Hacker News new | past | comments | ask | show | jobs | submit login
The Day AppGet Died (keivan.io)
1930 points by lostmsu 35 days ago | hide | past | web | favorite | 535 comments

Author here, Because it's sure to come up here is a comment I wrote on Reddit that clarifies somethings, I haven't updated the original article since I'm not sure what the etiquette for updating a highly shared article is.


Code being copied isn't an issue. I knew full well what it meant to release something opensource and I don't regret it one bit. What was copied with no credit is the foundation of the project. How it actually works. If I were the patenting type, this would be the thing you would patent. ps. I don't regret not patenting anything. And I don't mean the general concept of package/app managers, they have been done a hundred times. If you look at similar projects across OSes, Homebrew, Chocolaty, Scoop, ninite etc; you'll see they all do it in their own way. However, WinGet works pretty much identical to the way AppGet works. Do you want to know how Microsoft WinGet works? go read the article (https://keivan.io/appget-what-chocolatey-wasnt/) I wrote 2 years ago about how AppGet works.

I'm not even upset they copied me. To me, that's a validation of how sound my idea was. What upsets me is how no credit was given.

Ah yes. The new Microsoft, same as the old Microsoft.

I am really sorry this happened to you. On the scale of Microsoft, or even on the scale of what they're putting into this effort, it would have cost approximately nothing to give you an "acquisition" you would have been happy with. If the job didn't work out, they could have given you a fat consulting contract for a year or two. Or they just could have written you a check.

And it would have cost them actual nothing to just treat you with respect. Say how much they loved your work. Credit you publicly as a leader and an inspiration. Arrange a smooth transition for your users.

For what it's worth, I'm glad for you that the job didn't happen. Much better to be far away from people like this.

Reducing this down to a Microsoft thing is a bit hasty. Apple has done it. IBM has done it. And, when I was working for a less well-known company, I once burned a whole lot of social capital trying to prevent it from happening.

At least in that instance, there was never anything overtly malicious happening. It was just your garden variety "banality of evil" situation. The existing corporate decision-making structures - that is, the bureaucracy - had no real mechanism to make sure that things like this are handled in an ethical manner. It's really hard to accomplish something that the bureaucracy isn't designed to handle, because that means that it's not really anybody's job to keep that particular ball rolling. So all it takes is one person not really giving a damn (perhaps only because they don't understand why they should) to scupper the whole thing.

If that experience is similar to how these things happen at Microsoft and Apple and IBM, then the problem isn't Microsoft, the problem is American workplace culture, and we have a responsibility to change how we work. Not in reaction to specific instances like this that have already happened, but in anticipation of, and in order to prevent, things like this from happening in the future.

Are many companies terrible? Sure. Is that an accident? No.

However, Microsoft specifically has a history of being aggressively terrible in exactly this way, which is what I was referring to. For example, the time they talked with a company about an acquisition only to ghost them and totally steal their work: https://en.wikipedia.org/wiki/Stac_Electronics#Microsoft_law...

They also have a more recent history of not behaving this way, and of winning back a lot of trust. This plainly isn't helping them now, but I do agree with the GP - this isn't a "Microsoft thing"

Sure. But let's consider why we saw a change for a while. In their heart of hearts did they reform? Did they really see the error of their ways and vow never to misuse their market power again? Many people seem to think so.

I think the simpler explanation is that US v Microsoft and other anti-trust action combined with their declining fortunes scared them for a while, causing them to perform goodness. But now that the heat's off and they're on the upswing, they're returning to old patterns.

We'll see which explanation fits better over time. But it was all of two days ago that the Slack CEO, not given to hyperbole, said that Microsoft is "unhealthily preoccupied with killing us": https://www.theverge.com/2020/5/26/21270421/slack-ceo-stewar...

So I don't think my view is unreasonable.

I think the reason for the change was 2 things.

Firstly, with the shift to the cloud, cross-platform was inevitably going to become more important - Linux is much loved in the server space.

Secondly, they realised the importance of developers in the shift to the cloud - their cloud, Azure, and also their DevOps tooling, Azure DevOps (and later Github).

Do I think their positive moves were altruistic? No, of course not - they are a corporation, a public one at that, and ultimately must generate money for their stakeholders.

But that doesn't mean their positive moves can't benefit me, or the development community, at the same time.

Honestly, the embrace & extinguish thing became a tired meme long ago; Microsoft are not somehow special in occasionally fucking someone over - every large corporation does this. It doesn't excuse it, of course, but the point is it's not a "Microsoft thing", and it doesn't invalidate all the goodwill they have generated in the past decade or so.

If the "goodwill" is the result of calculated manipulation, which is what even you seem to believe, then I would hope that invalidates it thoroughly.

As to the reason for the change I think we're saying the same thing. If they could have snuffed out Linux, they would have. Their ongoing antitrust problems helped prevent that, allowing the Linux ecosystem to flourish. They have since been unable to abuse the power that they no longer have.

Again, time will tell if you're right thinking that Microsoft is merely just as awful as other large companies. But reasonable people can assume that it will be just as bad as before if they regain their power.

It's not even American. I can easily imagine it happening in any large company.

This "Andrew" is isolated from everything by multiple levels of bureaucracy and regulations. Even if he wanted to make right, he would've just burned his accumulated clout it vain. Hire as a contractor? No matching position. Write a check? No such budget line item. Give a shout-out? Leave marketing to the marketing dept.

Exactly. He couldn't even give a line item credit because Legal would step in with a barrage of concerns compelling management to remove it.

None of these explainations for how this reprehensible behavior came to pass, suggest to me that it's unfair or unreasonable to call it, and the entities who do it, reprehensible.

Exactly. It's not like people in those companies get nothing done. E.g., Microsoft got the product out the door. So any apparent incompetence at treating humans humanely is a choice.

That’s not really what “banality of evil” means: https://en.wikipedia.org/wiki/Eichmann_in_Jerusalem

Indeed. Perhaps Hanlon's Razor is a better parallel for this particular situation: https://en.wikipedia.org/wiki/Hanlon%27s_razor

I've also heard it expressed as "Never attribute to malice that which is adequately explained by incompetence".

Although in this case I'm not sure organisational incompetence is necessarily a good enough explanation given there are ex-Microsofters in the discussion suggesting that people would actively have been weighing up whether or not to screw over Keivan. (Obviously I have no idea how likely that is to be true either.)

When "organizational incompetence" consistently yields the same result, it's not an accident. As the systems thinkers say, the Purpose Of the System Is What It Does (POSIWID). It's the same way wily teens are incredibly bad at things they never wanted to do in the first place.

>Ah yes. The new Microsoft, same as the old Microsoft.

I wouldn't say that. It's a big company thing.

Saying that it’s just “a big company thing” is giving Microsoft a pass here. Look at their recent PR: wanting to embrace the developer community [1], their love of open source [2], etc. While AppGet may be an isolated story, I’m inclined to believe that MSFT is simply acting they way they’ve always have — by embracing, by extending, and by extinguishing.

1. https://arstechnica.com/information-technology/2017/05/micro...

2. https://www.theverge.com/2020/5/18/21262103/microsoft-open-s...


Microsoft doesn't let any open source build of VS Code access the VS Code Marketplace. Heavily reduces the benefit of VS Code being open source when you can't use any extension or service built for it without building it yourself.


TIL. It looks like a drawback we should point out.

What happened to AppGet is not what embrace, extend, extinguish means. This strategy refers to writing software compatible with existing dominant software surrounding some shared interop (e.g. a file format they can both read, web standards they both implement, a networking protocol so they can communicate with eachother, etc), gaining market dominance, then making your once compatible software incompatible. Absolutely none of this happened with AppGet.

Yeah, that's exactly what I had in mind. Microsoft had a very specific modus operandi in their bad old days, that was different then what they did with AppGet. Here they basically acted like a regular big company trampling over a small company. You'd be hard-pressed to find any big company that hasn't done that. I remember, for example, when Google created 'Go' lang, they didn't care that there was an existing programming language named 'Go!'[1]


Though I agree that this is not an example of EEE, it is still very similar to behaviour from the past:


Kind of. The difference is that AppGet is open source with no patents - so what they did was legal and, you might say, within ethical boundaries (except for the way they treated Keivan by stringing him along and then ghosting him) - though I could be persuaded that it isn't ethical for a trillion-dollar company to simply copy an existing open-source project, without some sort of voluntary compensation.

I agree there is a strong embrace here. And that's usually good. Another alternative is neglect.

Microsoft has unusual ability to move swiftly, with all its weight it may be not graceful. That said they do not always extend and extinguish. Often they make clone and ride it

Oracle => MSSQL

Java => C#

AWS => Azure

To make objective decision it would be nice to have a list of Microsoft inspirations with their fate and Microsoft actions.

