Namespaces, Intellectual Property, Dependencies And A Big Giant Mess

from the yikes dept

There's been a bit of a mess in the programming world, the past few days, that you may have missed if you don't pay close attention to certain circles of the internet, but it's fascinating on a number of different levels. The mess began when people at the messenger app Kik, realized that someone else, a guy named Azer Koculu, had a module on NPM named "kik." Some background: NPM stands for Node Package Manager -- and that's exactly what it is: a package manager/repository for programmers to share and reuse javascript code, useful for folks using node.js (a server side javascript environment). This is a good thing as it allows for fairly easy opportunities to share code and build on the work of others without having to reinvent the wheel.

However, a "patent agent" (not a lawyer) at Kik then reached out to Koculu about the possibility of changing the name of his "kik" module, saying:
Azer: We’re reaching out to you as we’d very much like to use our name “kik” for an important package that we are going to release soon. Unfortunately, your use of kik (and kik-starter) mean that we can’t and our users will be confused and/or unable to find our package.

Can we get you to rename your kik package?

Bob Stratton

kik Interactive
Azer saw that the request came from a "patent agent" and, believing it was an intellectual property lawyer, told him he had no interest in changing the name:
Sorry, I’m building an open source project with that name.
It appears that there were a few initial misunderstandings already here. Both in whether it was a lawyer making the request and with respect to the nature of the request (and that Kik is looking to release its own open source code on npm, rather than just acting like an all-too-typical trademark bully). And it gets worse almost immediately as Stratton responds in exactly the wrong way, by moving to a pretty clearly implied legal threat:
We don’t mean to be a dick about it, but it’s a registered Trademark in most countries around the world and if you actually release an open source project called kik, our trademark lawyers are going to be banging on your door and taking down your accounts and stuff like that — and we’d have no choice but to do all that because you have to enforce trademarks or you lose them.

Can we not come to some sort of a compromise to get you to change the name without involving lawyers? Is there something we could do for you in compensation to get you to change the name?

Bob Stratton

kik Interactive
Bringing up trademark and trademark lawyers at this point is stupid, but depending on how you read this you could see how Stratton actually meant it to be more explanatory, as in "Hey, let's talk about this," but it pretty clearly comes off as "Hey, give me what I want... or else big mean lawyers." And the latter is exactly how Koculu took it, responding: "hahah, you’re actually being a dick. so, fuck you. don’t e-mail me back."

At that point Kik and Stratton reached out directly to NPM (though along with one more attempt to reach out to Koculu, including offering to compensate him for changing the name -- which is actually a reasonable request, if it had come prior to threatening with lawyers), and after reviewing the exchange NPM did something something surprising to many: it decided that Kik was in the right, and handed over the kik name to the company. Here was their email:
Hi, Azer.

I hear your frustration. The desire to continue to use the kik and kik-starter package names, is clear.

Our goal is to make publishing and installing packages as frictionless as possible. In this case, we believe that most users who would come across a kik package, would reasonably expect it to be related to kik.com. In this context, transferring ownership of these two package names achieves that goal. I understand that you’ve committed time and energy to the packages already, and we don’t take that lightly. I’m hopeful that you’ll be able to republish this project with a new name.

Bob,

Can you provide an npm account to transfer the name to?

Thank you both for your patience and understanding.
Some of this could have been avoided if whatever "arbitration" process there was over handling name conflicts was more out in the open. A lot of people are discussing the trademark law question here, and that seems... premature. Stratton shouldn't have brought up trademark law in his email, and there's a reasonable argument that there's not much of a trademark conflict here, but it's not totally cut and dried. Either way, there should have been a way to settle it much more amicably, including a more open arbitration process where both sides were able to make their cases, and the process and its possible outcomes were clear. Instead, NPM just sided with Kik and away things went.

Koculu, reasonably upset by this move, removed everything that he had from NPM:
This situation made me realize that NPM is someone’s private land where corporate is more powerful than the people, and I do open source because, Power To The People.

Summary; NPM is no longer a place that I’ll share my open source work at, so, I’ve just unpublished all my modules.

This is not a knee-jerk action. I love open source and believe that open source community will eventually create a truly free alternative for NPM.
The problem came from the fact that a ton of systems relied, either directly or indirectly, on another bit of code by Koculu, called left-pad, and then basically... a ton of stuff on the internet broke. Basically a variety of services either rely directly on the 11-lines of code that is left-pad, or rely on other modules that in turn rely on left-pad. Remove those 11 lines of code and apparently a whole lot of the internet breaks. Koculu did move the code elsewhere, and by just pointing dependencies elsewhere most of this could have been fixed. Or, since it was open source, someone could just... replace left-pad. And that's what someone did. Another NPM user, Cameron Westland, apparently replaced left-pad, with a higher version number, which is allowed when a project has been unpublished. However, since some of the dependencies directly pointed to the specific version number of left-pad, things were still broken and NPM took the "unprecedented" step of giving the new left-pad back the old version number (0.0.3) and stuff stopped breaking (for now).

