
Microsoft copied new Windows Package Manager from rival AppGet, claims developer - mehrdadn
https://www.theverge.com/2020/5/28/21272964/microsoft-winget-windows-package-manager-appget-copied
======
forgingahead
The "Andrew" in question who courted Keivan (AppGet's dev) is Andrew Clinick.
He wrote a blog post in response to this a few days ago:

[https://devblogs.microsoft.com/commandline/winget-install-
le...](https://devblogs.microsoft.com/commandline/winget-install-learning/)

Still seems pretty tone-deaf to me - obviously MS seems to be in the legal
clear, but the moral high ground and lots of dev goodwill has been lost.

It also damages the ability for devs to informally meet and chat with PMs at
larger companies everywhere - adds a lot of mistrust to the eco-system.

This is not that MS came up with their own package manager. It's the entire
song-and-dance routine that was conducted about potentially hiring Keivan, and
then ghosting the engineer whose open-source product you were simultaneously
cloning.

Of course, people will forget, but many will still remember. This is still a
net-negative all-around when it didn't need to be.

~~~
wayneftw
> It's the entire song-and-dance routine that was conducted about potentially
> hiring Keivan, and then ghosting the engineer whose open-source product you
> were simultaneously cloning.

AppGet is a fairly unoriginal open source product. Anyone can fork it and do
what they want with it. Furthermore, if one doesn't copy code directly and
simply uses a similar idea, the author of AppGet doesn't even have to be
credited.

Did the author of Preact get flack like this for copying React? How about the
authors of any other number of forks of other OSS products?

And just because you get interviewed doesn't mean you get the job. Everybody
who has gone through rounds of interviews with large tech companies knows
this.

People that share your opinion are thinking as if Microsoft is one person. HN
largely subscribe to "cock-up before conspiracy" or Hanlon's Razor. So, why
don't you explain to us how you think this Microsoft conspiracy went down? Do
you really think people sat around a table discussing how to screw this one
dev and steal his product that was already open source??

Please... some people from MS interviewed him, some other people from MS
decided against hiring him and maybe some other people from MS used some ideas
(some very common and not-original ideas) from his work. Big deal. Microsoft
has ~150,000 employees.

> but the moral high ground [has been lost].

No it hasn't. Not even in the slightest degree IMO.

> and lots of dev goodwill has been lost.

Not sure how you're measuring that but people who read HN and r/programming
are in the low percentage out of all devs worldwide. And out of those people
that read about it - well you can see here that we don't all agree.

I mean even after the last 2 decades of Linux dominance and Mac desktop OSes -
among other stats, Windows is still the number one desktop OS used by software
developers according to the recent StackOverflow survey and C# is still one of
the most popular languages and people are still using VSCode, TypeScript,
GitHub, etc. The great majority of people generally don't even stop and think
about things like privacy, security or the morality of big companies.

But there is no question of morality here anyway. I question the morality of
Andrew for sharing his work and then acting like it's a crime to look at the
shared work.

~~~
boromi
Finally, someone with a sensible opinion on this situation, other than the
routine "read headline" write a bashful comment attacking large corporation
without understanding the core issue (which obviously is getting mob downvoted
without actually attempting to understand the scope of the issue). And as a
matter of fact, manifests have been used by other package managers before, so
since when did Kevian have a monopoly over this idea? It is remarkable how
this has blown up and one-sided the narrative has been. MSFT, probably due to
confidentiality, cannot divulge the outcome of the interview. Perhaps, he was
extremely hard to communicate with in person with very strong views that don't
mesh well in a MSFT team environment? Who knows, but just blindly listening
the Kevian is disingenuous at most and dangerous.

------
paxys
When I read the author's initial blog post a few days ago, this part
immediately stood out to me:

> I was told that the acqui-hire process through BizDev would take a very long
> time. An alternative to speed up the process would be just to hire me with a
> “bonus” and then work on migrating the code ownership after the fact. I
> didn’t have any objections, so we scheduled some meetings/interviews in
> Redmond.

As someone who has worked in the acquisition/acquihire area, this immediately
raises so many red flags. The team responsible for shipping the package
manager obviously did not have the budget/exec sponsorship to purchase a
rival. Not sure if security, legal, HR etc were even involved at all at that
point, or had budgeted the time to assist with this.

Yes the acquisition process takes a long time, and that is _exactly_ to avoid
situations like this one. The only correct response when a company reaches out
to you for something like this is "cool, let me set up a meeting with my
lawyer."

~~~
delhanty
>The only correct response when a company reaches out to you for something
like this is "cool, let me set up a meeting with my lawyer."

Or alternatively, choose not to respond at all as per PG's January 2015 essay
"Don't Talk to Corporate Dev" [0]

>Distractions are the thing you can least afford in a startup. And
conversations with corp dev are the worst sort of distraction, because as well
as consuming your attention they undermine your morale. One of the tricks to
surviving a grueling process is not to stop and think how tired you are.
Instead you get into a sort of flow. Imagine what it would do to you if at
mile 20 of a marathon, someone ran up beside you and said "You must feel
really tired. Would you like to stop and take a rest?" Conversations with corp
dev are like that but worse, because the suggestion of stopping gets combined
in your mind with the imaginary high price you think they'll offer.

Being PG, he's focussed on startups, but it applies to any small business that
might be the target of an acqui-hire.

[0]
[http://www.paulgraham.com/corpdev.html](http://www.paulgraham.com/corpdev.html)