Calling it "WinGet" was the real punch in the gut.

Does Microsoft select for assholes or something? There's a thousand other package manager names [1] in the wild and they chose that one.

So much for "developers, developers, developers"...

[1] https://en.wikipedia.org/wiki/List_of_software_package_manag...

> Calling it "WinGet" was the real punch in the gut.

I feel for the guy, but someone who called their package manager "app get" in 2014 when "apt get" has existed for since 1998 is in no position to take umbrage at a competing package manager having a six-letter name ending in get.

I think there's a huge and obvious difference between an open-source dev naming a package manager for a non-Linux platform "AppGet" in reference/homage/whatever to apt-get; and Microsoft, a multi-billion dollar company, dangling a carrot in front of the developer of a program called AppGet then ghosting him, forking his open-source project and calling it WinGet, and not even having the decency to publicly credit his work.

I believe they didn't actually fork his code, what they did is build a brand new project that is heavily inspired by AppGet.

Also, they have now corrected the credit: https://devblogs.microsoft.com/commandline/winget-install-le...

I think the authors umbrage is not about naming it that, but them copying his project after this whole process and then naming it that and still not really crediting him.

How does AppGet compete with apt-get?

I thought AppGet was a pun on apt-get and thought the name was clever.

I thought it was better named than Chocolatey or Scoop.

Edit: plan > pun. (no idea why I wrote plan, i think I wanted to write play)

Chocolatey is a pun on NuGet, which is presumably inspired by apt-get.

It's not about competing, it's about naming

To me, context matters. 'AppGet' sounds like a friendly hat tip to the legendary apt-get, given that they don't compete.

'WinGet', a direct copy of 'AppGet', is not a friendly reference IMO.

And why is "WinGet" not also a reference to apt-get? I've never even heard of AppGet before this morning.

AppGet sounds like "apt-get".

On the other hand "WinGet" sounds like "wing-it" i.e. release any piece of junk and fix later. Maybe. Which TBF does seem to be how Microsoft works anyway.

> release any piece of junk and fix later. Maybe. Which TBF does seem to be how Microsoft works anyway.

It's been a while, but I managed to corrupt oneget/package management on windows within a month of it being released; I spent about a week trying to fix it and eventually figured out what the problem was (though I've since forgotten the details) only to find it unfixable without reinstalling Windows.

Unfortunately, reinstalling Windows means Office won't reactivate--I've taken it into a Microsoft store, and they couldn't help me.

It doesn't, but the name is too similar to apt-get. It's a naming issue.

I would think that their old system of stack ranking would have had that selection impact. It has been gone for a long time but could it have had a lasting impact on company culture by who was being kept and who was promoted into positions that are responsible for the culture today? I don't think such a thought is unreasonable.

I only know a tiny bit about stack ranking, but I would think just the opposite... wasn't it designed to (at least partially) select for more conscientious employees?

>Calling it "WinGet" was the real punch in the gut.

Should they name it "wget"?

>Does Microsoft select for assholes or something?

Probably, but it's not limited to Microsoft.

Any company where revenues are the highest goal (and all publicly traded companies should be this way; it's an obligation to share holders) will, generally speaking, select for assholes and sociopaths.

How strong that selection is, how pervasive, and how quickly it happens are variables in the equation, but the effect is the same, and it sucks.

In all fairness:

- "NuGet" is super-popular in .NET circles (included in Visual Studio by default)

- "apt-get" is the classic tool for Windows Subsystem for Linux

So "WinGet" certainly "makes sense" as a name without being a direct ripoff of AppGet

I’m not sure you could have illustrated their point more perfectly than this. But please don’t feel like people are amused at your expense — it’s just such a perfect demonstration of exactly what they were saying.

FWIW, I agree with you that WinGet is an entirely logical choice, catchy, and ultimately unrelated to AppGet. Yeah, it may seem like the choice was made intentionally / in spite of AppGet, but anyone who knows a bit about big company dynamics will tell you that the explanation for situations like this is usually mundane, innocent, and often dysfunctional — much like a toddler. A toddler that happens to have a billion dollars and can reshape the world with its decisions, but still similar. “The name is catchy and I like it” is akin to “I see red ice cream and I want it,” and it’s probably nothing deeper than that.

It was rather unfortunate to use apt-get as an example and then say it was for Windows, though. :)

> "apt-get" is the classic tool for Windows Subsystem for Linux

APT is the classic tool for debian-like Linux distributions. FTFY

Get used to it, this is going to be the bulk of the "Linux" users from now on.

Edit: Imo not a bad thing, it's just how it is. A lot of people will learn (of) Linux through WSL. Linux as a runtime.

Considering the fact that there are five times as many Android devices as Windows devices, and the greater ease of use of Termux compared to WSL. I find that highly unlikely. Anecdotally every newbie programmer I've seen try to use WSL has just ended up installing Linux in frustration.

> greater ease of use of Termux compared to WSL

pretty subjective, I'm guessing most people find terminal-based stuff easier/nicer on a computer with an actual keyboard, rather than a (relatively) small phone screen with a touchscreen keyboard.

I believe Termux is also pretty majorly restricted by Android 10 (can only run binary code included within the application package, so no downloading additional linux packages or compiling things locally, I believe)

Termux is a terminal emulator, WSL is a subsystem. Did you try [0]? And WSL2?

It's pretty compelling, I predict they will pull in a lot of Apple (who use it for the terminal) devs and make a lot of Windows first devs very happy. And there are a lot.

Btw, am I downvoted because my original comment in not constructive or do people not agree with me?

[0] https://www.microsoft.com/en-us/p/windows-terminal/9n0dx20hk...

I doubt it pulls in anybody in the unfinished state its in. WSL does not integrate very well and is miserably slow. My 13yo thinkpad runs circles around WSL running on my workstation. WSL2 is still beta, and given how buggy 1909 still is, I am not installing 2004 on anything I care about. And I recently tried Windows Terminal, but it couldn't even give me an admin prompt without giving every single session elevated privileges, so I gave up after 5 minutes.

By the way, every terminal application you're used to (Terminal.app on macOS, iTerm, the Windows Terminal, Ubuntu's Terminal application) is a terminal emulator. I've tried WSL1 and 2 and couldn't get past the typing latency, awful font rendering, incredibly slow downloads, apt/dpkg bugs, and not syncing with the actual filesystem like Linux/macOS do. For example, I like to copy my dotfiles to ~/Dropbox/dotfiles. This isn't possible on Windows, and if you force it to do so it will corrupt the files.

Termux is a lot more than just a terminal emulator.

Wait! apt-get is not Microsoft's invention https://en.wikipedia.org/wiki/APT_(software)

It still looks really bad. If you're going to copy and kill off [1] an OSS project, when you're a major company who owns the platform, with a long history of this sort of thing, after baiting the developer for information, then copying the name on top of it is just cruel and in poor taste.

Context matters. That's the key point here.

Plus your two examples out of a hundred or so examples doesn't make it common either (or maybe one in a half examples since apt/apt-get/apt-cache are the three Debian programs under APT umbrella).

[1] there was no way this project was going to continue despite their nonsense about "broadening the options in the community", they knew what they were doing

> If you're going to copy and kill off an OSS project

Many OSS projects (and pretty much all of mine) were started to scratch a particular itch, so if that itch gets scratched by another project, I'm not terribly concerned.

It's more problematic if the competition is a half assed solution that, by virtue of being backed by a larger company, still sucks the oxygen out of the space you're trying to serve.

> "apt-get" is the classic tool for Windows Subsystem for Linux

Hello darkness, my old friend…

Yeah I hope the TLD read is that this article has nothing to do with Microsoft embracing Linux and Debian distribution related tools are safe?

I would have preferred irrelevantGet but WinGet is unambiguous enough.

Don't work for free on proprietary systems or single sponsor opensource is a lesson cheaper learned by watching others.

> Don't work for free on proprietary systems or single sponsor opensource is a lesson cheaper learned by watching others.

Well in the author's case the tool was just as useful for them than for the others. Nothing wrong with helping the community, regardless of the ecosystem.

Your point is solid ('get' is a common name for packaging systems) but if you're not familiar with Linux, apt-get is from Debian.

This comment should have a dualised state: downvotes that push it higher and upvotes that push it lower.

I can say I’m a bit upset on your behalf. Actually acquiring the code would have cost Microsoft very little money, would have ended up with a better product and also would have brought along the current user space in a very graceful manner.

They didn’t even need to acquire - MIT license means they could just fork it and use it as they preferred, keeping his name in the About screen that nobody reads. But it would have looked bad.

