If Kenneth has been acting in bad faith within the community, that should be brought to light and called out. That said, I can't help but think this blog post swings that hammer way too hard, and then even gets into rumors about other unethical things he has allegedly done without any attribution. The author goes on long enough in this manner so much so that they have to remind the reader "please don't abuse or harass Kenneth!" That's a sign you've swung too hard. I know Kenneth personally, as the blog post mentions, he has mental health issues and while the article rightly points out this is no excuse, it's not the authors place to judge how effectively or not a mental health sufferer is capable of managing their illness.
Again i agree the incidents in question should be called out and I am glad this author has spoken out. But as someone who also suffers from mental illness I am concerned for the extended nature of the post.
Many people manage their conditions without causing this kind of harm, and when they mess up, they make amends, just like the rest of us. If someone can't do that, then as a community, we can have compassion but shouldn't give them power and influence.
I don't understand this logic. If all may be true, then there is absolutely a need to alert the community of a prominent member who may be damaging that very community.
What isn't needed is personal speculation about how a cheap laptop would suffice, or how taxes can't be that high, or how much documentation should cost, or etc. etc. It's all pretty much irrelevant in light of the fact that 30 grand went missing.
What definitely isn't needed is an insulting analysis of perceived wrong-doing backed by pop-psychology. "Many people manage their conditions without causing this kind of harm..." Yeah, and some don't.
There is a difference between "alerting the community" and writing an opinion piece placing yourself in a victim/martyr role to underline you're really "the good guy" here.
Sure it is. He stated he was going to use the proceeds to buy a laptop to work on this project. A $5,000 dollar laptop is above and beyond what is required to work on this project. There certainly is reason to question this.
>or how taxes can't be that high
It wasn't "that high", it was "most of it." If someone told me they received $30,000 in donations, but $15,000.01 or more went to taxes, I'd be asking questions.
>or how much documentation should cost
$28,000 to write documentation for the next version of this library. No, it should NOT cost that much for the amount of work and resources necessary to complete this particular task.
None of this is reaching; these are very necessary and prudent concerns.
Everything the authors states are interpretations of how the author interpreted their interactions; they're allegations.
You don't need allegations to support an already established fact unless you're playing to the people, that is, appealing to sentiment to win them over to a cause.
> None of this is reaching
It isn't, but it also isn't needed to publish those personal misgivings in a populist format. If the 30k is missing, then that's a clear indictment by itself. There's no need to cast aspersions about how the money was used, speculation on mental health issues, or how little other people personally liked someone.
The $30,000 was accounted for: taxes, a machine, and documentation. Perfectly reasonable.
* "Most of it" went to taxes. (Wait, what?)
* A $5000 machine. (For what?)
* Documentation? (For a version that doesn't exist yet?)
These kinds of shenanigans are why government contracts are such a mess. Details matter.
In practice you do need to provide interpretation of the larger context, otherwise someone else will do it.
Also, if you don't make a plea to not target a person, then you'll be accused of trying to incite others to target that person.
In short, I strongly disagree with your position.
Your terms "hearsay and rumor" appear deliberately chosen to color the more generic phrase "anonymous" or "third-party". As such, I cannot answer your question as I disagree with the characterization.
I’ll also say that I consider Kenneth to be a true friend, and that those considerations are more than worth it. He’s an extremely gifted developer - and more importantly, a truly good person.
Oh, and your awesome work on SQLAlchemy.
Obviously there are multiple sides to that debate, but I personally came to the conclusion that Reitz had behaved quite poorly there. It's interesting to see his name come up again, here.
What that means, I don't know.
"Note: you should probably use direnv instead. Simply put, it is higher quality software. But, autoenv is still great, too. Maybe try both? :)"
He's right it's completely unfair to others with bipolar disorder (can't speak for other mental illnesses). If you take you take your medication, go to therapy, practice CBT, and stay sober you can live a normal life. Don't get me wrong, it's hard work and expensive.
I have no idea what Kenneth's situation is and I'm not excusing any of the alleged behavior, I'm just asking that others not to assume automatically all others successfully treating bipolar disorder (1 or 2) are up to no good.