And since then... everyone's been yelling at each other. Some more reasonably than others. So, a few thoughts on all of this:
  1. The trademark thing: Lots of people are focusing on this, but it's kind of a red herring. No trademark lawyers were ever actually involved. However, to me, it's much more a condemnation of the idiotic ways in which trademark law (not to mention copyright and patent law) are so frequently abused in the tech space and beyond. So many in the tech community are quite reasonably primed to be outraged at stupid trademark bullying because it happens all the time, that it's no surprise that Koculu's instinctual reaction is that this was what was happening to him. The fact that Kik had a patent agent (why?!?) contact him, and then that patent agent brought up trademark in a threatening way, only confirmed Koculu's initial reaction. Kik should have handled that much better.
  2. NPM's dispute process: Since it operates the platform, it has every right to make decisions on how the platform is used and how it handles namespaces. However, with that power comes plenty of responsibility, if it wishes to maintain the trust and support of the developers who use it. Making decisions with little transparency or without a clear and open process is going to lead to results like this. NPM didn't appear to attempt to arbitrate the dispute or to even calm down the initial exchange. It just decided one way with very minimal explanation and no indication that the process could be appealed or disputed.
  3. On "code stealing": Some have argued that NPM "stole" Koculu's code or that it just gave it to another person to maintain, but that's wrong. The code was open sourced, so it could be reused. The only question was around allowing that code to have the original version number, which again gets back to a trust issue. As Sven Slootweg pointed out, the implications here could seriously undermine trust:

    Then the next disaster struck, once people realized that not only could Kik (the company) push whatever code they wanted as a patch version to existing users of the kik library... but anybody could register any of the other now-removed NPM packages, and do the same thing.

    This is a security issue so significant, that I can't believe it even happened. Had a malware author scooped up left-pad, for example, they could have infected potentially thousands to millions of users with a single publish. In fact, that still might happen - because who is nj48 anyway?

    This really cannot ever, ever, ever be allowed. Global namespace or not, once an identifier has been used and removed, it should not ever be possible to reassign it to anything else.

    Another potential solution for this, which should be perfectly legitimate with open source code is that if you're publishing it as a package that can be a dependency, it can't be removed. The developer can abandon it or move on, but they shouldn't be able to delete the code. That, alone, was a big part of the problem here.
  4. Careful who you depend on: Really, the biggest thing that stood out to me in all of this is the house of cards of different dependencies that creates layers upon layers of interdependencies that many people don't even realize exist. Pulling one little 11-line bit of code out of a package manager could bring parts of the internet to its knees. That's ridiculous on multiple levels. David Haney had a great post on all of this asking if people had forgotten how to code that they're now relying on dependencies for very simple functions like left-pad:
    ...even if the package’s logic is correct, I can’t help but be amazed by the fact that developers are taking on dependencies for single line functions that they should be able to write with their eyes closed. In my opinion, if you cannot write a left-pad, is-positive-integer, or isArray function in 5 minutes flat (including the time you spend Googling), then you don’t actually know how to code. Hell, any of these would make a great code screening interview question to determine whether or not a candidate can code.

    Finally, stringing APIs together and calling it programming doesn’t make it programming. It’s some crazy form of dependency hacking that involves the cloud, over-engineering things, and complexity far beyond what’s actually needed.

    What’s worse is that if any of your code (or the 3rd party library code) has a bug or breaks, you won’t know how to debug or fix it if you don’t know how to program.
    He's right that people "outsourcing" such simple functions to packages seems ridiculous, but to me the bigger issue is why so many did so as a dependency. I'm less concerned about people reusing code (which can be a good thing), than the fact that so many set these things up to be dependent on other code they had no control over. I get the value of modular systems and the ability to string together stuff, but when important code is totally reliant on layers upon layers of third parties, that seems ridiculous. If you want to reuse the code, why not just bring the code into your program, rather than making a dependency on something so basic? Obviously, many of the systems that relied on left-pad didn't even realize they were doing so, as they relied on other systems that had a dependency on left-pad, so the problem was "downstream," so to speak. But, still, if you're going to rely on dependencies, it seems like you should recognize just how fragile the house of cards you're relying on may be.
The open source world is great and powerful, and the rise of package managers and code repositories is also great. But people should be aware of what they're relying on when they build their systems, and how quickly it might fall apart. Oh, and trademark bullying is lame.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: azer koculu, dependencies, kik, left-pad, modules, namespaces, node.js, npm, open source, threats, trademark
Companies: kik, npm