So they did this and... it looks even worse.

There's no common code between the projects; they're not even written in the same language. It's hard to say it's a "fork". They both just use yaml manifest files on GitHub as a registry (which could be good for appget! It should be easier to set it up as a trusted package registry with verified non-malicious packages!). That's the commonality. I'm not sure we should grant monopoly on _broad architure choices_ when software patents are already considered so toxic. And appget _did_ at least get a callout in the release announcement, so it _was_ mentioned as an inspiration, in the same breath as chocolatey and others...

The meat of this blog post, to me, seems like the terrible hiring pipeline with no feedback. That seems like a really bad experience. I can only imagine that someone really dropped a ball somewhere.

Nobody talked about granting monopoly, it's just about common courtesy really. They basically strung him along before cloning his tool in the dark, when they could have done it in the open in various different ways. After the failed hire, just give him a heads-up like "hey, we really like your stuff but for various reasons we can't hire you and we need to rewrite it, what about we make this manifest a bit of a common standard? We'll credit you for that", and then everyone is happy.


Presumably they wanted to keep control of copyright, although their claim on their website is that otherwise they "couldn't build a repository of trusted applications ".

It reminds me of the way secure boot was rolled out where Microsoft said that this was all about "trust" and yet OEMs who are always keen to keep Microsoft sweet would strangely only bundle windows keys.

Looking at the source: Appget is licensed under Apache-2.0 https://github.com/appget/appget/blob/master/LICENSE

I wonder if things would have been different, if the product was licensed under Gplv3. If so, he could demand to check if Microsoft violated the license https://www.gnu.org/licenses/gpl-violation.en.html (to check if this is a completely new rewrite for example).

Update: Ah looks like Winget was sourced in C++, and Appget is in C#

Just because you can, doesn't mean you should. (Pretty much my maxim).

They could have approached the project owner, said they'd like to use the structure under the MIT license and offered a job/cash as a thank you for his dev time.

They could at least send the guy a fish, if his contribution was significant.

Did you get azure credits after all? Looks like they 'forgot' about this as well.


I feel like this is the most scummy part of this whole thing.

I'm still paying Microsoft around a hundred bucks a month to host the servers. :p

A bit OT, but do you mean the servers for AppGet?

Yeah, there is quite a bit of background infrastructure to allow checking for installed app updates, search, and automatically updating package manifests when a developer releases an update.

Are you using an App Service, and is the infrastructure documented publicly?

I'm an architect, so just keen to understand your architecture on the backend :)

I wrote a brief description a while back here, https://github.com/appget/appget/issues/24#issuecomment-4648...

after all this is over, I'll probably do a write up of hall it all worked behind the scene + all the server code.

Sorry for your shitty experience. Really reminds me of Robert Kearns who's windshield patent was stolen by big auto companies [0].

Robert patented it but still megacorps tried to screw him over because they thought they could. He did win but only after an exhausting trial that took years.

Really sucks when credit is not given where due.

[0] https://en.wikipedia.org/wiki/Robert_Kearns

It reminds me even more of Stac Electronics: https://en.wikipedia.org/wiki/Stac_Electronics#Microsoft_law...

In 1990, they put out Stacker, which did transparent disk compression, effectively giving people twice as much disk space. It was a huge hit, so Microsoft called them up about an acquisition, entered discussion, and as part of the due dilligence process, even looked at the source code.

In 1993, Microsoft released their own version of Stacker as part of the OS. No thank you, no money for Stac, just a giant middle finger. Stac sued and eventually won some money, but it was never the same.

Everybody keeps telling me that Microsoft is different these days. About how they love open source now. And it's true that after decades of erosion of their primary monopolies, they can't get away with being as lazy and awful as they were in, say, the early IE era. But this suggests to me that deep down they haven't really changed.

Oh man, having bad flashbacks with that and SuperStor.

I think I had a 200MB hard drive at the time.

Same here. I think I used both Stacker and SuperStor at different times. They'd create archives and those would show up as a D:\ and C:\ was all transparently compressed and uncompressed. They were a bit disingenuous wit the "double storage." That's why you needed to make sure you had plenty of 'free' space before installing something, because the OS lied to you about the space available. That and there was a performance penalty too.

Stack ranking basically chooses sociopaths over the nice guy. Applied over several years it is bound to have a statistically significant effect on who your middle layer managers are.

It does not matter if Nadella is a nice guy. It does not matter if everyone reporting to him is a nice guy. They are still forced to operate with a megacorp filled with lizard people.

On the other hand, it might be just the usual confusion that large administrative structures needed for megacorps cause.

>> “I haven't updated the original article since I'm not sure what the etiquette for updating a highly shared article is.”

Adding “UPDATE:(date)text” either in the footer - with a brief dip in the header saying there’s an updated in the footer is an easy way to accomplish this.

It would appear that you have been 'Sherlocked' (https://www.howtogeek.com/297651/what-does-it-mean-when-a-co...) but by Microsoft.

Looks like all the bigger companies are doing this now.

Did Linus Torvalds "Sherlock" Bitkeeper by writing git? I also recall there wasn't much sympathy for Paragon Software (https://news.ycombinator.com/item?id=22706172) when exFAT support was added to the Linux kernel, obsoleting their product.

This furor is a surprising flip-flop given the usual "information wants to be free" and "patents for software are dumb" cheerleading that we usually see around here.

> but by Microsoft

Microsoft all but invented the practice at the 90's.

I know it by a different name


Hmm, it's not like f.lux were the only ones doing it. If they were the first, then credit to them for the concept (and for the software, I'm not belittling it).

This seems like genericisation in trademarks to me. Sometimes things grow to be useful more broadly -- that seems like something to celebrate.

If you're railing against capitalism in general however, then I'm with you! Distribution of wealth shouldn't be left to a fight between a small cadre of corporation owners vs. the populous.

As author of an open source tool that was already steatlh-forked twice without any contact whatsoever by VC-backed startups - including clearly copying text from my website/FAQ - without giving any sort of credit on the idea/implementation they used for 80% of their product but on the contrary claiming how revolutionary their products are and best idea since sliced bread, and even not satisfying the basic MIT license terms, I can completely understand your frustration.

At least they were nice enough to pay you a trip to Seattle and (briefly) mentioned your project in the release announcement, I didn't even get a "thank you".

As a result of this I re-licensed my code from MIT to OSL-3 and reduced my involvement in this project a lot so I focus on the things that actually matter in life: my wellbeing and spending the time with my family.

> and even not satisfying the basic MIT license terms

That's what I don't get about people who don't think this is a big deal. That a license is open source does not mean it is without conditions.

What is your open source tool?

Thanks for sharing ... This looks great and I hope you get somewhere nice with this project ...


My former employer is still using it and saving yearly multiple times my previous 6 digit salary, so I got a nice promotion out of it before I left.

It also helped me get my current job at AWS(pretty much half of the interview I was just talking about how I built it), and I now make some $500 monthly (before tax) from a few users who pay for official binaries.

I'm now only working on it occasionally, just enough to maintain this income stream, but previously I put a lot of time and effort into building it.

My motivation to work on it plummeted when I saw those companies reap the benefits of my hard work without giving anything back.

At this point, why not keep it going? Your story is good enough reason to keep working and build a community and/or foundation around AppGet.

Can't think of a more wasted effort then trying to compete with maintaining a package manager in your spare time than a clone from the OS vendor who can out resource, outspend, out market, out evangelize, out reach you, etc.

It would a futile endeavour, a realization acknowledged by the author, any further dev cycles on it would be wasted & are better spent elsewhere.

The most cynic part of this story is sending him an email the day before the launch with a heads-up that WinGet was launching.

And the icing on the cake is the "btw, we are giving you the exclusive so keep it secret".

Like, wtf. He ain't TechCrunch. Why the fuck are they giving him that exclusive? Nothing yells "we stole your stuff, but dude it was open source so you really can't complain, and thanks for the idea" more than that.

You can't make up this shit.

I mean, getting an email like that is bad, but it's better than not getting an email like that :D

Last year a huge game company released something built on my tiny open-source game engine (uncredited), and I only found out about it later from a kind internet stranger. All things considered, better to know in advance so you can at least have your own response ready, so you can comment in the relevant HN/reddit threads, etc.

That said, the "keep it secret" part of the mail here does sound weird, but given the other history there may have been an NDA in place.

But there is the promise of your OSS engine being used again, future potential. Microsoft essentially cut this person off from being involved in the future of Windows packaging and only told him 24 hours in advance. I'd need that amount of time just to process.

Sure, all I said is that getting the email is better than not getting it. Obviously his case was worse than mine, the one just reminded me of the other - partly the lack of credit, and partly because the company in my case was owned by Microsoft.

