Marak... get it together!

[JoernBerkefeld]

whatever your problems are, when you opted into the open-source community, just like the rest of us, you opted into unpaid work. if you only did that to get a job then that's a good reason. but to f* up thousands of projects around the world because your plans didn't work out is... inexcusable.

hope they lock all your accounts and restore the previous versions on npm without granting you a chance to mess with people any further

[ivanstan]

Clearly software license says THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, so if you don't like the new feature, please write a library of your own

FREEDOM 🇺🇸 FREEDOM 🇺🇸 FREEDOM 🇺🇸

[maximegmd]

but to f* up thousands of projects around the world because your plans didn't work out is... inexcusable.

Don't rely on people working for free if you can't take this risk. You expect premium support from someone who is basically generating money for big corporations with no compensation. This is the inexcusable part, not this guy protesting the way open-source software are being abused to generate stupid amounts of money.

hope they lock all your accounts and restore the previous versions on npm without granting you a chance to mess with people any further

You can voice your opinion on this once you contribute to the open-source ecosystem as much as this guy, why would anyone care about the opinion of leeches?

[bartvanandel]

Don't rely on people working for free if you can't take this risk. You expect premium support from someone who is basically generating money for big corporations with no compensation. This is the inexcusable part, not this guy protesting the way open-source software are being abused to generate stupid amounts of money.

We are not a big corporation. This is a dick move. I'd like to contribute by undoing this stupid change, but I don't expect things will move this smoothly.

[maximegmd]

We are not a big corporation. This is a dick move. I'd like to contribute by undoing this stupid change, but I don't expect things will move this smoothly.

You, like many others, got caught in a war that should not concern you, it sucks I understand, but as an individual you should be able to empathize with the author (and many others) being taken advantage of.

[ivanstan]

lol. go play with lego you child.

Ah, ad hominem. How great :)

[bartvanandel]

We are not a big corporation. This is a dick move. I'd like to contribute by undoing this stupid change, but I don't expect things will move this smoothly.

You, like many others, got caught in a war that should not concern you, it sucks I understand, but as an individual you should be able to empathize with the author (and many others) being taken advantage of.

He could have stopped after adding the flag. Or maybe some message, which would end up in all logs that use this package in some way. That I'd have understood. Introducing an endless loop which BREAKS every package that relies on this one I do NOT understand.

[JoernBerkefeld]

too many people are unsatisfied and like to see the world burn... protest is ok. destruction is not. this indeed was a dick move.

the people here arguing about warranty are just as childish and either troll the discussion or are too dumb to understand the issue.

[RIAEvangelist]

people should learn to do simple things or rely on stable solutions.

I now use nozaki-colors https://github.com/RIAEvangelist/nozaki-colors

[TheFern2]

people should learn to do simple things or rely on stable solutions.

I now use nozaki-colors https://github.com/RIAEvangelist/nozaki-colors

Yeah more and more people should just create interfaces in their code, so they can easily swap out libraries. Problem is people hard code library usages all over and are now stuck. Usually logging, configuration, and other libraries used quite often should be interfaced, not hard coded.

[TheFern2]

too many people are unsatisfied and like to see the world burn... protest is ok. destruction is not. this indeed was a dick move.

the people here arguing about warranty are just as childish and either troll the discussion or are too dumb to understand the issue.

npm install colors@1.4.0

boom, easy fix.

[RIAEvangelist]

I learned this lesson years ago.

On Mon, Jan 10, 2022, 8:58 AM Fernando B @.***> wrote:

too many people are unsatisfied and like to see the world burn... protest is ok. destruction is not. this indeed was a dick move.

the people here arguing about warranty are just as childish and either troll the discussion or are too dumb to understand the issue.

npm install @.***

boom, easy fix.

— Reply to this email directly, view it on GitHub https://github.com/Marak/colors.js/issues/301#issuecomment-1009129414, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAC2DEJXCZFSPGNNBNDZM23UVMF43ANCNFSM5LT5RWOQ . You are receiving this because you commented.Message ID: <Marak/colors. @.***>

[ThomasThelen]

@JoernBerkefeld If his changes broke something in your production environment then the issue is with your devops and you have no one to blame but yourself-so rather than acting like a drama queen crying in the color.js issues why don't you do something more productive and fix your broken dev pipeline?

