 hours ago [-]

This is a good reason to break your tasks up into smaller chunks too. One more thing checked of the list is easier when its something like 'add a button' and not 'implement entire feature'.

rbongers(4234) about 7 hours ago [-]

This is one of the strategies covered in the book 'Power of Habit'. Highly recommend that book.

ekianjo(336) about 9 hours ago [-]

> A few times, particularly today, I felt lazy and run down, but I got out of bed anyway and told myself that I'll at least walk

This is also used with people who suffer from some kind of limb paralysis. You first start to tell them to wiggle the extremity of their finger (or toe). Then part of the of the finger. Then the whole finger. And so on.

Basically the concept is the make every single effort leading to the end result as effortless and frictionless as possible.

Valakas_(10000) about 8 hours ago [-]

For me that doesn't work because then I learn that 'yeah you say just walking but we both know it will end up in running.' What works instead is I promise I will walk. And then I actually only walk even if I feel like running. That way you will trust yourself. If I say 'ok i go to the gym 30 mins. just for a quick training.' Then even if I'm in the flow at minute 30, I stop and go home. Next time I remember that and I know that if I say 30 it will be 30 and not more, that creates a trust in yourself that you're not trying to trick yourself into doing something you don't want to.

laurieg(4257) about 9 hours ago [-]

I like the idea and I'm glad it works for some people but I tried it and often I would get out the door with all my running gear on and then turn back around and give up. Something about thinking about it like this made it easier to give up.

tw1010(4164) about 11 hours ago [-]

I used to be sceptical that the concept of overtraining was a thing, but it definitely is. Just saying that running every day consistently might not necessarily be good for you in the long run. Listen to your body.

kekebo(4169) about 10 hours ago [-]

This HN post expressed a similar strategy in a bit more detail, based on the 'Tiny Habits' approach by Stanford researcher BJ Fogg: https://news.ycombinator.com/item?id=21920556

aj7(4033) about 7 hours ago [-]

Sometimes when you feel the worst when starting, your performance is best. And professional athletes have documented the reverse, ca. a fresh pitcher getting knocked out in the 1st.

PMalhotra(10000) about 11 hours ago [-]

Very correct! I love the thought. We have to replace the lazy tasks into the active ones by telling our brain just 'one more time'. And I have realized that whenever I tell myself to do something which requires getting out of bed and be active, the thought is itself exhausting. But ones you do that you feel amazing and your day just go right! You just have to push yourself for that one time again and again.

LeftHandPath(10000) about 4 hours ago [-]

It's so amazing how making it easy to get started is basically priming your brain to complete the task.

I've gotten fit by hanging up a chin-up bar on a spare door frame. When I had a trainer, I was always amazed at what I could accomplish - even on days when I swore I felt dead in the morning - just by getting there and starting. I've gotten good at coding by keeping my IDEs of choice in the taskbar and working on small tasks during downtime. I study better and more often when I leave out my notebooks and calculator.

The lower you set the barrier to entry, for a given activity, the better a chance you give yourself to actually complete that activity later.

Aeolun(10000) about 9 hours ago [-]

Just one more line of code always leads to me leaving work at 20:30 :/

Sean1708(10000) about 10 hours ago [-]

This is a technique often employed to help people suffering from anxiety, you can always break something down into smaller tasks and eventually you'll get to a point where the task feels doable.

heinrichhartman(3934) about 7 hours ago [-]

In 2014, I ran 5km every morning. 356 days. I hated every single one of these runs. I did get better at it, but I did not end up enjoying it. Certainly was never 'feeling amazing'.

Eventually dropped the habbit. Now spending more time in the Gym and on the Bike.

ak39(3532) about 11 hours ago [-]

This indeed works. It is to in my experience the only way out of the mess.

digitalsushi(4168) about 8 hours ago [-]

I wish I had this written down somewhere, but I don't; perhaps it's well known enough that someone else can correct my mediocre paraphrasing:

A Marine once told a civilian that everyone is programmed to believe their 80% remaining is their 0% remaining, and the courageous work of realizing that limitation is what unlocks the extreme feats that someone so well physically and mentally conditioned can undergo.

I'm not military, don't know anyone military, and have no particular leanings, but I have always been absolutely invigorated by the apparent, quiet force that service members project. It's inspirational even devoid of agenda.

kitd(4049) about 11 hours ago [-]

Agreed.

I have found myself paralysed by procrastination at times (normally when whatever project I'm currently on has lost its initial zing).

My strategy has become: Just do one task today, that's all. Doesn't matter how small. Leave the office feeling like you've done something productive.

My thought process then becomes, OK, let's do my one task early then I can browse Reddit/HN/wherever.

And of course, what happens is that that one task gives the ball its initial push, and becomes 2 tasks, or 3, or more.

It doesn't always work, but it helps take the expectations and guilt off yourself, and gives you space to breathe.

s_gourichon(10000) about 9 hours ago [-]

There is a company dedicated to tricking (voluntary and conscious) people from procrastination to actual sport, see https://www.squadeasy.com/

The main idea is to leverage the brain's sensitivity to cooperative team goals or competitive goals, plus some gamification. And it works!

Disclaimer: the main founder is my brother, I was involved in the very first steps of the project, and I'm currently on a freelance mission with the company. And the team is looking for a freelance or a permanent Typescript coder in Paris.

cirgue(4328) about 4 hours ago [-]

I have never in my life regretted working out, but I regularly regret not working out. It is so weird to me that, despite hundreds of trials of this dynamic, by brain still hasn't totally internalized this lesson and I end up having to tell myself 'dog it if you want to, just show up', then proceed to have a great time.

kamaal(677) about 8 hours ago [-]

Looks like most of use discover this rule one way or the other. I had a simple rule, where I would try not to give up for the smallest period of time I could hold on to a thing.

Often that is like the next 5 minutes. Like I just tell myself, we are not trying to do this the whole year or even years. Just the next 1 hour, and then tomorrow we will try again.

Ma8ee(10000) about 11 hours ago [-]

One thing that really has helped me with e.g. writing an email that I dread writing is to just write a draft that I don't plan to do anything else with than use as a starting point when I write the real email that I won't write until tomorrow. Often the draft is good enough to send after only small edits. Or the writing of the draft have helped me to clarify my thoughts enough, combined with a night of processing, that writing the real mail the next day becomes relativly easy.

scandinavegan(10000) about 10 hours ago [-]

My trick to start emails is to add To and Cc last, when I'm happy with the email.

If I add them first, I worry that I'll click send by mistake halfway through my draft (and a secondary worry is that the draft will be full of inappropriate stuff and curse words, which I never add even to drafts, so it's not a rational thought). If I add the recipients first, it also feels like they sit there looking at me expectantly as I write, which makes it harder.

An email not addressed to anyone, but of course with the recipients in mind to adapt the content, makes it easier for me to treat the first version as a draft.

Sleeping on non-urgent emails sounds like an excellent idea, because your view of the issue may change.

sailfast(10000) about 9 hours ago [-]

This is a good strategy for contentious topics. That said, I would argue that the best thing in this situation to get the task done is to call the person. That way you can hear them, react to them, and the task is done at the end of the call. That said, I don't know anything about your email, audience, etc so you do what works for you.

My underlying hypothesis is that too many people are afraid of making phone / video calls, but it's a much better way of getting difficult things done sometimes.

ArtWomb(579) about 7 hours ago [-]

I started publishing a daily dev log. Coinciding with YC SUS Winter 2020

https://okaq.github.io/log

Just simple markdown pages with daily progress. Eventual goal is a live video stream

For my own part, I can say that once you reach the point where the thing you are working on is more interesting than anything else. The rest of the world melts away

samename(4320) about 7 hours ago [-]

Link results in a 404

HNLurker2(2773) about 11 hours ago [-]

>Billionaire Richard Branson has a catchphrase: 'Screw it, let's do it'

He is a black swan. Britain has only one Richard Branson and that is Richard Branson.

gdy(10000) about 11 hours ago [-]

Sir Richard Branson is British.

modi15(10000) about 9 hours ago [-]

I have tried all these things, but they dont work for me.

How about when you dont feel like working, simply don't work. Do something you feel like and then work when you feel like it again.

lazyjones(4256) about 6 hours ago [-]

Yep, often when we don't find the energy and motivation to do something, there's something wrong that needs fixing. Depression, the work being pointless, FOMO and other desires that should be addressed. Work as escapism ('start sloppy until the task has all your attention') works sometimes, but it's not really victory over procrastination nor even desirable.

momirlan(10000) about 5 hours ago [-]

wish that worked for me. one thing that kept me going without effort was 'Duolinguo'. this clever language learning app has a points system and system of leagues where you move up if you are among the first 10 in a cohort. for competitive persons like me it works very well. i am working my language skills first thing in the morning and last at night, and anywhere in between. the idea is being in a community of like minded people stimulates you.

amonroe805(10000) about 8 hours ago [-]

I'd like to submit an another interesting motivational tactic along these lines: The Christian/Catholic practice of Lent.

I've observed many friends who practice Lent make major life changes that are hard to make at any one time (going vegan, quitting smoking, etc.) because of how major they are. Lent helps because the change is 'only for Lent', but I observe that many people carry those changes on indefinitely.

Lent helped them trick themselves into taking on a major lifestyle alteration alongside a major support network of many other people doing the same thing. But once you've built a habit for a month, what's one more month? I think there's a lot of value in this tradition done well.

wastedhours(4336) about 8 hours ago [-]

Agree with this, I gave up sugary soft drinks as a teenager after doing it for lent. 'I might as well go for another month' lasted nearly 2 1/2 years (until I went to uni and wanted a mixer for rum...)

peteretep(1706) about 10 hours ago [-]

One trick I don't remember the source of that I've used to great effect over the years is:

- take a list of tasks you're procrastinating on

- set a timer for five minutes

- do just five minutes on task one. Then stop, and do the next, even if you were enjoying the first one

- keep cycling over until you've unblocked them all

kerrsclyde(3767) about 9 hours ago [-]

I've cut it down further, I'll do 30 seconds on a task just to get me going.

Then I can't cope with doing 30 secs on something and I'm up and running.

ycosynot(10000) about 9 hours ago [-]

'If you're not planning, you're planning to fail.' Benjamin Franklin

This is what got me from a slump to a very productive, accomplished man. I plan every 15min of my mornings (Elon Musk plans every 5min!), then freestyle afternoon because that suffices me. You should write your tasks as Daily on Google Calendar then you can Sync with Samsung Galaxy Watch (because yes, it is so amazing that it is time to grab a smartwatch!) and display the list of tasks for the morning. Just a tip. Planning.

Tyr42(4307) about 8 hours ago [-]

I always heard it as 'if you fail to plan, you are planning to fail', which has a nice ring to it.

JonathanFly(10000) about 12 hours ago [-]

>Start sloppy

>Another trick to start sloppy - you might have high expectations of your finished work.

>You want to write a great book, not just a good one. Or create a stellar artwork, or start a great business. >All those expectations can put more pressure on you than you can bear, leading you to avoid it by procrastinating. >Instead, you can escape those expectations by starting deliberately badly.

I use this one a lot. I always heard it called a 'vomit draft'. It really works. It's easier to see how truly terrible thing could be improved than it is to just start working from a blank slate.

CathedralBorrow(10000) about 1 hour ago [-]

This absolutely works for me. I call it the 'zeroth draft'.

mcv(4329) about 11 hours ago [-]

It's often easier to add to something that already exists than to start something new from scratch. And when you're the one who created the thing in the first place, it's that much easier to make the improvements.

Even if the initial thing is so terrible it needs to be redone completely, at least you figured out what you don't want. All while getting into the habit of doing the thing.

andai(4315) about 12 hours ago [-]

You can't clean up a blank page. Gotta foul it up first!

hinkley(4237) about 4 hours ago [-]

At work I found calling this draft a 'straw man' gets quite a few more people off of the starting blocks.

It's just an avenue for having a discussion about what we actually want to say.

cloverich(10000) 21 minutes ago [-]

Make it work, make it right, make it fast [1]. This has helped me tremendously in my programming career and especially in my side projects, where I have very limited time and energy. Its a solid strategy for breaking down complex work.

[1]: https://wiki.c2.com/?MakeItWorkMakeItRightMakeItFast

nonameriot(10000) about 5 hours ago [-]

Does this mean that, for instance, if you're writing a novel, you start without a structured outline?

Valakas_(10000) about 8 hours ago [-]

> Start in a way that you could enjoy. Start doing in in a way that you could have fun, even if it's not as efficient as other boring/normal ways, so that the fun itself is the motivator.

ramblerman(3331) about 12 hours ago [-]

This idea is captured nicely in the book 'Art and Fear' with the following anecdote:

'The ceramics teacher announced on opening day that he was dividing the class into two groups. All those on the left side of the studio, he said, would be graded solely on the quantity of work they produced, all those on the right solely on its quality.

His procedure was simple: on the final day of class he would bring in his bathroom scales and weigh the work of the "quantity" group: fifty pound of pots rated an "A", forty pounds a "B", and so on. Those being graded on "quality", however, needed to produce only one pot – albeit a perfect one – to get an "A".

Well, came grading time and a curious fact emerged: the works of highest quality were all produced by the group being graded for quantity. It seems that while the "quantity" group was busily churning out piles of work – and learning from their mistakes – the "quality" group had sat theorizing about perfection, and in the end had little more to show for their efforts than grandiose theories and a pile of dead clay.'

aeturnum(10000) about 2 hours ago [-]

Anything worth doing is worth doing badly.

kashug(10000) about 11 hours ago [-]

I agree a lot with this. A blank page is the worst - I find it hard to get started. But if I just put something (probably something bad) it is much easier to just continue improving it.

blowski(3370) about 12 hours ago [-]

Fred Brooks in The Mythical Man Month:

> Plan to throw one away. You will anyway.

Lex-2008(10000) about 12 hours ago [-]

I also like how they mention marathon. Indeed, you don't start training for marathon by running all 42km on the first day, are you? No, for some of us in our current shape even running 5km is hard! So we should start with smaller things - those we can do - and tell ourselves that we have achieved something - and that tomorrow we probably will achieve slightly more.

vortico(3756) about 12 hours ago [-]

Thanks, I have two projects I'm avoiding right now, and even though I've started them a few weeks ago, if I drop them for a few days I feel like I have to start back again. The 'screw it, let's do it' and 'what's the smallest step you can take right now' approach would work in my case. The first is nice because I sometimes convince myself that I'm too lazy or unmotived to work on it. But am I? Or do I just think I'm unmotivated but would actually put several hours into the job if I started right now?

Mirioron(10000) about 8 hours ago [-]

One of the best ways to get yourself to take a small step on a project is to put some parts of it in places where you will stumble upon it. Eg when you put your computer to sleep have that project be at the front or leave your notes about the project in a place where you're likely to run into them etc.

BaitBlock(10000) about 9 hours ago [-]

I've a side project extension underdevelopment 'Baitblock':

https://baitblock.app that helps people deal with this.

We've pretty advanced stuff coming up like in page distraction blocking using machine learning, 1st party tracking protection (deletes cookies on websites that you're not logged in to), TL;DR before clicking the link submitted by other Baitblock members, blocking sites (although it is pretty standard), etc. Keep in mind that the already implemented features have a few bugs (to put it politely), while the others are in development but this is very early preview (latest version is under store review that is shown in demo vid in site) :)

Since I'm from Pakistan, we dont have Stripe and Paypal here, so Baitblock is free for early people.

spai2(4334) about 9 hours ago [-]

This looks cool! Thanks for making it available for free. Awaiting Firefox support so that I can give this a try.

darthreid(10000) about 11 hours ago [-]

I'm needing this a lot right now for a massive project to deliver at work. I get so tangled up in the mess of trying to make it perfect or thinking that I'm not approaching the problem in the best way that I end up twiddling my thumbs for hours, pretty much doing nothing worthwhile the whole time.

I'll be trying these out tomorrow and see how deprocrastinated I can get before veering off again.

OnACoffeeBreak(10000) about 10 hours ago [-]

I'm in a similar situation right now, and I've been in this kind of place many times before. I try to keep the seemingly idle time to a minimum, but I also acknowledge that my brain is still thinking about the problem during those times, so I don't beat myself up about it and go for a walk when that happens.

The self-doubt is also normal, and I actively push against it by reminding myself that, while someone that has done this before can likely jump to a good solution right away, it doesn't mean that it's realistic to expect that of myself.

Being tangled in a mess of something you are not an expert in is a normal way to learn. I have to remind myself that this approach worked before and there is no reason to believe that it won't work this time.

I'm going to put these tips to good use today:

I don't know if this is the right module to use for this. It looks like it doesn't do X and Y. Screw it, I'm going to try to get Z working.

I can't figure out the proper way to pass this argument in? Let's just hard-code it for now to get things working and mark it with a TODO.

miloshadzic(4045) about 12 hours ago [-]

How do people still fall for advertorials like this?

foxX(10000) about 10 hours ago [-]

You deserve to be at the bottom, because how dare you!?

It is known that buying and going through the 4 week anti-procrastination program from deprocrastination.co instead of doing real work for 4 weeks helps you not procrastinate. Dothraki choir: 'it is known'.

tw1010(4164) about 11 hours ago [-]

Pet peeve: when people take phrases intended for one thing and uses them for a slightly modified purpose. I take Branson's 'screw it, let's do it' mantra as something entreprenurial, a call to break the rules (and stuff like that). Using it in this purpose feels more like 'screw it, let's work even though I'd rather stay in bed', which is different emotionally, and kind of saturates the sayings power.

(Maybe nikes 'Just do it' would fit better, but I get that its associations to big corporations isn't as well suited for the startup atmosphere we're surrounded by.)

wccrawford(4256) about 10 hours ago [-]

Plus, Shia Labeouf already took the 'just do it' and turned it into a meme that's perfect for this situation, so it's a much better choice anyhow.

wastedhours(4336) about 8 hours ago [-]

Especially as the root of that phrase is in really wanting to do something, in the face of overwhelming external pressure to not do it (I think he coined it when launching Virgin Atlantic and noone thought the business plan looked solid).

keiferski(1032) about 10 hours ago [-]

I have a nagging feeling that any time we have to force ourselves to do a task, something is wrong at a fundamental level; that we are somehow out-of-tune with nature; that contemporary society is missing a key insight about our minds and the way we organize our work.

An eagle doesn't force itself to hunt for food; it just hunts. I can't imagine it having to psych itself up simply to be. Looking for and harnessing that level of purity seems ultimately more fruitful than playing psychological tricks on your mind. Easier said than done, unfortunately.

moretai(4181) about 5 hours ago [-]

It's the system man

connectsnk(10000) about 1 hour ago [-]

I completely get you. You also mentioned that it is easier said than done.

Someone asked an Indian guru that what would happen if Jesus had a second coming now. The Indian guru replied that in old days Jesus was able to gather 12 dedicated followers. Today he will not be able to gather even 1 because of student loans and 30 year mortgages.

This sums it up. Even if something is very close to my heart and I don't need any motivation to do it, my first thought is 'Will I earn some money from it'. I suppose it is the same for a lot of people

muzani(3806) about 8 hours ago [-]

Marc Andreessen advises to do whatever we feel like doing, because it's a good way to stay in flow.

I think he's in a lucky place to want to do important things though. Most of us just want to lie down and watch TV. It's probably the side effect of addiction. If we bore ourselves, we tend to get inspired to try something else.

sideshowb(3560) about 10 hours ago [-]

I kind of agree, but if you take the premise of Sapiens that homo sapiens is distinct from other animals in ability to organize around stories rather than more immediate drivers of behaviour - then this may just be part of the human condition.

Mirioron(10000) about 8 hours ago [-]

What you're thinking of is delayed gratification. An eagle doesn't have to force itself to go hunt, because physiological processes tell it that it needs to hunt. It's the same reason you don't have to psych yourself up to go have lunch - your body desires lunch.

Humans have evolved to sometimes delay their gratification. That is, we don't hunt and eat our catch immediately, but instead we hunt and preserve the food to eat next time. This has been an immensely successful strategy, because it allows us to do things like plant crops and use that as food later. Modern society is essentially built upon delayed gratification. You go work, but get paid later.

The problem is that this delayed gratification is constantly under attack by things that you could do right now that would make you feel good. Delayed gratification tends to lead to better outcomes in the long term, but our base instincts are still about getting pleasure right now. This is why people with ADHD have no problem playing a video game for hours upon hours, but have difficulty doing their job - in the video game they get the rewards immediately, but at work the rewards are significantly delayed.

lake99(10000) about 12 hours ago [-]

Has anyone here come across good research-based methods of dealing with procrastination?

travbrack(10000) about 12 hours ago [-]

Try http://www.procrastination.ca/ and the iProcrastinate podcast. Main takeaways are:

* Just get started.

* Don't give in to 'feel good'.

* Use implementation intentions to put the trigger for action in the environment.

* Procrastination is an existential issue. One who is procrastinating is not getting on with their life.

* Approach goals are better than avoidance goals.

aazaa(3210) about 8 hours ago [-]

> Every small win is motivating. Every small win builds momentum. Momentum energizes.

Starting small is an unreasonably good way to hack your brain. A book called 'Tiny Habits' describes a system of behavior modification based on the idea:

https://www.tinyhabits.com

It gives the example of flossing. Instead of resolving to floss every night, resolve to floss one single tooth every night. It takes less than five seconds. As you take on the habit, it becomes easier to expand it. Starting big in contrast is a good way to fall off the wagon.

One of the book's key insights is that the new habit you want to take on needs an anchor - something else you already do habitually that will precede your new habit.

You can pick up any new tiny habit, but you need to attach it to something you already do habitually. This will be the trigger without which no new behavior can stick.

In the case of flossing, that anchor could be brushing your teeth. So if you don't regularly do that, you might want to start there by brushing your teeth every day for five seconds. You could anchor that to the finishing dinner. Or getting out of the shower.

And so on.

cedricium(10000) about 5 hours ago [-]

In a similar vein, James Clear outlines this same sort of principle as 'habit stacking'[0] in his book, Atomic Habits.

[0]: https://jamesclear.com/habit-stacking

andai(4315) about 12 hours ago [-]

Anyone tried using a chain calendar? I used an app that tracked how many days in a row I meditated and that's the first time in my life I was able to do a good habit consistently for 15 days straight. I didn't want to break the chain!

Later I used the same idea for studying every day, started with a few minutes and worked it up slowly. Eventually, I was able to concentrate for long periods of time. That sense of momentum and progress is very encouraging.

thecatspaw(4332) about 12 hours ago [-]

I thought about doing the chains, but I was always held back by the thought of having to break the chain for legit reasons. For example I'm currently practicing guitar, so I'd create a chain for that. But there are legit reasons why I can not play at a given day, I might not be able to access a Guitar because Im in a Hotel in a different country, or a myriad of other reasons.

prawn(308) about 11 hours ago [-]

We built an app* for this and use it ourselves - it's very effective. I have tasks for working (even a token amount) morning or night on a side project, working on the biggest roadblock task I have, and things like that. The app splits tasks into a 'front six' and 'back six' so I have six focused on work/business and then six focused on home (reading, trying to learn a language, etc).

I remember at one point having 'walk x steps' and 'read x minutes' as daily tasks, so I'd often be walking around the house while reading just before midnight to make sure I kept my streaks alive.

* https://streaks.app/ (iOS only)

newqer(10000) about 11 hours ago [-]

Sounds like a good idea, what app did you use?

ypcx(10000) about 10 hours ago [-]

Be aware that the brain is a power-hungry/power-intensive organ. Give the brain (and body) enough nutrients they need for functioning. The brain (and the body) enters a power-save mode if not fed properly, which may manifest as reluctance to work (to perform deeper thought) and result in procrastination and worse, in depression. Don't try to replace real nutrients with coffee or other stimulants - these work great on top of a great nutritional base. Be aware that your body has various nutrient buffers, cycles and momentums and it may take months or even years to really run out of some really important nutrients, given your diet and lifestyle, and this will be exacerbated and accelerated by aging. Other nutritional deficiencies can have a fast onset, triggered by a temporary change in diet (something 'bad' you ate), or by an illness. Know, that the decline in the efficiency of your digestive tract due to insufficient diet also has its own momentum, so it may be much slower to re-feed the body all the nutrients you need, because the internal organs need to heal first.

Two of my personal 'works for me' tips: explore the ketogenic diet and the effect of ketones/ketosis on the brain function, and/or try out the Wim Hof breathing method.

humansvsrobots(10000) about 9 hours ago [-]

That's probably the most effective way to increase productivity. I would automate this if I could.

rustybelt(10000) about 3 hours ago [-]

Cleaning up my diet has been far and away the best productivity 'hack' I've ever tried. I cut bread and most sugar without being aggressively low-carb and feel sharper, more focused, and more motivated than ever. I wish I'd done this 20 years ago when my parents and doctors were pushing Ritalin and Adderall on me instead.

d--b(4202) about 12 hours ago [-]

I use all of these, and they work pretty well.

Structured procrastination is also a good one:

http://www.structuredprocrastination.com/

The basic concept is that work is procrastination of something more important.

There is nothing like having a big writing deadline to get the cleaning done!

Mirioron(10000) about 8 hours ago [-]

This technique was incredibly useful for me in college. I got so much programming homework done while I was procrastinating writing reports.

scrdhrt(10000) about 8 hours ago [-]

I apply the LT5 rule: If a task takes Less Than 5 minutes, do it now. This works really well for me because I can concat several LT5 tasks.

twic(3502) about 7 hours ago [-]

I often apply this rule, then find that the task actually takes half an hour, and now i'm two hours late for something.

kkwteh(4308) about 12 hours ago [-]

I use the small wins trick a lot. I start with the smallest win, which is writing down a small win on my todo list.

Then, when I see the small task, I feel motivated to do it just so I can have the pleasure of checking it off my list. By that time, I'm usually on a pretty good roll and keep working.

prawn(308) about 11 hours ago [-]

Same. I do it when the dishes have piled up. Tell myself I'll just quickly do the easy ones, and then next thing I carry on and decide to do the biggest remaining dishes so the bench looks cleaner, and from there it's downhill and easy.

slavapestov(10000) about 6 hours ago [-]

If you don't feel like doing something it probably sucks and isn't worth doing. Hustle culture is stupid. When you're on your deathbed you're not going to look back on your life and wish you had worked more or made mode money.

MockObject(4335) about 5 hours ago [-]

If my deathbed is under a sheet of filthy cardboard as I sleep on the street, believe me, I'll be looking back wishing I'd made more money.

cjfd(10000) about 8 hours ago [-]

It may not always be wise to start working despite not feeling it. One could burn out that way. Scott H. Young write an article about this recently. https://www.scotthyoung.com/blog/2020/01/13/too-tired/ I have also experienced this. When I got my first job I actually tried to work all the time, besides the occasional breaks, ignoring feelings of tiredness. This got to the point where I was feeling tired pretty much all the time I was awake. Then I concluded I should give into my cravings for purposeless web surfing sometimes.

m3kw9(10000) about 4 hours ago [-]

Agree, the way should be instead how to make myself feel like starting that task. Ask yourself why you are not feeling it, but obviously it's because there are more fun tasks, so you need to solve why it isn't fun, and devise a way to make it fun for you. As opposed to treating the task as torture.

codekansas(10000) about 8 hours ago [-]

I wonder how much of this is because of physiological aspects that have to change to keep up with your other lifestyle changes. Brain exercise takes energy, and you might just not used to eating and sleeping enough to maintain that level of exercise.

InvisibleUp(10000) about 7 hours ago [-]

Procrastination is a tricky beast.

I'm not going to discount advice like this, because it is helpful. But it is only one piece of the puzzle. There's a stark difference between 'I don't quite feel like starting this yet, so I'll put it off for a little bit' and 'I absolutely want nothing more than to start this but I can't force myself to', between laziness and a genuine inability to begin.

Not to give medical advice in the comments section of a web article, but if the latter description describes you, understand that most people don't go through those struggles. This may be an issue that needs more work to solve than reading self-help articles; it may be caused by burn-out or ADHD or some other executive functioning issue. Do look into this is procrastination is something you are constantly struggling with in your life.

I wrote [an article][1] about my experiences with procrastination and ADHD, if you're interested in more. I'd also recommend the fantastic [ADHD Alien comics][2] for a nice digestible summary of what ADHD is like.

[1]: https://invisibleup.com/articles/27/ [2]: https://www.reddit.com/r/ADHDAlien/

skinkestek(4226) about 6 hours ago [-]

Thanks for creating your web page and thanks posting both!

These are brilliant, both of them it seems !

kuu(4336) about 12 hours ago [-]

Funny to read as we are probably procrastinating.

m3kw9(10000) about 4 hours ago [-]

This procrastination is actually probably useful. If I go on other social networks the probably of usefulness or random items that an Algo targets me approaches zero

newqer(10000) about 11 hours ago [-]

When my brain is running idle, my hands autonomously type 'Hacker News' in the address bar of my browser.

echelon(4151) about 12 hours ago [-]

I have ADHD, so this is a constant struggle.

Make sure the thing you have to do is something you want to do. While you can procrastinate on the things you're truly interested in, ultimately you're more likely to follow through with the things that interest you than the other random tasks that require doing.

Writing that design doc, report, or review at work? Meh. I drag my feet until I'm the last person in the office and I have to finish.

That obscure side project that really interests me? Hell yeah. It's called hyper-focus, and those with ADHD know what it's like.

Check out my Github streak. I think I've got the world's fastest faster-than-realtime CPU-only neural TTS and Voice Conversion (VC) systems with multi-speaker embeddings outside of Google. And I wrote an entire data ingestion, cleanup, and curation engine to build massive data sets for training. A year ago I didn't even know what any of this stuff was, and now I can't pull myself away from it. Building is magnetic and addictive, but it's not the thing I need to do.

Sometimes you can pivot the energy you have from a desirable task into an undesirable one. I tell myself I can't work on the fun thing until I get the mundane one done. It's a hack that doesn't always work.

I want to structure my life around things I want to do to the exclusion of all else. I think I'm starting to get there. I've trimmed a lot of unnecessary things from my life.

My dream is to get rich enough doing desirable side hustles that I can pay people to take care of all the undesirable tasks. Delegation to achieve efficiency.

I can work like there is no tomorrow on random side projects. I just wish I could redirect all that focus and energy at will into the areas that need them.

I can't. So I have to become what interests me.

scandinavegan(10000) about 10 hours ago [-]

I don't have an ADHD diagnosis, but I struggle with procrastination.

Does it help you at all to have external recipients of your work, or does it not factor in at all in what gets done?

It helps me if I tell someone else 'I'll send you the report today', because it makes me more accountable. I'll probably delay it until panicking at the end of the day, but I will at least hammer something out and send it off. Or worst case finish it tomorrow morning, after having started, but having to leave work the day before, which is still better than postponing even longer.

For me to do tasks, I need to reach the 'Screw quality and completeness, I need to send _something_!', which usually turns out to be plenty good enough based on feedback. I just need to find someone to promise sending the result to for my more important tasks.

pjot(10000) about 4 hours ago [-]

Your post resonates with me greatly - often I'll find myself making up _new_ side projects to take the place of the things that actually need to get done.

How do you push yourself to get the right things done now, that is, until you get rich enough to do otherwise?

Mirioron(10000) about 8 hours ago [-]

>Sometimes you can pivot the energy you have from a desirable task into an undesirable one. I tell myself I can't work on the fun thing until I get the mundane one done. It's a hack that doesn't always work.

It can even backfire: sometimes you end up just browsing reddit or doing some other nonsense thing for hours just so you can avoid doing the mundane task. At the end of the day you wonder how you wasted an entire day without doing the fun side project or the mundane task.

>My dream is to get rich enough doing desirable side hustles that I can pay people to take care of all the undesirable tasks.

Hiring somebody to do the cleaning at home seems to help quite a few people. People in tech probably earn enough to be able to afford to just hire someone to clean the apartment/house once in a while. It's probably a better option than to either hate yourself for it or to just not clean for a long period of time.

majortennis(10000) about 8 hours ago [-]

this post was terrible

paulpauper(210) about 8 hours ago [-]

agree. i dunno how stuff like this gets so many votes and a lot of quality contributions do not.

flyGuyOnTheSly(4122) about 5 hours ago [-]

I shot out of bed for the 5th morning in a row today to make it to Mysore style yoga class at 6am.

I was tired and hungry.

I had to pick up my better half from the airport last night at 2am because her flight was delayed.

I was nervous that I wouldn't remember the standing sequence for the 5th time in a row.

I lost my chant card already that I was just given yesterday...

I had every excuse in the book not to go, but I went anyways.

Turns out I wasn't that tired or hungry, I remembered the chant and the standing sequences almost perfectly, and I made it a few more poses into the seated series.

I can't wait to go back tomorrow.

No matter the circumstances.

moretai(4181) about 5 hours ago [-]

If you can manage to do it everyday in a row for 5 months, then we shall see the truth of those last two statements.





Historical Discussions: Mozilla lays off 70 (January 15, 2020: 928 points)
Mozilla lays off 70 as it waits for new products to generate revenue (January 15, 2020: 32 points)

(929) Mozilla lays off 70

929 points 6 days ago by ameshkov in 2481st position

techcrunch.com | Estimated reading time – 7 minutes | comments | anchor

Mozilla laid off about 70 employees today, TechCrunch has learned.

In an internal memo, Mozilla chairwoman and interim CEO Mitchell Baker specifically mentions the slow rollout of the organization's new revenue-generating products as the reason for why it needed to take this action. The overall number may still be higher, though, as Mozilla is still looking into how this decision will affect workers in the U.K. and France. In 2018, Mozilla Corporation (as opposed to the much smaller Mozilla Foundation) said it had about 1,000 employees worldwide.

"You may recall that we expected to be earning revenue in 2019 and 2020 from new subscription products as well as higher revenue from sources outside of search. This did not happen," Baker writes in her memo. "Our 2019 plan underestimated how long it would take to build and ship new, revenue-generating products. Given that, and all we learned in 2019 about the pace of innovation, we decided to take a more conservative approach to projecting our revenue for 2020. We also agreed to a principle of living within our means, of not spending more than we earn for the foreseeable future."

Baker says laid-off employees will receive "generous exit packages" and outplacement support. She also notes that the leadership team looked into shutting down the Mozilla innovation fund but decided that it needed it in order to continue developing new products. In total, Mozilla is dedicating $43 million to building new products.

"As we look to the future, we know we must take bold steps to evolve and ensure the strength and longevity of our mission," Baker writes. "Mozilla has a strong line of sight to future revenue generation, but we are taking a more conservative approach to our finances. This will enable us to pivot as needed to respond to market threats to internet health, and champion user privacy and agency."

The organization last reported major layoffs in 2017.

Over the course of the last few months, Mozilla started testing a number of new products, most of which will be subscription-based once they launch. The marquee feature here is including its Firefox Private Network and a device-level VPN service that is yet to launch, but will cost around $4.99 per month.

All of this is part of the organization's plans to become less reliant on income from search partnerships and to create more revenue channels. In 2018, the latest year for which Mozilla has published its financial records, about 91% of its royalty revenues came from search contracts.

We have reached out to Mozilla for comment and will update this post once we hear more.

Update (1pm PT): In a statement posted to the Mozilla blog, Mitchell Baker reiterates that Mozilla had to make these cuts in order to fund innovation. "Mozilla has a strong line of sight on future revenue generation from our core business," she writes. "In some ways, this makes this action harder, and we are deeply distressed about the effect on our colleagues. However, to responsibly make additional investments in innovation to improve the internet, we can and must work within the limits of our core finances"


Here is the full memo:

Office of the CEO <[email protected]> to all-moco-mofo

Hi all,

I have some difficult news to share. With the support of the entire Steering Committee and our Board, we have made an extremely tough decision: over the course of today, we plan to eliminate about 70 roles from across MoCo. This number may be slightly larger as we are still in a consultation process in the UK and France, as the law requires, on the exact roles that may be eliminated there. We are doing this with the utmost respect for each and every person who is impacted and will go to great lengths to take care of them by providing generous exit packages and outplacement support. Most will not join us in Berlin. I will send another note when we have been able to talk to the affected people wherever possible, so that you will know when the notifications/outreach are complete.

This news likely comes as a shock and I am sorry that we could not have been more transparent with you along the way. This is never my desire. Reducing our headcount was something the Steering Committee considered as part of our 2020 planning and budgeting exercise only after all other avenues were explored. The final decision was made just before the holiday break with the work to finalize the exact set of roles affected continuing into early January (there are exceptions in the UK and France where we are consulting on decisions.) I made the decision not to communicate about this until we had a near-final list of roles and individuals affected.

Even though I expect it will be difficult to digest right now, I would like to share more about what led to this decision. Perhaps you can come back to it later, if that's easier.

You may recall that we expected to be earning revenue in 2019 and 2020 from new subscription products as well as higher revenue from sources outside of search. This did not happen. Our 2019 plan underestimated how long it would take to build and ship new, revenue-generating products. Given that, and all we learned in 2019 about the pace of innovation, we decided to take a more conservative approach to projecting our revenue for 2020. We also agreed to a principle of living within our means, of not spending more than we earn for the foreseeable future.

This approach is prudent certainly, but challenging practically. In our case, it required difficult decisions with painful results. Regular annual pay increases, bonuses and other costs which increase from year-to-year as well as a continuing need to maintain a separate, substantial innovation fund, meant that we had to look for considerable savings across Mozilla as part of our 2020 planning and budgeting process. This process ultimately led us to the decision to reduce our workforce.

At this point, you might ask if we considered foregoing the separate innovation fund, continuing as we did in 2019. The answer is yes but we ultimately decided we could not, in good faith, adopt this. Mozilla's future depends on us excelling at our current work and developing new offerings to expand our impact. And creating the new products we need to change the future requires us to do things differently, including allocating funds, $43M to be specific, for this purpose. We will discuss our plans for making innovation robust and successful in increasing detail as we head into, and then again at, the All Hands, rather than trying to do so here.

As we look to the future, we know we must take bold steps to evolve and ensure the strength and longevity of our mission. Mozilla has a strong line of sight to future revenue generation, but we are taking a more conservative approach to our finances. This will enable us to pivot as needed to respond to market threats to internet health, and champion user privacy and agency.

I ask that we all do what we can to support each other through this difficult period.

Mitchell




All Comments: [-] | anchor

petagonoral(10000) 6 days ago [-]

in 2018, mozilla had 368 million USD in assets:

2018 financials: https://assets.mozilla.net/annualreport/2018/mozilla-fdn-201...

wow, 2.5 million for the executive chair of Mozilla in 2018. is that person really bringing 2.5 millions dollar worth of value to the company. this is in addition to the 2.x million from the year before. 10s of million exfiltrated out of a non-profit by one person over the last few years. nice job if you can get it.

edit: 1 million USD in 2016 and before.jumped to 2.3 million in 2017! pg8 of form 990 available at https://foundation.mozilla.org/en/about/public-records/

shawndrost(4102) 6 days ago [-]

The person we're talking about is Mitchell Baker, who has spent over 20 years contributing to Mozilla, including years as a volunteer. She has been on Time's 100 most influential people list. She has directly authored many foundational pieces of Mozilla and (arguably) the internet. She is the founding CEO of the Mozilla Corporation, which pays her paycheck from its ~$500M in revenue. Mozilla Corp is the highly-profitable source of the $368 million in Foundation assets that parent cited.

https://en.wikipedia.org/wiki/Mitchell_Baker

I understand why people are generally peeved about executive compensation, but this conversation is very rote and this is a particularly flamebait-y framing of it.

The_rationalist(10000) 6 days ago [-]

How much do they have in assets in 2020?

marcinzm(10000) 6 days ago [-]

I mean, Mozilla brings in $450 million a year in revenue and manages $600 million worth of assets.

If she's able to increased the revenue or efficiency by just 1% then she's paid off almost twice her salary.

edit: Fixed pronoun, apologies.

m_b(4299) 6 days ago [-]

They probably need to feed their children.

minikites(2259) 6 days ago [-]

>is that person really bringing 2.5 millions dollar worth of value to the company

Change the number and this will apply to most CEOs.

https://www.glassdoor.com/research/ceo-pay-ratio/

According to these numbers, CEOs work 204 times as hard as regular employees.

A4ET8a8uTh0(4328) 6 days ago [-]

I find it annoying each time nonprofit compensation for various executives is raised. I don't want to derail the thread, but it is especially appalling in education, where entities brand themselves as nonprofit where administration swallows ridiculous amount of money.

Where do you get those executive jobs for relatively unknown entities that pay millions? Isn't there an entire IRS publication about how it is suppsed to be reasonable?

zelly(10000) 6 days ago [-]

This will discourage people from donating. Absolutely disgusting. Maybe it's good for them to go bankrupt, so that other non-profits will learn from their mistake.

ntsplnkv2(10000) 6 days ago [-]

> is that person really bringing 2.5 millions dollar worth of value to the company.

Probably not but that is what the market cost is. I have no doubt the executive chair of Mozilla has other offers.

EduardoBautista(3115) 6 days ago [-]

I don't see how that is an unreasonable salary for the CEO of a highly influential tech company. CEO pay for other large tech companies is much higher.

rburhum(3312) 6 days ago [-]

Playing devil's advocate, if you are able to close a deal that is bringing more than 2.5 million a year, then you are definitely worth that amount.

vondur(10000) 6 days ago [-]

What I don't understand is why they chose a lawyer to run a software development company.

andrekandre(4287) 6 days ago [-]

1.5 million divided by 70 employees comes to around 35,000 per year...

is this ceo really worth that considering they aren't making their goals (who's responsibility would ostensibly be that of the ceo?)

rexreed(3682) 6 days ago [-]

Why does Mozilla Corporation have 1,000 employees? Just an honest question.

bzbarsky(1054) 6 days ago [-]

Because browsers are hard. See my comment at https://news.ycombinator.com/item?id=22059393 for some comparative numbers.

flybyair2038(10000) 6 days ago [-]

What did Mitchell mean by 'Most will not join us in Berlin'?

yoasif_(4179) 6 days ago [-]

They are meeting for an all-hands meeting in Berlin soon.

falcolas(10000) 6 days ago [-]

70 employees, at a grossly over-estimated cost of $200,000 a year each (QA 'leads' would probably cost a fraction of that), would cost Mozilla about $14M to retain. They are retaining their $43M budget for blue sky research intact (per TFA).

It feels like a better compromise could have been made.

madamelic(4041) 6 days ago [-]

Like cutting the CEO's bonus for her obvious failure.

I hate that layoffs like this can happen, no executives take blame and they continue to make 4, 5, 10x what those laid off made.

petagonoral(10000) 6 days ago [-]

Would love to see the compensation their board members and execs are claiming.

kelnos(3936) 6 days ago [-]

$200k doesn't just include salary; there's also equity comp, benefits, payroll taxes, etc. That can sometimes cause an employee's total cost to be at least 2x their salary.

ameshkov(2481) 6 days ago [-]

This might be a sign for other employees that they need to focus on the things that can help Mozilla actually earn more and not just be a good guy. It may sound horrible, but considering their market share dynamics it makes sense.

dangwu(4331) 6 days ago [-]

Cost per employee can be much higher than their compensation. Maybe around 25% higher.

DarkCrusader2(3152) 6 days ago [-]

> QA 'leads' would probably cost a fraction of that

While I agree with the sentiment here, there is no need to diminish the work of QA people. They are a very important of the development process. A good QA is hard to come by and I often see them single-single handedly carry a project to completion despite working with a team highly incompetent 'developers'(see what I did there).

draw_down(10000) 6 days ago [-]

The person who thought about this for 30 seconds and did some back of the envelope multiplication definitely knows how to allocate resources better than the people who do this every day.

tyingq(4281) 6 days ago [-]

200k may not be overestimated. Employees cost a lot more than their salaries. There's the employer share of payroll taxes, unemployment, health insurance subsidies, 401k matching, training, travel, etc.

dgudkov(1791) 5 days ago [-]

Mozilla lays off people, yet it still doesn't accept donations. I don't understand it - there are tons of people (including me) would gladly donate to Mozilla to keep it afloat. Yet, you can only donate to the Mozilla foundation, but not to Mozilla Corporation (that develops the browser).

gr__or(4149) 5 days ago [-]

Afaik companies can't ask for donations in the US.

malachismith(3670) 4 days ago [-]

Mozilla Corporation is a for-profit business

WhatIsDukkha(10000) 6 days ago [-]

I'm looking forward to some paid products from Mozilla (including the vpn).

Privacy focused personal zeroknowledge cloud things are needed.

I'd love to have a more elaborate version of Firefox Sync that worked across chromium (and I'd pay for it).

The obvious calendar, mail, etc.

I'd pay for a zeroknowledge hosted Berners Lee Solid service.

Do this stuff and I'll pay well for it.

doctorpangloss(4185) 6 days ago [-]

Maybe just keychain integration on macOS. It's too bad that's not a priority. [1]

Keychain support is the only reason I recommend Safari, because password sharing with iOS is so important.

On Windows it's a big mindshare problem. So I'm supportive of their marketing efforts.

Their best bet is to do affiliate selling. E.g. discount Dropbox subs originating from Firefox.

Don't focus on stuff that Google does well, like e-mail. Focus on stuff Windows does poorly, like OneDrive.

So you're right on the money with password sync. Basically nonexistent in Windows. 1password affiliate selling = A+.

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=106400

ryuukk_(10000) 5 days ago [-]

you look forward to help pay the 2.5 millions $ they give to their CEO? :) u are such a good boy

Andrew_nenakhov(10000) 6 days ago [-]

Why do you want sync with chromium?

Firefox syncs just fine with Firefox on any platform, including mobile. Just use it everywhere, no?

csdreamer7(4328) 6 days ago [-]

This feels really bad. I feel she seems to be hinting that they are cutting people in case they lose revenue.

As others have posted their financials: https://assets.mozilla.net/annualreport/2018/mozilla-fdn-201...

They seem to be very dependent on search engine revenue: 91% and 93% for their revenue. Once again, I feel she is worried Mozilla will be cut off very soon.

Still feels like really bad news for Firefox. Microsoft cut their QA people for Windows. Windows 10 to this day still has update issues.

I do agree that Mozilla needs more products to stay competitive. Especially when the Google docs team doesn't fix issues that make Google sheets very frustrating to enter data into with Firefox. Just listen to Linus(TechTips) complain about Google Calendar issues when he pays for the commercial version of GSuite.

I wonder if Mozilla gets cut off from search engine revenue means they will start to develop products/fund OSS competitors to GSuite?

Still, when you introduce new products, that is when you need Q/A the most.

However, Pocket is not one these products. I disable the pocket button on every new Firefox install I do. They have an entire page on it in their financial statement.

And I don't feel the CEO should be increasing her pay when the workforce suffers (from $2.3m to $2.5m). Nintendo's management took a pay cut during their Wii U years before the Switch. And that is what management in general should be doing well before a layout.

The Mozilla steering committee certainly didn't consider this when 'we plan to eliminate about 70 roles from across MoCo... ...(were) considered as part of our 2020 planning and budgeting exercise only after all other avenues were explored.'

Yoric(3688) 6 days ago [-]

> I wonder if Mozilla gets cut off from search engine revenue means they will start to develop products/fund OSS competitors to GSuite?

How would Mozilla fund this?

> And I don't feel the CEO should be increasing her pay when the workforce suffers (from $2.3m to $2.5m).

Where do you find this? At the moment, Mozilla doesn't have a CEO, only an interim CEO, are you sure that's her?

strict9(3342) 6 days ago [-]

Not sure of Mozilla's financial or organizational structure but it seems to be part of a larger trend of de-emphasizing QA departments at software shops large and small over the past 10 or so years.

In many ways test automation tooling has become much easier to use, develop, and manage.

But I suspect the larger driving force is that it's (arguably) a cost center for an org. The burden of ensuring software quality can be shifted to devs and PMs, though usually with mixed results.