Thanks for sharing. I actually wonder now if your experience happens fairly often, and Keivan's experience infrequently, though they're fairly similar circumstances. Integrating OSS or OSS concepts into a program vs a library have different implications but the engineering work required is the same. WinGet on paper, as a product, meets all of the requirements desired by the community. To appreciate the toll it takes on your competition in the OSS community is just alien compared to rules around corporate competition, where in the US there is effectively no scrutiny around imitation. It's a natural place for a team at Microsoft to land. I wish in your case that you didn't have to find out third-hand, but it does seem satisfying to think a bespoke game engine had that much reach!

Yeah, I think what we're talking about is surely the norm... Sending "hey we're releasing something built on your project" emails isn't in anyone's job description, after all. And there's no real upside, but the potential downside is that someone takes offense, tries to spoil your announcement, etc.

That said, in my case the summary makes it sound better than it actually was. The game they released was a one-off promo thing, which made a big splash for a few days but was effectively dead by the time I heard about it a week or two later. Then there followed a dialog with a separate team inside Microsoft, about hopefully updating it, which dragged on for a while and basically resulted in their bit getting updated but not mine, etc. etc. Altogether it was a big distraction and a pretty dreary episode.

That was just MS sending "Thoughts & Prayers" for the death of his multi-year efforts that they've cloned & looking to extinguish & claim originality credit for with their celebratory announcement.

Not clear if they were trolling or just tone deaf.

I took at as Microsoft tending their new, more community oriented image. Apparently they mailed the Chocolatey team too. I think the intent is that we should see MS as “it’s unfortunate they had to step on toes like this but Windows needs as package manager. At least they contacted some parties involved, even a day in advance!”

I might be wrong, but I read this as an apology from a PM that tried to get something done for the guy he based work off, but ended up never managing to because BigCorp got in the way. He might have felt bad about it and clear part of his conscience, or try to soften the blow.

That was bad but I thought the worst part (icing) was "our package manager will be open source too so obviously we would welcome any contribution from you". Wow!

what is the point of an exclusive if you have to keep it secret - I mean if he were TechCrunch for example, if he got the exclusive I guess he should publish, isn't that the point of an exclusive? I find it a very confusing phrase.

To get your article pre-written and ready to publish the moment embargo lifts.

As opposed to the other tech bloggers who will have a scramble to write it after hearing about it with the rest of the world

thanks, that explains it. seems trivial though, but I'm not a tech blogger.

First to post gets referenced (more importantly: linked to) in all of those scrambling blogs :)

I'm not so sure about this because I believe package managers are one of those things that's best maintained outside of a commercial OS vendor, though one might consider RedHat as a counterexample.

If the author's intention was simply to make a good package manager system, why would he? There is one now that is supported by Microsoft.

It is a sad day. But let my congratulate you.

You and countless other made impossible. Created community Microsoft could not ignore. It had to adopt, it had to change. Scary beast really. It does not know how to work with, it knows how to ride.

It took path you've paved. I see it - there is no dependency resolution, no make dependencies - as simple as possible so people can participate. More like Flatpack than apt.

Microsoft does not like fragmentation. There would be a big pull of users. It's interesting how they are going to fight mallware, spyware, ransomware. Issues like chrome Stylish and npm leftpad. With all respect it is not clear you could manage it, there is quite a list in the queue [0].

Please don't despair, you've made gift to community not Microsoft.

[0] https://github.com/appget/appget.packages/pulls

Not only should they say you're the inventor, but they should have paid you for it. They snowballed you. Microsoft doesn't deserve you

Did you link the wrong article? The one you linked basically says that (1) you are using yaml files to describe the package instead of scripts and (2) you have the ability to specify multiple installers per package to support multiple architectures.

If that's all the innovation that MSFT has supposedly 'copied'...

Several things don't add up here.

> Code being copied isn't an issue.

I looked at both repos and they share no code at all.

In his article, the author claims that " If I were the patenting type, this would be the thing you would patent. ps. I don't regret not patenting anything."

That's really not how patents work, and looking at the repo, a second year CS student could do the same really. I don't see anything that could remotely be patented. It reads where to find the installer from a config file and determine what to do based on an enum.

Throughout the article the author uses the term acqui-hire but it seems Microsoft was simply considering him for a PM position (and he failed the interview). There's nothing to acquire since there's no patent, no IP and no brand. Only a registered domain and what seems like an anemic userbase, if any.

Being featured in The Verge[0] and on HN's front page will probably bring a lot more eyeballs to the startups he's trying to promote. So congratulation for the free advertising!

[0] https://www.theverge.com/2020/5/28/21272964/microsoft-winget...

It seems. It looks like very few HN posters compares actual source code or even open GitHub (C# / C++).

Not really a surprise. It's trendy to bash on certain companies, much less to fact check!

This is a common design. Only MS can tell you the truth. Is there anything you're talked offline made you feel they copied your idea?

I think I will not credit everyone on my comparison tables. I only credit who inspired me hugely. MS hasn't implemented everything AppGet had. I bet MS is waiting for public feedback for the next point. Acutally MS has its Roadmap: https://github.com/microsoft/winget-cli/blob/master/doc/wind...

For the spec, only two common options: YAML & JSON. And every YAML spec looks this way.

MS has other experiences like TypeScript Definition also. https://github.com/DefinitelyTyped/DefinitelyTyped/tree/mast...

I flew to Seattle on December 5th to have a full day of interviews/meetings at Microsoft HQ. I met with four different people; three of the meetings were more like your typical interviews; the meeting with Andrew was more about what we should do once this is all over and how we would migrate AppGet’s process and infrastructure to be able to handle Microsoft’s scale. We talked about some of our options, but in general, I thought everything went well.

My last meeting ended at around 6 pm. I took an Uber to the airport and was back in Vancouver.

And then, I didn’t hear anything back from anyone at Microsoft for six months.

For what it's worth – and I'm not really sure whether it's helpful to say this, or whether it's even true – this situation often means "you didn't pass the interview."

The reason I mention it, is that it took an embarrassingly long time for me to understand this. Maybe it's common knowledge. But an identical situation happened to me at Magic Leap. I hesitate to mention their name, lest it sound like I'm calling them out or something, but I'm not. And in general I no longer feel negatively towards companies that end up doing that, so I don't think any particular stigma should be attached to Magic Leap for doing that.

I'm trying (and possibly failing) to share a personal experience of "I used to feel awful in situations like this; now I realize it's just business, and the decision of pass/fail has extraordinarily little to do with the skill of the programmer being interviewed, so don't take it as a sign of anything."

None of this is to undermine your overall point that it's generally not cool to ghost a candidate (to put it mildly), and that it's a doubly not-cool move to then clone the product of the candidate in question. But, it happens, and I just wanted to reassure you that yes, it does happen. It would've helped me to hear that at one point, so here it is, just in case.

Cmon, I live in a country where there is a legal obligation to inform candidates whether they passed the interview. It's not a very high bar. We shouldn't be accepting this kind of behaviour - especially from someone as renowned as Microsoft. It would have been absolutely trivial for them to send a polite three sentence email when they made their decision.

I mean, not to shoot the messenger, you're right, that's exactly what it meant, but it isn't acceptable behaviour.

You obviously live in a country where people aren't sue happy. Half of the reason they don't respond when you fail an interview is because they don't want to open themselves up to legal liability if the first-year HR rep says something stupid when the person asks "but why?"

I think the best compromise is a polite email saying no, but any further "why" questions can be ignored to prevent legal liability.

Yes sometimes it means that. But if the company is desirable, knows its desirable and knows the interview means a lot to the interviewee, then its the height of arrogance and cruelty to 'ghost' them. Screw that 'just business', its not just business, its shitty behavior out of a company that has the resources to do the right thing.

> Screw that 'just business', its not just business, its shitty behavior out of a company that has the resources to do the right thing.

To put an even finer point on it, a business is made of people. Individuals. The individuals involved behaved exceptionally poorly (to be charitable) toward another human being. How shameful of these individuals to act that way, and then (presumably) hide behind the collectivist shield of "the business".

A friend of mine sent a resume, didn't hear anything and then got a job offer _4 months_ later. Generally I agree, not hearing anything means you didn't pass, but fuck companies and the people that do that and I don't ever want to work at one.

Under the circumstances, it wasn't just a regular interview and so it was either rude (neglectful) not to get back to him or possibly (unlikely) there were other reasons... i.e. someone in the hierarchy had another plan.

> this situation often means "you didn't pass the interview."

To my mind, it also means the interviewers didn't pass.

A company that's indifferent to the people it's hiring is unlikely to be magically different once you're in the door.

