Just think of it, there is a real developer who decided to do this. Spam is immoral, but doing that to an open source repository is your personal all time low.
The world is based on making money. This can easily be a real developer working somewhere where their wages are dirt and this is a easy way to make money.
Ethics and feelings don't make money or keep food on the table.
Having known very well someone who, despite being quite wealthy, practiced online fraud, served jail for this, and now happily works in a middle east tax haven (geez, I know someone else who lost their job just for knowing that guy, talk about having the right connections), I can assure you that although your point is valid , it is not always the case.
There are much easier ways to make money even in poorer countries, and some form of internal moral compass is literally what separates us from the animal kingdom. Of course context matters, but I am sure that creating spam is never a life-death situation.
I think "immoral" is a reach as a description of spam, and to be crystal clear I'm not defending spam. How is spam any more immoral than ads in a web page? Both are inserting advertising into a channel that a user is accessing information through, as a way to raise revenue or change behavior. (Spam is not by definition phishing, any more than banner ads are innately phishing, though phishing can be served through both mediums.) If spam is _immoral_ then why is adtech in general not _immoral_?
Ads have a place in the world, where we expect to see them (whether we like them or not), and typically most ads are not trying to pass as non-ads (yes of course there are exceptions to this).
The difference here is that these exist in a place where ads should not be, as per the description and use of the service. And it also subverts the experience the service owner is trying to provide.
Imagine if you accept a "free sample" box of cereal and you get home and open it and it's just full of flyers, instead of being full of cereal.
Or this is why you can't just go to any private space like a shopping mall with a megaphone and a sandwich board and start advertising your services without permission. Security will ask you to leave, because the owner of the mall didn't agree to this.
> Or this is why you can't just go to any private space like a shopping mall with a megaphone and a sandwich board and start advertising your services without permission. Security will ask you to leave, because the owner of the mall didn't agree to this.
You can certainly go to any public space and do this, however. People do it all the time (admittedly less frequently with megaphones). Are all of the people on street corners doing twirlies with cardboard signs immoral? Billboards would be a gray area example whereby they're hosted on private resources (land) but intrude into public space (view from highway).
> Imagine if you accept a "free sample" box of cereal and you get home and open it and it's just full of flyers, instead of being full of cereal.
Imagine if you accept a "free social media feed" of information about your community, and you "get home" and it's full of ads. Or you accept a "free article" from a website by clicking on a link, and when you load it (consuming bandwidth on a line that you paid for), it contains just as many ads as it does paragraphs of information.
As I said, I'm not defending spam in general (which is obnoxious), or the act of the person/people who polluted/vandalized the npm repos. I just think "immoral" is a little strong unless you also want to paint much of the rest of the ad world with the same brush.
> You can certainly go to any public space and do this, however. People do it all the time (admittedly less frequently with megaphones). Are all of the people on street corners doing twirlies with cardboard signs immoral? Billboards would be a gray area example whereby they're hosted on private resources (land) but intrude into public space (view from highway).
Yes I specifically said private spaces for a reason. Apples and oranges here.
There are no public spaces on the Internet.
> Imagine if you accept a "free social media feed" of information about your community, and you "get home" and it's full of ads. Or you accept a "free article" from a website by clicking on a link, and when you load it (consuming bandwidth on a line that you paid for), it contains just as many ads as it does paragraphs of information.
Not sure why you're trying so hard to counter my examples, with inadequate examples to boot?
I am still getting something from that feed with ads, or that article with ads.
If I only get flyers and no cereal, then not the same, right?
You and I have different definitions of public space.
I've been on the net since the early 90s, and even back then there were no public spaces.
There is nowhere online, and really never has been, where you have a right to be, or where you can express your government-given rights (also, which government? most of us are not US citizens) without anyone having the ability to cut you off or kick you out at their own discretion.
Every server, whether it was Usenet, IRC, the web, email, or otherwise, was, and is, owned by a private entity that could moderate, manage and restrict usage as they see fit.
