In my unasked-for opinion, he should absolutely give up on this project, and take a salaried job that'll let him support his family and not have to deal with the entitlement issues and lack of perspective the community evidently has. If half of what's in this post is true, he's shown admirable restraint: I'd have burned it all down the first time someone got pissy about a free thing I gave them.
Yes. But I think it also shows a common misunderstanding of "open source" (and even "free software").
What he did was incredibly valuable to a huge number of successful people and corporations. But no one owes him anything. That's the point of open source. If they did owe him something, they wouldn't have used it. They used it because it was great, it was established/known, it was available with no strings attached whatsoever. Again, that's the point, that's why it's popular.
But also, he owes them nothing. He doesn't have to keep maintaining the most comprehensive, up-to-date, and flexible package, as a full-time job, for free. He could could have just stopped after his first couple years where it was an inherently fulfilling passion project, he could just put in a couple hours a week, whatever. People would make do, it would still be quite valuable for a lot of people for a long time. Or those other projects and companies would come up with an more up-to-date alternative when really needed.
You really don't have to be a martyr, and we don't have to "give up on open source" or whatever. You can just make stuff available that you wanted to do anyway. Sometimes it leads to bigger opportunities, sometimes (usually?) not. Don't slave away and sacrifice your personal life because of what you think you deserve if you do, that's not going to materialize that way.
Remember this is all stuff just offered up with NO WARRANTY, NOT EVEN FITNESS FOR PURPOSE etc. And in practice it's super super valuable that way. Even without you sacrificing yourself. Let companies spend the big bucks on it, just work on what's fun in your free time.
The open source community can be wild sometimes. Back when I was still maintainer and lead dev for Gaim (not Pidgin), I would occasionally get downright hateful people e-mailing me for not implementing whatever feature they thought needed to be implemented, or not getting it implemented quickly enough.
One guy managed to get ahold of my cell phone number somehow and called me at 4am to discuss "his ideas" with me for the project. I ended up having to change my number.
Thankfully 95% of the people I interacted with in the community were great and were great, but that other 5% was rough.
Maintainers like Denis shouldn't be asking for donations, they should be sponsored the same way Nike sponsors athletes. If you're a burnt out open source maintainer or know someone who is, I'd love to talk to you. My job is to help create awareness about the issue with companies that depend on your package. I reached out to Denis because we all know he deserves better. Appreciate any leads you could additionally share with me.
> I'd have burned it all down the first time someone got pissy about a free thing I
Sadly this is the state of open source projects. People feeling entitled and doing nothing but complain. It's sad really because negative compacts often have a more lasting impact than positive ones.
From this article, Denis Pushkarev seems to be a remarkably principled developer in a horrible situation, and I admire his commitment to this project. Setting that aside, though, is anyone else alarmed that such a widely used project has exactly one maintainer who is able to push arbitrary changes without review? Especially one already in legal trouble and significant debt, unable to travel, for a project embedded in Fortune 500 e-commerce and (likely) intranet/administrative sites, with an extremely large surface area of used APIs where malicious minified code might easily go unnoticed and is highly difficult to audit?
I absolutely feel for his situation. Right now, the degree to which he could be threatened into allowing a malicious group to push changes in his name should not be taken lightly. Hopefully this article reaches the attention of some of the CISOs at companies who rely on the project, and a path towards a situation where multiple parties have visibility into release management can be explored. And honestly, such a solution might be the best thing to make Denis and his family less of a target.
(In the meantime, pin your core-js dependency, and track https://security.snyk.io/vuln/npm?search=core-js as well as npm audit. Arguably there should be an advisory category for known vulnerable maintenance situation - I'm not sure if such a registry exists. One might say that every open source project is vulnerable in some way, but there's nuance and splash radius to consider here, and core-js does not have much defense-in-depth at the moment.)
Well. There is little doubt that he would be a good fit for at least a normal Engineer position in any of these companies. If they didn't hire him yet your guess as of why is as good as mine.
Edit: This was not meant to be read in a negative kind of way. I'd try to hire him if I had an open position to fit.
> Especially one already in legal trouble and significant debt, unable to travel
... and living in a country involved in war, run by a regime for which respect for the rule of law is a "nice to have".
If I were in FSB, I'd be banging at this guy's door right now, and making his life as comfortable as I can. Imagine dropping an obfuscated killswitch on half the global web, that is Real Power right there; or silently siphoning out credentials from FAANG-level companies; or or or...
We are incredibly lucky that Herr Putin's henchmen are actually not very good.
In one of my previous jobs, my CTO asked me who I thought was the most important person in the company was. I wasn’t sure. He pointed to the lady who was responsible for entering and maintaining data, on which the entire business was built upon.
