Hi! CTO of npm here. I haven't been reading HN today because we were trying to fix the SSL thing, so I was genuinely taken aback to see this article.
We didn't censor any comments; we did no moderation of any kind today. I have no idea what happened to his comment, but nobody at npm did anything to it.
Tough to give benefit of the doubt, but we're talking about Disqus here and I've had this sort of thing happen to me in the past. Willing to believe it could be an honest mistake. At least you know now to tread lightly if you were ever thinking of doing something like this.
Nobody is really talking about this massive betrayal of trust by the npm maintainers.
Make a mistake and deploy a backwards-incompatible change? Thats negligent. However, mistakes happen and I understand that. (An apology would be nice.)
But deleting the most important and insightful comment is damn-near unforgivable. Especially when such a note was so reasonable, even-tempered and had such empathy for the npm maintainers.
As of today, I don't really trust npm, and trust is considerably important for package managers. If they expect to earn any of my respect back, it would take a sincere apology.
Your outrage seems rather misplaced. They screwed up their certificates, which caused a problem for people running the non-latest-stable nodejs.
They then posted how to fix this, and apologised for the problem.
Note to the wary: if you are running software that is version 0.10.25 in production, and complaining that things aren't "Ready for enterprise" then all I have to say is "no shit, look at the version number!"
If you aren't ready/willing to deal with a fast moving deploy target, then stick to Ruby/Python or better still JVM/.Net!
Sometimes a technology's biggest detractors are its most fervent adherents. The drama, fuss, immaturity and irrationality is just off-putting and screams to everyone else "Do you enjoy drama? Do you want to be in the middle of trolling wars on Twitter? Please join us, just Node.js it all comes with it as part of the package!".
This is isn't the only thing. The drama with Joyent fake firing that person who didn't want to accept some doc updates. Is that all, I maybe wrong, but there is just no end to immaturity and drama. The people and culture associated with this technology is off-putting to me. Maybe others love it, good for them.
> I decided not to fight for changing something for the better today and quit. Why do companies lie? Why do ppl fear change?
I am not wise enough to be called a source of wisdom...but if you are in IT, and your company is not actively poisoning children or criminally violating you, do not quit out of professional principle without a backup plan.
Oh, boy. A DSL line isn't sufficient to handle 150 people accessing the site right now. It may be slow, but it's not going to go down. It's powered by Node, the nodejs process is only using 56MB of RAM and about 40% CPU. I'm fine. My bandwidth is simply depleted. Have patience, and thank you for visiting. I need some bandwidth and a budget. Wow.
I'll never understand this when a $5 digital ocean VPS could perform far better, and probably a lot cheaper than the extra electricity he's burning at home.
Please, make it better. The last thing the JavaScript community as a whole needs is more fragmentation. You know JavaScript, why don't you contribute to NPM?
When that security bullshit happened with RubyGems a year ago, many members of the Ruby community pitched in and helped the RubyGems team get the site back in order, even making Chef scripts so the whole thing is repeatable. Now, RubyGems is more secure and runs faster than ever.
Thank you for posting this. I completely agree. We already have a package manager, there's no need to fork it and have to have 2 competing things when it's all open source and those with knowledge can contribute to make npm better.
The site’s hosted on a machine in his house, and is served over a DSL connection.
He says Node and/or Pulsar are doing well enough (150 connections using ~50 MB of RAM and 40% CPU)- apparently he just doesn’t have enough bandwidth to get everything out to everyone.
Funny. I saw this earlier on NPMjs.org and it had 22 upvotes, 0 downvotes. Does it say anywhere why, exactly, it was deleted, or do they just delete anything they don't like?
"I have been free riding on this piece of technology that is completely open and that I, if I were able, could help make better. Instead I'll just be condescending to the people who have spent countless hours of their personal time because something didn't work as I want/understood it to. Go me."
Not sure why, but HN user "IsaacSchlueter", who purports to be the comment thread moderator, posted an explanation/rebuttal/apology to the OP in this comment thread an hour ago.
> We didn't moderate away anything. I am literally the only person who CAN moderate those comments, and I was at a conference all day. 100% of my online time was spent working with my team to figure out the fastest path to a fix. We didn't realize the extent until way too late, and that's bad on us. I apologize. I didn't delete your comment. I'll look at the moderation queue and see if maybe disqus is set to auto-hide after some time or something. I'm sorry for the confusion there.
I was wondering if the rate of voting or the absolute value of the post's rating (it had a ton of upvotes) triggered a Disqus protection thinking it was a flame war, similar to flamewar protection on HN.
[+] [-] seldo|12 years ago|reply
We didn't censor any comments; we did no moderation of any kind today. I have no idea what happened to his comment, but nobody at npm did anything to it.
[+] [-] tbranyen|12 years ago|reply
[+] [-] evv|12 years ago|reply
Make a mistake and deploy a backwards-incompatible change? Thats negligent. However, mistakes happen and I understand that. (An apology would be nice.)
But deleting the most important and insightful comment is damn-near unforgivable. Especially when such a note was so reasonable, even-tempered and had such empathy for the npm maintainers.
As of today, I don't really trust npm, and trust is considerably important for package managers. If they expect to earn any of my respect back, it would take a sincere apology.