Yes, post-interview ghosting happens, and, I'm ashamed to admit, it happened to a few candidates that I was part of interviewing. But that doesn't make it an acceptable practice — I feel that professionalism demands to let candidates know one way or the other as quickly as possible.

Very sad history. But not something new.

MS and many others don't love OSS or contribute them back. Few really do it. But instead, they are leveraging software because OSS licenses allow it. One example, see GPL, they didn't ever accept it. But they embrace any other software without restrictions on top of "OSS", if not so, they just create its own "permissive" licenses (MSPL).

Many of us are creating software even without expecting to get money back from users of any kind. Money back in many situations can be just a gentle retribution from community (E.g voluntary donations).

So, No MS, you don't really "love" OSS.

What license did you release AppGet under? Almost every open source license at a very minimum requires that credit be given to the original authors. Arguably they are in a situation of legal liability (IANAL).

You don't strike me as the kind of person that would litigate such things, but I would like to think that if the right people at Microsoft became aware of such a liability, they might choose to give you credit (to be on the safe side).


Apache 2.0 by the looks of things.

Interesting question would be whether WinGet is a "derivative work" of AppGet.

> Interesting question would be whether WinGet is a "derivative work" of AppGet.

They don't share any code. As far as copyright law is concerned, it is not a derivative work.

I'm sorry. This does feel like a pretty shitty situation. I hope all of this attention helps connect you with some people you go on to do great things with!

As bad as this is it would be worse to intentionally use an known inferior method for the sake of being different. This can still be corrected by giving props to AppGet. Or you can't blame companies for being companies? Hate the game.

Exactly that: you open-sourced it so it's your donation to the world. Don't be sour if someone copies your idea or makes a ton of money from it.

And what would be the benefit if Microsoft gave you credit for it? Most likely their lawyers would reject it since you may then be able to sue them for...I don't know what, but money in any case.

It's a very Microsoft-thing to do to copy someone else's idea and improve on it (C#, RDP, Excel). If you release something as open-source you have to ask yourself if your doing it out of altruism or for money? In case of the latter you have to plan accordingly, by patenting or with restrictive licensing.

Virtually all open source licenses require at least the inclusion of the original copyright notice in all derivative works. Now, if the code itself were altered in superficial ways, but the structure and mechanism were essentially the same, it is kind of a grey area.

Regardless of the legal case, the idea that concerns of reputation or credit are irrelevant to open source work is a crock. People may be working on open source because they genuinely want to help others, but if you deny them credit for the work they did then you can very well expect the well of open source innovation to dry up pretty quickly. And for a company like Microsoft, reputation is exactly why they are contributing to open source in the first place.

The fact is Microsoft didn't copy anything except the idea, and you don't need attribution for that. Winget was rewritten entirely from scratch and there was no open-source involved.

I'm not even sure if the author's idea was original anyway. It looked more a CLI program to download and run installers.

I agree with this outlook. However, I don't know how I'd react if this were to happen to me. If I do something out of altruism and somebody takes it and makes money off it, I guess it leaves a bad taste? Other than that, I think this approach is done everyday by every developer, whether they take code from other softwares or from StackOverflow, very rarely do they credit or even give reference to where the code has been taken from.

My only fear would be them turning it around and preventing me or others from using the idea in the future with their big squad of lawyers. They wouldn't even need a legitimize claim to pull it off.

That would be very difficult since there would be prior art.

They don't have to win the case, just the power of fear.

The prior art is so obvious that it wouldn't create any fear, merely a mild distraction at best.

An expensive distraction.

>What upsets me is how no credit was given

Apache license requires to preserve copyright notices, did you have any?

That would only apply if they copied code as opposed to architecture/concepts, no?

What is the guy's name?

Can you go into more detail about which features you believe were copied?

It’s mentioned in the article: “ the core mechanics, terminology, the manifest format and structure, even the package repository’s folder structure”

The manifest format is particularly egregious.

Not disagreeing with you, but I think it's better to make it a little bit more clear what exactly was copied. Reading the article mentioned in the OP, the main selling point for appget seems to be that the packages are written in yaml:

> Do you want to know how Microsoft WinGet works? go read the article (https://keivan.io/appget-what-chocolatey-wasnt/)

But that alone doesn't particularly strike me as a completely novel approach on its own. Looking at package definitions for firefox across various package managers, you can notice that they all look somewhat similar to some degree. Though one could argue that appget and winget looks more similar than others, I'm not sure this is wholesale copying without digging into more details. But again, I'm not trying to argue that it's not, and I also agree the OP should've received more credit.

appget: https://github.com/appget/appget.packages/blob/master/manife...

winget: https://github.com/microsoft/winget-pkgs/blob/master/manifes...

scoop: https://github.com/lukesampson/scoop-extras/blob/master/buck...

homebrew cask: https://github.com/Homebrew/homebrew-cask/blob/master/Casks/...

That being said, the fake interview process explained in the article is totally unacceptable and deserves some explanations from MS.

He's not claiming that his approach was "completely novel". He's claiming microsoft identified his way, that already existed, was the way they wanted to go, toyed with bringing him in to run it and then got overwhelmed by internal Not Invented Here / We Can Do It Better and threw him under the bus.

It's literally the new cuddly microsoft Embracing, Extending and Extinguishing this guy's work.

What new cuddly Microsoft? When did they grow fur? Did people honesty believe that some messaging and branding choices would outweigh the influence of institutional inertia, for such a large company?

They've been shoving "Microsoft loves Linux" in everyone's face everywhere they can. It's like they read this tweet and didn't realize it was satire: https://twitter.com/shutupmikeginn/status/403359911481839617

Yes. People honestly believe this.

(*NULL && MAXINT++) == True

Logic is futile

You are a small Team in a big company.

Your job is to create an App Manager.

There is already a code base under a MIT license.

You use it.

I'm not seeing the issue.

>I'm not seeing the issue.

The issue is when they didn't just fork the codebase, they repeatedly flew the person who wrote the code out to Seattle on false pretenses, implying a job offer and additional money for their work, then picked the developer's brains until Microsoft learned all they needed from him, then just ignored all communication from him.

The issue is that it was dishonest and scummy behavior.

The issue is bringing the author of the MIT code to your HQ for a fake interview and make suggestions that he will work with you.

You just milk him for information and let him go without any further communication.

> You use it.

And you keep the copyright notice, otherwise you're violating the license.

If it's based on the same design (i.e. same file formats, mechanisms, etc.) then the issue is still not giving credit and pointing out the design it's based on. Doesn't cost them a thing and gives a lot of goodwill from people.

Like, if someone uses my code, I'm happy, if they copy the idea and present it as their own that's dishonest.

He only asked for acknowledgement.

And lets not forget - they had similar open source project and community. They decided not to participate but create their own. This new project will overshadow existing and eventually kill community.

> You use it.

They didn't use any of AppGet's code.

Though nobody is questioning whether what MS did was legal. The issue is whether it was moral.

MS not having the basic decency of reimbursing his travel expenses is also shocking, as well as incredibly petty. What a broken way of dealing with someone who dealt with MS in good faith and brought value to their ecosystem.

The article says there was an issue with reimbursement. It doesn't say that the issue wasn't resolved or that it was MS's fault, both are just your conjecture.

The PR value to Microsoft of making him whole, and of reinforcing the impression of a newly ethical and positive force in the community, would have positively dwarfed the fraction of a rounding error it would have cost to do so. This was such a no-brainer that it's malpractice on somebody's part to have let it come to this. It doesn't matter that they're within their rights under the Apache license. Banal, tone-deaf, emergent corporate amorality shouldn't be the touchstone of the new Microsoft.

Who says it was fake interview? Not everyone who interviews is hired...

From the article:

> Do you want to know how Microsoft WinGet works? go read the article I wrote 2 years ago about how AppGet works.

This is very unhelpful - I'm not really in a position to code review Microsoft's implementation and compare it to this document. I was hoping for something more like some high level details from the author of AppGet.

No one's asking you to compare. He's just saying winget works exactly the same as appget. So you can read that article about appget to learn how winget works.

Plus you get free PR

If you patented your idea, I think you would antagonize and scare away a lot of people from participating in the open source project.

I'm not really interested in patents or regret not patenting anything. I just used patents to try to explain what was taken, and not attributed.

Sounded like they wanted to hire you for their package manager and you chose not to pursue. You have every right to be mad I suppose but as you say in the article, and in that comment, you're definitely aware of what happens to open source projects. On the other hand I'm mainly glad their adaptation was open source. I think they have to maintain their own version in order to ensure that they don't wind up with some rogue applications on their package manager.

I try to assume no bad intentions these days.

