Have to agree in as much banning people with legitimate issues is unhelpful. I was also taken aback when Peter Bourgon, a great programmer and contributor to the go ecosystem was banned from all go channels.
> I was also taken aback when Peter Bourgon, a great programmer and contributor to the go ecosystem was banned from all go channels.
Bourgon was frequently helpful and great, but also frequently rude, condensing, dismissive, and generally just unpleasant. I've seen this countless of times first-hand on Slack, Reddit, and Lobsters. I specifically stopped interacting with him long before he was banned. Whether he's a great programmer/contributor not isn't really important here.
I kind of hate how it's brought up here because I think he's not a bad bloke at all and I know the entire situation caused great personal hurt to him. But that doesn't change that he was the kind of "brilliant jerk" that would chase people out of the community with his behaviour, and that he was unreceptive to criticism of it (often getting pretty defensive/aggressive). No one liked how all of this turned out, but it did make the Go community a better place. Being helpful yesterday doesn't cancel out being a jerk today.
Same with Drew: he posted legitimate helpful issues. And he also ranted about how people were all a bunch of morons. I don't blame anyone for getting tired of that.
> Whether he's a great programmer/contributor not isn't really important here.
I don't see why not. Personalities fall on a broad spectrum. Still seems strange to me that the recent broad pushes for more inclusiveness, including neuro-atypicality, does not cover people that inconvenience you personally.
> that would chase people out of the community with his behaviour [...] but it did make the Go community a better place
I've noticed that claims like this are never backed by any evidence of this improvement, or evidence of people who have actually been chased away by rudeness. It no doubt causes great relief in the minds of those who dislike the exiled person, but it's always justified with a broader claim that "it's for the greater good".
I understand comments can be non-constructive, and that some people are more prone to it, but total exile is a big hammer that should be used more judiciously IMO.
> I've noticed that claims like this are never backed by any evidence of this improvement, or evidence of people who actually have been chased away by rudeness.
I am one of them. I've seen other people claim the same. I did not keep a list, nor did I keep a list of all of his posts that I found egregious, and I don't really feel like spending a lot of time crawling through all posts to find them, so I guess this is all I have.
It's hard to get "hard evidence" for these kind of things in the first place. Most people just disengage and don't come back. The best I know of is "Assholes are Ruining Your Project"[1] from a few years back. It would be interesting to check similar numbers for Go and other projects. I'm not sure if it's easy to get these kind of numbers from e.g. Slack or Reddit though.
> total exile is a big hammer that should be used more judiciously.
It wasn't the first time he was banned, but I'm not privy to the exact details on this. Was total "total exile" proportional? I don't know: obviously I didn't see everything. I just wanted to say he didn't "just" get banned over a minor thing, but after many years of problematic behaviour that had been raised plenty of times.
This is the kind of thing I'm asking about. Lots of numbers are trotted out but where's the actual data? Where's the methodology?
The blurb says, "This talk will teach you, using quantified data and academic research from the social sciences, about the dramatic impact assholes are having on your organization today and how you can begin to repair it."
Social science research has a dramatically poor replication rate, so on that basis alone I'm skeptical of the numbers even if he did interpret them correctly.
That said, I agree asshole behaviour has to be reigned in, but exile is pretty dramatic if you really think about it. It's super easy and I think that's why people do it, but that doesn't make it good option.
No one considers it a good option. It's usually the last option, done after a fair bit of mediation to try and improve the assholes behavior. Only when it's clear that they can't or won't do you ban.
> Only when it's clear that they can't or won't do you ban.
I'm saying that's still not a reasonable measure even in that case. Why not an exponential backoff, where the first measure is that they only get one post a day. If they want to be heard they have to be more careful in how they word things and they have more time to think about how it might be received. If they transgress again, then it's upped to every three days, then once a week, then once every other week, and so on. A total ban is the limit of this more nuanced process.
No doubt this feature doesn't exist, so I'm suggesting something like this should be added because I'm not at all a fan of bans. Even this is a stopgap measure used to manage assholes because we don't yet understand what's at the root of asshole behaviour.
Edit: to clarify, I mean the backoff/retry strategy is still not ideal, but an easy first attempt at trying to reframe this as a problem we can maybe address using programming abstractions to inhibit rather than facilitate communication. Most software is focused on reducing barriers to communication, which is why banning is the only recourse, but in cases like this you obviously want to raise barriers to communication in controlled ways so you don't have use the ban hammer.
