Looking at the police report, I do wonder what the punishment would be in other countries. It seems the victims were laying drunk on the ground in dark clothing at top a hill (edit: hill not mentioned in police report, but seems logical given the headlight statement), causing the headlight beams to not illuminate them. On top of that, incoming traffic blinded the driver.
This is of course according to his testimony, but I can't imagine I (or anyone else) would have been able to avoid such a situation.
Edit with source:
Citing the actual circumstances of the accident, he emphasizes that he could not notice the pedestrians in a timely manner, as they were below the light level of the headlights of the vehicle(R.G. - lay, P.A. - tried to lift it), were dressed in dark clothes, street lighting was insufficient, he(Pushkarev D.V.)was blinded by the distant light of the oncoming car. Further, the author discloses the contents of the testimony of witnesses A.A., A.Y., A.M., I.K., A.S.,focuses on the behavior of victims at a pedestrian crossing, which contradicted the requirements of p.4.6 of the Rules of the Road of the Russian Federation. It notes that the victims were in a state of alcoholic intoxication, behaved inadequately. It points out that p.14.1 traffic rules of the Russian Federation provides for the duty of the driver to pass pedestrians crossing the roadway, and not lying on it. He insists that he would have noticed the victims and was able to prevent the attack if they were moving on the crossing upright.
The following is case assured me that the justice system in Germany is good and just:
A child was fatally hit by a truck at a tram station after another child pushed them. The truck driver tested positive for pot and was ultimately acquitted because the court concluded that even if the driver had been perfectly fit for driving, the accident would have been unavoidable.
I can not remember but I am certain that the driver had to face additional charges for driving under influence but this is another thing.
Having read the facts appeal case you linked to it does not seem unreasonable (colliding with pedestrians on a marked and signed road crossing, travelling at >30mph). In the U.K. there is definitely an expectation that you slow down before a crossing.
In this case the court applied the minimum sentence and appeal rejected the victims’s side request for a harsher sentence.
The facts in the appeal case list many factors, some of which are not in favour of the driver (one pedestrian was trying to pick up the other so they were unlikely to have been lying down on the road and oncoming vehicles were flashing lights as a warning).
One could go to prison for this in USA, but only if the local police and prosecutors already hated one's guts for other reasons. In most cases a drunk pedestrian would be considered less sympathetic than a sober driver. Yes it is a pretty shabby "justice" when sympathies rather than facts determine verdicts.
Honestly I could see that happening to me. Some cars have lights that make it hard to see clearly on my side of the road. I wish car windshields could shield your eyes from lights too bright or something. Especially now that cars have these bright LED lights depending on the angle they are as bad as high beams when they pierce your eyes.
I kinda hate driving at night. People can barely keep from getting into accidents in broad daylight imagine at night time.
After reading the whole translation linked in the GitHub issue, and being a father of 6 kids who love to make me practice being a judge every day as if I have nothing better to do, I’m convinced the judgment is reasonable. Even in our tiny library parking lot, I very often see people driving unreasonably fast between all the parked cars and the library door, often within a foot of the cars. Even if they are driving within the speed limit, there are constantly people coming out from between cars in a way that they can’t be detected by cars ahead of time, especially young children who don’t have the life experience to know to come out slower. It’s unquestionably dangerous to drive like that, yet I see it almost every single day. One of these days someone is going to get hurt. And in this case it looks like the same circumstances: a bit of reasonable cautiousness could have possibly prevented the driver from not seeing the people apparently laying on the crosswalk. Unless the driver followed every single procedure of the road perfectly, they are at fault to at least some degree. And someone is dead. It’s just a generally awful situation all around and nobody wins.
a. He was driving a motorcycle and
b. One of the victims was not lying on the road, but instead standing and trying to pull up the other (or so I've read)
I haven't read the full coverage, but it does appear it occurred at a pedestrian crossing, and there doesn't appear to be any dispute that it was properly signposted.
Most countries require greater care at pedestrian crossings.
Some background: CoreJS is a widely used JavaScript library, apparently used for polyfilling by Babel. The author was previously know for asking for a job in npm install logs (https://github.com/zloirock/core-js/issues/548), and recently seems to have gone to jail for vehicular manslaughter, leaving the project without a maintainer.
Evidently, it was his legal problems that provoked the job request and console ads, so I'm sympathetic. And based on the description above, it's highly unlikely that he would have been charged in most countries. The person who died was lying on the road at night, in dark clothes, intoxicated. Sympathy to her family, but that would count as an exculpating circumstance in most Western countries, I'm fairly sure.