If you cause them enough trouble, they will boot you, and have every right to do so.
We accept ads because in return we usually receive a product or service for free. It's an unwritten contract that society has accepted.
Spam on the other hand is nothing more than guerrilla advertisement. It's obnoxious. It serves no purpose other than to it's creator. It provides no benefit to end users or society.
You are free to put ads on your own service, because you own it and can do what you want with it. But you don't have the right to vandalize someone else's service with spam.
Adtech is immoral. It has been immoral, it will remain immoral.
When you start diluting what people are actually looking for in an ocean of advertisement, malware, tracking pixels, and surveillance call-homes you've firmly left the territory of the moral.
Life makes much sense when you consider it to have the ethics of professional motorsports racing. There, there is no sense of ethical behaviour, as long as you act within the rules you can do anything. That is how modern F1 driving came to be. The F1 team engineers say that designing the cars consists of looking at the new rules and working out how to bend and subvert them.
All of life is like this. People exploit anything in order to make a living, and that is fine. The solution for this is to make it so that people do not need to do such things just to make a living.
EDIT: More succinctly, if you want the world to make sense to you, you should not expect people to put your personal ethical viewpoints above their improvement of their material conditions.
Yes, people often have a sense of morality that readily accepts doing illegal things, everybody knows that. Whether they should have such sense is debatable because in the end it's a question of opinion: you may be alright with that, I may be not and the others may not even care about what we think about it.
human life maybe, because more natural life is about survival (without established rules or specs), sometimes at the expense of another, but not for fun, entertainment, nor with a huge pollution footprint as well
I think you ignore(?) an important detail that the world is as good as it is due to most people not subverting the rules. While I understand the philosophy and a sort of realism you’re suggesting, I prefer to separate morals from holes in rules internally.
They may or may not feel guilt for this. We may also remove this feeling from our reasoning completely. But that wouldn’t prevent it from glueing things together well enough for them to function. Living in a welcoming environment, with all ethics attached to that, is a fundamental human desire, apart from psychopathological cases. F1 teams managed to negotiate that between themselves and now they’re okay with it - it’s a hard competition all in all. But you’ll have a hard time negotiating $subj’s morality with an open source community of developers and users. The one who spits into a pot of a free meal - is a rat in all countries and cultures. I doubt that F1-ers refrain from spitting on a road just before another box because there’s a rule about it.
and yet the collateral cost of regulations and punishments on good/innocent people is often far worse than the damage caused by spammers. "regulate all the things" people often underestimate how poorly regulation solves the problems they set out to solve and how it often creates new ones.
I guess my AmazingProject https://github.com/bryanrasmussen/AmazingProject that I made 97% as a joke when someone was running a code camp or whatever and a bunch of newbies where creating projects with the word Amazing in it would be grounds for punishment under a lot of regulatory regimes.
The people who do this are likely not American or Western European, likely not from a wealthy background, likely don't have access to high end tech jobs, and probably can't even make 5% of what a Facebook or Google employee makes.
These people might feel spite and anger towards the western world for the extreme lavish excess that developers enjoy. It's not hard to imagine a world where developers can learn some skills but are locked out participating like we do, and thus decide to weaponize those skills against us for whatever profit they can.
Trust me if you are struggling to make ends meet, you don’t have time for these kind of childish revenge.
Only reason you see developers from some developing countries developing spam related products is because it pays bills. When your livelihood depends upon such products, it is hard to do the right thing. Just like so many people in the west working for very questionable companies.
>Trust me if you are struggling to make ends meet, you don’t have time for these kind of childish revenge.
sure but once you start making ends meet you might think, now I can take some time to screw over other people! It really depends how pissed off you are.
Although if you were really that pissed off I doubt this is the way you would go.
While in Russia talented developers make less than a newbie developer in the West earns, their salaries are relatively high compared to non-IT jobs. You won't die in the street if you are a developer. The reason why those people spam is either because they have low technical skills and cannot find a decent job (most probably) or simply because they believe that work is for losers; successful men take money from others instead of working like a slave.