For Mozilla, axing quality and security first is a bad look when those are crucial aspects of a privacy-first company value.

jonny_eh(2074) 6 days ago [-]
weberc2(4304) 6 days ago [-]

I wonder if it's improvements in automation or if QA responsibilities are increasingly rolling up into standard developer roles or because the line between QA and dev is blurring (e.g., software testing now requires stronger dev/automation skills so the QA job looks more like standard software engineering)?

specialist(4337) 6 days ago [-]

Obligatory: quality assurance is not testing.

'...de-emphasizing QA departments...'

I feel like we (the industry) have forfeited. I did a stint as a SQA manager. Coming from a dev background, I took it very seriously, totally immersed myself in the domain, transmuted from skeptical to true believer.

I honestly don't know what to make of today's state of affairs.

For example, today's business analysts often do many of the tasks we used to associate with the QA role. Testing, verification, liaison with customers. Did we just rename the role?

Did 'Agile' smother QA? Until very recently, I've never heard an Agile explanation for how to do QA/Test. I mean really do it, not just wave your arms. The 'Test Into Prod' thesis, strategy, whatever, is the first intellectually honest, actionable, constructive (criticizable) methodology I've seen which is tailored for our new market realties.

I've never understood Agile. My teams were way more 'nimble' (to use a different adjective) using PMI, critical path, iterative, lightest weight decision making, front loading work, managing risk, and so forth. All the battle hardened time proven stuff people untrained in project management pejoratively call 'waterfall'.

One correct criticism of all failing methodologists, including Agile, is lack of feedback loops. The 'throwing over the wall' of work downstream. We designed feedback loops into our processes, some of what today would be called CI/CD. We were definitely not waterfall. (Another is managing transaction costs, something Agile has manifestly failed to do.)

Rant over. Sorry. Now get off my lawn.

throwaway5752(3395) 6 days ago [-]

It sounds organizational. The one reference to QA is that the leads were let go, which might mean that the teams were re-orged under a product aligned structure.

There is a lot of 'shift-left' emphasis out there, but ultimate their is a conflict of interest problem. I think there's no need to go beyond the 'we are losing money' explanation and QA is considered more of a cost center.

zelly(10000) 6 days ago [-]

If there's anything they need to axe, it's the Gecko team. Just replace it with V8. The whole layout engine too--replace it with Blink. It is inevitable, so might as well get over with it now and save the wasted human effort and $$$.

I tried to use Firefox recently. It leaked 28 GiB of RAM on x86_64 GNU/Linux with no extensions except uBlock Origin. Happened a few times over the month whenever I visited JS-heavy websites. Never had that happen with Chromium, which runs through megs of JS like butter.

Wouldn't it be nice if an experienced browser dev team maintained a privacy-oriented libre version of Chrome (without manifest v3, sync, and all that trash). Or should they keep doing what they've doing and make the best pro-privacy browser that no one ever uses except indirectly through Tor Browser.

rogueresearch(10000) 6 days ago [-]

>The burden of ensuring software quality can be shifted to devs and PMs

Heck, the burden can be shifted to users! But then you might not have so many users in the future. :(

crazypython(4144) 6 days ago [-]

Mozilla uses AFL, which is a genetic algorithm that tests code paths. They are also transitioning to Rust, which will give them a much bigger safety guarantee over most of their code and a much smaller audit surface for the rest.

tapoxi(4053) 6 days ago [-]

Mozilla should just ship Chromium with privacy oriented features. There's no reason to reinvent the wheel and keep iterating on Gecko when its obvious there's less and less demand for it, especially when it costs them so much money.

If Firefox was actually gaining share I'd feel differently, but I'd rather see Mozilla switch tech stacks than fizzle out and die.

Andrew_nenakhov(10000) 6 days ago [-]

Firefox is our last bastion of hope against the browser monoculture.

If you think that the new browser monoculture would be any better than the previous one (IE5-6), you are horribly, horribly wrong.

ameshkov(2481) 6 days ago [-]

Brendan Eich tweeted that they laid off about 70 people: https://twitter.com/BrendanEich/status/1217517703914643456

This is about 7% of all their employees.

People report that a lot of QA, security, and release management folks were sacked.

A lot more details in the TechCrunch article: https://techcrunch.com/2020/01/15/mozilla-lays-off-70-as-it-...

> In an internal memo, Mozilla chairwoman and interim CEO Mitchell Baker specifically mentions the slow rollout of the organization's new revenue-generating products as the reason for why it needed to take this decision

edit: fixed the numbers, added some more details.

WilTimSon(10000) 6 days ago [-]

I'm surprised they're laying off security and QA, considering how focused on privacy and security their marketing campaign seems to be. In the last 6 months, I think 90% of cases where I saw Mozilla mentioned were about how it's the 'hot new browser' for the privacy-concerned. Although, perhaps, that's more to do with a good marketing team and less with a sprawling security department? Would love to see some expert opinion on what this means for the company's current trajectory.

pasttense01(10000) 6 days ago [-]

From the 2018 State of Mozilla annual report: With over 1,000 full-time employees worldwide https://www.mozilla.org/en-US/foundation/annualreport/2018/

raister(10000) 6 days ago [-]

It was Microsoft (or other company I don't recall) that every 5 years would lay off 5% of its work force (the least capable or productive people) - this would cause those that remain to work harder next year. Then, they would open positions. Rinse and repeat.

tracker1(4316) 6 days ago [-]

I'm not sure why they don't largely sack half their marketing budget and concentrate on community outreach from the developer side... that's how they grew in the first place.

I'm also surprised they haven't tried to create commercial mail and communications products. Thunderbird used to be one of the best options out there, and they could easily spin this off into a SaaS and self-host product on the server component. As much as I hated Lotus Notes, something between Lotus Notes, Outlook and MS Teams could be something great and that the Mozilla org would be in a good position to create.

I know they may have good reach with the VPN service as well... I'm unsure how they can reduce security, qa and release management people when orchestration, automation and verification are such huge needs.

They get enough income from search (for now) that they could concentrate on best of breed tech, build mindshare from that, then re-introduce marketing for critical mass.

Slashbot2(10000) 6 days ago [-]

Well I dunno.,. maybe it was good.. ever since Windows 8 came out (which was a pile of fucking shit) I would say things have gotten worse.. Windows is complete garbage as far as actual desktop improvements.

From Win98>Win2000>WinXP>Win7 it has been a slow but steady improvement in stability and features.. sure could have been better, but compared to Linux desktop distro's which none of them can barely even fucking match WinXp in terms desktop features and stability.. nvm the power shell extensions and eco system which don't exist. Because that only comes from good API's documentation and community that isn't completely stupid ... I would say that MS had a fairly good team of people up until the release of Win7, after that they seemed to have got a retarded shit for brains CEO Satyan noob tard, and replaced all the skilled people with fellow idiots.

And now Win10 is a stinking pile of broken and bug infested noob trash... it's built on the work that proceeded it, but they sure have done as much as possible to ruin that while doing fuck useful as an improvement in the underlying system let alone the UX/UI which hasn't improved at all its at best worse, they've just tacked on crap everywhere.

lostmsu(3960) 6 days ago [-]

Sadly, I have to agree. There have been just a few of really good features in Windows after 7: app sandboxing, first party VR support (if not for that, we'd only have locked down VR platforms like PS VR and Oculus), the new Mail client, and using voice to set reminders and alarms (when it works). Maybe better support for tablet mode in Mail, browser and the Start Menu, and the dark mode lately.

Outside of that list, I'd struggle to name a single thing in Windows, that became better. Number of bugs certainly increased. Specifically, search and language switching are the worst offenders.

disordinary(10000) 6 days ago [-]

I don't have the same issues with Windows 10 but I only really use it for work and some gaming so I'm hardly an authority on it. Any issues you have might be due to the fact that they got rid of the Windows team awhile back.

TheGrassyKnoll(10000) 6 days ago [-]

I don't use Windows (linux), so couldn't say how great it is or not, but the shareholders are loving Satya Nadella. MSFT is up about 160% in the last two years.

dredmorbius(166) 6 days ago [-]

TechCrunch has more info:

'Mozilla lays off 70 as it waits for new products to generate revenue'

https://techcrunch.com/2020/01/15/mozilla-lays-off-70-as-it-...

dang(188) 6 days ago [-]
sstangl(10000) 6 days ago [-]

I'm one of the 70. There were no signs that this was imminent, although Mozilla has been struggling financially for many years. I expected that it would happen eventually; I'm relatively well-prepared for it; and it's not too shocking. I did however expect that there would be some warning signs in the lead-up, but that was not the case.

I was working on Cranelift, the WebAssembly compiler that is also a plausible future backend for Rust debug mode. Before that, I worked on the SpiderMonkey JITs for 9 years. If anyone has need for a senior compiler engineer with 10 years of experience writing fast, parallel code, please do let me know.

apaprocki(1642) 6 days ago [-]

We... like SpiderMonkey very much. Contact in profile ;)

gregschlom(3368) 6 days ago [-]

Friendly tip: maybe put your contact info in your HN profile?

kraken-eng(10000) 5 days ago [-]

Kraken is hiring Senior SW Engineers with extensive Rust experience for our backend services team. The team is remote. Check out the link below to apply or get in touch at leon at kraken dot com

https://jobs.lever.co/kraken/4c864c8f-bde6-443d-b521-dd90df0...

Avi-D-coder(3876) 6 days ago [-]

How many people are left working on Cranelift?

zeuxcg(10000) 5 days ago [-]

If you're interested in language runtime work (in C++) e-mail arseny at roblox.com

andreasgal(10000) 6 days ago [-]

Shoot me an email agal at apple. Also feel free to give my email to anyone else affected.

tzjmetron(10000) 6 days ago [-]

That sucks, man! Hope you find a better place soon.

pascalpaillier(10000) 6 days ago [-]

Your experience may be invaluable to us -- we're building a homomorphic virtual machine for machine learning, all open source and in Rust. Send me an email to [email protected]

RavenessaX(10000) 6 days ago [-]

We have many job openings at SpaceX for senior software engineers, please do apply! https://www.spacex.com/careers/list?field_job_category_tid%5...

kev009(3973) 6 days ago [-]

Sounds like a pretty clueless layoff, I guess I expected better from Mozilla than usual corporate derp. If there was truly no dead weight, surely the management could have scaled back their own comp for misdirecting the company? Very few people understand what it means to be a leader in corporate world.

bemeurer(4214) 6 days ago [-]

If you're interested in non-compiler, HPC Rust work reach out at bernardo at standard dot ai

shanbar(10000) 5 days ago [-]

GitHub is hiring, we have quite a few roles posted, and many more opening... https://github.com/about/careers

artemis1666(10000) 5 days ago [-]

Your experience seems like it would be great for embedded flight software development. Please email tyler.butler at lmco.com if you or others in your situation would be interested in working on NASA's Orion program.

lachlan-sneff(3884) 6 days ago [-]

Is Dan still there?

wdanilo(4314) 5 days ago [-]

LUNA (http://luna-lang.org) - write to us! :)

I'm one of the founders. We are looking for senior compiler engineers (GraalVM) and senior WebGL developers (Rust ) in our team. We are doing a visual programming language for data science and we just got funding of $2.5M. We'd love to chat :)

awill(10000) 6 days ago [-]

Stupid question, but doesn't Mozilla make around $500MM revenue a year, and have a little over 1000 employees. That seems like it should be profitable.

pabs3(2672) 6 days ago [-]

Igalia are hiring for WebKit and related work:

https://www.igalia.com/jobs/

hartator(3771) 6 days ago [-]

Shot me an email at julien at serpapi.com.

waste_monk(4313) 6 days ago [-]

Just curious, what is the breakdown of 'classes' of people layed off.

By which I mean developers vs managers vs other assorted e.g. 'tech evangelists' or whatever it's called.

mylons(10000) 6 days ago [-]

sorry this happened to you.

dzlobin(1286) 5 days ago [-]

Facebook is definitely looking for folks with compiler experience. Feel free to reach out at dannyz [at] fb

modarts(10000) 6 days ago [-]

That's terrible, really sorry that happened to you. The good news is that you have an extraordinarily rare and valuable skill set as a compiler eng

zozbot234(10000) 6 days ago [-]

> I was working on Cranelift, the WebAssembly compiler that is also a plausible future backend for Rust debug mode.

Just curious, but could Cranelift (or rustc_codegen_cranelift, I'm not sure which would be the closest) also acquire a C-transpiling backend, making it a viable replacement for mrustc? There might be quite a few people willing to fund that sort of work, since it could suffice to bring Rust to a whole lot of platforms that people care about.

ndesaulniers(1247) 6 days ago [-]

Some of my friends are affected; does anyone have advice from experience that could help?

Yoric(3688) 6 days ago [-]

1. Don't panic.

2. Your worst enemy at this stage is depression/exhaustion. Sport and social life are important to keep this at bay.

3. Brush up your CV, your interview skills.

4. Organize cross-reading of CVs, simulate interviews for each other.

5. You may need to go through numerous interviews. It sucks.

ntnsndr(3935) 6 days ago [-]

Any word about whether this affects Thunberbird?

sciurus(305) 6 days ago [-]

AFAIK no Mozilla Corporation employees have been paid to work on Thunderbird for years now, so there's nothing to cut.

stuff4ben(4122) 6 days ago [-]

Besides donating and the as-yet-to-be-released VPN service, how else can we support Mozilla? I don't see anything they're actually selling and I hate for stuff like this to happen.

yoasif_(4179) 6 days ago [-]

Personally, I run nightlies and report bugs -- I think that is more effective (but people who want more assurance may want to run beta instead) than most other things I might do (and doesn't really require a lot of commitment).

You can also donate your voice here: https://voice.mozilla.org

Nextgrid(3976) 6 days ago [-]

From what I heard from other HN comments, donations don't actually go to the browser's development, instead they go to auxiliary projects of (IMO) dubious value like community outreach, etc.

rchaud(10000) 6 days ago [-]

I feel like the kind of money Mozilla needs to keep going each year isn't something that can be crowdsourced like Wikipedia. Unfortunately I think big corps will continue to be Mozilla's major donors. And the big cheques they cut will come with strings attached, just not in writing.

dman(3668) 6 days ago [-]

Brendan Eich has a helpful chart of Compensation of Highest paid executive at Mozilla vs Firefox market share over time.

https://twitter.com/BrendanEich/status/1217512049716035584/p...

dpflan(271) 6 days ago [-]

Wow. This makes me wince. My mind is making an emotional connection here to the .org fiasco and recent posts about 'the internet of yore'. Something(s) odd, unethical seems to be brewing/happening.

malachismith(3670) 6 days ago [-]

To be clear... this charts the comp of ONE person at Mozilla (the Board Chair - and now interim CEO).

paul7986(4293) 6 days ago [-]

Seems odd in his tweet he noted he was unable to get funding in the valley for Brave. The guy created JavaScript and was a creator of Firefox. Don't get it ..as JS alone has contributed like how much to world economies, as well to almost every HN reader's wallet/bank.

pastor_elm(10000) 6 days ago [-]

Most stats I see put Firefox market share at around 5%. Am I reading the chart wrong?

bearcobra(4246) 6 days ago [-]

This chart feels a bit disingenuous given that Mozilla's form990s show Eich's salary tracking along basically the same line until his departure in 2014.

dralley(3184) 6 days ago [-]

I don't much care for Eich but that graph (as in, what it represents) is just shameful.

zhdyudshdh(10000) 6 days ago [-]

That's not helpful at all it's just a backhanded advertisement for Brave.

throwaway123x2(10000) 6 days ago [-]

It's crazy how much FF's marketshare has dropped. It's such a great browser.

iamleppert(4336) 6 days ago [-]

Mitchell Baker should be ashamed of her performance at Mozilla. Serious missteps in the development of Firefox led to the rise of Google Chrome, and only recently (and arguably too little, too late) have they seen the light and prioritized the re-development of Firefox.

Nearly all of the other projects at Mozilla that aren't related to the browser itself have been abject failures. They have not only failed in their core product against Google, but have shown that they are completely incapable of innovation in other areas of tech.

Her letter reads like someone who is completely clueless. Getting rid of people while earmarking $40 million for a so-called 'innovation fund' with no real strategy?

They are hoping some half-baked VPN product generates enough revenue to make them independent of Google's search deal? Please remember this post when that product fails to deliver. It's not a matter of time, it just makes no sense in any kind of timeline and at this point Mitchell Baker is grasping at straws.

whatthefoxer(10000) 6 days ago [-]

Fun fact, they promised hundred of thousand in revenue and got less than 1000.

The people let go weren't the people working on the failures for the most part. It looks like each was told 'you have to save x% of money from your current operating budget. This can be lay off or by other means'

So layoffs all around,any engineers, some managers, some directors. This means mostly people who are paid more but not essential, hence you see senior people who worked a long time at Mozilla being let go, because most teams don't run services that cost a lot of money.

Note that this directive come from the new CFO and board. Feel free to look em up. When the previous CFO left I feared this would happen (previous CFO had some integrity)

flurdy(4208) 5 days ago [-]

I disagree. Though I am not in a position to evaluate her performance as interim CEO, I feel Mozilla and Firefox have moved on a lot in the last few years.

When I returned to Firefox a few years ago initially it felt quite behind Chrome, and few odd things like Pocket etc, but these days I can't see any reason to use Chrome. Love the container add-ons, thew new picture-in-picture works great. The leaner Quantum works better. I appreciate the work they do with Rust and webassembly. etc.

arendtio(10000) 5 days ago [-]

So what would be your strategy to increase the Mozilla revenue?

the_duke(3640) 6 days ago [-]

Firefox did become horribly slow compared to Chrome and lost a lot of market share in the tech savvy community because of it. I also don't understand how they could fall so far behind with their primary product.

(they finally caught up again now, I switched back to Firefox about 2 years ago)

But:

Google pushed Chrome on desktop very aggressively via Google Search and bundling Chrome with every software download imaginable.

Then came the rise of mobile and tablets, with forced Safari on iOS and Chrome by default on Android/Chrome OS, with little incentive to switch...

The bulk of market share loss was inevitable.

rileymat2(10000) 6 days ago [-]

I am not certain that Chrome replacing Firefox market share was not inevitable with a reasonable product. Between the promotion on google properties and android name, it had to be bad to not get significant market share.

throwawaybbb(10000) 6 days ago [-]

Yeah, but how goods the diversity?

tanilama(10000) 6 days ago [-]

If MSFT bought Mozilla to counter Google, that will be hilariously glorious to fulfill a cycle, but makes logical sense.

jml7c5(10000) 6 days ago [-]

Come to think of it, did Microsoft ever consider replacing their rendering engine with Gecko, rather than Blink? I'm surprised they ceded such control over the future direction of the web to Google.

thrower123(3111) 6 days ago [-]

If it was still Ballmer Microsoft, this would be absolutely on brand - spend a couple years and a huge effort on pivoting Edge to Chromium, then acqu-hire a different product in the same lane and mothball all of that investment.

chrshawkes(4308) 6 days ago [-]

I find it interesting they are laying off 7% of their staff while hiring new developers. I say this as they had a job post in DC recently saying we could join their growing company. Are they growing or retracting?

quotemstr(3683) 6 days ago [-]

People are not fungible.

blackearl(10000) 6 days ago [-]

Maybe it's like a controlled burn. Get rid of a bunch of low performers or those who they don't really need currently, hire quickly into what they do need.

overcast(4290) 6 days ago [-]

Only in fairy tale land does CEO/Executive compensation reflect performance.

dang(188) 5 days ago [-]

Ok, but please don't post unsubstantive and/or flamebait comments to Hacker News.

We detached this subthread from https://news.ycombinator.com/item?id=22060372 and marked it off-topic.

manfredo(10000) 6 days ago [-]

Many CEOs derive a significant portion - often even the majority - of their compensation from performance-based bonuses. Compensation not only reflects performance, it is directly tied to it.

tus88(10000) 6 days ago [-]

I thought Mozilla was a foundation not a company.

mattl(3773) 6 days ago [-]

Mozilla Foundation owns Mozilla Corp.

kevingadd(3900) 6 days ago [-]

It's both. When I worked there, the Foundation (non-profit) owned the Corporation (for-profit). If you donate to Mozilla it's going to the non-profit org.

Brokedamouth(10000) 6 days ago [-]

I was at Mozilla for a while and it was a two-class system. The execs flew first class, stayed in fancy hotels, and had very expensive dinners and retreats - sometimes in the high five-figures. This is not even included in comp. One time, the CFO sent out a missive urging everyone to stay in AirBnB to save money and the execs (literally the following week) booked $500/night rooms at a hotel in NYC. I think the moment that made it clear as day was during a trip to Hawaii for the company all hands. The plane was a 737 so you had to walk past first class. These all hands are a huge deal for families - many were struggling down the aisle, carrying booster seats, etc. And they were passing two of the C-levels sitting in giant first-class seats sipping tropical cocktails. The rule in the military is that men eat first, officers last. Mozilla has always reversed that rule and the result was a pretty toxic culture, all around.

webboynews(10000) 6 days ago [-]

Explains why all their focus these days is on 'cool' stuff and PR and sjw'ism rather than plain getting shit done.

jmchuster(10000) 6 days ago [-]

$500/night for a hotel in NYC sounds relatively cheap. $400 is about the lowest you can find. If you find $350, I would really recommend you not stay there.

_Codemonkeyism(3991) 6 days ago [-]

'I was at Mozilla for a while and it was a two-class system. The execs flew first class, stayed in fancy hotels, and had very expensive dinners and retreats - sometimes in the high five-figures.'

Mozilla was captured by career executives and people with an ageneda - and money for years was not spend on engineering but squandered. I've been using FF since Mosaic days on and off (lately on again as Brave doesn't block more and more ads) and I'm said there is no alternative (FF hangs Twitch for me for which I need to use Chrome, WHY?)

Now they lay of senior engineers.

kamaal(677) 6 days ago [-]

Two days back I wrote this comment: https://news.ycombinator.com/item?id=22034293

I doubt if this is just with Mozilla. Things like these are come as job perks when you enter management. And this one of the reasons why you must aspire to be a manager and not a programmer on the longer run.

>>The execs flew first class, stayed in fancy hotels, and had very expensive dinners and retreats - sometimes in the high five-figures.

They will always come up with reasons why they need to do this. The most common one is they need to be fresh with brains in clouds so that they can to talk to clients etc well. And they are doing this for the employees good.

"Comrades!' he cried. 'You do not imagine, I hope, that we pigs are doing this in a spirit of selfishness and privilege? Many of us actually dislike milk and apples. I dislike them myself. Our sole object in taking these things is to preserve our health. Milk and apples (this has been proved by Science, comrades) contain substances absolutely necessary to the well-being of a pig. We pigs are brainworkers. The whole management and organisation of this farm depend on us. Day and night we are watching over your welfare. It is for your sake that we drink the milk and eat those apples."

- George Orwell.

>>This is not even included in comp.

Things like this generally go in some top level budget and the are approvals are not even audited at item level spending. Like no asks if you had a $100 dinner. It just goes into a group by statement in some dashboard. This is also why so many managers spend lavishly. It's almost anonymous spending. And money once given is never asked back.

If you think this is saying something. Wait till you discover how comp works in those roles. Pretty much anything given is never audited and its given fairly unchecked. Big bonuses and stock grants are just every day activities.

As in Indian who worked in the US for a while, I've even seen Green cards handed to manager's pets like candies. Again no asks questions, no audits done. Its just how awesome managerial jobs are.

>>The rule in the military is that men eat first, officers last.

I doubt if military or any people structure works this way.

Don't fall for these pep talk like speeches.

gred(10000) 6 days ago [-]

Hawaii. Huh. Families haven't been invited to our company Christmas party for the past 7 years.

johanekblad(10000) 6 days ago [-]

Hacker news, please block topics from techcrunch- and verison media-articles. They use a lot of third party cookies, ad banners, fingerprinting and other evil stuff.

floatingatoll(4057) 6 days ago [-]

You should email this to the mods using the Contact link in the footer, as they'll be able to see your comment and respond to it.

lizzard(4287) 6 days ago [-]

Well, it's been a truly amazing place to work, and I've enjoyed it so much, right up until being laid off today. Really the smartest and coolest engineers I've ever known and the best community! I have had my hand in shipping every version of Firefox since around version 30 and it's been great. Especially working in such an open environment. Onward to the next adventure.

x2f10(4337) 6 days ago [-]

I'm sorry to hear that. Thank you for helping create an amazing browser. Best wishes!

Aperocky(10000) 6 days ago [-]

As someone who jumped from chrome since quantum came out, I can't appreciate Mozilla enough, sadly things are not made to last...

I'm guilty too having used such great tool but haven't directly contributed anything.

But from what I hear, it seem the layoffs are directed not by technical reasons, and amazing people were let go. In this case, I fear for the future of firefox, which are not well protected or funded like the open sourced titan Linux.

chaz6(10000) 5 days ago [-]

As a long time Firefox user, thank you! If Mozilla fails, the world wide web will be owned by corporations.

shaklee3(2645) 6 days ago [-]

Sorry to hear that, but hope you find something you like just as much.

mattlondon(10000) 6 days ago [-]

Sorry to hear you were laid off today.

Good luck with your next adventure and thanks for your work with Firefox!

Yours,

An appreciative Firefox user.

jahlove(10000) 6 days ago [-]

I don't understand Mozilla. How did the go from a lightweight Mozilla Browser alternative to a company that spends $450m annually and dedicates $43m just for future endeavors? Why couldn't they just focus on making the best browser possible with a small dedicated team?

burtonator(1979) 6 days ago [-]

> Why couldn't they just focus on making the best browser possible with a small dedicated team?

Risk... companies that make too much revenue from one product or too much from one customer risk death.

jen20(4253) 6 days ago [-]

Would you cut, say, Rust?

ameshkov(2481) 6 days ago [-]

Nowadays, a small team is simply not enough to develop a browser and keep up with the competition. Unless you fork Chrome, of course.

8ytecoder(4272) 6 days ago [-]

One metric of power that has been constant throughout human history is the number of people you are in charge of. You'll find this to be the most common measure of power across all of industries, militaries, cultures and governments.

thrower123(3111) 6 days ago [-]

Bloated headcount destroys most software. People still think you can throw more people at it and it will get built faster and better, as if we were building the pyramids.

jldugger(4299) 6 days ago [-]

> How did the go from a lightweight Mozilla Browser alternative to a company that spends

Well, I mean, they started off as a HTTP server company with a not lightweight browser, won an antitrust case but lost the war, and reformed as a non profit. Or, well, a for profit company wholly owned by a non profit. At which point they went about rebuilding Netscape suite, the one with mail clients and calendars (and IRC and nntp), as open source software. Then some rogue employees and interns thought 'nobody wants this shit' (https://website-archive.mozilla.org/www.mozilla.org/firefox_...) and firefox was born. Well, phoenix, because engineers never do trademark searches when naming projects. So yea, I don't think anyone fully understands Mozilla, except maybe a few annoyed IRS auditors.

I don't know when Mozilla started taking money for search engine placement, but whoever invented the idea should get a few mil, because now that nobody buys HTTP servers, it's all Netscape/Mozilla has left.

From Google's perspective, it's quite easy to see why they fund chrome: each user that converts to chrome is money they dont have to pay Mozilla. Somehow, despite that depressing metric of user share, mozilla's been making more money every time search bar placement contracts are up for renewal. Some of that was likely competition in search engine space, with both Bing and Yahoo under Marissa chomping for some revenue. I guess the layoffs signal that isn't going to happen again?

Or maybe it signals that you don't need users if your main value anymore is to prove to the DOJ there is no monopoly?

jakearmitage(10000) 6 days ago [-]

I also don't understand why they keep pushing useless services.

newnewpdro(4287) 6 days ago [-]

Empire building tends to be irresistible to those in positions eligible.

ex_mozillian(10000) 6 days ago [-]

Look at the changes to the executive team at Mozilla in 2017 and 2018 if you want to see the root of the problem.

Look at the changes Chief People Office Michael D'Angelo introduced (after leaving Pinterest), especially the multi-tier bonus system that crystallized the executive hierarchy and made ironclad the gap between Mozilla leaders and the Mozilla proletariat. How much does he make?

Ask yourself- what value or improvement did Chris Lin, VP of Mozilla's horrid IT, hired from Facebook, bring to the company? And look at his overpaid group of Directors, who do not have a single win between them that improved Mozilla's bottom line. Why did they hire a leader from Facebook? Were they trying to sink the ship?

Ask yourself- with all of Mozilla's failed marketing initiatives, why has the CMO never been held to account?

There was great hope that Mitchell Baker would return and clean house where it was needed, starting with many of the execs. This layoff, with so far no indication of leaders being held to account, is a sign that things are not going to improve.

It's a shame, because the people of Mozilla are the finest people you could ever work with. They don't deserve this leadership. The rank and file at Mozilla are amazing, though some of the best were let go today.

jdance(10000) 6 days ago [-]

As an outsider there are constantly small details that are off in product and marketing that hint to this. Its really sad to see, I keep using firefox and get a little sad every time I see these signs that this company does not know what it wants to do. In many ways it behaves like a public company without long term direction

musicale(10000) 6 days ago [-]

> "You may recall that we expected to be earning revenue in 2019 and 2020 from new subscription products as well as higher revenue from sources outside of search. This did not happen

I don't want subscription garbage, and I don't want Firefox advertising stuff to me.

However, I have no idea how I'd try to fund Mozilla when most of their work is on a product that they give away for free.

I can't imagine that grants from foundations or the government could cover their budget, and I can't really see them being amazingly successful with apps (although I would pay for a bulletproof, high quality ad blocker for iPhone) or hardware (although Purism's phones and laptops seem kind of in Mozilla's ballpark, I doubt they are making much money.) Nobody wants to pay for web services, and it's hard to compete with the many cloud incumbents, so those don't really seem like a good options either. Running a consulting business to fund the browser doesn't seem like a winning idea. Development tools seem to be free from the likes of {Microsoft, Apple, Google} as well, so that doesn't seem like a great business. I can't imagine many people paying for Rust or webasm tools either. Perhaps web game development tools or platforms? Anyway, it's a hard problem.

So HN, does anyone have any actual, serious, good ideas on how Mozilla can make money and keep delivering a good Firefox browser (and Rust, webasm, etc.) for free?

rudolph9(10000) 6 days ago [-]

Donate.

mtm7(10000) 6 days ago [-]

This is a difficult problem. Donations wouldn't be reliable/stable enough to fund the company, and selling a different product (SaaS, consulting, etc.) would realign Mozilla's incentives to have its best people working on its revenue generator instead of the browser.

I know this'll be an unpopular suggestion (and it's not something I necessarily want), but the elephant in the room is _selling_ Firefox: I would be happy to pay for their browser provided it was more polished than the competition. I would even pay a yearly fee. (Again, not ideal, but I'm just brainstorming.)

Or maybe find a way to sell an 'enterprise' Firefox to nontechnical companies who are privacy-oriented? I'm not sure how realistic this is.

The only other way they're going to be able to do this is to find something as creative as reCAPTCHA's business model [0]. With so many users, maybe there's an idea there.

[0] https://digital.hbs.edu/platform-digit/submission/recaptcha-...

musicale(10000) 6 days ago [-]

Some of the better Mozilla product suggestions I've seen that I could imagine people paying for:

- @firefox.com email hosting without advertising/tracking (besides advertising firefox in the domain!)

- blog hosting without advertising or tracking

- non-dodgy vpn service

pnako(10000) 6 days ago [-]

Why not something like the Linux Foundation?

Stop all the marketing and the nonsense advocacy, focus on developing a browser, get other companies to fund development. It's in the interest of quite a few vendors to have a good, neutral browser.

remote_phone(3961) 6 days ago [-]

My friend used to work for Mozilla. She said she has never had a more boring job. She said there was no work to be done, her boss was remote and never asked her for deliverables. She was well paid with a 40% cash bonus and she would go on yearly boondoggles. I told her she should stay but she couldn't bear it so she left after 2 years.

She said part of it was that they couldn't save money because they were a non profit so all the money they got they had to spend, which caused over hiring.

IfOnlyYouKnew(3571) 6 days ago [-]

> She said part of it was that they couldn't save money because they were a non profit so all the money they got they had to spend, which caused over hiring.

She-if she exists-is wrong. And I'm doubting her existence because nobody working at an NGO would be able to hold onto such superficial misconceptions for long.

zozbot234(10000) 6 days ago [-]

This would be the Mozilla Foundation (not Corp), right? And I don't think it's literally true that a charitable foundation has to spend everything it gets - they can still save for a rainy day or even build up an endowment over time. They can't disburse profits obviously, but AIUI that's not the same thing as saving money internally.




(865) Every Google result now looks like an ad

865 points about 6 hours ago by cmod in 1829th position

twitter.com | Estimated reading time – 1 minutes | comments | anchor

Welcome home!

This timeline is where you'll spend most of your time, getting instant updates about what matters to you.

Tweets not working for you?

Hover over the profile pic and click the Following button to unfollow any account.

Say a lot with a little

When you see a Tweet you love, tap the heart — it lets the person who wrote it know you shared the love.

Spread the word

The fastest way to share someone else's Tweet with your followers is with a Retweet. Tap the icon to send it instantly.

Join the conversation

Add your thoughts about any Tweet with a Reply. Find a topic you're passionate about, and jump right in.

Learn the latest

Get instant insight into what people are talking about now.

Get more of what you love

Follow more accounts to get instant updates about topics you care about.

Find what's happening

See the latest conversations about any topic instantly.

Never miss a Moment

Catch up instantly on the best stories happening as they unfold.




All Comments: [-] | anchor

2OEH8eoCRo0(4291) about 4 hours ago [-]

I disconnect from my phone after 6pm or so and if while doing my crossword puzzle I need trivia answered or something spelled out I can ask my Nest Mini and get no bullshit answers most of the time without ads.

minikites(2259) about 4 hours ago [-]

>most of the time without ads

For now.

nif2ee(10000) about 3 hours ago [-]

Reminder that almost every Google search bashing thread on HN is most probably injected by DDG. They have been doing that for years and years and it proved to be very effective. It's a amazing that such a mediocre search engine like DDG can be popular only based on rants and accusations on the big guy. But it seems really to be a very effective marketing technique.

Rooster61(4150) 21 minutes ago [-]

Or, people are getting onto HN like they do every day, seeing this thread, and upvoting it of their own volition.

Certainly the case for me.

dehrmann(10000) about 5 hours ago [-]

I remember when Google made a point of being ethical by putting ads on the right rail with a light blue background so it was clear which results were ads and which were organic.

asdf21(10000) about 4 hours ago [-]

Seems quaint now, eh?

alecbenzer(3871) about 4 hours ago [-]

0.02: I really didn't mind the change, I assumed it was meant to allow users to more easily identify 'well-known' sites in the results: noticing a familiar icon is a lot easier than noticing a familiar URL. This seems potentially good for both users and sites? I guess it's bad for sites that are currently trying to build up their credibility and aren't yet 'well-known'?

In retrospect, I'm sure blurring the lines between ads and search results was probably part of the motivation. But if they modified ads a bit more to further distinguish them and kept the favicons, I don't think I'd mind.

sukilot(10000) about 2 hours ago [-]

The icons are unreadably microscopic, though.

ppod(4322) about 3 hours ago [-]

I'm confused. I noticed this aesthetic change a couple of weeks ago and I wondered what was causing it. So now when I saw this post, I turned off adblock on the search results page to see where the ads are, and I still can't seem to see any ads.

The sidebar is blank. The main page has results from 'Places', 'People also ask' and 'images', interspersed with the normal results (which now look more like the old ads), but I don't see any actual ads, even with adblock off. For those of you that have the new look and see ads, where are they?

nogridbag(10000) about 3 hours ago [-]

The ads look nearly identical to the search results now except the icon is replaced with 'Ad':

https://imgur.com/a/DpYGib7

nokicky(4168) about 4 hours ago [-]

I made a Chrome extension a few months ago to fix the design, you'll find it here: https://github.com/attio/google-ad-fixer

I'll try and submit to the Chrome Store, let's see if it gets in :)

fimoreth(10000) about 4 hours ago [-]

I also have one I submitted over the weekend. They haven't taken it down yet :). Mine is just geared towards my dislike of the favicons, not distinguishing the styling of the ads.

https://addons.mozilla.org/en-US/firefox/addon/hide-google-s...

https://chrome.google.com/webstore/detail/hide-google-search...

Source: https://github.com/Jtfinlay/gsearch-hidefavicon

cytzol(4188) about 5 hours ago [-]

I've been in this A/B test for a couple of months now, so I've had time to adjust, and I still hate it. I've just become so used to seeing the complete URL in green. The complete URL! If you hover over the results, you'll see that they like to take bits like numeric components or the query string out.

This is part of Google's attempt to de-prioritise the URL. Their destructive AMP service confusingly shows you Google's domain instead of the website's — and as they can't fix that without losing out on tracking, they're trying to change what the URL means.

Thanks for ruining the Web, Google.

LeftHandPath(10000) about 2 hours ago [-]

I've been using duckduckgo and bing for a while now. Google is just a fallback.

Waterluvian(4234) about 1 hour ago [-]

I'd love to learn what % of A/B tests get rejected after the test has concluded.

I suspect there's naturally a laundry list of biases that all the work we designed and implemented needs to succeed or boy do we look silly.

imron(4327) about 1 hour ago [-]

> I've been in this A/B test for a couple of months now, so I've had time to adjust, and I still hate it

Me too. It just looks ugly.

dragonwriter(4334) about 1 hour ago [-]

> Their destructive AMP service confusingly shows you Google's domain instead of the website's

No, it doesn't. It's actually served from Google's URL, but it (the AMP service) shows you the original site URL (well, it shows the domain by default but that's a button that expands to the URL if you click it.)

Your address bar shows you the Google URL, but that's not misleading, either, since what the address bar has always shown is what location content is being served from, not a content identifier distinct from the mechanics of content distribution.

> they can't fix that without losing out on tracking

Nah, they could track of they worked like a classic CDN

reroute1(10000) about 4 hours ago [-]

To be fair didn't internet marketers ruin things first by cramming keywords in URLS and page titles to game search engines?

kllrnohj(10000) about 2 hours ago [-]

> This is part of Google's attempt to de-prioritise the URL.

URLs have always been an implementation detail and not a user feature. From the very beginning it was intended that users would follow links, not type in URLs. HTML was built on hiding URLs behind text. Then AOL keywords happened. Then search explosion happened. And short URLs. And QR codes for real-world linking. And bookmarks because yet again typing in URLs is not a major driving use case.

Typing in un-obfuscated URLs has almost never been a key feature or use-case of the web. If anything URL obfuscation is a core building block of the web and is a huge reason _why_ the web skyrocketed in popularity & usage. Don't pretend that somehow AMP obfuscating URLs will be the death of the web. The web exploded in growth despite massive, wide-spread URL obfuscation over the last 20 years. Nothing is actually changing here.

therealmarv(3254) about 1 hour ago [-]

If you want a favicon fix. Use this CSS userstyle https://userstyles.org/styles/179230/google-search-old-style with Chrome/Firefox extension 'Stylus'.

dang(188) about 2 hours ago [-]

A few weeks ago, I changed my browsing and searching habits purely to get out of that A/B test bucket. Now it looks like we're all in it.

johnnycab(10000) about 2 hours ago [-]

>Thanks for ruining the Web, Google.

I posted the solution below, which I found a few days ago. The script will work with greasemonkey and tampermonkey, it will provide you with results similar to the ones before the change. If you also use uMatrix, there will be no ads.

https://greasyfork.org/en/scripts/395257-better-google

sophiebits(3326) about 3 hours ago [-]

AMP obscuring the URL is a side effect of the current technical implementation, not a goal – and they are working to fix it: https://searchengineland.com/google-announces-signed-exchang...

ChuckMcM(536) 12 minutes ago [-]

Very much a way to mitigate the FTC's requirements on making advertising more distinct than organic results.

It is an unpopular opinion but I believe Google is dying. They have been for a long time. The cancer is that nothing other than search ads generates the revenue and margins they need and the margins on search ads are now down 90% from where they were in 2010.

Personally I'm long on Microsoft/Bing as a candidate for the surviving English language web index. My prediction (which isn't shared by many so don't be surprised if you disagree :-)) is that once Google's dying becomes mainstream and they start heading into ground that Apple will buy their assets, keep Maps, Search, and maybe Waymo and throw the rest away.

ping_pong(4318) about 3 hours ago [-]

How is hijacking the domain with Google for AMP not anti-competitive? I'm surprised a class action lawsuit hasn't erupted because of that.

noja(4172) about 2 hours ago [-]

I can't mentally parse the results anywhere near as fast as I used to be able to. It's horrible.

ogre_codes(10000) about 2 hours ago [-]

It's been clear for a little while that Google no longer cares about giving the best experience with a lot of their tools and is just focused on maximizing revenue. More and more, Google is the modern equivalent of Microsoft in the early 00s, still good enough that most people use it, but each successive 'version' piles on more frustrations than benefits. It's so ironic that Google has become that which they most despised when they started.

The dominance of Google and Facebook is turning the web into a toxic waste.

amatecha(10000) 5 minutes ago [-]

I watched this clip of Steve Jobs[0] recently, where was speaking about promoting/empowering Product vs Marketing people. Some of his comments seem especially applicable:

'[...] the companies forget what it means to make great products. The product sensibility and the product genius that brought them to that monopolistic position gets rotted out, by people running these companies who have no conception of a good product vs a bad product.' ... 'They really have no feeling in their hearts, usually, about wanting to really to help the customers.'

[0] https://www.youtube.com/watch?v=-AxZofbMGpM

thrower123(3111) about 4 hours ago [-]

It's pretty simple to just use UBlock Origin. Firstly, I don't usually see any of the doubleclick ad results, because they get filtered out, and secondly, if I do click on them, it redirects you to a warning page first.

Friends don't let friends use the internet without an adblocker.

coldcode(3536) about 4 hours ago [-]

Adblockers are mostly useless, companies pay them to whitelist and the browsers manufacturers (other than the little guys) seem more inclined to make it less functional. I try at home to use a hosts file (ie a manual pihole) but it breaks so many websites I can't find some combo that blocks ads but doesn't break functionality (I still can't comment on reddit any more).

With Google putting ads inline coming from them it gets really hard to filter without causing even more issues (and most people use Chrome so they can figure out things out from both ends).

scumbert(10000) about 4 hours ago [-]

Unironically switch to Bing

cft(1081) about 3 hours ago [-]

I did, first for any search that might include political bias, due to results' censorship, but then I accidentally discovered that programming related searches and other technical searches are often better in Bing too.

rkuykendall-com(4067) about 3 hours ago [-]

I hear Duck Duck Go is pretty good these days. I tried their image search after Google removed a feature I liked and it had a feature I didn't even realize I wanted.

ZWoz(10000) about 3 hours ago [-]

Funny, that google UI change finally pushed me to set DuckDuckGo to default search provider in my work computer. Few times I have been little bit dissapointed with search results and did another search in google, but mostly ddg is pretty smooth experience. So, thanks google for that UI change.

rb808(3102) about 3 hours ago [-]

Bing is great too because it encourages competition in the search space.

convFixb(10000) about 3 hours ago [-]

Unironically this.

I switched at work because Google thought our proxy was evil or something, then I switched at home just because, and I honestly haven't missed Google at all.

The only thing that strikes me as obviously worse (maybe?) is that Bing isn't very good at guessing what you mean when you misspell something badly.

bazonker(10000) about 5 hours ago [-]

Not sure about the facts underlying the analysis. In my search results (and it's important to remember that it's possible you get different results than another user, due to launch experiments and trials) the ads do not have icons. They say 'Ad' in bold text. The 'organics' results have icons.

mthoms(4229) about 3 hours ago [-]

But notice how the 'Ad' text is specifically formatted (and placed) to resemble a favicon? They're blatantly trying to make the ads and organic results appear uniform to someone quickly scanning the page.

As a user, I want the ads more easily distinguishable, not less.

cotillion(10000) about 5 hours ago [-]

This trick is what caused me to click and Ad for the first time in forever. If the icons happen to be dark its easy to ignore the 'Ad' text. Maybe its time to supply a complaint. I doubt this is legal in Sweden.

reroute1(10000) about 5 hours ago [-]

Yes I see the same, it's really easy to tell what is an ad and what isn't...

dend(3765) about 3 hours ago [-]

My assumption here is that this decision is one where someone had an A/B test that showed people are more likely to click on an ad when the content is structured the way it's shown.

Which comes at the cost of a good user experience, where the feature PM didn't truly ask: "does this deliver any value to the people using the search?"

Always trying to remember the wonderful excerpt[0] from Ken Kocienda's "Creative Selection" on A/B tests - just because the data shows the outcomes are more significant does not make that a better experience.

[0]: https://mobile.twitter.com/kocienda/status/11134509457051770...

wefarrell(10000) about 2 hours ago [-]

A consequence of having a monopoly is not needing to deliver as much value. I see comments advocating using a different search engine, but the small number of users that move do a different search engine because of this won't offset the increase in revenue Google will see. They pay Apple and Mozilla a substantial amount of money to be the default search engine and most users won't bother to change it.

mam2(10000) about 4 hours ago [-]

They also kinda build the web though

mattnewton(4320) about 2 hours ago [-]

Googler here, but my opinions are my own.

I think this is backwards, like saying that a road paving company built cars. The need exists because the Web took off and became huge, and maybe Google can take credit for helping it scale, but Google was only successful because other people were creating content people wanted to find at a massive rate. If the web was tiny we could use hand curated indices. If Google was never founded, and the web got bigger, one of the other dozens of search companies would have helped the web scale instead.

dang(188) about 2 hours ago [-]

You started a flamewar with this unsubstantive comment. Please don't post like this to HN, the same way you wouldn't drop a lit match in a dry forest, or litter in a park.

https://news.ycombinator.com/newsguidelines.html

pmlnr(1487) about 4 hours ago [-]

read. more. tech. history.

You have no idea how furious your comment made me.

klyrs(4334) about 4 hours ago [-]

I thought that was Al Gore?

irrational(10000) about 3 hours ago [-]

Who, Google? That's insane if that is what you mean. We were using the web long before Google was even a napkin idea.

jaywalk(10000) about 4 hours ago [-]

They absolutely did not. But even if that were true, how does that excuse this awful behavior?

JustSomeNobody(4092) about 4 hours ago [-]

Wait wait wait, everyone! I really want /u/mam2 to expand on this.

Why do you feel they built the web?

have_faith(4282) about 5 hours ago [-]

I noticed this on a co-workers screen recently and my immediate thought was 'what dodgy search extensions have they been installing?'. Now that it's on my results as well I can't help but strongly dislike the change for some reason. The icons are both very small and very distracting at the same time and don't aid in adding authority or any important meta information about the site.

The changes seem to have added enough noise to make parsing the page annoying, but maybe it's one of those things you brain learns to ignore after a while.

ryanmercer(3708) about 4 hours ago [-]

>I noticed this on a co-workers screen recently and my immediate thought was 'what dodgy search extensions have they been installing?'.

My legit first reaction when I saw it last week on my daily driver was 'I wonder what extension is trying to cash out'.

markosaric(2231) about 2 hours ago [-]

Many don't like Google's new design. Rather than resort to hacks, try an alternative search engine. There are many and you might even find one you like.

https://www.qwant.com/

https://www.ecosia.org/

https://duckduckgo.com/

https://www.startpage.com/

https://swisscows.ch/

...

searcher1(10000) 26 minutes ago [-]

Qwant, Ecosia, and (to an extent) DDG share the same Bing backend for web results, so if you're particularly interested in trying out alternatives, here are some others. All of these have their own search indexes.

https://yippy.com - ugly, but probably the best independent search engine outside the 'big ones' and DDG

https://private.sh/ - Run by PIA as a proxy for Gigablast, small index but rapidly getting better

https://mojeek.com - UK-based, worth trying but has a spam problem

https://beta.cliqz.com - German based, their technical blog has been posted frequently on HN. Will eventually require a browser extension or their own browser to search.

https://yandex.com - Ought to be mentioned, but certainly not privacy focused.

shadowgovt(10000) about 5 hours ago [-]

They are still distinguishable (ads have an 'Ad' badge as opposed to a favicon). But yeah, new design seems to push them closer to the same format.

rstupek(4311) about 4 hours ago [-]

Much harder to visually pick out which are ads versus not now imo which is probably why they did it

pushcx(10000) about 5 hours ago [-]

https://www.google.com/about/honestresults/

It's a little confusing to read now, so for context: at the time Google published this, it only put ads in the sidebar to the right of search results. This post was written to criticize the practice of putting ads atop search results, which competitors sometimes formatted almost indistinguishably from organic search results.

microdrum(4048) about 3 hours ago [-]

Oh my god, that page is going to disappear soon now.

ronilan(3491) about 4 hours ago [-]

Your link is gold. A historic artifact.