From the article, it sounds like he did pursue. After some interviews Microsoft dropped contact.

Which I don't find all that weird. Quoting OP here; "after visiting the campus, I wasn’t too sure I wanted to work for such a big company, also moving from Canada to the U.S. wasn’t something I was too excited about".

In the past, I've been in talks with an employer about a job, and my enthousiasm was only so-so, and that tended to put a brake on the proceedings.

That's perfectly fine but I'd expect the company, especially a company as large as Microsoft, to at least clarify the situation instead of just brutally ending communication.

I too have been in a similar situation (being interviewed at a startup and being clearly not super enthusiastic about the position being offered) but they decided to go with somebody else they gave me a courtesy call letting me know about it. I think it's the right thing to do.

I don't find it particularly weird either, but it makes for a much more nuanced narrative compared to "Microsoft wanted to hire you for your package manager and you rejected them."

I just think Microsoft should have found a way to credit the guy. Even just a footnote in their WinGet announcement blog post would have been better.

Could these be a second side to the story that maybe he didn’t interview well or some other reason?

from an earlier reddit comment,

> I'm sure there was a reason they decided to not hire me. Maybe I had a shitty attitude? I don't know. I'm not questioning that. But I think an email letting me know and some credit would be fair to expect.

It would probably sting less if they didn't ghost him. Not giving the benefit of the doubt to Microsoft on this.

The big companies often end up ghosting the guys they don't want to hire. A long time ago, I was an intern and got fully ghosted by Nvidia. It was very annoying but my life probably worked out better for it.

There's a big difference between ghosting and sending a mail informing you that the process has stopped.

I realize I'm missing some context here, but I can't see how your life would work out better from _not_ receiving a heads up that the process has ended.

I think maybe he means that he feels better off no longer being associated with a company that wouldn't give him the benefit of that letter.

So, his product is a good fit for Microsoft, but he is not. I hope that’s not the case.

It appears to be the fate of such package manager creators. The homebrew guy was also rejected (by Google).

Keivan obviously got screwed.

Having worked at Microsoft, and seeing the nature of the bureaucracy, the only advice I would give for next time is...

Just realize you can't set terms with a large company like MSFT unless you get lawyers involved early.

Stealing from you outright is simply too tempting, given their resources.

I noticed there were some conditions Keivan tried to set regarding the future evolution of the technology before joining MSFT.

In a large company like MSFT, there were bound to be large internal email threads relaying a play-by-play of negotiations with Keivan to: inside legal counsel, developers who already gave t-shirt sizes for building the tech in-house, product managers, and dozens of others.

No matter what they tell you, they're internally weighing

- Should we just rip him off? - Should we hire him? Would that be better or worse for liability? - How IP protected is this? How much can we "borrow"? - Is it worth the hassle of dealing with an aqui-hire we can't control? Would that expose us to even more IP risk, or less?

Once companies reach this size, they simply can't be trusted to handle a negotiation transparently and in good faith, unless you have well paid lawyers fighting for you, or well established IP protection.

I guess what I'm saying is...

When dealing with any large tech company with near infinite resources -- like MSFT, GOOG, etc --, find a legally defensible upper hand, and assume they are weighing the cost-benefit of screwing you.

(Sadly, this is exactly why lawyers make so much money.)

Hopefully they also weigh in the fact that screwing developers over is terrible publicity. Assume 100k developers see this and are slightly less inclined to trust MS in future, this bad publicity could easily cost them 1mn USD plus. A good will gesture of 100k USD at the start for consulting could have saved everyone a lot of trouble.

See https://news.ycombinator.com/item?id=23332123 elsewhere in this thread for an example of the consequences.

The cost of GitHub to MS was around 250 usd per user. If 4000 users leave that’s already a million USD.

I worked for a brand & marketing company for 15 years and I observed that most of my clients had pretty short memories when it came to how they felt about me. If the last few milestones were really great they quickly forgot an incident. Obviously, the more impactful an incident, the longer/more positive milestones had to be. An incident too impactful got your fired - but, in general, this was my experience.

Even in their recent history Microsoft has repeated incidents, but also has some very big positive milestones. Also, keeping in mind, some customers will only see the positive milestones.

Very true. People currently love VS Code and it makes their life much easier. I remember for a long time .NET friends of mine would extol Microsoft just cause Visual Studio worked really well with C#. Microsoft could do no wrong as long they could seamlessly work on Windows Apps.

I find MS seems quite immune to terrible publicity in the recent years. "But it's not the same company as before! They are doing open-source now!" yada yada

They are not immune. As someone who has been supportive of Microsoft getting their act together, and who recently spoke at a Microsoft-sponsored conference, this stuff makes me hesitant to give any Microsoft-owned properties money and discourages me from trying new Microsoft products.

There will be newer people after you flocking to the new Microsoft. Given how scummy and bad they have been in the past and how many people have been cheerleading them here, do you really think it works that way?

When people were warning against Microsoft on this forum they were just set aside as cynical, grumpy Unix-beards. If that happens even here, what do you think will happen elsewhere?

I think it's changing. I was one of the young people who did not believe the neckbeards (who are evangelists in their own right) since I wasn't around when the EEE strategy happened. I was happy with Windows because for me it was a better user experience, but today I run Linux and OSX. The world is more connected now than it was. These sentiments can spread faster now.

Giving them constructive criticism and using their open source stuff, but strictly not giving them money might be an acceptable way with dealing them.

For example, I wanted to buy Win10 recently, and also wanted to sign up for Teams. Both experiences were so unimaginably ridiculously terrible, that I ended up cancelling the Teams subscriptions the same day and not buying Win10.

On the other hand .NET (Core), PowerShell, TypeScript and VS Code are all great things.

I mean, isn't that because they haven't been screwing people over (that we know of) recently?

If more stories like this one come out I'm sure the goodwill turns fast.

Well 1mn usd of PR damage is not a big problem when you have 100bn usd plus annual revenue. But for an individual employee it’s a bad reputation hit.

Lots of open source services springing up...that only run on CosmosDB.

I am interested (and kind of depressed) to think - is there actually a legally defensible upper hand that exists here?

If WinGet contains AppGet code and they didn't credit him then yes, absolutely, moral rights in copyright (attribution, right of association, integrity) cannot be transferred during the lifetime of the owner and yes MSFT can be sued for breaching them. It is extremely likely the penalties meted out by a judge wouldn't cover the costs of a lawyer. Not that anything like this would ever see a courtroom, MS will offer a settlement which in this case will be on the magnitude they gave to Mike Rowe for MikeRoweSoft.com (which was an xbox and some travel vouchers and such).

If they stole his unpatented ideas then there's nothing.

In this case the author claims he could have obtained a patent and that code was copied.

Both of these claims are pretty easy to dismiss by simply looking at the respective repositories. They share nothing.

> In this case the author claims he could have obtained a patent and that code was copied.

No. From the source:

> the core mechanics, terminology, the manifest format and structure, even the package repository’s folder structure, are very inspired by AppGet.

In the update it's slightly more vague, but there's no claim of coffee being copied there either:

> Code being copied isn't an issue. I knew full well what it meant to release something opensource and I don't regret it one bit.

And continues to be more explicit about his complaint:

> What was copied with no credit is the foundation of the project.

Lastly, looking at the repo really doesn't tell you if you could get a patent on it.

In the update and the responses/interviews the author gave he clearly states that Microsoft copied his source, an absurd claim considering both repos are public.

He goes to say that "If I were the patenting type, this would be the thing you would patent. ps. I don't regret not patenting anything."

I mean come on. Every package has a .yaml manifest where there's a download link for every architecture, a hash, a version and an installation recipe. There's nothing to patent here. It would be extremely hard to argue there's no prior art, considering most languages and distributions have been shipping with package managers built just like these for years. Even my text editor has one!

Realistically, the author managed to get a lot of attention for his other startup for almost no cost. By bashing the company that's trendy to bash right now.

This is interesting perspective. Do you think this have the potential to negatively affect responsible parties on MSFT side given the negative PR generated?

This was definitely not a great experience, but my hunch is what happened is some higher ups decided no, they don't need to hire you, the original team tells recruiting to notify you, recruiting drops the ball somehow, team goes on with their lives believing that you were told they were no longer interested, and everyone (except you, since you never got notified) believed the whole thing was resolved.

The original people (not recruiters) who reached out to you should've connected after the decision was made. They probably figured the recruiters would do their dirty work, so no need to engage.

Full disclosure: I worked at Microsoft for over a decade, so I know how slow and lumbering it can be. I bet some emails were missed and people didn't follow up because "they had a lot of other things they were tracking".