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    TechDescartes (profile), 25 Mar 2016 @ 7:59pm

    Two Wrongs Don't Make a Right, But Three Lefts…

    So left-pad left?

    link to this | view in chronology ]

  • icon
    Anonymous Anonymous Coward (profile), 25 Mar 2016 @ 7:59pm

    Numbers are the answer to remove petiness from the world of IP

    We would all be better off if everyone and every entity just had a number. Like we already don't. Just, if we were identified by our number, instead of names, we could lose all this falderal with regard to names and trademarks. We could get rid of marketing and PR firms as names and identities would no longer have any value and no cute rhymes could be made up with regard to the company to which we refer. Just think, singsong numbers for advertising...oh I am looking forward to the entertainment value of that!!!

    Being just a number eliminates the possibility of other identifying features. Movies would just be the next production number from registered studio ffff, books would be the next items from registered writer @xxxxxxxxxxxxx and music would be requested by registered group Myyyyyyyyyyyyy song number ggggg from album number V or whatever (it is fun to use his login for whatever we want).

    Or we could eliminate the idea of IP altogether with a more limited usage of Trademark where every business name and product name is required to be registered and determinations made at that time, not later after value has been built. The point being: this shit is really not worth the time and cost of courts, make it simple stupid! KISS...SMACK

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Mar 2016 @ 8:56pm

      Re: Numbers are the answer to remove petiness from the world of IP

      Yeah... I can see it...

      Prosecutor: We arrested 35513-223 on a 418 for illegally copying movie mst3k-0003. We tracked him down at 127.0.0.1 where he was using bitxxx-018.12 to share....

      Defense: Objection! This document clearly shows that the movie was ms13k-0003, which is registered to 35513-223. This can't be copyright infringement.

      (defendant whispers in Defense's ear, showing his ID card)
      Defense: Furthermore, this person is NOT 35513-223, it is 35513-232! This is clearly a case of mistaken identity!

      Judge: Mr Prosecutor, is Officer 35111-877 dyslexic?

      Prosecutor: Er, it would appear so, your Honor.

      Judge: That would explain the last three cases. Dismissed!

      link to this | view in chronology ]

    • icon
      klaus (profile), 26 Mar 2016 @ 3:18am

      Re: Numbers are the answer to remove petiness from the world of IP

      So who is Number 1?

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 26 Mar 2016 @ 3:37am

        Re: Re: Numbers are the answer to remove petiness from the world of IP

        You are Number 6

        link to this | view in chronology ]

        • icon
          klaus (profile), 26 Mar 2016 @ 4:17am

          Re: Re: Re: Numbers are the answer to remove petiness from the world of IP

          I am not a number, I am a free man!

          Be seeing you.

          link to this | view in chronology ]

        • identicon
          Anonymous Coward, 26 Mar 2016 @ 12:55pm

          Re: Re: Re: Numbers are the answer to remove petiness from the world of IP

          I am Number Four.

          Sadly, I'm now also $150,000 in debt.

          link to this | view in chronology ]

      • identicon
        Anonymous Coward, 1 Apr 2016 @ 11:35am

        Re: Re: Numbers are the answer to remove petiness from the world of IP

        Will T Riker obviously

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Mar 2016 @ 8:47pm

    A lot of projects were not affected by the problem because...

    ... they mirrored the dependencies locally.

    Admittedly, that means that someone has to ensure that the local copies get updated regularly, but if something falls down, you've GOT everything you need to revert to a previous version.

    link to this | view in chronology ]

  • icon
    TKnarr (profile), 25 Mar 2016 @ 8:55pm

    One thing to do would be to qualify package names like this with the identity of the owner. Java does this with classes, you're supposed to use your domain name (reversed) to qualify your package names so there can't be any conflicts with anyone else's packages. That'd handle the technical aspects of it.

    For the legal aspects, pound it through the skulls of the lawyers that trademark law allows for more than a single instance of a mark. That's why the whole categorization system for trademarks exists, not to mention individual countries having their own independent trademark systems. The phrasing should be along the lines of "It is your job to know this. If you ignore it, the least you can expect is a claim of malpractice against you and being held personally liable for the full legal costs of both the opposing party and your own client.". And the same for trademark holders, make it clear that while they may have a duty to investigate any potential infringement of their mark they don't have a duty to do anything about non-infringing uses and they do have a duty to not ignore relevant parts of trademark law when deciding whether there's infringement. Long and short, certain parties are acting like 5-year-olds involved in a playground squabble and an adult needs to grab them by the collar and tell them to play nice with others or they can sit inside and do homework during recess.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Mar 2016 @ 9:02pm

      Re:

      This.