Amazing how clear the writing is, how simple the message. That's, like, totally not the corpspeak Goog emits now on a daily basis.

So, let's do some digging.

Earliest version of url dates back 4+ years. https://web.archive.org/web/20151213182805/https://www.googl...

Things were a little better than, but not by much. This has to be earlier.

Ah, here is:

https://books.google.ca/books?id=oNT3AwAAQBAJ&pg=PA289&lpg=P...

This page is from a book by Douglas Edwards, employee number 59 published in 2011.

The content of OP url, written by same, is dated March 2002.

That company no longer exists. Goog should remove it from their website.

amatecha(10000) 15 minutes ago [-]

Oh wow, the irony.

dougb5(4070) about 1 hour ago [-]

The post was written to criticize 'paid placement' search engines like Goto.com/Overture (see https://www.searchenginewatch.com/2002/03/04/how-overture-go... for details). I believe Google has put ads above search results for as long as AdWords has existed (since 2000).

imiric(10000) about 2 hours ago [-]

I've been using a local Searx[1] instance for web search for a few months now, and besides it needing an update when APIs inevitably break, it's been relatively pain-free.

What I like the most about it is that I get a unified search results page for all engines, which avoids some of the profile bubble, and that the UI is always consistent, avoiding these scummy redesigns A/B tested to infinity and implemented because it increases their revenue.

[1]: https://github.com/asciimoo/searx

DrPhish(4329) about 2 hours ago [-]

Me too, for about a year.

The anonymizing stuff searx does really seems to work. My search results seem uniformly neutral regardless of which computer/profile/browser is in use.

I host on my LAN and out on the WAN over https protected with simple auth. All my devices, including my work computers and cell phone browsers, are set to use it. I rarely end up on Google in my life.

I actually prefer its interface for everything but images (which are only OK, but still perfectly usable)

psic4t(10000) about 1 hour ago [-]

Me too, but with mixed results.

In the last weeks, results from DDG or Bing appear later or even never. That make Searx not very reliable at the moment.

ApolloFortyNine(10000) about 3 hours ago [-]

I've been stuck with this for two weeks now, and it's bad enough that for the first time ever I've considered using something other than Google. It's just so much harder for my eyes to read, I feel I can't glaze through the results like I used to (and I believe the old search would often give date for things like stack exchange and Reddit, which helps with a wide variety of issues).

I'm pretty sure for the layout itself I'll eventually just get a tampermonkey script to make it look like the old, but this is the first thing that has truly made me look for a Google alternative. They have severely damaged their main product, in my opinion.

altcognito(10000) about 1 hour ago [-]

It is strangely stressful to even read through the results, let alone find the right one anymore. Switching to DDG is pleasant, it even seems to respect a dark mode setting.

rafaelvasco(10000) 19 minutes ago [-]

Like someone recommended , https://www.startpage.com/ appears to be a solution. Going to give it a try;

impalallama(10000) 17 minutes ago [-]

how they different than something like duckduckgo?

MrPatan(10000) about 4 hours ago [-]

Really, just use duckduckgo.com.

Go to your Firefox' settings and change the default search engine, there, done. See if you care in a week to change it back, I promise you that you won't.

runamok(4224) about 4 hours ago [-]

Even easier you can use the 'bang' commands in DDG when you do wish to use Google, e.g. !g.

E.g. 'search something !g'.

Stopping using Google by default is a big deal if enough people do it.

jhoechtl(4328) about 4 hours ago [-]

A new search engine outside the hands of Google is overdue. It feels like a huge ad machinery.

pmlnr(1487) about 4 hours ago [-]

duckduckgo.com

decebalus1(10000) about 5 hours ago [-]

Huh... I thought it was just me. I have a rather atypical setup with my privacy extensions and browser settings, so I just assumed that one of them was changing the DOM to make it look like this. Just yesterday I was searching for some ISP offers and clicked on an ad result. Well.. I think I just need to get over my lazyness and finally host searx locally.

hnews_account_1(10000) about 5 hours ago [-]

Same here. I think typically antivirus extensions like McAfee provide a few extra metadata on google search results that makes the page look exactly like it does now. My first instinct was 'oh which extension fucked this up? anyway, I'll check it out later'. Unfortunate to find out it's a change on big G's end.

kfrzcode(4100) about 2 hours ago [-]

Anyone here have a pro-Google stance? Because at this point I'm vehemently against the company and most of its products.

There's no good replacement for Calendar or Docs/Sheets as of now, that I'm aware of. Microsoft's suite as mentioned by therealdrag0 is an obvious alternative, and perhaps less advertiser-oriented, but still not a great in-browser option IMO.

Especially when considering the interoperability of the 'platform,' it's clear Google is streets ahead of the competition.

It's a shame that the best featured tools in this space are also not open-source, and used (probably) to mine massive amounts of data.

I'd be ok if you mined my data while I'm on your servers, but only if you allow me to host my own version of your software for when I don't want to be on your servers.

kfrzcode(4100) about 2 hours ago [-]

Of course, Search has viable alternatives but it's really not the biggest thorn in my side.

therealdrag0(10000) about 1 hour ago [-]

Pro-google stance: They provide tools millions enjoy for free.

As for alternatives have you tried Microsoft's Suite?

basch(10000) about 5 hours ago [-]

The FTC has spoke on this before. https://www.ftc.gov/news-events/blogs/business-blog/2013/06/...

I believe nearly all the search engines are still guilty of this one.

I also think firms should be able to buy 'blank space.' For example facebook or amazon could pay NOT to have an ad above their result. Maybe they already do, I dont see an ad when I search facebook, however I do see an ad for amazon above the top amazon result. Google should just be smart enough to see the top result and the ad are the same link, and handle the situation more appropriately, like tucking the ad text underneath the result, or signifying that the top result owner has paid to hide ads. I have to say, I dont find these results differentiated ENOUGH from the ad. https://i.imgur.com/8Dhr1mj.png

mkl(4226) 6 minutes ago [-]

> Google should just be smart enough to see the top result and the ad are the same link

They are smart enough, but they don't get any money from people clicking on search results, only ads, so of course they're going to show the ad - some people will click it.

froindt(10000) about 4 hours ago [-]

>I also think firms should be able to buy 'blank space.' For example facebook or amazon could pay NOT to have an ad above their result. Maybe they already do, I dont see an ad when I search facebook, however I do see an ad for amazon above the top amazon result.

Backblaze had a competitor who bought ads for the search term 'backblaze'. The CEO successfully contacted the competitor CEO and they agreed they'd be in a pissing match throwing money at Google if the practice and retaliation (backblaze buying on their search term) occurred. The competitor promptly stopped the ad campaign.

https://www.backblaze.com/blog/save-marketing-money-nice/

neodymiumphish(10000) about 1 hour ago [-]

I worry about the implications of the blank space idea. For example, if I owned coolstuff.com, when should I expect for my standard search result to be shown below the 'blank space'. Today, if someone searched 'cool stuff', my site shows up as the top search result, but my arch-nemesis, the owner of neatstuff.com, has an ad tailored to that query. Would his ad go away since mine is the top search result for 'cool stuff'? Similarly, if my site is preferable to Google enough that my site shows up every time someone searches for something like 'cool shit' or 'awesome things', would I also benefit from this 'blank space' program, at the expense of the owners of coolshit.com and awesomethings.com?

tremon(10000) about 5 hours ago [-]

For example facebook or amazon could pay NOT to have an ad above their result

That sounds an awful lot like a shakedown practice. 'Nice search result you got there. Would be a shame if it would be obscured by an ad...'

sukilot(10000) about 2 hours ago [-]

What's the benefit to whitespace over their own domain name?

vectorEQ(10000) about 5 hours ago [-]

don't see why ppl are surprised about this from an ad company. its not a search engine company and never as been, despite having a large search engine...

rchaud(10000) about 4 hours ago [-]

Google has been the search champion for close to 2 decades, and are seen as the pinnacle of SV innovation. That's the starting point of any conversation about Google, because the victors get to write history.

That's why 'ppl are surprised'. To many, Google's ethos is still 'do no evil', an absurd mantra for a for-profit enterprise whose business model relies on developing ever more effective ways to spy on people's behaviours for the benefit of their advertisers.

What's rapidly

neodymiumphish(10000) 40 minutes ago [-]

My issue isn't so much with the ads being prioritized; it's with when the ad link goes. For example, I often search for something vague because I can't remember the name or the site. When I use Google, the first or second ad is almost always relevant to what I wanted or exactly what I wanted. However, clicking the ad takes me to some sales-pitch link on the site that I don't care to go to. Instead, I'm trying to get to the log in page or front page, or whatever. This forces me to scroll down to the search result of the same name, or just go back up to the omnibox and type the domain in (now that I know what it was).

tajstar(10000) 33 minutes ago [-]

This is more of the site's fault rather than google's since whoever set up the ads chose that as the landing page. The whole point of the ad is to rope in new business so if you are clicking on the ad for the login page you're just going to a page that was made to sell (and eating into that company's ad spend)

aerovistae(3055) 39 minutes ago [-]

First time in my life I've ever wanted to stop using google.

Anyone have an extension to CSS it back to the way it was?

a5aAqU(10000) 16 minutes ago [-]

Google rejected it as 'spam' for the Chrome extension store, but it's available for Firefox. It was a quick hack yesterday to make the URLs visible. Pull requests are welcome. It misses a few cases, and the URL should probably be green rather than highlighted.

https://addons.mozilla.org/en-US/firefox/addon/search-engine...

https://github.com/codeselfstudy/search_engine_show_me_urls

itamarst(998) about 5 hours ago [-]

Perhaps it's worth quoting Larry Page and Sergey Brin, in the original paper on the Google search engine:

> 'The goals of the advertising business model do not always correspond to providing quality search to users. ...we expect that advertising funded search engines will be inherently biased towards the advertisers and away from the needs of the consumers. '

(http://infolab.stanford.edu/~backrub/google.html)

At the time they thought this was a bad thing...

mkolodny(4126) about 4 hours ago [-]

Then later in that section:

> we believe the issue of advertising causes enough mixed incentives that it is crucial to have a competitive search engine that is transparent

This change seems to go directly against their belief that it's crucial for search engines to be transparent. After the change, it's way less transparent, or 'easy to perceive or detect', that an ad is an ad.

hinkley(4237) about 2 hours ago [-]

I value input from new coworkers precisely because I often lose focus on things that I care about, often to be replaced by a nebulous feeling of discomfort. There's something to be said for maintaining a certain low rate of turnover in an organization to keep ideas and ethics on the menu.

I used to place a high value on how long people had been on the team, but the two extremely stable places I subsequently worked at were a shitshow, because there just weren't enough outsiders to argue them out of their circular reasoning.

At the boardroom level, the situation we warn about is 'surrounding yourself with yes-men'. I don't think Page & Brin remember where they came from. And they probably forgot long before they started trying to convert a 767 to be their corporate jet, which was already more than 10 years ago.

( https://www.theregister.co.uk/2006/07/07/google_bed_plane/ )

minikites(2259) about 5 hours ago [-]

Money can change almost anyone's opinion about almost any subject.

ikeyany(4297) about 4 hours ago [-]

They follow up on that thought:

> In general, it could be argued from the consumer point of view that the better the search engine is, the fewer advertisements will be needed for the consumer to find what they want.

dana321(10000) about 3 hours ago [-]

backrub.. still cracks me up when i see it.

numpad0(10000) about 5 hours ago [-]

They cared not to be evil back then. Now they say they do the right thing, and "right" is subjective.

Jerry2(99) about 5 hours ago [-]

With each AdWords display change, Google's been adding billions of dollars to their revenue by confusing and fooling their users and blurring the line between the content and ads.

A visual guide: 'A (mostly comprehensive history of Google's ad shading and labeling' https://i.imgur.com/0RxdzBE.png

dehrmann(10000) about 5 hours ago [-]

For branded keywords, it's not just shady, it's racketeering. You wouldn't want your competitor to show up first when someone searches for your brand, would you? Then pay up.

E.g. https://i.imgur.com/SfomkdQ.png; the second result is a competitor's ad, the third result is the organic result.

dcchambers(10000) about 5 hours ago [-]

I do think that Google has done a lot of work to objectively add value to the results page of most search queries (eg pulling data straight from websites like Wikipedia, giving better page previews, etc).

However they are an ad company - and they ultimately benefit from blurring the line between an advertisement and a 'real' result. I do feel like it is harder to find certain types of results as a 'power user' though, and it feels like the quality of results rapidly drops off after the first page. I am not sure if the fault lies with Google or with spammy websites hacking the SEO.

I wish Google had something like duckduckgo.com/lite (also ddg.gg/lite) for the atypical 'power user.' It's nothing but text results. I find it really useful for certain types of searches and when you don't want to be bothered by how 'busy' the Google search results page has become.

JohnFen(10000) about 2 hours ago [-]

> it feels like the quality of results rapidly drops off after the first page

Interesting -- I've been playing with Google search this morning, and it's behaving much like it did when I stopped using it: there is only a very low chance that I'll get a relevant search result before the third page.

Zenst(3690) about 4 hours ago [-]

I'm almost at the stage that I almost instantly scroll to the bottom and read up the results as I'm finding most of my clicks at at best near the middle and more often finding it's the second page onwards.

jacurtis(10000) about 4 hours ago [-]

Yes, I too have built a subconcious habit of flicking the scroll wheel on my mouse twice after clicking enter on my search phrase. I just want to get past the 4 ads, the pack of local listings that I don't need, and the carousel of Google Shopping results, so that I can see the organic search results.

Of course if you scroll down too far, Google jams another 2-4 ads at the bottom of the search results before you can click the link to the next page.

Finding organic search results on a google page is becoming similar to playing a game of 'Where's Waldo' (Or 'Where's Wally' for non-US friends). There's stuff jammed on the top, on the sides, on the bottom. Looking at the real results is like looking through two slats on a fence. It gets very frustrating.

thehenster(10000) about 5 hours ago [-]

Even though I want them to have more ad cash, DuckDuckGo isn't vastly better: https://duckduckgo.com/?q=buy+printer

saiya-jin(10000) about 5 hours ago [-]

Are you seeing something else than I am? DDG looks lightyears better than current google now, at least on visual clarity side

lykr0n(10000) about 5 hours ago [-]

I wish there was a way to directly help Bing/DuckDuckGo/Yandex improve their search results. I've tried both, and it's just not the same.

Google I can bang in cryptic queries like > centos 7 tuned no daemon

and get the 3rd link about how to run tuned in a no daemon mode. Bing/DuckDuckGo have the article at around 7th or 8th place, but prefaced by a lot of 'while technically not wrong, not what I'm looking for' links. It's even worse for more niche errors or code snippets.

We cannot, as a healthy internet, let Google control so much of the web.

beefield(3988) about 2 hours ago [-]

> I wish there was a way to directly help Bing/DuckDuckGo/Yandex improve their search results.

I am amazed that no search engine gives me easy way to blacklist domains from my results. That would make the usefulness of any of them to increase by orders of magnitude. (and if they are careful, they might be even able to use the blacklisted data to adjust their general results , not only my personal results as well)

And I can't help to add qwant.com to the list of alternative search engines. No affiliation whatsoever, but I am pretty happy to use that as my daily search engine here in Europe.

awb(4311) about 5 hours ago [-]

Do they factor in the number of clicks on each result? If so then it would presumably improve over time.

I know Google also factors in how long people spend on the resulting webpage.

ulucs(4287) about 4 hours ago [-]

Do you have a region set? I got an answer on the right from stackoverflow (don't know if it's the correct answer.)

at-fates-hands(3775) about 4 hours ago [-]

> We cannot, as a healthy internet, let Google control so much of the web.

It's getting worse too.

Back in the day, you could Google something for a manufacturer and include the name of the manufacturer like, 'Pioneer 10' Subwoofer' and automatically the first result would be a like to Pioneer's subwoofer page or their main ecommerce site.

You type that into Google today? You will get 15 results for AMAZON pages with Pioneer speakers. No, I want to buy it from Pioneer, not Amazon. Oh yeah? The actual link to the actual company, who actually makes those speakers? They're on Page 2.

When you have the actual manufacturer being buried in the results, we have a major problem.

MadWombat(10000) about 2 hours ago [-]

To me it is not so much result quality as integration. Currently, with Google no matter what I am searching for, I just type it into my location bar and hit enter. Whether I am looking for a new bar to check out on a Friday night or what does a specific compile error mean in Haskell. So in the first case, I will get a map with bars around me and in the second case I will get a link to stackoverflow. With DDG these become functionally separate. To do the Haskell error search I do the same thing, but to do a local bar search I have to open a separate tab, go to Google and do a search there. Same goes for looking for things like theater plays (Google will give me reviews, showtimes and a link to buy tickets all right there at the top of my search page), address or place name searches (map, directions, open hours and website link all come up right away) etc. The only thing I can do with DDG is the old fashioned 'find me links relevant to these keywords' searches.

JadeNB(4333) about 3 hours ago [-]

> Google I can bang in cryptic queries like > centos 7 tuned no daemon

Not only can you bang in whatever query you want to DDG, you can bang it in via Google, using bangs (https://duckduckgo.com/bang). I think that '!g <query>' is the second stop for many DDG'ers, when DDG itself disappoints. (My understanding is that it still offers some anonymisation over searching directly through Google, but I'm not sure.)

ddevault(505) about 4 hours ago [-]

In my opinion, the results on DDG et al are a matter of users being trained by Google knowing too much about them. If you search 'Django' on Google and get relevant results, it's because Google knows you. On DDG you need to search 'Django framework'.

Analemma_(2946) about 5 hours ago [-]

I used to work at Bing. If you really want Bing to improve, the best thing you can do is just use it: clicks on search results, plus backs and dwell times, are vital training data.

Ideally you could use Bing as your default engine, then fall back to Google whenever there's a search that doesn't yield good results. If you have the time, you can also use the Feedback link on the bottom-right of the page to report bad search results; people do actually triage and read those.

grogenaut(4337) about 2 hours ago [-]

I can pretty much only use Google in verbatim mode now

lazyjones(4256) about 4 hours ago [-]

> Bing/DuckDuckGo have the article at around 7th or 8th place,

You should take a closer look at DDG, it has the answer from serverfault.com in an instant answers box for your query and it highlights the required setting in a perfectly chosen excerpt from the correct answer:

  As of CentOS 7.2 tuned now has a no-daemon mode which  
  can be turned on by setting daemon = 0 in 
  /etc/tuned/tuned-main.conf. This is mentioned in the 
  RedHat Performance Tuning Guide.
KingFelix(10000) about 2 hours ago [-]

I have noticed that when trying to find the most recent solution Google shows me an answer that is 10 years old.

ex. Adobe updates come faster than I can update, so I run into issues, so finding the most recent answer is what I am looking for and not a similar issue from Adobe pre CC.

enterabdazer(10000) about 4 hours ago [-]

I felt the same about Google alternatives up until about 3 months ago. Google's results have been declining in quality for a decade, with much more rapid decline over the past year or three.

Google's results are uglier and blatantly revenue based. They have now lapsed behind DuckDuckGo in usefulness for me. I fall back to Google a few times per week, with inconsistent results when I need a 'second opinion.'

I'd suggest giving DDG another try.

I plan to remove Google from my life this year, at least as a central dependency. Search is already behind me. Mail, calendars, docs, and drive will be taken care of throughout the year. And my Android phone will be replaced with an iPhone.

danShumway(4065) about 4 hours ago [-]

Prefer DuckDuckGo for searching, if possible. If you don't like DuckDuckGo's results and can't tolerate them, then prefer Startpage to Google, which will give you the same algorithm minus tracking/customization. Even post-acquisition, Startpage is still a more privacy-conscious engine than Google, and their ads are better labeled.

And while I'm sure I'm preaching to the choir here, quick reminder that unless you're running Lynx or some crap, literally everyone on this blog should have an adblocker installed (preferably uBlock Origin).

I appreciate there are multiple perspectives people have on whether adblocking should be a scorched-earth policy, or whether it's better to just target the worst actors. But disguising ads as native content is abusive enough behavior that you should be blocking those ads no matter where you fall on that spectrum -- and the UI changes here are very clearly, very obviously meant to make ads blend in with normal page results. The 'ad' indicator is meant to look like just another favicon.

I'm seeing people here suggest greaseMonkey scripts, and maybe there's something I'm missing, but I just really don't understand that. Don't restyle the ads, block them! Block advertisers that are abusive.

bryanrasmussen(276) about 2 hours ago [-]

Greasemonkey could also be used to remove the adds not just restyle them.

cabaalis(10000) about 4 hours ago [-]

I like DDG, but have been using Ecosia for the past 6 months or so. I like that I've contributed to planting 25 trees (by the averages) just in my normal course of searching.

ProAm(1511) about 3 hours ago [-]

Startpage is now owned by an advertising company.[Y]

[Y] https://www.startpage.com/blog/company-updates/startpage-and...

Guest0918231(10000) about 2 hours ago [-]

It's funny, because if you run AdSense on your website, Google has very strict guidelines about not misleading users and making a clear distinction between advertisements and your content. However, when Google shows ads on their site, they don't need to follow those rules, they blend them in as closely as possible.

Also, what's the deal with showing an advertisement for the same result that's number one? See the below screenshot.

https://i.imgur.com/f0Kolfv.png

Doesn't this seem wrong? For a lot of people, Google has become a site to not only search the internet, but to simply navigate it. It's normal for someone wanting to visit Expedia to search 'expedia.com' or 'expedia'. They are trying to navigate to that website, Expedia is the first organic result, and yet Expedia is pressured into paying for an advertisement to prevent one of their competitors from appearing first. Even when a competitor hasn't advertised, they're still stuck paying like the above screenshot. To me, this feels inappropriate. Google is getting a hefty payday by simply redirecting someone searching for 'expedia.com' to the Expedia website.

Waterluvian(4234) about 1 hour ago [-]

Maybe people who can block that ad wouldn't get any result for Expedia, which would upset Expedia a lot.

bufferoverflow(3723) about 2 hours ago [-]

Notice the first search result URL is different from the ad URL. That probably explains why they display both.

ftvy(10000) about 2 hours ago [-]

>what's the deal with showing an advertisement for the same result that's number one?

They paid for the ad. They probably leave it up as first organic results because some people think clicking ads is malignant.

roozbeh18(10000) about 1 hour ago [-]

almost any average PC user I have worked with, do not know where to enter URL and always search the URL.

333c(4127) about 2 hours ago [-]

They display both because Google is selling ad space on searches like these, where people search the name of a site. If that site doesn't buy the ad, their competitor will. So sites are being forced to buy ads on their own trademark.

Reedx(343) 22 minutes ago [-]

The url they're using for the ad is interesting:

www.expedia.com/Expedia/Official_Site

To me that actually makes it feel less official, because '/Expedia/Official_Site' is the sort of tactic a scammer would use.

More importantly it seems like this would have the unintended consequence of training people to trust something like '/Official_Site' vs focusing on the domain name. At the very least it's muddying the waters in this respect.

mrlala(10000) about 5 hours ago [-]

I just want compact results again.. searching for coding related stuff I need to be able to quickly scan through a bunch of results to see if it's what I'm looking for.. but now they are so spaced out it's just weird and inefficient.

ryanmercer(3708) about 4 hours ago [-]

Yes! My biggest complaint is I can't quickly scan search results now, there's so much wasted space.

raz32dust(4311) about 2 hours ago [-]

Funny thing is, this probably did not happen because some PM decided that ads should look like regular results. It is probably an organic result of A/B testing over time, coupled with revenue being an important metric. Small changes that increase revenue get prioritized and over time, it just evolves into this eventually.

titzer(3781) about 1 hour ago [-]

This is what they mean by 'AI first'. /s

mrkstu(10000) about 5 hours ago [-]

Any CSS wizards that could come up with user injected CSS that would move or highlight ads appropriately?

Is GreaseMonkey the best for that, or is there a nice lightweight alternative more fit to purpose?

keb_(10000) about 4 hours ago [-]

Here's some userstyles I made for myself to help get rid of some of the visual clutter. I use it combined with uBlock Origin though, so it's likely not perfect. I use the Stylus extension for Firefox.

https://gist.github.com/keb/8a51c42daeb4c230e7f76664e62f9f42

JoshTriplett(182) about 4 hours ago [-]

If you're going to run an extension to fix the search results, I'd suggest an ad blocker.

anoncake(10000) about 4 hours ago [-]

Ublock Origin will fix the problem. Why spend more effort on cleaning after Google than necessary?





Historical Discussions: DigitalOcean is laying off staff (January 17, 2020: 815 points)

(815) DigitalOcean is laying off staff

815 points 4 days ago by progapandist in 2718th position

techcrunch.com | Estimated reading time – 4 minutes | comments | anchor

After appointing a new CEO and CFO last summer, cloud infrastructure provider DigitalOcean is embarking on a wider reorganisation: the startup has announced a round of layoffs, with potentially between 30 and 50 people affected.

DigitalOcean has confirmed the news with the following statement:

"DigitalOcean recently announced a restructuring to better align its teams to its go-forward growth strategy. As part of this restructuring, some roles were, unfortunately, eliminated. DigitalOcean continues to be a high-growth business with $275M in [annual recurring revenues] and more than 500,000 customers globally. Under this new organizational structure, we are positioned to accelerate profitable growth by continuing to serve developers and entrepreneurs around the world."

Before the confirmation was sent to us this morning, a number of footprints began to emerge last night, when the layoffs first hit, with people on Twitter talking about it, some announcing that they are looking for new opportunities and some offering help to those impacted. Inbound tips that we received estimate the cuts at between 30 and 50 people. With around 500 employees (an estimate on PitchBook), that would work out to up to 10% of staff affected.

It's not clear what is going on here — we'll update as and when we hear more — but when Yancey Spruill and Bill Sorenson were respectively appointed CEO and CFO in July 2019 (Spruill replacing someone who was only in the role for a year), the incoming CEO put out a short statement that, in hindsight, hinted at a refocus of the business in the near future:

"My aspiration is for us to continue to provide everything you love about DO now, but to also enhance our offerings in a way that is meaningful, strategic and most helpful for you over time."

The company provides a range of cloud infrastructure services to developers, including scalable compute services ("Droplets" in DigitalOcean terminology), managed Kubernetes clusters, object storage, managed database services, Cloud Firewalls, Load Balancers and more, with 12 data centers globally. It says it works with more than 1 million developers across 195 countries. It has also been expanding the services that it offers to developers, including more enhancements in its managed database services, and a free hosting option for continuous code testing in partnership with GitLab.

All the same, as my colleague Frederic pointed out when DigitalOcean appointed its latest CEO, while developers have generally been happy with the company, it isn't as hyped as it once was, and is a smallish player nowadays.

And in an area of business where economies of scale are essential for making good margins on a business, it competes against some of the biggest leviathans in tech: Google (and its Google Cloud Platform), Amazon (which as AWS) and Microsoft (with Azure). That could mean that DigitalOcean is either trimming down as it talks to investors for a new round; or to better conserve cash as it sizes up how best to compete against these bigger, deep-pocketed players; or perhaps to start thinking about another kind of exit.

In that context, it's notable that the company not only appointed a new CFO last summer, but also a CEO with prior CFO experience. It's been a while since DigitalOcean has raised capital. According to PitchBook data, DigitalOcean last raised money in 2017, an undisclosed amount from Mighty Capital, Glean Capital, Viaduct Ventures, Black River Ventures, Hanaco Venture Capital, Torch Capital and EG Capital Advisors. Before that, it took out $130 million in debt, in 2016. Altogether it has raised $198 million, and its last valuation was from a round in 2015, $683 million.

It's been an active week for layoffs among tech startups. Mozilla laid off 70 employees this week; and the weed delivery platform Eaze is also gearing up for more cuts amid an emergency push for funding.

We'll update this post as we learn more. Best wishes to those affected by the news.




All Comments: [-] | anchor

PeterZaitsev(3389) 4 days ago [-]

Interesting story of Hyper-funded DigitalOcean vs Bootstrapped Linode

gramakri(4321) 4 days ago [-]

Wow, didn't realize linode is bootstrapped. How did they manage to build so many cloud centers with no investment? Do you know more of their story?

webscientist(10000) 4 days ago [-]

Omg!

Yesterday I read a post where the author admitted that if people believe it's an advert then it is because they want great people to come and work in the company.

https://blog.digitalocean.com/from-15-000-database-connectio...

sunny--tech(4293) 4 days ago [-]

Author here.

I think you might be referring to this:

https://dev.to/digitalocean/from-15-000-database-connections...

Same post, just on a different platform.

For context, I was responding to someone who said the article read like an advertisement for DO. To clarify, this post has nothing to do with the layoffs and was not coordinated for it. I had no prior knowledge of the org restructuring.

I've been working on that article on-and-off for over a year. The timing of its publishing and the layoffs are coincidental and unfortunate.

networkimprov(3718) 4 days ago [-]

DO will be just fine when GCP closes a few years hence, which Alphabet accidentally 'announced'.

https://www.crn.com/news/cloud/google-reportedly-set-ambitio...

zomglings(10000) 4 days ago [-]

It seems insane for them to even be speaking about that internally given that:

1. It could scare away enterprise customers who look for reliability on a much longer timescale.

2. The extent of their investment into hiring for GCP. [1]

More likely the author of that article is trying to manufacture news.

[1] https://www.geekwire.com/2019/google-cloud-single-largest-dr...

esaym(3194) 4 days ago [-]

Weird, when I go to the link, the page immediately redirects to https://guce.advertising.com/collectIdentifiers?sessionId=1.....

Even if I try to just go to techcrunch.com/, same thing. I only notice this because *advertising.com is in my host file on my router so instead of redirecting, I just get a 'server not found' error page in firefox.

If I open a private tab, techcrunch.com loads fine. Looking at the network tab in the dev console when trying to load techcrunch.com seems to show that no redirect is made, just that techcrunch.com automatically becomes guce.advertising.com... Have I been pawnd?

jdormit(4054) 4 days ago [-]

Yup, I can confirm. techcrunch.com redirects to guce.techcrunch.com, which redirects to guce.advertisting.com, which then redirects back to techcrunch.com. This only happens on the first page load (presumably due to cookies being set for the guce.techcrunch.com domain).

The redirects are really fast, seems like the only reason @esaym noticed is that they are blocking advertising.com via their hosts file which prevents the final redirect back to techcrunch.com.

Welcome to surveillance capitalism...

geocrasher(4305) 4 days ago [-]

Sounds like adware. Check your browser extensions.

esaym(3194) 4 days ago [-]

Ok, nm. It is techcrunch that is doing it. I had my network dev console filtered to only show ajax request. Showing all request shows techcrunch returning a 307 (redirect):

https://i.imgur.com/sZM9btp.png

ogre_codes(10000) 4 days ago [-]

I love DigitalOcean, my second favorite hosting company so this is concerning. As a recent Layoff survivor, this whole paragraph sets off alarm bells:

> In that context, it's notable that the company not only appointed a new CFO last summer, but also a CEO with prior CFO experience. It's been a while since DigitalOcean has raised capital. According to PitchBook, DigitalOcean last raised money in 2017, an undisclosed amount from Mighty Capital, Glean Capital, Viaduct Ventures, Black River Ventures, Hanaco Venture Capital, Torch Capital and EG Capital Advisors.

Nothing in particular, but finance guys and VCs tend to squeeze companies dry or push hard for acquisitions. Hopefully I'm wrong here.

pc86(3996) 4 days ago [-]

Acquisition wouldn't necessarily be terrible depending on who acquired them. Obviously if it's a direct competitor that's bad news, but there are some markets where adding a hosting provider could be a benefit.

dghughes(4280) 4 days ago [-]

I love DigitalOcean too they have great tutorials. It's one of the best sites around for clear, well-written tutorials.

wastedhours(4336) 4 days ago [-]

Might there be an opening bell in their future... almost entirely likely.

dothrowaway(10000) 4 days ago [-]

(Throwaway, obviously)

I'm a DO employee on the tech side of the house. According to the CTO, the primary reason for this was actually reorg, not financial though that obviously played a part. Mostly managers got cut, with the goal of flattening the org. I'm keeping my ear to the ground but it doesn't seem like there's going to be more cuts any time soon at least. Apparently we're still hiring a ton this year, so that jives.

cabaalis(10000) 4 days ago [-]

Curious.. does your employment agreement not put you at very, very significant personal risk for putting information out like this? Throwaway account or not?

I'm inclined to trust HN and it's community to a pretty strong degree. But forgive me for simply not seeing this as anything but controlled information release.

irjustin(10000) 4 days ago [-]

Thanks for the info and best of luck. Re-orgs are hard as the company is trying to find its new identity in the new structure.

I love DO and what it stands for. Sadly, I don't use it outside of personal pet projects.

tempsy(1208) 4 days ago [-]

no offense but I wouldn't take your CTO's word at face value. you need to watch out for your own interest, including looking at other opportunities, even if it's just to keep yourself top of mind to others if something happens

ogre_codes(10000) 4 days ago [-]

It could easily be both a re-org and dressing the profitability numbers prepping for a sale.

The fact that its mostly management is encouraging though.

adamc(3911) 4 days ago [-]

Offered because I love words: jibes ('fits'). https://www.chicagotribune.com/lifestyles/ct-tribu-words-wor...

shakezula(10000) 4 days ago [-]

Is it just me or are we starting to see the first signs of mass lay-offs in tech? Mozilla, now DigitalOcean, I feel like we're starting to see the first bleeding cuts of the recession take hold.

And I just got my life together, too.

roguecoder(3573) 4 days ago [-]

It is January: layoffs often cluster during January. I'm not yet seeing a flood of candidates for our open roles, so I'm not worried.

axaxs(10000) 4 days ago [-]

I wouldn't worry about it. Last time there was a pullback that I can remember, every other day it was HUGE companies(think MS, IBM, HP, etc) laying off tens of thousands of people. These are two relatively small companies, in challenging sectors, laying off a relatively small amount of people. Don't worry yourself making more of it than it is right now.

tjr225(10000) 4 days ago [-]

Huh? There have been tons of layoffs in tech in the past year or two. If this were what you consider the start then I suspect you haven't been looking close enough. Spending your time trying to correlate every event to something larger is only going to make you crazy.

We work in a volatile and rapidly changing sector of the economy.

xenihn(10000) 4 days ago [-]

Uber layoffs last year were the first big tech ones I think.

rgbrenner(2278) 4 days ago [-]

Everyone is seeing this as negative and a warning sign for DO... but they're an 8 year old privately owned company that has raised over $300m. The last time they obtained funding was a 130m credit line in 2016. It's been 4 years since then... and if they're still losing money, they likely need to either make this profitable, or they're going to need to raise more money.

If they're close to being profitable (likely given their past fund raising, and how long its been), why would they want to sell more of their business?

They may also want to finally go public. 8 years is a long time to wait for a return. And it seems to me the stock market is tired of these unprofitable unicorns doing IPOs (at the moment anyway).

hellotheresirs(10000) 4 days ago [-]

The line of credit is used to finance equipment and has a fixed payback period.

They have only raised around 100M in equity investment from VCs. The last being 83M in 2015. This is the money which requires multiples.

irjustin(10000) 4 days ago [-]

Agreed in that this isn't an absolute negative. Cost cutting, flattening org structure and pointing towards break-even/profitability is always good.

The old mantra, change or die, is ringing true here. I personally want to see the success of DO because only having good experiences for my pet projects. Sadly no professional prod environments for me.

hinkley(4237) 4 days ago [-]

It's been both for me several times, and the management team made it sound perfectly normal in each case.

When you're courting investor it's not uncommon to look at your finances and do some work to make the balance sheet look better. You goose your margins a percent or three. But it's kinda gaming the numbers because you can't keep doing it without hurting your revenue. You're putting a little S-curve on the graph of your margins and what? Hoping some people see the beginning of a hockey stick instead? If the round closes successfully you probably will get a hockey stick soon afterward. But this isn't when it started.

ttul(10000) 4 days ago [-]

You could also read this as: Digital Ocean raised a $130M credit line and their creditors have noticed that profits aren't what they will need to be in X years time, hence the hair cutting. Their headcount only increased by 4% in the past six months. AWS increased its 10,000+ headcount by 16% in the same time period.

I mean, it's all sheer speculation, but I think it is equally likely that Digital Ocean is having a hard time vs. just restructuring to do some housekeeping... I don't know how any 600 person cloud company survives in the same world as AWS these days.

dothrowaway(10000) 4 days ago [-]

FWIW, this is basically my take as a DO employee. They could be lying to us and saying it's primarily reorganization so that we don't worry, but that's not my read on it.

greyhair(10000) 4 days ago [-]

From the tail end of the article:

It's been an active week for layoffs among tech startups. Mozilla laid off 70 employees this week;

What is the cutoff age for an organization to be a 'startup'?

imsofuture(4292) 4 days ago [-]

It just means tech company these days.

grive(10000) 4 days ago [-]

The RGPD wall of Techcrunch is a real put-off (Choice partners that cannot be deactivated, IAB partners that must be unsubscribed from the third party website (which of course does not work), seriously?). No reason to accept this cancer, I will read about this subject elsewhere.

csunbird(10000) 4 days ago [-]

I stopped clicking on techcrunch links a long time ago for same reason. I am pretty sure that wall is not GDPR compliant, because the way to opt-out is not simple and straightforward.

shmageggy(3097) 4 days ago [-]

I didn't even make it that far. After about 3 or so screens deep with no actual options I noped out of there.

wakatime(10000) 4 days ago [-]

WakaTime switched to DigitalOcean and we're loving their performance to cost ratio. Their compute droplet machines are much better than AWS ec2[1], especially if you need low-latency SSD IOPs. The only AWS services we still use are S3 and Route53, because S3's performance is better than Spaces[2]. Really hope this doesn't spell bad weather ahead.

[1] DigitalOcean Droplets > AWS Ec2 (based on our production metrics)

[2] AWS S3 > DigitalOcean Spaces (based on our production metrics)

bob1029(10000) 4 days ago [-]

I tell you what... If it weren't for Route53 being as good as it is and getting all of our domains sucked into it's gaping maw, we would be much more likely to hop to different cloud vendors. It is very nice having the entire enterprise tech stack managed through a single vendor when you are a tiny company like we are.

That said, I am losing patience with how slow the EC2 instances are considering what we pay. I've got management asking increasingly-probing questions about our monotonically-incrementing AWS bill. All of this would be fine if perceived/actual performance weren't also dropping for us over time (I.e. intel spectre mitigations). I can almost feel how the AMZN profit margins are squeezing us at this point... It's almost a weekly conversation now with Azure or even a return to on-prem being brought up. 'Do we move now or later? Is the frying pan hot enough yet?'

Our organization is small enough to comfortably fit onto a single 2S 128 core AMD Rome system. Why shouldn't we just lease out a half-rack somewhere local (I.e. near the developers who can care for it) and then stick a few of their systems, a switch, router and management hardware in there? This all began on-prem with us moving to AWS, and after 6 years in the cloud circus it's starting to feel like a safe place to return to. Perhaps we will just move our compute to on-prem and continue to use AWS for backups and DNS. All I know is my TR 2950X workstation can compile our solution ~10x faster than our Jenkins server which is running on a T2.Large. Imagine giving Jenkins 32 Rome cores. This is something we could actually afford if we owned the hardware.

There are also some other compelling factors for us to consider moving back on-prem. Emerging technologies like Blazor create a strong argument for keeping your workers near the datacenter. Very few businesses truly require more than 1 physical datacenter. Yes, you might also have a DR site, but you can arguably run all of the functions for 95%+ of businesses out of a single physical location. Also, having a physical location where you can hook up any arbitrary hardware means we could also pull our iOS build machine in-house and use proper high-end Apple hardware on the same local network as the rest of our infrastructure.

rc_kas(10000) 4 days ago [-]

Ya. S3 is awesome but everything else on AWS sucks. I have AWS and only use S3 and nothing else.

Meekro(4271) 4 days ago [-]

Digital Ocean is a great company in a brutal, low-margin industry. Based on having run a similar (now mostly defunct) company in the past, I would guess that 80% of their customers are on the $5/mo plan.

That $5/mo has to cover the hardware costs: you're buying expensive physical servers to put the VPSes on, and lots of SSDs too. SSDs have a limited lifetime measured in writes, and some of your customers will leave broken programs running that chew through this precious resource for no reason. If you throttle them, they'll complain.

Then there's the support. Handling a support ticket costs you at least $3 in salary and benefits (remember, your typical customer pays $5/mo), and people will demand that you help them fix their broken MySQL server or whatever. They'll yell and threaten when you tell them that this is outside the scope of what you can do.

And don't forget security. Your customers will install broken-ass Wordpress sites and forget to upgrade them for 5 years. Then a worm sweeps through and now a whole bunch of them have been pwned and are mining cryptocurrency. Those pwned customers are complaining and demanding that you fix it, and the regular customers are also upset because of slowness due to the 'noisy neighbor' problem inherent to all VPSes.

Speaking of which, preventing one VPS from hogging all the CPU or disk bandwidth is harder than it looks. The two dominant software platforms are Xen and KVM, and neither gives you great tools for dealing with disk bandwidth. Limiting CPU is much easier, but there's still the problem that you're overselling. Which is fine until half the VPSes on your machine are trying to mine Ethereum.

On the bright side: half your customers will buy the VPS, leave it running, and forget about it for years at a time. That's what makes the $5/mo business model work out.

Anyway, I do hope they can become profitable! They run a much better operation than the incumbents they replaced (slicehost, etc).

mrtksn(3527) 4 days ago [-]

They also have a referral program that turned DigitalOcean to free hosting for me. A few years ago I got annoyed with something, wrote an article about how to fix it using a DO instance, linked to DO with my referral code and racked up thousands of $ in a payout. I used most when experimenting and feeling too lazy to shut down instances(because I didn't want to go through backup since maybe I will use it later etc).

For 6-7 years now I'm using DO for free but my only resource-intensive instance is a personal VPN server that I use from time to time(a few hours a day maybe?).

At first, DO use to give referral payouts in cash, then they limited the payouts to credits, then changed the structure and introduced expiration date to these credits.

I would guess that this referral program that probably helped them a lot with the growth at first is now a burden.

justicezyx(10000) 4 days ago [-]

Cloud hosting is not low margin.

But DO cannot have the monopoly margin enjoyed by AWS and alike.

One example, the hardware cost for AWS probably will be significantly cheaper than DO. That alone can sentence Do to death.

And frankly, DO is better at UX, its technology is not innovative in any measure. By definition, that's a death penalty to a firm of its size.

krn(1723) 4 days ago [-]

> Based on having run a similar (now mostly defunct) company in the past, I would guess that 80% of their customers are on the $5/mo plan.

The founders of NordVPN have recently invested in Hostinger[1], which has successfully adopted their extremely profitable pricing model: charging for 2-4 years in advance, by default. This way, even those who would have paid $5 / month and cancelled and a few months later, end up spending $100+ for 24-48 months at once, often without having a clear need for it, thus leaving a lot of resources underutilized – and available for overselling. The company has more than doubled in size in the last 3 years, more than a decade after its inception.

[1] https://www.hostinger.com/

milankragujevic(3350) 4 days ago [-]

> Digital Ocean is a great company in a brutal, low-margin industry. Based on having run a similar (now mostly defunct) company in the past, I would guess that 80% of their customers are on the $5/mo plan.

Well, to be honest, Vultr has 2.5$ (IPv6 only) and 3.5$ plans. So, if they're getting by, so could DO.

https://www.vultr.com/products/cloud-compute/#pricing

I actually migrated from DO to Vultr because at the time DO offered 512 MB RAM for $5, while Vultr offered it for $2.5. And Vultr gave me $50 bonus platform credit on sign up, valid for about 18 months (accounting for possible overage fees).

I'm still on Vultr, 3 years on. No problems at all, other than billing issues (accidentally was assigned Australian VAT despite living in Serbia), I had no support tickets. After some time I started using more instances, and more powerful instances, and more services (block storage, 'portable' IPs, object storage, internal networks, etc).

I've had a lot of problems with DO's Object storage which was also one reason to move away from them. Problems were quite catastrophic in nature, i.e. the files were unavailable for a few hours every few weeks.

867-5309(10000) 4 days ago [-]

> That $5/mo has to cover the hardware costs: you're buying expensive physical servers to put the VPSes on, and lots of SSDs too. SSDs have a limited lifetime measured in writes, and some of your customers will leave broken programs running that chew through this precious resource for no reason. If you throttle them, they'll complain.

they are heavily throttled on disk I/O, so much so that I had to switch to AWS and pay per I/O for one project.

also the network seems throttled to 100Mbps up/down, and a few TB/mo, something which Scaleway for $3/mo is unlimited TB/mo and at certain times 2.5Gb/s

gbrown(10000) 4 days ago [-]

I like how simple their API is. I have infrequent cloud needs, so it's nice being able to set up a simple docker-machine script once in a while to spin up a ton of compute nodes for some scientific task.

biztos(4213) 4 days ago [-]

I've had a 'droplet' going at $7/mo for about half a year and probably used it less than ten hours so far, and not doing anything too heavy when I use it. Every time I think about turning it off I say 'yeah but it's only $7 and I like to ssh into it sometimes.'

I've had a 'shared hosting' setup on Dreamhost for at least 15 years, also using pennies per month in capacity, at most.

I get that it can be a brutal, low-margin business, but I also wonder how many 'small' customers are extremely high-margin like me, and whether that can aggregate into a better overall margin than you might guess?

Or will you always have a few outliers running at capacity and calling the help desk and blowing out your margins?

stanferder(10000) 4 days ago [-]

If they ramped that $5/month to $20/month after X months, I would keep paying it. Digital Ocean is a fantastic deal, everything I've tried straightforwardly works, and the fact that I can't accidentally spend money as I experiment is a real boon.

pascalxus(4208) 4 days ago [-]

DO makes a great product. I've been using them for many years and I hope that they succeed.

I've used other hosts in the past and had nothing but trouble. Joyent ended one of their hosting plans and I had to migrate EVERYTHING which took forever. Then Rimuhosting had an actual hardware failure that resulted in non-reproducible errors happening very frequently - that company nearly brought down my whole business. Then there was Serverpronto which had too much downtime.

by comparison, DO has been much much better, always up, always trouble free.

JDiculous(4277) 4 days ago [-]

How is AWS so profitable then?

jldugger(4299) 4 days ago [-]

> Based on having run a similar (now mostly defunct) company in the past, I would guess that 80% of their customers are on the $5/mo plan.

I wonder if the Always Free tiers of GCP / OCI have helped DO in this regard. You can get a lot of free VMs these days, so maybe other cheapasses like myself have left the DO / Linode / etc platforms.

derefr(3800) 4 days ago [-]

> That $5/mo has to cover the hardware costs: you're buying expensive physical servers to put the VPSes on, and lots of SSDs too. SSDs have a limited lifetime measured in writes, and some of your customers will leave broken programs running that chew through this precious resource for no reason. If you throttle them, they'll complain.

This makes it sound like you could get a big win in the VPS-provider space by drawing an ROI line at ~$20, and making all instances below that size diskless, with their rootfs being either a tmpfs overlay of a shared SAN-mount of a base image (like a LiveCD environment), or a tmpfs into which was dumped a PXE initramfs image (as e.g. CoreOS does in its idiomatic deploy style.)

I feel like many customer use-cases would still be satisfied by such instances (especially if you also offer local object-storage for the diskless instances to interact with.) It'd sort of be a hybrid position between ephemeral PaaS containers, and actual persistent VMs.

