Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #105528 > unrolled thread
| Started by | Steven D'Aprano <steve+comp.lang.python@pearwood.info> |
|---|---|
| First post | 2016-03-23 20:03 +1100 |
| Last post | 2016-03-23 11:23 -0700 |
| Articles | 8 — 7 participants |
Back to article view | Back to comp.lang.python
[Not actually OT] Trouble in node.js land Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2016-03-23 20:03 +1100
Re: [Not actually OT] Trouble in node.js land INADA Naoki <songofacandy@gmail.com> - 2016-03-23 11:06 +0000
Re: [Not actually OT] Trouble in node.js land Random832 <random832@fastmail.com> - 2016-03-23 09:33 -0400
Re: [Not actually OT] Trouble in node.js land Steven D'Aprano <steve@pearwood.info> - 2016-03-24 01:52 +1100
Re: [Not actually OT] Trouble in node.js land Random832 <random832@fastmail.com> - 2016-03-23 11:26 -0400
Re: [Not actually OT] Trouble in node.js land Ben Finney <ben+python@benfinney.id.au> - 2016-03-24 09:09 +1100
Re: [Not actually OT] Trouble in node.js land Terry Reedy <tjreedy@udel.edu> - 2016-03-23 14:08 -0400
Re: [Not actually OT] Trouble in node.js land Ethan Furman <ethan@stoneleaf.us> - 2016-03-23 11:23 -0700
| From | Steven D'Aprano <steve+comp.lang.python@pearwood.info> |
|---|---|
| Date | 2016-03-23 20:03 +1100 |
| Subject | [Not actually OT] Trouble in node.js land |
| Message-ID | <56f25be6$0$2805$c3e8da3$76491128@news.astraweb.com> |
This is not actually off-topic, as it has relevance to open source projects
like Python: the importance of getting package management right, and not
basing your development ecosystem on cowboys who might pull the rug out from
under your feet at any time.
Ironically, this also showcases what happens when you use a language with no
batteries included, namely Javascript.
One developer just broke most of the Node.js ecosystem by removing an eleven
line package from npm (the node.js package manager, somewhat similar to
Python's pip only even more critical):
http://www.theregister.co.uk/2016/03/23/npm_left_pad_chaos/
This critical package is "left-pad". What does it do? It pads strings with
spaces from the left. It's not just spaces though, it can pad with any
character you like! Zeroes, commas, even hash signs! We truly live in an age
of miracles.
The removal of this package (along with about 250 others by the same author,
but only left-pad appears to have been noticed) crippled Node.js development
as suddenly thousands of deployed apps could no longer download their
dependencies.
The author removed his package in a fit of pique because he wasn't allowed
to continue using a trademarked name. Rather than suck it up like a grown up
and change the package name, he removed his entire collection of packages
from npm and (temporarily) broke the entire Node.js ecosystem.
https://medium.com/@azerbike/i-ve-just-liberated-my-modules-9045c06be67c
Of course, moving his allegedly infringing package "kik" to github isn't
going to fix the problem. It's still allegedly infringing.
More discussion here:
https://github.com/azer/left-pad/issues/4
https://news.ycombinator.com/item?id=11340510
https://www.reddit.com/r/programming/comments/4bjss2/an_11_line_npm_package_called_leftpad_with_only/
A colleague passed on this quote from an acquaintance of his:
"i asked an npm dev at a talk once if they were going to make a stable
version and they said javascript is not like operating systems and doesn't
need stable versions"
There's a lesson here for Python package management too. As pip becomes ever
more popular and functional, there are certain people who believe that the
whole "batteries included" philosophy of Python is outdated and unnecessary.
Why have a standard library when you can just download the most recent
version from PyPI using pip? The node.js experience shows how this can go
badly wrong.