      What sort of development package management solution is so short-sighted that it doesn't anticipate package naming collisions of this type.

      When it comes to development, people like short, simple names for things - if you don't qualify packages with an "author", you're bound to run into exactly this problem.

      link to this | view in chronology ]

    • icon
      klaus (profile), 26 Mar 2016 @ 3:33am

      Re:

      You would have hoped that NPM would have taken a more central and positive role in this dispute. What were they thinking? And you're right... so what if there are two 'kik's with skin in the game. Humanity copes well enough with a finite range of names, what makes trademark law think it's so special?

      My biggest takeaway on this though are the comments from Sven Slootweg - open source is NOT as secure as we were led to believe.

      link to this | view in chronology ]

      • icon
        TKnarr (profile), 26 Mar 2016 @ 10:57am

        Re: Re:

        I'd say open source is secure in that respect, because you can legally make a local copy so you aren't dependent on the repository or availability from an external source for your dependencies. That eliminates the problems entirely.

        Trademark law doesn't think it's special, as I noted it specifically allows for different people to own the same mark in different fields. It's trademark lawyers and trademark holders who think that having a mark gives you a monopoly over all uses of it everywhere for anything, and the courts humor them instead of tossing them out on their ear.

        link to this | view in chronology ]

  • icon
    ek hornbeck (profile), 25 Mar 2016 @ 10:08pm

    As a coder...

    from back in the day, I wrote tons of crap like left-pad (inherently obvious if you code at all) and I'd re-write it for every stinking project. It wasn't really so bad, it gave me a break from the hard stuff.

    After a while (and reading some things about structured programming) I first put it in a searchable text (Basic, gotta love it) for cut and paste and then later (C, now there's a language) in headers and link libraries.

    Were I to code today (and I don't because there is no money in it) I think I would still be a little leery of depending on a library I did not completely understand and control.

    I know that's not the style now- use an API! To me that's like putting in a jump to a subroutine in the Apple ][ Rom.

    link to this | view in chronology ]

    • icon
      nasch (profile), 28 Mar 2016 @ 11:11am

      Re: As a coder...

      Were I to code today (and I don't because there is no money in it)

      Don't tell my boss that, he is still paying me.

      link to this | view in chronology ]

      • icon
        MrTroy (profile), 28 Mar 2016 @ 11:44pm

        Re: Re: As a coder...

        I know that's not the style now- use an API! To me that's like putting in a jump to a subroutine in the Apple ][ Rom.

        Personally, I'm just glad he's not coding any more!

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Mar 2016 @ 10:22pm

    "However, since some of the dependencies directly pointed to the specific version number of left-pad"

    And nobody could change the number in their own code? It seems trivial to fix. Unless you depend on JS that's obfuscated to the point where you can't tell what its dependencies are, and that code depended on this code, and you don't have support. (And why would you ever do that?)

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 26 Mar 2016 @ 4:27am

      Re:

      Have you seen how javascript is used on many sites?

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 26 Mar 2016 @ 7:58am

      Re:

      "And nobody could change the number in their own code? It seems trivial to fix."

      You might think so, but the problem is that most people didn't even know they depended on it. It was a deep dependency, and that's harder to fix. Contrary to what the article implies, this didn't "break the internet;" this mainly broke build phases. Anyone who was already using left-pad in a project could still do so. It didn't just magically disappear from your node_modules folder. You couldn't install any new modules that depended on it however, as each module pulls in its own set of dependencies. There's not an easy way to fix that as it would require modifying code on npm for those modules that you didn't own.

      link to this | view in chronology ]

      • icon
        orbitalinsertion (profile), 26 Mar 2016 @ 6:40pm

        Re: Re:

        I was wondering about this "breaking sites / the internet" thing. I was imagining that all of them were somehow having their script called from some other domain where it is hosted (popular enough idiocy as it is) instead of having this bit of code and its environment hosted with their sites.

        Really, everything has gotten incredibly stupid under the guise of innovation, but that concept sort of stretched my credulity a bit. So I am glad you commented, and i didn't have to post a whiskey tango alpha foxtrot comment blind.

        link to this | view in chronology ]

      • identicon
        Anonymous Coward, 27 Mar 2016 @ 8:15am

        Re: Re:

        Contrary to what the article implies, this didn't "break the internet;"

        If Mike says it broke the the internet, then it broke the internet. I believe everything Mike says.

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 26 Mar 2016 @ 4:25am

    This wouldn't be a problem if JavaScript didn't make you do all this obvious stuff yourself, rather than integrating it into the standard library like every competent language does.

    link to this | view in chronology ]

    • icon
      John Fenderson (profile), 26 Mar 2016 @ 7:54am

      Re:

      The fault here is not Azer Koculu, kik, Javascript, or even IP law.