She was a quiet person, who did her job exceptionally well. Yet, most people didn’t know her or didn’t realize her importance. I am certain she wasn’t paid that well either.
Point being, nobody is going to reward you, unless you ask for it. I once spent 4 years at a job, I did my job well. Didn’t get a single dollar raise. I didn’t ask, nobody cared either. Most I got was some praise in team meetings once in a while.
The most disgusting part of the story is all hate and vitriol thrown at him. By people using his software for free, by people who are likely not even a tenth as good as he is - both as a person and as a programmer. All this in an industry with plenty of money. This is super depressing. I genuinely hope he gets to spend his future happy
What I'm really struggling with is how much this contrasts with the story for the developers of Dwarf Fortress, who don't get that same hate and vitro piled on them, and in fact, people throw money at them because they want the developers to have money. To the tune of like $9 million or something! Whereas this guy, pouring his heart into something useful and not for fun, gets all this hate shoveled his way?
I do understand that not a lot of people here really understand the sheer direness of his situation. He stuck in Russia because of unsettled problems regarding his conviction. He almost certainly cannot immigrate into most of the countries because of said conviction - to have a work permit one have to provide a certificate of good conduct. He is cut off most options to receive money from abroad and several means to receive support at all. He has a family to provide. The economy of Russia is increasingly deteriorating, the quality of life is following suit. His son will soon feel a taste of state fascist indoctrination, it starts in kindergarten now in Russia. While most commenters here feel sad, I feel an utter horror.
I always heard people talk about how "open source is broken", but I'm honestly in shock after reading this.
Is this normal? That one guy can contribute code that is used on thousands of the top websites worldwide and not one of the numerous multi-billion dollar companies that use his code are even willing to donate an amount equivalent to an average developer's salary?
I mean, how is this that possible? It's not like when a company the size of Spotify uses core-js they just add it to their project without thinking. No, they know how important the project is. They know the effort involved in building and maintain a project like core-js. Yet they can't even throw the dude a few thousand dollars a year to say thanks?
Am I missing something here? Is the fact that he's Russian having an impact on the companies willing to offer him support?
It honestly seems insane to me that so many people are able to reach out with messages of hate for adding a donation message to free software, but only a handful of people / business would offer support.
I'd be willing to guess that the vast majority of applications (if not all) dependent on core-js are pulling it in as a transitive dependency of something else-- most via either a direct dependency on `@babel/preset-env` or indirect dependencies on the same through scaffolding projects like create-react-app.
That leaves core-js in a position where it's kind of invisible-- projects like Babel are very visible and pull in a decent chunk of cash via developer donations and corporate sponsorships. Core-js, on the other hand, isn't something most developers ever deal with directly-- if you don't go and dig through your dependency tree, you may never even know it's there. Until it starts making noise in your console on 'npm install', at least-- and then it looks indistinguishable from spam, from something you never even explicitly installed, no less.
>It's not like when a company the size of Spotify uses core-js they just add it to their project without thinking. No, they know how important the project is.
The devs at Spotify know how important that project is. But the people who control the money, middle and upper management, might now even know what Javascript is. Why would they spend money for something that's free? They're under pressure to cut costs anyway.
Throwing dollars at MS or Oracle, on the other hand, is nice for managers because you get service, accountability, responsibility, guarantees, and lawyers to talk to for that money. Money is paranoid. Open source can't give you that, it's always only one poor coder.
The Node.JS library ecosystem (for better or worse) is modeled as small libraries which do only one thing, and often have dozens of dependencies. And those in turn, have their own dependencies.
So when you import a library, you're bringing in a lot of other libraries as well. Some large companies have stringent audits (for licenses etc), but most care (or are aware) only about the library they imported. core-js is probably a dependency for many others, and especially transpiler toolchains which are common in JS.
> That one guy can contribute code that is used on thousands of the top websites worldwide and not one of the numerous multi-billion dollar companies that use his code are even willing to donate an amount equivalent to an average developer's salary?
Well, every multi-billion-dollar company has a mechanism for paying for commercial software. If they need Windows or Photoshop or Solidworks they're more than happy to pay the asking price.
The problem with open source software is the asking price is zero.
Most multi-billion-dollar companies also engage in some charitable giving. They probably use their entire charity budget every year - maybe they're supporting food banks, or earthquake victims, or cancer research.
But getting the Russian polyfill guy out of jail probably isn't a registered charity. And even if it was - there's a lot of charities out there.
Some multi-billion-dollar companies have budgets to sponsor open source projects. Apple, Microsoft, Google and others donate >$125k/year to the Apache foundation, for example [1].
But that money is spread very thinly - how many developers do you think contributed to, say, a basic Ubuntu installation? And plenty of companies don't budget for this at all.