I sure as hell that I'd do whatever I could legally to avoid going to a Russian (or American) prison, if what I'd done was an accident and of very doubtful criminality from the perspective of most countries. Wouldn't you?
Now he'll be stuck in a Russian prison for 2 years because of a tragic accident in which he was arguably not that negligent.
Edit: All of this is based on the facts as I have been able to find them online. I may be wrong in my interpretation.
Jesus npm is a cancerous dumpster fire. Guy must have been a saint to continue maintaining the project in spite of all of entitled "developers" using his package and scolding him for DARING TO ASK FOR A DIME.
Actually, while I think npm is the worst example, I am of the opinion that this is the largest issue facing OSS today.
Companies using lots of OSS packages without ever giving back a dime. The argument is always that this helps developers get a job, but often enough the jobs don't allow the developers to work full time on those packages, but they are still somehow expected to continue the work in their past-time.
The guy posted the results of his call for funding, he got to $50 a month on patreon! For maintaining a package that likely 100s or 1000s of companies depend on for the work.
In bus factor (https://en.wikipedia.org/wiki/Bus_factor) considerations, I guess I’ve never considered that legal matters can take the driver out of commission as well as the person hit by the bus!
The entitlement in that thread is mind blowing. A lot of people who are complaining about there being only a single maintainer, seem to have no open source contribution history on github. If the project is important to so many people, they sure didn't show it by donating to the maintainer. Saying XYZ project is important to me, and there should be some js foundation taking care of it, (implicitly also saying I have zero intention of making any effort) sounds too hard to believe unless you see this in real life.
As Joe Biden said:
"Don't tell me what you value, show me your budget, and I'll tell you what you value."
This really reminds me of most my interactions with the JS community. I'm sure not everyone is that way.
Whenever my projects use FOSS I always remind them exactly what a 'dependency' is. You should know and understand your dependencies and risks associated with relying on them.
You need to be willing to lock-in to a version if need be or replace it entirely. Some developers I work with that throw together one-off web applications tend to inject dozens (sometimes hundreds) of dependencies (which they like to dynamically pull from latest builds) into their projects, enough to make me dizzy looking through the list.
Typically development starts, they meet some initial goal and keep gluing more and more packages together to meet some goal/desired functionality. Then something breaks and they conveniently have other internal work that has to take priority, leaving a broken application they don't want to deal with for someone else to fix because they know it's an absolute mess they created. Rinse repeat.
Now you've established an expectation of functionality you have no clue how to maintain and did not clearly explain that to your client when you took shortcuts to glue everything together.
Seems really sheepish to bother the guy in jail over this.
Also, publish creds aren't the problem. The problem seems to be that nobody else really wants to maintain it including anyone at Babel, core-js' biggest user afaict.
If nobody steps up, it should just be a reminder of how flimsy open-source can be when there are so many bus-factor-of-one nodes out there that we depend on. It's a pretty big downside of depending on the hobbytime charity of random people, especially when we (or github comment culture) are so hostile when anyone dares to seek a penny.
You could write a library that every fortune 500 company uses to save a cumulative hundreds of thousands of dollars in employee-hours over the library's lifetime, but you're the asshole if you use your library's popularity to seek work or donations. People will come out of the woodwork to scold you.
Not if the credentials are in a password manager. Will I divulge my master password just so that someone else could maintain a project that I can’t? The most likely answer is no.
Considering he's sitting in prison, I'm sure he has much more pertinent things to be worrying about.
Add to that the fact that when he reached out to the community he worked hard (for free) to support, and they told him to basically FO, I doubt he's going to spend even a microsecond trying to be helpful in this situation.
That’s why forking it’s a thing. It’s certainly inconvenient but transferring the access of the original project to another party sets a very bad precedent. Maybe when the maintainer dies, but this guy is very much alive.
It is his work and he chose to give it freely to others through an OSS license. That doesn’t automatically grant anybody access to the original project. If somebody wants and needs to keep updating it then they should just fork it.
The left-pad issue is also different because in that case the original maintainer took it down which broke a bunch of packages that had dependencies on it.
This project is still in the registry and it will still work as it is for the foreseeable future.
The project still exists. It's just unmaintained and needs new leadership. This is something almost every long lived project or company will go through.
Would you want all packages you're responsible for being taken over by whomever happens to be NPM's preferred forker in the event of your getting into legal troubles? I'd be strongly against that.
This should be handled the way any other fork happens: people create forks, other people audit them for stability and choose which to update their dependencies to. This isn't up to NPM to decide.