      The fault is that there are far too many developers who are engaging in the terrible practice of including run-time dependencies on code that they aren't in control over.

      That is always a very risky thing to do. Those developers took a risk and it the chips fell the wrong way.

      link to this | view in chronology ]

      • icon
        orbitalinsertion (profile), 26 Mar 2016 @ 6:45pm

        Re: Re:

        Consequences of the (just barely, maybe) Good Enough and memory/processing is cheap cultural mindsets. (And devaluing actual knowledgeable people, and expanding the definition of "development" to include whatever.)

        link to this | view in chronology ]

      • icon
        nasch (profile), 28 Mar 2016 @ 11:14am

        Re: Re:

        The fault is that there are far too many developers who are engaging in the terrible practice of including run-time dependencies on code that they aren't in control over.

        And I would say the fault of NPM for making that the easiest (or at least a very easy) way to develop using their platform. Android development, for example, kind of has a culture of pulling in all kinds of libraries to do various things, but they're retrieved at build time, not run time. Someone pulling a package could have you scrambling to replace it for the next version, but deployed apps will continue to work because the 3rd-party code is packaged with the app.

        link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 26 Mar 2016 @ 4:33am

    Because we have IP we get all the things we want. This is the message that has been sent.
    Rather than contact the coder and explain 'We'd really like to acquire the name from you. See we have an app called kik so we'd really like to get the name for something we are planning on publishing. I know this is a big hassle, but we have $X to offer to offset the hassle. Would you be interested?'
    They went from the place of we own the IP and we are going to make demands of an open source coder and play right into the entire stereotype. Then the playground monitor decided that bowing to a corporation ASAP was the right play to avoid hassles, ignoring that the shockwave that would be generated by giving the appearance of caring more about corporate interests over those who actually use the playground.

    There are people who are pissed that the coder pulled his code, one might assume because it broke something for them. The message is you can't be offended, take your ball, and go home even after people shit on you. Of course when something happens to them, they will be SHOCKED that other people will tell them you can't be offended, take your ball, and go home even after people shit on you.

    I expect that this little kerfluffle is going to change some things, and maybe not in a way that will benefit NPM. The changing and reassigning numbers so some people might be unaware there was a change will bite them. Recent memory has a story about some tool who acquired some popular WP plugins & inserted code to make him his very own backdoor and ship the passwords to his server. People didn't notice the authorship got changed right away & were getting burned because people just expected a thing with the right name was the same as the thing they always used.

    The model of a central place to get things has gotten a couple of black eyes out of this, and once people stop being pissed at the coder & look at what happened & how there are plenty of points where it went sideways.

    Also is anyone really curious to see what kik is going to publish, and if it is a worthless piece of uselessness but at least it let them get their name out there.

    link to this | view in chronology ]

    • icon
      nasch (profile), 28 Mar 2016 @ 11:16am

      Re:

      I expect that this little kerfluffle is going to change some things, and maybe not in a way that will benefit NPM.

      If nothing else, I think they're looking at changing their system so devs can't unpublish things.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 26 Mar 2016 @ 6:45am

    The Matrix, Watson, Skynet, AlphaGo, et al.

    "...layers upon layers of interdependencies that many people [sic] don't even realize exist."

    This is how we will bring the AIs to their knees.

    link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 26 Mar 2016 @ 8:38am

    Leave it to Mike to deliberately leave out some important facts. I read this story over at Ars and Azer Koculu basically told Kik to "fuck off".

    Here's what the Ars article said about the exchange:

    *********

    In an e-mail to Koçulu on March 11, Bob Stratton of Kik explained the issue. "We’re reaching out to you as we’d very much like to use our name “kik” for an important package that we are going to release soon," Stratton wrote. "Unfortunately, your use of kik (and kik-starter) mean that we can’t and our users will be confused and/or unable to find our package. Can we get you to rename your kik package?"

    Koçulu replied an hour later, simply saying: "Sorry, I’m building an open source project with that name."

    This didn't sit well with Kik (the company). Stratton responded the next day, saying "We don't mean to be a dick about it, but it's a registered trademark." He then mentioned that if Koçulu went ahead with a project with that name, "our trademark lawyers are going to be banging on your door and taking down your accounts and stuff like that—and we'd have to do all that because you have to enforce trademarks or you lose them. Can we not come to some sort of a compromise to get you to change the name without involving lawyers?"

    "Hahah, you're actually being a dick," Koçulu replied. "So, fuck you. Don't e-mail me back." After a final plea from Stratton, he answered, "Yeah, you can buy it for $30,000 for the hassle of giving up with my pet project for bunch of corporate dicks."