> Social science research has a dramatically poor replication rate, so on that basis alone I'm skeptical of the numbers even if he did interpret them correctly.
It's not a perfect science, but that doesn't mean "do nothing" is the best option, or that we can't just use common sense for that matter. If someone joins a community space and their first interaction is being insulted then the chance that they will come back is lower than if they're not insulted. I don't think you need a whole lot of rigorous science to accept this basic point, just as we don't need a whole lot of rigorous science to accept that dogs can feel pain, have an emotional life, have different personalities, etc.
> That said, I agree asshole behaviour has to be reigned in, but exile is pretty dramatic if you really think about it. It's super easy and I think that's why people do it, but that doesn't make it good option.
It sure is dramatic! Like I said, I don't really have the full story on this, so it's very hard for me to judge if it's proportional. I don't think the decision was made lightly as everyone involved realized it's not J. Random Gopher but a fairly well-known person within the community.
Related story: in a community (unrelated to Go) I once sent a message to someone asking them not to insult people; pretty basic unambiguous "you can't call people idiots here" kind of stuff. They were also very helpful in other cases and I knew they were going to be sensitive about it, so I sent the kindest kid-gloves message I could come up with; no threats of any actions, just "hey, can you not do this here?" They just replied with "no, I will not change, fuck off". So ... I (temporarily) banned them. What else was I supposed to do at this point? Let them continue anyway even though it was clearly inappropriate? Anyone looking on might think "gosh, did you really have to ban them for those remarks? It wasn't that bad?" Not unreasonable, but ... they also weren't aware of the conversation I had with them, and their reply. No one made any remarks about it, but if they did, I wouldn't have commented on it because it's still a private conversation.
This is the kind of stuff we may be unaware of. In my first message I mentioned "unreceptive to criticism of it (often getting pretty defensive/aggressive)" for a reason. I don't know what happened behind the scenes, but from what I've seen in public cases where people commented on his behaviour I expect things didn't go swimmingly. It's one thing to screw up at times and at least acknowledge you screwed up, but it's quite another thing to be consistently dismissive about any concerns and outright reject the idea there is anything wrong with your behaviour. I expect that this attitude played a large factor in the decision.
> They just replied with "no, I will not change, fuck off".
As a former Rust moderator, this, so much. So many people don't see this part, where you reach out to folks and spend long grueling hours trying to get them to correct their behavior, precisely because no non-psychopath wants to drop the ban hammer on anyone. (Unless it's for obvious spammers and drive-by trolls.)
And the people saying "well I'm not suggesting do nothing, but just use better tools." Well, yeah, great, let's use better tools. Who's going to get GitHub to implement them? Or whatever other platform you're using? Some platforms have better support for this kind of tooling than others, but GitHub's is (last time I checked) pretty bad and coarse. It is slowly getting better over time. It used to be virtually non-existent.
But in the mean time, the people actually in the trenches doing the hard work of moderation have to do something. If the platform doesn't have this sort of idealistic tooling that's easy to navel gaze about on HN, then they have to do the best with what they have.
Sure, I'm not suggesting "do nothing", I elaborate on what I'm suggesting in another reply below, re: backoff/retry strategies. I think online community management software needs features to better handle defectors and other non-constructive interactions, and not just focus on features that facilitate or ease communication. Sometimes you don't want to increase communication speed, sometimes you want back pressure to slow things down.
Yes, I agree. Everyone deserves another chance, several of them even.
I'm reasonably sure there had been at least Slack bans before though; this wasn't the first ban (I thought I mentioned this before, but looks like I forgot).
I left various projects due to rudeness. I joined other projects as they felt welcoming.
In my (limited) experience, naming projects you left due to rudeness or bad behaviour tends to lead to that bad behaviour noticing your message and pestering you with questions about exactly why you left, and arguing that you are being unreasonable -- which is why I'm not naming those projects.
I dunno, aren't people a bunch of morons when you really get down to it? Like, isn't that a legitimate complaint too?
> Whether he's a great programmer/contributor not isn't really important here.
I'd make a distinction here between having a reputation as a great contributor and having something important and correct to say in a given exchange. No, a community shouldn't put up with a person with a great reputation (or elevated title or higher pay grade) if they are unpleasant and wrong. But if they're right and they're a little impatient or impulsive, the community has more to gain from listening and simply pointing out they don't need to be impatient and impulsive. Let him build up a reputation for being a jerk rather than just ban him.
> I dunno, aren't people a bunch of morons when you really get down to it? Like, isn't that a legitimate complaint too?
It's still unproductive to say that in a community support space.
