I'd be super curious to see what load GitHub was seeing from this. There's a lot of focus on protecting smaller sites (who presumably have less funding) but the amount of redundant network traffic this generates must be quite large for other sites as well.
I'm also still questioning the need for the proxy in the first place.
The source for the proxy isn't available, but I'd be surprised if this was the case, based on what the Go team has written about this issue. They made some changes to allow excluding sites from refresh traffic in 2021 in response to this issue, but no mention of throttling or anything else. And if GitHub is special-cased, I don't see why any other site can't be special-cased either.
See, it is possible to make Google do some changes. You just have report the issue, wait a year, get banned, write a blog post, wait another year, and announce a block of their service. Easy.
Didn't google offer to immediately fix the issue for Sourcehut as a quick fix until they got the full fix out, and Drew declined stating Google needs to either fix the problem entirely or be blocked?
There's a clear lack of communication. The engineering process is (was?) opaque. It's not clear the Go team acknowledged there was a problem with the proxy itself and not just upstream sources, it wasn't communicated that a fix was being worked on, it wasn't clear when it was due to get out. From the outside you can just wait and hope. But that's not OK when your server is getting hammered 24/7 and you have to pay the bills.
Only because DeVault complained do we see that things were happening. Information, but still no control.
It's only when DeVault started to actually annoy Google with real visibility that they decided to take responsibility for what they were doing.
There's an interesting analogy to class struggle, where DeVault uses his leveraging power of striking to make the big Kapitalist change their ways and assume responsibility of asking too much to the little hands doing the actual work of hosting.
thats a cop out. If he accepted the quick fix, then Go team could just say "well it works for him, so now we dont need to do the full fix", or maybe they decide to slow play it. It was nearly two years, enough is enough.
I don't agree with that at all. The "real fix" just took time; you can argue it took "too much time", but, well, lots of things do. They were working on a long-term solution, and offering a short-term solution while that's being worked on is reasonable. Certainly better than doing nothing at all.
The main problem is none of this was communicated very well.
You really think the team worked for two years on a solution while banning the issue reporter and keeping radio silence, and then by pure coincidence got it ready shortly after a complete block of their service was announced?
Once again: the reporter was banned for reasons that seem to have nothing whatsoever to do with the issue here.
We don't have to go into the details of this if DeVault doesn't want to; it's enough to say that the narrative that Google blocked him to shut him up about the Go Module Proxy seems implausible at this point. I don't see him saying that in the first place! But people here are.
"We don't have have to go into the details of this" is disingenuous. We can't go into this because he was banned in violation of their own policies for a second time. I agree it likely wasn't related to their DDoS machine, given the past history of bickering between these two parties, but we can't know because Go's own processes were bypassed and someone just arbitrarily lowered the boom.
You can carry all the water you want for the Go people, but their handling of this is unprofessional, and it's not the first time they've treated non-Googlers with utter disrespect for no particular gain. This behavior dates back at least as far as issue #9 in their original bug tracker[1], when the most they could muster for their part was the "Unfortunate" bug label, presumably as in "it's unfortunate for you that we're going to do whatever the hell we want."
Go's biggest problem isn't generics, or modules, or the infrastructure, or any other technical issue; it's that the creators are the worst sort of ivory-tower academics who have never had to cooprate with anyone outside their friend circle. They get away with it because they ensconce themselves as a club in organizations who can afford to pay people to work in DevRel vacuums, and I'm sure they consider themselves very successful, but Go is easily the most toxically-run language project since the BFDL days of glibc.
I have it easy, since I have the autonomy to decide never to get involved with these people, but not everyone has that privilege, and you're not doing the situation any favors by torchbearing for jerks.
My reading of this is: "I agree with what you said but I'm still not happy with how they manage things and also they shouldn't call their language Go".
It is not helping anything for you to pretend you know why Drew was banned from the issue tracker, but said ban is consistent with the Go maintainers' shit behavior.