Anyone know of a provider that provides low-cost long-running diskless VPSes like this?

MaxBarraclough(10000) 4 days ago [-]

I sympathise with your customer-support point, but not the others. Customers are paying for cloud resources. If their demands are too much for your infrastructure, the issue lies in your infrastructure, or in your claims to customers.

A customer's need for additional resources should translate to a price-point question, rather than to uncertainty about what they've already paid for.

> SSDs have a limited lifetime measured in writes, and some of your customers will leave broken programs running that chew through this precious resource for no reason. If you throttle them, they'll complain.

High IO doesn't always mean an instance was compromised.

There should be clearly defined limits, and/or a clearly defined throttling policy, and the customer should have the option to buy their way out. Amazon gets this right. There should be no guessing game about reasonable use, or goodwill.

> Those pwned customers are complaining and demanding that you fix it, and the regular customers are also upset because of slowness due to the 'noisy neighbor' problem inherent to all VPSes.

High CPU load doesn't always mean an instance was compromised. If you've sold CPU resources, the customer is entitled to use them. Obvious example: build servers.

If other customers experience unacceptable degradation, that means you overpromised, or else your isolation solution isn't fit for service.

Again, Amazon gets this right. They're criticised for their complex billing schemes, sometimes rightly, but it clearly makes sense to measure and be explicit about all resource-consumption. They even have an elaborate scheme to incentivise customers to tame down their CPU usage, in the form of 'burstable performance instances'.

> Anyway, I do hope they can become profitable!

Agreed. It's good to have smaller players, not just the big three of Amazon/Google/Microsoft. Competing on price-point without having the same scale, must be really tough.

scarface74(3926) 4 days ago [-]

Digital Ocean is a great company in a brutal, low-margin industry. Based on having run a similar (now mostly defunct) company in the past, I would guess that 80% of their customers are on the $5/mo plan.

And they are competing with AWS Lightsail that have similar prices and offers Windows instances for people who want it.

But even though I am very steeped in the AWS ecosystem and the price of Lightsail is competitive, if I just needed a VPS I would still go with Linode. I can't imagine AWS's support being good for anyone who doesn't have a business support plan.

blackflame(10000) 4 days ago [-]

Maybe instead of using expensive SSDs. A topology of many spanning disks in large ZFS clusters by using PCIe HDD controllers. Then link the machines via 10GBe could provide you the speed and performance you require require. I've set up a moderate size pool of 1Pb across 16 physical servers on 4 full size racks. This cost less than 50k. Electricity and cooling come from solar. Its the damn internet connection for people to access it that is the cost killer.

ksec(1570) 4 days ago [-]

In terms of similar competitor and ignoring those Cheap VPS, they started the whole $10 and later $5/month price plan. Linode has always maintained its $20 / Node starting price arguing for the exact reason you mentioned, Support Cost. And later DO / Linode became the price plan standards where everyone follows.

I remember at the time I suggested $5 plan should be limited to 1 per account or only for non- public internet facing usage. But the $5 plan made lots of headline and new customers during the growth at all cost stage.

So if $5 plan were really the problem that it was really their own making. Having said all of that I dont think $5 is really their concern. Hardware is cheap, and those plan with vCPU are shared and always over sold. The number of bad actor within the lowest plan are statistically quite small.

I actually think the future should be more like Render[1],

[1] https://render.com

walrus01(2035) 4 days ago [-]

Person whose job title has 'senior network engineer' in it here. I work for a mid sized regional ASN doing middle-mile and last-mile transport and transit. Quite intentionally we offer no services to customers related to VM hosting or managed hosting. The closest we come is selling rack space/cooling/power to people who want to colocate their own equipment and be fully responsible for it themselves.

We are considerably smaller than DigitalOcean in staffing head count. But we have a network that is spread out geographically across five states and 30+ cities and towns, built a combination of third party lit L2 transport, dark fiber IRUs, and fiber we built ourselves. We're a facilities based WAN provider.

There are so many different possible types of ISPs. For a small organization it only makes sense to decide whether you want to go after a huge number of $5 a month customers, or if you want to focus your time and effort on customers that spend anywhere from $250/month upwards for last mile broadband services, colocation/hosting services, etc. As a generalization, the higher the dollar value of the customer, the less of a headache they are, and the higher the clue level of the customer is.

I concur with 100% of what the above poster says about the hosting business.

Bulk hosting/VPS/VM hosting is an incredibly brutal race to the bottom in pricing. Extensive well crafted automation tools and massive economies of scale are the only thing that will save you. I truly feel sorry for the people who are working (mostly entry-level) jobs doing first tier technical support/customer service for 5 dollar a month VPS customers.

If somebody wanted to hire me to work for a consumer-facing hosting company I would run away screaming. It's my idea of a personal hell in the ISP business. Those who have found a way to make it work, not go bankrupt and not have mental breakdowns are a rare breed.

pier25(3306) 4 days ago [-]

Everyone knows DO for their VPS but their object storage prices are some of the lowest.

$0.02 per GB stored

$0.01 per GB transferred.

That includes CDN too.

I haven't found a better deal anywhere. Even Blackblaze doesn't offer CDN (AFAIK).

techsin101(4199) 4 days ago [-]

Could flare cdn vs digital ocean?

raiyu(3389) 4 days ago [-]

Hey folks,

Cofounder of DigitalOcean here.

Letting people go is always a complicated matter at any scale. Whether you are a ten person company and firing one employee or you are 500 people and firing a larger number.

Wanted to address a few statements from the hackernews community here.

We are not prepping the company for sale.

As unfortunate as the layoffs are they were really due to two CEO changes in the past 18 months and leadership changes that created competing directions in the business, which Yancey our new CEO, is now addressing.

We are not running out of money, nor do we have an immediate need to raise capital, and the lay-offs aren't related to any sort of 'cost-cutting'.

We last raised an equity round in the summer of 2015 and haven't had a need to raise capital since. This is because we are very capital efficient and have been since our founding.

There are no profitability issues with $5/mo customers as the unit economics are the same as larger accounts. As we have grown we have added more products and features so that scaling teams and companies can also be successful on DigitalOcean, but we are not changing our commitment to the individual developer and those who are just getting started.

Lastly, it pains me to see people let go, having been on both sides of the table, it honestly just really sucks.

cdiamand(3972) 4 days ago [-]

Thank you for this! As an individual who relies heavily on DO for getting small projects off the ground, this is reassuring to hear.

MuffinFlavored(4327) 4 days ago [-]

> We are not running out of money

Are you running at a profit or at a loss?

rolltiide(10000) 4 days ago [-]

yeah, forever-jobs are the main misaligned expectation from the market. laying off people isn't controversial, but too many businesses avoid the action until there actually is a controversial issue with the business.

neycoda(10000) 4 days ago [-]

'We last raised an equity round in the summer of 2015 and haven't had a need to raise capital since. This is because we are very capital efficient and have been since our founding.'

If you haven't had a need to raise capital since your founding because your were capital-efficient, then why did you raise an equity round in 2015?

Either your statement is worded inaccurately or you did need capital funding after your founding, indicating you also need it now or will soon.

idclip(3785) 4 days ago [-]

A very mature approach, more power to you and i will certainly be checking out your warez.

avip(4199) 4 days ago [-]

Confused to see CEO of a big company just says the truth in simple terms.

Did you pass that through legal? :)

Thanks, yours, another loyal not-customer-support-harassing 5$/m DO customer.

kull(3751) 4 days ago [-]

Thank you for this comment. We run our startup on DO and seeing news like this always make me wonder if I should start looking for plan B, a new server provider. Your service is outstanding and a transition of 30+ large droplets to some other provider would be painful so I really hope you guys are doing well.

sneak(2841) 4 days ago [-]

Why would you lay people off if not to cut costs?

pc2g4d(4215) 4 days ago [-]

As a longtime Digital Ocean customer, I just want to say that it's amazingly refreshing to hear directly from somebody with such insider knowledge. Kudos for clarifying the situation for us.

capdiz(4113) 4 days ago [-]

Been a while since I logged in and commented on hacker news, but I had to login in order to give testimony on how digitalocean has been helpful to me this past year (2019).

2019 was one of the worst years for me financially, jobless, in debt and with a one year old child and girlfriend to look after. I was always late on payments for my 5$ digitalocean droplet and would always have my account suspended. I would always ask for an extension period and the wonderful guys at digitalocean would gladly grant me an extension and lift the suspension off my account.

And when I read the story my heart skipped a beat wondering what was going to befall my entrepreneurship dreams this year. Thanks a lot for the comment and am forever grateful to you and the team at digitalocean

treebornfrog(10000) 4 days ago [-]

Thank you for writing here in the thread. I was literally looking at options to migrate, but now I can sleep with ease.

All the best, love DO, simple + clean and get's the job done.

mlthoughts2018(2417) 4 days ago [-]

This doesn't really track as an explanation. Why couldn't you restructure teams or retrain people instead of firing them? If it was an internal organizational conflict as you say, it seems rash and strategically unsound to let good people go instead of refactoring the internal conflict in a way that deploys those people in other roles, or at least some of them.

While I don't think there is anything deceptive or mean-spirited about your comment, it just doesn't add up, and comes off a bit like the same old corporate verbal shuffling.

Nothing obligates you to comment or speak out on this. Why do so here in this forum if this is all there is to say?

NotZachari(10000) 2 days ago [-]

Listen, man, this sort of 'coverage' of these types of events are the result of being at the top of the field. No one likes to watch people lose their jobs, especially when their name is at the top of the list of people in the company. That being said, you clearly already know that this wasn't anything done without reason.

You guys haven't always nailed it, but overall, all of the points you've listed show that the ship isn't sinking even if it took on some water. It's great that you addressed this and all, but overall, all of this is a sad part of business. As long as it's not taken lightly and everything that can be done to avoid a repeat of this in the future is being done, that's all you can really do.

j45(4292) 2 days ago [-]

Would it be possible to allow the ability to download one's backups or snapshots?

There are no shortage of requests for this feature and as owner of my data and VM, I'm simply trying to keep an offline backup. Linode has had this feature for a very long time.

HonestShark(10000) 4 days ago [-]

Moisey, big fan of yours, always have been.

DO's board has been atrocious (not you and Ben). The way they handled bonuses even the years that we were growing 40+% because we missed #'s due to factors outside any employees control, was a joke. The hiring of Mark Templeton was one of the absolute worst things that could have happened, he damn near put DO on the brink of destruction.

That said, it seems like Yancey is doing all the right things. The internal DO culture has been coddled for way too long and has been way to top heavy, predominately due to the revolving door of engineering leadership. Since I joined, I've seen Julia, Greg, Dizzy, now Al w/ Barry... and that's been what like 3.5 years?

The Boards support of the current GC is also astonishing, he's been incredibly anti-people and has downright participated in discriminatory practices. I'd HIGHLY encourage DO to setup an ethics hotline, there's been a long-term lack of ability to report concerning behavior without fear of reprisal.

Also, in your previous comments, yes the profitability #'s look surprisingly good, but lets be honest with the community and talk about cash. It's easy to look profitable when you are capitalizing so much, and it's not a fair representation of company performance. While I admittedly don't really have any transparency into our #'s, its been talked about internally plenty that we have a cash issue. (Although it's never been indicated that it's desperate, and for those reading the company isn't in financial distress, although they've been subtly cutting a lot of benefits and doing things to save cash like reduce travel, cut meal benefits, etc).

I'm proud of Yancey and Bill. GC needs to go, period, demonstrate 'togetherness' Yancey talked about by showing us that accountability applies to all levels. Head of people is doing her best, but we deserve someone that wasn't a Mark hire that understands our industry, and CTO I'm on the fence about, he's not an inspiring leader.

(Apologies for the throwaway account, surviving here for as long as I have has been difficult. I've connected through TOR and two VPNs, and don't know PW so will never be logging into this account again — so, don't bother trying to find me.)

busymom0(4107) 4 days ago [-]

Thank you for this! As someone who spends okay amount of money on DO ($40, $15, $5, $5), the title of the post gave me a bit of a scare but your comment helped me calm back down. Thank you!

I used to be with AWS before (still use their S3) but now I have switched from EC2 to DO droplets. Only thing I am missing with DO is the ability to set up ACL on the firewall itself so it can only be reached via cloudflare and the firewall IP isn't exposed to outsiders.

dutchrapley(10000) 4 days ago [-]

There's no reason to be apologetic. The fact of the matter is that there are two types of employees, those who work and those who have a job. Employees who work are creating value, whereas employees who have a job are trading time for money.

When a company becomes a certain size, it's inevitable that you will hire people looking for a job.

Firing people sucks. Yes, it affects their livelihood, but having warm bodies on your roster affects your business.

The problem with people who have a job is that they affect company culture as they set the tone for acceptable and unacceptable behaviors in the workplace. It spreads like a disease and the effect can cripple those who show up to work.

Sometimes, this can lead to confusion as people who have a job might think, 'I was doing what I was told. I don't understand why.' Creating value is much more than simply following orders.

yowlingcat(10000) 4 days ago [-]

Appreciate the response! Are you at liberty to say a little more about the competing directions that, for lack of a better term, didn't win out? How will these changes impact customers, and could folks be left stranded in any way?

SmoothHacker(10000) 4 days ago [-]

I just wanted to say thank you for providing an amazing service. DO is my number one preferred cloud because using Azure and AWS is incredibly difficult because of their UI. Thank you.

tixocloud(3091) 1 day ago [-]

Honestly, it really sucks to let people go and I would assume it's not something taken lightly so I admire you for coming out and taking the time to try and address it as best as you can.

fogetti(4065) 4 days ago [-]

So basically it's due to bad leadership and office politics... In other name incompetence?

christophilus(3873) 4 days ago [-]

I'm really glad DigitalOcean exists. Ignore the haters.

mrskitch(3127) 4 days ago [-]

Thanks for posting. I run browserless.io on DO, and want to keep it that way. Many have posted about about how they use DO for small projects, and I started that same way, but now it's the muscle behind a much bigger thing. Appreciate you chiming in.

hashhar(3994) 4 days ago [-]

DigitalOcean has been instrumental in helping me transition from a college graduate into a professional developer who can build and design entire backends.

Those 5$/mo droplets let me explore a lot of software and run proper production-like benchmarks for my own learning.

Over time I moved a lot of my personal projects and infra over to DO (and started working on new ones now that I had a good provider to host them on).

And now with the new managed offerrings for the CORE technologies people need (databases, caches, K8S etc.) I'm happy to see that I can start being a little more productive with my side projects.

So, in essence I want to thank the people at DigitalOcean for what they've built and continue to build.

notjustanymike(10000) 4 days ago [-]

Would you mind teaching StackExchange a thing or two about PR while you're doing a good job here?

shreyshrey(4325) 4 days ago [-]

Hey thank you for your sincere reply. Felt touched. We use DO (not in a big way though). But it always has worked for us.

Just curious, why DO needs an outsider as ceo rather than somebody from founding team?

jonstewart(10000) 4 days ago [-]

Thank you for DO. My $5/mo droplet running Algo vpn has been great.

lxe(4066) 4 days ago [-]

I wish all company execs made straightforward and human-sounding statements like this one in response to questions about difficult matters.

leetrout(4187) 4 days ago [-]

Thank you for posting this and providing some perspective.

jhhdow(10000) 4 days ago [-]

Real cool to see this kind of explanation provided in the HN comments and not to any of the people who got the axe. DO love!

boycaught(10000) 4 days ago [-]

Well-stated.

Townley(4055) 4 days ago [-]

I'm rooting for them as one of the best potential guardians against the cloud provider market becoming even more of an oligopoly.

Cloud resources should be a commodity. Providers should offer compute resources, persistent storage, load balancers, and MAYBE a small handful of other services.

The way Digital Ocean succeeds against AWS is by aligning itself with this idea, and competing on specialization. Forget competing with lambda; let me run my own serverless application. Don't worry about IAM; let me configure LDAP. Don't waste developer hours on service-ifying the latest NoSQL storage trend; write high-quality tutorials explaining how users can do it themselves.

And most importantly, continue to invest into open source and community resources. There are developers willing to fight the good fight against proprietary walled gardens like AWS/GCP/Azure, but it has to get easier. Configuring HA postgres is harder than paying for RDS. Paying for GKE is more feature complete than using rancher or kubeadm to make my own kubernetes cluster. This friction is an existential threat when Azure can make my problems go away for cash.

I don't know if Digital Ocean can succeed against the big cloud providers, but if they do it won't be because they made a better platform; it'll be by playing a totally different game.

whatsmyusername(10000) 4 days ago [-]

> let me configure LDAP

I just got a nervous tick. Having done it before IAM is the killer feature of AWS.

sparkling(10000) 4 days ago [-]

I think they would benefit a lot from adding a thin Heroku-like PaaS layer while keeping the option to 'build from scratch'.

donarb(4302) 4 days ago [-]

AWS has their own competitive service against DigitalOcean called Lightsail. Their cheapest plan is $3.50 month (512MB/20GB SSD), the bigger plans are roughly similar in pricing and features to DigitalOcean.

spsrich2(4335) 4 days ago [-]

I'm rooting for them too. I have a bunch of servers running various workloads. They have been great and I love their product. I really hope they are around for the long term

samstave(3892) 4 days ago [-]

>...against the cloud provider market becoming even more of an oligopoly.

I'd be interested in the more opaque aspects of all cloud hosting i.e. Unfettered, and or, at least, Invisible government(s) access -- however there is a really dark double-edge on that privacy hope. (specifically, that there is a lot of nefarious dealings on dark web systems which humanity would be better without)

Its almost as though we also need the antithesis to the dark web. Whereby, if we were to consider the contemporary Internet as the 'Gray Web', the ostensibly-perceived-as-criminal 'Dark Web' the host of Nefarious Dealings, and a 'White Web' for things on the transparent, or at-least validated on the up-and-up.

I would propose that ALL sites with content directed at children must be regulated on the 'White Web' (looking at you, YouTube >:-[

Anyway - my overall point is that Cloud has become 'Privacy-out-of-sight-out-of-mind Land'...

frandroid(2867) 4 days ago [-]

At $275m in sales they're already a drop in the AWS/GCE/Azure buckets though...

shakezula(10000) 4 days ago [-]

I'm rooting for them too, for the same reason. It's unhealthy for everyone to have Amazon be the only real option for servers. Just look at what happens when Amazon goes down for an hour. It's not hyperbolic to say the entire world notices.

My work doesn't even use Amazon, but when they went down last time, every _other_ service I was using used Amazon, so it didn't matter if I was vendored in or not, I had to just leave work and call it a day.

DigitalOcean is a solid platform and I use them a lot. I really hope they are not only able to succeed but bite into the profits of Amazon and the like.

alexellisuk(509) 4 days ago [-]

> I'm rooting for them as one of the best potential guardians against the cloud provider market becoming even more of an oligopoly.

So much this

wgerard(10000) 4 days ago [-]

This sucks. I really want DO to succeed because I love their offerings - whereas I occasionally feel like I really do need to RTFM in depth for many AWS offerings (even EC2), DO seemed to just work.

That being said, and I can't put my finger on why necessarily, it sometimes feels a bit like Heroku - the thing you use before you "graduate" to just using one of the major cloud providers.

gist(2296) 4 days ago [-]

> I really do need to RTFM in depth for many AWS offerings

Agree. But I think part of the plan with Amazon et al is that those who RTFM are locked in to the platform and therefore will be less likely to switch.

kbar13(4016) 4 days ago [-]

past a certain point you want your provider to do more and more for you (more features). like you mentioned, AWS is complex but they do pretty much everything for you. I've built systems that are just glued together AWS services.

gazelle21(10000) 4 days ago [-]

Its funny you mention that, I had the same thought comparing it to Heroku, can't quite put my finger on it why that is.

whitepoplar(1303) 4 days ago [-]

Perhaps because they don't heavily advertise large anchor customers? Sure, there are a bunch of brands on the front page, but that doesn't tell you whether they run 100% on DO or if they maybe used DO once for a side project. Digital Ocean needs a 'Netflix', or at least more publicity around how their existing whales use their offerings.

chadlavi(4327) 4 days ago [-]

I feel like that 'this is not serious enough' feeling is an ironic result of the fact that they have such good UX.

amerine(4157) 4 days ago [-]

Help me understand that "graduate" off sentiment towards Heroku? (Full disclosure: I work on Heroku for Salesforce).

avree(3928) 4 days ago [-]

It's funny—my experience is pretty much opposite. At a certain scale AWS will provide really world-class support beyond just troubleshooting. DO forwards you to (granted, fairly in-depth) documentation an expects you to read it and engineer your own solutions.

djsumdog(919) 4 days ago [-]

Digital Ocean is pretty similar to Vultr: they offer a straight easy API for starting up VMs and managing DNS (I've written a tool that uses both of their API[1]; been meaning to do a post on the differences).

It's kinda nice because you're just putting up VMs and there's not the type of vendor lockin you get with AWS/Azure/Google. That being said, DO is obviously trying to compete on that scale now. It has managed databases to compete with RDS, load balancers, and even managed k8s.

They want to be a real AWS alternative, but when you start building around these components, you get locked in. If they're laying off people, it could adversely affect startups thinking of building around their services.

And for people who think 'Well I can just use another terraform provider' .. it really is not that simple at all. AWS/Azure/Google/DO are all very different. They have vastly different terraform providers/modules and you're pretty much writing an entirely new setup per each provider because of they way they handle firewalls, security, IPs, inbound-outbound, etc. The OpenStack API or any type of real standard has yet to emerge that branches all these offering. If you want 'cloud' hosting (and most do because managing your own Postgres/MySQL clusters with backups and failover is a fucking bitch; especially if you're just starting out and want to get going fast), you need to realize you might need to be locked in very early in the game.

[1]: https://github.com/sumdog/bee2/tree/master/lib

robohoe(10000) 4 days ago [-]

I really like DO's blogs/documentation. Fairly easy to get into versus AWS. On another hand, AWS has a very broad product offering with very broad documentation - some hit and miss though.

spectramax(4194) 4 days ago [-]

They're not shutting down or winding down. I am guessing that they hired a lot of people to start building an AWS competitor which is a steep battle (even with funding) and goes against the grain of DO philosophy - keep things simple and target DO for small-medium businesses (sub-100 employees).

Investors went into DO thinking of a AWS/GCP/Azure unicorn, but after 6 years it appears to be a small rainbow pony than an almighty unicorn. This restructuring appears to be a realization of what happened with that vision and how it panned out, I may be wrong though.

I personally love DO, I don't want to deal with AWS complexity for basic needs. Minimalism and simplicity certainly has value.

jiofih(10000) 4 days ago [-]

While better pricing is always nice, I really wish they would refocus on the user experience in their platform. When adding up droplets + storage + LB + database, the price difference is there, but mostly you don't feel it's worth it - you still have to do configure everything yourself. If they offered something more akin to Heroku or Now I'd be jumping all over it.

mmcwilliams(10000) 2 days ago [-]

Based on user surveys I've completed for them, it seems they are at least exploring the idea of releasing a Heroku-like service.

awinter-py(1645) 4 days ago [-]

IMO part of the value of DO is to have a cloud host that isn't running a competing business.

netflix has done fine on AWS but that still feels iffy to me.

zomglings(10000) 4 days ago [-]

Anti-trust fear offers some protection to companies like Netflix.

I wonder if health insurance companies have the same protection given Amazon's moves into the space. [0]

[0] https://www.geekwire.com/2019/amazon-jpmorgan-roll-new-healt...

gist(2296) 4 days ago [-]

> DigitalOcean continues to be a high-growth business with $275M in [annual recurring revenues] and more than 500,000 customers globally. Under this new organizational structure, we are positioned to accelerate profitable growth by continuing to serve developers and entrepreneurs around the world."

If not obvious this can be translated as positioning the company so it can be acquired by a larger entity for it's customer base and remaining employees.

> It says it works with more than 1 million developers across 195 countries.

I always love marketing statements like this. For sure 1 million is a large number. But what makes someone a 'developer'? It's not something defined like 'Physician' or 'Pilot' or 'Attorney' which require some type of certification to use the title. To DO (in terms of the marketing) a 'developer' is almost certainly only someone who signed up for an account and perhaps (as with other web properties) multiple accounts.

(I have used DO and was happy although I don't have a need for what they offer anymore).

fareesh(4324) 4 days ago [-]

If they're counting accounts it's definitely much lower. Our firm manages web applications / web services / websites for multiple clients and they all have their own DO account and there isn't 1 developer per account.

We were pretty excited to become part of their partner program but after signing up we realized that if we onboarded new clients we'd have to do it all under a single account, which sadly doesn't work for us because extremely delayed payments are very common, and we'd be fronting hosting costs for everyone.





Historical Discussions: My FOSS Story (January 20, 2020: 782 points)

(811) My FOSS Story

811 points 2 days ago by mfrw in 2230th position

blog.burntsushi.net | Estimated reading time – 29 minutes | comments | anchor

I'd like to break from my normal tradition of focusing almost strictly on technical content and share a bit of my own personal relationship with Free and Open Source Software (FOSS). While everyone is different, my hope is that sharing my perspective will help build understanding, empathy and trust.

This is not meant to be a direct response to the behavior of any other maintainer. Nor should it be read as a prescription on the ideal behavior of someone in FOSS. This is meant more as a personal reflection with the hope that others will use it to reflect on their own relationship with FOSS. There is no one true path to being a good FOSS maintainer. We all have our own coping mechanisms.

This is also emphatically not meant as a call for help. This is about understanding. This is not about a plea to change the economics of FOSS. This is not about brainstorming ways to improve my mental health. This is not about bringing on more maintainers. It's about sharing my story and attempting to increase empathy among the denizens of FOSS.

Target audience: Anyone involved in FOSS.

Table of contents

History

My very first FOSS project was released almost 16 years ago. It was a bulletin board system written in PHP. Pretty much everyone was building those things back then, and it was also how I learned to program. The project originally started as a school project to host online discussions. (This was before schools had anything to do with the web, other than host crappy web sites.) But that quickly became less of a focus as I ran into my very first failure of estimation. It took much longer than one semester to build it. It turned into a labor of love beyond just a school project.

I've personally always found writing code to scratch an itch to be intrinsically rewarding to me. I love all phases of it. Whether it's background research, determining feasibility, laying out my initial plan of attack, obsessing over writing the code and even dreaming about it, I love every minute of it.

When I write code, I don't need to share it to enjoy it. But as my involvement in FOSS increased, it quickly became a natural part of my process that I've mostly continued for 16 years in one form or another. At its core, the thing I love most about it is the act of sharing my code with others in a way that lets them solve a problem more efficiently and effectively than they would have without it. The more utility my code gets, the greater my enjoyment is. It generally doesn't matter to me whether it's just another hacker scratching an itch or a giant corporation doing something interesting at incredible scales.

My FOSS history continued for several years with various releases of my bulletin board and wtcSQLite, which was a cheap clone of phpMyAdmin, but for SQLite.

When I moved to Linux from Windows sometime around 2009, I started scratching more itches, but with Python and X11. This included PyTyle for bolting window tiling onto a stacking window manager, and openbox-multihead, which added my own flavor of support for multiple monitors to Openbox. These projects, combined with doing some research work in Go, led to me building my own window manager in Go, which I still use today.

That brings me to about 6 years ago, which is around the time that I started writing Rust. My first Rust library was quickcheck, but that was followed by a flurry of others: regex, docopt.rs, rust-csv, fst, termcolor, walkdir and many more over the next 6 years.

While the vast majority of my Rust projects are libraries, some of them are command line tools, such as xsv and ripgrep.

While many of my older projects (non-Rust) are effectively dead or maintained by others at this point, I have, for the most part, continued to maintain most of the Rust projects I've started. Those that don't receive maintenance have generally been supplanted by better crates built by others. (Such as crossbeam-channel supplanting chan.)

These days, while I still spend a lot of time coding because I love doing it, I also spend a lot of time reviewing code, debugging issues with end users, responding to feature requests and other such things. Invariably, this means interacting, working and communicating with other humans.

Damned Emotions

When I was a young adult, I'd pride myself on being "logical" and "free of emotional decision making." Like all good lies we tell to ourselves, there's a kernel of truth to it. But for the most part, at least for me personally, I am a deeply emotional being.

Emotions run deep and can be a really useful well to tap for intrinsic motivation. For example, for some time after ripgrep was released, I began to immediately hate touching the code that was responsible for printing search results. It was convoluted, buggy and difficult to change. While rewriting is a perfectly logical decision to make on purely technical grounds only, I was motivated to do it because I didn't like the way it made me feel. My emotion helped drive me to make things better for myself. For example, now that printing is de-coupled and isolated into its own distinct library with thorough tests, I feel a heck of a lot better any time I need to journey into that code and do something. It's still not my best work, but it's a big improvement—at least from an emotional perspective—over the previous state.

Emotions are funny things because they can put you into really surprising states. Sticking with our previous example, would re-writing the printing code on purely technical reasons alone be enough? It's a fine decision to make, but if I'm not motivated to do it, then it might never get done. If it doesn't get done, then the most likely outcomes are that the software stagnates or becomes buggy, or some combination of both. If the emotional reasoning can motivate me to do it, then the rewrite could lead to a much better future where more features are implemented without sacrificing reliability.

Emotions cut both ways. For anyone who has released and maintained some moderately popular piece of software, you will have invariably made contact with other humans. The impact that another person can have on your emotional state can be staggering. A positive gesture or comment can really brighten your day. It's that feeling: yes, sharing my code was so worth it just to help that one person. But as anyone who has been a FOSS maintainer can attest, positive comments are almost always dwarfed by negative comments.

Negative comments aren't intrinsically bad. But they are the natural consequence of sharing your code and inviting others to use it and report problems. When a bug gets reported, you feel that twang of having let that user down. When you wrote the code, you were sure you tested it well enough, but it was still wrong. Will the bug reports never end? How much time did that user just waste because of the bug? How much time will it take me to fix it? Forget that, how much time will take me to just context switch into a mode where I even have a hope of fixing it?

These thoughts can encourage emotions that will eat away at you. And these are pretty much the best case scenario when it comes to negative comments.

Festering Negativity

I quickly learned to get over the feelings of inadequacy after a bug report was filed. Indeed, good bug reports with easy reproductions quickly turn into positive things because they tend to be so rare. Most bug reports lack reproductions at all, even when you provide an issue template that explicitly asks for one. The submitter probably means well, but there's just not enough information to make the bug actionable. And so begins the back-and-forth to determine how to isolate the bug.

For me personally, this is an area where I struggle the most. My emotions get the best of me, because all I can think is: why didn't this person take the time to read and fill out the issue template? Or, in cases where bugs are user errors that could be resolved by just reading the documentation, all I can think of is: I spent this time gifting this user some software, but they can't even read the README before filing a bug report?

It can be maddening. But that's emotions for you. They certainly aren't always rational. The documentation could probably be clearer. Or the user could have just missed that part of the documentation. Or the user doesn't have experience maintaining FOSS projects or filing bug reports and maybe does not know how to provide an easy reproduction. These are all perfectly reasonable things to have happen, and it's why I do my best not to let my emotions get the best of me. While the way I feel is important, empathizing with the person on the other end of the wire is important too.

In particular, while I never write the words, "I invite you to use my code," there are a ton of things I do only because my intent is for others to use my code. I write more thorough documentation than I would otherwise. I write examples for others to follow. I set up continuous integration testing. I write a README that usually explains how to get started. I share a link to my project with others in various places on the Internet. If people accept this invitation to use my code, or an invitation to file bugs by keeping the issue tracker open, then I should also do my best not to punish them when they do. When poor issues are filed, the reporter probably thinks they did the best they could. And so long as they are filed in good faith, I really do try to respond in kind.

This underscores the asymmetry of maintainers and users. For many users who file bug reports, they might have one or two interactions with me. To them, a single poorly written bug report isn't a big deal. But I'm on the wrong end of this deal, because this plays itself out over and over again across all my projects. All the time. Almost every day. Empathizing in this scenario can be extraordinarily difficult, especially if you are already have a bad day. Which happens sometimes.

Sometimes I let my impatience show through with curt replies. I am trying hard to be better about this. It's a work in progress.

Dealing via Boundaries

One of the things that comes from maintaining not just one popular project, but several, is that there is an almost constant stream of bug reports and pull requests coming in daily. Keeping up with it is almost impossible. My brain's cache size is unusually small, so my ability to context switch between projects is generally pretty poor. The general result of this phenomenon is that projects I've touched recently tend to get its issues and pull requests dealt with more quickly, since the project is probably mostly paged into my brain.

But other projects begin to pile up with issues and pull requests. The inbox gets longer. Each day you see a new issue come in, and you say to yourself, "yes, I will really look at it this time once I get home from work." But more just keep coming in. Eventually you work up the motivation to context switch back into that project because That User has pinged you once a month for four months and their pull request is probably Really Important.

Sorry, that last sentence had a bit of snark in it, but it's also sincere. The asymmetry of users and maintainers strikes again, but I do genuinely want to clear the pull request queue and keep the project moving. I want to bring in That User's contribution because I not only want them to keep using my code, but I want them to be happy about it too. In many cases, it might only take me an hour or so to work through the pull requests and actionable issues.

But those 4 months weren't pleasant because I felt bad seeing those issues languish in my inbox.

The solution that I've adopted for this phenomenon is one that I've used extremely effectively in my personal life: establish boundaries. Courteously but firmly setting boundaries is one of those magical life hacks that pays dividends once you figure out how to do it. If you don't know how to do it, then I'm not sure exactly how to learn how to do it unfortunately. But setting boundaries lets you focus on what's important to you and not what's important to others.

Obviously, a balance must be struck. Setting boundaries doesn't mean you get to focus only on what's important to you to the exclusion of everyone else 100% of the time. But the ability to put up that wall and say, "No, I'm not doing X but I'd be happy to do Y" has really done wonders for me. The secret, for me, is to give reasons that are impossible for others to argue with by grounding them in your own experiences and preferences.

So what does this have to do with FOSS? The key, for me anyway, was being able to put up a boundary between myself and unattended issues and pull requests. I had to find a way to say to myself: "I am volunteering my time and it is okay if I don't respond in a timely manner. I trust that most other people will understand this and be reasonable about it."

Another dimension of this appears through feature requests. Sometimes a feature request might generally make sense for your project, but the maintenance burden it implies could be large. I taught myself to set boundaries: it's okay to say no to a feature solely on the grounds that you don't want the added maintenance that comes from it. As has happened with me many times, you might change your mind in the future! For example, if the relevant code improves to become more maintainable, then you might find your willingness to adopt more features increase. But if not, then I do my best to recognize my boundaries and decline to give myself more work that is emotionally unfulfilling.

I wish I could write down the process I went through that allowed me to set firm boundaries and stop feeling bad about issues piling up. It doesn't alleviate the bad feelings completely, but it goes a long way.

Rudeness

The obvious trolls are generally pretty easy for me to deal with, assuming their volume isn't too high. Low effort trolls are just other people with an obvious agenda to try to make you feel bad. Trolls generally don't have anything invested and so their commentary has little weight. Or at least, that's what I say to myself as a coping mechanism. Typically, I deal with trolls by reporting them to GitHub staff and blocking them. In general, I appear to be fortunate in the sense that I deal with these sorts of trolls very infrequently.

Rudeness, on the other hand, comes in all shapes and sizes. My emotions compel me to have a fairly rigid sense of decorum, so some might not consider all of these things rude. But I do. Or at least uncouth.

  • "Your tool doesn't work [for my niche use case], therefore it is broken."
  • "Just chiming in to say that I would also really like this feature." (N.B. Some folks seem to be getting hung up on me calling this "rude." Rude is perhaps too strong of a word, but when these sorts of +1s pile up in an issue, it just adds more noisy email notifications and can get annoying. Instead, emoticons or perhaps adding a bit more detail to your specific use case is welcome. But of course, this is pretty minor in the grand scheme of things, and I do see this as partially on me to just let slide more.)
  • Insisting that implementing a feature is "just a simple matter of doing X."
  • Passive aggressiveness when you opt to pass on a feature request.
  • Unconstructively whining about software on [insert social medium here].
  • Some low effort variation of "why are you reinventing the wheel" or "why not contribute to an existing project instead."

In many cases, rudeness is the result of genuine frustration on behalf of the user. How many times have your cursed under your breath when a tool you were using didn't behave like you think it should? It doesn't matter that the tool was probably gifted to you for free. You're just trying to solve a problem and the tool is getting in your way. I've certainly felt this way, and in my opinion, it seems like a totally normal human emotion to have.

Sometimes this rudeness gets the better of us and ends up being expressed in less than productive ways. I know I've certainly done it, and I've certainly been on the receiving end of it as well. It's incredibly frustrating for all those involved.

In other cases, some people are rude without knowing it. This could be because of a language barrier, or because they just weren't aware of how their words might make someone else feel. It's totally innocent, but it doesn't change how it makes me feel when I'm on the receiving end of it.

Tackling this sort of rudeness can be really difficult. You might be someone who is unaffected by it. I am not one of those people. I could pretend I'm unaffected by it, but I'm pretty sure that would lead to resentment towards FOSS and more frustration.

This is where setting boundaries has helped me again. Again, putting aside trolls, the vast majority of people who are rude generally turn out to respond fairly well if you politely call them out on it. I've done it many times on my issue trackers, and it has generally improved the situation. I don't feel resentment because I'm doing something to defend myself, and I feel better when the other person apologizes, which is the case the vast majority of the time.

Doing this can be as simple as, "I don't appreciate the way you said X. I think it would be much more productive if we left that sort of thing out in the future."

Now, in some cases, folks don't respond well to this. In my experience, they usually ignore it. If they keep on being rude, I might repeat myself a couple times, because sometimes folks need to hear something more than once for it to sink in. At least, I know I sometimes do (much to the displeasure of my wife). If this still doesn't work, and I am still bothered by how they're talking to me, then I end the interaction. It might be as easy as closing or locking an issue/pull request, or might be as extreme as blocking them on [insert social medium here].

Entitlement

A long time ago, I was talking to some of my closest friends after they had traveled abroad. They had just recently come back to the United States and shared a small story of culture shock. The punch line?

I had never realized how much Americans like to should you to death.

Now, whether this is actually a property of American culture—or perhaps a property of the company we keep—is not a point I wish to belabor. The point is that, as humans, we love to talk about what other people should be doing. I grew up on the receiving end of this—especially from people in various positions of authority—and have a really innate distaste for it.

I'm pretty convinced that most people don't even realize they're doing it. Or more charitably, they're probably not trying to inject themselves into your life to tell you that they know better, but rather, are just trying to offer advice. At least, that's what I'm told if I call people out in particularly egregious cases of being should'ed.

Backing up a bit, using the word "should" isn't necessarily bad on its own. One thing that I think really changes its dynamic is whether it's invited or not. If you ask someone for advice on a topic, and they use phrases like "yeah you should do X," then it doesn't quite sound as bad. But when it's uninvited, it has a completely different feeling to it.

I've seen or experienced this in FOSS in a number of different ways:

  • You should put out a new release.
  • You should rewrite this in [insert programming language here].
  • You should rename your project.
  • You should [insert major architectural change here].
  • You should change the license of your project.

The almost universally common thread here is the drive-by low-effort nature of the advice. The advice might actually be something that's a really good idea. But there's a certain entitlement that's showcased here's that's hard to overlook when someone spends so little time making a suggestion that has potentially huge ramifications for your project. Thoughtful advice is almost always welcome from my perspective, but when someone thoughtlessly tells me I should do something that would imply me spending lots of time on it, it can be really grating.

While I still haven't mastered my ability to respond to this sort of commentary, I do my best to continue to establish boundaries. I have two coping strategies for this:

  • For particularly common ones, like "when is the next release?', I declare that my free time is unscheduled. It helps to put it in a FAQ-like document.
  • Otherwise, I try to apply the principle of proportion. If you give me one or two sentences thoughtlessly asking for something huge, then I'm only going to spend one or two sentences in response.

To reiterate, this type of commentary can sometimes lead to productive things happening. For example, when I first started open sourcing projects in Rust, I used the UNLICENSE exclusively. On one occasion, I got a drive-by comment effectively telling me to use a "working" license instead, along with some (what felt like) condescending lecture on how licensing works. I didn't respond well to this and was incredibly frustrated by it. It turned out the general advice was good, however, it wasn't until someone else more thoughtfully brought it up that I actually decided to act on it.

In retrospect, it could seem like I was being petty. Like I was refusing to do something that was better just because I didn't like the commenter's tone. But that wasn't how I lived it. Since I immediately took the defensive, my emotions just did not let me think clearly about it.

The lesson here is that being thoughtful in one's communication is important to advance your cause. If you're thoughtless, even if you're correct, you risk working against your own ends because the person on the other end might not be able to look past your thoughtlessness.

Other Thoughts on Entitlement

I don't think I've seen anyone (other than obvious trolls) sincerely claim a real entitlement to my labor. That is, I've never had to actually quote the "AS IS" warranty disclaimer in my licenses. Laws are not often good tools to explain social norms. As a maintainer with open issue trackers, I am implicitly inviting others to file bugs. At some level, even the act of opening a bug is a form of entitlement, since there's some expectation—or perhaps hope—that by reporting the bug, it will get fixed and benefit everyone. Indeed, that is my intent with having an open issue tracker: I want people to file bugs and submit pull requests, with the hope that they will get fixed and merged.

There is no legal relationship here. There is nothing in my licenses that say I ought or have to do this. At least for me, it's an implied agreement among humans acting in good faith.

Trust

And that brings us to trust. Trust is an important value in FOSS. Not only do I do my best to be discriminating in who I trust, but I also try to act in a way that allows others to trust me.

One of the benefits of FOSS is its decentralized nature. You have tons of people working in their own little corners with their own little specialties. Using FOSS has an amplifying effect, because it lets you build on what tons of us have already done. It absolves you from needing to build literally everything you need, and instead lets you start focusing on solving your particular problem more quickly.

As someone who uses FOSS and tries hard to be discriminating with the dependencies I use, it is just not possible for me to review every line of code I depend on. Even if I could somehow manage to read it all, I certainly wouldn't be able to understand it all in enough detail to be confident that it was doing what I thought it was doing.

This is where trust plays a huge role. Trust serves as a proxy for evaluating some dimensions of the code I use. It helps me answer questions like:

  • Is there a reasonable expectation that the code will behave as advertised?
  • Will bugs be fixed in a reasonable time frame?
  • Will the project continue to be maintained going forward?
  • Does the project use good judgment when it comes to balancing competing concerns?

These are hefty things to levy upon a FOSS maintainer that performs their duties in their free time. Regardless, these are table stakes for being a trustworthy maintainer. Now, I do not need to use dependencies exclusively from maintainers that I trust. That wouldn't be practical. Instead, trust is just another criterion I use to evaluate which code I use. If the code is written by someone I trust, then I'm much more likely to bring in a library written by them that tries to solve a hard problem, or otherwise tries to walk a fine line when it comes to balancing trade offs.

For example, I might not be willing to use a JSON parsing library written by someone that I don't know that also used questionable performance optimizations. But I could be convinced to overlook the lack of trust by either reviewing the code myself, and/or the documentation for the project was excellent. Still, it's a risk.

Either way, as a FOSS maintainer, I want to be seen as someone who is trustworthy. That is, I care about my reputation. This is dangerous business in this day and age, since social media is able to destroy a reputation almost instantly. I'd be lying if I said that wasn't a constant fear gnawing at the back of my mind. But it's important, for me, not to let fears like that prevent me from doing what I love.

Having people trust me as a programmer is an enormous responsibility and one that I do not take lightly. But that trust means others are going to be more willing to use my code, which is ultimately what I want through my participation in FOSS.

Better Than It Sounds

So far, I've focused a lot on the negative. Any reasonable person might ask, "why do you subject yourself to this?" In fact, the vast majority of my communication with others in FOSS is fairly neutral. There's a good amount of overtly positive communication as well. And when negativity arises, most folks are quick to apologize when I enforce my boundaries. On one occasion, someone felt bad enough to send me a gift card (which I donated) along with an apology.

In order to be concrete, here are some of the things I enjoy about being a FOSS maintainer:

  • Hearing how people are using my code. And especially, hearing about how it helped them. I think my favorite anecdote was, "Yeah, we dropped your library into production and it pretty much just worked. No complaints."
  • Getting a good bug report with an easy reproduction.
  • Getting a good bug report that is hard to get a reproduction for, but with a reporter that is eager to help me debug with them. The best cases are almost like an asynchronous pair programming session, each trying to solve a mystery.
  • The feeling of updating a changelog, no matter how small, just before a release. It's nice reflecting back on the work that has been done, not just by myself, but by others.
  • While my time constraints usually prevent me from doing this, I love mentoring eager learners, no matter the experience level. I wish I could do this more.
  • When contributors help me find simple solutions to thorny problems. This happens a lot more than you might expect, and it's lovely when it does.
  • Writing regression tests. There's nothing like encoding the knowledge that a user's bug cannot re-appear.

I think what ends up happening—and this isn't exactly an original insight—is that the negativity eclipses the neutral and the positive. The negative interactions stick in my memories and make it difficult to remember all the good that has come from being a FOSS maintainer. Even sitting down and writing the list above helped me remember how much positivity there is in FOSS. It was almost cathartic.

Conclusion

Being a FOSS maintainer has given me a lot of interesting experiences. Some bad, some good. I've tried to express some of those experiences in this article with the goal of helping everyone understand each other better. This article doesn't necessarily generalize because these experiences are told through my perception of the world. For example, my individualist perspective on life greatly colors how I perceive FOSS. Namely, it's largely a personal endeavor for me, rather than a more altruistic attempt at improving a public good. A different perspective could greatly change how one experiences FOSS.

My hope is that others will use these experiences to reflect on their own and perhaps the experiences of others. I think this process can lead to greater empathy and an overall better experience for everyone.

In this article, I listed a lot of behaviors that I considered negative. Not everyone will see them as negatively as I do. That's okay and expected. More to the point, I am certainly guilty of committing some of those negative behaviors myself. We are not perfect and we will never be able to be purely empathetic 100% of the time. This is a game of inches and my hope is that we can do better, even if it's just a little bit.




All Comments: [-] | anchor

lqs469(10000) 1 day ago [-]

Just like the author of actix-web decides to exit from his popular Rust open source project recently(https://github.com/actix/actix-web). As a maintainer of large open source project is not a fun task. whatever mental or physical, it's really a hard job.

Respent for every maintainer and contributor, it's not easy. You can read some issues in the repository, the authors of some issues are just complaining or criticizing the idea or bug, it's unfair and rude. in the end, hurt maintainer's passions. Every developer should know it and respect it like the README or guideline before posting issues or comments.

It's a fantastic post about the analysis of OSS maintainer, Respect for Mr. Gallant.

xiaodai(4219) 1 day ago [-]

Pay the maintainer!!! We need Software Institutes fund by the United Nations for maintaining open software

rectang(3332) 1 day ago [-]

I wish there was a well-understood convention to opt out of 'social coding'. A way to put up a project under an open source license (or CC0/public-domain) along with a notice that says effectively, 'feel free to fork, but don't file issues or submit patches.'

You can put that in a README, but people won't read it. Github won't let you disable i̶s̶s̶u̶e̶s̶ ̶l̶a̶s̶t̶ ̶I̶ ̶l̶o̶o̶k̶e̶d̶ pull requests, unless you archive the project (making it read-only). Is it possible on one of the other hosting services, like Gitlab?

We need better ways to draw boundaries around open source projects and contributors.

ETA: How can we counter the Bullshit Asymmetry Principle? https://en.wikipedia.org/wiki/Bullshit#Bullshit_asymmetry_pr...