Who's the bigger moron, the moron or the guy holding a public grudge for over a year about how unfair it is they're not letting him in the channel full of morons?
It is true but usually not useful to say. Start with the assumption he 80% of everything is crap and be happy about the exceptions but not really fussed at the crap. If you can’t do do these things, you lack the merit needed to work with others. You can always go off alone and do excellent stuff.
I don't have a full list of all posts at hand (some of which may be removed), but I've seen some other similar stuff as well; it's not an isolated incident. I was reading through the previous thread on this issue (goproxy sending loads of requests) and this one was posted as an example there.
I was indeed in the wrong when I made this comment four years ago. I have since apologized for it. I don't intend to re-litigate anything on HN at this point, but I have good reason to believe that this incident is unrelated to the reason I am presently banned.
The linked comment was indeed out of line, and perhaps you feel justified in thinking that it should be sufficient grounds for a permanent expulsion from the community. I won't argue with that, fair enough. However, I don't think it's reasonable to use it as grounds to suggest that anyone should have their servers DoSed by Google with no recourse, and I think blocking Google is a reasonable move given two years of inaction from the Go team to resolve the issue.
> I don't think it's reasonable to use it as grounds to suggest that anyone should have their servers DoSed by Google with no recourse
Of course not; this entire thread isn't necessarily hugely on-topic here, but it got brought up, so ... well ... here we are. And in fairness, you did bring up your ban in the posted article.
> The linked comment was indeed out of line, and perhaps you feel justified in thinking that it should be sufficient grounds for a permanent expulsion from the community. I won't argue with that, fair enough.
No, I don't think anyone should be banned for a singular comment, no matter how egregious. Everyone deserves second chances, and third ones, even fourth ones maybe. There's some decent data from Stack Overflow that shows that after a ban many people keep posting and many don't get a second ban (i.e. their behaviour improves).
> I have good reason to believe that this incident is unrelated to the reason I am presently banned.
I think the thing is that it's part of a pattern. Usually the "final straw" isn't the worst incident, or even that bad of an incident in itself. Incidents like this aren't isolated and previous behaviour does tend to factor in: "oh, that's the same guy who called us a bunch of morons last year".
> "oh, that's the same guy who called us a bunch of morons last year"
Wait, did some folks in the Go community write that EFAIL site that was referenced as a reason to drop OpenPGP? If so, that changes the context of the post a bit, but I didn't see anything indicating that was the case in the linked thread.
Obviously, your expulsion from the Go issue tracker for abusive conduct is a separable issue from the Go module proxy, as you can see from Go project participants reiterating that the offer to exclude you from the refresh list still stands.
Clearly it was not satisfactory to you, since it was made over 8 months ago, and you didn't take them up on it. I'm objecting here only to the framing you've created that your ouster from the Go issue forum --- which we can see was done with cause --- is what precipitated this situation.
We can behave like adults, ask why it's not satisfactory, and come to a more agreeable mutual solution, or we can blithely offer an incomplete solution, muzzle the other party, and just continue our DDoS.
See, here you just did it again: "muzzle the other party", as if it was causally connected to your disagreement about how the module proxy should work, and not to the abuse you inflicted on members of that community.
I think it's worth taking a step back here to say that IMHO regardless of whether the OP's previous comments justify his expulsion from the issue tracker, having the only other available "DDoS opt-out" mechanism be to email Russ Cox directly is _completely insane_ and unacceptable for an organization of Google's size and funding level. If they're going to ban members from the community (perhaps justifiably so), Google needs to either provide another public place to make one of these requests, or preferably make the DDoS feature opt-in rather than opt-out.
I admitted that my comments about EFAIL -- four years ago now -- were in the wrong, and apologized for them. Unless you're going to argue that this issue should justify consuming 70% of my system's network bandwidth without recourse, move on.
In the interest of not feeding the trolls, I think I can safely stop engaging with you on this thread. Or maybe on any thread -- you and I never seem to have a productive conversation on this website.
> In the interest of not feeding the trolls, I think I can safely stop engaging with you on this thread. Or maybe on any thread -- you and I never seem to have a productive conversation on this website.
HN would be so very much more pleasant with ignore-lists.
Since GH requires login to see minimized comments, here it is:
ddevault on Feb 15, 2019
"EFAIL" is an alarmist puff piece written by morons to slander PGP and inflate their egos. The standards don't need to change to fix the problems it mentions. The proposals help... marginally. The problem is not and was never with OpenPGP, it's with poorly written email clients (e.g. all email clients).