    ******

    It would be nice if Mike actually looked into this without making it sound like some patent troll fight.

    Source: http://arstechnica.com/information-technology/2016/03/rage-quit-coder-unpublished-17-lines-of-javasc ript-and-broke-the-internet/

    link to this | view in chronology ]

    • icon
      John Fenderson (profile), 26 Mar 2016 @ 8:45am

      Re:

      Ummm... I'm not seeing a substantive difference between this writeup and the Ars Technica one.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 26 Mar 2016 @ 8:53am

        Re: Re:

        Ummm... I'm not seeing a substantive difference between this writeup and the Ars Technica one.

        One was written by Mike and one wasn't. That seems to be enough for some people.

        link to this | view in chronology ]

      • icon
        NaBUru38 (profile), 29 Mar 2016 @ 11:02am

        Re: Re:

        Wait, two bloggers agreed? On the internet? Heresy! Bring the torches!

        link to this | view in chronology ]

    • identicon
      General Atomics, 26 Mar 2016 @ 9:34am

      Re:

      Please send your SnarkBot in for immediate servicing.

      Evidence accumulates that its ReadingComprehension module has become entirely disconnected from the MindlessBabbling module.

      Thank you, as always, for using General Atomics SnarkBot products and we look forward to your continued custom.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 26 Mar 2016 @ 8:50am

    A package that can be a dependency.

    Another potential solution for this, which should be perfectly legitimate with open source code is that if you're publishing it as a package that can be a dependency, it can't be removed.

    Almost any package *can* be a dependency. So, basically, no package can ever be removed.

    link to this | view in chronology ]

    • icon
      Mason Wheeler (profile), 26 Mar 2016 @ 9:34am

      Re: A package that can be a dependency.

      And there's no way to know what is a dependency and what isn't?

      Did they not bother finding out, or was it all registered in some trendy NoSQL database with no referential integrity? Because this has been a solved problem in the relational world for decades. If NPM had been running on a real database, this mess would have been literally impossible.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 26 Mar 2016 @ 9:41am

    Is left-pad even good code?

    So a bunch of people included a run-time dependency on code they didn't have control over. Foolish. However, to my eye (C/C++ and Matlab background) it doesn't even look like reasonable code and perhaps it should have been avoided all together. I shudder at the thought of repeated single character concatenation inside a loop. I know the modern thought is "who cares about efficiency, all computers have 2 jabilion cores", except that a) not all do, and b) maybe I'd rather do something else with those cores other than copy a string over and over and over.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 28 Mar 2016 @ 6:55am

      Re: Is left-pad even good code?

      You've hit the nail on the head. Many programmers essentially suck at programming because they take an approach that the shortest route to finish the program is the best route, regardless of efficiency.

      We are in a vicious cycle. We need more processor power to run inefficient programs, and when we get the additional processing power, the programs can become even more inefficient. The only saving grace is that all programs are finite, so no matter how poorly they are written most programs will operate fine (not great) on the processors that exist. The only place people currently get into trouble are processor intensive programs, such as certain video games, or numerical analysis programs. Hopefully people using super computers actually spend some time on efficiency.

      link to this | view in chronology ]

      • icon
        John Fenderson (profile), 28 Mar 2016 @ 7:17am

        Re: Re: Is left-pad even good code?

        This is exactly correct, although I wouldn't say that it's a result of programmers sucking as much as it is a result of companies being overly aggressive in terms of cost reduction. Time-to-market and reducing manpower costs are the only things that matter in most of the industry. Quality means little. You can see the systemic nature of this by looking at the most commonly used tools and languages: they are all designed to speed production at the expense of quality.

        This is a big reason the software industry is in the dismal state it is in (from a technical point of view), producing poor quality, bloated, badly designed and implemented crap.

        On the other hand, customers seem to be OK with buying poor quality, bloated, badly designed and implemented crap -- so a lot of the blame falls there, too.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 28 Mar 2016 @ 6:34pm

          Re: Re: Re: Is left-pad even good code?

          John:

          Re companies and aggressive cost reduction. Yeah, that's probably just as much to blame. However, in the olden days when I was programming, my bosses only asked when the program was going to be done, not how I did the programming. Of course, in the olden days there were fewer canned programs to rely upon, so most of the time we had to write all original or mostly original software. We did not have hundreds of megabytes or gigabytes per second processing power, so efficiency was pretty much required.

          I think your observation about the dismal state of programming and customers being okay is directly on point (well said!). Sadly, most customers are unaware of what they are missing. To the extent they think about software, I suspect most people are likely to blame their processor rather than a badly or poorly designed program.

          link to this | view in chronology ]

          • icon
            John Fenderson (profile), 29 Mar 2016 @ 9:58am

            Re: Re: Re: Re: Is left-pad even good code?