Some open source projects use options like 'dual licensing' where you have to pay to use them in closed source projects (Qt, for example) or offer support contracts or paid add-on products (Ubuntu Pro, for example)
But it's not like Qt are rolling in cash - or that the community had any great love for Ubuntu Pro.
As you'll note, all these options sound a lot more difficult than just getting a job at one of these big corporations.
The problem that a lot of people don't get is that corporations can't just donate money to things like that to be nice. They have accounting and legal obligations, they can't just throw money around for funsies. If you phrase things their way, like selling them a product on contract, you can easily get tens of thousands from them. But a "please donate" link on your site won't get anything.
It's definitely time for him to let this project go, working on it is a literally thankless task and the level of entitlement shown towards his work has been infuriating to watch. The outrage towards him daring to ask the community for help, something done in an act of desperation, is a real wake up call for open source maintainers - the community doesn't give a fuck about you, they want your code and they want it free.
The psychological burden of carrying such an important but relatively unknown project has trapped him in this state of desperation for years now. It's tunnel vision and sunk loss thinking, time to quit.
A long post, but the final paragraphs sum up both the problem and the ask:
"This was the last attempt to keep core-js as a free open-source project with a proper quality and functionality level. It was the last attempt to convey that there are real people on the other side of open-source with families to feed and problems to solve.
If you or your company use core-js in one way or another and are interested in the quality of your supply chain, support the project."
This is not the type of FOSS ecosystem that Stallman wanted to achieve; it's the ecosystem that big business wants: people work for free and profits multiply and accumulate at the top. That is what MIT licensing fosters. If you want a different world, use a different license model.
Unfortunately, the JS world is effectively built on freeloading, so any licensing restriction is seen as a capital sin against "the community" of temporarily-embarrassed-FAANGs. Meanwhile, actual FAANGs laugh all the way to the tax-haven-based bank, and the lone guy in Nebraska/Russia continues to starve.
Completely agree. I think I'm going to start using the AGPLv3 for everything from now on. It's not like I'm making anything so critical as this core-js library but still.
This old post's made a huge impression on me but it never really sank in until today:
He should 100% try to find regular sustainable work somewhere instead of working on this project.
Secondarily, find a lawyer to write up a contract for $80/hr for companies to sign and have him do work on core-js when they need an update or a feature. He can give an estimate on hours, send them a contract, get it signed and have the work done. If the people asking for feature requests and updates don't want to pay, then that's fine, it doesn't need to get done.
I’m very sorry for the guy. He really should focus on his family well being.
Open source is not feeding of the poor nor helping victims of crime. People give it too much emotional weight and think that it’s important for the whole human kind. But it’s not. It’s just some nice to have utility. And, to be honest, it’s not the OS as it used to be. Now it’s mostly big corps wanting some internet fame or free labor or companies wanting to use your software for free. If you do it for fame or better job, sure, try your luck. But don’t base your income on it. It has almost never worked.
I wish you all the best Denis. Hope it all ends good for you. Please don’t feel sorry if you abandon the project. You gave people something good and don’t owe them anything. And don’t be worried, no one will suffer if you do it. It might sound harsh, bit it’s also relieving. You are not responsible for internet people inconvenience.
Please, if you are capable of doing development at this level, take the high-paying job, save for a decade, and get FI. Then you can work on OSS 120 hours a week if you like.
I contribute what amounts to a few euros a month to a few open source projects. I do these because these projects have significantly helped my career and added to my personal enjoyment. Perhaps not much in the grand scheme of things, but I feel I owe at least that much, especially if I'm not able to help in other ways (PRs for example).
However, when I've asked employers to do the same - just throw what to them is would be tax-deductible chump change at some projects that have helped them make fortunes - there's lot of muttering and foot-dragging. More trouble than it's worth to do the paperwork, apparently.
So we end up in a ludicrous situation where essential software, used by companies with revenues in the billions, depend on a single, relatively impoverished and stressed out developer toiling in obscurity. Google or Facebook or Microsoft could, for what amounts to a rounding error, have just put him on an annual salary or grant.
I understand and expect most of the comments here would be about the state of open source, and I know we of course, by definition, are only getting one side of the story, and I also know that no country is perfect.
But holy shit, I had immense sadness and sympathy for his legal woes and the fact that he was imprisoned. Again, obviously the US is no panacea when it comes to incarceration, but holy shit, first thing I was screaming was "GTFO of Russia!" The entire legal system there is now basically one man's corrupt enterprise.
He was imprisoned because he hit pedestrians and one died. I don't know about you, but the way I drive I wouldn't hit pedestrians if they were laying in the road, maybe if they ran out in front of me. It doesn't sound like he has any sympathy for killing a woman at all, so the "woe is me I'm not a governor's son so I went to jail when others wouldn't have" is distasteful at best.