> The amount of energy needed to refute bullshit is an order of magnitude bigger than to produce it.

zozbot234(10000) 1 day ago [-]

This is what we call 'unmaintained' software. 'Unmaintained' may sound like a value judgment, but it's not - it's exactly what you're talking about; a project where any attempt to contact the putative maintainer is likely to be ignored altogether, and the 'proper' channel for enhancement involves forking it and perhaps maintaining a version yourself.

twic(3502) 1 day ago [-]

  echo 'Don't' >CONTRIBUTING
  git add CONTRIBUTING
  git ci -m 'Clarify that contributions are not welcome'
  git push
Chris2048(3596) 1 day ago [-]

A 'license' covers the legal situation, maybe we need a 'social statement' or something to that effect that communicates the authors philosophy?

massysett(4336) 1 day ago [-]

Use the "No Maintenance Intended" badge:

http://unmaintained.tech/

Cthulhu_(3970) 1 day ago [-]

There are some projects like that on GH but they're marked as abandoned or clones of e.g. Linux. I understand where you're coming from but whatever it is you've open sourced won't be very popular, because open source software is less about technical excellence and more about popularity, market- and mindshare.

I mean I'm trying to pick an alternative to Ant Design (because Chinese) and there's a billion of them, but I'm having trouble deciding which one is the best option - Bootstrap, because most stars? Material UI because it shows up high in search results? And there's at least dozens more that will be objectively better (on a technical level) which I'll probably never see, and which I'll probably never use (because low popularity means low engagement and no guarantees that it'll still be around and maintained a few years down the line).

ddevault(505) 1 day ago [-]

You can do this on SourceHut, just make a git.sr.ht repo and don't make anything else (ticket tracking, mailing lists, etc, are opt-in).

On GitHub you can disable issues but not pull requests.

zamadatix(10000) 1 day ago [-]

GitHub let's you disable Issues but not PRs. Not sure since when.

dTal(3910) 1 day ago [-]

I'd be rather suspicious of pull requests from people too lazy to read the README, anyway.

letstrynvm(10000) 1 day ago [-]

Assuming the author uses their own software, disabling the ability to hear about problems with it before you trip over it themselves is counterproductive. The minority of users would fix it and offer a PR in my experience, more would be willing to drop the author a note in an issue.

Unfortunately that useful information comes mixed in with, eg, users who think the author's time is worth so much less than theirs (didn't the author demonstrate it was worth nothing by offering this work for free?) they want hand-holding for every little thing. The author can put it in README.md and point these guys at it when closing their issue.

imhoguy(4106) 1 day ago [-]

I would leave PRs available. Repo owner has no obligation to merge PRs however forks can still make use of upstream repo's PRs. That haplens usually when unmaintained repo accumulated a lot of popularity.

beigeoak(10000) 1 day ago [-]

John Carmack had a similar issue. He solved it by calling the software 'sample code' instead of 'open source'.

Sean1708(10000) 1 day ago [-]

> Is it possible on one of the other hosting services, like Gitlab?

Looks like you can on GitLab under 'Settings' > 'General' > 'Visibility, project features, permissions'.

hvasilev(10000) 1 day ago [-]

I don't really understand why anyone would do FOSS, beyond the ideological. Most of the problems of this person come from the fact that he has no financial incentive / means to quit his current job and focus on / grow his project. I feel like I read this exact same story from different people each month of HN.

dystroy(4290) 1 day ago [-]

> I don't really understand why anyone would do FOSS, beyond the ideological.

Two big incentives that you see in most human activities:

* build something for other people

* try to be recognized

Money is a tool to make society work, it isn't really what people live for. People inherently want to contribute to society.

hootbootscoot(3750) 1 day ago [-]

shared QA, eyeballs on code, consultancy funnel, freemium software, simple ego kicks, getting a proof-of-concept in front of a bunch of people interested in that specific sort of thing, the list goes on...

FOSS, itself, is the necessary lego kit the entire web (and to a lesser extent mobile and desktop etc) rns on... are you suggesting that everyone go buy Coldfusion or ATG Dynamo? the 90's called and want their time machine back...

floatingatoll(4057) 1 day ago [-]

With respect to this post specifically, their reasons are clearly presented in a billeted list at the end, along with a warning that their brevity is not representative of their frequency.

samatman(3894) 1 day ago [-]

I get paid to <shrug>.

When I didn't, it was a fun hobby. One that lead directly to my job, so there's another incentive for you. Enjoying oneself is also quite sufficient.

There's a significant and growing free-rider problem with open source software, but your not understanding why people do FOSS is on you. It's not difficult to understand.

Andrew_nenakhov(10000) 1 day ago [-]

I can fully sympathize with this. We have an open-source app on Google play, and the amount of dirt flying at us from users is astounding. What makes matters more funny, app is a client, so most of the problem are related to improperly configured servers. Also, since Google play allows users to leave ratings, every jerk feels entitled to award you 1/5 rating for every minor glitch he experiences.

We have learned to ignore this, and adopted a policy that we just don't care about ratings. If the user is asking for help in a polite way, we help him however we can, for free. If he is an entitled jerk, we just mock him for being entitled.

Of course, then some start ranting how immature our behavior is are and how we must learn to treat our 'customers' better. Of course, right.

dTal(3910) 1 day ago [-]

I am curious if your open source app is on F-Droid, and if so do you find a better class of user there?

Slightly off topic - I can understand that people publish on Google Play to get reach, but it's upsetting when open source projects make it their sole binary distribution mechanism. It is strange to mandate that the user adopt the model of centralized control by Google, when 3rd party binary distribution is just as well supported on Android as any other platform. This goes for any app, of course, but open source apps in particular ought to know better (and with F-Droid, need not even host the files themselves).

AnIdiotOnTheNet(4023) 1 day ago [-]

There's a reasonable amount of FOSS developers here, so let me ask a question.

Often times I'll run across a FOSS project that claims to solve a problem I have, encounter a bug that makes the project useless for my purposes, and discover that said bug has had an open entry in the issue tracker for years. This even occurs in major FOSS software with paid developers working on it.

Clearly no one actually cares about the bug, and 'chiming in' is apparently considered rude. So I ignore your software and move on. Whatever, you don't owe me anything.

Then some day I respond to a forum post by someone asking about experiences with your software, and relate mine. Apparently this is also rude, and I should have filed a bug report.

I guess my question is: is there any scenario under which one can actually provide feedback other than praise that you will accept?

burntsushi(3343) 1 day ago [-]

> Clearly no one actually cares about the bug, and 'chiming in' is apparently considered rude.

I clarified this a bit more in my article.

> Then some day I respond to a forum post by someone asking about experiences with your software, and relate mine. Apparently this is also rude, and I should have filed a bug report.

... that is definitely not what I said. What I said was this:

> Unconstructively whining about software on [insert social medium here].

I'm not sure how this means you can't post constructive critical feedback. That's certainly fair game.

JangoSteve(3153) 1 day ago [-]

I maintain some open source projects, and honestly, I've never considered chiming in on an open bug ticket rude. I also have never considered relating your experiences about my project on a forum rude, either. Don't get me wrong, I've had plenty of negative experiences with rude posts from users, but neither of these qualify to me unless the posts themselves are rude.

Something like this is fine with me: 'I'm having this issue as well. It's unusable for me without this feature, because my use case is such that...' In fact, this is downright helpful, because I may be able to offer an alternative solution using already-implemented functionality.

Here's the same post, but rude and unhelpful: 'I'm having this issue as well. This project is useless without this.'

People often judge the merits of a project based on their own use-case and nothing more. If they can't use it for their use-case, they can't imagine any other use-cases where it's useful, and so the project is deemed useless (or some other hyperbolic, universal judgement of worth).

justin_oaks(10000) 1 day ago [-]

For awesome FOSS projects, like ripgrep, I wish there was a way to donate praise or goodwill, in addition to donating money. In other words, people can write in a special area dedicated to words of appreciation and gratitude. All those FOSS maintainers need to know just how much positivity there is.

Obviously it won't fix the damage of those who are rude or entitled, but perhaps it'll help provide a boost.

burntsushi(3343) 1 day ago [-]

I appreciate the intent here! For positive vibes, I think emails or social media is good. But for money, I'm not sure it would work for me. I'm just going to copy what I wrote in r/rust[1]:

---

I think the various things people are trying to do to fund open source contributors and maintainers is a great thing. I love what GitHub is doing with its sponsorships and encourage folks to use that if it helps them.

But for me, I do not want money to get involved with what is right now a volunteer activity that I perform exclusively in my free time. If I accepted money, then at least for me personally, it would magnify a lot of the problems I struggle with in my blog post. I do not want that.

If folks insist, then I generally advocate donating it to a cause they find important. The ones I like are Wikipedia, The Internet Archive and Rails Girls.

---

[1] - https://old.reddit.com/r/rust/comments/er4qrn/my_foss_story/...

k4ch0w(4326) 1 day ago [-]

Burntsushi, Andrew. My man. You don't know me, we have never talked but bro I admire the shit out of you.

Trolls are much louder than lurkers. There are a silent majority of us that know how much time and sweat goes into building free tools. We appreciate what you do because you do it for love of being a hacker and showing everyone else how you did it.

I don't think people realize how hard it is having a day job and then building a huge project people want to use. It's mentally taxing. It sucks even more when it's only negative things. Life is already hard man, why do these people have to keep trolling you? It's enough to make you want to flip the desk and give it all up.

I love reading your Rust code, and seeing how active you are on reddit/hacker news. Going through how you built the Aho Corasick crate and comments on you trying to reverse hyperscans teddy algo. was amazing for me. I spent so many hours that day reading ripgrep source code. I was amazed and what you did and the comments everywhere about why, like why the printer was pull/push. The whole time, I was geeking over what you did so much that you started my love of Rust.

Anyways, thanks for just being you man.

nkelly31(10000) 1 day ago [-]

As I've been learning Rust, I've seen ripgrep held up as one of the shining examples of how to use Rust to create useful, effective tools that new rustaceans should look at.

Casperin(10000) 1 day ago [-]

Burntsushi. Because of your blog post on ripgrep I found a love that I did not know I had (I am just a lowly self-taught frontend developer). I had no idea you could do magic like this with code, and that it could be that interesting. It made all the right wheels in my head spin and it was, and is, love.

I am going back to university (a place a swore never to return to) to learn about algorithms and algorithmic design, starting next Monday. Because of you.

Nobody has had this big an influence on my career, and every time I hit `rg` on my computer I do so with immense gratitude.

Just thought you should know.

santa_boy(10000) 1 day ago [-]

I apologize for not knowing the protocol to say 'Thank You' on HN without additional contribution. So threading on this message. Hope it ok!

Thank you Burntsushi. You rock my world!

codetrotter(3927) 1 day ago [-]

> When I was a young adult, I'd pride myself on being "logical" and "free of emotional decision making." Like all good lies we tell to ourselves, there's a kernel of truth to it. But for the most part, at least for me personally, I am a deeply emotional being.

I've seen this in quite a few people, both online and in the real world – people that think they are all about logic and not about emotions. And in each and every case, I believe they are only fooling themselves in thinking so. Emotions are really powerful and they affect us all in far more ways than a lot of people like to admit.

Love, hate, jealousy, insecurity, and the list goes on.

People are really good at rationalizing their feelings though, so it is easy to get fooled into thinking that a decision or stance we took was based in some objective truth when in reality emotions were steering us.

Yet so many people refuse to accept that this is the case for them just like it is for everyone else. Even though it is blatantly clear to a lot of people around them when they are acting as they do because of emotions.

I think the world would be a better place if everyone admitted to themselves that emotions is a part of our nature. Then perhaps more people would be able to handle their own emotions better, and we would all, including themselves, be better off.

I certainly try to listen to my emotions and to understand how they effect me.

specialist(4337) about 3 hours ago [-]

Values, esthetics, craft, experiences, priorities, and whatnot.

All the stuff that's neither logic or emotion. Which tend to be invisible to geeks.

I came up with gamers. Most very smart, in the high IQ and educational achievement departments. About half were very dismissive of other people's ideas, views. 'I'm smart and logical. You're wrong. Meaning you're dumb, illogical, or worse, emotional.'

faitswulff(3516) 2 days ago [-]

By no means a summary of the article, but I liked these passages in particular:

On emotions:

> When I was a young adult, I'd pride myself on being "logical" and "free of emotional decision making." Like all good lies we tell to ourselves, there's a kernel of truth to it. But for the most part, at least for me personally, I am a deeply emotional being.

> Emotions run deep and can be a really useful well to tap for intrinsic motivation. For example, for some time after ripgrep was released, I began to immediately hate touching the code that was responsible for printing search results. It was convoluted, buggy and difficult to change. While rewriting is a perfectly logical decision to make on purely technical grounds only, I was motivated to do it because I didn't like the way it made me feel. My emotion helped drive me to make things better for myself.

On communicating thoughtfully in order to communicate effectively:

> ...being thoughtful in one's communication is important to advance your cause. If you're thoughtless, even if you're correct, you risk working against your own ends because the person on the other end might not be able to look past your thoughtlessness.

On the fact that even the author can't and doesn't read every line of every dependency they pull in:

> ...As someone who uses FOSS and tries hard to be discriminating with the dependencies I use, it is just not possible for me to review every line of code I depend on. Even if I could somehow manage to read it all, I certainly wouldn't be able to understand it all in enough detail to be confident that it was doing what I thought it was doing.

Pfhreak(10000) 1 day ago [-]

This hit me hard too. Heading into college, I was so confident that it was not only possible, but correct to be an emotionless decision maker. That somehow you could navigate the rational path through every problem.

Turns out I was just an asshole who wasn't self aware enough to understand my own feelings and was making other people around me hurt.

dancek(10000) 1 day ago [-]

This is a great article. I respect every FOSS maintainer for what they're doing and am saddened by the bs I often see them deal with. The article is balanced in describing different reasons for coming off rude--as a non-native speaker of English I've been rude without meaning to, for example. But even if the intentions weren't bad per se, these interactions are an unnecessary burden to the maintainer.

So to reiterate: any bug report or pull request that isn't good will waste the maintainer's time and effort. I wonder if the community could address that. I mean, most anyone could screen issues for tone and the effort taken. We could have a group of volunteers that tag issues worthy of the maintainer's time and explain to reporters how they should improve. That would be a valuable contribution to FOSS.

Setting up the system to do this is not trivial, however. Ideally I'd love to just tag my repos for issue review. I'd wish for the reviewers to be trustworthy. And as a volunteer reviewer I'd want a queue of issues to review, and I'd require some compensation (e.g. a profile page showing how helpful I've been).

I guess the feasibility of this idea comes down to the availability of volunteers. What do you people think?

PS. Burntsushi, if you're reading this, huge thanks for your great software. You're one of the people whose contributions I appreciate the most in FOSS.

burntsushi(3343) 1 day ago [-]

Thanks for the kind words!

You have an interesting idea, but it seems tricky to pull off in practice. To be clear, I'm not necessarily trying to say that low effort issues _are_ a waste of my time, but rather, that is sometimes how _I feel_. I think it would be good to collectively reduce their occurrence---I'm not sure how---but sometimes the choice isn't between 'low effort issue' and 'high quality issue,' but rather, 'low effort issue' and 'none at all.' In the latter case, I'm not sure which I would prefer. Certainly, sometimes low effort issues really do lead to productive outcomes.

It's tough and it's not something that has an easy answer. Some part of it is me overcoming how negatively I feel about them and another part is perhaps others spending a bit more time filing good issues. At least, in my opinion anyway!

jasonkester(2344) 1 day ago [-]

I think the author is on the right track with his section on Setting Boundaries.

Personally, by the time I release something as open source, it is Finished. That is, it's feature complete and working to my satisfaction, and as far as I'm concerned probably won't need much in the way of improvement going forward.

So while I do occasionally get feedback from people using it, there's never any pressing need for me to do anything about it. There have been a handful of genuine bugs over the years, but mostly it's requests for features that I don't need, and therefore probably won't add.

Occasionally somebody will go as far as adding one of those features themselves, including a patch or PR with the addition. Thus far, all of those cases have been for stuff I hadn't personally seen as necessary, so my only response is to politely decline and suggest the author forks off his own version if he wants to publish that change.

My philosophy, in short, is that the code I release is out there to use if you want. But it's not something that needs 'maintenance'. It's Finished.

blub(4259) 1 day ago [-]

Yours is the only mentally healthy attitude one can have today in regards to open source. The character and audience of OSS have changed and increased respectively.

It was quite sad to read this post for me, because I can see that the author has partly interwoven their sense of self-worth with their OSS work. The whole blog is a painful balancing act between speaking their mind and being polite which can only end in more grief for them until they let their displeasure show.

This is not coincidentally the impression I also get from the larger online Rust community. They repress their feelings, always trying to be prim and proper in their interactions, but those normal(!) negative feeling are still there and vent in bizarre ways, such as bothering random Rust developers the other day because their code is not 'safe enough'.

dunkelheit(4292) 1 day ago [-]

I used to maintain a fairly popular and important open source project and I can definitely empathize with lots of what Andrew has written.

What always fascinated me is just how much the form of a request impacted the probability that I would spend energy to help. Someone who submits a polite and well thought-out bug report just makes you want to help them. OTOH someone writing 'Hey when will you fix your stupid bug? My startup has already lost $XXX in revenue because of you' just fills you with schadenfreude and makes you want to troll that person, even if the request is essentially the same in both cases. Some users just don't understand how much they undermine their requests. This kind of attitude may work if you are a boss or a customer, but open source runs on common courtesy.

One bit of the article that I disagreed with is classifying 'Just chiming in to say that I would also really like this feature' as rude. Yes, it is passive aggression, but it is better than active aggression and still provides a bit of valuable information. Open source at its best is like a swarm of locusts devouring the problem domain and for this to work information must flow from users back to developers.

Oh, and thanks for your open source work, burntsushi!

JediWing(10000) 1 day ago [-]

Yeah I agreed that this call-out seemed out of place. I wouldn't even categorize it as passive aggressive. I see it as attempting to give input as to what ought to be prioritized. The intent seems positive to me as long as it's not pushy.

Now, maybe the maintainer doesn't want this form of input, or prefers to have the input in the form of issue voting, etc. Overall though I don't see the action as inherently rude.

Then again I'm not a major project maintainer.

zzo38computer(10000) 1 day ago [-]

I see that ripgrep is dual license by MIT license and the Unlicense. I suppose that might be a reasonable way to do it. All of my software is I release it as public domain, but maybe the dual license might help. A variant I have seen is a program that uses MIT license, but it also says that any Discordian pope (which is anyone) is allowed to grant themself a license to use it by WTFPL (which effectively makes it as public domain, even if it isn't).

Free time is unscheduled is I think reasonable and it make sense. But also you might have nothing to change for some time, so until then there would not have any next release.

I write many programs too, but rarely get any comments, whether positive or negative or neutral. (One exception is my 'bystand' NNTP client; I have received a patch to make it work on BSD, and some bug fixes, which I have accepted.)

And to write a FAQ document, I think you would need to know the questions.

samatman(3894) 1 day ago [-]

If you want your code to be maximally useable, slap an MIT or BSD license on it. Anything else is commentary; the Discordian pope one makes me smile, to be sure.

But yeah, public domain isn't well-defined internationally, so MIT and public domain is more permissive than just public domain, in practice.

oefrha(4158) 1 day ago [-]

> For me personally, this is an area where I struggle the most. My emotions get the best of me, because all I can think is: why didn't this person take the time to read and fill out the issue template? Or, in cases where bugs are user errors that could be resolved by just reading the documentation, all I can think of is: I spent this time gifting this user some software, but they can't even read the README before filing a bug report?

This resonates so much. Users who blatantly waste your time despite multiple cues steering them towards actionable bug reports are worse then trolls or haters IMO. (I use issue templates, with all caps and explosive emojis, and I even put specific actionable wiki links in error messages, but some people still insist on opening barebones "doesn't work" bug reports. Or duplicates. People open duplicates when there are like three open issues in total and one is clearly the same issue as theirs. What the hell?)

With trolls or haters you can simply drop the ban hammer, easy. With this kind of high-maintenance users, it's hard to decide whether you should waste time helping them, or simply refuse action until they get their act together.

> It can be maddening. But that's emotions for you. They certainly aren't always rational. The documentation could probably be clearer. Or the user could have just missed that part of the documentation. Or the user doesn't have experience maintaining FOSS projects or filing bug reports and maybe does not know how to provide an easy reproduction. These are all perfectly reasonable things to have happen, and it's why I do my best not to let my emotions get the best of me. While the way I feel is important, empathizing with the person on the other end of the wire is important too.

Honestly it's hard to empathize with users who can't follow "run command with --debug, post entire output" or who don't bother to read anything when the error message clearly says "here's a wiki article for your specific error, read it before reporting a bug".

rrix2(10000) 1 day ago [-]

Until recently I was working for a large startup where I would see this kind of behavior constantly. Join a inter-team developer-support channel, send a 'I'm seeing errors from your service' and wait for you to respond. One time I ended up chasing the error back to a deployment done by the person sitting next to the reporter.

We also had a helpdesk-style support chat for our developer tooling, complete with a bot that would respond to common error messages with links to solutions and people would STILL directly message engineers that supported the tools asking for help on trivial build issues or inability to use command line tools.

It was sort of baffling to see, its not like its any quicker than doing the right thing, it was simply people being lazy. Some of it's an Eternal September, too, I think.

lordleft(3532) 2 days ago [-]

What a phenomenal article. It's shocking how entitled people get about 100% free software. Some really emotionally intelligent insights here.

gitgud(3184) 1 day ago [-]

Looking back, I've written some regrettable github issues with a lack of respect for the maintainers.

What I've learnt is that if you want something done then ask politely, if you want something done now then try and do it yourself. That's the inherent beauty of open source.

Myrmornis(3911) 1 day ago [-]

Thanks burntsushi for this and all your work on FOSS. There's one thing that I'd be interested to hear about that's not in the blog post -- stuff to do with how your FOSS involvement and your professional life impact each other. Ultimately it's zero-sum: 24hrs in a day. Do you often find you much prefer working on your side-projects than on your day job? Do you think you'd be a more productive / more engaged / deeper contributor in your day job if it weren't for the side projects? Or is it more that your love of software would suffer if it weren't for the side projects and hence you'd actually be a worse employee? Perhaps those three sentences are bit facile, but hopefully the question is clear.

burntsushi(3343) 1 day ago [-]

Good question. I don't want to dig too deep into it, but at this point in time, I really enjoy the diversity. The stuff I do at work and the stuff I do in FOSS are fairly different and exercise different portions of my brain. I think I fundamentally enjoy having that difference, although it's hard to say for sure.

Even just restricting in to FOSS, I will often oscillate between different projects in order to keep things fresh and avoid burning out. For example, almost a year ago, I started working on a rewrite of one of my Rust libraries. I hit a thorny problem and my motivation waned, so I moved on to something else. I've just recently moved back to continue my rewrite, now almost a year later, with renewed vigor.

sfifs(4330) 1 day ago [-]

While I highly appreciate the contribution Burnt Sushi made, I've personally gone through a not so great experience contributing to one of Burnt Sushi's repositories.

I personally think a major issue is he may have over-stretched in terms of the repos he sought to create and support as a maintainer. He has 140 public repos many of them significant. As his interests, shifted I have experienced that the pace of reviewing and responding to comments and pull requests became really slow and ultimately led to frustration among contributors as well.

Might have been better to clearly prioritize and state which repositories he planned to support and which not and possibly either hand over ownership or mark the repo he didn't intend to support as orphaned.

cylon13(10000) 1 day ago [-]

Oh no, he made too many things for free.

edflsafoiewq(10000) 1 day ago [-]

That was my thought about the 'Dealing via Boundaries' section. The solution of 'defer some maintainer responsibilities to someone else' never came up. When you insist that you have to do everything by yourself, you are creating that massive asymmetry between users and maintainers.

axaxs(10000) 1 day ago [-]

Stop expecting that of him. He wrote the code, and open sourced it. He doesn't owe it to you or anyone to say that he doesn't care about it anymore, though doing so would be a nicety. It's open source. If you feel he isn't maintaining something, fork it and own it. Or pay him to.

cespare(3863) 1 day ago [-]

This sense of entitlement is specifically addressed in the post.

thrwaway69(4320) 1 day ago [-]

This should have been solved ages ago but it isn't. What is the problem with allowing repositories with specific licenses or label to be transferered to contributors after certain length of inactivity?

The one contributing the most gets notified to accept or deny the request.

StavrosK(506) 1 day ago [-]

When reading articles like these I am mostly surprised, because my experience with FOSS has been largely different. I maintain a few semi-popular libraries like shortuuid and catt, but users have always been helpful and courteous, the pull requests have always had the best interests of the library in mind and the users were open to feedback, and the worst I've gotten was users politely asking for support with their particular setup, to which I politely reply that I unfortunately don't have enough time to debug things outside the scope of the code and that's that.

Has anyone else had this experience? Maybe the trouble comes with libraries as popular as ripgrep, or maybe it comes more often to a specific type of person. I'm generally not very patient, so I'd expect to have much more trouble than other maintainers, but I'm also just not negatively affected by bugs and PRs at all. People filing them have taken their time to do it, which means my code is important enough to them to spend time improving it, and bugs happen, so I take bug reports as compliments rather than as personal failures.

Hopefully someone else has the same experience as me, and maybe we can figure out how to generalize that experience for others.

einpoklum(10000) 1 day ago [-]

I maintain a TB extension for removing duplicate messages. It has ~70K users or so (of course, people use it rarely, not regularly).

I always get new bugs or low-score reviews claiming 'the extension didn't detect my dupes!' - when actually the messages are not quite dupes, just very similar, and I have to err on the side of caution when suggesting messages to delete.

So I have to keep explaining this to people who are telling me that my extension sucks or doesn't work.

But - with some other FOSS libraries it's been mostly positive.

burntsushi(3343) 1 day ago [-]

Yeah, not everyone is going to have the same experience. And I'm sure it's at least partially related to your user base. For example, most of the things I build are _mostly_ consumed by other programmers. But what if it was consumed by mostly non-technical users? I'm sure anyone could guess how that might impact your own experience with your users. (I do have some projects, like nflgame, that were mostly targeted at folks who were beginning coders or even sometimes folks who couldn't code at all. The experience was quite different, but overall still positive.)

I think the other thing I'd like to re-iterate is that the vast majority of my interaction with others in FOSS is either neutral or positive. This is kind of what I meant by the negativity overshadowing the positive and how, at least for me personally, the negativity sticks in my memories more than anything else.

elyobo(10000) 1 day ago [-]

This is a really good article.

One thing that I found surprising was that the author considered comments along the lines of 'Just chiming in to say that I would also really like this feature.' to be rude. I would have thought it was helpful feedback; more people indicating the value of a feature seems helpful in assessing whether it's worth doing (if it's not obvious for other reasons).

CathedralBorrow(10000) about 10 hours ago [-]

After thinking about it I agree with him. If you are going to stand up to speak in a community meeting, you should have something more thoughtful to say than 'I agree with what that guy said'.

LVB(1872) 1 day ago [-]

I was mulling over that sentence too. While I'd probably not characterize them as rude per se, those little pings do intrude more than, say, adding another upvote on the issue. I already know there is a lot more that I'd like to do than have time for, and having these personal pleas add a little more guilt to the mix without providing any more substance are often a negative (especially when there are lots of them).

carllerche(4337) 1 day ago [-]

As an OSS author, unless I ask for that feedback, "me too" comments both add noise to my inbox and come off as entitled. It feels like the author of the comment expects me to implement a feature for them because they want it. I don't maintain OSS as a product, I maintain it because it is code that I need for my personal use cases and I benefit by having others participate in QA and feature dev.

This probably does not apply to OSS projects that are products built by companies.

lenkite(10000) 1 day ago [-]

If one doesn't have proper additional reasons for their chiming, thats what the vote button is for. Otherwise the useless text is just taking up valuable screen estate and making people scroll un-necessarily.

Cthulhu_(3970) 1 day ago [-]

I reckon that if you have to process a lot of communications about your project(s), and because you are the maintainer you HAVE to pay attention, comments like that are high noise, low signal, and while one of them is fine, dozens or hundreds of those a day just cost energy without bringing anything back.

phreack(4131) 1 day ago [-]

Thought the same... maybe what he finds rude is the comment itself in cases (like Github) where you can react to the comment with a thumbs up to say the same thing, instead of a new comment that sends a notification and maybe even an email. There needs to be a non-rude way to show support for a constructive idea.

pauljurczak(10000) 1 day ago [-]

Just chiming in to say that I was also surprised by this statement.

burntsushi(3343) 1 day ago [-]

Thanks!

> One thing that I found surprising was that the author considered comments along the lines of 'Just chiming in to say that I would also really like this feature.' to be rude.

I mentioned on r/rust that 'rude' is perhaps too strong of a word. I was more or less thinking of things that annoyed or grated on me, and then just kind of lumped that in with 'rude.' To be sure, I do not get to lay claim to a universal definition of rudeness. :-)

But yeah, I think others responding to you pretty much summed up why it can be mildly annoying. And to be clear, I do think part of this is on me: I'm working on trying to let such minor things like this slide more. It's a process.

atoav(10000) 1 day ago [-]

I help with UX in a FOSS project. When it comes to comments of that kind, the problem is that they are usually quite low effort. The person thought: 'X is a good idea' but never once considered giving proper reasons, exploring other possible solutions, thinking aboit how it should actually look like and so on.

In my opinion a good feature request does all that legwork. The goal (my goal) is to arm the maintainer with a action-plan that they can pull out of the drawer and start working on immidiately. If this doesn't work — seeing that the other side did the legwork can still be motivating and creates a good climate.

Just imagine we are not talking about code, but about cool Lego-towers for a moment. If you want the other kid to add a certain detail to the tower, the least you can do is explain it to them properly. Better is to inspire their creativity alltogether: who says your idea is the only/best way to solve the problem?

DarthGhandi(10000) 1 day ago [-]

The number of big projects with over a dozen identical comments saying 'Same problem' is quite astounding. At what point does the maintainer turn off notifications? 5? 20?

Perhaps the point was that unless you have something useful to add to a GitHub issue then don't comment.

People don't want Reddit style pun threads here and yet to hear complaints about that being enforced, in fact the opposite. GitHub issues is similar in that sense. Everything has its place and time.

why-oh-why(10000) 1 day ago [-]

It depends on the phrasing. If you're just saying "me too" you're just annoying the maintainer instead of adding a silent +1 reaction.

If you add one more use case that might help the maintainer reconsider the feature, then I'd find it acceptable. Sometimes the issue opener didn't explain the utility that well or wrote some example that made it sound like it would be a niche feature and not worth it.

kelnos(3936) 1 day ago [-]

I probably wouldn't call it rude, but I'd say it's definitely unwanted. It just adds annoying noise to my inbox. In my time working on FOSS, it's pretty rare that more 'votes' would make me more likely or more interested in implementing a particular feature. I certainly would have been interested in knowing what features were most important to users, but I think a drive-by 'me too' on a feature request is a poor sample of what users overall really want.

And regardless, for some projects, at some times, you just feel like working what you feel like working on, and more users clamoring for a particular feature just doesn't motivate you.

floatingatoll(4057) 1 day ago [-]

There are two unstated assumptions underlying "helpful feedback" that need to be considered and re-evaluated.

First, the assumption that 'voting' is an appropriate and helpful form of social interaction with someone who has not expressly invited that participation from others.

Second, the assumption that a group expression of a statement is emotionally equivalent to a single individual's expression of the same statement.

These are not universally shared assumptions, especially in open source.

nojvek(4025) 1 day ago [-]

I have mad respect for Andrew (burntsushi). I use ripgrep everyday. Thank you for the awesome tool. Anyone who uses VSCode also uses it since it powers the underlying search.

I made some issues asking for some enhancements and was kindly denied. I like this. It tells me the project is focused. Well I liked it because I got a proper response within 48 hours. Most projects just have things laying there forever.

Andrew, if you're reading this. How do you manage your time to get so much time to write OS code? Also how do you make enough money to be sustainable ?

burntsushi(3343) 1 day ago [-]

Thanks for the kind words! :-)

> How do you manage your time to get so much time to write OS code?

I don't think there's any secret to it. I just love it, so I wind up _making_ time for it. And my life circumstances allow for it.

> Also how do you make enough money to be sustainable?

I work in Cambridge, MA on stuff mostly unrelated to FOSS. I'm very fortunate to live in a location where salaries for engineers are pretty good.

srik(4272) 2 days ago [-]

I came across one of burntsushi's interactions on reddit that's still on my mind. A poster made an unfounded comment, based on their feelings, that a competing tool was faster than ripgrep and when the author rightfully called them out on the improper metrics of said claim and even took the time to explain the unfortunate effects of such claims, they simply responded that they would now flat out drop ripgrep completely. I can only imagine how exasperating multiple interactions of that 'drive-by low-effort nature' must make one feel. How does one even respond to comments like that!

If you are reading this burntsushi, I'm really thankful for ripgrep, a tool I use tons of times almost everyday, as a backend for fzf etc. Definitely a happy user!

Aeolun(10000) 1 day ago [-]

> How does one even respond to comments like that!

I think a large part of it is (at least for me) the inability to believe that you cannot eventually make them see the light.

Sometimes that actually happens. Mostly it doesn't.

thrwaway69(4320) 1 day ago [-]

People are too quick to dismiss other's work when they don't know how hard it is or have done anything significant in the same field. Once dismissed, it becomes a matter of what they feel about it at face value.

To everyone, it seems programmers write 500 words SEO spam posts so not worth much or hard. They can program the same if they wanted to.

(Note - SEO spam posts here refers to subjecive low quality code, duplicate of existing solutions or very similar to what you can do by combining two existing tools.)

Perception or feelings like above are quick to convey so they get conveyed.

Spitting out code is not the hard part of open source imo. It's dedication, commitment, building a community and sustaining feedback. If I am writing software to solve trivial problem, then it wouldn't take me much time but if I am writing software to solve trivial problems for others, It would take me tremendous time to write insignificant piece of code because it needs to be documented, accessible, thoughtful, clean, hosted, testable, branded (naming is one of the hard problems, after all.) and pass through many such criteria.

It doesn't need to but most people who love open source feel this way about their projects.

It's hidden. It's not visible to someone who just created an issue. Somehow we live in meritocratic ideals but forget that meritocratic solution on their own don't get much attention. Without a good readme, a lot of people simply ignore the project. We are actively optmized to go through ton of information that it de-empathizes us to human touch or mistakes. It's quick to notice a typo and make an insignificant comment about it because you can't focus on everything. Anything unexpected is a distraction and we get easily distracted, thus sometime vent on meaningless things.

AlephGarden(10000) 1 day ago [-]

> How does one even respond to comments like that!

Something I struggle with on other internet forums, too. I try to tell myself that I'm not just writing to change the low-effort antagonist's mind, but for everyone else reading the thread, too.

indemnity(10000) 1 day ago [-]

I'm sure almost everyone doing web uses ripgrep daily without realising it, by way of VS Code search or Atom Search.

I've aliased grep to it so that I never have to suffer through slow searches if I type grep out of muscle memory.

Love reading his code too.

michael_j_ward(10000) 1 day ago [-]

In terms of a practical takeaway, how much would FOSS maintainer's lives be improved if you could actually require a runnable example before filing a bug?

celeritascelery(10000) 1 day ago [-]

How many bugs would never get reported? Not saying it is a bad idea, but not all bugs are so clear.





Historical Discussions: Crew Dragon launch escape demonstration (January 19, 2020: 713 points)

(713) Crew Dragon launch escape demonstration

713 points 2 days ago by eps in 4091st position

www.spacex.com | Estimated reading time – 1 minutes | comments | anchor

CREW DRAGON LAUNCH ESCAPE DEMONSTRATION | SpaceX Jump to navigation You are here CREW DRAGON LAUNCH ESCAPE DEMONSTRATION On Sunday, January 19, SpaceX successfully completed an in-flight test of Crew Dragon's launch escape capabilities from Launch Complex 39A (LC-39A) at NASA's Kennedy Space Center in Florida. This test, which did not have NASA astronauts onboard the spacecraft, demonstrated Crew Dragon's ability to reliably carry crew to safety in the unlikely event of an emergency on ascent. Falcon 9 and Dragon lifted off at 10:30 a.m. EST, or 15:30 UTC, with the abort sequence initiating approximately one and a half minutes into flight. Crew Dragon's eight SuperDraco engines powered the spacecraft away from Falcon 9 at speeds of over 400 mph. Following separation, Dragon's trunk was released and the spacecraft's parachutes were deployed, first the two drogue parachutes followed by the four upgraded Mark III parachutes. Dragon safely splashed down in the Atlantic Ocean and teams successfully recovered the spacecraft onto SpaceX's recovery vessel.You can watch a replay of the test below, and learn more about the mission in our press kit.




All Comments: [-] | anchor

irjustin(10000) 2 days ago [-]

Congratulations to the SpaceX and the whole team! That moment of truth when the thrust was lost and the module separated was actually way faster than I had expected. I could barely notice the exhaust plume was smaller and the dragon had already left.

I think it's incredibly satisfying to note that SpaceX is so good at the launch sequence with the Falcon 9 that there were zero delays except weather. With any new rocket system test, I completely expect there to be multiple delays with the countdown.

Again, congrats to everyone and their hard work.

51Cards(3115) 2 days ago [-]

I was also amazed by this until I watched the post press conference. Elon seemed to describe in an answer to Everyday Astronaut that the launch abort sequence was set to trigger at a specific speed/altitude and that it was the abort program that told the engines to shut down. I would like to see that clarified further but I watched that segment twice and it seems that the abort system was in control, and step 1 was shut down the main engine, step 2 - pressurize/start the abort engines, and so on.

astannard(10000) 1 day ago [-]

SpaceX above and beyond with its successful voluntary in-flight abort test. I wonder if Boeing will be doing a similar test?

rrmm(10000) 1 day ago [-]

Boeing isn't planning an in-flight abort test. They selected an approval regime that relied on simulation and aerodynamics studies. They've already completed a pad abort test.

shmerl(3999) 2 days ago [-]

Great result. One thing stood out, in the commentary they sometimes used feet and sometimes meters. Better just to stick to metric to avoid the mess. Reminds me various stories, when mix up between metric and imperial made space missions fail. So SpaceX teams should have stronger focus on avoiding this.

JshWright(3739) 2 days ago [-]

I think you're confusing the public broadcast commentary with the engineering that goes into the actual hardware. There are slightly different levels of rigor involved... (and very different audiences)

lutorm(4300) 1 day ago [-]

Partly this was because it was a joint SpaceX/NASA webcast and while SpaceX normally uses metric, NASA does not.

lhoff(10000) 2 days ago [-]

Podcast recommendation for all german speakers here. Tim Pritlove recently interviewed Hans Koenigsmann (Engineer and Vice President of Mission Assurance at SpaceX since 2011). The episode was released two days ago. They talk about the history of Space X and the future planes (Mars mission and Starlink). Its part of the Podcast 'Raumzeit'.

https://raumzeit-podcast.de/2020/01/17/rz083-spacex/

_Microft(678) 2 days ago [-]

Very worthwhile if one is interested in rockets and SpaceX in particular. The interview was summarized in English on the SpaceX subreddit.

https://old.reddit.com/r/spacex/comments/epzayc/german_raumz...

hi41(10000) 2 days ago [-]

My jaw drops every time I hear about SpaceX and Tesla. How could Elon grasp two extremely different and difficult technologies and build such amazing companies within a decade. I have difficulty learning new things. Some pointers will help. Thank you.

sfblah(10000) 2 days ago [-]

You, my good sir, are a fanboi's fanboy.

soheil(3546) 2 days ago [-]

I think it would be odd if there did not exist a person or two at the extreme fringes of the gaussian distribution of one's achievements. The real question is are there more incredible people even further out on the distribution tail that somehow are not so visible to the public.

nojvek(4025) 2 days ago [-]

He made his billion from PayPal (software) and really went serious to make a dent in hardware.

I really wish more billionaires, govts and VCs poured money into serious hardware and manufacturing.

It really seems like US has lost its edge in manufacturing. 90% of the things in the mall/online seem to be from China.

The economy may be doing great today but really not a great sign of the future.

okareaman(3974) 2 days ago [-]

How To Think Like Elon Musk https://www.youtube.com/watch?v=yXe8JGB4FWA

caconym_(10000) 2 days ago [-]

Yeah, the guy is an absolute maniac and based on what I've heard I would not want to work at either of those companies, but you can't argue with his success. He's broken into two mature markets that have been dominated by massive incumbents for half a century or more. How many business leaders can say the same?

jariel(4333) 2 days ago [-]

'How could Elon grasp two extremely different and difficult technologies and build such amazing companies within a decade.'

Because they're both very well established technologies and there are tons of people with deep expertise in this area.

Space is full of kafkaesque levels of bureaucracy, it's shocking that we haven't been doing this for a long time.

It's the scale of these industries that he's taking on that is mind-boggling, not really the tech itself. It's operational exceptionalism more than anything.

code4tee(3864) 2 days ago [-]

Looks like a total success. Great job.

Tepix(4059) 2 days ago [-]

It looks good so far but we won't really know until the telemetry has been looked at. For example the g-forces on the astronauts could have exceeded the safe limits.

rohan1024(3718) 2 days ago [-]

That was great!

The guys said at the beginning that they are expecting Falcon to blow up because aerodynamics change significantly once the nose separates.

Stupid question, couldn't they just give Falcon it's own nose so that it doesn't blow up after dragon separates? Dragon could have been mounted on that nose.

peterburkimsher(3439) 2 days ago [-]

I think one of the purposes of the test was to ensure that the crew can escape safely from a dramatic fireball. It's hard to simulate throwing shrapnel and fuel at the Dragon capsule without actually blowing up the booster.

However, the Falcon wasn't intentionally detonated! This was also by design; if explosive charges were placed down the side and made it come apart naturally, it would come apart in a predictable way. If you know anything about test-driven development, someone would try to made assumptions about the explosion. By allowing an uncontrolled explosion at the time when the Falcon is experiencing the most extreme aerodynamic forces, it's basically creating a worst-case scenario.

SpaceX successfully proved that the Dragon capsule can escape from that worst-case, and that's great news. It'll be flying with crew very soon, I think.

Ndymium(4312) 2 days ago [-]

I would imagine the escape system is only used when there is something very wrong with the flight. In that case there is usually no hope of recovering the rocket anyway (if it didn't explode, could it make it to the landing site?). The added weight and complexity probably make this a bad trade-off.

nrb(10000) 2 days ago [-]

In the event an in-flight abort becomes necessary, odds are that the craft is probably going to be lost no matter what. Adding additional complexity or weight for a vanishingly unlikely scenario likely isn't worth it to them.

LeonM(4224) 2 days ago [-]

> Stupid question, couldn't they just give Falcon it's own nose so that it doesn't blow up after dragon separates? Dragon could have been mounted on that nose.

There are no stupid questions.

The abort system is only there as a last resort in case of booster failure. So in a situation where the abort system is fired, the falcon has probably already failed beyond the point where it is expected to be able to land.

51Cards(3115) 2 days ago [-]

There is a great thread on r/spacex discussing the logistics around trying to save the booster. In the end it was generally agreed not to be possible.

A VERY brief summary of reasons from memory: deceleration causes fuel to rise up in the tanks likely rupturing them from hydralic impact alone, lack of thrust even momentarily causes the rocket to become unstable end to end, only 3 engines are equipped to be relightable and may not relight because the fuel would be at the top of the tanks, too much fuel mass to burn off before landing, too much mass with second stage, etc.

Elon tweeted out the same, that they played with it and deemed it not possible. As such I beleive the rocket was stripped of landing legs and grid fins too. Was a one way ride only.

_Microft(678) 2 days ago [-]

There will be a press conference at 11:30 AM (ET) on https://www.nasa.gov/nasalive by the way.

One thing that is clear is that the phrase of launching American astronauts on American rockets from American soil will be used. Multiple times. That's as sure as SpaceX livestream hosts using the formulation 'Historic' Launch Complex 39A ;)

rrmm(10000) 2 days ago [-]

All smiles at the press conference, so seems like things went well.

Elon says, Hardware for first launch will be ready end of Feb, but lots of double checks have to happen before launch and schedules lined up for ISS. Expect launch to happen in 2Q.

Elon adds that they need to get the space craftback and check it over to make sure all is well and there is nothing to address.

Elon teases trying to catch the dragon on re-entry to remove some of the constraints a splash down imposes.

ericcumbee(3579) 2 days ago [-]

I've noticed its only 'Historic' Launch Complex 39A, when SpaceX is doing something that could be considered 'Historic', for every day SpaceX Launches they seem to revert back to it just being 'Launch Complex 39A'

ianai(4334) 2 days ago [-]

Anybody suspect this impacts Tesla stock? Not that it should, but as a herd reaction.

greglindahl(3851) 2 days ago [-]

My herd reaction is that I am distressed to see this kind of thread in a SpaceX discussion.

ChuckMcM(536) 2 days ago [-]

This was pretty impressive. It was super awesome that everything worked exactly as it should and it clears the way for SpaceX to launch people to the space station.

What is more relevant for me, is that if NASA follows their own rules, it also means that SpaceX will beat Boeing to having a manned spacecraft capability.

The 'rules' in play here is that Boeing had a requirement of doing a successful unmanned flight. In government contracts this is known as a 'threshold requirement' meaning that it has to be done before the contract can be completed. Boeing also had a parachute deployment failure during their drop test. As NASA (and some members in Congress) have been emphasizing on how important safety is and relentlessly hammering SpaceX over their refueling techniques and their 'history', if they do not want to be seen as hypocritical they should require Boeing to at least achieve a successful unmanned flight to the space station and they could piggy back the parachute deployment test on that flight (and get a twofer, both the parachute test and the end to end flight test.) Requiring that however, will cost Boeing money (they have to pay the expenses for the retest out of their pocket) and more importantly time (they need another launch vehicle from ULA and a launch window). Versus SpaceX which only needs the results of today's test audited and signed off before they can launch their test crew. So perhaps 60 days, 90 at the most before they are cleared to fly people.

So I think it is highly likely that SpaceX gets people up into orbit first. And that is a pretty amazing milestone and it slaughters a couple of sacred cows in the aerospace industry.

The most impressive one for me is that an aerospace company can be started from scratch and beat all established players in capability, cost, and launch cadence. It is both a huge endorsement of SpaceX's approach and a huge black eye for the existing players. Given that the existing companies actually want to survive it heralds some really exciting times ahead for space.

The other thing is that a company has this capability at all. I was talking with some friends about how do you 'value' that in the market? How does it affect the geopolitics of space? What happens when Bigelow aerospace or another 'space industry' partner starts selling access to orbital facilities that aren't government owned and operated?

As far as I'm concerned I wish this had started 40 years ago rather than a bit less than 20, but I'm glad I have had a chance to watch it unfold. Exciting times.

mr_luc(10000) 1 day ago [-]

> As far as I'm concerned I wish this had started 40 years ago rather than a bit less than 20

Absolutely agree.

I bought an 8-pack of used Heinlein paperbacks the other day that I hadn't read since I was a wee lad, which included 'The Rolling Stones' -- a slim volume about a family that live in comfort on the moon, but who get the itch and buy a used spaceship and head off for more exciting parts of the Solar System.

In a paragraph or two it explained gravity well maneuvers and other Kepler-ish things better than current YouTube subject matter experts. It also described, in a sentence or two, that the starships had 3-way voting computer systems, where 3 computers get the same sensor inputs and 2 of them can overrule the 3rd in the case one differs.

To the author, these were basic things that would clearly exist, because of physics.

Sure, it missed some marks -- underestimated the computer, for one; its heroes were still manually 'astrogating' and doing a lot of difficult math to plot their courses, when now we know they could have just played Kerbal Space program ;) -- though I thoroughly enjoyed seeing a reference to them handing their flight plans to a 'programmer' who filed them into a big computer system. Of course, it was imagining a world where we would found a moon base in the 1980's.

But I appreciated the solidity of its underlying premise: that a robust human presence in space was inevitable, because the difficulties that space flight presents, especially once you climb out of Earth's gravity well, are just not that far out of reach.

That spirit was alive and well when that book was published ...

... in June of 1952.

It turns out that, given human nature, we needed a lot of advances in computing to overcome difficulties, some engineering but others that no one could have foreseen -- like the fact that radioactive rockets and the additional power they could bring to the table were effectively off-limits on earth for human and political reasons, or that geopolitical and business reasons would concentrate space investment in areas that could be considered inefficient if conquering Earth's gravity well is your aim.