            "However, in the olden days when I was programming, my bosses only asked when the program was going to be done, not how I did the programming."

            I'm a greybeard engineer myself, so I remember the same days you do. Things are not different so much these days in nature (businesses, by their very nature, focus on cost reduction and always have), but in degree.

            link to this | view in chronology ]

            • icon
              John Fenderson (profile), 29 Mar 2016 @ 10:01am

              Re: Re: Re: Re: Re: Is left-pad even good code?

              Oh, also, the production cost situation has changed enormously. In the old days, the cost of hardware was more important than the cost of software development. These days, hardware is almost free (comparatively speaking), so the "correct" business decision is to throw more transistors at a problem rather than engage in proper engineering.

              It's an example of how the correct business solution can be a very incorrect solution overall.

              link to this | view in chronology ]

              • identicon
                Anonymous Coward, 30 Mar 2016 @ 6:46am

                Re: Re: Re: Re: Re: Re: Is left-pad even good code?

                Yes, indeed! I'm not sure if the tide will ever turn back in the other direction.

                There are probably real world analogies to the hardware/software situation. I wonder if the increase in size and weight of cars, followed by the attendant increase in engine size and decrease in gas mileage, is one such example.

                Designers were focused on bigger, more luxurious cars, so they got heavier. Of course gas was cheap, so who cared about gas mileage that was 12 to 16 MPG? It was only when the 1970s hit, in an era when cars out of Detroit were massive, with gas shortages and a dramatic rise in gas prices, that someone wondered why gas mileage of the average American made car was awful. Suddenly that devil-may-care attitude toward engine efficiency changed (and continues to change).

                Of course, Detroit had to be dragged to the party because designing something for which the historical returns were low was contrary to their philosophies. These days everyone wants to know the efficiency of a new car's engine. I wonder whether there is, or can be, a measure of software efficiency? Will software companies one day brag about the efficiency of their software?

                link to this | view in chronology ]

            • identicon
              Anonymous Coward, 30 Mar 2016 @ 6:35am

              Re: Re: Re: Re: Re: Is left-pad even good code?

              That makes sense (about the degree). Interesting discussion, John.

              link to this | view in chronology ]

  • identicon
    Anonymous Coward, 26 Mar 2016 @ 9:50am

    Koculo was absolutely in the wrong. Not only did the guy from Kik NOT resort to patent lawyers, he specifically stated he would compensate him in the same email, and what he would have to do *after he released it without changing the name* and explained it was a "defend it or lose it" deal, which is true.

    Koculu's responses are childish and increasingly ridiculous, especially when he cusses them out (and this was after they tried to reach out one more time). There was no C&D, no lawyers involved, and they reached out to NPM. Koculu was just being INCREDIBLY possessive and an asshole throughout the entire ordeal.

    link to this | view in chronology ]

    • icon
      That Anonymous Coward (profile), 26 Mar 2016 @ 10:09am

      Re:

      Completely his fault that they reached out from an account that appeared to be some sort of legal entity.
      Completely his fault that these types of threats are sent on a daily basis and we've all seen what happens.
      Completely his fault that they THREATENED to go legal because he failed to just give up what he was doing.
      Completely his fault that NPM scrapped a project he was working on because kik said give it to us for no reason other than we have a trademark but not for code and we want the name.

      He started a project, he controlled the name. They asked him to give it up, he said no. They persisted & made legal threats. He told them to fuck off, because they were bothering him. They got a 3rd party who is supposed to settle these disputes to hand the name over to them for no basis other than we are a corporation and we want that name.

      If someone rolled up and told you to change your thing because pointless reason, you are expected to just do it?
      Find a short pier, take a long walk.

      link to this | view in chronology ]

      • icon
        Chris Rhodes (profile), 26 Mar 2016 @ 11:28am

        Re: Re:

        He started a project, he controlled the name.
        Obviously false, since NPM had the authority to change it.

        Kik's emails were perfectly reasonable and affable here. In response, Koculo went to 11 immediately and started raging in "FUCK THE MAN!" mode, and then when he realized he didn't actually have the power he thought he did, he petulantly took his ball and went home. No big loss.

        If I created a module called "walmart", I might expect some corporate resistance, and rightfully so. If I rebuff Walmart's polite emails asking to compensate me for changing my module's name, and instead act like an raging asshole lunatic, and Walmart turns to the private party whose services I am currently dependent on to solve the matter, than I have badly misplayed my hand, and I deserve what I get.

        link to this | view in chronology ]

        • icon
          That Anonymous Coward (profile), 26 Mar 2016 @ 8:20pm

          Re: Re: Re:

          So patent guy asks, is rebuffed and immediately drops lawyers raining hellfire down upon you and that is perfect reasonable?