This is such a depressing post about the sad state of open source. I can't imagine continuing to maintain the package after what happened.
I want to encourage zloirock to forget about this and move on. I think it would be best for him to take a good paid job, live with his family and enjoy a vacation.
I wrote this sentiment earlier[1], but I'll repeat it here.
If a dev wants money for his work, he should license his work as appropriate and demand payments. If a dev releases his work free-as-in-libre and/or free-as-in-beer, they don't get to complain if the donations are "insufficient".
Or to put it another: Of course a company won't pay up if they don't have to.
This guy seems to be considering making his work into a commercial product, so at least he has the correct idea. Speaking objectively I hope it works out for him.
> If a dev releases his work free-as-in-libre and/or free-as-in-beer, they don't get to complain if the donations are "insufficient".
Of course they get to complain. Complaining and doing nothing to change the situation is what's problematic.
Doing work without reward, even if you did not expect any in the first place, can be soul-sucking, and it is totally normal to complain about it.
You don't do FOSS for the recognition/glory, but complaining about the hatred, hypocrisy, and complete lack of respect of the industry towards FOSS is normal.
The backlash he got after he "dared" ask for help was completely uncalled for. I'd even say this, it's the user who does not get to complain, let's remind everyone of what most FOSS licenses include:
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
You get a message during `npm install` from the dev asking for funding and a job? Tough shit, you don't get to complain because you're not paying him.
And to echo the top reply to your original comment, nope you don’t get to decide to for everyone.
I personally think that releasing free software and then complaining that the multibillionaire (trillionaire?) companies that rely on it refuse to fund you even after you’ve expressly asked for it is perfectly justified.
Okay, and now half the devs simply decide to not deal with the issue of licensing and just business source everything. Congrats, that's definitely the better world to code in, right?
This sort of thing highlights that FOSS isn't even close to free, ever.
If we were to compute the developer hours invested in a project like Linux we would easily determine it likely is the most expensive software project in history. The cost of the time is borne by individual developers, companies and universities, all of whom require some form of financial support in order to do so. Or, at the individual level, starve and not have a life (unless wealthy and the work is a hobby).
Denis Pushkarev, CoreJS's developer, abandon this project and move on. The list of large companies benefiting from his work who have not moved a finger to make sure he is able to continue working on this while supporting a family with dignity is massive.
Short list of notable companies from the screen grab:
baidu.com
amazon.com
yahoo.com
microsoft.com
taobao.com
openai.com
instagram.com
twitter.com Elon: Give this man a job!
weibo.com
reddit.com
twitch.tv
zoom.us
aliexpress.com
adobe.com
patreon.com
pinterest.com
etc.
Yeah, this is silly. Move on. Immediately. The people who care do not care enough to help or support you.
Denis, if you are reading this:
DO NOT FEEL BAD ABOUT DISCONNECTING FROM THIS PROJECT! THESE PEOPLE DO NOT VALUE YOUR WORK. MOVE ON. IMMEDIATELY.
> The recipient's mailbox is full and can't accept messages now. Please try resending your message later, or contact the recipient directly.
I hope he is getting the help he deserves (I dropped a message on twitter after seeing this)
The messages he received are so vile, why would someone attach their name to something like that? I personally would immediately avoid employing anyone who posted like that, doubly-so in a semi-professional space like Github.
I can sympathize with the author's troubles, and wish he finds a well-paid position that still allows him to work on OSS.
That said, the idea that companies would pay for a JS library that is patching browser support is wild. Practically nobody pays for JS modules except for very specific niches (e.g. a charting library) or product/technical support. Especially when it's an indirect dependency of tools you use. Maybe Babel could pull off having a paid tier, but that's already a stretch, as there is still a lot more software up the chain. There are many commercial ideas in the JS ecosystem worth pursuing, but this doesn't look like one of them.
Projects like Babel, ESLint, Rollup etc get significant funding from corporations, but these are the very top of the food chain, and even then the amounts are still barely enough to pay for full-time dev salaries at market rate. It's just not a model that works.
There is also no particular reason these hundreds of polyfills have to be maintained by a single person, and kept in one central package. The maintenance overhead is massive. Any project using this as part of their core offering, like Babel, would certainly be able to keep up with a bunch of smaller modules, and deal with churn.
Finally, the reach and numbers are very impressive, but I'm afraid they are an artifact of building a monolithic package, more than a reflection of the value companies might attach to it. If core-js stopped being maintained today, it would hurt momentarily, but there are hundreds if not thousands of people who will step in to fill the void. There is no reason to sacrifice your personal well-being for a project that is not bringing you happiness.
The idea that they _don't_ pay for it is wild, honestly. There's no FOSS equivalent in so many other industries - they pay for every part of their supply chain and yet still somehow make a profit. You can't open a hotdog stand and use "FOSS hotdogs".