[+] [-] 1stop|12 years ago|reply
http://blog.npmjs.org/post/78165272245/more-help-with-self-s...
Your outrage seems rather misplaced. They screwed up their certificates, which caused a problem for people running the non-latest-stable nodejs.
They then posted how to fix this, and apologised for the problem.
Note to the wary: if you are running software that is version 0.10.25 in production, and complaining that things aren't "Ready for enterprise" then all I have to say is "no shit, look at the version number!"
If you aren't ready/willing to deal with a fast moving deploy target, then stick to Ruby/Python or better still JVM/.Net!
[+] [-] sync|12 years ago|reply
[+] [-] untog|12 years ago|reply
https://twitter.com/robcolbert/status/436928505498976256
and today has no money:
https://twitter.com/robcolbert/status/439507016709853184
but doesn't want to work for another "shop beholden to the weakness of its internal IT":
https://twitter.com/robcolbert/status/439505080992034816
It's difficult to have a ton of sympathy, but it's still just an overall sad situation.
[+] [-] rdtsc|12 years ago|reply
Hmm...Life guidance. I don't know.
Sometimes a technology's biggest detractors are its most fervent adherents. The drama, fuss, immaturity and irrationality is just off-putting and screams to everyone else "Do you enjoy drama? Do you want to be in the middle of trolling wars on Twitter? Please join us, just Node.js it all comes with it as part of the package!".
This is isn't the only thing. The drama with Joyent fake firing that person who didn't want to accept some doc updates. Is that all, I maybe wrong, but there is just no end to immaturity and drama. The people and culture associated with this technology is off-putting to me. Maybe others love it, good for them.
[+] [-] rubiquity|12 years ago|reply
[+] [-] reeses|12 years ago|reply
[+] [-] geraldcombs|12 years ago|reply
[+] [-] danso|12 years ago|reply
https://twitter.com/robcolbert/status/436928505498976256
> I decided not to fight for changing something for the better today and quit. Why do companies lie? Why do ppl fear change?
I am not wise enough to be called a source of wisdom...but if you are in IT, and your company is not actively poisoning children or criminally violating you, do not quit out of professional principle without a backup plan.
[+] [-] Encosia|12 years ago|reply
[+] [-] stefan_kendall|12 years ago|reply
[deleted]
[+] [-] chrisbolt|12 years ago|reply
More context: https://news.ycombinator.com/item?id=7320833
[+] [-] Cless|12 years ago|reply
Oh, boy. A DSL line isn't sufficient to handle 150 people accessing the site right now. It may be slow, but it's not going to go down. It's powered by Node, the nodejs process is only using 56MB of RAM and about 40% CPU. I'm fine. My bandwidth is simply depleted. Have patience, and thank you for visiting. I need some bandwidth and a budget. Wow.
[+] [-] gfosco|12 years ago|reply
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] tomphoolery|12 years ago|reply
When that security bullshit happened with RubyGems a year ago, many members of the Ruby community pitched in and helped the RubyGems team get the site back in order, even making Chef scripts so the whole thing is repeatable. Now, RubyGems is more secure and runs faster than ever.
[+] [-] LukeB_UK|12 years ago|reply
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] lucb1e|12 years ago|reply
> Powered by Pulsar
For various definitions of 'powered'.
[+] [-] htp|12 years ago|reply
He says Node and/or Pulsar are doing well enough (150 connections using ~50 MB of RAM and 40% CPU)- apparently he just doesn’t have enough bandwidth to get everything out to everyone.
[+] [-] girvo|12 years ago|reply
I really like that, and fits so well for some FOSS projects.
[+] [-] cdata|12 years ago|reply
Incidentally, if anyone here was actually affected by this, they put up a reasonable explanation / apology / useful-resolutions blog post that no-one seems to be paying attention to: http://blog.npmjs.org/post/78165272245/more-help-with-self-s...
[+] [-] Cless|12 years ago|reply
[+] [-] mildtrepidation|12 years ago|reply
[+] [-] SideburnsOfDoom|12 years ago|reply
[+] [-] jaredmcateer|12 years ago|reply
[+] [-] troels|12 years ago|reply
[+] [-] Encosia|12 years ago|reply
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] dchuk|12 years ago|reply
[+] [-] fisherprice|12 years ago|reply
[+] [-] mosselman|12 years ago|reply
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] dham|12 years ago|reply
[+] [-] danso|12 years ago|reply
https://news.ycombinator.com/item?id=7323010
However, Isaac has been hellbanned...I'll repost just to give him the benefit of the doubt:
https://news.ycombinator.com/user?id=IsaacSchlueter
> We didn't moderate away anything. I am literally the only person who CAN moderate those comments, and I was at a conference all day. 100% of my online time was spent working with my team to figure out the fastest path to a fix. We didn't realize the extent until way too late, and that's bad on us. I apologize. I didn't delete your comment. I'll look at the moderation queue and see if maybe disqus is set to auto-hide after some time or something. I'm sorry for the confusion there.
[+] [-] ivank|12 years ago|reply
[+] [-] caw|12 years ago|reply
[+] [-] IsaacSchlueter|12 years ago|reply
[deleted]