People change. Even after they get into open source. We don't know what's going on in Marak's head and coming around telling him to get his shit together (as if he works for you lol) is a total lack of empathy or willingness to see where he's coming from. You clearly don't understand how to communicate your frustrations and your fighting words aren't wanted in open source. So as mentioned-go back to fixing YOUR broken system.

[JoernBerkefeld]

nope. it broke my open source project that uses other dependencies that in turn use this one. And that means that all its end-users, yes, developers, have to now upgrade their IDE. The amount of time wasted around the world because of one guy's decision is unbelievable. Almost as shocking as other people actually defending this madness.

luckily, the other package owners upgraded their dependencies to now specifically request 1.4.0... (like @TheFern2 wrote) which will work until Marak decides to delete that from npm.

telling me "my" system is broken because it relies on other open-source developers just means you don't understand the mindset behind open-source @ThomasThelen and that means you are part of the problem that Marak was so upset about. We are a community. If we don't want commercial use, we simply don't publish using MIT license or alike.

[TravkinAlex]

lol. go play with lego you child.

ey what's wrong with legos u dumbo?

[JoernBerkefeld]

nothing - loved it. just thought it's a more productive use of our time if that person plays with it. Also, what's wrong with dumbo?

[ThomasThelen]

it broke my open source project that uses other dependencies that in turn use this one

Again. You should know by now after previous incidents like this, you're not supposed to blindly upgrade your dependencies. Was it so hard opening package.json and changing one number?

We are a community

And yet here you are flaming

[bigman73]

I can understand a developer that is frustrated, burnt out or just wants to get paid for his efforts. But there's a way to exit. For example, letting all the users know that this would be the last free version and that the project is changing its open source license, shutting down or becoming fully commercial etc. Creating sabotage is absolutely incorrect, from a moral perspective. You cannot fix wrong by doing wrong to others.

[TheFern2]

I for one don't have a problem with these types of protests. It shows how broken oss system can be in several areas, dependencies, monetary, etc. The dependency tree is easy to break if your ci is constantly updating packages, which I'm pretty sure a lot of you are doing.

Big corps taking advantage is a huge problem, little guys like us just became collateral damage but we should understand the system is designed to be abused by big corps, that's the problem that needs fixing.

[JoernBerkefeld]

@ThomasThelen - if "colors" isnt in my package.json, as I just explained, then the sorry is not that simple. Are you seriously including all dependencies of your depencies in your project? I don't think so.

sooo, if you wanna take part in the discussion, get your facts straight.

[ThomasThelen]

@JoernBerkefeld Just change the version of whichever package is using it? There must have been a version that wasn't using the broken colors version? Not sure when software engineering became rocket science.

[JoernBerkefeld]

@ThomasThelen sooo, if developers of my dependencies don't use "1.4.0" but "^..." then that's also my bad? You are still on thin ice buddy

[JoernBerkefeld]

getting bored by the haters... i love open-source. and I decided consciously to publish under MIT. Let the world use it is what that means to me - and everyone else. Those of you that see a problem, don't use open source or don't use MIT. Marak, get it together.

[Protonull]

The fact that you think opting for an MIT licence obliges you into indefinite unpaid work is genuinely laughable.

[ThomasThelen]

@JoernBerkefeld Here, let someone else do your work for you. As I said. We don't know where Marak is coming from or where his headspace is. Flaming him is completely ridiculous and insensitive.

[RIAEvangelist]

Sadly this is a no win situation. @JoernBerkefeld has a point on one level, but so do the others.

This is an example of a paradox. Interesting to see, and glad @JoernBerkefeld posted his side.

I still feel Merek was within his rights but sad to see that it cascaded into other oss deps breaking other OSS users. I guess you just have to write it all from scratch if you want real reliability. I have taken this approach many times when I wanted to guarantee security of my work.

[joshmanders]

PSA: If you haven't sent any money towards @Marak for his work on Colors or Faker, please keep your trap shut on what you THINK he should do or not do.

He doesn't owe any of us anything no matter HOW BIG his open source got.