The whole point of the post is that the FOSS model doesn't work and that sucks. I don't know what the answer to that is, and neither does he, but the answer certainly isn't "oh well."
Also, I feel you should read or reread the article - he explicitly responds to your last two paragraphs in there. Babel specifically has said they're not interested in doing the work that core-js is doing, and there are clearly _not_ thousands of people willing to step in and fill the void of core-js. They've had many opportunities before, including when everyone hated him for asking for financial support and the web seemingly united against him, and when he was stuck in prison for months, not maintaining anything. And yet core-js is still there at the forefront, because of the passion and his willingness to put up with too much abuse.
> - The idea that companies would pay for a JS library that is patching browser support is wild.
Companies make more money by having their websites work in older browsers. If it wasn't for core-js, they would be paying developer time to write polyfills or compile and maintain them from various other single polyfill packages. Surely if they are willing to pay developers to do this in return for increased profits they would also be willing to pay someone else to do it, just as businesses outsource all kinds of tasks.
Well, this just proves unless you are willing to actually walk away you pretty much have zero leverage. I think he should have quit on the project long time ago to either have forced the big Co's to fund him or let someone else to take over. It's just what it is. The Github project in itself should provide him though with good prospects to get a good software engineer job.
I myself have as well restrained from working on / releasing certain projects because I know it would just bring me more hassle than benefit even if people did use them. World doesn't work on charity, sadly. But if you need the thing you build yourself as well, it shouldn't be that bad as long as you know to set your boundaries for what you're willing to do.
[+] [-] karaterobot|3 years ago|reply
[+] [-] ploxiln|3 years ago|reply
What he did was incredibly valuable to a huge number of successful people and corporations. But no one owes him anything. That's the point of open source. If they did owe him something, they wouldn't have used it. They used it because it was great, it was established/known, it was available with no strings attached whatsoever. Again, that's the point, that's why it's popular.
But also, he owes them nothing. He doesn't have to keep maintaining the most comprehensive, up-to-date, and flexible package, as a full-time job, for free. He could could have just stopped after his first couple years where it was an inherently fulfilling passion project, he could just put in a couple hours a week, whatever. People would make do, it would still be quite valuable for a lot of people for a long time. Or those other projects and companies would come up with an more up-to-date alternative when really needed.
You really don't have to be a martyr, and we don't have to "give up on open source" or whatever. You can just make stuff available that you wanted to do anyway. Sometimes it leads to bigger opportunities, sometimes (usually?) not. Don't slave away and sacrifice your personal life because of what you think you deserve if you do, that's not going to materialize that way.
Remember this is all stuff just offered up with NO WARRANTY, NOT EVEN FITNESS FOR PURPOSE etc. And in practice it's super super valuable that way. Even without you sacrificing yourself. Let companies spend the big bucks on it, just work on what's fun in your free time.
[+] [-] robflynn|3 years ago|reply
Thankfully 95% of the people I interacted with in the community were great and were great, but that other 5% was rough.
[+] [-] armini|3 years ago|reply
[+] [-] toyg|3 years ago|reply
Nah, he should get creative.
1. Silently change the license to GPL.
2. Wait a few billion downloads.
3. Meticulously sue one company after the other.
[+] [-] kkoste|3 years ago|reply
Sadly this is the state of open source projects. People feeling entitled and doing nothing but complain. It's sad really because negative compacts often have a more lasting impact than positive ones.
[+] [-] forevergreenyon|3 years ago|reply
[deleted]
[+] [-] btown|3 years ago|reply
I absolutely feel for his situation. Right now, the degree to which he could be threatened into allowing a malicious group to push changes in his name should not be taken lightly. Hopefully this article reaches the attention of some of the CISOs at companies who rely on the project, and a path towards a situation where multiple parties have visibility into release management can be explored. And honestly, such a solution might be the best thing to make Denis and his family less of a target.
(In the meantime, pin your core-js dependency, and track https://security.snyk.io/vuln/npm?search=core-js as well as npm audit. Arguably there should be an advisory category for known vulnerable maintenance situation - I'm not sure if such a registry exists. One might say that every open source project is vulnerable in some way, but there's nuance and splash radius to consider here, and core-js does not have much defense-in-depth at the moment.)
[+] [-] cyral|3 years ago|reply
[+] [-] sally_glance|3 years ago|reply
Edit: This was not meant to be read in a negative kind of way. I'd try to hire him if I had an open position to fit.
[+] [-] shmolf|3 years ago|reply
window['__core-js_shared__'].versions
Just more evidence of how prevalent and important that library is.