> some higher ups decided no, they don't need to hire you

Total misjudgment on their part. Thanks to this one HN post they already lost in terms of developer good will way more than his potential salary would be.

Every time anyone who uses WinGet, who read this, will think 'oh, yeah, that's the tool that Microsoft build their version of behind original author's back, while stringing him and ghosting for few months".

Realistically, though, a year from now nobody will care. I mean, I started in this industry in the "MS is outright evil" era. How many people did they screw over? If I remember correctly, there was even a guy who was owed a pile of stock/stock options and when he got cancer they suddenly went missing (no need to pay the dead guy!). Day by day, year by year, these misdeeds are seen as irrelevant. MS is a different company these days (almost literally). Should we hold them accountable for their past sins forever? (I have a friend who still refuses to buy products from Nestle given their ancient "poison in baby formula is OK as long as it saves us money" stance. That's older than I am!)

In reality, these kinds of antics just don't hurt companies significantly -- even ridiculously horrible things that are arguably crimes against humanity (have I invoked Godwin's law?) In comparison to some of the incredibly awful things companies do (and get away with), this is minor to the point of not even being a footnote in the annals of evil (note to self: don't google that term to check the spelling...).

However, there will be a few of us who will be reminded of why we don't do business with MS (and hence will have no need of WinGet). It won't make any difference, but it will be there.

About Nestlé's poison baby formula: I though their baby formula was safe, but the problem is that they gave it away (maybe still do?) for free to new mothers in developing countries and when the mothers stopped lactating (because their own milk wasn't being drunk) they made the price hopelessly unaffordable so now the babies couldn't drink from either source, or at least needed to over-dilute the formula.

Totally reasonable to still boycott them, makes more sense than getting annoyed at Microsoft in a situation like this (which is also deserved but more minor in the grand scheme of things).

That's more recent. A long time ago (and I'm working from memory, so best to fact check anything I say, because my memory is terrible) it was common to use a particular rat poison in dry milk (and I forget exactly what it was). There were certain standards as to how much rat poison you were allowed to have. It was well known that this would kill a small percentage of babies, but it was thought to be a reasonable tradeoff at the time. To be fair, it wasn't just Nestle. In Japan, the dairy giant Morinaga had the exact same problem. I believe there were law suits that dragged on for literal generations and eventually things changed.

This is the episode I could find: https://en.wikipedia.org/wiki/Morinaga_Milk_arsenic_poisonin...

Which was inadverted addition of arsenic specific to Morinaga in Japan, and not Nestle. However, the committe which managed the case and dragged it on was not created by the company but the Japanese government consisting of a newspaper publisher (??), a hospital director, 2 lawyers and a human rights lecturer.

So it seems like an insufficiently related market and lack of oversight made this drag on causing many deaths and even more people crippled by arsenic. One person was sentenced to 3 years in prison.

Compare with China who executed 2 people involved in the 2008 milk scandal and gave much harsher sentences to others. Although that scandal was deliberate rather than a cover up of bad practices.

What's the point of even adding rat poison in baby formula? What does that accomplish?

My understanding was that it's while it is in bulk storage in warehouses. It keeps the rat population down. I've been trying to find evidence that I'm correct about this and like another commenter has posted, it may be that I'm confusing the Morinaga problems with Nestle. However, I was sure I heard about Nestle before I heard about Morinaga, but... My memory isn't the greatest :-(

What Nestlé did was unforgivable. It was clearly lead by psychopaths at the time and we have no way of knowing that is not still true.

The problem is people have short memories and are driven by convenience so will conveniently forget how evil a company is when they show another side. Or sometimes they can continue being evil and people still just do nothing because it's so convenient (see Amazon).

There is not enough direct experience of the evil for our monkey brains to make sense of it. If you see someone kill a baby with their own two hands you will never trade with that person again, they are dead to you full stop. If a company knowingly kills babies by proxy and extorts mothers you get mad for an afternoon then you forget. We need to evolve as a species or find some way to make it more real.

Fair enough, but your friend is right about Nestlé. They're still doing loads of shady stuff.

I guess it might help to reaffirm the beliefs of somebody who was teetering in their distrust of Microsoft like myself.

I've been anti-Microsoft for about 15 years but even I'll admit that I've warmed up to them over the past few years because of their seemingly good works (and amazing PR). Stuff like this helps me remember why healthy skepticism is still super important when it comes to giant companies like MS.

>a year from now nobody will care

I suspect a week from now, 99% of people who read this will have forgotten about it.

Welp, I, for one, have resolved to never by VW thanks to Dieselgate. I can empathise with your Nestle hating friend.

Yes. Microsoft really dropped the ball on this one.

So much of what Microsoft has been doing — GitHub, .NET Core, NPM, Visual Studio Code, Windows Subsystem for Linux, etc. — has been to build goodwill with “developers! developers! developers!” Taking the resources to do an acquihire (or hire + bonus) right is small relative to the PR hit.

Exactly. All the things you mentioned are great, and a sign that after decades of being insular, blindly corporately evil, Microsoft started becoming worthy of interest.

And when I first heard about WinGet I though, "Yay! They continue to catch up to the place where developers are! Good for them!", but then this surfaced.

> Windows Subsystem for Linux, etc. — has been to build goodwill with “developers!

WSL has been built for webdevs not to flock to *NIX from Windows, nothing else.

Even naming it "Windows Subsystem for Linux" is an insult, since it sounds as if it was something for Linux, when in reality it's a "Linux Subsystem for Windows" and doesn't benefit Linux itself in any way.

> Even naming it "Windows Subsystem for Linux" is an insult…

The developers of WSL have said* that was mostly a legal concern. Calling it “Linux Subsystem for Windows” (listing “Linux” first) has wider implications for copyright/licensing:

> Just who is allowed to call a product or service Linux, anyway?

> Linus Torvalds has an answer for that: Nobody. Not without his say-so.

> The term "Linux" is a trademark and Torvalds owns it. His assignee, an organization called the Linux Mark Institute (LMI), is empowered to collect licensing fees from companies and individuals who want to use the word commercially.

> - https://www.infoworld.com/article/2671387/linus-gets-tough-o...

*I think it was during a Microsoft Build 2020 Q&A with the WSL team, but I can't find the video on YouTube.

Are you telling me MS could not be bothered to even ask Linus? And if there's a fee to pay it? They're a multi-billion dollar corp telling us they love Linux now.

Alternatively, calling it something like Nix subsystem for Windows or maybe just LSW would also do the trick, this seems like a lame excuse.

It was more that he could have said "No" to them, where as in this case he cannot really say "no" (or "yes" for that matter).

There was little to nothing to acquire. And judging from the radio silence post interview, the author didn't meet the bar for hiring.

It's a bit lame to say recruiting must have dropped the ball. If you've engaged with someone, you're inspired by their technology, etc., etc. then handing them over to recruiting for a rejection is pretty weak.

I totally agree.

It's a totally different world inside a huge company like Microsoft, though. It's massive and its own little world. After working inside for a few years, you start thinking that it's "normal". You see projects start up and get shut down, you see people trying to get into the company, you see people trying to transfer to other teams within the company, you see people trying to leave the company, you see people in the same team for a decade or more, etc. Because of the scale of things, you sort of become numb to a lot of things you see, so I sort of "understand" if somebody just figured recruiting would sort out that someone wasn't the right "fit" for the company.

I don't think this kind of behavior is necessarily the right one, but it's the outcome of a large behemoth made up tens of thousands of people.

No experience at Microsoft but plenty with lawyers in large corps and I would rate another possibility highly, which is that the team wanted to contact him but lawyers recommended "no further contact" as the safest legal IP path. Essentially, they were trying to close the barn door on clean-rooming the software and any further conversation could leak non-open-source ip that would then bring about a liability later on.

I can see that happening at Microsoft for sure. There's no doubt legal would've been involved with the conversations and gave heads up to all people on the interview loop.

This is probably what happened. As a hiring manager i want to tell the candidates whenever we reject them but sometimes recruiting drops the ball and never reaches out with rejection email or call (our team usually calls them).

This happened to one of my referrals so i know this firsthand.

Microsoft pretends to want to acquire a product or software and then release their own implementation.

The developer was obviously brain-picked for any implementation ideas, as stated at scale. They should have been paying a retainer, or had an offer inside of two weeks.

Let this be a warning for other developers.

Yea, requiring consulting fees from big companies is definitely the way to go.

Some open source guy wants to pick your brain: Sure lets get lunch and split it.

Some small single digit founder start-up wants to talk abut your work: Ok sure, pay for my lunch lets talk about how I can help you change the world.

Freaking Microsoft wants to talk: That'll be 1k an hour plus expenses (also get a limo and a nice dinner).