I was always a little suspicious of the set of libraries he maintains - the documentation pages are so slick that I begin to wonder if this is a software package or a lifestyle upgrade.
Anecdotally, I was at one point in an informal business relationship with someone who has bipolar disorder and I had a very similar experience when I attempted to formalize our procedures for collecting and recording income. This was in a band (garage bands seemingly not that different from OSS) - so we're talking a few hundred dollars a month going in to one person's checking account. I thought we'd all feel better if we knew exactly how much money we were making and how it was being spent. Had a similar set of objections from my colleague to this kind of openness.
Does that mean bad documentation is a good thing? Not sure if serious...
That said, there are so many red flags in this whole story that I can't tell why the whole thing is only being revealed today. It seems that, as the person who was actually working on a crowdfunded feature, OP should have disclosed the potential issues to the community as soon as he became conclusively aware of them. Much of the damage would've been repaired a lot more smoothly, had he done so.
This same question comes up when people reveal abuse (of any kind) or other traumatic experiences.
People need time to process some events, and when you're going through some interpersonal trouble, you may think this (is your fault|will go away|is not a big problem|has been solved).
Sure, but that's ideal. In practice, humans frequently delay or completely forgo sounding the alarm when there's a problem. Having not raised concerns immediately isn't out of the ordinary; for myriad of reasons, it occurs everyday.
So instead of rebuking the author, consider _why_ it wasn't immediately brought to the community's attention (or maybe it was, but not to the degree we see here)
I'm unclear what you mean by this. Could you clarify?
I think it's a bit odd. I wasn't trying to say that good documentation makes me suspicious, but this very heavy handed advertising up front does.
I know it's partly a joke, but it's not just one ore two lines.
Please un-flag this article so that HN can discuss the controversy/debate surrounding Reitz and his accuser.
Separately: Humans do their best work when they are collaborating with one another. I have worked in many different organizational formats, but I have never worked in an organization where an excessively negative person did so much good work that it was worth team destruction. When everyone else is doing less work because of one person, you have to remove that person or you raise risk of mission failure.
This is not an isolated mistake. There is a consistent pattern of exploitation and toxicity from Kenneth that has been ongoing for many years.
Many people in the community have known about this and worse. This post is courageous for finally calling it out.
It's difficult to call out a person in a position of power like himself, especially one who obsessively engages in abusive tactics yet has an army of people who worship him and make excuses for him.
For those interested in understanding this better, I urge you to read "Narcissists and Blood Bags" by Marlena Compton and Valerie Aurora: https://medium.com/@marlenac/the-blood-bag-co-narcissists-an...
Perhaps there is a whistleblower exception, such as when the person being criticized is powerful, and the whistleblower is vulnerable, but I'm not aware that's the situation here, and whistleblowing involves an investigation (by officials, journalists).
If there is a functioning body of authority that is accepting confidential complaints, then I will happily use my real name. I am not eager to invite abuse just to help the HN community gain some awareness of what has been going on for years.
As an example, here's a quote from https://en.wikipedia.org/wiki/Whistleblower : "Most whistleblowers are internal whistleblowers, who report misconduct on a fellow employee or superior within their company through anonymous reporting mechanisms often called hotlines."
That is, 1) no investigation, 2) anonymous, 3) internal.
It's certainly dangerous if all the accusers are anonymous. However, in this case there are two who are not anonymous. How many are needed?
And, indeed, we are seeing that very prominently in the last few years, in US/world news, as part of a major and unresolved threat.
This general situation is one reason to adopt some practices. Getting practice with practices is good practice.
While certainly a possibility, best practices in whistleblowing specifically reject always ignoring anonymous comments.
That said, I understand that this specific case is complicated, iff someone feels intimidated, and iff and there is no authority to whom to appeal, so maybe it's an exception to general best practices.
Since general practices explicitly allow anonymous complaints for whistleblowing, including for anonymous complaints in public fora, I don't see how your appeal to general best practices affects anything - this already is part of general best practices.
Perhaps you could describe what practices you are thinking of?
"FYI, Requests3 will be shipping with its own low-level http library, and isn't going to be using urllib3.
& I are hard at work on the parts, and all (upcoming) donations are going to be split between him & I. We aren't actively seeking out any donations, though."
Some of the statements are pretty hard to believe (nobody wants to work on the future of one the most popular Python libraries ever? Uh... more likely nobody wants to sit in a (virtual) room with him, now they’ve effectively managed to remove him from Requests 2...). And it confirms the 30k have been spent, with Requests 3 still not appearing even in half-done status.
"I appear to be the target of a personal character attack piece, that's been making it's rounds on social media today, expertly timed to ruin my weekend at PyCon US 2019.
"I got nothing but strange signals from njs since I first interacted with him, which is why I didn't answer his threatening-sounding emails. What was the threat I was perceving? That he'd do basically do exactly this."
it isn't the only option, and actual malice is quite rare. sometimes all it takes is a frank and honest conversation, and maybe some mentorship. it's far too easy not to see the impact of your behaviour or words, especially if communication is mostly remote and you don't get a real chance to read people.
while it is harder to teach soft skills than a new technical skill, it isn't impossible to help a person grow. hopefully, this proves to be such a situation, or is simply a honest mistake.
I understand it's tough to feel like a target of somebody's symptoms. I have been there too. But compassion is also needed.
It lays out his actions, how they are perceived by others, and why the author feels they cannot work with him.
It does not name him evil, and in fact seems disinterested in his private personal motivations.
Shunning someone is a compassionate response to bipolar disorder. Keeping the reasons for shunning someone private harms others, such that “compassionate” becomes “complicit”.
The community’s replies indicate that many chances have been given, well ahead of when this post was published. What further compassion would you suggest is appropriate here?
ps. It is suggested he has bipolar disorder, but replacing that with “for personal reasons” in no way alters the content of the post.
I am being vague because I don't know what the right answer is. But it is surely a compassionate one, and not one that rushes to judgement. The author is making an attempt at this, sure.
The hardest thing to do is to protect yourself when those circumstances are combined, and someone is this close to getting over the hump, and it’s infinitely worse when they’re family/friend. I’m sorry you had to live through that, no matter what you chose.
A bipolar diagnosis can explain toxic behaviour, but it does not excuse it.
Context aside, this is a good maxim and a good thing to keep in mind when dealing with others.
Moreover, I would argue that it’s not just about dealing with mental illness, but about dealing with people in general - it encapsulates the concept of empathy as it applies to interpersonal relations. You can attempt to analyze the motivations for someone’s behavior without implicitly applying a judgement to them, for the purpose of being able to more effectively work with them in the future toward mutual beneficial goals.
My thoughts on this: I consider myself an avid pythonista and have built my career programming in python. Though I've only been watching the community at the sidelines for personal reasons. I think this post took courage to call out someone who while great at code and docs and community interaction, is a flawed human. Kenneth seems to be more about the glam and less about the code these days. Case in point - His attempt to influence the adoption of then half baked pipenv as the officially endorsed tool for pkg management.
Or put differently, why does the author think that "everyone knows it's silly" to have different libraries doing the same thing in different ways?
I think a valuable discussion that could come from this is to seek to understand why it’s “de facto” standard library instead of “de jure” standard library.
I’ve heard it said that “the standard library is where popular packages go to die”, and I think that’s very true. I’m very happy that Requests isn’t part of the standard library, because that means that updates - including updates that are extremely important to maintaining the health of the library over time - are possible without an entirely separate release of cPython itself.
"But that would require us to port to a different http library - do you have any idea how many places we do intricate things with requests all over the place?"
"Ok, let's test it out switching requests to its async mode..."
Async is a whole different paradigm. You can't just "turn it on" in a library without significantly affecting how one interfaces with it.
I'd be very careful with the word always there. I've worked in projects where almost every external library we used someone felt they had to build a "wrapper" class or two around. When you're doing that you realize the reality of the situation is that most developers are totally shit at designing APIs, and instead of using the library's probably-quite-well-thought-out & flexible API (after all, that's likely why it became popular enough to come to your attention), you've got to spend your life using this - for lack of a better term - gimped up abortion of an interface. Which typically doesn't even succeed in the purported task of giving you library independence so long as it doesn't sanitize all of its possible return values and catch & re-throw custom exceptions. Be wary of this hole.
But yes, I did try and specifically mention intricate use of requests to try and leapfrog that conclusion.