I'm sorry I distracted you from the point with all the examples and root-cause analyses.
> It is not helping anything for you to pretend you know why Drew was banned from the issue tracker
This is extremely funny because a) it is true that we don't know why, there are several public and probably more private reasons he could have been banned! take your pick! and yet b) everyone involved agrees it was not due to this ticket, yet discussion of this ticket is always where it gets trotted out.
Hm. As stated like this, it is just an assumption, that you could. I am not convinced.
> Who cares that some unknown language was called "Go!"?
If we translate this to other areas of life, then this becomes quite problematic. Next time some bigger group of people can name themselves like a smaller group of people and say "Who cares?". Well, the minority cares.
But it is indeed a typical move of a tech giant to appropriate names for their own products, with or without intention to create associations in people's heads.
On one hand one must draw the line somewhere, where one deems things too insignificant to veto a naming, but on the other hand it is never nice to take another ones name and overshadow it. Aside from that, "Go" really is a silly name, as shown when people write "golang" all the time, to avoid confusion. "Go" is difficult to search for. One would have thought, that a company like Google knows that kinda stuff, but apparently not.
Do you believe they faked the commit times on https://github.com/golang/go/issues/53644 , which added the behavior required for the fix six months before the sr.ht announcement?
They had already implemented a significant part of the solution before the block was announced, as explained by rsc in the top comment on the previous thread a few weeks ago.
Again, arguably this took too long. They certainly didn't communicate well. But that they were already working on it before the block announcement can be easily demonstrated.
/me remembers years of being gaslit by Gophers, of all stripes, for asserting that, no, unlike the cult of personality around Go, i did actually know what i was talking about when I said GOPATH was a nightmare in real world use (even better, it was plainly obvious even with pre-1.0 kubernetes). Just cringey.
For all the handwavey whinging about Rust, Gophers have treated me far more poorly over things that have been retconned and forgotten years later.
> GOPATH was a nightmare in real world use … all the handwavey
I personally find people saying something is a garbage dump, nightmare and fire whatever
Rather than explain the issue to be credibility reducing phrases
LOL, I want to frame this comment. Abso-fucking-lutely stunning.
Thanks for ironically proving my point and demonstrating just how ignorant the criticism was.
I can't get my head around this. I describe a feature, that has long since been ret-conned from the community because it became such a thorn in everyone's side.
And you're just like "nah it probably wasn't that bad even though it was excised and is no longer talked about *and I can't even remember what it was for*" (despite being the exclusive only way to do local dep management). Stun-ning.
What is was "sold as a fix for"? Man, the hubris of people commenting on things literally completely ignorantly.
LOL, really didn't think I'd be gaslit about GOPATH in 2023. Brilliant, keep it up Gophers!
My comment is not related to go, it’s about comments that use negative metaphors or hyperbole when criticizing something without making clear the issue.
Ah yes, because teens on tiktok over use a word, you've decided every usage of the word is wrong and a sign to stop listening. And you seem to think disclosing that to people ... doesn't reflect poorly on you?
Feel free to google the word, then the behavior I described, then look at the peer comment where someone literally goes "idk what that long-since killed-off-thing was but you must be exaggerating".
People explaining how easy it was to start a go project always had me scratching my head. What should the project layout be like? What the fuck is GOPATH and why do I care? Is GOHOME a thing? modules? Which one of these tutorials actually works? It's probably way better now but... yeah maybe Go tooling wasn't quite as solid as the messaging indicated.
So... entirely typical Go fashion. Your own comment implies that Drew would have no way of knowing if theyd follow through and frankly its laughable that Google has enkugh good will with anyone for anyone to make any positive assumptions at any step along the way.
Russ commented in the original discussion that there was planned work to address Drew's issue (and more). From the update in this article, it appears that Drew is referring to that work. There is no indication in what I have read that the timeline for it has changed due to this drama.