For those curious, here's left-pad in all its glory:
module.exports = leftpad;
function leftpad (str, len, ch) {
str = String(str);
var i = -1;
if (!ch && ch !== 0) ch = ' ';
len = len - str.length;
while (++i < len) {
str = ch + str;
}
return str;
}
I leave a Python translation for the experts :-)
--
Steve
[toc] | [next] | [standalone]
| From | INADA Naoki <songofacandy@gmail.com> |
|---|---|
| Date | 2016-03-23 11:06 +0000 |
| Message-ID | <mailman.47.1458731200.2244.python-list@python.org> |
| In reply to | #105528 |
>
>
> For those curious, here's left-pad in all its glory:
>
> module.exports = leftpad;
> function leftpad (str, len, ch) {
> str = String(str);
> var i = -1;
> if (!ch && ch !== 0) ch = ' ';
> len = len - str.length;
> while (++i < len) {
> str = ch + str;
> }
> return str;
> }
>
> I leave a Python translation for the experts :-)
>
>
>>> s = "foo"
>>> s.rjust(5, '@')
'@@foo'
[toc] | [prev] | [next] | [standalone]
| From | Random832 <random832@fastmail.com> |
|---|---|
| Date | 2016-03-23 09:33 -0400 |
| Message-ID | <mailman.55.1458740024.2244.python-list@python.org> |
| In reply to | #105528 |
On Wed, Mar 23, 2016, at 05:03, Steven D'Aprano wrote: > https://medium.com/@azerbike/i-ve-just-liberated-my-modules-9045c06be67c > > Of course, moving his allegedly infringing package "kik" to github isn't > going to fix the problem. It's still allegedly infringing. I think the issue, and it is a reasonable one, is that this was not determined in a court of law. It's not actually clear to me that it's infringing or not (yes, they're both computer programs, but they do very different things, so it's not clear if they are or that they ought to be the "same area"), and it's arguably something that Kik Interactive Inc. should have had to actually sue him for rather than demanding a third party to arbitrarily mess with his stuff. And there's also the fact that corporations apparently have absolutely no concept of how to properly communicate with someone to ask them to change something or stop doing something.
[toc] | [prev] | [next] | [standalone]
| From | Steven D'Aprano <steve@pearwood.info> |
|---|---|
| Date | 2016-03-24 01:52 +1100 |
| Message-ID | <56f2ad9c$0$1607$c3e8da3$5496439d@news.astraweb.com> |
| In reply to | #105550 |
On Thu, 24 Mar 2016 12:33 am, Random832 wrote: > On Wed, Mar 23, 2016, at 05:03, Steven D'Aprano wrote: >> https://medium.com/@azerbike/i-ve-just-liberated-my-modules-9045c06be67c >> >> Of course, moving his allegedly infringing package "kik" to github isn't >> going to fix the problem. It's still allegedly infringing. > > I think the issue, and it is a reasonable one, is that this was not > determined in a court of law. It's not actually clear to me that it's > infringing or not (yes, they're both computer programs, but they do very > different things, so it's not clear if they are or that they ought to be > the "same area"), and it's arguably something that Kik Interactive Inc. > should have had to actually sue him for rather than demanding a third > party to arbitrarily mess with his stuff. > > And there's also the fact that corporations apparently have absolutely > no concept of how to properly communicate with someone to ask them to > change something or stop doing something. I don't think this is the case at all. If the author of the package had tried to negotiate, and been rebuffed, he surely would have said so. "Look, I tried to be reasonable, but they wouldn't be reasonable, so I had no choice!". But that's not what his own account of the story shows. His account shows clearly: - He didn't bother to check to see whether the name was in use when he picked it. - The lawyers were polite but firm. - He apparently made no attempt to negotiate, just told them no. Twice. - His own account didn't dispute the possibility of confusion between two software packages with the same name. He could have argued "My software in a command-line tool for creating Javascript projects; yours is a chat client. There is no possibility of confusion between the two." But he gives no indication that he did this. It probably wouldn't do him much good if he made that argument, since the courts tend to use the "Moron in a hurry" test. If a stupid person who is not paying attention could be confused by the reuse of the name, then it shouldn't be allowed. They're both software, right? It's not like one was software and the other was a brand of chocolate biscuit. But, judging from his own story, it doesn't appear he even made that argument. Instead, it seems that his argument was simple: "No. Don't want to." So the lawyers did the right thing: instead of suing him, they approached the people hosting the software, and got them to take it down. There is a prima facie evidence of trademark infringement, and the alleged infringer has made no attempt to deny infringement, defend himself or rename the package, even when asked. So they took down *one* package. At which point, the author spat the dummy and took down 250 or so packages, including the one which brought Node.js to its knees. It's hard to feel sympathy for the guy when *his own account* of what took place makes him out to be a totally self-centred dick with poor impulse control. But now this is off-topic. There are difficult people in all programming language communities, and it could have been *any* package that was removed suddenly with no warning. What's more interesting is the difference between language communities which can easily weather such troubles or those that can't. -- Steven