[+] [-] johnywalks|3 years ago|reply
[+] [-] toyg|3 years ago|reply
... and living in a country involved in war, run by a regime for which respect for the rule of law is a "nice to have".
If I were in FSB, I'd be banging at this guy's door right now, and making his life as comfortable as I can. Imagine dropping an obfuscated killswitch on half the global web, that is Real Power right there; or silently siphoning out credentials from FAANG-level companies; or or or...
We are incredibly lucky that Herr Putin's henchmen are actually not very good.
[+] [-] akudha|3 years ago|reply
She was a quiet person, who did her job exceptionally well. Yet, most people didn’t know her or didn’t realize her importance. I am certain she wasn’t paid that well either.
Point being, nobody is going to reward you, unless you ask for it. I once spent 4 years at a job, I did my job well. Didn’t get a single dollar raise. I didn’t ask, nobody cared either. Most I got was some praise in team meetings once in a while.
The most disgusting part of the story is all hate and vitriol thrown at him. By people using his software for free, by people who are likely not even a tenth as good as he is - both as a person and as a programmer. All this in an industry with plenty of money. This is super depressing. I genuinely hope he gets to spend his future happy
[+] [-] nevernude|3 years ago|reply
[+] [-] fragmede|3 years ago|reply
I really don't understand people.
[+] [-] SergeAx|3 years ago|reply
[+] [-] kypro|3 years ago|reply
Is this normal? That one guy can contribute code that is used on thousands of the top websites worldwide and not one of the numerous multi-billion dollar companies that use his code are even willing to donate an amount equivalent to an average developer's salary?
I mean, how is this that possible? It's not like when a company the size of Spotify uses core-js they just add it to their project without thinking. No, they know how important the project is. They know the effort involved in building and maintain a project like core-js. Yet they can't even throw the dude a few thousand dollars a year to say thanks?
Am I missing something here? Is the fact that he's Russian having an impact on the companies willing to offer him support?
It honestly seems insane to me that so many people are able to reach out with messages of hate for adding a donation message to free software, but only a handful of people / business would offer support.
[+] [-] JonathonW|3 years ago|reply
That leaves core-js in a position where it's kind of invisible-- projects like Babel are very visible and pull in a decent chunk of cash via developer donations and corporate sponsorships. Core-js, on the other hand, isn't something most developers ever deal with directly-- if you don't go and dig through your dependency tree, you may never even know it's there. Until it starts making noise in your console on 'npm install', at least-- and then it looks indistinguishable from spam, from something you never even explicitly installed, no less.
[+] [-] a_bonobo|3 years ago|reply
The devs at Spotify know how important that project is. But the people who control the money, middle and upper management, might now even know what Javascript is. Why would they spend money for something that's free? They're under pressure to cut costs anyway.
Throwing dollars at MS or Oracle, on the other hand, is nice for managers because you get service, accountability, responsibility, guarantees, and lawyers to talk to for that money. Money is paranoid. Open source can't give you that, it's always only one poor coder.
[+] [-] jeswin|3 years ago|reply
The Node.JS library ecosystem (for better or worse) is modeled as small libraries which do only one thing, and often have dozens of dependencies. And those in turn, have their own dependencies.
So when you import a library, you're bringing in a lot of other libraries as well. Some large companies have stringent audits (for licenses etc), but most care (or are aware) only about the library they imported. core-js is probably a dependency for many others, and especially transpiler toolchains which are common in JS.
[+] [-] michaelt|3 years ago|reply
Well, every multi-billion-dollar company has a mechanism for paying for commercial software. If they need Windows or Photoshop or Solidworks they're more than happy to pay the asking price.
The problem with open source software is the asking price is zero.
Most multi-billion-dollar companies also engage in some charitable giving. They probably use their entire charity budget every year - maybe they're supporting food banks, or earthquake victims, or cancer research.
But getting the Russian polyfill guy out of jail probably isn't a registered charity. And even if it was - there's a lot of charities out there.
Some multi-billion-dollar companies have budgets to sponsor open source projects. Apple, Microsoft, Google and others donate >$125k/year to the Apache foundation, for example [1].
But that money is spread very thinly - how many developers do you think contributed to, say, a basic Ubuntu installation? And plenty of companies don't budget for this at all.
Some open source projects use options like 'dual licensing' where you have to pay to use them in closed source projects (Qt, for example) or offer support contracts or paid add-on products (Ubuntu Pro, for example)
But it's not like Qt are rolling in cash - or that the community had any great love for Ubuntu Pro.
As you'll note, all these options sound a lot more difficult than just getting a job at one of these big corporations.
[1] https://www.apache.org/foundation/thanks
[+] [-] ufmace|3 years ago|reply
[+] [-] ilaksh|3 years ago|reply
[+] [-] phpnode|3 years ago|reply
The psychological burden of carrying such an important but relatively unknown project has trapped him in this state of desperation for years now. It's tunnel vision and sunk loss thinking, time to quit.