Virtually nobody uses PGP, and it is not at all pivotal. It is one of the least important widely-known cryptosystems on the Internet; like the book "Applied Cryptography", it has a cheering section because of the era in which it was released, and a generation of lay-engineers has taken PGP as a synecdoche for all privacy cryptography.
It is also badly broken and has an archaic design.
Most notably: Filippo had nothing to do with EFail, which was one of the most important cryptographic results of the last 5 years. You don't so much need Drew Devault to tell you that; it's peer-reviewed research.
I am no cheering fan, for sure, but I think it's disingenuous to say PGP is one of the least important systems on the internet. Debian package distribution, notably, depends rather pivotally on PGP to ensure authenticity. Keybase uses PGP as it's root trust mechanism. There are plenty of email services that use PGP to secure messages. I've even come across some recent (as in the last few years) startups using PGP to implement their internal or application-level trust relationships (run by quite sane and well adjusted individuals nonetheless). I worked at a Unicorn in the last 10 years that implemented secret storage and distribution using GPG tooling. In fact, recently and close to home for me, we implemented some application level key exchanges and the security person we consulted with for a 2nd set of eyes actually said (paraphrasing), "I don't like this thing it's custom but if you use ElGamal I'd be more comfortable because at least it's well understood."
Of course these are all things that can and probably should be replaced by something more palatable. So why haven't they?
If it's not obvious, my argument is neither for nor against PGP, really. It's that I'm tired of hearing about how much PGP sucks without also hearing about the solution. I think the burden is on the people wishing to eradicate it to muster up the blesséd alternative and shepherd it into the vernacular.
It is one thing to make a case for the continued maintenance of PGP, or even to say that it has a place in modern cryptography (that's an outré thing to say among cryptography engineers, but, whatever).
It's another thing entirely to say that any cryptography engineer critical of PGP must have a weird personal vendetta against it, as you did upthread.
Harsh criticism of the failings of PGP is practically an orthodoxy among cryptography engineers. It is not a good design by modern standards, and lots of cryptographers would dearly love to be rid of it. Push back on them because you don't think it's worth the time for Debian to switch to minisign, fine, but don't slander people while you're doing it.
I didn't say "that any cryptography engineer critical of PGP must have a weird personal vendetta against it". I know the history and context around the matter. I know Filo has actually tried to do the work to replace PGP. I know it didn't stick. I imagine he more than many people understands how difficult the task of replacing it is. But in my opinion that should lead to a more tempered stance that represents an understanding of this subtlety. Instead we see him on team deprecate PGP software because it's not what We want golang users using. Excuse me if I attribute a small ounce of personal pride to that stance. I could be wrong. This is a discussion thread not a formal essay. I respect many things about Filo. I'm just critical of this particular crusade.
I mean yeah, you're right. PGP has been culturally deprecated for years now. There's no skirting that. I am quite happy that Debian is switching to minisign. Once that transition is complete that will be one less reason to keep PGP around. Really, I have absolutely zero allegiance to PGP. I'm just willing to admit that it works (and quite well) despite all the shortcomings that cryptography engineers love to spar with during happy hours. I sincerely do not disparage efforts to replace PGP. I am just tired of the passé mantra that PGP sux amirite or gtfo. As we both clearly understand, it's not really that simple.
You could reasonably agree or disagree with Filippo take, and after quite a bit of discussion it was decided to not deprecate the opengpg[1]. I'm pretty sure that Drew's comment contributed exactly 0% to that decision.
[1]: It was deprecated a two years later as no one stepped up to maintain it, so it bitrotted even further, and there are other (better) 3rd party implementations anyway. Speaking up is nice, actually doing the work is better.
PGP is difficult to replace. It’s very well supported, and frankly works sufficiently well (sure, it’s outdated, but so is SSH, TLS etc). There are other software that might be more secure and user friendly, but PGP is also secure. A lot of extremely sensitive information is encrypted with pgp.
This is a weird definition of "personal", like PGP kicked his dog or something. The arguments he makes against it are detailed and the agreement of most working cryptographers, even if they don't agree with his specific deprecation schedule. Some people would call that "good engineering".
“Good engineering” would be to meticulously develop and standardize a replacement before idealistically purging the world of alleged “bad software”. Since this endeavor has yet to be undertaken, PGP it is. Good engineers understand this reality.