Before version 2.16, Requests bundled a set of root CAs that it trusted, sourced from the Mozilla trust store. The certificates were only updated once for each Requests version. When certifi was not installed, this led to extremely out-of-date certificate bundles when using significantly older versions of Requests.
For the sake of security we recommend upgrading certifi frequently!"
It isn't completely clear but it sounds like they (used to) copy the Mozilla Trust Store wholesale, which isn't a particularly controversial policy. They might be one of the more open stores.
Especially the way a lot of python packages are used - as deeply nested and possibly pinned dependencies that maybe never get updated.
My shitty laptop costs pretty close to 3k with all the mods I have on it. My work laptop came it at over 5k. A descent desktop for a developer can cost around $10k. My fancy dream machine is over $20k.
$30k is peanuts. That's one month's wages for a senior dev. I've seen project that cost 50 times as much and the only delivery was a button of a different color.
I have no idea if anything else said there is true or not and I have no interest in looking at more drama.
1) Knew about a feature a volunteer was working on
2) Started a fundraiser for the feature
3) Kept all the money
Of course, like you, I have no idea if the underlying accusations are true or not, although I will note that all those archive.org links are going to be hard to explain away. But I don't think "it was only $30k!" is a valid defence here.
That's not quite right. He knew about a feature being added to a separate dependent library. Further work would be needed to leverage it. The author wasn't promised any money.
Ah, but was this made clear in the crowdfunding proposal?
It is not specific as to how he planned to support async.
If you're a volunteer and expect to be paid make it clear before hand. If you've written open source code and someone takes it without paying for it ... that's the whole point of open source. If someone tells you to work for them without compensation tell them to take a hike.
At any rate, drama like this is why I don't work on open source any more. Too many people with too much time and too many issues.
I did not detect that tone at all. Rather, I interpreted it as surprise that Reitz spent $5k of a fundraiser very explicitly earmarked as being "to support Request 3.0 development" on a computer, when a new computer is not obviously something you need to develop Requests 3.0.
I also didn't get the feeling that the author expected to be paid (in fact, he seems quite clear that he did not).
$30k isn't a huge sum, but you still need some transparency and accounting. A line item saying "it all went to me, to reimburse me for all the work I'm doing on the project" is fine, but you still need the line item so people can evaluate it.
The article does raise some good concerns of whether he claimed on the donation page to work on things he wasn't personally going to do. I just think a few of the article's angles are pretty flawed and uncharitable.
I've had people stalk me, much like this post, and demand I give a line item breakdown of where the expenses are going.
This is a huge problem for the ecosystem since we are being left with the no-hopers who are unemployable for a reason. And the corporate funded developers who have a huge conflict of interest.
Only in very unusual places in the world, with unusual employers.
> My shitty laptop costs pretty close to 3k with all the mods I have on it.
If it's "shitty" and cost almost $3k, you were either taken for a ride or have unrealistic expectations.
> My work laptop came it at over 5k. A descent desktop for a developer can cost around $10k.
What kind of work and developer are we talking about? The only ones with computers near this cost I've met usually called themselves "Engineers" and were doing fluid modelling/finite element analysis. Or realtime video processing.
16 gb ram, i7, 1tb ssd, 2tb hd. It's also 5 years old, but I'm just too used to the bloody thing to get rid of it. That developer laptops are basically mass market machines is the reason why so much software sucks and why nothing new is being pushed out.
>What kind of work and developer are we talking about? The only ones with computers near this cost I've met usually called themselves "Engineers" and were doing fluid modelling/finite element analysis. Or realtime video processing.
My title does have engineer and principal in it, the other words change every six months or so.
I run a lot of ML models locally before I let them run on the real machines. Most of the cost of the laptop came from all the ram I need to run a couple of dozen VMs to see how our wonderful heterogeneous data environment reacts to something being changed - most of the time the answer is "badly".
That task really comes nowhere close to the requiring the hardware you describe as being essential to your work.
Come on, let’s be frank: he wanted a new top-of-line MBP, regardless of what he’d do with it. He knew he can leverage the fame he carefully cultivated (has said as such in the past) to get it paid for, so he did it. And will keep doing it.
If one fosters a personality cult, one should be ready to stand scrutiny.
God knows that happens enough in finance for much worse outcomes.
The point wasn't specifically a complaint about spending $5K on a computer but more establishing a pattern of a lack of transparency which the author thinks has an overall negative effect on community-funded, multi-author/community-run open source projects in Python.
Also, as described, it sounds like Smith - an author of the networking package which Reitz was planning to use - presumably knows what hardware needed to develop and test the network layer.
It doesn't appear, though, that the author was part of that team, or promised any of the money.
The author says this:
"If he'd found another way to use the money on Requests, then I would have been totally happy. I didn't have any claim on the money"
Other parts of the post do seem to indicate something isn't right. But it's not exactly as straightforward as you're saying.
Apparently, there was some sort of agreement that OP would not be disclosing his own related work independently of Kenneth. This makes him very much "part of the team" in a rather significant sense, and he does seem to share some responsibility from that POV.
Where's that? I'm unable to find anything close to that in the post.
I'm just pointing out that the sums they are talking about here are laughable. Anyone who thinks that 30k can pay anything to a team should have a look at getting a real job. Him getting paid for the bother of working as the project coordinator sounds about fair for two months part time. The rest of the contributors should have been doing the work out of interest when they have free time with nothing better to do.
I have a hell of a time explaining to people that I'm happy to contribute 1 hour 8 times to their projects for free, but if they expect 8 hours once it will cost them.
People have different ideas about what computer. A high end Mac book pro is $4,249 with max cpu, 32gb and 1tb ssd and 4gb gpu. So if you add in bigger hard drives and software and taxes so you can hit $5k.
It seems not very productive to argue over using cheaper tools. Obviously you can program python on a chromebook, but I would never work for a company that expected it. I think my last dev laptop cost $3500 or something.
Except for when it does, and linking to a lifestyle article on medium as a source to back you up doesn't really hold water.
There might be something wrong, but that's no reason for what ultimately is a very subjective public character assassination piece, no matter how cautious and caring the author claims to be.
It does sound like the author has a legit complaint, but the embellishments don't help.
Unattributed quotes are facts, even if they aren't easily verifiable by third parties. But then, most facts someone observes and reports aren't easily verifiable by uninvolved parties. And there is very little conjecture where the factual basis isn't presented so that one can judge whether the conjecture is warranted given the stated basis (of course, generally one must also deicde whether or not to trust the description of facts.)
> which makes it read more like retaliation.
It doesn't read like retaliation to me at all, nor is there any apparent thing to be retaliated for unless you accept the account itself, in which case it's just an account of the facts and not retaliation.
That’s a shame, because I also believe that all projects like this have room for improvement.
In context, it's clearly meant to hint at a purported pattern of problematic behavior, the specific instances of which the author is unwilling to get into, for whatever reason. While gossip is always unsavory to some extent - anonymous gossip all the more so - I think we should be respectful of the author's choice here and not take what they wrote as being by definition a violation of civility norms (as a personal attack would be).
The amount of money is ridiculously small. It isn't worth the time to focus on it.
It is too bad the popular library doesn't have a competent maintainer. But at least he hasn't screwed it up.
Maybe someone should just write a replacement with better features and then we can all move on? Sounds like the best solution to me. Probably easier to do than dealing with him or even fighting him.
I guess I wouldn't focus on attacking this guy, it just isn't worth it. Life is short, the stakes are small, and it just isn't worth it.
Well, it's donated money... Do you think the people who donated share this view?
But he hasn't committed code to requests in years, and I don't see any of the other maintainers popping up to say he's doing good work as a maintainer(which could be non-code contributions). It seems like his contribution is mostly marketing at this point.
I typically only pay attention if it just seems out fraud.
I don’t know if everyone else feels the same way, but I suspect so based on the poor documentation.
It’s kind of like, I think, if I give $5 to a busker and she ends up buying an expensive beer instead of the daily special.
I just don't think we should be excusing things because it's (what some people think) is a small amount of money (note - about the average yearly income for a Canadian).
I don't expect him to manage it well. I'd have been happy if half of the promised work got delivered and the money was spend on hookers and blow. I know most of the fees for my portfolio are funding that type of thing already.