But they weren't off by that much.

The physics that stared them in the face continue to stare us in the face, and declare: this is doable, folks.

There's no reason humans can't live and work in space on a large scale. We need some vehicles built, but some of them are getting built right now ...

saberdancer(10000) 2 days ago [-]

Was there mention of why they did not do a launch escape while the F5 was at full throttle? I understand this reduces the risk and was probably deemed to be good enough of a test, but I was expecting the test to be 'worst case scenario' or in other words, F5 on full power at MaxQ.

Taniwha(4039) 2 days ago [-]

I think that 'F5 on full power at MaxQ' is not a worst case scenario, it's more like 'flying nominally' - doing it at maxQ is certainly the thing to do - but 'on FS flameout' is more realistic

gpm(10000) 2 days ago [-]

The Falcon 9 never goes through MaxQ at full throttle, throttling down before MaxQ and up after MaxQ is part of the normal flight path. This Falcon 9 followed the normal flight path right up to the point where the abort was artificially induced.

I believe the abort did actually take place at full throttle though, it happened at the point of max drag which occurs shortly after Max Q, and is after the rocket has throttled back up. The intent was definitely to trigger the abort at the worst time during the normal flight path.

growlist(10000) 2 days ago [-]

Being able to watch regular (SpaceX) rocket launches live - including deployment of satellites in orbit and landing of boosters - free, for entertainment purposes, is in my opinion one of the most amazing things going at present. As a demonstration of how far technology has progressed to make this all possible it blows my mind.

Rapzid(4302) 2 days ago [-]

It dawned on me today that this is in SpaceX's best interest based on their development philosophy.

Think about all the bad publicity that Boeing got when Starliner was off course.

But here SpaceX is constantly blowing things up and everyone is just like 'Ah shucks, they will get it next time though.'

A lot of that has to do with how out in the open they have made a lot of these failures and tests. Everybody expects it now and views it in a positive light.

Jamwinner(10000) 2 days ago [-]

This has been a thing since the 1960s. Is this the elon tinted glasses I keep reading about?

elfexec(10000) 2 days ago [-]

It's amazing free entertainment for us and great free publicity for SpaceX. It's one of those rare win-win situations.

chrisco255(4283) 2 days ago [-]

Yeah it's a good point, network television limited the amount of airtime things like this could get in prior decades.

sandworm101(4237) 2 days ago [-]

>> - free, for entertainment purposes, is in my opinion one of the most amazing things going at present.

Except that it isn't. All that classic NASA space footage was shared because it was copyright-free. As products of the US federal government they were not subject to copyright protection. They were transmitted and used everywhere. When 'The Six Million Dollar Man' or 'Buck Rogers' wanted to use NASA launch footage (or USAF crash footage) they just did. No questions asked.

SpaceX footage isn't from the US fed. It is private and therefore protected copyright. It cannot be used anywhere anytime. We all must ask SpaceX for permission. Use it in a manner that SpaceX disagrees with and you can expect lawyers. You wont see the failure footage from SpaceX ever used as nasa footage was used by countless scifi productions.

So no, this is no amazing thing. While modern footage is a visual feast, in terms of freedom it is a step down from what we once had. I think those running TV news networks (or youtube, or any other distribution network) would rather return to the old system whereby they could use footage however they liked. We won't ever see SpaceX crash footage used for much of anything.

What I am talking about. Six Million Dollar Man opening: https://www.youtube.com/watch?v=bGO57y4td-c

Original NASA footage: (Crash at about 2:00) https://www.youtube.com/watch?v=50dDWT48b9M

soheil(3546) 2 days ago [-]

The explosion was unexpected so either they will have to fix what went wrong there, which in turn will possibly effect the design which would then most likely need another flight test if you want to be safe enough or they will let it be as is which would be unsafe?

They expected the splashdown to happen several seconds later than it did. This could mean the capsule was going faster than it should have before its parachute deploy or it didn't slow down enough when hitting the water which would be worse.

Finally the main parachutes where touching each other pretty aggressively it wouldn't seem than unfathomable that two or more of them get tangled up, I don't think there is a backup solution for if that happens.

whoisthemachine(4286) 2 days ago [-]

> They expected the splashdown to happen several seconds later than it did. This could mean the capsule was going faster than it should have before its parachute deploy or it didn't slow down enough when hitting the water which would be worse.

While you can control for variables greatly when you're flying under an engine, I'd imagine it's not so easy to control for environmental variables (such as local variations in wind speed) when you're landing under parachutes. It probably would have been safer for the broadcasters to have had an estimated time of landing with a +/- 20 or so seconds on the display, but I personally doubt landing a little sooner than expected will be a major concern.

inamberclad(4110) 2 days ago [-]

The explosion was fine and expected. They mentioned this in the livestream, although it looks like the FTS and not aerodynamic forces. Either way, it happened after the capsule was well clear.

Regarding splashdown timing, we will see. They've been testing this extensively in the background, and parachutes have been a pain point all around.

extropy(10000) 2 days ago [-]

The explosion was very expected. 'Falcon 9 will likely break apart due to aerodynamic loads immediately following Crew Dragon's escape'

https://www.reddit.com/r/spacex/comments/eq24ap/rspacex_infl...

_Microft(678) 2 days ago [-]

Photos are coming in on Twitter. Thanks to all photographers for the amazing pictures! If you're a photographer and don't want your photos to be linked to from here, please say so.

Official (SpaceX) close-up video of the separation event / IFA:

https://twitter.com/SpaceX/status/1218976479150858241

Great shots of the fireball:

https://twitter.com/GregScott_photo/status/12189514406910730...

https://twitter.com/BrandonHSlam/status/1218923590260645889

https://twitter.com/Mimikry_/status/1218937739590230016

https://twitter.com/_flsportsguy/status/1218930068887613441

https://twitter.com/thelanjampod/status/1218949597231489024 (multiple frames)

Falling booster or second stage (the ratio of black to white hull area is the same on both stages, so I can not tell which one of both it is):

https://twitter.com/mike_deep/status/1218926880381902849/pho...

Impact of said part on the surface of the sea:

https://twitter.com/johnpisaniphoto/status/12189461666389401...

Infrared images:

https://twitter.com/turndownformars/status/12189257207366000...

https://twitter.com/turndownformars/status/12189415996080783...

In-flight abort test appearing on the weather radar:

https://twitter.com/NWSSpaceflight/status/121892435399747584...

https://twitter.com/wxmeddler/status/1218925147861790720 (animation)

Lift-off and others:

https://twitter.com/TrevorMahlmann/status/121896406755938713...

https://twitter.com/RDAnglePhoto/status/1218968896885215235 (viewing angle and height suggests it was taken from the roof of the VAB (vertical assembly building))

Splash-down of the capsule:

https://twitter.com/FutureJurvetson/status/12189766841347153... (strange that Mr. Innsprucker called the parachutes white-orange. That looks rather like red?)

notatoad(10000) 2 days ago [-]

none of those fireball pictures look real - did it actually look like that, or are those photos really heavily processed?

_Microft(678) 2 days ago [-]

Note the official SpaceX video I just added to the list and how gases are vented from the bottom of the second stage shortly after the abort. May that have been overpressure in the tank(s) caused by the hot exhaust of the SuperDracos in proximity of the tanks? So many questions...

_Microft(678) 1 day ago [-]

Late update with slow-motion footage from the booster explosion by Doug Jensen. Look at the timer at the top left, it happens between 01:00:25:16 and :17, this is about 25 seconds into the video.

https://www.youtube.com/watch?v=06svtpboEJs

You can manually set the playback rate to values not available from the video player's menu by using the following snippet in the developer console (it works at least with Firefox, if you are not familiar with this: press F12 and go to the Console tab, there is an input box ('>>') where you can paste it). This here sets it to 5% of normal playback speed (1.0 is normal speed):

    document.querySelector('video').playbackRate = 0.05
whoisthemachine(4286) 2 days ago [-]

While the tried and true method of splashing down in the ocean seems like a reasonable first effort for landing the dragon spacecraft, watching the difficulty the boats have in reaching the spacecraft (the hosts of the stream mentioned it takes them 2 hours!), and the difficulty the SpaceX team had in getting reasonable weather conditions for this test, it seems to me that a propulsive land-based landing would still be a reasonable future improvement to pursue.

fit2rule(10000) 2 days ago [-]

I think you misunderstood the announcer - the recovery takes 2 hours, but that's not how long it takes the boats to get to the capsule at its splashdown location.

The boats get there pretty quickly.

The time required is for safety checks and so on - there's some pretty nasty materials involved in those thruster engines, and all that stuff has to be checked first.

C14L(4266) 2 days ago [-]

NASA didn't require it. There was an early plan at SpaceX to have Crew Dragon land propulsivly, but they didn't pursue it in favor of developing Starship and SuperHeavy faster. That's what Musk said in an interview some time ago.

jessriedel(4092) 2 days ago [-]

Boeing's Starliner lands on solid ground after a normal mission while SpaceX's Dragon lands in the ocean. But that's not relevant to an in-flight abort. Any abort at this stage in the launch (whether Boeing or SpaceX) has to come down over water. That's simply where the trajectory of the launch goes.

busymom0(4107) 2 days ago [-]

> watching the difficulty the boats have in reaching the spacecraft (the hosts of the stream mentioned it takes them 2 hours!)

From my understanding, the host meant that getting the dragon and crew back to the shore would take 2 hours, not the recovery boat to get to them. They could probably even have helicopters around the area which could fly and pick the dragon up.

_ph_(10000) 2 days ago [-]

My understanding is, that the Nasa didn't like the idea of propulsive landing. As the dragon capsule is purely for supporting the ISS, SpaceX has no incentive to spend money on anything they are not using for the Nasa missions. For everything else, they are developing the Starship. If that program goes as planned, the dragon capsule will be used only for a short time, I guess.

grey-area(286) 2 days ago [-]

it seems to me that a propulsive land-based landing would still be a reasonable future improvement to pursue.

They're working on a second stage that can carry a few more astronauts and land itself, it's a bit bigger though ;)

https://www.spacex.com/starship

whoisthemachine(4286) 2 days ago [-]

Interestingly, in the press conference, Musk mentioned that SpaceX would like to try to catch spacecraft, which I would think would reduce some of the water landing costs.

davedx(2341) 2 days ago [-]

If you were the astronaut and it was an emergency that triggered the abort (e.g. the launch vehicle blew up like the Falcon 9 just did), would you really prefer the Dragon tried to land instead of at sea?

Keep in mind it wouldn't be able to choose its landing site either.

mechhacker(10000) 2 days ago [-]

That would require significantly more fuel and a different design, likely limiting the Dragon's crew payload.

This abort happened after the rocket reached max Q (highest dynamic pressure) when it was flying East (and still upward, but to get to orbit you must fly sideways over water). Returning West to get back over land would be fuel prohibitive on a fully loaded crew capsule.

The reusable falcon 9 stages have almost nothing in them when they fly back to land.

See trajectories: https://i.redd.it/xaisqxao5ef01.png

shkkmo(10000) 2 days ago [-]

That was the original end plan, but AFAIK it was mixed a couple of years ago.

"The reason we decided not to pursue (powered landings) heavily is it would have taken a tremendous amount of effort to qualify that for safety, particularly for crew transport," Musk said. "And then there was a time when I thought that the Dragon approach to landing on Mars, where you've got a base heat shield and side-mounted thrusters, would be the right way to land on Mars, but now I'm pretty confident that is not the right way, and that there's a far better approach." [0]

[0] https://spaceflightnow.com/2017/07/19/propulsive-landings-ni...

davedx(2341) 2 days ago [-]

Nailed it!

Can't wait for the crewed launch. Historic moment for the United States space program.

shkkmo(10000) 2 days ago [-]

Any idea when that will get approved?

vsareto(10000) 2 days ago [-]

Why did the booster explode? No thrust causing it to lose direction?

hoorayimhelping(4332) 2 days ago [-]

The pointed nosecone on the top of the rocket came off and it lost aerodynamic stability, and started to tumble. The tumbling caused the fuel and oxydizer to slosh around the very thin (and lightweight) tanks that are not designed with withstand that kind of force. The sloshing accelerated the tumbling. The thin tanks rupture causing the fuel and oxidizer to mix in the vicinity of a lit rocket engine. BOOM.

code4tee(3864) 2 days ago [-]

Given the velocity it was going the capsule popping off the top basically turned the rest of the rocket into a supersonic flying brick. The amount of drag would be enormous and the rest of the ship basically just tore itself apart. As soon as the oxidizer and fuel combined in the crumbing mess you get a big explosion.

That was all expected to happen and why they launch these things out over the ocean. These rockets also usually have a self-destruct mechanism that a range safety officer can trigger if the rocket starts coming back towards land.

HALtheWise(10000) 2 days ago [-]

In addition to the loss of the aerodynamic nose, it also started tumbling simply because the engines were powered off. Modern rockets, falcon 9 included, are not actually aerodynamically stable during flight, and rely on active controls from gimballing the engines to keep pointed in the right direction. Once the engines power down, the rocket has little chance of surviving.

CarVac(10000) 2 days ago [-]

The automated flight termination system may have detonated it due to it deviating from the 'planned' flight path.

It looked too instantaneous and clean of an explosion to have broken up naturally.

fit2rule(10000) 2 days ago [-]

It was intended to be disposed of this way. I too wonder whether it was demolished by way of explosion, or if SpaceX instead used this opportunity to see what a non-optimal flight pattern would do to the structure ..

shkkmo(10000) 2 days ago [-]

It lost it's areodynamic nose cone and so started to tumble.

xt00(10000) 2 days ago [-]

It was somewhat eerie to hear the "stage 1 throttle up" then abort just after that.. reminded me of the "go for throttle up".. some of you may know what I'm taking about.. I'm glad these guys will have an abort system available and testing in flight like this was awesome.. good job spaceX

nrb(10000) 2 days ago [-]

For anyone unfamiliar: 'go at throttle up' was the final communication to/from Space Shuttle Challenger during launch of mission STS-51-L moments before it tragically exploded, resulting in the loss of all crew. The Space Shuttle did not have a launch abort system.

https://www.youtube.com/watch?v=sDnABgxUeV4

beached_whale(10000) 2 days ago [-]

It was really interesting how they setup the main chutes to open slowly to minimize the shock from breaking.

iso1824(10000) 2 days ago [-]

Looked exactly like KSP





Historical Discussions: Reverse engineering course (January 16, 2020: 653 points)

(653) Reverse engineering course

653 points 6 days ago by Edouar1 in 3652nd position

github.com | Estimated reading time – 5 minutes | comments | anchor

Failed to load latest commit information. 0x000-Introduction Windows Chapter Prep 4 days ago 0x100-BinaryBasics Fix 3 days ago 0x200-Assembly fixes sizes of AX/AH registers (#15) 14 hours ago 0x300-Tools More Link Fixes 8 days ago 0x400-BasicReversing More Link Fixes 8 days ago 0x500-DLL Restructure + VirtualMemory 3 days ago 0x600-Windows VMEM 18 hours ago 0x900-Malware Restructure + VirtualMemory 3 days ago DOC Windows Chapter Prep 4 days ago FilesNeeded Restructure + VirtualMemory 3 days ago .gitignore gitignore 7 months ago @BeforeYouBegin.md Fixed Files Needed 10 days ago Credit.md Fixed broken link (#16) 12 hours ago FAQ.md Windows Chapter Prep 4 days ago License.md Rename LICENSE to License.md 5 days ago Lingo.md Migration Fixes 11 days ago README.md Fixed broken link (#16) 12 hours ago TableOfContents.md TOC 3 days ago



All Comments: [-] | anchor

ravenstine(10000) 5 days ago [-]

Always thought reversing is fun. Back in high school and college I would spend days or weeks trying to reverse random software packages I had installed on my system. It was pretty surprising how, with a few tools like OllyDBG, 90% of the software I attempted to crack was actually crackable. Most of Autodesk's software was ridiculously easy to crack. (Don't worry, I owned all that software already! I was studying animation at the time.)

I didn't realize this until later, but I got a skill out of reversing that's actually pretty useful as a software engineer. Granted, I work with JavaScript, but reversing actually taught me how to persevere with debugging. I've been able to fix some bugs that other people couldn't in a reasonable timeframe because I treated the problem like I would when reversing a program; it can be more expedient to perform a process of elimination by disabling or inverting parts of the code, observing what happens, keeping detailed notes on observed behavior, and lead yourself down to the key change you need to make. A lot of people debug problems by trying to look at the code and reason about it while setting breakpoints, but there can be a lot of mental overhead in doing this. When the problem is mysterious, I find that a process of elimination through experimentation can be more effective.

This actually happened recently, where we essentially had an infinite feedback look happening that was obfuscated by a lot of framework code. It's possible that the root cause could have been identified by debugging, but a few people tried to do so but couldn't figure it out. This is because setting a breakpoint somewhere in the process chain didn't reveal anything obvious, and you'd be lucky to actually spot the problem in the application code just by looking at it. I treated the problem like reverse engineering, and did exactly what I described above. It took me a few hours, but I did succeed in narrowing down exactly where in the code things were going wrong.

Sure, someone could have stepped through the app and framework code enough times that they might have figured it out. Perhaps there are also more advanced debugging techniques that none of us were aware of that would have helped. But the mindset of a reverser definitely works.

wdb(10000) 4 days ago [-]

Yes, I have used it at my previous job (recently got fired) and it was really helpful. Of course, you need physical access to the application to make this work, e.g. it's much harder to do for some oddly behaving REST Api.

trangon(10000) 5 days ago [-]

Someone correct me if I'm wrong but it sounds like you just described "fault injection" or "mutation analysis."

melvinroest(4324) 6 days ago [-]

Hmm, I've been itching to dive into some security thing again (I'm getting into the habit to dedicate 1 to 2 months per year for it, this would be year 4). This person's effort seems so awesome and genuine that I'm up for helping out.

Though, I don't want to study it completely by myself, it gets a bit lonely and there's no accountability. Does anyone want to set up a study group with me?

My background: I know how to reverse Linux binaries, albeit I'm a bit rusty. I followed a course called binary and malware analysis at the Vrije Universiteit Amsterdam, and two other related security courses (shout out to Herbert Bos and his team for giving such an awesome course).

My email is in my profile.

melvinroest(4324) 5 days ago [-]

I received a couple of emails. This is gonna be fun! :D

z3phyr(2095) 5 days ago [-]

I do not have a security background but I would love to study with you!

SilasX(4196) 5 days ago [-]

Same here, I've been doing RE challenges (most recently, microcorruption.com).

xenocratus(3856) 6 days ago [-]

Would love to have someone to study with - I'm currently going through Reverse Engineering 4 Beginners by Dennis Yurichev but will happily try this one out too.

Will email you later.

jgtrosh(10000) 5 days ago [-]

> If 0x12345678 was loaded into a 64 bit register such as RAX, then RAX refers to 0x12345678, EAX refers to 0x5678, AX refers to 0x78, AH refers to 0x7, AL refers to 0x8.

I made a PR to correct this example which equated single hexadecimal digits with whole bytes.

Other than that what I read of the course is rather nice, targeted at a mostly beginner audience with some correct insight.

There also some weird insight:

> You can think of computers as trains, they don't stop and only go in a very specific and direct path as designated by the tracks. If there's a child on the tracks it's up to the people controlling the track to divert the train. This is why Windows gives you the Blue Screen of Death (BSOD) when there is a kernel error. If the OS doesn't stop that error, catastrophic damage could occur.

This isn't really wrong, it's just a non-obvious metaphor formulated strangely in my opinion. A BSOD would be more akin to the fully automated train just blowing up in sight of the children or something? It's weird.

na85(3995) 5 days ago [-]

I think the author is referring to catastrophic damage in the sense of file/data corruption and loss. In that light a BSOD makes sense as a way to 'stop the error' since it halts execution rather than silently continue. I agree that it's strange, though.

mrsaint(3494) 5 days ago [-]

Does anyone remember SoftIce here? 🧓

dointheatl(10000) 5 days ago [-]

I do! I remember my first project with it was cracking WinRAR to stop it from showing the nag screen.

rollulus(3936) 5 days ago [-]

This title made me feel nostalgic, and search for +ORC [1] and +Fravia [2].

[1]: https://en.m.wikipedia.org/wiki/Old_Red_Cracker [2]: https://en.m.wikipedia.org/wiki/Fravia

codegladiator(10000) 5 days ago [-]

I always feel bad software like SoftIce will never be a thing again. Felt so much power using it.

busterarm(10000) 5 days ago [-]

Really wish +HCU were still around today.

heavyset_go(4315) 5 days ago [-]

Anyone have links to similar resources, but for Linux instead of Windows?

xorpd(4225) 4 days ago [-]

Self plug: https://www.reversinghero.com Learn reverse engineering by solving 15 challenges.

undershirt(3162) 5 days ago [-]

I used to dabble in Cheat Engine, Tsearch, and IDA Pro, for reversing games. Recently, a nice guy randomly showed me a demo of a modern tool called radare[1]. I was floored by the IDA-like flow-diagrams that it spit out in the terminal[2], and the short commands for navigating/bookmarking/documenting. Nice to see hobbyists don't need to buy IDA anymore!

[1]:https://www.radare.org/r/

[2]:https://www.radare.org/r/img/r2cg.png

ajphdiv(10000) 5 days ago [-]

There is also a GUI called Cutter that is powerd by radare2.

https://cutter.re

jki275(10000) 5 days ago [-]

Dude, look at Ghidra. The reverse engineering world has massively changed in the last year.

Radare is great and I use it as well, but Ghidra brings a whole lot of new capability and its straight up free.

mamouri(10000) 6 days ago [-]

This is excellent. Does anyone know a similar resource for Mac or Linux?

pabs3(2672) 6 days ago [-]

I haven't compared them, but another reverse engineering resource:

https://beginners.re/

lynxjerm(10000) 5 days ago [-]

RPISEC RE/VR courses (a little scattered due to the passage of time):

Secure Software Principles - CSCI 4971, Spring 2010:

http://www.cs.rpi.edu/academics/courses/spring10/csci4971/

Malware Analysis - CSCI 4972/6963, Spring 2013:

http://security.cs.rpi.edu/courses/malware-spring2013/

Advanced Exploitation and Rootkit Development, Spring 2013:

http://security.cs.rpi.edu/~candej2/

Program Obfuscation, Fall 2013:

http://security.cs.rpi.edu/courses/obfuscation-fall2013/syll...

Windows Exploitation, Spring 2014:

http://security.cs.rpi.edu/~gaasem/winexp/IndependentStudy.p...

http://gaasedelen.blogspot.com/2014/02/windows-exploitation-...

Modern Binary Exploitation - CSCI 4968, Spring 2015:

https://github.com/RPISEC/MBE

Malware Analysis - CSCI 4976, Fall 2015:

https://github.com/RPISEC/Malware

lynxjerm(10000) 5 days ago [-]

Forgot this one:

Hardware Reverse Engineering - CSCI 4974, Spring 2014:

http://security.cs.rpi.edu/courses/hwre-spring2014/

And put the full list on Github:

https://github.com/JeremyBlackthorne/RPISEC-Courses

ifoundthetao(10000) 5 days ago [-]

This is great! Do you have other related curated lists that you're willing to share?

d2ci8xc5(10000) 5 days ago [-]

I also find the lectures on here helpful http://opensecuritytraining.info/

userbinator(703) 5 days ago [-]

It seems the majority of RE-related stuff these days focuses on malware but the skills are very useful for other things, particularly debugging in general. I didn't specifically learn RE, but since I started long ago with Asm, I guess it came naturally. You can tell the author of this one probably comes from an HLL background because of the '0x' prefixes; those with an Asm background are more likely to use a 'h' suffix instead.

For Windows debuggers I recommend Windbg, which is free and comes from Microsoft. Using VS for Asm-level debugging is only mildly better than using gdb for it --- i.e. very awkward and not what they were designed for.

xvilka(2123) 5 days ago [-]

For Windows I would rather recommend OllyDbg spiritual successor - x32dbg/x64dbg[1]. It is open source and easily scriptable and extendable.

[1] https://x64dbg.com/





Historical Discussions: BlackRock's decision to dump coal signals what's next (January 16, 2020: 625 points)

(627) BlackRock's decision to dump coal signals what's next

627 points 5 days ago by evolve2k in 1606th position

theconversation.com | Estimated reading time – 5 minutes | comments | anchor

The announcement by BlackRock, the world's largest fund manager, that it will dump more than half a billion dollars in thermal coal shares from all of its actively managed portfolios, might not seem like big news.

Announcements of this kind have come out steadily over the past couple of years.

Virtually all the major Australian and European banks and insurers, and many other global institutions, have already announced such policies.

According to the Unfriend Coal Campaign, insurance companies have stopped covering roughly US$8.9 trillion of coal investments – more than one-third (37%) of the coal industry's global assets, and stopped offering reinsurance to 46% of them.

Blackrock matters because it is big

The announcement matters, in part because of Blackrock's sheer size.

It is the world's largest investor, with a total of $US7 trillion in funds under its control. Its announcement it will "put climate change at the center of its investment strategy" raises questions about the soundness of smaller financial institutions that remain committed to coal and to a carbon-based economy.

Exract from BlackRock's letter to clients, January 14, 2020

Blackrock is also important because its primary business is index funds, that are meant to replicate entire markets.

So far these funds are not affected by the divestment policy. BlackRock's iShares United States S&P 500 Index fund, for instance, has nearly US$23 billion in assets, including as much as US$1 billion in energy investments.

But the contradiction between the company's new activist stance and the passive replication of an energy-heavy index such as Australia's is obvious. The pressure to find a solution will grow.

In time, the entire share market will be affected

One solution might be for large mining companies such as BHP to dump their coal assets in order to remain part of both Blackrock's actively managed (stock picking) and passively managed (all stocks) portfolios.

Another might be the development of index funds from which firms reliant on fossil fuels are excluded. It is even possible that the compilers of stock market indexes will themselves exclude these firms.

The announcement has big implications for the Australian government.


Read more: Fossil fuel campaigners win support from unexpected places


Blackrock chief executive Laurence Fink noted that climate change has become the top issue raised by clients. He said it would soon affect all all investments – everything from municipal bonds to mortgages for homes.

Once investors start assessing government bonds in terms of climate change, Australia's government will be in serious trouble.

Australia's AAA rating will be at risk

The bushfire catastrophe and the government's inadequate response have shown the world Australia is both among the countries most exposed to climate catastrophe and one of the worst in terms of contributions to solutions.

Once bond investors follow the lead of Blackrock and other financial institutions, divestment of Australian government bonds will follow.

This process has already started, with the decision of Sweden's central bank to unload its holdings of Australian government bonds.

Taken in isolation, Sweden's move had virtually no effect on Australia's bond prices and yields. But the most striking feature of the divestment movement so far is the speed with which it has grown from symbolic gestures to a severe constraint on funding for the firms it touches.


Read more: Climate change: why Sweden's central bank dumped Australian bonds


The fact that the Adani corporation was unable to find a single bank willing to fund its Carmichael mine is an indication of the pressure that will come to bear.

The effects might be felt before large-scale divestment takes place. Ratings agencies such as Moody's and Standard and Poors are supposed to anticipate risks to bondholders before they materialise.

It'll make inaction expensive

Once there is a serious threat of large-scale divestment in Australian bonds, the agencies will be obliged to take this into account in setting Ausralia's credit rating. The much-prized AAA rating is likely to be an early casualty.

That would mean higher interest rates for Australian government bonds which would flow through the entire economy, including the home mortgage rates mentioned in the Blackrock statement.

The government's case for doing nothing about climate change (other than cashing in on past efforts) has been premised on the "economy-wrecking" costs of serious action.

But as investments associated with coal are increasingly seen as toxic, we run an increasing risk that inaction will cause greater damage.




All Comments: [-] | anchor

andrewgleave(4319) 5 days ago [-]

A great article posted in May 2019 by Saul Griffith from Otherlab/Makani/Instructables on decarbonisation[1] and another posted yesterday suggesting the idea of a 'climate loan'[2]:

'The future can't be built on lay-away; we need a loan. America's strength for much of the 20th century was inventing new financing models and exporting those banking skills to the world. We need to put that to work once again, this time for climate change. The key insight here is to extend infrastructure financing closer to the home where the infrastructure of the 21st century will sit.'

[1] https://medium.com/otherlab-news/how-do-we-decarbonize-7fc2f... [2] https://medium.com/otherlab-news/solving-climate-change-with...

t0mas88(4138) 5 days ago [-]

The big handicap in this for the US is a president that doesn't believe climate change exists at all. Will be interesting to see weather it will mean the US misses the boat on the next big economic development and if so who will jump into that void as a new world power. So far China doesn't look very interested in climate change either and Europe is very divided.

ericdykstra(3753) 5 days ago [-]

Mass extraction and consumption of oil and coal will happen until these resources are too sparse to warrant building new plants or maintaining existing ones.

I don't really see any future where this doesn't happen. If you remove coal subsidies, or tax them, then some of the energy production currently handled by coal will change to oil, but once the oil becomes expensive enough to extract, coal mines will open back up again.

This just seems inevitable to me. Is there an angle I'm missing?

jes5199(4272) 5 days ago [-]

the cost of solar panels, wind turbines, and battery storage continue to drop. They are already undercutting coal in about half of the world. They'll depress the prices of fossil fuels until it's no longer possible to turn a profit on them at all.

hughpeters(10000) 5 days ago [-]

BlackRock is dumping coal because coal is a dying business. The climate change point is just a convenient PR booster. If coal was still generating lots of free cash flow we wouldn't see this.

With that being said, it's nice to see that the coal industry is losing its economic strength. Hopefully other environmentally unfriendly industries follow suit soon.

omani(10000) 5 days ago [-]

the only comment that makes sense.

the whole comment section shows how much HN knows about markets and economics. pretty much nothing.

a company wants to dump its position and people think they do it because of the environment.

much hopium.

gzu(10000) 5 days ago [-]

Yet China continues to expand use of coal power and mining their vast reserves in the western part of the country.

ISL(1688) 5 days ago [-]

Leadership by example is one of the strongest ways to lead.

Brakenshire(4152) 5 days ago [-]

Nope, China's coal consumption peaked in 2013.

mwfunk(10000) 5 days ago [-]

I don't know if that comparison was intended to make China look bad, but that comment makes China look bad.

revscat(3748) 5 days ago [-]

India is similarly expanding their use of coal.

JohnJamesRambo(4206) 5 days ago [-]

https://en.wikipedia.org/wiki/Negative_feedback

Hopefully this loop is starting.

kjhughes(291) 5 days ago [-]

Did you really mean to reference the sort of negative feedback used productively in engineering to maintain balance in control systems, op amps, etc?

That concept is quite different from negative feedback related to expressions of disapproval.

supernova87a(10000) 5 days ago [-]

There are tons of economic analyses that show that these kinds of boycotts or divestment efforts (usually driven by naive university students) rarely cause any noticeable change in policies or operations at the targeted companies.

What is usually happening is that other technological or consumer behavior is already leading to the decrease in business of some industry, and the divestment push happens simultaneously (because of people's awareness) and is merely a symptom of their final decline.

Take South Africa in the 80s, or the ridiculous grape boycott of the 90s, etc. None of those symbolic acts led to actual changes happening -- those were all consumer or political changes already in flight.

People create much more effect by voting with their dollars than by symbolically calling for divestment. It usually turns out that there is someone willing to take your place as a buyer when you choose to divest. It's only through fundamental change in demand or supply that a business is affected. Stop believing in the effectiveness of the feel-good boycotts. Even Blackrock won't make a difference.

dpflan(271) 5 days ago [-]

Yes, well said. Government enforced constraints can foster economic culture shifts too.

HoraceSchemer(10000) 5 days ago [-]

To build on this, I found this New Yorker article interesting in explaining the underlying mechanism of why divestment is arguably not as useful unless certain other conditions are met: https://www.newyorker.com/business/currency/does-divestment-...

gersh(4304) 5 days ago [-]

This isn't simply a divestment campaign. This is one of the largest shareholder telling the companies to change their practices. There was a business group that played a major role in negotiating the end of apartheid in South Africa (see https://law.yale.edu/sites/default/files/area/center/private...).

samsonradu(3060) 5 days ago [-]

Highly recommended, Matt Levine's take on it: https://www.bloomberg.com/opinion/articles/2020-01-14/blackr...

ur-whale(4154) 5 days ago [-]

paywalled

smabie(10000) 5 days ago [-]

I don't think I've ever read a Levine article and not been impressed. The man's a national treasure! Also, you can get his articles sent to your inbox to bypass the paywalls.

clSTophEjUdRanu(4332) 5 days ago [-]

It's alarming that a company I've never heard of has 7 trillion dollars.

agumonkey(880) 5 days ago [-]

it's been covered in a few documentaries (at least in Europe) but yeah it's still quite a low profile considering it's weight

dv_dt(4222) 5 days ago [-]

If you follow the financial industry, you would have heard of Blackrock sooner or later.

MintDice(10000) 5 days ago [-]

I've been saying for some time that it is best if these types of dollars can be put to use in a more transparent sense, typically with blockchain or other technologies that open things up so they are more transparent. $7T is a lot, of course it isn't as if they own it, it's more what they are arranging for. https://mintdice.com/blog/institutional-money-to-drive-a-sec... Any of these types of mechanisms can help drive things forward.

the_watcher(4107) 5 days ago [-]

They manage $7T, they don't 'have' it in the sense that you have money in your bank account.

dmoy(10000) 5 days ago [-]

Blackrock is one of the biggest group of funds. Some of them are branded as iShares.

If you've done any comparison shopping on index funds for investments, you almost certainly ran across blackrock funds even if you didn't know it.

coenhyde(3939) 5 days ago [-]

Australia needs to exit the export coal business. We should go dig some other rocks up out of the ground, we have a lot of them...

We are responsible for 37% of global coal exports. That's massive. If we halt coal exports it would put a squeeze on the coal supply and that raise prices; probably significantly. Coal power plants are already on thin margins. If cost of coal increased for a sustained period (a few years) coal would be considered unviable as a fuel source. We should see a lot of the plants close down.

Australia always talks about its self as being insignificant and anything we could do to help prevent climate change would have no measurable impact. This incorrect relatively and absolutely, we are one of the largest per capita emitters. But we are also the third largest exporter of fossil fuels.

This is Australia's opportunity to actually do something significant to help address climate change.

[1] http://www.worldstopexports.com/coal-exports-country/

[2] https://www.abc.net.au/news/science/2019-08-19/australia-co2...

grecy(2267) 5 days ago [-]

I personally agree with you 100%, but of course the economy is more important that addressing climate change.

It's so blatantly obvious the current political leadership in Australia is in bed with the coal industry, but like all the other democracies that have been bought by mega corps - what are you going to do?

samstave(3892) 5 days ago [-]

This is a really cool mining-cost-model site:

https://costs.infomine.com/costdatacenter/miningcostmodel.as...

azinman2(4215) 5 days ago [-]

'In 2014–15 mineral extraction in Australia was valued at 212 billion Australian dollars. Of this, Coal represented 45,869 million, oil and natural gas 40,369 million, Iron ore 69,486 million, Gold ore 13,685 million, and other metals 7,903 million.' [1]

45B is still a lot of money to remove from the economy. It's less than I would have predicted (mining is only 5.8% of economy), but it's still a non-trivial amount. And 45B gets you a lot of lobbyists.

[1] https://en.wikipedia.org/wiki/Economy_of_Australia

loufe(10000) 4 days ago [-]

It is important to keep in mind the two categories of coal in terms of their final use. Most people think coal is only thermal coal, which is predominantly used in power plants to generate energy. A non-negligible 20% of Australian coal is the other sort, metallurgical. This type is used predominantly in steel production (think carbon in steel) and is, at the present, very unlikely to be replaced for a long time. Roughly half of coal produced in Canada is metallurgical, for instance, and that production is unlikely to end unless steel production does.

rb808(3102) 5 days ago [-]

Sure but it has a huge financial impact. Its the second largest source of export earnings and the main source of electric power. The Australian economy has been hugely successful thanks due to coal, there is no way voters will take a big cut to their standard of living, especially with most of them overleveraged into property.

justincormack(1643) 5 days ago [-]

Which means Japan needs to exit the coal import business, they are the largest importer of Australian coal.

roenxi(10000) 5 days ago [-]

Australia produces ~6% of the worlds coal [0]. That is the only thing nature could care about; figures like % exports and per capita numbers are meaningless. 6% is a big enough slice of the pie for everyone to argue about. The 34% figure specifically is a bit meaningless because it is by value and there is big price (about x4?) difference between met coal (Queensland) vs. thermal coal (NSW). It doesn't make sense to try and compare Australian met coal exports to, say, Indonesian thermal.

Also as a counter argument, attempting to pressure China economically by choking their imports would probably end badly for us.

[0] https://en.wikipedia.org/wiki/List_of_countries_by_coal_prod...

tonyedgecombe(4099) 5 days ago [-]

Australia needs to take a more enlightened attitude to the environment at home first. Just as Norway still exports a lot of oil but has the largest density of electric vehicles.

h9n(10000) 5 days ago [-]

I've been wondering lately how and whether Australia could use its position as the biggest exporter to deliberately wreck the global thermal coal market, and consequently, coal usage.

I'm definitely not an economist, but would it be feasible, if coal production could be co-ordinated nationally, to manipulate the market through (I'm guessing) either or alternately dumping coal on it or suddenly cutting it off, possibly in an unpredictable manner? Does Australia have enough weight to make a difference? And would this have any effect greater than cutting off production entirely?

flukus(4154) 5 days ago [-]

Imagine what we could do with just a 1% export tariff and funneling that money into renewable energy sources. At 10% we could invest in renewable energy projects in other parts of the world.

pyuser583(10000) 5 days ago [-]

Coal prices are currently slumping. I'm sure all the coal companies would love it if Australia increase their revenue by driving up price.

If Australia was able to double the price of coal, it would be what it was back in 2011.

there_the_and(10000) 5 days ago [-]

It makes me proud of the Hacker News community that there have been so many climate change articles posted at an increasing rate. This is a very important issue, more important than technology since technology won't exist when the climate collapses and destroys civilization. We need to make a serious effort educating the public about climate change, so we need to work together to ensure that, at minimum, the top article on Hacker News is always a climate change story. It would be even better if we keep multiple climate change articles on the front page at all times.

Mirioron(10000) 5 days ago [-]

While I agree with you that it's nice that climate change related topics are discussed, this is hyperbole:

>more important than technology since technology won't exist when the climate collapses and destroys civilization.

The type of climate collapse you're talking about here would have to be something so extreme that most disaster movies would pale in comparison. The defining trait of our species is tool (technology) use. As long as there are humans around, our technology will matter. In fact, improvements in technology are likely our only way out of the mess of climate change.

I think that hyperbole about climate charge hurts the cause. Some people will believe you, but once they learn that you were wrong (or lying) they won't trust you or anyone else on the matter anymore.

crimsonalucard(10000) 5 days ago [-]

Seems biased. Isn't the purpose to choose something that is news worthy and interesting to the community?

I think we should let it come naturally.

foobazbar70(10000) 5 days ago [-]

Public doesn't visit HN, why should we bias HN? What's next?

guscost(3721) 5 days ago [-]

There should be a user option similar to "show dead": "show climate stuff". If it's enabled (make it the default if you want) then N stories get included on the front page (make N configurable if you want).

Then I can turn it off and go back to ignoring this stuff, along with maybe 30% of the people here.

hodder(3816) 5 days ago [-]

The decision whether or not to buy shares in the secondary market will make little difference to existing coal companies (who are largely cash flow positive and trade at near 25% earnings yields). Regulations are what matter. All that secondary investors can do is increase WACC via lowered demand for marginal primary debt/equity issuances. If you want to phase out coal, focus on government regulation instead of secondary investments.

It can (and often does) make sense to invest in industries in terminal decline as price paid for an asset's cash flow is the primary determinant if returns for the investor. You can buy coal stocks for 25%+ earnings yields. Even if those plants are phased out in 6 or 7 years, one can make solid returns.

Indeed I have invested in cigarette shares in the past while wishing the government would do more to stop smokers. The fact that I hold the equity doesn't change demand for cigarettes, and only in aggregate does the investor appetite effect WACC. Someone must always hold existing shares. For every buyer there is a seller and vice versa.

Lastly I should mention that metallurgical coal as opposed to thermal coal is a necessary "evil" to smelt steel.

I've used this recent hate for coal investments(and weakness in NG) to take positions at high earnings yields in ARCH and HCC.

flgb(4332) 5 days ago [-]

> Lastly I should mention that metallurgical coal as opposed to thermal coal is a necessary "evil" to smelt steel.

Hydrogen can be used to smelt steel, and hydrogen can be produced from renewable energy.

https://www.cleanenergywire.org/news/thyssenkrupp-tests-use-...

ogre_codes(10000) 5 days ago [-]

> It can (and often does) make sense to invest in industries in terminal decline as price paid for an asset's cash flow is the primary determinant if returns for the investor. You can buy coal stocks for 25%+ earnings yields. Even if those plants are phased out in 6 or 7 years, one can make solid returns.

For Blackrock, those 25% yields you talk about don't exist. If Blackrock were to retain a significant investment in those companies, share prices would be higher and yield lower.

What makes sense for a small investor often doesn't make sense for large corporate investors.

That said, investments like what you describe have their own risks. At this point it largely depends on contracts and how quickly alternative power sources can ramp up.

You are the second person to mention tobacco, and I think it's a poor comparison. People are literally addicted to tobacco which guarantees long term demand. Even if that demand is decreasing over time, it's predictable and not severe. Coal does not share those characteristics.

akira2501(10000) 5 days ago [-]

> Lastly I should mention that metallurgical coal as opposed to thermal coal is a necessary "evil" to smelt steel.

It's worth pointing out that only about 7% of coal is used for metallurgical purposes.

eigenvalue(4290) 5 days ago [-]

That's not strictly right. If the pool of potential buyers for these coal stock shares dries up, the price of the shares will be much lower than it otherwise would be. This makes in increasingly less attractive for these companies to raise capital for new mines or mine expansions. It even makes merging less attractive. It also makes recruiting and retaining skilled executives harder. All of this surely impacts these companies in the longer term (say 5-10 years from now)-- they are likely to be a lot smaller and to employ fewer people.

waffle_ss(390) 4 days ago [-]

BlackRock and Vanguard are supposed to be the places where people can put their money into low-overhead index funds that more or less track the market.

It's fine if they want to create new products that exclude certain types of businesses, to give investors more choices.

But what I don't like is them turning this gigantic pool of money into a spear to jab businesses with their pet political opinions. That's not the role investors entrust their money with them for - they're expected to be more of a passthrough type of management.

They've previously done this same thing with gun manufacturers and retailers, who are doing very well, so you can't make the argument some in this thread are making with fossil fuels being a dead end compared to an alternative (renewables).

So whose next on their woke chopping block? Monsanto for killing the bees? Boeing, Raytheon, et al for supporting the military? Facebook, Twitter, et al for the harmful effects of social media? All the software companies like GitHub that support ICE or the next distasteful federal agency? Like they did with guns, divestment in any company you don't like can be couched in deep concerns over 'risk.'

I think there's a great opportunity here for someone to start a fund that gets back to the basics of passive index funds, instead of chasing woke asspats like the activist board of BlackRock and Vanguard. I'd certainly move my money.

perl4ever(10000) 4 days ago [-]

You probably don't own any shares of an active fund from Blackrock or Vanguard. They're pretty obscure. So you can go back to sleep.

ogre_codes(10000) 5 days ago [-]

At this point, this is one of those policies which is both environmentally friendly and makes piles of economic sense. Even without clean energy subsidies, coal is rapidly becoming a bad investment. The cost of running existing coal plants has exceeded the cost of building new solar & wind power plants. Over the next few years, demand for coal is likely to implode.

As bankers and insurers start to internalize this idea, the number of people willing to continue investing, insuring, or financing coal operation is going to vanish and the industry will collapse completely.

[1] https://www.forbes.com/sites/energyinnovation/2018/12/03/plu...

bureaucrat(10000) 5 days ago [-]

Wow, seriously? Do you think people run coal power plants to generate profit? Profit doesn't matter. They run it for 24/7 stable energy.

>hurr durr coal is unprofitable we need to build solar & wind and close down coal plants

God, the press really overestimates peoples' ability to decode facts.

uoaei(3670) 5 days ago [-]

> this is one of those policies which is both environmentally friendly and makes piles of economic sense

To a broader point, this is how real change is enacted: make it matter to enough folks, usually by means of economic pressures. I.e., make bad things cost more than good things. Although obviously ham-fisted tariffs, etc. aren't very effective for a host of reasons. You gotta be more subtle than that.

khawkins(10000) 4 days ago [-]

> The cost of running existing coal plants has exceeded the cost of building new solar & wind power plants. Over the next few years, demand for coal is likely to implode.

That article cites a report written by climate change activists who want coal to be banned as fast as possible. If their fantasy were a reality, market forces would achieve their goals without intervention. Naturally, they're going to argue that government intervention is necessary to speed things along.

Federal reports suggest coal will decline slightly over the next several years, but won't disappear. Some forms of renewables are competitive with coal (onshore wind, hydro, geothermal), but they cannot be used everywhere. Solar and offshore wind are still not competitive with coal, nuclear, or natural gas.

[1] https://www.eia.gov/outlooks/aeo/pdf/aeo2019.pdf

[2] https://en.wikipedia.org/wiki/Cost_of_electricity_by_source#...

hodder(3816) 5 days ago [-]

Remember that price paid for an asset is the primary driver of returns for the investor. Even as coal implodes, one can make money as the near term cash flow on invested dollars is high enough to offset declines.

Smoking has been in decline for decades yet cigarette companies have been phenomenal investments.

ehnto(4321) 5 days ago [-]

That was my thought too. I wonder if they're just dressing up their findings in environmental speak for points. What other industries do they plan to drop in the name of the environment?

dv_dt(4222) 5 days ago [-]

Next they should do the same with natural gas. The data on the investments of nat gas fracking make it doubtful that it will pay back even the last round of capital investment.

https://www.desmogblog.com/2019/12/17/us-fracking-shale-wood...

proc0(10000) 5 days ago [-]

It's starting to look like 'alternative' energies might be more efficient in near future anyway, despite climate change. It seems intuitive (but don't know) that burning organic matter is not the most efficient way to extract energy from nature.

bureaucrat(10000) 5 days ago [-]

Efficiency is not the factor when considering energy source. People pay money for stable electricity, not cheap electricity.

>b...but we can store energy!

No we can't. Energy storage systems are catching fires like Australian wildfires and until it gets solved, no dice.

nostromo(3281) 5 days ago [-]

Matt Levine, as always, provides the most honest and direct commentary about this. Here's the start, but the whole piece is interesting, as pointed out by a reply.

https://www.bloomberg.com/opinion/articles/2020-01-14/blackr...

> Will BlackRock's decision to send a strongly worded letter about environmental sustainability reshape how corporate America does business? Well, I remember two years ago when Larry Fink sent a strongly worded letter about how companies needed to make society better, and that too was supposedly "likely to cause a firestorm in the corner offices of companies everywhere," and now, uh, same society really.

> Now BlackRock will send a strongly worded letter to CEOs about the environment. It will arrive on the desk of the CEO of, I don't know, giant state-owned oil company Saudi Aramco? A company where, according to Bloomberg data, BlackRock is the largest outside shareholder. A company that did a bond offering last year—after the Saudi government murdered and dismembered Jamal Khashoggi, after Fink sent that letter about making society better—in which BlackRock was also a big investor. "We wanted the Aramco bond to be much bigger," Fink said, way back in April, when his public-relations goal was to butter up Saudi Arabia. Now it is January, and his public-relations goal is to butter up environmentalists, so BlackRock "will make investment decisions with environmental sustainability as a core goal." Next time a big oil company is looking for money, presumably that will change again.