"Planned work" could mean it's sitting on an issue tracker somewhere, perpetually getting pushed back, because it's low priority and/or because someone actively doesn't want it to happen.
Nobody knows exactly why he was banned (except for the people banning him), because the ban was not communicated to him or anyone else (at least according to his words). However, he did get banned after putting the issue into the golang issue tracker, so there is at least a temporal correlation.
Why call it temporal correlation when it neither denies nor establish causation? what can establish causation in this case? Unless one attempt to go back in time, recognize he is not banned yet he has put an issue in the tracker. Source hut requests were denied as would be expected from a corporate machine. Now the machine realized it should do damage control. we can repeat this test and check for causation where corporations do damage control without the need for time travel.
He can have some very strong opinions which he has acknowledged in his most recent blog post and that can rub people the wrong way. But all my personal interactions with him (not that there have been many) have been pleasant.
Of course people can be pleasant one day and a jerk the next. This seems so obvious to me I don't even know how to explain it.
It was far more than just "strong opinions you don’t agree with". I saw that he apologized for some of that, and my interactions were some years ago, so I'm not inclined to cite specific examples here – there's no need to drag up people's past sins if they're trying to move beyond that. But he really has been a right jerk at times in the past – to me personally, and to others – and from what I've seen it seems Drew today would agree with at least some of that too.
We all have our flaws; it's part of the human condition. What I always found far more objectionable is the exact opposite: people willing to make excuses for him because they agreed with his views. Your comment is a good example of that. I'm a simply guy: if I see someone being a jerk then I will think you're a jerk, whether I agree or disagree with you or not (that said, I have to admit I too have been biased here, and probably will be in the future as well, but at least I'm trying, and open to criticism and reflection on this).
I don't know the person under discussion other than seeing him occasionally mentioned on this site, so I have no basis for an opinion about him, but speaking generally, being a jerk doesn't mean some has to treat _everyone_ poorly; sometimes being a jerk to only some people is still enough to qualify someone as a jerk. As a made up example, a boss who plays favorites by letting their cronies get away with being lazy or not following rules but makes trouble for anyone outside their inner who slips up even slightly is a jerk, even though they don't act like one to their favored few (who would probably protest vigorously at the suggestion that their boss is a jerk).
I never said he is a jerk, just why some might state he is. There seems to be another comment replying to you giving more justification. Also just because I've personally found someone as pleasant doesn't mean that they can't appear to be a jerk to others. I have friends who think I'm absolutely wonderful, there are other people who don't like me at all. Part of that is differences in personalities/conditions under which we met/etc, and I don't have nearly as much of the public exposure as Drew has here.
I don't know. I'm inclined to believe the world would be a better place if people thought less about their principles and more about the situation at hand. I've had bad experiences with people who do things "as a matter of principle" or insisting "it's the principle of the thing". That has usually signaled behavior that is only justifiable by some abstraction, but otherwise makes no sense.
This case, for example, where SourceHut was going to make a change which would inflict inconvenience on it's users when they had a clear way to avoid it, but didn't want to because it was really Google's fault. Possibly it did some good, but from reading the whole thing, it looks like the end result is SourceHut finally agreeing to have the refresh turned off, like they could have done initially, while the Go team actually had already been working on a fix. A lot of drama, with questionable benefits is not unusual for people who do things for the principle.
>while the Go team actually had already been working on a fix
This is the part with which I take issue. Maybe they were working on addressing the issue, but maybe they were not. Given the acknowledged DDoSing of hosts by Google, more communication or prioritization would have been appropriate.
From the outside (admittedly my only limited perspective), Drew's actions resulted in positive change for all source hosts. Heck, it is even probably less load on Google's servers.
I think the main thing is communication: it's now communicated they're actually working on the problem, and have been for a while. That was pretty unclear before.