[Protonull]

I guess you just have to write it all from scratch if you want real reliability.

Nah, the project is still open source and retains its MIT licence set in 2016. If you want reliability, fork it and maintain it yourself. His demand for compensation is for him to continue spending his time maintaining the code. He hasn't pulled an Azer Koçulu so it's fine.

[bigman73]

I guess you just have to write it all from scratch if you want real reliability.

Nah, the project is still open source and retains its MIT licence set in 2016. If you want reliability, fork it and maintain it yourself. His demand for compensation is for him to continue spending his time maintaining the code. He hasn't pulled an Azer Koçulu so it's fine.

If he wants to get paid then he should ask to get paid. That is legitimate. Nobody is forcing anyone to maintain or develop open source code. But causing malicious damage, with clear intent to break users' code base by introducing endless loops, is against OSS principles and that's why he was blocked from github.

[TheFern2]

Sadly this is a no win situation. @JoernBerkefeld has a point on one level, but so do the others.

This is an example of a paradox. Interesting to see, and glad @JoernBerkefeld posted his side.

I still feel Merek was within his rights but sad to see that it cascaded into other oss deps breaking other OSS users. I guess you just have to write it all from scratch if you want real reliability. I have taken this approach many times when I wanted to guarantee security of my work.

Yup if you're using this for business, is your responsibility to secure your work. I think this was the good intention of yarn 2.0 where all packages are zipped in your project. This is what we do for any internal business projects obviously it isn't always optimal but is the only way to ensure package integrity once something is QA/QCed, one simple rule CYA.

[rossdc02]

@Marak is a stain on the OSS community, and I'm happy he will never be able to use these successful projects in his resume going forward. There are great opportunities for other developers to fork this project and carry if forward, would definitely be a good learning experience/resume builder. For the folks that take issue with what @Marak did shows that you have character and strong morals.

[TheFern2]

@Marak is a stain on the OSS community, and I'm happy he will never be able to use these successful projects in his resume going forward. There are great opportunities for other developers to fork this project and carry if forward, would definitely be a good learning experience/resume builder. For the folks that take issue with what @Marak did shows that you have character and strong morals.

says the person with zero contributions to OSS in nearly 10 years

[rossdc02]

@Marak is a stain on the OSS community, and I'm happy he will never be able to use these successful projects in his resume going forward. There are great opportunities for other developers to fork this project and carry if forward, would definitely be a good learning experience/resume builder. For the folks that take issue with what @Marak did shows that you have character and strong morals.

says the person with zero contributions to OSS in nearly 10 years

So you think that one must be a contributor to understand what an unprofessional move this was? We all write reusable code in ways that prevent ourselves and others from reinventing the wheel, and in a way, I share reusable code every day at the company I work through good documentation and quality code. just because it is a private repo doesn't mean I don't share, in fact, I can't. I care more about helping others than myself, that's the difference.

[TheFern2]

@Marak is a stain on the OSS community, and I'm happy he will never be able to use these successful projects in his resume going forward. There are great opportunities for other developers to fork this project and carry if forward, would definitely be a good learning experience/resume builder. For the folks that take issue with what @Marak did shows that you have character and strong morals.

says the person with zero contributions to OSS in nearly 10 years

So you think that one must be a contributor to understand what an unprofessional move this was? We all write reusable code in ways that prevent ourselves and others from reinventing the wheel, and in a way, I share reusable code every day at the company I work through good documentation and quality code. just because it is a private repo doesn't mean I don't share, in fact, I can't. I care more about helping others than myself, that's the difference.

Well sharing internal is cool, but that not OSS bud. You're not helping anyone in the OSS by doing clean code internally. Whether I think this move was unethical or not, it isn't for me or us to judge the owner of the repo. Focus on the issue at hand, more and more owners are burned out with zero pay while big corps take advantage of free oss and they bank millions/billions. Obviously most of the licensing models are setup that way, so personally I think it needs protesting, none of us would be here having this discussion if the package was working fine.

[ThomasThelen]

I care more about helping others than myself, that's the difference.