> I could keep being cynical about this all day.

woodandsteel(3614) 5 days ago [-]

No, these are two very different cases. The earlier one was about corporate social responsiblity, the new one is about investment profitability.

And if you are wondering if the BlackRock head is right, do a google search on 'fossil fuels stranded assets'

wtvanhest(3817) 5 days ago [-]

Disclaimer: I worked for BlackRock for about 3 years on an investment team (but its been a while and I don't have a dog in this fight)

BlackRock is a very simple business to understand. First, they only investment money on behalf of their clients and they take investment fees for making decisions on behalf of their clients (investing their money).

They break the business in to two parts:

Alpha: old school mutual funds, new school quant funds, real estate etc. Anything where managers get paid big bucks to make investment decisions on behalf of clients.

Beta: passive investment vehicles that blackrock tries to deliver for the lowest price with lowest tracking error (i.e. deliver as close to what the index returns as possible).

What BlackRock is doing here, is a VERY, VERY big deal. They are allowing clients to now pick passive investment strategies which exclude coal or other businesses that people find morally objectionable. What that means is that if you care about the environment you can move your money to these new passive investments. As more and more people do it, it will decrease demand for equity in those companies and increase their cost of capital.

On the active side, they already had that feature, and many of their clients already ask BlackRock to exclude investments from their active portfolios and were willing to accept less return. (BlackRock has offered that for a very long time).

I find very few things interesting that asset managers do, but I am going to look at all my passive investments and try to get them moved over. I bet passive funds without coal etc. will outperform while more and more people move money from vanilla S&P500 to S&P500 without coal.

Eventually those coal companies may fall out of indexes all together which will really increase their cost of capital.

Brilliant move by Fink, and I applaud it.

zamfi(4245) 5 days ago [-]

Your post quotes the cynical piece of Levine's editorial (literally his next three words are "but let's not", referring to "being cynical all day"), but it's worth reading in full for the more nuanced perspective. I found the last two paragraphs surprisingly enlightening:

> The right model of BlackRock is probably that it is mostly an aggregator of preferences, but it is also, at the margin, a shaper of preferences. It passively reflects what investors want generally, but it has some ability to push those investors to want different things. There are other things that BlackRock does—it votes the shares of stock that it owns on behalf of investors, it meets with managers to talk about their sustainability plans, it writes strongly worded letters to CEOs—but I suspect that they're mostly less important than the basic core function of taking $7 trillion from investors, channeling it where the investors want it to go, and slowly and subtly diverting those channels so that the money moves more in the direction that BlackRock wants it to go.

> This is an unavoidably uncomfortable role. If you want BlackRock to do more on climate change, you will be annoyed that it mostly offers broad passive products that buy all the stocks, including the ones you don't like. If you want BlackRock to do less on climate change, you will be annoyed that it is pushing its clients into sustainability-focused funds rather than neutrally giving them all the stocks, including the ones BlackRock doesn't like. Mostly it is an uncomfortably powerful role: BlackRock really is a general aggregator of preferences, so it speaks with the authority of its $7 trillion and its universal ownership, which means that its ability to shape those preferences matters.

wallace_f(1006) 5 days ago [-]

>Larry Fink sent a strongly worded letter about how companies needed to make society better

On the topic of executives needing to improve society, Fink here was important in the creation of the MBS market.

H8crilA(4335) 5 days ago [-]

This is really just Wall Street generating volatility. Coal isn't going anywhere in the next decade or two:

https://en.m.wikipedia.org/wiki/World_energy_consumption

I wish it died but it won't. Not yet.

ckdarby(4152) 5 days ago [-]

Thanks for the link, sadly the data isn't that up to date with everything happening :(.

Data is all the way back to 2015

iscrewyou(4314) 5 days ago [-]

Here's a comparison to the US energy consumption. For the sake of getting a full picture: https://en.wikipedia.org/wiki/Energy_in_the_United_States





Historical Discussions: An alternative argument for why women leave STEM (January 17, 2020: 614 points)
Is it just sexism? An alternative argument for why women leave STEM (January 16, 2020: 5 points)

(618) An alternative argument for why women leave STEM

618 points 4 days ago by nabla9 in 481st position

medium.com | Estimated reading time – 23 minutes | comments | anchor

Everyone knows that you're not supposed to start your argument with 'everyone knows,' but in this case, I think we ought to make an exception:

Everyone knows that STEM (Science, Technology, Engineering and Mathematics) has a problem retaining women (see, for example Jean, Payne, and Thompson 2015). We pour money into attracting girls and women to STEM fields. We pour money into recruiting women, training women, and addressing sexism, both overt and subconscious. In 2011, the United States spent nearly $3 billion tax dollars on STEM education, of which roughly one third was spent supporting and encouraging underrepresented groups to enter STEM (including women). And yet, women are still leaving at alarming rates.

Alarming? Isn't that a little, I don't know, alarmist? Well, let's look at some stats.

A recent report by the National Science Foundation (2011) found that women received 20.3% of the bachelor's degrees and 18.6% of the PhD degrees in physics in 2008. In chemistry, women earned 49.95% of the bachelor's degrees but only 36.1% of the doctoral degrees. By comparison, in biology women received 59.8% of the bachelor's degrees and 50.6% of the doctoral degrees. A recent article in Chemical and Engineering News showed a chart based on a survey of life sciences workers by Liftstream and MassBio demonstrating how women are vastly underrepresented in science leadership despite earning degrees at similar rates, which I've copied below. The story is the same in academia, as you can see on the second chart — from comparable or even larger number of women at the student level, we move towards a significantly larger proportion of men at the more and more advanced stages of an academic career.

Although 74% of women in STEM report "loving their work," half (56%, in fact) leave over the course of their career — largely at the "mid-level" point, when the loss of their talent is most costly as they have just completed training and begun to contribute maximally to the work force.

A study by Dr. Flaherty found that women who obtain faculty position in astronomy spent on average 1 year less than their male counterparts between completing their PhD and obtaining their position — but he concluded that this is because women leave the field at a rate 3 to 4 times greater than men, and in particular, if they do not obtain a faculty position quickly, will simply move to another career. So, women and men are hired at about the same rate during the early years of their post docs, but women stop applying to academic positions and drop out of the field as time goes on, pulling down the average time to hiring for women.

There are many more studies to this effect. At this point, the assertion that women leave STEM at an alarming rate after obtaining PhDs is nothing short of an established fact. In fact, it's actually a problem across all academic disciplines, as you can see in this matching chart showing the same phenomenon in humanities, social sciences, and education. The phenomenon has been affectionately dubbed the "leaky pipeline."

But hang on a second, maybe there just aren't enough women qualified for the top levels of STEM? Maybe it'll all get better in a few years if we just wait around doing nothing?

Nope, sorry. This study says that 41% of highly qualified STEM people are female. And also, it's clear from the previous charts and stats that a significantly larger number of women are getting PhDs than going on the be professors, in comparison to their male counterparts. Dr. Laurie Glimcher, when she started her professorship at Harvard University in the early 1980s, remembers seeing very few women in leadership positions. "I thought, 'Oh, this is really going to change dramatically,' " she says. But 30 years later, "it's not where I expected it to be." Her experiences are similar to those of other leading female faculty.

So what gives? Why are all the STEM women leaving?

It is widely believed that sexism is the leading problem. A quick google search of "sexism in STEM" will turn up a veritable cornucopia of articles to that effect. And indeed, around 60% of women report experiencing some form of sexism in the last year (Robnett 2016). So, that's clearly not good.

And yet, if you ask leading women researchers like Nobel Laureate in Physics 2018, Professor Donna Strickland, or Canada Research Chair in Advanced Functional Materials (Chemistry), Professor Eugenia Kumacheva, they say that sexism was not a barrier in their careers. Moreover, extensive research has shown that sexism has overall decreased since Professors Strickland and Kumacheva (for example) were starting their careers. Even more interestingly, Dr. Rachael Robnett showed that more mathematical fields such as Physics have a greater problem with sexism than less mathematical fields, such as Chemistry, a finding which rings true with the subjective experience of many women I know in Chemistry and Physics. However, as we saw above, women leave the field of Chemistry in greater proportions following their BSc than they leave Physics. On top of that, although 22% of women report experiencing sexual harassment at work, the proportion is the same among STEM and non-STEM careers, and yet women leave STEM careers at a much higher rate than non-STEM careers.

So, it seems that sexism can not fully explain why women with STEM PhDs are leaving STEM. At the point when women have earned a PhD, for the most part they have already survived the worst of the sexism. They've already proven themselves to be generally thick-skinned and, as anyone with a PhD can attest, very stubborn in the face of overwhelming difficulties. Sexism is frustrating, and it can limit advancement, but it doesn't fully explain why we have so many women obtaining PhDs in STEM, and then leaving. In fact, at least in the U of T chemistry department, faculty hires are directly proportional to the applicant pool —although the exact number of applicants are not made public, from public information we can see that approximately one in four interview invitees are women, and approximately one in four hires are women. Our hiring committees have received bias training, and it seems that it has been largely successful. That's not to say that we're done, but it's time to start looking elsewhere to explain why there are so few women sticking around.

So why don't more women apply?

Well, one truly brilliant researcher had the groundbreaking idea of asking women why they left the field. When you ask women why they left, the number one reason they cite is balancing work/life responsibilities — which as far as I can tell is a euphemism for family concerns.

The research is in on this. Women who stay in academia expect to marry later, and delay or completely forego having children, and if they do have children, plan to have fewer than their non-STEM counterparts (Sassler et al 2016, Owens 2012). Men in STEM have no such difference compared to their non-STEM counterparts; they marry and have children about the same ages and rates as their non-STEM counterparts (Sassler et al 2016). Women leave STEM in droves in their early to mid thirties (Funk and Parker 2018) — the time when women's fertility begins to decrease, and risks of childbirth complications begin to skyrocket for both mother and child. Men don't see an effect on their fertility until their mid forties. Of the 56% of women who leave STEM, 50% wind up self-employed or using their training in a not for profit or government, 30% leave to a non-STEM more 'family friendly' career, and 20% leave to be stay-at-home moms (Ashcraft and Blithe 2002). Meanwhile, institutions with better childcare and maternity leave policies have twice(!) the number of female faculty in STEM (Troeger 2018). In analogy to the affectionately named "leaky pipeline," the challenge of balancing motherhood and career has been titled the "maternal wall."

To understand the so-called maternal wall better, let's take a quick look at the sketch of a typical academic career.

For the sake of this exercise, let's all pretend to be me. I'm a talented 25 year old PhD candidate studying Physical Chemistry — I use laser spectroscopy to try to understand atypical energy transfer processes in innovative materials that I hope will one day be used to make vastly more efficient solar panels. I got my BSc in Chemistry and Mathematics at the age of 22, and have published 4 scientific papers in two different fields already (Astrophysics and Environmental Chemistry). I've got a big scholarship, and a lot of people supporting me to give me the best shot at an academic career — a career I dearly want. But, I also want a family — maybe two or three kids. Here's what I can expect if I pursue an academic career:

With any luck, 2–3 years from now I'll graduate with a PhD, at the age of 27. Academics are expected to travel a lot, and to move a lot, especially in their 20s and early 30s — all of the key childbearing years. I'm planning to go on exchange next year, and then the year after that I'll need to work hard to wrap up research, write a thesis, and travel to several conferences to showcase my work. After I finish my PhD, I'll need to undertake one or two post doctoral fellowships, lasting one or two years each, probably in completely different places. During that time, I'll start to apply for professorships. In order to do this, I'll travel around to conferences to advertise my work and to meet important leaders in my field, and then, if I am invited for interviews, I'll travel around to different universities for two or three days at a time to undertake these interviews. This usually occurs in a person's early 30s — our helpful astronomy guy, Dr. Flaherty, found the average time to hiring was 5 years, so let's say I'm 32 at this point. If offered a position, I'll spend the next year or two renovating and building a lab, buying equipment, recruiting talented graduate students, and designing and teaching courses. People work really, really hard during this time and have essentially no leisure time. Now I'm 34. Within usually 5 years I'll need to apply for tenure. This means that by the time I'm 36, I'll need to be making significant contributions in my field, and then in the final year before applying for tenure, I will once more need to travel to many conferences to promote my work, in order to secure tenure — if I fail to do so, my position at the university would probably be terminated. Although many universities offer a "tenure extension" in cases where an assistant professor has had a child, this does not solve all of the problems. Taking a year off during that critical 5 or 6 year period often means that the research "goes bad" — students flounder, projects that were promising get "scooped" by competitors at other institutions, and sometimes, in biology and chemistry especially, experiments literally go bad. You wind up needing to rebuild much more than just a year's worth of effort.

At no point during this time do I appear stable enough, career-wise, to take even six months off to be pregnant and care for a newborn. Hypothetical future-me is travelling around, or even moving, conducting and promoting my own independent research and training students. As you're likely aware, very pregnant people and newborns don't travel well. And academia has a very individualistic and meritocratic culture. Starting at the graduate level, huge emphasis is based on independent research, and independent contributions, rather than valuing team efforts. This feature of academia is both a blessing and a curse. The individualistic culture means that people have the independence and the freedom to pursue whatever research interests them — in fact this is the main draw for me personally. But it also means that there is often no one to fall back on when you need extra support, and because of biological constraints, this winds up impacting women more than men.

At this point, I need to make sure that you're aware of some basics of female reproductive biology. According to Wikipedia, the unquestionable source of all reliable knowledge, at age 25, my risk of conceiving a baby with chromosomal abnormalities (including Down's Syndrome) is 1 in about 1400. By 35, that risk more than quadruples to 1 in 340. At 30, I have a 75% chance of a successful birth in one year, but by 35 it has dropped to 66%, and by 40 it's down to 44%. Meanwhile, 87 to 94% of women report at least 1 health problem immediately after birth, and 1.5% of mothers have a severe health problem, while 31% have long-term persistent health problems as a result of pregnancy (defined as lasting more than six months after delivery). Furthermore, mothers over the age of 35 are at higher risk for pregnancy complications like preterm delivery, hypertension, superimposed preeclampsia, severe preeclampsia (Cavazos-Rehg et al 2016). Because of factors like these, pregnancies in women over 35 are known as "geriatric pregnancies" due to the drastically increased risk of complications. This tight timeline for births is often called the "biological clock" — if women want a family, they basically need to start before 35. Now, that's not to say it's impossible to have a child later on, and in fact some studies show that it has positive impacts on the child's mental health. But it is riskier.

So, women with a PhD in STEM know that they have the capability to make interesting contributions to STEM, and to make plenty of money doing it. They usually marry someone who also has or expects to make a high salary as well. But this isn't the only consideration. Such highly educated women are usually aware of the biological clock and the risks associated with pregnancy, and are confident in their understanding of statistical risks.

The Irish say, "The common challenge facing young women is achieving a satisfactory work-life balance, especially when children are small. From a career perspective, this period of parenthood (which after all is relatively short compared to an entire working life) tends to coincide exactly with the critical point at which an individual's career may or may not take off. [...] All the evidence shows that it is at this point that women either drop out of the workforce altogether, switch to part-time working or move to more family-friendly jobs, which may be less demanding and which do not always utilise their full skillset."

And in the Netherlands, "The research project in Tilburg also showed that women academics have more often no children or fewer children than women outside academia." Meanwhile in Italy "On a personal level, the data show that for a significant number of women there is a trade-off between family and work: a large share of female economists in Italy do not live with a partner and do not have children"

Most jobs available to women with STEM PhDs offer greater stability and a larger salary earlier in the career. Moreover, most non-academic careers have less emphasis on independent research, meaning that employees usually work within the scope of a larger team, and so if a person has to take some time off, there are others who can help cover their workload. By and large, women leave to go to a career where they will be stable, well funded, and well supported, even if it doesn't fulfill their passion for STEM — or they leave to be stay-at-home moms or self-employed.

I would presume that if we made academia a more feasible place for a woman with a family to work, we could keep almost all of those 20% of leavers who leave to just stay at home, almost all of the 30% who leave to self-employment, and all of those 30% who leave to more family friendly careers (after all, if academia were made to be as family friendly as other careers, there would be no incentive to leave). Of course, there is nothing wrong with being a stay at home parent — it's an admirable choice and contributes greatly to our society. One estimate valued the equivalent salary benefit of stay-at-home parenthood at about $160,000/year. Moreover, children with a stay-at-home parent show long term benefits such as better school performance — something that most academic women would want for their children. But a lot of people only choose it out of necessity — about half of stay-at-home moms would prefer to be working (Ciciolla, Curlee, & Luthar 2017). When the reality is that your salary is barely more than the cost of daycare, then a lot of people wind up giving up and staying home with their kids rather than paying for daycare. In a heterosexual couple it will usually be the woman that winds up staying home since she is the one who needs to do things like breast feed anyways. And so we lose these women from the workforce.

And yet, somehow, during this informal research adventure of mine, most scholars and policy makers seem to be advising that we try to encourage young girls to be interested in STEM, and to address sexism in the workplace, with the implication that this will fix the high attrition rate in STEM women. But from what I've found, the stats don't back up sexism as the main reason women leave. There is sexism, and that is a problem, and women do leave STEM because of it — but it's a problem that we're already dealing with pretty successfully, and it's not why the majority of women who have already obtained STEM PhDs opt to leave the field. The whole family planning thing is huge and for some reason, almost totally swept under the rug — mostly because we're too shy to talk about it, I think.

In fact, I think that the plethora of articles suggesting that the problem is sexism actually contribute to our unwillingness to talk about the family planning problem, because it reinforces the perception that that men in power will not hire a woman for fear that she'll get pregnant and take time off. Why would anyone talk about how they want to have a family when they keep hearing that even the mere suggestion of such a thing will limit their chances of being hired? I personally know women who have avoided bringing up the topic with colleagues or supervisors for fear of professional repercussions. So we spend all this time and energy talking about how sexism is really bad, and very little time trying to address the family planning challenge, because, I guess, as the stats show, if women are serious enough about science then they just give up on the family (except for the really, really exceptional ones who can handle the stresses of both simultaneously).

To be very clear, I'm not saying that sexism is not a problem. What I am saying is that, thanks to the sustained efforts of a large number of people over a long period of time, we've reduced the sexism problem to the point where, at least at the graduate level, it is no longer the largest major barrier to women's advancement in STEM. Hurray! That does not mean that we should stop paying attention to the issue of sexism, but does mean that it's time to start paying more attention to other issues, like how to properly support women who want to raise a family while also maintaining a career in STEM.

So what can we do to better support STEM women who want families?

A couple of solutions have been tentatively tested. From a study mentioned above, it's clear that providing free and conveniently located childcare makes a colossal difference to women's choices of whether or not to stay in STEM, alongside extended and paid maternity leave. Another popular and successful strategy was implemented by a leading woman in STEM, Laurie Glimcher, a past Harvard Professor in Immunology and now CEO of Dana-Farber Cancer Institute. While working at NIH, Dr. Glimcher designed a program to provide primary caregivers (usually women) with an assistant or lab technician to help manage their laboratories while they cared for children. Now, at Dana-Farber Cancer Institute, she has created a similar program to pay for a technician or postdoctoral researcher for assistant professors. In the academic setting, Dr. Glimcher's strategies are key for helping to alleviate the challenges associated with the individualistic culture of academia without compromising women's research and leadership potential.

For me personally, I'm in the ideal situation for an academic woman. I graduated my BSc with high honours in four years, and with many awards. I've already had success in research and have published several peer reviewed papers. I've faced some mild sexism from peers and a couple of TAs, but nothing that's seriously held me back. My supervisors have all been extremely supportive and feminist, and all of the people that I work with on a daily basis are equally wonderful. Despite all of this support, I'm looking at the timelines of an academic career, and the time constraints of female reproduction, and honestly, I don't see how I can feasible expect to stay in academia and have the family life I want. And since I'm in the privileged position of being surrounded by supportive and feminist colleagues, I can say it: I'm considering leaving academia, if something doesn't change, because even though I love it, I don't see how it can fit in to my family plans.

But wait! All of these interventions are really expensive. Money doesn't just grow on trees, you know!

It doesn't in general, but in this case it kind of does — well, actually, we already grew it. We spend billions of dollars training women in STEM. By not making full use of their skills, if we look at only the american economy, we are wasting about $1.5 billion USD per year in economic benefits they would have produced if they stayed in STEM. So here's a business proposal: let's spend half of that on better family support and scientific assistants for primary caregivers, and keep the other half in profit. Heck, let's spend 99% — $1.485 billion (in the states alone) on better support. That should put a dent in the support bill, and I'd sure pick up $15 million if I saw it lying around. Wouldn't you?

By demonstrating that we will support women in STEM who choose to have a family, we will encourage more women with PhDs to apply for the academic positions that they are eminently qualified for. Our institutions will benefit from the wider applicant pool, and our whole society will benefit from having the skills of these highly trained and intelligent women put to use innovating new solutions to our modern day challenges.




All Comments: [-] | anchor

proc0(10000) 4 days ago [-]

Why do we care that there are equal women and men again? Why does representation actually matter again? I would find it more exciting to see a field with no representation because I could make a greater impact! This whole ideology of having representation everywhere is very dumb and conformist.

the_gipsy(10000) 4 days ago [-]

Because women have a right to the same opportunities as the other 50% of the population.

Nouser76(10000) 4 days ago [-]

Because diverse opinions lead to better end products. Having homogenized groups of people means you're leaving some viewpoints out, and those viewpoints have sometimes been extremely helpful for me as a software developer.

adjkant(4315) 4 days ago [-]

Birth control research would love to have a talk with you.

jacobwilliamroy(4250) 4 days ago [-]

Because countries where women are dominated by men both legally and culturally, have higher rates of birth, crime, poverty, etc., than countries where women have a level of social mobility similar to men.

jariel(4333) 4 days ago [-]

'Equal opportunity' I think is a fairly non-controversial concept, much less so than 'equal outcomes'.

To the extent there are factors which systematically work against opportunity, there's both a moral issue, and a pragmatic issue (i.e. losing good talent) at play, before we get into the more controversial issues of representation and equality of outcomes.

mcguire(3278) 4 days ago [-]

proc0 has a point: the more people you filter out for irrelevant reasons, the more is left for the mediocre who can pass the filters.

e12e(2064) 4 days ago [-]

Maybe I'm missing something, but this seems to be typical sexism: there's work at work which is paid, and work at home which is not. Men do little enough of the latter, that doing the paid work isn't a problem. Women do such a large part of the former, that they feel the need to chose between which part get done.

Sure, the positive way to change this, is to reduce the unpaid work (child care professionals are paid, cleaners are paid etc) - that is, to acknowledge it as work that needs to be done, is productive, and should be part of what society rewards/share resources to get done.

But the equal rights / equal opportunity path indicates that we also need a (bigger) culture shift so that the unpaid work of running a home is more equally divided.

jfengel(10000) 4 days ago [-]

It's notable that in general, even when paid, 'women's work' is less valuable than men's work. The younger a student is, the more likely they are to be taught by a woman, and the less they are likely to make -- but is teaching a high schooler harder than teaching a first grader? Cleaning, child care, and nursing are all both female-coded and low-paying.

Women are often pushed towards professions involving some kind of care -- and it's expected that they'll want it because they have an emotional attachment rather than for money. Being a homemaker is the limit case: absolute attachment and zero pay.

I wonder what would happen if we simply made the purely numerical correction of counting homemaking in GDP. Would we value it more? Would it make it more attractive to men? Would we develop better infrastructure?

Terretta(1663) 4 days ago [-]

> this seems to be typical sexism: there's work at home which is paid, and work at home which is not

If it's not paid, how do those doing it live?

Tax documents call the salary worker + home maker combo "household income", which may be an appropriate way of thinking about the household getting paid and the household looking after the home.

This applies regardless of the genders of the happy couple, so I'm not sure it's 'sexism'.

proc0(10000) 4 days ago [-]

Running a home is boring and not as valuable as learning a STEM degree and helping out society move forward. We can easily imagine a distopia where everyone works and no one has a proper home, but we surely cannot do the opposite which is imagine a world where everybody has a nice home but no one knows how to build anything and there is no electricity or water pipes. STEM is hard and requires sacrifice to get to a point where you are taking on the responsibilities of civilization, and for women that equivalent is simply having a child.

pnako(10000) 4 days ago [-]

You are offering a solution to something that is not a problem, and you should probably question why you think that / where this ideology is coming from.

You need resources and work to care for your family. The fact that in some cases you are 'paid' (i.e. you have to trade labor) is completely irrelevant. Beaver families are not paid by anyone to care for their home and family.

You could, and can, completely trade out your labor such that you 'care' for your family by being a couple of lawyers completely outsourcing the work of raising your own kids to strangers. At which point I think you've failed as a civilized society. You're only acting as economic agents maximizing profit, and your country is not a country anymore, but an economy. I think America is already at this stage, and that's not a good thing.

40acres(3763) 4 days ago [-]

This seems like a really long argument just to end up at the main point being: 'It really is sexism'. The light bulb moment here is that it's not necessarily sexism on an individual level but on an institutional one.

I believe there is an obvious difference men and women which, on a general level, incites women to weigh family responsibilities over career prospects. However, industrialized nations exacerbate that difference by making it very difficult for women with children to spend the time necessary for career advancement.

The key here isn't necessarily throwing your hands up and saying there's nothing you can do about it, but more robust programs for parents to help lessen the load of parenthood.

commandlinefan(10000) 4 days ago [-]

> more robust programs

And by "more robust programs", you mean more related confiscatory taxation. Meaning that, again, men must surrender even more, and accept even less, to accommodate women.

balls187(4209) 4 days ago [-]

My note to the author, enjoy your career. If and when you feel ready to start a family, you will. And if it doesn't happen, you'll be okay too.

Maternal Age seems like a boogie man story to scare women.

Perhaps STEM women who are early career (24-28) would benefit from meeting mothers (both who are in STEM and not in STEM careers) who had children at age 35+.

> ...Women who stay in academia expect to marry later, and delay or completely forego having children, and if they do have children, plan to have fewer than their non-STEM counterparts (Sassler et al 2016, Owens 2012). Men in STEM have no such difference compared to their non-STEM counterparts

I would love to see the figures regarding the partners of STEM Women vs STEM Men. Is it due to the old sexist notion that women must 'marry up' so a woman with a successful career have partnered with someone who also has a successful career?

Having family shifts perspective. Perhaps some of these women no longer felt a strong desire to further their career, and family matters became more interesting?

As a father, I love my job, but I gladly set aside my career to raise my kids.

mschuster91(3390) 4 days ago [-]

> Maternal Age seems like a boogie man story to scare women

Actually not. It's not just the genetics / pregnancy problems that are proven to significantly rise with age... but also that the time of menopause can neither be forecast nor the effects reversed (some hit it with 40, some with 60!), so there is a significant disadvantage (=no kids at all) for waiting too long.

Additionally: do you want to deal with a baby when you're 25 or when you are 40 or, worse, 50, that keeps you awake all night? It's a massive toll on your physical and especially mental health - the younger you are the better you cope. And your kids will be happier to have a dad/mom who can actually do things with you when they're 15-25 years...

commandlinefan(10000) 4 days ago [-]

> I gladly set aside my career to raise my kids.

You're going to need some money when they get to be old enough to go to college.

hurricanetc(10000) 4 days ago [-]

>Maternal Age seems like a boogie man story to scare women.

It's just a biological reality. It is certainly possible to have a healthy birth after the age of 35 but the rate of health problems and birth defects don't go up linearly with age. The rate of pregnancy loss is 35% after the age of 35 and is above 50% after the age of 45. This is just reality. If women want to have multiple children it is wise to start before age 33.

pnw_hazor(10000) 4 days ago [-]

My wife was a developer (EE degree). As soon as our first child was on-the-way she put down her programming books and picked up the child rearing books. She dropped her dev job the moment her water broke and never looked back.

The opportunity cost was enormous but now that the kids are grown it sure seems like it was a great plan for us. My wife did get a lot grief from her family for dropping out of the workforce ($$) until they started having their own kids.

We have two daughters. The youngest is in college for CS, she has made it very clear that she does not want to have children. The older daughter is not STEM -- she is an Army officer (Westpoint Grad) who does want kids someday.

One of my in-laws is using nannies and such even though they easily could drop to one income (MD specialist dad, pharmacist mom) -- it hurts my heart to see how much time they voluntarily spend away from their kids, including weekend shifts, holiday shifts, etc. But it is their life, and their kids seem to be thriving so what do I know.

lordnacho(1848) 4 days ago [-]

One thing that she touched on that I've thought a lot about recently is the age at which we have kids. My father passed away a couple of weeks ago, and I compare him to his brother. My uncle had his first kid 10 years younger than my dad, and he ended up with the fourth one being older than me. He's got 10 grandchildren, the oldest of which is an adult now. My dad's grandchildren will never know him in any real way.

Since the funeral I've thought about this a lot. Our later-life relationships will be affected by the age at which we had kids. I'm sure this is in the minds of a lot of people in this economic age. There's a lot of 'investing in your career' where the equation doesn't account for this.

I wish we could have an economy where this was easier. Say you could have your kids early, in your 20s, yet still progress your career. Perhaps pay for it with working to an older age, which should be possible with some improved health outcomes. Along with a flexible education system that allowed you come in and out. And perhaps incentives for firms to let people in and out, instead of the constant career grind that requires people to constantly push. Some of the finance and legal tracks seem to be for people who are expected to die at 45, like some weird victorian dystopia.

agensaequivocum(10000) 4 days ago [-]

It is possible. I myself just turned 26 and my wife and I have our third coming in July. Having kids is a sacrifice, one of the greatest sacrifices one can make.

I know many other young families. While I am a well-paid software engineer most of my young family friends are middle/high school teachers.

burlesona(3841) 4 days ago [-]

I think about this a lot as well. My wife and I decided to have our first child at 30, which is fairly early compared to our peers. Economically it would have been better to wait, we've each had career opportunities we couldn't take advantage of because of having children, and if somehow we could have waited until 40 I think we would have had an easier time economically.

But, physically and emotionally, I wish we could have had kids at 22 or so. Of course we hadn't even met so this is pure wishful thinking. But still. Raising a family is a real joy, but it's also very physically demanding (even for men), and the younger you are the easier the physical aspect is. Also, we know a small number of people who had children very young, and now in their 40s their children are grown. It's a really fascinating relationship, with somewhat more ability to relate to each other and a really cool ability to live life together. Especially when this is across generations, it's amazing to have an extended family with three generations not just alive but still well.

I have no idea how society could ever adjust to make something like that work out - I think it might be easier to "fix fertility" to give more people the option of starting a family in their 40s. But still, I wonder about it often.

thefz(10000) 1 day ago [-]

> I wish we could have an economy where this was easier. Say you could have your kids early, in your 20s, yet still progress your career. Perhaps pay for it with working to an older age

And who will pick up for missed work, absence, and economical expenses of such a model?

throwaway894345(10000) 4 days ago [-]

> Heck, let's spend 99% — $1.485 billion (in the states alone) on better support. That should put a dent in the support bill, and I'd sure pick up $15 million if I saw it lying around. Wouldn't you?

According to PEW (https://www.pewsocialtrends.org/2018/01/09/diversity-in-the-...) there were 17M STEM employees in 2016, so this leaves less than $1000 per employee for childcare. According to Fortune (https://fortune.com/2018/10/22/childcare-costs-per-year-us/) the average cost per child is $9K/year (probably more if you adjust for the distribution of STEM careers?). I'm guessing STEM employees have at least one child on average (some have none, others have multiple, etc), so that only covers about 1/9th of the bill. That's a dent in the bill, but I'm not sure it's enough to make even a proportional dent in the pipeline.

Note that this assumes the money finances a benefit that must be offered to all employees; if you can target the women in question, the calculus clearly changes; however, I suspect that would be difficult under current US discrimination law (IANAL).

That said, I'd rather that money go to employees where it would certainly be useful as opposed to the current programs which, as far as I can tell, is squandered (to put it nicely).

AlexCoventry(3842) 4 days ago [-]

> I suspect that would be difficult under current US discrimination law

What statutes do you believe would stand in the way of an organization offering excellent daycare services to its employees, as suggested in the OP?

scarmig(2924) 4 days ago [-]

One tactical approach: a high achieving woman could prioritize finding a partner who is interested in deprioritizing his own career for the sake of supporting her and raising children. This is a strategy high achieving men have used for a long time.

So, pursue men involved in 'child friendly' careers. Nurses instead of doctors; teacher aides over academics; tax preparers over management consultants. Or even men who are passionate about the idea of being a stay at home dad.

jacobwilliamroy(4250) 4 days ago [-]

I think hospital work is unsuitable for people with children. Strangers spilling their blood and guts all over the place; and the hours suck rotten eggs.

ThrustVectoring(10000) 4 days ago [-]

The dating marketplace is two-sided; one reason why high-achieving men use this strategy is because there are a lot of women in this niche competing for high-achieving men. There aren't nearly as many men in this niche competing for high-achieving women, likely in part because there are relatively fewer high-achieving women using this strategy.

A big part of strategy in marketplaces is choosing something that has a lot of participation so that you can find enough counter-parties to make your strategy work.

There's also a biological asymmetry in terms of age and fertility. A man who is single until age 45 and then gets a lot of economic success can marry a younger woman and have children.

golemiprague(10000) 4 days ago [-]

Anybody who is doing this is going to loose his woman or at least makes her resent him and loose any attraction to him.

You can write stupid articles and researches and whatever, it is not going to change the basic nature of men and women. Women job is to bring children and raise them, men job is todo the rest and until biology changes in some magical way it is not going to change.

Women are still mainly attracted to care taking and value transference jobs, they don't like stem and not very good with creating value, whether it is physical or theoretical jobs, how many women music bands do you know? Even art they don't create much.

Whoever wrote the article didn't ask themselves why women doctors don't leave their jobs, it is also very hard and demanding, but they like what they do because it is care taking and care taking was always the traditional job of a woman.

Modern thinking demand us to ignore those simple facts and just pretend that things are different, it is just a stupid phase that will eventually disappear like communism or any another stupid ideology

tylermenezes(3693) 4 days ago [-]

I think it's still a form of sexism to assume women are the ones who need to care for a child. That's something that very few diversity-in-STEM folks are really thinking about.

Many years ago an ex-girlfriend, who works in STEM academia (and is otherwise a liberal, progressive feminist), expressed concerns similar to the author about having kids. When I brought up that it wasn't written in stone that she would need to be the primary caregiver, she said she'd never even thought of the alternative!

(Anne-Marie Slaughter touched on this in a 2012 Atlantic article called 'Why Women Still Can't Have It All' for anyone who's interested.)

tomp(2402) 4 days ago [-]

The flip side of the coin is that women overwhelmingly prefer higher-paid, more successful, higher-status, equally-or-more-educated men as partners. Then the choice of who should stay at home is pretty obvious (or no choice but necessity brought to you by brutal economic reality).

uncle_j(10000) 4 days ago [-]

It is almost never mentioned but most men won't respect other men who are stay at home parent. So there is also an expectation on the man to be the bread winner.

Also many women tend not to want men who earn less then them:

https://www.marketwatch.com/story/rich-women-like-rich-men-a...

gherkinnn(10000) 4 days ago [-]

Your point (and there is truth to it) might work in industry, but in academia there is an expectation (as is mentioned in the OP) that you move around a lot.

Even if the husband takes care of the child, doing your masters in LA, your PhD in London, and a postdoc in Sidney, why on earth would anyone want to drag a child along with them?

wvenable(4265) 4 days ago [-]

It's becoming more acceptable that whomever is the lower-income partner is the one who is the primary caregiver of children (man or woman).

From what I can see, working in STEM academia definitely means you are likely to be the lower-income partner.

naasking(10000) 4 days ago [-]

A woman would still need almost a year of special work consideration for the pregnancy, appointments, and post-birth recovery, even if they're not a primary care giver afterwards.

alexchamberlain(3031) 4 days ago [-]

I'd just like to echo some of the other comments; my wife is currently pregnant and it's already clear that the burden is largely with her. I simply cannot get the vaccines and blood tests she needs, my hormones aren't loosening all of my joints and I'm not exhausted most of the time. The challenge isn't just who is going to look after them once they're born.

chadcmulligan(4109) 4 days ago [-]

I became the primary care giver for my daughter for a number of years (My wife died - some years ago). My experience is that there is no flexibility in IT jobs - if you want to work not 9-5 5 days a week then tough luck, when you have a kid to look after, pick up from after school etc this just isn't possible.

I envied doctors at the time, they could just name their hours, some other professions can - but not STEM fields for some reason. I'd say the reason is sexism - its a bunch of guys who are married to women who look after the children, so flexibility is not built in to the system.

sgentle(3495) 3 days ago [-]

> I think it's still a form of sexism to assume women are the ones who need to care for a child.

Well, certainly nature is sexist in that only one of the sexes is able to gestate a child. Perhaps that will change someday. However, for now, (biological) women face a unique reproductive burden that is worth recognising and compensating for.

Biology aside, there is an important difference between assuming women must bear a disproportionate responsibility for childcare, and recognising that women do bear a disproportionate responsibility for childcare. The former is sexism, the latter is pragmatism. Saying 'my house is on fire' doesn't make you pro-fire.

> That's something that very few diversity-in-STEM folks are really thinking about.

I'm not sure how that can be true. What you're describing, the assumption that men work and women stay home, is the foundational stereotype that sparked second-wave feminism. Unless the argument is that 'diversity-in-STEM folks' aren't familiar with basic feminist ideas like gender roles?

In any event, here is some evidence that this is, in fact, something that people are really thinking about:

> The boundaries of the gender division of labour between productive and reproductive roles are gradually being crossed as women have started to enter formerly male-dominated areas of work and men have started to accept greater responsibility for domestic tasks, including child care. However, changes in women's roles have been greater and much more rapid than changes in men's roles.

— Beijing Declaration and Platform for Action – Fourth World Conference on Women (1995) https://www.un.org/en/events/pastevents/pdfs/Beijing_Declara...

> Take measures to increase the participation of men in caregiving both within households and in care professions, such as information and awareness campaigns, education and training, school curriculum, peer programmes and government policies to promote men's participation and responsibilities as fathers and caregivers, and to encourage men and boys to become agents of change in promoting the human rights of women and in challenging gender stereotypes, in particular as they relate to men's roles in parenting and infant development

— Agreed Conclusions of the 53rd Commission on the Status of Women (2009) https://www.unwomen.org/-/media/headquarters/attachments/sec...

> Labour market policies that offer men access to paternity and parental leave, especially when coupled with Scandinavian-style incentives which encourage men to actually take leave, are a critical signal that men have responsibility for their children. However, gender norms are strong and pervasive. [...] Through community-based organisations and educational sessions supported by social protection programmes, health clinics and schools, fathers should be actively integrated into childcare activities and helped to see themselves as central to their children's development.

— Women's Work: Mothers, children, and the global childcare crisis – Overseas Development Institute (2016) https://www.odi.org/sites/odi.org.uk/files/odi-assets/public...

> The time-use and labour force data presented in this chapter make a compelling case for inequalities in unpaid care work and inequalities in the labour force being deeply interrelated. This not only confirms the "unpaid care work–paid care work" connection discussed in Chapter 1, but demonstrates also that no substantive progress can be made in achieving all dimensions of gender equality in the labour force before inequalities in unpaid work are tackled through their effective recognition, reduction and redistribution between women and men, as well as between families and the State.

— Care Work and Care Jobs – International Labour Organization (2018) https://www.ilo.org/wcmsp5/groups/public/---dgreports/---dco...

> Rather than focusing only on increasing women's workforce participation, it is also important to increase men's participation in caring responsibilities. In countries where family policies incentivise men to take caring roles, the impact is seen both in the rate of men accessing leave and in societal attitudes towards parenting.

— Women in STEM Decadal Plan – Australian Academy of Science (2019) https://www.science.org.au/files/userfiles/support/reports-a...

hyperdunc(10000) 4 days ago [-]

Women are more likely to want to be the primary caregiver to something that actually came out of them. It's biological and there's nothing sexist about it.

Tade0(10000) 4 days ago [-]

I think it's still a form of sexism to assume women are the ones who need to care for a child.

They're definitely the only ones who can breastfeed(at any practical rate anyway).

One may, of course, elect not to do that, but it does make a difference for the child.

dustinmoris(744) 4 days ago [-]

Maybe some people value spending time with their children and seeing them grow up more than chasing a stupid meaningless promotion at a mundane STEM job somewhere. If you have one child then you have only one chance in life to answer all their curious questions when they are 6 years old, only one chance in life to see them learn how to swim, etc. etc.

Life is about collecting wonderful memories with the people who you love, not about maintaining some idiotic excel spreadsheets in an open plan office. Maybe we should measure how many women are happy with their life rather than measure how many of them have a certain job title in a certain field. If we can maximise the former then who gives a shit about the latter.

falcor84(3958) 4 days ago [-]

>Maybe we should measure how many women are happy with their life rather than measure how many of them have a certain job title in a certain field. If we can maximise the former then who gives a shit about the latter.

Because if women don't participate in the industry, the men who do will continue building a world designed for men.

https://www.theguardian.com/lifeandstyle/2019/feb/23/truth-w...

corporateslave5(10000) 4 days ago [-]

The truth is men are more mathematically inclined. Why we as a society make up all sorts of fantasies is beyond me

vorpalhex(3921) 4 days ago [-]

That is clearly not the only reason, and likely isn't even a major factor in and of itself. Yes, we might expect to see slightly more men in general in math heavy fields, but that women tend to drop out as they approach not heavier math, but more time consuming/worse work/life balance situations (management) suggests the issue isn't just 'men are more mathematically inclined'.

Like any complex phenomenon applying to a multitude of people there are several effects happening in different proportion at the same time.

dcole2929(10000) 4 days ago [-]

A lot of people would argue, imo correctly, that this is just a different form of sexism. The idea that progressing in your career means sacrificing work/life balance and more importantly family could absolutely be construed as the end result of a sexist mind state that doesn't value motherhood and family rearing to the degree it should. Obviously this affect men who want to be present and active participants in their children's lives as well, but as the author points out in many cases the inflection point at which ones career can really take off also overlaps with prime childbearing years.

There is a lot of pressure on woman to have families and in circumstances where their right and ability to both do that and progress in their careers isn't respected and protected we end up with the current system. One in which woman drop out of less flexible fields earlier, and even in them don't get promoted as fast as their male counterparts who don't need to bow out of the field for months at a time to have a child.

knorker(10000) 3 days ago [-]

It's sexism that the more time and effort you put into your career the more you're progressing?

I don't disagree with most you said, but if you weren't there then no amount of artificial thinking will compensate for that.

YeGoblynQueenne(300) 4 days ago [-]

>> I've got a big scholarship, and a lot of people supporting me to give me the best shot at an academic career — a career I dearly want. But, I also want a family — maybe two or three kids

Oh.

Up to this point I was keeping notes with my criticism of this article, but this caused me to stop and reconsider.

If I may advise the author, I understand how difficult it is to balance life decisions that seem to be at odds, but trying to deny the very reason why those life decisions are hard to combine will not make the choice any easier.

It is stupid and sexist that you have to think of pursuing a PhD and having two or three kids as an either/or option, when the (probably) man you'll want to start a family with will not have to do that, even if they are also a PhD in STEM.

This is part and parcel of the sexism that people complain about. It's not just inappropriate behaviour by senior male academics. There is no reason why a woman must put her career on hold to start a family when a man in the same career does not need to. There is no reason why women are expected to be the ones most concerned with the business of having and raising children when men are expected to be the most concerned with advancing their careers. How is that not sexist? How is that not the sexism that's keeping women from advancing their careers in STEM academia?

hackinthebochs(10000) 4 days ago [-]

>How is that not sexist? How is that not the sexism that's keeping women from advancing their careers in STEM academia?

Why should the academy structure itself so that women who choose to put their attention into their families do not have a career impact? If academic positions are necessarily zero-sum, it seems impossible to correct for this without seriously unfair negative externalities?

How is it that the biases inherent in collective decisions of individuals within society are the responsibility of the academy to correct for (that men tend to choose to focus on career and women on family)?

blub(4259) 4 days ago [-]

Yes, nature and sexual selection were sexist and designed women so that they have to bear the brunt of having children. That's reality, I don't see how it helps in any way to call reality sexist.

And having a career is not the most awesome thing in the world. Many fathers would very much prefer to spend time with their families, but can't because they're expected to first and foremost provide for them.

hinkley(4237) 4 days ago [-]

I can't speak for women, and I'm just smart enough not to try.

But what I can say is that I don't hold all of the values that I did as a young man. I'm not excited about the same things, and today I find some of those ideas uncomfortably naive or even off-putting.

As I've engaged in more activities, as I've socialized with more people, I've encountered many more ideas and a lot of nuance. Nothing has simple answers and there are other solutions to problems besides code, or tools, or pills, or surgery.

And one of the consequences of this is that I'm not confident that if I show up to interview at a startup that I'm going to exhibit the degree of 'passion' they're looking for. I have plenty of passion. Too much, some will tell you. I just know beyond all doubt that your new iOS app is not going to save the world, and quite bluntly, that you have some unresolved issues that you need to work through if you so desperately need to believe how transformative your work is going to be. And I know that's not just STEM - all the 20-somethings who I've seen doing volunteer work - and bless you for showing up - feel exactly the same way. I'm gonna change the world. I have to change the world. Otherwise my life is empty and I am nothing.

It can be discomfiting to be around and I'm sure I telegraph it.

They say that young women socialize a little ahead of young men. Maybe they just get a whiff of my reality before all the rhetoric gets piled on so thick that's all they can see.

arwhatever(10000) 4 days ago [-]

It just so happens I have a hidden camera video of you at one of these interviews. :-)

https://www.youtube.com/watch?v=KtwXlIwozog

slumdev(10000) 4 days ago [-]

> And one of the consequences of this is that I'm not confident that if I show up to interview at a startup that I'm going to exhibit the degree of 'passion' they're looking for.

This is good, though. If you faked the passion, you might wind up surrounded by lunatics who actually believe their iOS app is going to save the world.

Also, this 'passion', most of the time, is just a word that has been co-opted by the owner class to mean 'working nights and weekends'.

sequoia(3670) 4 days ago [-]

In her article, she explains her hypothesis that women leave top-flight STEM/academic careers because the demands (and, crucially, when they must be met: 20s & 30s) conflict with the demands of bearing children during a woman's most-likely-to-be-successful childbearing years. She goes on to suggest that creating more supports for mothers such as affordable childcare and possibly collaborative academic working environments might mitigate the issue.

What leads you to think primarily about 'passion' & socialization? It seems almost as though we read different articles, I didn't see anything about that.

_trampeltier(4333) 4 days ago [-]

Remember 'The More Gender Equality, the Fewer Women in STEM'

https://news.ycombinator.com/item?id=21774299

This one, I saw also today ..

Institutions in the country introduced gender quotas for internal committees and boards in an effort to reduce bias during hiring and other inequalities, but such measures themselves are now being labelled potential hindrances to female progression because the roles cost women career-crucial research time.

https://www.timeshighereducation.com/news/germany-mulls-extr...

fnord77(4137) 4 days ago [-]

> you have some unresolved issues that you need to work through if you so desperately need to believe how transformative your work is going to be.

I think those issues are called narcissism.

hinkley(4237) 4 days ago [-]

I did not mean to imply that there isn't a ton of other unwarranted bullshit they have to deal with. Reading it back to myself, that wasn't clear at all.

MrFantastic(10000) 4 days ago [-]

Men are hardwired to ascend to the top of the hierachy so they can access all the women. That's why male billonaires will risk their fortune to make another billion.

Women are not rewarded biologically for being the top 2% in their industry. It's almost as if the higher women climb career wise the fewer dating options they have because women tend to want men that are even higher on the totem pole.

Outside of a score keeping system, each additional dollar is less rewarding very quickly once you pass $150k in income.

scarejunba(10000) 4 days ago [-]

It's okay to be jaded, but to present that as coming from wisdom that others are missing is both self-congratulatory and lacking in self-awareness.