Finding a vulnerability in core-js which would highlight it in `npm audit` and then making a fork which fixes such vulnerability is much more ideomatic imho.
It's probably a better idea for individual depending projects (all 19k of them!) to evaluate their own use of this module. They may issue new versions with new dependencies, or they may not. It's not as if this code will start killing puppies just because the maintainer is unavailable.
I would imagine a better answer is for someone else in the community with familiarity on the project to create a semi-official fork.
Perhaps a less destructive change that someone with access (Github, NPM, Microsoft, etc.) could make, is to link to the new project from the readme.
Eventually when something breaks, this could be surfaced as an `npm audit` response (Core-js is no longer maintained. Switch to core-js-fork to resolve issue xyz).
Not a great precedent, is rather have them forcefully depreciate the package, eventually, suggest a few alternatives in the error log, and let the user decide.
He will be able to maintain the repo. From the sentence [0] you can see that he is sentenced to spend his term in an open prison [1] (Russian колония-поселение)
It means he will be able to have internet access without any problems.
What if the person lying on the road survived and the person driving the motorbike died. Would the person lying on the road be charged for manslaughter? And if yes, how is this situation different to shift the blame from one person to another.
The court determined that in this case (on a marked pedestrian crossing where pedestrians have right of way) the bike driver broke the rules of traffic as he should have stopped before the crossing; and it did not determine that the pedestrians broke the rules of traffic.
So if the person lying on the road survived and the person driving the motorbike died, then it's plausible that the person lying on the road would be charged for manslaughter in order to determine the situation (I believe that in case of fatal traffic incidents involving more than one party, in Russia almost always a criminal investigation is opened) but would be found not guilty.
At least in US there's a pedestrian's duty of care that's involved in determinations like this. A pedestrian could be found guilty of negligence and the burden shifts to them partially or in full depending on the state and the exact circumstances. Examples could include intentionally running into traffic, attempting to disrupt traffic, or even things like ignoring walk signals. However, in the last case it's unlikely that would relieve a driver of their duty of care as they'd still be in a crosswalk, it would just usually reduce the portion of their liability and move some onto the pedestrian... in some places (like NY). That type of scenario probably would have played out in this case for the states that have compensatory systems, but I'm really not 100% sure once it involves death.
I think even Russia has this situation covered if you can prove on a camera that someone intentionally jumped out in front of you. It's just way less open to interpretation by the court.
Don't panic! No need to bring out the towel, the dolphins aren't leaving just yet. Someone else has access to this repo and stated that security fixes will be maintained.
The CoreJS author blocked me and many other people on github for simply making a suggestion to tone down the "looking for a good job" npm install logs because it'll invoke other people to try the same thing which would result in unnecessary log pollution. It seemed like strange behavior for someone maintaining a very popular community driven project.
[+] [-] jakear|6 years ago|reply
Looking at the police report, I do wonder what the punishment would be in other countries. It seems the victims were laying drunk on the ground in dark clothing at top a hill (edit: hill not mentioned in police report, but seems logical given the headlight statement), causing the headlight beams to not illuminate them. On top of that, incoming traffic blinded the driver.
This is of course according to his testimony, but I can't imagine I (or anyone else) would have been able to avoid such a situation.
Edit with source:
Citing the actual circumstances of the accident, he emphasizes that he could not notice the pedestrians in a timely manner, as they were below the light level of the headlights of the vehicle(R.G. - lay, P.A. - tried to lift it), were dressed in dark clothes, street lighting was insufficient, he(Pushkarev D.V.)was blinded by the distant light of the oncoming car. Further, the author discloses the contents of the testimony of witnesses A.A., A.Y., A.M., I.K., A.S.,focuses on the behavior of victims at a pedestrian crossing, which contradicted the requirements of p.4.6 of the Rules of the Road of the Russian Federation. It notes that the victims were in a state of alcoholic intoxication, behaved inadequately. It points out that p.14.1 traffic rules of the Russian Federation provides for the duty of the driver to pass pedestrians crossing the roadway, and not lying on it. He insists that he would have noticed the victims and was able to prevent the attack if they were moving on the crossing upright.
https://kraevoy--alt.sudrf.ru/modules.php?name=sud_delo&srv_...
Transalted by Bing.
[+] [-] nostromo|6 years ago|reply
Over one third of pedestrians killed in the US each year have been drinking too much to drive.
https://www.usatoday.com/story/news/nation/2013/08/05/drunk-...