As they lure people into Telegram channels in hope to scam them, I assume that the conversion is low and this is not very profitable and they do this because of lack of skills.
My (former) friends who built thousands of websites to manipulate pagerank back in the day were definitely wealthy westerners purposefully gaming the system to make even more money for themselves, to the detriment of the rest of us.
The charitable summary of your comment is that it is inaccurate.
For one, tech salaries outside of the developed world have been going up at a higher rate than in it for the past 20 years or so - the pandemic and proliferation of remote work only accelerated this process.
As for spite and anger: a tech worker in a poor country is easily within the top 10% (if not 5%) earners there and is usually too financially secure for such nonsense.
The whole crypto debacle showed that scammers are largely evenly distributed around the world - it's just the type and scale of scam that differs.
> The people who do this are likely not American or Western European
Maybe not natively, but they may be working in the US or Western Europe, making upwards 50% of a Google/Facebook salary, if not working at Google/Facebook indeed.
Plenty of companies pay a decent salary for mediocre work, and will take the less morally sound developer, because the sound one isn't willing to work with their legacy code or less moral product (e.g., oil industry, financial services). Making good money in tech != good morals.
Finally, being physically in the US/Western Europe doesn't necessarily imply that you don't think that russia deserves to be treated better.
I mean. Given the world as we know it would become impoverished overnight without them, it's hard to see how oil and financial services industries can be seen as immoral. Imperfect, certainly, but immoral?
> These people might feel spite and anger towards the western world for the extreme lavish excess that developers enjoy.
Oh, let me tell you my “lived experience” of spite and anger that I once felt towards western developers.
So, it was late 1990s and our sales guys got hold of a presentation paper that competitor guys gave to a customer that both our companies were trying to win. I never read such a collection of blatant lies in my life! And I came from a one-Party country where newspapers were… uhm notorious for their lying. But not like this! Specifically a feature that I’ve spent more than half a year on, and which we were proudly shipping - was marked as not existent. Imagine somebody trying to scratch half a year of your life, and a rather intense half a year to that - out of existence. With black, lying ink.
And I clearly remember sitting and thinking: why are they doing this? The competitor was a well-established company, long time in business, probably employed citizens, provided them with pension funds and other perks - why don’t they compete with us, mostly new emigrants on a work visas - why can’t they compete on _merits_? They have everything to just sit, work and compete - why lie?
Yes, I was feeling spite and anger, true.
But, about 20 years later, just around that your famous President inauguration - this exact competitor went bankrupt. The stopping point for a buyer was - they did not want to fund pensions 100%. It was like watching Karma working right and clear in this material world - a rare moment, no?
You're correct, though I think part of the reason there's more cybercrime from distant countries is the lack of consequences.
I will add that this mentality does not exactly build up their societies to fix the problem. When I moved from Africa to the first world, the high level of trust and conscientious behaviour by everybody blew my mind.
My point being that wholesome behaviour and net worth are linked in a virtuous cycle.
I think you mean to say that you don't respect actors who justify their actions through "jealousy". In reality, jealously is a fine justification for actions and arguably the most used justification for any action in human history. Hard to think of a historical war that wasn't based on "jealousy", in the end.
I kind of feel like your comment is like saying "Being poor isn't an excuse for stealing bread", and while completely and totally true, it really works hard to miss the point.
"Keying your neighbors car because they have a nicer one" is not an analogy that works for anything here.
What is happening in NPM is not a car being keyed. There is a profit motive for doing this.
Perhaps you could say "Stealing 1 gallon of gas from your rich neighbors car to feed your starving children makes you an asshole", that's an analogy that seems to fit what is happening here, and an opinion I would disagree with.
IF you steal gas from neighbors car to feed starving children does not make you an asshole.
If you do it in a way to minimize damage.