I think you misrepresent startup founders. Most I've met are generally very smart people and they've read The Remains of the Day too so it's not like they're this nerd-in-the-basement fantasy you get from the movies. The Hollywood fantasy is dead.

I'm only saying this so that young fellows browsing HN from their computers at university aren't immediately discouraged. To them: The world is very exciting here. You can find a team and work happily and passionately on something you care about. You will be fine. It is probable that you will be better for it. Good luck!

Konnstann(10000) 4 days ago [-]

I think there are plenty of people who believe 'if you're not part of the solution, you're part of the problem.' I'm lucky enough that my job is both interesting and impactful. The people that surround me are either incredible scientists or like working for a company that strives to, and does, make an impact in the world.

I think it's perfectly fine to not care about your job to a higher degree than necessary, and I also think it's fine to seek out work based on social impact rather than salary. Most people can't have it both ways, and end up having to make a choice at some point.

maire(10000) 4 days ago [-]

Is this poster for real? I am not sure how this got top upvotes since it doesn't seem to be about the article at all. The article was about women in STEM academia which doesn't seem to be at all about women whiffing a poster's reality.

The article is about women in STEM academia which is a tiny subset of women in the STEM workforce. Some STEM professions do a better job of retaining women than others.

deyouz(10000) 4 days ago [-]

The article is about women in STEM in Academia, not just STEM.

And I don't understand why people absolutely need to have biological children. I think more people should just adopt if they want to raise children.

I also think sexism in the US is the biggest factor for women leaving Academia or not entering STEM. In other countries more than 50% of the researchers are women and 40% of the students studying computer science are women.

dmitrygr(1878) 4 days ago [-]

Because many traits people care about (like intelligence), have been shown to be at least partially genetic?

tathougies(10000) 4 days ago [-]

There are few infants to adopt due to the success of americas adoption programs and the willingness of americans to adopt. The ones that are 'easy' to adopt almost universally have special needs that most people (especially working parents) simply cannot meet.

cortesoft(10000) 4 days ago [-]

The desire for biological children is pretty ingrained in our psyche.

larrik(3673) 4 days ago [-]

> I think more people should just adopt if they want to raise children.

As someone who has adopted 3 children, I assure you that the biological route is way easier and cheaper. It's not like rescuing a dog from the pound...

sprash(10000) 4 days ago [-]

> And I don't understand why people absolutely need to have biological children.

Especially smart women in STEM should have children because cognitive abilities like intelligence and conscientiousness are largely inherited traits (e.g. IQ is between 50% and 80% inherited according to twin studies).

icandoit(10000) 4 days ago [-]

>And I don't understand why people absolutely need to have biological children.

Consider these possibilities:

1. A best case scenario is that what you have expressed is a personal opinion that takes your genes out of the future in a Marty McFly fading away fashion as this opinion hardens.

Fine. Your choice. More pie for the rest of us.

2. A worst case scenario where this opinion accumulates in the market place of ideas and inevitably leads to human extinction.

Impossible right? Well, know that disgust with sex is climbing in rich nations (like Germany and Japan) and the number of births per woman is falling. Is this a function of wealth, or technology?

South Korea has fewer than 1.1 births per woman. That can only translate into a poorer, older, and smaller country for the future. [1]

https://www.macrotrends.net/countries/KOR/south-korea/fertil...

(I tell people that this was the thickly veiled premise of the movie Bird Box.)

If that is true, then can it be called a choice? Are people actually choosing to have fewer sexual partners than their parents generation? Are people really choosing to feel disgust at the thought of intimate contact?

Maybe repulsion-to-sex is a bigger threat to continued human existence as nuclear weapons.

Another fun article:

https://medium.com/migration-issues/how-long-until-were-all-...

amb23(10000) 4 days ago [-]

Mothers--the vast majority of mothers, not the aristocracic ones we model our current family structures off of--have always worked. They'd strap the baby on their back and go to the fields to plow or gather the harvest or cook or weave or chop firewood. Motherhood as as a full-time job is a modern invention; historically, it was a side gig.

I'd love to see a startup tackle this problem: think a benefits platform that allows companies to offer daycare as a benefit, or a Wonderschool-like daycare for working parents. Even an improved work from home policy for new parents would go a long way to plugging the talent 'leak' that's prevalent right now.

snarf21(10000) 4 days ago [-]

It isn't a bad idea but really you are just talking about the cost of daycare services. Some mothers and fathers stay home because they want time with their kids at a very young age. They want to be able to go to every show and tell. Most people who are able to have a stay at home parent is because the other partner makes enough so the don't need to work. You suggestion just makes work possible for a subset that don't work because sending four kids to daycare costs more than they could make. There are other issues for school age kids where they need care close to their school district (for busing) not necessarily where they work.

kendallpark(10000) 4 days ago [-]

Yup. Back in the day, women in traditional housewife roles were major contributors to their household finances [1]. They used their own unpaid labor to transform raw materials into goods that saved their family from having to purchase them on the market. They also performed services that would have been prohibitive to hire out. But thanks to mass production and household appliances, household production doesn't contribute as much to household finances as it once did. 1950's suburbia was that awkward transition period before middle class families realized that they could have dual incomes--it was never going to last.

[1] https://fbe.unimelb.edu.au/__data/assets/pdf_file/0009/80599...

icandoit(10000) 4 days ago [-]

It may have also been the case, that before industrialization, metal smelting, and anything-faster-than-walking the world was inherently safe.

Daycare only become necessary once transportation, tools that could cut, and exposed toxins became abundant.

Imagine a world were all parents let their children roam the streets from dawn til dinner, child-right-of-way, and any harm befalling a child was universally met with public outcry against the adult responsible for creating unsafe conditions. (If you left a can of gas unlocked and Jimmy burns thing down, you are responsible, not Jimmy or Jimmys parents. Rational precautions etc.)

Kids would be barred from factories sure, highways and other necessarily dangerous places could be fenced off. Contrast this with our blame-the-parents instincts, now.

Can we collectively consider taking a step in that direction?

When our workplaces have a spot for our cars and not our children, should be surprised that car ownership climbs and fertility falls?

blub(4259) 4 days ago [-]

Historically, the extended family and neighbors were contributing to raising children. For a couple that doesn't have family close by and lives in a city, parenthood is at least a part-time job.

brailsafe(3734) 4 days ago [-]

I worked for a company that had daycare as a benefit, but were much more reluctant to flex in their more ingrained ideas of work schedule. I guess you could say they were more conservative overall, despite how much money they wasted in make-work. Seemed to more or less be a consequence of having employees with kods before they moved to a big new office.

untog(2588) 4 days ago [-]

Not every problem is startup shaped.

> think a benefits platform that allows companies to offer daycare as a benefit

Companies could offer daycare as a benefit today if they wanted to. It isn't their benefits platform holding them back.

In fairness, I can see why companies don't offer daycare as a benefit: it's enormously expensive (particularly in major metros) and it would be very difficult to plan what % of your employees would be utilising it at any one time.

Other countries have solved this problem by making it everyone's problem: the government subsidises it. I won't hold my breath waiting for the US to do the same.

tathougies(10000) 4 days ago [-]

Daycare isn't an appropriate analogue to your example though. A shift in culture that allows you to bring your children to work would be and would be absolutely sensible for white collar and several blue collar jobs.

tcgv(4074) 4 days ago [-]

> Motherhood as as a full-time job is a modern invention; historically, it was a side gig

Can you share any study/evidence to support that statement?

hammeringtime(10000) 4 days ago [-]

To the extent that was generally true...

* most mothers were still with their infants and very young children. The babies weren't being taken care at a daycare where you can have one staffer trying to deal with 4 crying newborns.

* mothers were doing active work, not work that requires sitting in one place, not work that requires long-term concentration, not work that requires being on someone else's schedule.

I have noticed it is no problem doing active work like cooking or the dishes or grocery shopping while bringing along an infant. But I cannot do computer work -- baby goes crazy from lack of stimulation.

Also, being on a schedule while trying to take care of a baby causes immense stress. What if you have a client meeting while baby is crying because he needs to be fed ... or is crying just due to lack of comfort and attention? Or sometimes (oftentimes) baby has a bad night and keeps you from sleeping, but you still need to be up and at work at a given time, instead of being able to nap when baby naps?

Both parents doing a schedule-bound, desk job while raising a newborn baby is not how we evolved to do things, and it's always going to be a source of stress and problems, even if you have 'high quality' daycare available.

peteretep(1706) 4 days ago [-]

Solution: compulsory paternity leave for male academics.

satyrnein(4332) 4 days ago [-]

Outcome: childfree academics (of all genders) win.

o_p(10000) 4 days ago [-]

Its almost like they are biologically and mentally hard-wired to have children! How dares nature to create a unequal duality with specialized roles.

dang(188) 4 days ago [-]

Please don't post flamebait and/or unsubstantive comments to HN—especially not on powderkeg topics. We ban accounts that do that, for what should be obvious reasons if you read https://news.ycombinator.com/newsguidelines.html.

krastanov(10000) 4 days ago [-]

I, and many others, hold the expectation that we are quite capable of overcoming our animal instincts (in this, but importantly in many other aspects also) to make a better world. Especially if the presence of the instinct is used as a pseudo science excuse.

danharaj(4165) 4 days ago [-]

The fact that women shoulder the primary economic burden of raising children is structural sexism. Sexism is not merely about personal conduct but also how we structure society. For millenia across many cultures women have had their participation in broader society curtailed to the sphere of reproductive and domestic labor. That is injustice. As Morenz notes, we don't have to accept that. We can structure our work so that women are not disadvantaged for having kids and men aren't penalized for taking a greater role in raising them.

This seems like violent agreement. I think Scott was trying to dismiss the people who criticize them by inviting Morenz to make a guest post. Perhaps his dismissiveness is the reason why this is so acrimonious.

breischl(4127) 4 days ago [-]

>We can structure our work so that women are not disadvantaged for having kids

Can we, though? It seems that there is some amount of time that women are unable to work due to the physical rigors of pregnacy, child-birth, and (in many cases) infant care.

Taking time away from work, no matter what the reason, necessarily affects the trajectory of your career. We can try to minimize that in various ways (as the original article discussed) but it seems impossible to reduce it to zero barring sci-fi tech like artificial wombs.

It might be reasonable to say that we can structure out work so that women are disadvantaged _as little as reasonably possible_ for having kids.

darawk(10000) 4 days ago [-]

> The fact that women shoulder the primary economic burden of raising children is structural sexism.

You seem to be making a fairly subtle point here that I think others might be missing. Which is not that women choosing to take on the burden of childcare represents sexism (which is an argument some people make), but rather that the fact that their making this choice impinges upon their personal economic future is sexist. That is maybe a more interesting point than the former, but I don't think it really holds up to scrutiny. Choosing to take on the burden of childcare is choosing to spend less time working. In any other context, if a person chooses to work less, that negatively impacts their earning, and we consider that perfectly reasonable and fair. If I choose to play video games for 8 hours a day and work part time, basically everyone accepts it's reasonable that I make less money.

Now, if women are being pressured or forced into accepting this childcare responsibility at their own economic expense, then yes. That is 100% structural sexism. Also, if society would have treated men making this choice differently than women, then that too would represent structural sexism. But there are men making this choice, and their careers are generally just as negatively impacted as the women who make it.

TheAdamAndChe(10000) 4 days ago [-]

This assumes that men and women en masse want equal roles in raising children. I'm not convinced that this is the case.

zajio1am(10000) 4 days ago [-]

> Sexism is not merely about personal conduct but also how we structure society.

What does raising children have to do with society? Decision of having and raising a child is a fundamentally personal, not societal decision. Each pair should decide how they want to split responsibilities of raising a child before its conception, based on their preferences, and society should not force them to any model.

Also, it seems to me that society already prioritize child-raising too much compared to other non-work activities. If people would leave STEM/some other field due to work-life balance for some other personal goals than child-raising (say part-time working in a non-profit), would anyone care?

SkyBelow(10000) 4 days ago [-]

>Sexism is not merely about personal conduct but also how we structure society.

Great.

But my personal experience is that this notion seems to vanish as soon as we look at things like rates of workplace deaths, life expectancy, hours worked, imprisonment, or numerous other areas. And even if they don't vanish, the level of attention devoted seems to be remarkably different. Would the way we structure society in regards to structuring our attention for social ills also possibly include sexism?

And I guess such notions can be dismissed as being off topic. As they aren't relevant to the actual issue under discussion. But when we start viewing larger more structural things as sexism, then wouldn't even such dismissal potentially qualify as sexism?

tathougies(10000) 4 days ago [-]

Have you considered that the primary enforcer of this curtailment is not adults but infants? I mean, I took long paternity leave, I am with my daughter at night, and am with her whenever I am home. She still wants to nurse on her mothers breast when she's sick or in pain. This makes sense as not only is it comforting to her (and a childs emotional need is very real) but it is also physiologically beneficial (nursing reduces stress hormones and helps her heal from disease faster). She enforces this dichotomy of roles by screaming if i try to comfort her and shes already decided what she wants by screaming mama. She'll take comfort from me only if shes decided that its something that doesnt require something no man can give. And her cry is meant to change both of our emotional states to fulfill her every desire.

Is this injustice? Perhaps you could characterize it this way, but since the perpetrator is beyond reason and lacks expression, I'm not sure how youre going to fix this.

hurricanetc(10000) 4 days ago [-]

Biology isn't sexist. Men can't get pregnant so therefore only women can deal with pregnancy. Men can't breastfeed or pump, either.

People want reality to reflect their world view but biology is biology. It's not an indictment on society that only women perform certain biological functions.

epicgiga(10000) 4 days ago [-]

Maybe they're just not as into it?

Does anyone ever stop to consider that? Maybe women are doing what's best for themselves, sticking to things they like, and screw your arrogant western leftist ideas of what YOU think they should do?

Let's just pretend women like shoes and handbags more and men like engines and guns more just for purely random reasons. Despite global perpetuity. Everywhere ever.

Let's just pretend engineers and nurses is inflicted, not chosen, despite what ultra high gender equality Scandinavia says.

Let's all pretend that only the North Koreans are brainwashed and that only they care little for facts and human flourishing.

Let's all just slosh in wierd western religious fervour. Or actually, how about no, and hop on a plane to the civilised world.

satyrnein(4332) 4 days ago [-]

The impression you got from the article was that author just isn't into STEM? If you want to make an argument based on women's preferences, you might consider a closer reading of what they're saying.

alexithym(10000) 4 days ago [-]

This was an unnecessarily aggressive comment, and the tone with which it was made detracts greatly from the intended message.

naiveprogrammer(10000) 4 days ago [-]

I appreciate the author's piece but motherhood is not an alternative argument for why women leave STEM, it is THE argument. It is, in all likelihood, the strongest factor to influence women's decisions to leave the field. The evidence is getting overwhelming, just check the most recent publications by Harvard Professor Claudia Goldin (most recent: https://test.openicpsr.org/openicpsr/project/113672/version/...)

Sexism is real but its importance is far from being large. It is really tiresome to see the news regurgitating the talking point on wage gap without properly giving context.

What is clear to me is that the wage gap as measured by the average earnings by gender (even drilled down by field) is very hard to be fixed given the obvious biological differences between males and females (in which motherhood reigns supreme).

Women also need to be honest about their prospects, it is very hard to juggle a career and motherhood. You can't have your cake and eat it too. So there needs to be an honest confrontation on the trade offs of motherhood and having a career and the cope that comes with it.

proc0(10000) 4 days ago [-]

Yes, this is what I was thinking. Feminism is ruining women by mistakenly telling them they want something that might make them unhappy. What do women gain by having 50% professional nuclear physicists or 50% coal miners?

bArray(10000) 4 days ago [-]

I think people have been hinting towards the point that it's generally maternity and not sexism that mostly creates the differences in career progression. Of course there was a time in history where sexism played a major role, but I think that in modern times this is mostly gone (although I know of recent cases).

We can take several actions to balance the books, but the important point I would like to ask is: Do we really want to stop/de-incentivize intelligent women from having children and having an active role on raising them?

Of course there are lots of compromises that can be made to balance the work-home life, but ultimately a decision does need to be made. Spending time with your children in those crucial fundamental years before pre-school is incredibly important and rewarding.

howling(4231) 4 days ago [-]

I think people are arguing that to be fair, time spent on raising children should be shared equally between father and mother.

badfrog(10000) 4 days ago [-]

> Spending time with your children in those crucial fundamental years before pre-school is incredibly important and rewarding.

Yes, and employers should be more flexible to allow parents of all genders to do more of this and keep their jobs.

YeGoblynQueenne(300) 4 days ago [-]

The author is missing the forest for the trees. She argues that a specific kind of sexism (harrassment) is not sufficient to explain why so many women are forced out of their careers in STEM academia. She argues that the real reason is that those women want to start a family and they can't do both at once. She herself is considering leaving academia to start a family (she wants to have two or three children). Yet she never for a moment stops to wonder why it is that a woman like her has to make a choice between family and career, why that is a choice that so many women have to make and why it is a choice that so few men have to make. The answer to all that is sexism, of course, the kind of sexism that the author is so used to she doesn't even consider it sexism anymore, just the normal order of things. Yes, of course a young, talented researcher _has_ to leave academia to raise her kids. Because she's a woman. And that's what happens to women.

That is sexism. It is clear sexism, it is classic sexism and it will not go away by pretending that it is not. And I agree very much with the author that it is the real reason behind the constant stream of promising female researchers leaving STEM academia.

wilg(4223) 4 days ago [-]

I agree with you. However, I think slicing up the various types of sexism in the way the author does is tactically useful for solving the issue in the fastest possible way.

kendallpark(10000) 4 days ago [-]

Agreed. How many times have you heard a man say he had to choose between his career and having kids? The fact that it is predominantly women who feel they have to choose between children and career IS institutional sexism. We say we've achieved 'equal opportunity' when women are allowed to participate in career fields that had originally evolved around the male workforce. Is that parity? That women can succeed in certain industries as long as they are like men in that they never become pregnant? Jobs and industries designed by women for a female workforce would look a lot different.

We need to--as much as we are able--change societal expectations, workforce expectations, and the way jobs are structured so that women are not at a disadvantage. These changes can also benefit men (eg, equal parental leave and other policies that it more affordable and feasible for people to have children). It hurts both sexes when workplaces are biased towards this archetype of a male breadwinner that is content putting in long hours away from his family.

You could view this as anti-family bias, which, due to society and biology, disproportionately affects women.

deyouz(10000) 4 days ago [-]

I completely agree with you. I just wanted to comment to tell you that you are absolutely right.

hanniabu(3944) 4 days ago [-]

Probably going to get downvoted for this, but how exactly is this sexism? It seems to be just plain old biology.

allovernow(4323) 4 days ago [-]

>Yet she never for a moment stops to wonder why it is that a woman like her has to make a choice between family and career, why that is a choice that so many women have to make and why it is a choice that so few men have to make.

She literally spends 25%+ of the post explaining the fertility wall that does not affect men.

n4r9(4269) 4 days ago [-]

In full agreement. It's frustrating that increasing paternity leave and encouraging new fathers to spend more time caring for their children is not highlighted as a potential solution.

jmpeax(10000) 4 days ago [-]

I agree. We should try to guide women to date and marry men who are poorer or make less money, rather than the sexist women choosing rich guys over poor guys. After time this will reduce the pressure on men to sacrifice their life for money. If women's top mate selection criteria was how nurturing a male is rather than how much money he can provide for the family, then the problem would quickly solve itself.

chadlavi(4327) 4 days ago [-]

So... it's not sexism, it's the structurally sexist way that child-rearing is handled?

I mean, it's a more actionable level of detail, but it's still sexism, no? Just maybe more structural rather than at the level of individual hiring or advancing decisions?

badfrog(10000) 4 days ago [-]

Yes, the author seems to have a very narrow (and incorrect) view of what sexism is.

epicureanideal(4281) 4 days ago [-]

I think a larger percentage of society would be willing to call this 'structural gender-based inequality' rather than sexism, because most people including myself use the word 'sexism' to refer to a belief that one sex is less capable or somehow worse than the other.

Similarly, men live fewer years than women, and so receive less retirement benefits. This is a structural gender-correlated inequality (maybe gender-correlated is even better than gender-based) but I don't think many people would call it 'sexism against men'. They would just say 'oh, yeah, that's odd... maybe we should adjust that now that you've brought it to our attention'.

rdlecler1(4154) 4 days ago [-]

I wonder if shorter PhD programs, like they have at Oxford might give women more time in the workforce before they start becoming concerned with starting a family. Maybe starting earlier puts them in a more senior position at a younger age.

scottlocklin(2614) 4 days ago [-]

Shorter and fewer Ph.D.s (aka constrain the supply the way the AMA does) would actually solve all the problems mentioned here. Might even kickstart stalled scientific and technological development.

xerxex(10000) 4 days ago [-]

Her argument just shows how entrenched sexism runs in our society.

Anecdotal evidence/sample size one story: My wife has a doctorate in chemistry and 2 postdocs under her belt, but she had to leave her field purely due to sexism she encountered during her post docs. The PI (her boss) was quite abusive, outright sexist and a horrible racist. My wife wanted to move on to industry jobs but her wouldn't let her leave. So he kept giving bad references. We didn't know about this until after my wife looked into why she got rejected.

DreamScatter(4290) 2 days ago [-]

Academia is generally abusive, regardless of whether you are male or female.

GCA10(3677) 4 days ago [-]

Thanks, Karen Morenz, for providing a unified, panoramic view of the ways that the standard academic career progression short-changes many female scientists, even if each step along the way seems to make sense.

It's worth taking a look at three other professions with long, high-intensity pathways from apprentice to master --all of which have been wrestling with the same challenges. They are management consulting, law and medicine. I've written about them elsewhere.

In medicine, there's been a surge of female participation (and leadership) in specialties such as dermatology, psychiatry and radiology, where it's relatively easier to rearrange hours and training regimens to be family compatible. There's been less progress in surgery, where hellish hours are considered part of the journey.

In law, some firms have been experimenting with a blurring of the boundaries between associate and partner, so that there's a middle level at which women can enter into motherhood without tanking their career chances. (In the traditional model, close to 40% of entry-level associates are female, but few of them stick around to make partner.)

I'm wondering if either of those models is transferable to STEM academia. Are there particular sub-disciplines where professional success and sane hours might be more compatible? Similarly, are there tenure-track or quasi-tenure track job titles that split the difference in tolerable ways?

I haven't researched these well enough to have clear answers. But it's worth discussing.

75dvtwin(4118) 3 days ago [-]

I think it is relevant, that you listed professions where

    a) compensation is very high
    b) hours of work cannot be 're-arranged' due to critical life-safety or court-rules.
Clearly, STEM Academia is not one the above (even though apprenticeship hours are grueling).

I presume there are other professions that do not compensate that well, but have similar 'cannot move dates' constraints.

And it would be interesting to see women participation rates on those.

Perhaps this is a specific factor that has gone received proper attention in various analysis.

Fr0styMatt88(2746) 4 days ago [-]

I think careers in IT/software can have exactly the same issues of work/life balance, though it's very dependent on which industry and company you work in.

For an extreme example, just look at the AAA games industry.

Having said that, I think you could say the same about most industries unfortunately. I don't know if it's just because that's what competition forces us into, but I would guess that is a big part of it.

toufka(4333) 4 days ago [-]

There is an unfortunate distinction between those other professions - STEM fields rarely pay even close to what consulting, law and medicine pay. Peers of equivalent talent in those 3 professions are generally making double to triple (if not more) by the time STEM graduates reach the same moment in their personal lives. And that 'moment' is generally delayed in STEM compared to those professions; you start generating your first real paycheck in STEM, with some stability in your career path at your early-mid thirties. Even medicine (which is longer than consulting & law), stability can be reached before that.

Fomite(4023) 4 days ago [-]

'I'm wondering if either of those models is transferable to STEM academia. Are there particular sub-disciplines where professional success and sane hours might be more compatible? Similarly, are there tenure-track or quasi-tenure track job titles that split the difference in tolerable ways?

I haven't researched these well enough to have clear answers. But it's worth discussing.'

One of the easiest, and most important things, academia could do is make pausing tenure clocks have both less stigma and be easier to do. Like, automatically opt-in for both men and women.

Unfortunately, it's much harder to pause grants, which is its own problem.

entee(4299) 4 days ago [-]

I agree with this and the subtlety of the OP's argument. There is clearly a problem, there are clearly many contributors, I have personally seen The OP situation play out with my female friends/colleagues in STEM (and other "high power" sectors). This does NOT discount that sexism still is a problem nor that there may be cultural/societal norms that influence the family planning issue.

It's a complicated issue, it needs to be tackled on many fronts. As men in the field we should advocate for those things Karen recommends, namely flexible hours, obscenely convenient high quality childcare, and other supports to make a career not the death of family.

Even if you disagree that there's a problem here (and I think you're wrong) how would these changes cause harm? Wouldn't it just be a better world if people were less stressed by these things?

barry-cotter(778) 4 days ago [-]

> In law, some firms have been experimenting with a blurring of the boundaries between associate and partner, so that there's a middle level at which women can enter into motherhood without tanking their career chances.

Of counsel[1] isn't an intermediate rank, it's a recognition that you're almost certain never to make partner but that you're capable of working with close to zero supervision. Non-equity partners[2] are closer, given that in some firms at least they get both a voice and a vote on firm wide decisions.

In academia the equivalent to Of Counsel is probably either a post doc or a Visiting Assistant Professor, both of which are contingent positions, like being Of Counsel. The closest to non equity partner is tenure track teaching faculty, often called lecturers in the US, or maybe staff scientist, which is more or less being a post doc with job security.

These positions already exist but post docs, adjunct faculty and grad students are cheaper, so they're comparatively rare.

[1] https://en.wikipedia.org/wiki/Of_counsel

[2] https://en.wikipedia.org/wiki/Partner_(business_rank)

In law firms, partners are primarily those senior lawyers who are responsible for generating the firm's revenue. The standards for equity partnership vary from firm to firm. Many law firms have a 'two-tiered' partnership structure, in which some partners are designated as 'salaried partners' or 'non-equity' partners, and are allowed to use the 'partner' title but do not share in profits. This position is often given to lawyers on track to become equity partners so that they can more easily generate business; it is typically a 'probationary' status for associates (or former equity partners, who do not generate enough revenue to maintain equity partner status). The distinction between equity and non-equity partners is often internal to the firm and not disclosed to clients, although a typical equity partner could be compensated three times as much as a non-equity partner billing at the same hourly rate.

azangru(10000) 4 days ago [-]

Not related to the thesis of the post, but this:

> And yet, if you ask leading women researchers like Nobel Laureate in Physics 2018, Professor Donna Strickland, or Canada Research Chair in Advanced Functional Materials (Chemistry), Professor Eugenia Kumacheva, they say that sexism was not a barrier in their careers.

— is such a bizarre argument to make. How can one conclude anything about sexism by asking leading women researchers whether whether it has been a barrier in their careers. The very fact that they've achieved leading positions says that it wasn't; it says absolutely nothing of whether it was for those who have left.

_(I am not claiming anything about sexism; I was simply mystified by this paragraph)_

yellowbeard(10000) 4 days ago [-]

Good point, this seems like a case of survivorship bias. However, I think it does seem to show some sort of upper bound on the level and pervasiveness of sexism? That it's at least _possible_ for women to achieve at the highest level in these fields means sexism didn't stop everyone.

YeGoblynQueenne(300) 4 days ago [-]

I find this a bit pointless- Scott Aaronson has his views that are not the views of a sizeable majority of women in STEM, who find that their career progression is hindered by institutionalised sexism. At some point Aaronson finds or receives a dissenting opinion from a woman in STEM. He publishes it, with a preface suggesting that _this_ is the _real_ view of a majority of women in STEM (the opinion 'dovetails with what I've heard from many other women in STEM fields, including my wife Dana').

Fair enough- but how often has Aaronson published, or publicised, an opinion from a woman who disagrees with his view? Er. Not often. Probably because he disagrees with them and so will tend to find that they do not marshal 'data, logic, and [their] own experience in support of an insight that strikes me as true and important and underappreciated'.

So what have we learned from the fact that Scott Aaronson has published this opinion on his blog? Absolutely nothing. We knew his opinion, he still has the same opinion. We know there are other people, including women in STEM, that have the same opinion as Scott Aaronson. Here is one of them and her opinion. We have learned nothing new.

This is just preaching to the converted.

mech1234(10000) 4 days ago [-]

Your judgement of the article was nearly entirely informed by who wrote it rather than its contents. That's a good way to continue a culture war, not a good way to discover the truth.

I implore you to consider the well-founded facts on both sides, not to claim this piece has absolutely nothing worth saying.

insickness(10000) 4 days ago [-]

See: Ad hominem (Latin for 'to the person'), short for argumentum ad hominem, typically refers to a fallacious argumentative strategy whereby genuine discussion of the topic at hand is avoided by instead attacking the character, motive, or other attribute of the person making the argument, or persons associated with the argument, rather than attacking the substance of the argument itself.

https://en.wikipedia.org/wiki/Ad_hominem

lidHanteyk(10000) 4 days ago [-]

I agree, to the point where I wish that we'd just talk about the original article instead of this repost, instead. Maybe the URL could be changed to [0]?

[0] https://medium.com/@kjmorenz/is-it-really-just-sexism-an-alt...

Konnstann(10000) 4 days ago [-]

The original essay linked combats the institutional sexism claim with data that suggests the number of women who claim to have experiences sexism is on par with non-STEM career choices, but the exit from STEM vastly exceeds that of other fields.

pegasus(10000) 4 days ago [-]

It's not just about whether an opinion is for or against, but about the actual arguments brought to the table.

HammockWarrior(10000) 4 days ago [-]

Seems like much of the problem could be solved by just having the working world chill the f' out for women and for men. For example, a 32 hour workweek along with generous paid parental leaves. Everyone should have time for a life outside of work, not just women of childbearing age.

Also, The whole idea of having young people work like dogs in order to have a shot at making partner, or gaining tenure, or gaining a medical degree is both outdated and ageist.

barry-cotter(778) 4 days ago [-]

Shorter workweeks would unavoidably lead to lower economic growth. People get better at things the the more they do them and the more hours they work the more they get done. The marginal value of an extra hour worked only turns negative around 60 hours.

No one is forcing people to work that hard to gain money and social status. They do it to themselves.

hinkley(4237) 4 days ago [-]

Why does the medical profession think 16-24 hour shifts are okay? I really hate hazing, and it just stinks if it.

RonanTheGrey(3854) 3 days ago [-]

> Also, The whole idea of having young people work like dogs in order to have a shot at making partner, or gaining tenure, or gaining a medical degree is both outdated and ageist.

You can't dictate this though. Say you have a well-run engineering team where everyone spends exactly 40 hours a week and only 40 hours a week on their jobs. And everyone does this.

You hire one new person who just LOVES THEIR WORK and they work 80 hours a week. Their output is through the roof, they get recognition, raises, bonuses, and promotions.

Now everyone chases them. Goodbye work/life balance for the entire team.

And before one suggests 'make it against the rules to do that', good luck seeing how long your group or business lasts with such a policy. Probably NOTHING could be worse for morale.

Even being generous and kind, you end up with that situation. So your solution must work with that tendency, not assume it out of the problem.

virtuous_signal(10000) 4 days ago [-]

32 hour workweeks might work but there will always be the issue of defection.

If a company allows employees to take unlimited leave, then worker A who avails him/herself of it, will be at a disadvantage to worker B who keeps working like a dog, when it comes time for promotions.

If company A mandates 32 hour workweeks, then they will eventually lose out to their competitor company B who mandates 40 hours (or more informally).

If country A says ALL companies must have <=32 hour workweeks, then country B, with no such law, will become more productive. And on and on. There will always be some less enlightened competitor to take advantage -- and do we really think America is ready to stop being #1?

ThrustVectoring(10000) 4 days ago [-]

There's a big tendency to ignore the price at which career success is sold. You have to give up more fulfilling and creative work, perhaps, or spend long hours in front of a screen on difficult yet boring tasks, or put in years and years of all-encompassing work in various qualification gauntlets. Not having paid the price for fame in academic STEM, I have no jealousy of the success these people have found - they have their fame, I have my free time.

I think a big issue in the study of gender differences in work is that it is much easier to quantify the salary earned than the price one must pay in order to be successful in the field. About the best you can do is compare sub-populations that have paid roughly the same price - eg, urban childless single college-educated adults. At that point, studies generally show an insignificant gender difference in wages and success.

So, why is there a gendered component to participation in high-pay/high-sacrifice fields? I've not seen any sort of hard data, so I'd have to speculate. If you made me single out a candidate for investigation, I'd have to look into the how the heterosexual dating market will asymmetrically treat career success. People respond to incentives, and dating success is one hell of an incentive.

aratakareigen(10000) 3 days ago [-]

Yeah, I'm super uninformed here, but single men's expectations of potential partners are totally the prime suspect here.

Anecdote: My uncle explicitly stated on his dating profile that he was looking for women with masters degrees who were willing to stay at home. I have no idea why he wanted that or why my dad's sister agreed, but this kind of demand is oddly common.

oefrha(4158) 4 days ago [-]

> We spend billions of dollars training women in STEM. By not making full use of their skills, if we look at only the american economy, we are wasting about $1.5 billion USD per year in economic benefits they would have produced if they stayed in STEM. So here's a business proposal: ...

With all due respect, I don't understand this call to action. Faculty position is basically a zero sum game. If more women end up as faculty, fewer men will. So, unless it costs more to train women than men, I doubt any "investment" would be saved (and that's not the point of gender equality anyway).

Btw, this maternal wall idea is nothing new. I talked to my mother about gender inequality in hiring many years ago and she was quick to point this out (didn't call it "maternal wall" though).

AlexCoventry(3842) 4 days ago [-]

I think the idea is to keep the rules of the competition basically the same, but make it feasible for more people to compete. The same number of winners might result, but hopefully they'll be more talented, because they're selected from a larger pool of competitors.

pgeorgi(4323) 4 days ago [-]

> With all due respect, I don't understand this call to action. Faculty position is basically a zero sum game. If more women end up as faculty, fewer men will. So, unless it costs more to train women than men, I doubt any "investment" would be saved

The assumption is that aptitude for these positions is roughly the same between genders, so if there's a significant imbalance, society doesn't get the best people on the given set of seats.

The later calculation is along the lines of 'society is pouring so much money both into these positions and into getting-women-into-STEM programs without reaching this supposed goal, so here's a counter-proposal to use this money more wisely'

> Btw, this maternal wall idea is nothing new.

She's quite upfront that she borrowed the term as well, so the idea can't be new. But it might be time to reiterate that point (as opposed to the popular reduction of the problem to sexism only), and since she did a good job (IMHO) to collect sources...

asdff(10000) 4 days ago [-]

faculty positions are not the only path in stem

gbrown(10000) 4 days ago [-]

Judging by what happens most times gender in tech comes up on HN, I'm sure this thread will be buckets of fun.

dang(188) 4 days ago [-]

Please don't make the thread even worse by posting unsubstantive comments about it.

It's a divisive topic, so fractiousness is not easy to avoid, but everyone should make sure they're up to date on the site guidelines before posting. They include: 'Comments should get more thoughtful and substantive, not less, as a topic gets more divisive.'

https://news.ycombinator.com/newsguidelines.html

ixtli(4039) 4 days ago [-]

> When you ask women why they left, the number one reason they cite is balancing work/life responsibilities — which as far as I can tell is a euphemism for family concerns.

At least in america women are, in this way, almost always asked to choose between their career and having children. This is asymmetrical with men's experience because whether or not they are comfortable with it, its considered normal for them to spend most of their time at work even if they have a newborn.

I'm not sure what else you'd call this status quo aside from 'sexist.' It's a systemic sexism that has deep roots in how we organize the aesthetics of our society.

watwut(10000) 4 days ago [-]

Can confirm that I know multiple women who work less then they imagined for themselves or want to, cause their husbands basically finds it more fun to be in work and cant be arsed to go home.

Their resentment is quite real. Their actions looks like choice, until they trust you well enough to vent to you.

allovernow(4323) 4 days ago [-]

>It's a systemic sexism that has deep roots in how we organize the aesthetics of our society

Or it's a systematic sexism that has deep roots in human biology and thousands of generations of sexually dimorphic specialization, and I can't believe we've successfully convinced multiple generations of westerners now to pretend that men and women are equally suited for all roles, including child rearing.

Now we need an article which takes an honest look at the possibility that gender imbalance in STEM (and other fields) is at least partly a result of similar specialization for cognitive tasks, where researchers like the author of the article are closer to extremes of an ability distribution. But I'm relieved to see a take that questions the tired, pervasive assumption that STEM is simply not welcoming to women because old white men are sexist.

manfredo(10000) 4 days ago [-]

This frames the decision to dedicate more time towards childcare than work as a something thrust onto women by societal expectation when women would rather work. Studies indicate that only 20% of women would prefer to work full time after having a child, with the rest preferring part time work or staying at home with the children. Furthermore, 70% of women with children that are currently working full time responded that they would rather be working part time or not at all [1]. By comparison the majority of men indicate that they would rather work full time.

Women and men both have to choose between their careers and spending more time with children, and their choices reflect their preferences. One can make the argument that this is indirect sexism - that women's preferences stem from sexist social influence. But the fact remains: most women don't want to work full time, and the lower rates of women working full time after having children is reflective of women's preferences.

1. https://www.pewresearch.org/wp-content/uploads/sites/3/2010/...

tus88(10000) 4 days ago [-]

> women leave the field at a rate 3 to 4 times greater than men, and in particular, if they do not obtain a faculty position quickly

Wait what....you mean by STEM you just meant academia?

cpitman(4041) 4 days ago [-]

Exactly my confusion with this article. I have multiple female friends who have earned doctorates in STEM who have either left or are planning on leaving academia to go to industry. However, they are still all going into STEM jobs!

So maybe the problem is that industry STEM is offering an overall better benefits package than academia? We're seeing the same thing in fields like AI, where academia can't retain top talent.

fiftyfifty(10000) 4 days ago [-]

Yeah it's unfortunate that the author of this article uses the term STEM over and over again and is really only talking about the S. I wounder if the issues mentioned here are as common in private industry for women in the TEM fields? It seems like at least some companies are far more generous with things like maternity leave than what you might find in academia.

trynewideas(4331) 4 days ago [-]

This is a good model for why women capable of or wanting to have children leave but won't do much to explain anything to women aren't capable of having children, or who don't want children, and still can't break past middle management into product/exec/C-suite roles over younger, less qualified men.

deyouz(10000) 4 days ago [-]

This! Not all women want children/can have children/are straight.

lonelappde(10000) 4 days ago [-]

The author seems to ignore the fact that plenty of women do work while pregnant and have children and go back to work after a little as 3months hiring childcare.

daotoad(10000) 4 days ago [-]

You are ignoring several facts:

1. Pregnancy is very hard on women's bodies. It is not uncommon for health effects like high blood pressure, joint inflammation, and gestational diabetes to become temporarily disabling for expectant mothers. 2. Infant childcare is incredibly expensive. Even at professional levels of compensation, the expense is likely to outweigh the added income from continuing to work. Costs drop significantly once children are potty trained, but remain quite high. 3. Three months of paid maternal leave is very rare. Even with saved time off, taking large amounts of unpaid leave is hard on a family. 4. Breast feeding a child while working full days requires a huge amount of work, above and beyond the exhausting labor involved in having a new baby. If a nursing room is not provided, women often resort to spending a large amount of time pumping milk in the restroom. Which is uncomfortable, unsanitary, and disheartening.

Just because some women have the resources or the stark need to return to work so early does not mean it is possible or desirable for everyone.

We need to have better maternal leave and accommodations. Fathers need to step up and do more of the work. We need to have better paternal leave and accomodations. We need to support affordable child care options. We need to make the above 4 items available to everyone.

WalterBright(4242) 4 days ago [-]

Before modern times, the grandparents fulfilled much of the role of watching the kids while the moms worked. In fact, some have posited that this is why humans live long enough to be grandparents - it's an evolutionary advantage.

But in modern society, we tend to cast off our grandparents.

PeterisP(10000) 4 days ago [-]

People live longer and are expected to work outside of their homes longer. Two generations ago when my grandmother was raising my mom, her mother was not working and could and actually did much of the childcare; but my mom can't watch over my kids much because she's obviously working full time and most likely will do so until my kids are nearly adults.

This might be different for people who have kids much later; however, in modern society there IMHO still is no gap where the grandparents already can look after kids because they've retired and still can look after kids because they're physically and mentally able to do so, because most non-rich people tend to work as long as they can, and when they stop working, they themselvelves need caregivers instead of being able to be caregivers for the extended family.

kipchak(10000) 4 days ago [-]

Sometimes it can go the other way too. My Grandparents had little interest in 'babysitting' or living nearby us when we were young.

JMTQp8lwXL(10000) 4 days ago [-]

Or we move 3,000 miles away to somewhere more economically prosperous (and also, more expensive) so the grandparent's couldn't financially make it viable to come with.

All of my parents grew up and lived in the same state as their siblings. All of my siblings live in different states, and none of us live in the same state as our parents.

My siblings and I don't have any kids yet, but their family life and amount of time they spend with extended family (aunts, uncles, cousins) will look dramatically different than my experience, and it's only been ~25 or so years.

commandlinefan(10000) 4 days ago [-]

Not necessarily cast off, but we're so mobile now that we move too far away from our grandparents to be able to lean on them for childcare (my wife's parents live in a different country...)

icandoit(10000) 4 days ago [-]

I wonder how much the feeling is one-sided. I visit my grandparents more often than they visit me (even generously discounting for physical ability, income, and the one-to-many relationship).

I think the way to measure this might be grandparents moving out of state of family (think Arizona and Florida).

Obviously the stigma of aging should get the bulk of the responsibility here.

Any got any advice on how to re-norm grandparents? I'm hesitating on moving out of state during my kids early childhood.

steelframe(10000) 4 days ago [-]

When I was an engineering manager at one tech company 6 years ago, I fought like hell to get a woman who had a CS Ph.D. to join my team, and I somehow pulled that off. Her husband also had a CS degree (B.S. or M.S., not recall which) and worked for another tech company.

Every time there was a contractor that they needed to have someone at the house for, or every time their kid got sick and/or couldn't go to school, guess which of the two of them always took the time off work to handle it?

Now I had no insight into their family dynamics, and it felt it wasn't my place to pry. But over dozens of 'time off' incidents through several years, it was very clear to me that my female employee was the 'default caretaker' for anything relating to the house or the child that came up. This was despite the fact that she had a higher-paying position than what he had (based on what I can now see on levels.fyi).

nhumrich(4199) 4 days ago [-]

While you are very likely correct, your perception could also be biased. If the father took time, you wouldn't know about it. So from your point of view, it was always her, but it could have also been only half the time.

tharne(10000) 4 days ago [-]

I think the author buried the lede here. My biggest takeaway from the article is that you'd have to be an absolute sucker to work in academia given how poorly you'll be treated. Each person that puts up with this only makes the problem worse, giving at least tacit approval to the status quo. If folks were to start opting out of academia in larger numbers for jobs in private industry, schools would be forced to improve working conditions.

Unlike lower-skilled workers, the kind of person who even has the opportunity to get a PhD is also likely to have other good opportunities should they choose to take them. Academics should improve their lot and that of others by voting with their feet.

aqsalose(3374) 4 days ago [-]

Suppose I want to research a $topic, and get recognition for my research. As a recent graduate or soon-to-graduate undergrad student the traditional path to 'doing research for the public good of the mankind and personal glory as a scientist' in academia is much more salient and easy to take than in private firms.

Sure, I maybe have the mental faculties to become an engineer. Do I want do so, however? If I go to work in a firm, I need to do what the owner of the firm wants to in exchange for the monetary and other rewards. In academia, you write grant applications and research proposals for something you want to do (or to be practical, something you and you advisor agree on, but usually the opportunities are much larger than 'client wants a webshop').

And what I would be doing at a $firm? Building more applications and other products and optimized adverts of products for other people, when majority of my free time I try to avoid unnecessary apps, adverts and consumption of useless products that waste natural resources of our planet for no good reason at all?

Sure, there are some companies who offer opportunities at doing basic research, but a) getting into those jobs you need to be exceptionally exceptional (getting into a PhD program, mere 'exceptional' is enough), and b) would I really, really want to work there? I am reasonably sure that I have less ethical dilemmas if I am funded by a government or foundation to do research at a public university than getting a paycheck from $big_name_company, to produce value for $big_name_company.

theflyinghorse(10000) 4 days ago [-]

Agreed. I am completely failing to understand why anyone would willingly go into academia provided other options are available.

__jal(10000) 4 days ago [-]

> Academics should [...] vot[e] with their feet.

You do see the problem here, don't you?

zxcmx(10000) 4 days ago [-]

> If folks were to start opting out of academia in larger numbers for jobs in private industry, schools would be forced to improve working conditions.

This is exactly what is happening! (Well, the leaving, not the improving).

The argument is that men are more willing to put up with the particular nature of the poor working conditions in academia, hence women disproportionately leave.

hguant(10000) 4 days ago [-]

>My biggest takeaway from the article is that you'd have to be an absolute sucker to work in academia given how poorly you'll be treated.

Every now and then I get an overwhelming sense of guilt when I talk to/think about my friends who are engaged in academia or pursuing advanced degrees (I'm 28, for reference).

The crazy workloads they have, the insane restrictions on how they can do their jobs, and the cut-throat nature of the industry means that they're working so much harder than I am, and are either doing their part to advance the grand sum of human knowledge, or are training to literally save peoples lives...and I'm sitting here, a college drop out, getting paid _way_ more than they're making, in an industry where I will never have any fears about job security, playing with networking equipment and writing about it.

AndrewKemendo(2837) 4 days ago [-]

You should also add to this that increasingly, large tech companies have access to much better data for nearly any area that is interesting for research.

Further, companies can go from research to product that ostensibly makes a difference at scale with a speed that absolutely no University could.

I'm really not seeing any reason to stay in academia whatsoever if you want to do the most exciting applied research today. Maybe if you want to do basic science or something more obscure where the applications are very far off.

Barrin92(10000) 4 days ago [-]

> My biggest takeaway from the article is that you'd have to be an absolute sucker to work in academia

The first thing I thought as well. When you read all these horror stories about burned out phd students, why is anyone doing this?

If a woman in STEM wants to combine family and work (or a man or anyone else really) there are many jobs in the industry that are actually relatively 9-5, and pay really well.

I don't understand academia at all. It sounds like a combination of paperwork, flying to conferences, endless networking, publishing papers for publishing's sake. It's like a Kafka novel.

randomsearch(4320) 3 days ago [-]

In the UK at least, there has been a huge exodus from academia, but it's not really visible. Great post docs rarely stay, because either they're enticed elsewhere by better wages and no nonsense, or they're pushed out by awful treatment.

But there are plenty of other people willing to take their place, so the only consequence is that research standards drop, which is something most of society will only notice over the very long term.

So I disagree with the idea that individuals leaving will somehow fix the problem. The real solution is to change the terrible culture imposed on academic by the people at the very top. Turning it into a business espousing KPI driven nonsense rather than a vocation. This culture began in the USA and is now widespread in the UK, and it has destroyed goodwill and IMO resulted in dramatic drops in teaching and research standards.

The solution is to scrap REF, restore direct government funding, rebalance funding from grants to departmental funds, reverse the centralisation of administration and the lop-sided admin-academic balance, remove admin workload from academics, provide proper teaching and research career tracks, and cut the number of students attending university.

This is a problem that can only be solved with intelligent thought at the top, not by people acting individually. Market forces are the problem in academia, not the solution.

nine_k(4305) 4 days ago [-]

I have no question why a reasonable person, woman or not, might stay away from academia.

I wonder why there are few women in engineering, where the conditions and the pay are so much better. I've seen a number of women in IT industry, from junior developers to CTOs, and most of them were brilliant and sharp. But they are still a minority in the field. This puzzles me.

wishinghand(10000) 3 days ago [-]

I've seen a similar article and they had a more provocative headline: There aren't as many women in STEM academia because they're too smart.

mywittyname(