[+] [-] throwaway147147|6 years ago|reply
A child was fatally hit by a truck at a tram station after another child pushed them. The truck driver tested positive for pot and was ultimately acquitted because the court concluded that even if the driver had been perfectly fit for driving, the accident would have been unavoidable.
I can not remember but I am certain that the driver had to face additional charges for driving under influence but this is another thing.
[+] [-] gbuk2013|6 years ago|reply
In the U.K. 1-2 years it seems.
https://en.m.wikipedia.org/wiki/Causing_death_by_dangerous_d...
Having read the facts appeal case you linked to it does not seem unreasonable (colliding with pedestrians on a marked and signed road crossing, travelling at >30mph). In the U.K. there is definitely an expectation that you slow down before a crossing.
In this case the court applied the minimum sentence and appeal rejected the victims’s side request for a harsher sentence.
The facts in the appeal case list many factors, some of which are not in favour of the driver (one pedestrian was trying to pick up the other so they were unlikely to have been lying down on the road and oncoming vehicles were flashing lights as a warning).
[+] [-] jessaustin|6 years ago|reply
[+] [-] baybal2|6 years ago|reply
Sold few thousands of them to Russian retailers at around 2008-2009, when I worked in a trade company in Singapore.
Previously they were used by Taiwanese taxis to record what's going on inside the car.
Russian's immediately found an inventive use for it, and instead made them to videolog what's going on in front of the car.
[+] [-] giancarlostoro|6 years ago|reply
I kinda hate driving at night. People can barely keep from getting into accidents in broad daylight imagine at night time.
[+] [-] manigandham|6 years ago|reply
[+] [-] sdegutis|6 years ago|reply
[+] [-] MiroF|6 years ago|reply
a. He was driving a motorcycle and b. One of the victims was not lying on the road, but instead standing and trying to pull up the other (or so I've read)
[+] [-] nl|6 years ago|reply
Most countries require greater care at pedestrian crossings.
[+] [-] saagarjha|6 years ago|reply
[+] [-] jnbiche|6 years ago|reply
I sure as hell that I'd do whatever I could legally to avoid going to a Russian (or American) prison, if what I'd done was an accident and of very doubtful criminality from the perspective of most countries. Wouldn't you?
Now he'll be stuck in a Russian prison for 2 years because of a tragic accident in which he was arguably not that negligent.
Edit: All of this is based on the facts as I have been able to find them online. I may be wrong in my interpretation.
[+] [-] jakear|6 years ago|reply
[+] [-] ariabuckles|6 years ago|reply
> Stop spam & panic! I have rules for this repo and i have some time for fixing critical bugs and major updates.
[+] [-] SaxonRobber|6 years ago|reply
[+] [-] cycomanic|6 years ago|reply
Companies using lots of OSS packages without ever giving back a dime. The argument is always that this helps developers get a job, but often enough the jobs don't allow the developers to work full time on those packages, but they are still somehow expected to continue the work in their past-time.
The guy posted the results of his call for funding, he got to $50 a month on patreon! For maintaining a package that likely 100s or 1000s of companies depend on for the work.
[+] [-] ankka|6 years ago|reply
[+] [-] kbumsik|6 years ago|reply
[+] [-] Chris2048|6 years ago|reply
Show me where anyone said they where entitled to his labour. It was him who felt entitled to advertise.
He can ask for all the dimes he wants, He just can't add such adverts to the codebase.
[+] [-] chrismorgan|6 years ago|reply
[+] [-] untog|6 years ago|reply
Anyway I doubt it’s fair to say the project is dead, something of this importance will be forked and maintained. It’s an annoyance for sure, though.
[+] [-] enitihas|6 years ago|reply
As Joe Biden said:
"Don't tell me what you value, show me your budget, and I'll tell you what you value."
[+] [-] Frost1x|6 years ago|reply
Whenever my projects use FOSS I always remind them exactly what a 'dependency' is. You should know and understand your dependencies and risks associated with relying on them.
You need to be willing to lock-in to a version if need be or replace it entirely. Some developers I work with that throw together one-off web applications tend to inject dozens (sometimes hundreds) of dependencies (which they like to dynamically pull from latest builds) into their projects, enough to make me dizzy looking through the list.
Typically development starts, they meet some initial goal and keep gluing more and more packages together to meet some goal/desired functionality. Then something breaks and they conveniently have other internal work that has to take priority, leaving a broken application they don't want to deal with for someone else to fix because they know it's an absolute mess they created. Rinse repeat.
