Feeds

Google defends open source from 'poisonous people'

The Case of the Self-Centered Date Parser

SANS - Survey on application security programs

Google I/O Once upon a time, there was an open source project called Subversion, and it needed a new date parser.

One day, a coder came along and wrote one. But he insisted on tagging the source code with his John Hancock. And that was against the rules. Subversion's founders said that name tags would undermine collaboration.

When the founders asked the coder to remove his name, he refused, threatening to leave the project and take his date parser with him. It was a good date parser - just want the project needed - but the founders stood their ground.

So, the coder left with his parser and never submitted another patch. But six weeks later, a second coder came along. "Hey," he said, "I can write a date parser."

Two of Subversion's founding developers - Brian Fitzpatrick and Ben Collins-Sussman - believe in open source projects that maintain a large "bus factor." That would be the number of people who could get run over by a bus before the project collapses. A simple means of maintaining a large bus factor, they say, is banning names from source code.

"You have to discourage people from feeling like 'This is my module. I wrote this. Every change has to be approved by me,'" Collins-Sussman argues. "That's very dangerous for the project as a whole."

This may mean the loss of some valuable contributors - and some valuable code. But in the end, the project comes out ahead. There will always be more contributors. And more code. "You can't sacrifice the long-term health of a project for short-term gain."

That's just one lesson from Fitzpatrick and Collins-Sussman, two long-time open source gurus now plying their trade at Google. The pair turned up yesterday at the Google I/O developer conference in San Francisco, delivering a talk they like to call "How Open Source Projects Survive Poisonous People."

A poisonous person would be anyone who puts a drag on collaborative coding, from cruel souls who enjoy tossing a wrench into the works to social misfits who screw things up simply by being themselves. "You have to guard against anyone who distracts you, who drains you," Collins-Sussman said. "Sometimes, these are trolls. But sometimes they're valued community members, the nicest people in the world who also happen to be perfectionists or obsessive compulsives - people who bog you down with endless discussion."

The success of an open source project depends on "attention and focus", the two Googlers explained, and those assets must be protected at all costs. "If you had a group of people who are all contributing to a pile of money and someone came along and started taking money from the pile, you'd be annoyed. You might even call the police," Fitzpatrick said. "Attention and focus are the currency of an open source project."

That may sound like commonsense. But Brian "Call me Fitz" Fitzpatrick and Ben "Call me Collins-Sussman" Collins-Sussman laid down more than a few practical tips for making sure those poisonous people aren't so poisonous.

Rule Number One: When you launch a project, carefully define your mission - and post that mission to a conspicuous web page. "If it's on a website, it's official," Collins-Sussman said. This drew a hearty laugh from dozens of the developers on hand for the talk. But Fitz was quick point out that this was a joke with more than a little truth to it: "If you say something over email, people will debate it for weeks. If you take the time to put it on a web page, suddenly people take it seriously."

Subversion's mission statement: "To create a compelling replacement for CVS," a common version control system for open source projects. Thanks to this single sentence, Collins-Sussman argued, the project generally attracted the sort of contributors it wanted to attract.

The pair also advocates keeping discussion to a healthy minimum. This involves maintaining a complete email archive and extensive documentation of a project's history, including all designs decisions, code changes, big fixes, and mistakes. If you do that, they said, you prevent people from rehashing old debates. "If you don't document your project's history, you will be condemned to repeat it, over and over and over..."

But even when you're discussing things that haven't been discussed before, the pair went on, you have to know when to shut things up. "We once had a guy who wouldn't stop talking about a particular feature. He went on and on and on, and we couldn't decide what to do," Fitz recalled. "So, finally, we just told him 'Let's move on and write code.' That did the trick. He said 'OK.'"

The culture of open source projects, they said, should be self-selecting. In other words, stick to your guns. If people don't like it, they'll leave.

Or, at least, most of them will leave. There will always be those who hang around just to cause trouble. When this happens, the Googlers said, you mustn't be afraid to "flip the bozo bit" - i.e. boot them from the project. That goes for project founders. And geniuses.

Subversion once booted a well-known "genius" after his constant criticism threatened to bring the project down. Collins-Sussman called it the project's "key decision". Genius isn't as important as community collaboration, he said, and nowadays, code geniuses are a dime a dozen.

Bootnote

Last year, Fitz and Collins-Sussman gave a similar talk at Google's Mountain View headquarters. You'll find a video here and slides here. ®

Top three mobile application threats

More from The Register

next story
Ubuntu 14.04 LTS: Great changes, but sssh don't mention the...
Why HELLO Amazon! You weren't here last time
Next Windows obsolescence panic is 450 days from … NOW!
The clock is ticking louder for Windows Server 2003 R2 users
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Red Hat to ship RHEL 7 release candidate with a taste of container tech
Grab 'near-final' version of next Enterprise Linux next week
Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
Pre-Update versions of new Windows version will no longer support patches
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.