If you come over and mess his whole car up in the process just because "he is rich" - that makes one an asshole.
The same with spamming NPM, OK I can understand they feel the need to earn money - but they are messing up something useful for others in bad way. They probably could still put effort to do many other things that would bring profit and would not mess up thing that many people will start loosing trust.
Probably an unpopular opinion, and I realize I'm kind of ranting on a relatively unrelated subject, but I have become really dissuaded with the Node ecosystems dependence on seemingly boundless dependency trees. The fact that Window's file system can't handle moving project directories (without deleting the node_modules), and relatively simple projects using megabytes of raw text to work... anyways.
While I understand that you don't want to re-invent the wheel, it seems like the this is an important enough part of your project that your own implementation would be the only one without compromises.
> Probably an unpopular opinion... but I have become really dissuaded with the Node ecosystems dependence on seemingly boundless dependency trees.
I wouldn't be quite so dramatic about that; HN as a collective loves complaining about NPM and dependency trees. (At the same time, it loves complaining about NIH syndrome. Although I suppose existent but limited dependency trees are far from an impossibility.)
Yup for sure, 100%. Pulling in a library every time you don't know how to do something is a choice. Only pulling in dependencies that have 10,000 Github stars or are in every react Youtube video without evaluating alternatives is also a choice. I learned to be way more discriminating about npm libraries from a tech lead a few years ago, and to be honest it's one of the best lessons I've learned in a while.
But it is not a viable choice anymore to “not include this useful dependency, because its dependency tree is huge, so I will just rewrite it from scratch”, which is what practically happens in most cases. No one deliberately imports bullshit like leftpad on the root level. If you use react alone it will probably already make enough of a mess that windows’s file operations will take considerable time on your node_modules folder, which is ridiculous in and of itself.
We're saying "think about each dependency you're considering pulling in. Maybe have a quick browse through the code. Is it a gigantic hot mess? Is it tiny and elegant? Does it only have 3 downloads/week on npm? There are lots of things you can do before deciding to rewrite it yourself, but yes, I argue there are definitely some dependencies where that is the right call. But also, YMMV - it depends on your team and resources too.
there are room between huge dep tree and rewriting everything, that's where we should aim
for leftpad, even if I know it's just an example, there's a native String#padStart, and else lodash is pretty small, most mainstream libs have few deps actually
Tolerating an iceberg of bad habits under a surface of abstractions is a way to get up to speed on something fast, but you eventually have to invest time learning better ways to do things. Except in web development where it's normal to send multi-megabyte blobs to the browser.
If you always in include 'vanilla' as a verbatim search term when looking for Node.js tutorials you'll get better results that tend to avoid that problem.
I don’t necessarily disagree but I have to say that in 10 years of working almost daily with sizeable node applications, this hasn’t been a problem for the past 7 or 8 years.
Maybe I shot myself in the foot enough times to have learned what not to do.
My city’s public transport system is owned by a private company, am I not harming the very public (over the private entity) if I were to make a mess in a tram?
You don't know what circumstances the other party, the spammer, is under in this situation. On one end, maybe they just don't care, which is certainly their choice. Maybe this is the difference between eating tonight or not, or feeding their family. We may think it's immoral, but those are in the light of our own circumstances.
I don't think this kind of spam is new. Its just your perspective that determines this is immoral.
An argument can be made that any tool built to gain SEO advantage is also borderline immoral and those tool exists for almost a decade now. There are and have been bots to generate SEO content and/or spam websites and custom plugins for Wordpress which achieve that. All to game the search engine.
This too is immoral as it created what junk websites we have on the internet. And it was developer who started building it and/or was hired to do so.
Many years ago I quit my job at a search engine company for my personal ethics, because they had me start manipulating search results based on who paid for their entries.
Currently unemployed now (not due to ethics, but due to culling of tech jobs). I'm screwed. I won't take an unethical gig though. I have mentioned it before, I think my time is done here. :-/