[+] [-] glennericksen|3 years ago|reply
"This was the last attempt to keep core-js as a free open-source project with a proper quality and functionality level. It was the last attempt to convey that there are real people on the other side of open-source with families to feed and problems to solve.
If you or your company use core-js in one way or another and are interested in the quality of your supply chain, support the project."
[+] [-] toyg|3 years ago|reply
This is not the type of FOSS ecosystem that Stallman wanted to achieve; it's the ecosystem that big business wants: people work for free and profits multiply and accumulate at the top. That is what MIT licensing fosters. If you want a different world, use a different license model.
Unfortunately, the JS world is effectively built on freeloading, so any licensing restriction is seen as a capital sin against "the community" of temporarily-embarrassed-FAANGs. Meanwhile, actual FAANGs laugh all the way to the tax-haven-based bank, and the lone guy in Nebraska/Russia continues to starve.
[+] [-] kalleboo|3 years ago|reply
This is fantastic, and it applies in so many other situations - I'm stealing this phrase (it's openly licensed, right?)
[+] [-] matheusmoreira|3 years ago|reply
This old post's made a huge impression on me but it never really sank in until today:
https://web.archive.org/web/20091210171517/https://zedshaw.c...
> “Hey your software is awesome! Can I get it for free so I can use it at work and make money or please my boss? That’d rock! (for me).”
> I want people to appreciate the work I’ve done and the value of what I’ve made.
> Not pass on by waving “sucker” as they drive their fancy cars.
[+] [-] maherbeg|3 years ago|reply
Secondarily, find a lawyer to write up a contract for $80/hr for companies to sign and have him do work on core-js when they need an update or a feature. He can give an estimate on hours, send them a contract, get it signed and have the work done. If the people asking for feature requests and updates don't want to pay, then that's fine, it doesn't need to get done.
[+] [-] phpnode|3 years ago|reply
[+] [-] szastamasta|3 years ago|reply
Open source is not feeding of the poor nor helping victims of crime. People give it too much emotional weight and think that it’s important for the whole human kind. But it’s not. It’s just some nice to have utility. And, to be honest, it’s not the OS as it used to be. Now it’s mostly big corps wanting some internet fame or free labor or companies wanting to use your software for free. If you do it for fame or better job, sure, try your luck. But don’t base your income on it. It has almost never worked.
I wish you all the best Denis. Hope it all ends good for you. Please don’t feel sorry if you abandon the project. You gave people something good and don’t owe them anything. And don’t be worried, no one will suffer if you do it. It might sound harsh, bit it’s also relieving. You are not responsible for internet people inconvenience.
[+] [-] stocknoob|3 years ago|reply
[+] [-] danjac|3 years ago|reply
However, when I've asked employers to do the same - just throw what to them is would be tax-deductible chump change at some projects that have helped them make fortunes - there's lot of muttering and foot-dragging. More trouble than it's worth to do the paperwork, apparently.
So we end up in a ludicrous situation where essential software, used by companies with revenues in the billions, depend on a single, relatively impoverished and stressed out developer toiling in obscurity. Google or Facebook or Microsoft could, for what amounts to a rounding error, have just put him on an annual salary or grant.
[+] [-] hn_throwaway_99|3 years ago|reply
But holy shit, I had immense sadness and sympathy for his legal woes and the fact that he was imprisoned. Again, obviously the US is no panacea when it comes to incarceration, but holy shit, first thing I was screaming was "GTFO of Russia!" The entire legal system there is now basically one man's corrupt enterprise.
[+] [-] postsantum|3 years ago|reply
How did you arrive to this conclusion? OP wasn't a political prisoner, he served less than a year for manslaughter
[+] [-] flumpcakes|3 years ago|reply
[+] [-] throwawayopen|3 years ago|reply
I want to encourage zloirock to forget about this and move on. I think it would be best for him to take a good paid job, live with his family and enjoy a vacation.
[+] [-] Dalewyn|3 years ago|reply
If a dev wants money for his work, he should license his work as appropriate and demand payments. If a dev releases his work free-as-in-libre and/or free-as-in-beer, they don't get to complain if the donations are "insufficient".
Or to put it another: Of course a company won't pay up if they don't have to.
This guy seems to be considering making his work into a commercial product, so at least he has the correct idea. Speaking objectively I hope it works out for him.
[1]: https://news.ycombinator.com/item?id=34759316
[+] [-] linkdd|3 years ago|reply
Of course they get to complain. Complaining and doing nothing to change the situation is what's problematic.
Doing work without reward, even if you did not expect any in the first place, can be soul-sucking, and it is totally normal to complain about it.