Look, you can make solid arguments till you are blue in the face about why PGP is unclean and unfit for modern cryptography. And you can be 100% right. But that doesn't mean people who disagree are wrong. There are 100% valid arguments and use cases for PGP too. It takes a mature personality to understand this nuance. And to understand that sharing a mic drop piece about why PGP sucks, getting your security buddies to laugh with you, and then trying to rip it out of existence is incredibly short sighted, ill mannered, and not in the least bit “good engineering”.
Come the fuck off this "mature personality" shit if you're going to write like this. He proposed freezing a module no one wanted to maintain in a library specifically meant to host stuff with weaker compat guarantees, he didn't hop in a DeLorean and kill Zimmermann's grandpa.
Meanwhile, the critical project Drew insisted he keep it for is... deprecated and unmaintained!
That was referencing past conversations I've had where it was very much like I describe. I'll admit I'm channeling some past frustrations and stereotyping and apologize for not making the distinction clear. I am not referring to you or anyone here or anyone on the golang thread, for the record.
> No one liked how all of this turned out, but it did make the Go community a better place
Doubtful. Knowing that the Go team has a habit of ousting contributors because some feefees got hurt ensures that I'll never even consider trying to contribute.
The question is: how many other valuable contributors are you missing out on because of that person?
The "classic" example of this is Ulrich Drepper, who maintained GNU libc for many years. Everyone agrees he's a great programmer. He's a better programmer than I am. But he was also ... difficult. More difficult than anyone else I've seen in a mainstream widely-used project. Many people didn't contribute purely because they just didn't want to deal with Drepper. Debian found it necessarily to fork GNU libc because of Drepper.
So even if we adopt a purely utilitarian attitude on this (and I don't think we should in the first place), I think it's still a bad idea to grant some people a license to be a jerk. In many cases you're not going to come out with better contributions and code.
>Many people didn't contribute purely because they just didn't want to deal with Drepper.
I have no numbers to be able to confirm or deny this, but...
>Debian found it necessarily to fork GNU libc because of Drepper.
... Debian created eglibc because they needed glibc to support their use case and Drepper didn't. Even if Drepper had been the nicest person in the world, if he rejected patches to run glibc on non-x86 then forking was unavoidable.
I don't think Ulrich Drepper is a good example. He wasn't just rude; he also blocked merging important changes. I think a better example is Linus Torvalds.
> In many cases you're not going to come out with better contributions and code.
Why should better drivers be permitted to road rage? That's just a nonsensical question, being unable to drive without being a menace makes you a worse driver.
I've blocked many of the people that called for Peter's ban on Twitter. I don't want to be on their radar or a target of some sort of witch hunt. I consider myself a nice person and not inflammatory/offensive, but I'm a belt and suspenders type of person. It's more important that I can submit an issue on the tracker than interacting "socially" with people who have a higher chance of ostracizing targeted individuals. The risks in my mind now far outweigh the rewards.
Why were people calling for Peter's ban? I'm having a hard time imagining behavior that is so toxic that it merits a ban when "publicly advocating for banning someone from the community" is apparently fair play.
Both are abrasive, but in my mind, this is a cultural issue.
I grew up in a judgmental, holier-than-thou religion that I rejected at an early
age and then was ex-communicated from on my 18th birthday. I've lived this
pattern of judgement and ostracisation. It's dangerous, closed minded, and
wrong.
One of the reasons I work in software is because I'm a "strange" person. I say
things people don't understand, my value system is radically different from my
peers and "normies". I am a very different type of person. Software was a safe
place for weird people, including the productive, but sometimes abrasive. It's a
shame to make software not a place for a wide range of diverse people. In my
difference, I don't want my cultural differences to be targeted by witch hunts,
those looking for blood to prop up their own "moral superiority".
And I personally have no cultural issue with people who say things like, "shitty
usage of the GPG command line tool by applications." They're welcome in my
circles as I sincerely consider myself less judgmental than those calling for a
ban, but perhaps in kindness I can urge people who say stuff like that to, over
time, to be more kind and sensitive. Kindness is a skill that needs
development. Not everyone is in the same place. It's certainly something I'm
working on every day. And if not, that's okay too, not all of us are built with
the same social skills, and that's okay. To _not_ be self-righteous requires
long-suffering. Peter and Drew were worth more effort.
> I don't want to be on their radar or a target of some sort of witch hunt.
My first thought at the time was "oh gosh, it's not just me!" I think many people had a similar feeling. I don't think it's really a "witch hunt"; more a sigh of relief.
As far as I know, they don't. AFAIK the two cases discussed here are the only two notable ones (that is, people who are not outright trolls and the like).