Now you've established an expectation of functionality you have no clue how to maintain and did not clearly explain that to your client when you took shortcuts to glue everything together.
[+] [-] unknown|6 years ago|reply
[deleted]
[+] [-] agildehaus|6 years ago|reply
[+] [-] hombre_fatal|6 years ago|reply
Also, publish creds aren't the problem. The problem seems to be that nobody else really wants to maintain it including anyone at Babel, core-js' biggest user afaict.
If nobody steps up, it should just be a reminder of how flimsy open-source can be when there are so many bus-factor-of-one nodes out there that we depend on. It's a pretty big downside of depending on the hobbytime charity of random people, especially when we (or github comment culture) are so hostile when anyone dares to seek a penny.
You could write a library that every fortune 500 company uses to save a cumulative hundreds of thousands of dollars in employee-hours over the library's lifetime, but you're the asshole if you use your library's popularity to seek work or donations. People will come out of the woodwork to scold you.
[+] [-] oefrha|6 years ago|reply
[+] [-] shaneprrlt|6 years ago|reply
Add to that the fact that when he reached out to the community he worked hard (for free) to support, and they told him to basically FO, I doubt he's going to spend even a microsecond trying to be helpful in this situation.
[+] [-] bdcravens|6 years ago|reply
[+] [-] orliesaurus|6 years ago|reply
This is like round 2.
How will npm/github act now?
Especially now that it's Microsoft's npm /s
[1] https://www.theregister.co.uk/2016/03/23/npm_left_pad_chaos/
[2] https://blog.npmjs.org/post/141577284765/kik-left-pad-and-np...
[+] [-] whoisjuan|6 years ago|reply
That’s why forking it’s a thing. It’s certainly inconvenient but transferring the access of the original project to another party sets a very bad precedent. Maybe when the maintainer dies, but this guy is very much alive.
It is his work and he chose to give it freely to others through an OSS license. That doesn’t automatically grant anybody access to the original project. If somebody wants and needs to keep updating it then they should just fork it.
The left-pad issue is also different because in that case the original maintainer took it down which broke a bunch of packages that had dependencies on it. This project is still in the registry and it will still work as it is for the foreseeable future.
[+] [-] imtringued|6 years ago|reply
[+] [-] meritt|6 years ago|reply
[+] [-] jakear|6 years ago|reply
This should be handled the way any other fork happens: people create forks, other people audit them for stability and choose which to update their dependencies to. This isn't up to NPM to decide.
[+] [-] noway421|6 years ago|reply
[+] [-] jessaustin|6 years ago|reply
[+] [-] futhey|6 years ago|reply
Perhaps a less destructive change that someone with access (Github, NPM, Microsoft, etc.) could make, is to link to the new project from the readme.
Eventually when something breaks, this could be surfaced as an `npm audit` response (Core-js is no longer maintained. Switch to core-js-fork to resolve issue xyz).
[+] [-] werkjohann|6 years ago|reply
> This process is an excellent way to: Adopt an "abandoned" package
Harder is taking control of the GitHub project where the bug tracker lives and people are used to sending patches.
[+] [-] battery_cowboy|6 years ago|reply
[+] [-] ilyich|6 years ago|reply
It means he will be able to have internet access without any problems.
So no need to panic at all.
[0] https://kraevoy--alt.sudrf.ru/modules.php?name=sud_delo&srv_...
[1] https://ru.m.wikipedia.org/wiki/%D0%9A%D0%BE%D0%BB%D0%BE%D0%...
[+] [-] ssijak|6 years ago|reply
[+] [-] PeterisP|6 years ago|reply
So if the person lying on the road survived and the person driving the motorbike died, then it's plausible that the person lying on the road would be charged for manslaughter in order to determine the situation (I believe that in case of fatal traffic incidents involving more than one party, in Russia almost always a criminal investigation is opened) but would be found not guilty.
[+] [-] joecool1029|6 years ago|reply
I think even Russia has this situation covered if you can prove on a camera that someone intentionally jumped out in front of you. It's just way less open to interpretation by the court.
[+] [-] fractalf|6 years ago|reply
[+] [-] unknown|6 years ago|reply
[deleted]
[+] [-] unknown|6 years ago|reply
[deleted]
[+] [-] miguelmota|6 years ago|reply
[+] [-] Strom|6 years ago|reply
Check out the contributors page for this project. [1] This is not a community driven project. It's a one man show.
--
[1] https://github.com/zloirock/core-js/graphs/contributors
[+] [-] aastronaut|6 years ago|reply