A few years ago we had some serious issues in our production servers; shortly before it had all been converted to k8s by one sysops guy, and while I could do some things with it, I was (and remain) far from an expert, so I contacted the guy who set it all up to ask for help. He proceeded with some explanations and then ... just disappeared. Crickets. I had no idea if he was working on it or not. I didn't have time to sit down with a cup of coffee to carefully read documentation and try things out – our fucking production servers are down! I had no idea if he was looking in to it, doing something else, went grocery shopping, was having a wank, or what. No one in the team could contact him.
It was very frustrating (the joys of remote work...) Just a simple "I'm looking in to it" would have sufficed. I didn't need any details, you can tell me those later, just tell me you're working on it.
This situation is kind of similar: there wasn't any real indication it was being worked on at all, or even that people were considering working on it. There was some discussion, and then just ... nothing. It turned out it was being worked on – but that really wasn't obvious. It seemed like the issue was essentially ignored. It wasn't, but that's how it appeared.
A lot of frustration could have been avoided by communicating a little bit better. These sort of things often fall by the wayside, because none of us are telepathic (AFAIK anyway) and people misjudge "oh, I thought that was obvious for you" all the time.
did you read the update in the article? The Go team contact him directly and in private, as well as accepted responsibility for the situation regarding all small sites, not just SourceHut. So his actions did have an impact.
This is indeed the main difference. The reason that agreed that the plan was suitable was the combination of the ongoing work on incorporating -reuse with the Go module mirror and the Go teams decision to accept responsibility for the traffic and to exercise their discretion in moderating it for each affected third-party without requiring them to explicitly reach out to Google to opt out. Russ also graciously elaborated on the engineering thought-process going on within the Go team the implications of disabling the refresh on third-parties, which had not been done prior to our communications in the past couple of weeks.
There's still work to be done, but so long as work is moving forward and the Go team is communicative and pro-active about addressing the problem, then our concerns were satisfied, and I'm glad that we were able to address the issue.
I did read it. I also read Go 1.19's release notes when they came out. I also read rsc's reply to the original post. I cannot figure out how Drew went back in time to add -reuse to Go 1.19 and proxy improvements to the Go team's schedule prior to the Go team contacting him in private.
I think the context you're missing is that Drew caused a stink about this already back in 2021, the blacklisting was just the last iteration of the saga. So I'm not sure if his posting caused the Google team to rethink their stance, but it certainly caused quite a bit of bad publicity for Google.
I think you're being downvoted for stomping on the collective hacker news fantasy. The fantasy is maybe something like "google (mainstream tech, go, java, ...) is big and bad, and we're small and heroic". The fantasy is so attractive to people here that they will plug their ears and downvote you for pointing out:
* Drew was being stubborn/childish in his original post
* He claimed to be doing it on principle, but nothing has changed to satisfy his principles between then and now
* The only actual change is that he got special attention from Russ, in addition to the original offered change (which he previously claimed was inadequate).
Thus, a detached observer would conclude that Drew's interests were not what he claimed. They might even conclude that his real interest was engaging in this Hacker News fantasy, or getting attention from Russ, or attention from the community.
Instead, spewed throughout this comments sections are longwinded and complex explanations to try and avoid the simple conclusion that Drew was (conscious or not) pursuing other aims than he claimed.
Thank you, you're the first person to point out that him taking the temporary solution that was offered years ago after several angry blog posts about how it was unacceptable in principle or practice is inconsistent at best and hypocritical at worst.
well, he could have done nothing, and where would we be? if you say "exactly where we are now", I think you are being dishonest with how the situation played out.
No, he didn't write the code or make the schedule, but he stood up and said "this is not right", and took steps to protect his and other small sites.
Go didn't just add the reuse flag, they broke the 1.19 feature freeze to get it pushed through and even mentioned Drew's original issue in that request. Drew rejected this temporary solution loudly for many years on principle only to take the temporary solution as the permanent solution was on the verge of becoming reality.
Sourcehut will blacklist the Go module mirror - https://news.ycombinator.com/item?id=34310674 - Jan 2023 (337 comments)