~~~
mehrdadn
This is gold:

 _I remember once complaining to a friend at Google about some nasty trick
their corp dev people had pulled on a YC startup._

 _" What happened to Don't be Evil?" I asked._

 _" I don't think corp dev got the memo," he replied._

------
D13Fd
I definitely agree he should have been credited more, and the communications
strategy was cruel.

But he released his work, AppGet, under an Apache 2.0 license. Microsoft was
free to copy it as long as they followed the terms of the license. That's one
of the points of open source.

Microsoft also released their copy of it under the very open MIT license.

The article treats it like a crime, but this is essentially how it should
work, right? One open-source project greatly advances the art, and another
takes what was created and released freely, and runs with it.

If they literally copied code from AppGet, they may have an issue given that
they didn't follow the Apache license terms precisely (at least, it doesn't
look like it from a very brief glance at the WinGet repository -- Beigi's name
doesn't appear to be in the Apache license notices). But that seems easily
fixable.

~~~
mehrdadn
I'm guessing you haven't read his post on this, because he's indeed _not_
upset about the copying, but about the credit: [https://keivan.io/the-day-
appget-died/](https://keivan.io/the-day-appget-died/)

~~~
D13Fd
I actually had read his post. He's very justifiably upset about the lack of
credit for AppGet and also the terrible communication, which I mentioned. I
thought it was a well-written post.

But the linked Verge article frames it in terms of the copying being the
problem, rather than the credit, even calling it Sherlocking. It's not.

~~~
mehrdadn
I don't think it does? They mention "credit" at least 4 times in the article
("copy" comes up 3 times) and they're very clear that the issue is credit
("The announcement was especially bad given how little credit was given",
"Beigi is mostly unhappy with how Microsoft didn’t credit him for his work",
etc.). I'm not sure how you read it to imply the crime is in the copying?

------
solarengineer
This came up recently:
[https://news.ycombinator.com/item?id=23331287](https://news.ycombinator.com/item?id=23331287)

------
cs702
There are a lot of people from Microsoft on HN. Hopefully at least one of them
will respond here, or even better, look into righting this wrong.

~~~
nailer
To be honest I think they're probably here, reading this, feeling bad about
it, realising there's little they can do, so not saying anything.

Microsoft wrote the post acknowledging the copying, they know it was handled
badly ... what else could they do at this point?

I hope their investigation finds out what went wrong. I might suspect it was:

\- averro being their usual rubbish selves and ghosting candidates. Microsoft
needs to massively improve their hiring processes.

\- Clinick realising that the WinGet announcement should have credited AppGet.

------
foobar_
Can you stop people from doing this ? From what I am aware even MIT license
still needs to be credited somewhere in the new project.

------
harrygeez
don't forget Microsoft like other organizations, are just a bunch of people,
except that they have many more "bunches" than an average company.

The way I look at it this is just the acts of a few people and has nothing to
do with overall movement of the entire company

~~~
nmfisher
> The way I look at it this is just the acts of a few people and has nothing
> to do with overall movement of the entire company

True, but a company is nothing but the people they hire.

It therefore reflects poorly on Microsoft as a whole and will make people
think twice about working for/with Microsoft in future.

------
JoeAltmaier
Been happening forever. When OS/2 was invented we met with them, talked about
licensing some of their tech. Showed them our stuff including our 'Context
Manager', an app that let a microcomputer manage several apps at once.

Fast forward 6 months - OS/2 had a Context Manager, looked and worked
identically to ours. Sigh. What can you do? Good ideas are not patentable.

~~~
Droobfest
Hearing this, I vow to never use OS/2.

------
jonnypotty
Never be a 'good' person when interacting with a corperation because even if
the people you meet at this corpoation seem like nice humans they can not act
as such. Even now after all this the dev decides not to carry on developing
appget as it might result in fragmentation of the windows software ecosystem.
So this guy is ACTUALLY making good long term decisions that help Microsoft.
And then Microsoft release a statement saying "oh sorry - what did we do? we
never meant to, we care, we reeaaaly do".

I don't know why this is acceptable. People need to realise that their first
obligation is to be a good human, even if you are working for Microsoft.

------
boromi
Since when is using manifests a revolutionary idea? It's been used over a year
in Julia for package management. IMO this whole thing blew out and feels like
an unjustified mob mentality to attack MSFT over some trivial technology
borrow. It also feels like we are not getting the full story, only Keivan's
side, who is obviously trying to steer the narrative in one direction. For
example, what actually happened in the interview?

------
factorialboy
Embrace, copy, extinguish?

------
koolhead17
Changing culture takes longer than making PR. sigh..