          So is telling you to go fuck yourself a high compliment where your from? Getting threats from people playing lawyer (and lets be clear the ass who sent the emails - partner in an IP focused firm) who then glosses over he offered to sell them the name and never mentions that to NPM. So this pretend lawyer then sends multiple messages to NPM pushing them to give them the name AFTER the CEO claims they decided to go with a different name anyways.

          Their trademark is not for open source software, its for a messaging app. The irony that pissing off this coder broke their own product is yummy.

          I look forward to find out what earth shattering code they are going to contribute that just had to have that name for.

          link to this | view in chronology ]

          • icon
            Chris Rhodes (profile), 28 Mar 2016 @ 8:02am

            Re: Re: Re: Re:

            "Their trademark is for software, not open source software!" is not a very compelling argument. If Kik was selling bath salts or something, I'd wonder where the confusion was likely to come in, but if you asked me what doing an "apt-get install kik" was likely to do, I would say "Probably install the Kik messenger?", and I've never even used Kik.

            link to this | view in chronology ]

        • icon
          nasch (profile), 28 Mar 2016 @ 11:22am

          Re: Re: Re:

          If I created a module called "walmart", I might expect some corporate resistance, and rightfully so.

          What if you created a module called BloopBlorp, and then Bloop Blorp Inc. (which you had never heard of) showed up and started making demands? Would you consider it your duty to accede to their requests?

          link to this | view in chronology ]

  • identicon
    Daniel, 26 Mar 2016 @ 7:19pm

    Mike Roberts, the head of messenger at Kik, posted the full conversation on his blog. Turns out Azer quoted a figure for the name and Bob withheld that info from NPM.

    https://medium.com/@mproberts/a-discussion-about-the-breaking-of-the-internet-3d4d2a83aa4d#.lsiaz6ql 6

    I highly recommend the comment section.

    ^_^.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Mar 2016 @ 6:25am

    i hope this guy trademarks leftpad and sues npm then we will know we are dealing with dicks all the way around. from what i can tell kik didn't really have a trademark leg to stand on he did not currently have a product under the project name that he was pushing out just had it reserved. cybersquatting stuff has to prove that you are maliciously holding the name and trademark you have to be doing business under the name afaik. imo npm has shown it self to be somewhere i wouldn't host anything. the larger tech industry in general seems to be moving to require court orders for anything to avoid this kind of thing.

    link to this | view in chronology ]

    • icon
      nasch (profile), 28 Mar 2016 @ 11:23am

      Re:

      i hope this guy trademarks leftpad and sues npm then we will know we are dealing with dicks all the way around.

      The open source license he published it under probably precludes that.

      link to this | view in chronology ]

  • identicon
    Bruce C., 27 Mar 2016 @ 9:35am

    One "no true Scotsman" fallacy in David Haney's argument that I just have to call out...

    Finally, stringing APIs together and calling it programming doesn’t make it programming. It’s some crazy form of dependency hacking that involves the cloud, over-engineering things, and complexity far beyond what’s actually needed.

    If you substitute "software engineering" for programming in that quote, then it could be accurate. But calling a sequence of APIs to achieve a desired behavior has been the most common form of programming in use for the past 25 years or so. Is Haney is advocating that we all go back to programming in assembler and abandon the benefits of code, design and model abstraction that we get from more recent programming technologies? (straw-man used for sarcasm effect. Not intended as a genuine counter-argument).

    link to this | view in chronology ]

  • icon
    John85851 (profile), 28 Mar 2016 @ 9:10am

    Using copyrighted names can lead to confusion

    Like a commenter in the Ars article said, people could be reasonably confused if they saw a package named "Kik" that didn't come from the Kik company.
    And like a commenter here said, it would be like if you made a namespace called "walmart". How can you justify getting upset and pulling all your code when the real Walmart sends you a letter saying you're confusing people by using their name?
    It doesn't matter if Kik or Walmart make similar code since people will recognize the name and assume the code comes from these companies.

    link to this | view in chronology ]

  • icon
    JonK (profile), 2 Apr 2016 @ 10:10pm

    That Anonymous Coward RE:RE:RE:

    as they said on kik.com, "Looking for a new and engaging way to interact with your audience? Have amazing content or a cool experience you'd love to get discovered? Kik offers brands and content providers unique ways to talk with their fans, and find new followers too!" KIK is good for everybody because, "...Kik isn't just about our users chatting with their friends. Our marketing tools let brands talk to and share cool content with our users, and track the results...". We all know that being tracked is what we all really need.

    But that's not all, they also run https://kikLawEnforcement.zendesk.com/

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.