[toc] | [prev] | [next] | [standalone]
| From | Random832 <random832@fastmail.com> |
|---|---|
| Date | 2016-03-23 11:26 -0400 |
| Message-ID | <mailman.57.1458746765.2244.python-list@python.org> |
| In reply to | #105553 |
On Wed, Mar 23, 2016, at 10:52, Steven D'Aprano wrote: > - He didn't bother to check to see whether the name was in use when he > picked it. Someone not making a commercial product shouldn't have to worry about a name collision with something they've never heard of. > - The lawyers were polite but firm. > > - He apparently made no attempt to negotiate, just told them no. Twice. I'd missed the part where the lawyers contacted him directly. The next step should have been a lawsuit, not to do an end run around the law by trying to convince someone else to enact extralegal enforcement on their behalf. > - His own account didn't dispute the possibility of confusion between two > software packages with the same name. He could have argued "My software > in > a command-line tool for creating Javascript projects; yours is a chat > client. There is no possibility of confusion between the two." But he > gives > no indication that he did this. > > It probably wouldn't do him much good if he made that argument, since the > courts tend to use the "Moron in a hurry" test. If a stupid person who is > not paying attention could be confused by the reuse of the name, then it > shouldn't be allowed. They're both software, right? It's not like one was > software and the other was a brand of chocolate biscuit. But, judging > from > his own story, it doesn't appear he even made that argument. A) His software is a command line tool, how's someone looking for a phone app going to find it in the first place? B) His software costs no money, so no harm has been done even if someone looking for the phone app finds it and "buys" it by mistake. Even if the interpretation of the law used by the court _is_ that phone apps and command line tools are the same "area", this is, if true, a failure of the system that people should fight against rather than just accept.
[toc] | [prev] | [next] | [standalone]
| From | Ben Finney <ben+python@benfinney.id.au> |
|---|---|
| Date | 2016-03-24 09:09 +1100 |
| Message-ID | <mailman.70.1458770995.2244.python-list@python.org> |
| In reply to | #105553 |
Random832 <random832@fastmail.com> writes: > B) His software costs no money, so no harm has been done even if > someone looking for the phone app finds it and "buys" it by mistake. That statement assumes that only the loss of money is harm. Do you recognise damage to public reputation as harm? Do you recognise any other non-monetary damage as harm? Is it legitimate to defend against such damage – for example, damage to public reputation – through use of trademark law? -- \ “This world in arms is not spending money alone. It is spending | `\ the sweat of its laborers, the genius of its scientists, the | _o__) hopes of its children.” —Dwight Eisenhower, 1953-04-16 | Ben Finney
[toc] | [prev] | [next] | [standalone]
| From | Terry Reedy <tjreedy@udel.edu> |
|---|---|
| Date | 2016-03-23 14:08 -0400 |
| Message-ID | <mailman.63.1458756493.2244.python-list@python.org> |
| In reply to | #105528 |
On 3/23/2016 5:03 AM, Steven D'Aprano wrote: > One developer just broke most of the Node.js ecosystem by removing an eleven > line package from npm (the node.js package manager, somewhat similar to > Python's pip only even more critical): Does PyPI actually delete packages, as opposed to making them harder to find? -- Terry Jan Reedy
[toc] | [prev] | [next] | [standalone]
| From | Ethan Furman <ethan@stoneleaf.us> |
|---|---|
| Date | 2016-03-23 11:23 -0700 |
| Message-ID | <mailman.64.1458757356.2244.python-list@python.org> |
| In reply to | #105528 |
On 03/23/2016 11:08 AM, Terry Reedy wrote: > On 3/23/2016 5:03 AM, Steven D'Aprano wrote: > >> One developer just broke most of the Node.js ecosystem by removing an >> eleven >> line package from npm (the node.js package manager, somewhat similar to >> Python's pip only even more critical): > > Does PyPI actually delete packages, as opposed to making them harder to > find? I don't know the exact answer, but I do know there is a big warning label around the delete button: Do NOT use this button. There is no undo. <Remove this package completely> -- ~Ethan~
[toc] | [prev] | [standalone]
Back to top | Article view | comp.lang.python
csiph-web