So the developer already had left the company but one of his own Open Source code hosted on his personal github was used in production by Chef Customers ? Really ? That is just Wow. I don't have any strong opinions on whether he did the right thing but this absolutely surprises me. Running a small company, I am very strict against any of us using any personal accounts for anything that impacts our company work especially production. This has to be a no no by default I would assume.
https://www.theregister.co.uk/2016/03/23/npm_left_pad_chaos/
I’m put off by the statement: “I want to be clear that this decision is not about contract value—it is about maintaining a consistent and fair business approach in these volatile times,” he wrote. “I do not believe that it is appropriate, practical, or within our mission to examine specific government projects with the purpose of selecting which U.S. agencies we should or should not do business.”
I hear about practicality all the time at my office and sometimes it’s real and sometimes it’s laziness. This sounds like a little of both but also profit motivated (not saying that’s wrong for a for-profit company).
Interested in your options on code of ethics and the above.
If you think that ICE is so uniquely bad that they specifically need to be boycotted, that makes sense. Without inviting any debate on whether it's true, it's a consistent position that can be reasonably applied.
But if we ignore the meaningfulness or truthfulness of the statement, let's take two hypothetical societies. In one society people agree to cooperate and trade with others when there's a mutual self interest, even if they happen to despise their partner otherwise. In the other society, people engage in a substantial degree of scrutiny and only trade and cooperate with others whom they are meaningfully aligned with. Which society do you think would have the better outcomes for whichever metrics you might imagine? I'd start with economic/technological progress, war vs peace, tribal vs unified (not to say homogeneous) society, etc.
I think there is a clear answer to my hypothetical, but perhaps people see things differently. I'd be quite curious to know how.
Humans have to make moral choices about where they personally draw the line and where they draw the boundary. Around the organisation that falsely imprisons Americans and runs concentration camps seems like a starting point.
Those numbers seem very low. Is this just for one year or one contract?
Any large organization has many people with the authority to spend money, and each one of those transactions will be supported by a contract.
The contracts are generally for specific products or services, for a specific time. High-level agencies have a great deal of autonomy and also get to pull their needs out of their own budgets. Lower-level elements within an agency (a NASA center, for example) can also have more or less autonomy.
It seems more effective to donate $2,800 to pick-a-democrat. Or Mark Sanford.
I think leaving a job is a better protest than doing damage to your employer. And perhaps for his next contract, he might insert a clause limiting what his code can be used for. In limiting the utility of the code he sells, I expect he'd be taking a lesser pay rate for it.
I haven't read many OSS licenses. Can't someone just publish an 'unethical' fork and life goes on?
Chef now has the repo ‘forked’ in to their GitHub account: https://github.com/chef/chef-sugar
I never received money from the code in question, but I’m still doing my personal best to offset impact.
You either don't protest or you're very bad at it
edit: Looks like they were public gems, but in general it's always good advice to consult a lawyer before disrupting commercial or public systems.
Good way of making sure no one ever contributes to FOSS again.
I agree that keeping children in cages is not good, but there are solutions. If ice had a bigger budget maybe it could have more beds, larger cells, better food. I don't see how removing enforcement is a solution.
Come on, man.
I suspected a small percentage of people with a hard, runtime dependency would be impacted, but I did not know Chef (the software) had a hard runtime dependency and was pulling that dependency from public RubyGems instead of a mirror they control.
We all have this responsibility to place nonviolence above profit.
To establish criminality or liability intent is often looked at, and this is a pretty clear-cut intent to injure the other party.
I never saw anyone talking about "cages" until about a year or so ago. It seems the alternative of better accommodation isn't what people are demanding here, but rather, giving children a waiver to break any and all laws. If you want to see children being forced or recruited into cartels in record numbers, making them immune from any kind of border enforcement is a surefire way to do it!
First, always minimize runtime dependencies. I personally prefer compiled things for this very reason.
Second, if you’re going to include a third party dependency, how are you auditing it? There’s an unexplored area around security here too. The Node.js ecosystem has had a series of incidents where popular packages have had cryptocurrency miners injected into otherwise helpful packages. If you’re depending on third party runtime dependencies: how are you auditing changes and contributions, how are you scanning for vulnerabilities, how are you patching those vulnerabilities if you don’t have an internal fork upon which you build?
Third, RubyGems is a volunteer-run organization. I believe other software ecosystems are similar. From my understanding of the situation, a RubyGems outage would have had similar effect.
If you thought the Windows division of Microsoft was acting extremely unethically would you still do business with the XBox division? It’s one CEO and one board that runs both.
That’s fundamentally not true. Appropriations and appointments are not the same as “making decisions”, but even if they were, the judiciary still exists.
(Having a misanthropic moment here.)
The net impact is zero.
Make working with ICE a toxic asset. Make people not proud of working for ICE contractors.
>Make working with ICE a toxic asset. Make people not proud of working for ICE contractors.
This kind of activism in tech leads no where good. It will lead to witch hunts, more "cancel culture" purity spirals, and generally shit software used for critical functions of our government.
> All rights granted under this License are granted for the term of copyright on the Program, and are irrevocable provided the stated conditions are met. This License explicitly affirms your unlimited permission to run the unmodified Program.
Other licenses have similar clauses and a short list of requirements which must be met. Since the relevant groups, agencies, etc were (and presumably are) meeting the requirements, there's no grounds to revoke the license.
iirc, the Open Source Initiative stated that any claims/requirements limiting who could use the software or where they could use it would not meet the definition of "open source."
> The Software shall be used for Good, not Evil.
IBM requested, and received, an exemption...
> I give permission for IBM, its customers, partners, and minions, to use JSLint for evil.
which apparently pleased their lawyers.
The zeroth freedom is the freedom to use the software for any purpose whatsoever. That inherently must include purposes which the author finds unethical, even abhorrent.
But forking with the intention of helping people run concentration camps and changing the authorship of the commits? Doesn’t fit into my model of ethics.