You get paid. That's the difference. I'm still amazed at this community. Here we have a developer that's making references to a software engineer that committed suicide, is bringing up conspiracy theories, is under enormous pressure from legal issues, is feeling & venting financial frustrations, and lashing out using one of the only ways he can. And half the community and corporate bootlickers using his tools don't even think twice at the stress or mental state he might be in and immediately put him in front of the firing squad. And here you are calling him a stain.

[TheFern2]

He's only calling him a stain because he/she is using a burner account.

[Protonull]

I guess you just have to write it all from scratch if you want real reliability.

Nah, the project is still open source and retains its MIT licence set in 2016. If you want reliability, fork it and maintain it yourself. His demand for compensation is for him to continue spending his time maintaining the code. He hasn't pulled an Azer Koçulu so it's fine.

Would like to formally retract this. I was only considering this repo after seeing a relevant screenshot yesterday as well as hearing that apparently a third-party contributor submitted a PR that cause an infinite loop that he had to fix. I felt sympathetic. That screenshot however is clearly not from this repo given the issue number and one of his other projects faker.js has clearly been deliberately sabotaged with even the git-history removed. It would not surprise me if he attempted to remove the repos from Github and the modules from NPM, which is a fairly settled problem now given the Azer Koçulu debacle.

If all he did was keep to the ultimatum in the screenshot: a Github issue explaining that anyone who wants active maintenance should either pay him or do it themselves (a reasonable stance and not incompatible with open source), it would be fine, and that's what I was ignorantly arguing on.. but instead he chose to actively sabotage his own projects, presumably to make a point, completely torpedoing his reputation.

Luckily there's still older versions of his projects that can be used which were released under an MIT licence, so there's probably not that much damage done overall.

[ghost]

[amoscatelli]

As an os developer I say this is unbelievely stupid

[amoscatelli]

Also, I guess Marak paid nodejs/npm team to use their free software and create this library

[ThomasThelen]

As an os developer I say this is unbelievely stupid

Oh, did someone ask for your opinion? Maybe I'm confused as to why you're commenting.

Also, I guess Marak paid nodejs/npm team to use their free software and create this library

No - but he didn't bitch, moan, and complain about the service he was getting for free. As an "OS developer" you should recognize your statement is a complete strawman argument. Comparing nodejs to a library like this... You're a joke

[amoscatelli]

As an os developer I say this is unbelievely stupid

Oh, did someone ask for your opinion? Maybe I'm confused as to why you're commenting.

Also, I guess Marak paid nodejs/npm team to use their free software and create this library

No - but he didn't bitch, moan, and complain about the service he was getting for free. As an "OS developer" you should recognize your statement is a complete strawman argument. Comparing nodejs to a library like this... You're a joke

Nobody asked, I commented because I wanted to, I don't think anybody else commenting here asked for permission. So this argument of yours makes no sense.

I am not bitching, I solved the issue on my own. I am just stating this is stupid. So another argument of yours make no sense again.

If you don't understand why using os software without paying to create os software and demanding to be paid is hypocrisy well ... that's a problem of yours.

You are the joke to me dude.

[ThomasThelen]

I solved the issue on my own

Ooo wow look at you putting your adult pants on and telling the world. Good on you.

If you don't understand why using os software without paying to create os software and demanding to be paid is hypocrisy well ... that's a problem of yours.

If you're not able to distinguish between large corporate funded open source projects (ie pytorch) and home grown projects like this one-you have some serious work to do and shouldn't be joining threads making claims that you're an "os developer", as if it has any weight. npm raised 10 mil and is owned by GitHub (Microsoft). So figure out another analogy because yours makes absolutely no sense.

edit: https://openjsf.org/blog/2022/09/08/capital-one-joins-openjs-foundation/ Tell me again how node.js doesn't get any funding, and why anybody that uses it doesn't deserve to get paid. The fact you blundered nodejs and npm says enough about your opinion. For all the other people who had things break I'll say it again.

Next! Any other nerds want to talk about their broken devops and try bashing a developer that had a mental breakdown and protested a piece of developer culture? Go back to whatever shite bootcamp you came from (looking at you barfvanandel) and learn how to properly manage your codebase.

[joshmanders]

@amoscatelli nobody cares, bugger off.

[turbo5]

Maybe these kind of comments are the reason why he quit? Congrats.