You don't do FOSS for the recognition/glory, but complaining about the hatred, hypocrisy, and complete lack of respect of the industry towards FOSS is normal.
The backlash he got after he "dared" ask for help was completely uncalled for. I'd even say this, it's the user who does not get to complain, let's remind everyone of what most FOSS licenses include:
You get a message during `npm install` from the dev asking for funding and a job? Tough shit, you don't get to complain because you're not paying him.[+] [-] zztop44|3 years ago|reply
I personally think that releasing free software and then complaining that the multibillionaire (trillionaire?) companies that rely on it refuse to fund you even after you’ve expressly asked for it is perfectly justified.
[+] [-] green_on_black|3 years ago|reply
[+] [-] robomartin|3 years ago|reply
If we were to compute the developer hours invested in a project like Linux we would easily determine it likely is the most expensive software project in history. The cost of the time is borne by individual developers, companies and universities, all of whom require some form of financial support in order to do so. Or, at the individual level, starve and not have a life (unless wealthy and the work is a hobby).
Denis Pushkarev, CoreJS's developer, abandon this project and move on. The list of large companies benefiting from his work who have not moved a finger to make sure he is able to continue working on this while supporting a family with dignity is massive.
Short list of notable companies from the screen grab:
https://user-images.githubusercontent.com/2213682/218452738-...
Yeah, this is silly. Move on. Immediately. The people who care do not care enough to help or support you.Denis, if you are reading this:
DO NOT FEEL BAD ABOUT DISCONNECTING FROM THIS PROJECT! THESE PEOPLE DO NOT VALUE YOUR WORK. MOVE ON. IMMEDIATELY.
[+] [-] jbm|3 years ago|reply
I hope he is getting the help he deserves (I dropped a message on twitter after seeing this)
The messages he received are so vile, why would someone attach their name to something like that? I personally would immediately avoid employing anyone who posted like that, doubly-so in a semi-professional space like Github.
[+] [-] ricardobeat|3 years ago|reply
That said, the idea that companies would pay for a JS library that is patching browser support is wild. Practically nobody pays for JS modules except for very specific niches (e.g. a charting library) or product/technical support. Especially when it's an indirect dependency of tools you use. Maybe Babel could pull off having a paid tier, but that's already a stretch, as there is still a lot more software up the chain. There are many commercial ideas in the JS ecosystem worth pursuing, but this doesn't look like one of them.
Projects like Babel, ESLint, Rollup etc get significant funding from corporations, but these are the very top of the food chain, and even then the amounts are still barely enough to pay for full-time dev salaries at market rate. It's just not a model that works.
There is also no particular reason these hundreds of polyfills have to be maintained by a single person, and kept in one central package. The maintenance overhead is massive. Any project using this as part of their core offering, like Babel, would certainly be able to keep up with a bunch of smaller modules, and deal with churn.
Finally, the reach and numbers are very impressive, but I'm afraid they are an artifact of building a monolithic package, more than a reflection of the value companies might attach to it. If core-js stopped being maintained today, it would hurt momentarily, but there are hundreds if not thousands of people who will step in to fill the void. There is no reason to sacrifice your personal well-being for a project that is not bringing you happiness.
[+] [-] DanHulton|3 years ago|reply
The whole point of the post is that the FOSS model doesn't work and that sucks. I don't know what the answer to that is, and neither does he, but the answer certainly isn't "oh well."
Also, I feel you should read or reread the article - he explicitly responds to your last two paragraphs in there. Babel specifically has said they're not interested in doing the work that core-js is doing, and there are clearly _not_ thousands of people willing to step in and fill the void of core-js. They've had many opportunities before, including when everyone hated him for asking for financial support and the web seemingly united against him, and when he was stuck in prison for months, not maintaining anything. And yet core-js is still there at the forefront, because of the passion and his willingness to put up with too much abuse.
[+] [-] cyral|3 years ago|reply
Companies make more money by having their websites work in older browsers. If it wasn't for core-js, they would be paying developer time to write polyfills or compile and maintain them from various other single polyfill packages. Surely if they are willing to pay developers to do this in return for increased profits they would also be willing to pay someone else to do it, just as businesses outsource all kinds of tasks.
[+] [-] aloisdg|3 years ago|reply
[+] [-] stjo|3 years ago|reply
https://www.blockchain.com/explorer/addresses/btc/bc1qlea754...
Do I read properly there are ~$1000 now and ~$73000 ever deposited?
[+] [-] tekkk|3 years ago|reply
I myself have as well restrained from working on / releasing certain projects because I know it would just bring me more hassle than benefit even if people did use them. World doesn't work on charity, sadly. But if you need the thing you build yourself as well, it shouldn't be that bad as long as you know to set your boundaries for what you're willing to do.