The humility of engineering should stop at the boundary between people who want to change the world and those who just want to profit off of you.

I'd require earnest money at the outset.

After Microsoft flirted with acquiring Intuit, then shortly thereafter released Money to compete directly with Quicken, I assume all due diligence is just a way to hoover up intel.

To inform a buy vs build decision. To better validate market assumptions. To identify key contributors and poach them.


No earnest money? Fine. They clearly were going to drain my blood and powder my bones. Their prerogative. But they can proceed to kill me and my product without my help.

The code basically takes a .yaml manifest, reads where to find the package and get the installation instructions from an enum. I don't think there was much brain-picking here.

You point is that this is simple, yet Microsoft with Thousands of engineers working over the span of decades never internally developed this idea or framework except after picking the brain of this particular person and doing a copy of that particular competing project.

Paintings are just paint on a canvas, and all code is just clicks on a keyboard. That doesn’t make it any less immoral to blatantly copy without recognition.

It’s perfectly fine to carry out a fork, the irony here is that Microsoft likely tried you play this angle of “we’re just competing, not copying you” because they thought carrying out a fork with attribution would blow up in their face, which this now has.

> yet Microsoft with Thousands of engineers working over the span of decades never internally developed this idea

Ever heard of NuGet[0]? Been around since 2010.

WinGet isn't a fork of AppGet, the codebases share nothing.

[0] https://www.nuget.org/

If the developer had asked for a retainer straight off the bat I feel like MS would have just ignored him and started building WinGet earlier. All the AppGet source was right there for them to look at. They wouldn't have had the benefit of Andrew picking his brains one to one, but that probably wasn't 100% necessary anyway.


You mean you have never been part of an interview or supposed acquihire were you were brain picked? That’s happened to me at least five times already.

There is far more to things than code. Examples: what is your ARPU, why didn’t you do it this way, how many bytes per unit time can you upload this way, where do you see the market going, who is still at the company, what do you think of this type of market?

I've been learning a little bit about "the new Microsoft" and its new relationship with open source, and I think I get it now.

MSFT is treating open source communities and free F/OSS code contributions the way they might have treated blogging and IT forums in a prior era.

It's "developer community" and "power user" engagement. It's a hybrid product management and marketing function.

In this particular scenario, the winget product manager views the appget author as a "Windows enthusiast" of sorts, not a competitor, a peer, or a colleague. Just a "power user persona" of the Microsoft userbase.

So, when you understand this, reading the PM's email to him ahead of winget's launch makes more sense.

> We give appget a call out in our blog post too since we believe there will be space for different package managers on windows. You will see our package manager is based on GitHub too but obviously with our own implementation etc. our package manager will be open source too so obviously we would welcome any contribution from you.

Specifically: it's like getting called out explicitly by a forum mod, or being a frequent blog commenter who is mentioned by name in a blogger's main post.

It's "an honor" to have appget explicitly mentioned in an "official" Microsoft announcement. And to have your community work "inspire" so much of winget's design! So when the PM wrote the email, he probably wasn't even thinking it would feel like trolling. He was probably thinking, "isn't it cool we are doing this 'F/OSS collaboration thing' together? How 'New Microsoft' of us!"

And I can't say I blame him. Microsoft is just less smooth about their appropriation of F/OSS for marketing purposes. Other companies manage to do it without the developers noticing.

If you want to see what Microsoft thinks of open source and contributors, then all you have to do is read the license they want you to agree to before doing so:


The story reminds me of Andy Hertzfeld’s Switcher:


The difference is that, in 1984, Bill Gates immediately offered $40k and Steve Jobs offered $100k for plugging a hole in their operating system.

In 2020, Microsoft just strings you along on vague promises while they simultaneously rip you off.

I love how those stories of the early years are so different from what I think of looking at companies today -

> Jeff picked me up at the airport, and we drove to Microsoft's main building where we were joined by Neil Konzen, a talented 23 year old who was Microsoft's main systems programmer on the Macintosh. I knew Neil from his days as an early Apple II hobbyist, when we collaborated on adding features to an assembly language development system when he was only 16.

Just... "Microsoft's main systems programmer on the Macintosh" is such a weird sentence to read today. On the other hand, Microsoft also shipped Xenix, a full-on licensed Unix™ OS before they shipped DOS.

Microsoft is still the largest Mac software vendor, and they are again in the Unix distribution business with WSL. The more things change, I guess...?

> they are again in the Unix distribution business with WSL.

For anyone who doesn't get this reference:



You do realize that Microsoft Word has been on the Mac since 1985 suite and even the first Microsoft Flight Simulator was on the Apple II?

Also Applesoft basic was derived from Microsoft basic?

Yes, they did copy the operating system but that doesn't mean that the Mac Platform is unimportant to them.

I'm perfectly familiar with Microsoft being an application vendor for Apple's platforms, long before that was Macintosh:) What threw me off with the notion of them employing a systems programmer for a non-MS OS.

It makes more sense when you consider that 'systems programmer' doesn't mean 'writes operating systems' (especially back then) and the line between application and systems programming was quite blurry (double especially back then).

> the first Microsoft Flight Simulator was on the Apple II?

Back then, Flight Simulator was still owned by subLOGIC. Microsoft got a license from them to make the IBM PC version.

Microsoft buying a big chunk of Apple (admittedly to stave off antitrust claims that there was no competition in the OS market) is a major reason Apple is alive today.

On the other hand, Apple unintentionally granting a perpetual license on their interpretation of the WIMP GUI (admittedly not without perusing the look-and-feel lawsuit) is what kept Microsoft in the OS business.

The really direct and aggressive negotiating from Jobs and Gates also makes for an interring read.

Neil Konzen's P.L.E. (Program Line Editor) helped make my early days of Apple II programming bearable. It later was expanded into GPLE and published by Beagle Bros.

Windows NT is designed out of the box for extending and embracing Unix. The whole Linux Subsystem thing isn't something new that required deep reworking of the kernel.

You should read the book Showstopper! to learn that NT was actually designed to be as far away from Unix as it could be. Dave Cutler, NT’s chief architect, hated Unix with a passion. He thought it was a rubbish OS. The internals are based on VMS, Cutler’s previous OS. That’s why NT has never been a good posix system and why microsoft has essentially given up with WSL2 and is now just running linux in a vm.

Great book. Another interesting wrinkle that’s been somewhat lost to time is that (as the book documents) NT was developed simultaneously on x86 and a RISC architecture (MIPS I believe).

The Linux Subsystem actually doesn't use the NT subsystem technology that you're thinking of. They did end up inventing a few new kernel concepts (like pico processes) in order to do WSL v1.

Indeed. There was a windows services for Unix subsystem based on Xenix mentioned elsewhere and that was based on the subsystem architecture.

When you use it, you get a nice Korn shell and it is built on PE binaries linked against PSDLL.DLL. there's a functioning but very old version of GCC that ships with it.

The PE binaries mark up the desired subsystem to be invoked so you don't have to be in the environment to execute one - the kernel takes over.

PSDLL acts as a translation layer for NT much as kernel32 does for win32. You can't run unmodified Linux binaries like you can with wsl. On the other hand, WSL requires that you invoke lxss with some special com magic to get access to Linux first so you can't just exec an elf file directly. The Pico processes you mentioned - these allow the kernel to install specific handlers/translators of their syscall functionality into the windows kernel.

So yeah architecturally they're pretty different and WSL isn't really the same subsystem concept they started with. On the other hand it that's probably a good thing because everything needed a rebuild for SUA.

I'm convinced that SUA system only exists so Windows can claim "POSIX compliance" as required for various government contracts.

On the other hand, WSL2 is based on virtualisation rather than NT kernel personalities. Apparently building it 'on top' or 'inside' NT ends not not being good enough.

I don't think that's a failure of the NT subsystem approach, I think that's just that Linux turned out to have a massive and changing ABI surface and Microsoft didn't want to try and recreate the whole thing by clean room reimplementation. Yes, there were some difficulties because of different underlying primitives, but in my outsider's opinion, they could have made it work if they've been wanting to spend the time and effort.

The problem they couldn't solve is file system performance -- there's just too much of difference conceptually between files in Windows and files in Linux to make it perform reasonably well for the sorts of jobs people were using.

In the end, it just makes more sense to pull in the actual Linux kernel than to try and achieve the same performance semantics.

Windows file system performance in general is abysmally bad, we are talking Linux being 10x-100x faster on mass operations on small files for instance.

Due to this lots of Linux stuff is based around huge masses of tiny files (build processes, VCS, docker, etc) and there was just no chance the windows kernel was ever going to come remotely close performance wise.

Reminds me of Stacker and Doublespace, back in the MS-DOS 6.0 days.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact