Hacker News new | past | comments | ask | show | jobs | submit login
[flagged] Chef dependency removed after agreement with ICE (github.com)
58 points by gionn 27 days ago | hide | past | web | favorite | 71 comments



Can someone explain what the guy's action accomplished? If you yank your code from the internet, and people have backups of it, and it was under the Apache license, it seems to me that people can just restore the code and keep working with it as if nothing happened. The license is perpetual, no? And that's not just a technicality - if FOSS licenses were revocable by the author at any time, only idiots would use FOSS in their business...


He removed his repository because it was used by a company that he thinks it did something he disliked. I don't know why it matters, at least in the grand scheme of things. For him it probably matters due to his personal views and it'll probably matter for those who align with his views (assuming they know about that move).

In any case, anyone is free to do with their code whatever they like. If you depend on anyone else's code keep in mind that you do not have control over them and any expectations you may have about their actions may not match theirs, so take that into consideration when making those dependencies.


Seth is a big deal in the Chef community, so it's important to understand that. In fact, he's a big deal in the devops community.

What he did was make a statement. He made it clear to the Chef _company_ that he can not,non good conscience, contribute code to organizations that he feels are working with extremely bad actors. This is his way of protesting. Chef is able to (and in fact already has) ignored him and restored a copy of his code and formed it under a new name. (Citation needed but I believe that was a statement from Seth I'm Twitter.)

To everyone snubbing Seth for doing this, let's go "Nazi" with it. If Chef did a deal with the Aryan Nation and FOSS contributors pulled their core and support, would people feel the same? Probably not, right? Well, to many, what ICE is doing is _literally_ along the lines of what the Nazi party did. (I'm not asking that anyone agree with that sentiment, just that they acknowledge that it exists.)

So, Seth exercised his right to free speech and right to protest by publicly pulling support for an organization that he has helped significantly. This is a loss for the Chef org and the Chef community. It has also been quite effective because this isn't the first place where I've seen this conversation and it won't be the last, in the next few days.


The CEO of Chef responded to this with a blog post: https://blog.chef.io/2019/09/19/chefs-position-on-customer-e...


It’s the only logical conclusion. Any other would result in inconsistencies and uneven application. One cannot continually evaluate and determine worthiness (as defined by you) of all users.

Moreover this program began under the Obama admin. So the decision itself is internally inconsistent.


> One cannot continually evaluate and determine worthiness (as defined by you) of all users.

Why not? Or even, occasionally evaluate and determine worthiness?


How can you go into the private thinking of people? Are we going to surveil them? It’s impractical.


You could rely on investigative reporting done by others. You won't catch everything, but you'll catch some stuff—which is better than none.


Why does that make it internally inconsistent? It sounds like you're advocating for blind political loyalty.


Ironically it’s hosted on github owned by Microsoft which certainly works with ICE.


Even more ironically, it comes from a Google employee, when Google is so much widespread, that it's guaranteed to be working with morally questionable actors left and right; or (according to many people) being /the/ morally questionable actor.


The cited contract is with C & C INTERNATIONAL COMPUTERS & CONSULTANTS, INC. who purchased $95k of Chef licenses.

C & C INTERNATIONAL COMPUTERS & CONSULTANTS, INC. is listed in the contract with these business types:

- Woman Owned Business

- Women Owned Small Business

- Economically Disadvantaged Women Owned Small Business

- Minority Owned Business

- Black American Owned Business

- Corporate Entity Not Tax Exempt

- For Profit Organization

- DoT Certified Disadvantaged Business Enterprise

- Small Disadvantaged Business

- 8a Program Participant


Am I reading this correctly: a business owned by a black woman sold a product, and a white male has responded by sabotaging it?

Not a great look, for him or his employer.


This seems like a stretch. What does gender or race have to do with the grievance?


Am I missing something? It looks like a generic procurement /federal contractor company entered the contract, and not Chef.

That’s like ICE buying Cisco switches from a 3rd party and getting mad at Cisco isn’t it?


I originally thought so too, but based on the CEO's blog post, it sounds like they are more involved with ICE for this project than simply licensing their product to an independent contractor: https://blog.chef.io/2019/09/19/chefs-position-on-customer-e...


Yes, let's get mad at the people enforcing the laws instead of the people who write the laws.

Then, we can turn off our code, make a big announcement, and feel good about ourselves without making any meaningful effort to actually help.

What. A. Great. Plan.


You can do both, it's not mutually exclusive.


On this case, I don't think your Law requires children to be imprisoned away from their parents, nor that it requires that illegal immigrants be imprisoned instead of deported. If that is really the case, the blame falls entirely on the people enforcing it.


When my parents went to jail, I didnt go with them. There are obvious logical considerations both sides are ignoring here. While seperation is clearly not good, the alternatives may be worse in some cases, as they were mine.


This is whataboutism. You can and you should engage politically against every level of institutions who hurt moral principles you believe in.


[flagged]


Engaging politically is not virtue signaling.


It is to nihilists. And also to those who seek to disarm others and render them unable to act for their beliefs.

You see, then, the dire trouble we are in as a polity.


The entire concept of engaging against institutions that one feels are immoral is "being an asshole"? Or just this one? What principles are such a broad, hateful sentiment based on?




Wtf is chef...


"Chef is a company and the name of a configuration management tool written in Ruby and Erlang."[1]

[1] https://en.wikipedia.org/wiki/Chef_(software)


All I could think of was this[1] and was wondering how a silly esoteric language can cause human rights issues.

[1] https://esolangs.org/wiki/Chef


It’s a tool for webdevs to do simple configuration of web servers without leaving their comfort zone of Ruby On Rails.


What people used in the past before Ansible was a thing.


What is the contract about? Can't seem to find any details regarding this.


> I apologize for the disruption to your workflow. I will be happy to restore the old repository and gem versions if Chef cancels their contract with the agency.

Great, take something out on me because of your personal politics!

I, for one, look forward to a future of navigating politicized open-source constraints of each creator.

And of course, the creator of Chef-Sugar works for Google.

Edit: Here's a mirror: https://gitlab.openminds.be/mirror/chef-sugar/-/branches

Edit: Appears Chef itself has taken over: https://github.com/chef/chef-sugar


I think it's reasonable whatever one's view. He made it. He can pull it. This is literally what this freedom is all about. I don't understand when the personal expression of developers of free software became constrained by some kind of nebulous corporate responsibility.


Sorry, I'm just a jaded old man pining for the old days of just throwing some code over the fence and letting folks use it.


Well he's hasn't climbed over the fence and taken it back. He just stopped throwing it over the fence on a continuous basis , right?


I suppose that would make it an empty gesture devoid of practical consequence then?

Looking through the commit history[0], he doesn't even look to be all that prolific as compared to other contributors. One would imagine those folks would keep on keeping on in some fashion.

[0] - https://gitlab.openminds.be/mirror/chef-sugar/commits/master


That "day" never really existed; you always own the consequences of your actions, even if you choose to pretend you don't.

Seth, to his credit, is doing what he can about his. Legally, there isn't much. But if a minor inconvenience--and it is minor because Chef is already busily scrubbing his name from "chef-sugar-ng", including removing him from the cookbook's authors, they can get their replacement just fine--alerts members of the Chef community to their ratshit behavior, that's a positive. Because some, who do not hold amorality as a virtue as is en vogue in these parts, will probably take exception to it, too, and they should know.


I, for one, look forward to a future of navigating politicized open-source constraints of each creator.

You get what you pay for.


What is your point here? I'm not following.


You didn't pay for the software, so there is no service-level agreement. The software could be pulled at any time, for any reason, or no reason at all.


If you have a problem with FOSS and authors having ownership of their creations, feel free not to use it.


I contribute to FOSS, have a number of small projects ballpark of [1,000, 10,000) users. I guarantee I disagree with a non-trivial part of those folks, politically. I don't put in constraints to deny them because of that. That's the world I want to live in.

> feel free not to use it.

If you disagree, feel free not to comment /s


It is a bit ridiculous. Are people going to start pulling things from projects because they find out that FOSS is used heavily by the intelligence community?


If an author of a free software believes that it is against his own morals to indirectly assist some organization that they see as immoral then, yes, they have the freedom to stop working on that software as there is no obligation on their part to continue doing so.


I should have clarified my point a bit. I'm not debating ones prerogative to do it. But we as nerds know the things we make can and are used by "bad"* actors but typically say it's better for the common good so we should keep it. Things like encryption, heavy math libraries in the world of nuclear physics, rocket science, VPNs, etc.

So when we discover one bad person using our software and subsequently yank it, aren't we being a bit hypocritical?

* I quote that because not everyone agrees that DHS and ICE are bad actors and want to avoid a political tangent


YMMV, but to me there's a difference between directly creating financial benefit for the owners of a largely closed software ecosystem--and Chef in practice is a largely closed software ecosystem, it's single-source and they're doing their damnedest to squeeze money out of their users right now--and more general open-source publishing.


So what you're telling me is people would be really disappointed if they noticed Puppet Labs makes money from the same people?


Disappointed? No, I'm not naive.

But if I used Puppet I'd be just as ripshit and hold them to the same standards.


Yes.


It's their prerogative to do that if they so choose. If you don't like it, don't rely on it. Get commercially licensed software where this can't happen or write your own.


I would if they were accepting $100,000 contracts with the NSA. Yeah.


https://opensource.org/osd-annotated

> 5. No Discrimination Against Persons or Groups

> The license must not discriminate against any person or group of persons.

> 6. No Discrimination Against Fields of Endeavor

> The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research.

---

Being potentially used by organizations you don't agree with is what open source entails.

There also appears to be nothing wrong in the FOSS model of taking the last published version and forking it... and releasing that.


A FOSS license allows an organization you dislike to continue using your software, but it doesn't require that you continue working on and providing that software on any specific way (there is the requirement in GPL to provide on request for a limited amount of time but it doesn't specify method and that can be done via - e.g. - email).

Others can pick it up from where you left and continue, of course.


The license doesn't do any of those things. The author has chosen to stop hosting the project because of those things.

That is their right.


So what's stopping anyone - e.g. Chef or ICE - from just forking the code and continuing as before?


In this case probably that the author removed all files from the repository. But if someone finds a copy: Nothing. It was (as far as I can gather) under an open-source license and people continue to have all the rights associated with that.



This is ridiculous. It’s unsustainable. There is no way you can audit all your users to determine how law abiding, ethical, moral and whatever other measure you want to use.

It’s a bit of immature posturing.

If I need something and I can’t buy it directly I’ll go to a third party who will buy it for me. So it’s kind of futile anyway.

Imagine if Bernie wins and then everyone who doesn’t like socialized medicine (physicians, etc., go on strike — oh, my bad, they wouldn’t be allowed). Or big pharma said, we’re not selling to government, they are telling us to depress prices, we disagree!


> Or big pharma said, we’re not selling to government, they are telling us to depress prices, we disagree!

Big pharma has said this many times to many governments. When Brazil started to negotiate, we had to invalidate patents so somebody would sell the drugs.


Do you think that was the right and consistent decision and did you agree with it?


What decision?

The pharma industries were acting like perfect assholes, denying their product to people that need it for strong-arming them into unreasonable prices. But that's entirely dependent on the details, they could be as well just be negotiating a fair price and the description above wouldn't change a bit.

The government was well within its right to invalidate the patents for protecting its people. That again is dependent on the details, it could be an antieconomical action against the freedom of initiative and still have the same description. The fact that those same pharma companies currently get more profit than they did at the time, by selling a much larger amount of medicine (for a lower unitary price) is strong evidence that the government was right.


It wasn't taken out on you, personally.


But it was taken out from him, personally.


He can still fork it from other sources.


Never claimed it was.


Then stop complaining?


I think we can all agree that, whatever your politics, working for ICE is abhorrent and deserves punishment.


The best part of this debacle is the author is still getting a paycheck from Google.


Moral of the story: do not do business with Google because you can’t tell when some random employee of theirs will decide to pull the plug on you. Or maybe you’re just collateral damage in their country’s internal political squabbles. Either way you have no recourse, because Google.


and ICE is likely using Kubernetes, too ;)




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: