Author here,
Because it's sure to come up here is a comment I wrote on Reddit that clarifies somethings, I haven't updated the original article since I'm not sure what the etiquette for updating a highly shared article is.
------
Code being copied isn't an issue. I knew full well what it meant to release something opensource and I don't regret it one bit. What was copied with no credit is the foundation of the project. How it actually works. If I were the patenting type, this would be the thing you would patent. ps. I don't regret not patenting anything.
And I don't mean the general concept of package/app managers, they have been done a hundred times. If you look at similar projects across OSes, Homebrew, Chocolaty, Scoop, ninite etc; you'll see they all do it in their own way. However, WinGet works pretty much identical to the way AppGet works.
Do you want to know how Microsoft WinGet works? go read the article (https://keivan.io/appget-what-chocolatey-wasnt/) I wrote 2 years ago about how AppGet works.
I'm not even upset they copied me. To me, that's a validation of how sound my idea was. What upsets me is how no credit was given.
Ah yes. The new Microsoft, same as the old Microsoft.
I am really sorry this happened to you. On the scale of Microsoft, or even on the scale of what they're putting into this effort, it would have cost approximately nothing to give you an "acquisition" you would have been happy with. If the job didn't work out, they could have given you a fat consulting contract for a year or two. Or they just could have written you a check.
And it would have cost them actual nothing to just treat you with respect. Say how much they loved your work. Credit you publicly as a leader and an inspiration. Arrange a smooth transition for your users.
For what it's worth, I'm glad for you that the job didn't happen. Much better to be far away from people like this.
Reducing this down to a Microsoft thing is a bit hasty. Apple has done it. IBM has done it. And, when I was working for a less well-known company, I once burned a whole lot of social capital trying to prevent it from happening.
At least in that instance, there was never anything overtly malicious happening. It was just your garden variety "banality of evil" situation. The existing corporate decision-making structures - that is, the bureaucracy - had no real mechanism to make sure that things like this are handled in an ethical manner. It's really hard to accomplish something that the bureaucracy isn't designed to handle, because that means that it's not really anybody's job to keep that particular ball rolling. So all it takes is one person not really giving a damn (perhaps only because they don't understand why they should) to scupper the whole thing.
If that experience is similar to how these things happen at Microsoft and Apple and IBM, then the problem isn't Microsoft, the problem is American workplace culture, and we have a responsibility to change how we work. Not in reaction to specific instances like this that have already happened, but in anticipation of, and in order to prevent, things like this from happening in the future.
Are many companies terrible? Sure. Is that an accident? No.
However, Microsoft specifically has a history of being aggressively terrible in exactly this way, which is what I was referring to. For example, the time they talked with a company about an acquisition only to ghost them and totally steal their work: https://en.wikipedia.org/wiki/Stac_Electronics#Microsoft_law...
They also have a more recent history of not behaving this way, and of winning back a lot of trust. This plainly isn't helping them now, but I do agree with the GP - this isn't a "Microsoft thing"
Sure. But let's consider why we saw a change for a while. In their heart of hearts did they reform? Did they really see the error of their ways and vow never to misuse their market power again? Many people seem to think so.
I think the simpler explanation is that US v Microsoft and other anti-trust action combined with their declining fortunes scared them for a while, causing them to perform goodness. But now that the heat's off and they're on the upswing, they're returning to old patterns.
We'll see which explanation fits better over time. But it was all of two days ago that the Slack CEO, not given to hyperbole, said that Microsoft is "unhealthily preoccupied with killing us": https://www.theverge.com/2020/5/26/21270421/slack-ceo-stewar...
Firstly, with the shift to the cloud, cross-platform was inevitably going to become more important - Linux is much loved in the server space.
Secondly, they realised the importance of developers in the shift to the cloud - their cloud, Azure, and also their DevOps tooling, Azure DevOps (and later Github).
Do I think their positive moves were altruistic? No, of course not - they are a corporation, a public one at that, and ultimately must generate money for their stakeholders.
But that doesn't mean their positive moves can't benefit me, or the development community, at the same time.
Honestly, the embrace & extinguish thing became a tired meme long ago; Microsoft are not somehow special in occasionally fucking someone over - every large corporation does this. It doesn't excuse it, of course, but the point is it's not a "Microsoft thing", and it doesn't invalidate all the goodwill they have generated in the past decade or so.
If the "goodwill" is the result of calculated manipulation, which is what even you seem to believe, then I would hope that invalidates it thoroughly.
As to the reason for the change I think we're saying the same thing. If they could have snuffed out Linux, they would have. Their ongoing antitrust problems helped prevent that, allowing the Linux ecosystem to flourish. They have since been unable to abuse the power that they no longer have.
Again, time will tell if you're right thinking that Microsoft is merely just as awful as other large companies. But reasonable people can assume that it will be just as bad as before if they regain their power.
It's not even American. I can easily imagine it happening in any large company.
This "Andrew" is isolated from everything by multiple levels of bureaucracy and regulations. Even if he wanted to make right, he would've just burned his accumulated clout it vain. Hire as a contractor? No matching position. Write a check? No such budget line item. Give a shout-out? Leave marketing to the marketing dept.
None of these explainations for how this reprehensible behavior came to pass, suggest to me that it's unfair or unreasonable to call it, and the entities who do it, reprehensible.
Exactly. It's not like people in those companies get nothing done. E.g., Microsoft got the product out the door. So any apparent incompetence at treating humans humanely is a choice.
I've also heard it expressed as "Never attribute to malice that which is adequately explained by incompetence".
Although in this case I'm not sure organisational incompetence is necessarily a good enough explanation given there are ex-Microsofters in the discussion suggesting that people would actively have been weighing up whether or not to screw over Keivan. (Obviously I have no idea how likely that is to be true either.)
When "organizational incompetence" consistently yields the same result, it's not an accident. As the systems thinkers say, the Purpose Of the System Is What It Does (POSIWID). It's the same way wily teens are incredibly bad at things they never wanted to do in the first place.
Saying that it’s just “a big company thing” is giving Microsoft a pass here. Look at their recent PR: wanting to embrace the developer community [1], their love of open source [2], etc. While AppGet may be an isolated story, I’m inclined to believe that MSFT is simply acting they way they’ve always have — by embracing, by extending, and by extinguishing.
Microsoft doesn't let any open source build of VS Code access the VS Code Marketplace. Heavily reduces the benefit of VS Code being open source when you can't use any extension or service built for it without building it yourself.
What happened to AppGet is not what embrace, extend, extinguish means. This strategy refers to writing software compatible with existing dominant software surrounding some shared interop (e.g. a file format they can both read, web standards they both implement, a networking protocol so they can communicate with eachother, etc), gaining market dominance, then making your once compatible software incompatible. Absolutely none of this happened with AppGet.
Yeah, that's exactly what I had in mind. Microsoft had a very specific modus operandi in their bad old days, that was different then what they did with AppGet. Here they basically acted like a regular big company trampling over a small company. You'd be hard-pressed to find any big company that hasn't done that. I remember, for example, when Google created 'Go' lang, they didn't care that there was an existing programming language named 'Go!'[1]
Kind of. The difference is that AppGet is open source with no patents - so what they did was legal and, you might say, within ethical boundaries (except for the way they treated Keivan by stringing him along and then ghosting him) - though I could be persuaded that it isn't ethical for a trillion-dollar company to simply copy an existing open-source project, without some sort of voluntary compensation.
I agree there is a strong embrace here. And that's usually good. Another alternative is neglect.
Microsoft has unusual ability to move swiftly, with all its weight it may be not graceful. That said they do not always extend and extinguish. Often they make clone and ride it
Oracle => MSSQL
Java => C#
AWS => Azure
To make objective decision it would be nice to have a list of Microsoft inspirations with their fate and Microsoft actions.
> Calling it "WinGet" was the real punch in the gut.
I feel for the guy, but someone who called their package manager "app get" in 2014 when "apt get" has existed for since 1998 is in no position to take umbrage at a competing package manager having a six-letter name ending in get.
I think there's a huge and obvious difference between an open-source dev naming a package manager for a non-Linux platform "AppGet" in reference/homage/whatever to apt-get; and Microsoft, a multi-billion dollar company, dangling a carrot in front of the developer of a program called AppGet then ghosting him, forking his open-source project and calling it WinGet, and not even having the decency to publicly credit his work.
I think the authors umbrage is not about naming it that, but them copying his project after this whole process and then naming it that and still not really crediting him.
On the other hand "WinGet" sounds like "wing-it" i.e. release any piece of junk and fix later. Maybe. Which TBF does seem to be how Microsoft works anyway.
> release any piece of junk and fix later. Maybe. Which TBF does seem to be how Microsoft works anyway.
It's been a while, but I managed to corrupt oneget/package management on windows within a month of it being released; I spent about a week trying to fix it and eventually figured out what the problem was (though I've since forgotten the details) only to find it unfixable without reinstalling Windows.
Unfortunately, reinstalling Windows means Office won't reactivate--I've taken it into a Microsoft store, and they couldn't help me.
I would think that their old system of stack ranking would have had that selection impact. It has been gone for a long time but could it have had a lasting impact on company culture by who was being kept and who was promoted into positions that are responsible for the culture today? I don't think such a thought is unreasonable.
I only know a tiny bit about stack ranking, but I would think just the opposite... wasn't it designed to (at least partially) select for more conscientious employees?
I’m not sure you could have illustrated their point more perfectly than this. But please don’t feel like people are amused at your expense — it’s just such a perfect demonstration of exactly what they were saying.
FWIW, I agree with you that WinGet is an entirely logical choice, catchy, and ultimately unrelated to AppGet. Yeah, it may seem like the choice was made intentionally / in spite of AppGet, but anyone who knows a bit about big company dynamics will tell you that the explanation for situations like this is usually mundane, innocent, and often dysfunctional — much like a toddler. A toddler that happens to have a billion dollars and can reshape the world with its decisions, but still similar. “The name is catchy and I like it” is akin to “I see red ice cream and I want it,” and it’s probably nothing deeper than that.
It was rather unfortunate to use apt-get as an example and then say it was for Windows, though. :)
Considering the fact that there are five times as many Android devices as Windows devices, and the greater ease of use of Termux compared to WSL. I find that highly unlikely. Anecdotally every newbie programmer I've seen try to use WSL has just ended up installing Linux in frustration.
pretty subjective, I'm guessing most people find terminal-based stuff easier/nicer on a computer with an actual keyboard, rather than a (relatively) small phone screen with a touchscreen keyboard.
I believe Termux is also pretty majorly restricted by Android 10 (can only run binary code included within the application package, so no downloading additional linux packages or compiling things locally, I believe)
Termux is a terminal emulator, WSL is a subsystem. Did you try [0]? And WSL2?
It's pretty compelling, I predict they will pull in a lot of Apple (who use it for the terminal) devs and make a lot of Windows first devs very happy. And there are a lot.
Btw, am I downvoted because my original comment in not constructive or do people not agree with me?
I doubt it pulls in anybody in the unfinished state its in. WSL does not integrate very well and is miserably slow. My 13yo thinkpad runs circles around WSL running on my workstation. WSL2 is still beta, and given how buggy 1909 still is, I am not installing 2004 on anything I care about. And I recently tried Windows Terminal, but it couldn't even give me an admin prompt without giving every single session elevated privileges, so I gave up after 5 minutes.
By the way, every terminal application you're used to (Terminal.app on macOS, iTerm, the Windows Terminal, Ubuntu's Terminal application) is a terminal emulator. I've tried WSL1 and 2 and couldn't get past the typing latency, awful font rendering, incredibly slow downloads, apt/dpkg bugs, and not syncing with the actual filesystem like Linux/macOS do. For example, I like to copy my dotfiles to ~/Dropbox/dotfiles. This isn't possible on Windows, and if you force it to do so it will corrupt the files.
It still looks really bad. If you're going to copy and kill off [1] an OSS project, when you're a major company who owns the platform, with a long history of this sort of thing, after baiting the developer for information, then copying the name on top of it is just cruel and in poor taste.
Context matters. That's the key point here.
Plus your two examples out of a hundred or so examples doesn't make it common either (or maybe one in a half examples since apt/apt-get/apt-cache are the three Debian programs under APT umbrella).
[1] there was no way this project was going to continue despite their nonsense about "broadening the options in the community", they knew what they were doing
> If you're going to copy and kill off an OSS project
Many OSS projects (and pretty much all of mine) were started to scratch a particular itch, so if that itch gets scratched by another project, I'm not terribly concerned.
It's more problematic if the competition is a half assed solution that, by virtue of being backed by a larger company, still sucks the oxygen out of the space you're trying to serve.
> Don't work for free on proprietary systems or single sponsor opensource is a lesson cheaper learned by watching others.
Well in the author's case the tool was just as useful for them than for the others. Nothing wrong with helping the community, regardless of the ecosystem.
Any company where revenues are the highest goal (and all publicly traded companies should be this way; it's an obligation to share holders) will, generally speaking, select for assholes and sociopaths.
How strong that selection is, how pervasive, and how quickly it happens are variables in the equation, but the effect is the same, and it sucks.
I can say I’m a bit upset on your behalf. Actually acquiring the code would have cost Microsoft very little money, would have ended up with a better product and also would have brought along the current user space in a very graceful manner.
They didn’t even need to acquire - MIT license means they could just fork it and use it as they preferred, keeping his name in the About screen that nobody reads. But it would have looked bad.
There's no common code between the projects; they're not even written in the same language. It's hard to say it's a "fork". They both just use yaml manifest files on GitHub as a registry (which could be good for appget! It should be easier to set it up as a trusted package registry with verified non-malicious packages!). That's the commonality. I'm not sure we should grant monopoly on _broad architure choices_ when software patents are already considered so toxic. And appget _did_ at least get a callout in the release announcement, so it _was_ mentioned as an inspiration, in the same breath as chocolatey and others...
The meat of this blog post, to me, seems like the terrible hiring pipeline with no feedback. That seems like a really bad experience. I can only imagine that someone really dropped a ball somewhere.
Nobody talked about granting monopoly, it's just about common courtesy really. They basically strung him along before cloning his tool in the dark, when they could have done it in the open in various different ways. After the failed hire, just give him a heads-up like "hey, we really like your stuff but for various reasons we can't hire you and we need to rewrite it, what about we make this manifest a bit of a common standard? We'll credit you for that", and then everyone is happy.
Presumably they wanted to keep control of copyright, although their claim on their website is that otherwise they "couldn't build a repository of trusted applications ".
It reminds me of the way secure boot was rolled out where Microsoft said that this was all about "trust" and yet OEMs who are always keen to keep Microsoft sweet would strangely only bundle windows keys.
I wonder if things would have been different, if the product was licensed under Gplv3. If so, he could demand to check if Microsoft violated the license https://www.gnu.org/licenses/gpl-violation.en.html (to check if this is a completely new rewrite for example).
Update: Ah looks like Winget was sourced in C++, and Appget is in C#
Just because you can, doesn't mean you should. (Pretty much my maxim).
They could have approached the project owner, said they'd like to use the structure under the MIT license and offered a job/cash as a thank you for his dev time.
They could at least send the guy a fish, if his contribution was significant.
Yeah, there is quite a bit of background infrastructure to allow checking for installed app updates, search, and automatically updating package manifests when a developer releases an update.
Sorry for your shitty experience. Really reminds me of Robert Kearns who's windshield patent was stolen by big auto companies [0].
Robert patented it but still megacorps tried to screw him over because they thought they could. He did win but only after an exhausting trial that took years.
In 1990, they put out Stacker, which did transparent disk compression, effectively giving people twice as much disk space. It was a huge hit, so Microsoft called them up about an acquisition, entered discussion, and as part of the due dilligence process, even looked at the source code.
In 1993, Microsoft released their own version of Stacker as part of the OS. No thank you, no money for Stac, just a giant middle finger. Stac sued and eventually won some money, but it was never the same.
Everybody keeps telling me that Microsoft is different these days. About how they love open source now. And it's true that after decades of erosion of their primary monopolies, they can't get away with being as lazy and awful as they were in, say, the early IE era. But this suggests to me that deep down they haven't really changed.
Same here. I think I used both Stacker and SuperStor at different times. They'd create archives and those would show up as a D:\ and C:\ was all transparently compressed and uncompressed. They were a bit disingenuous wit the "double storage." That's why you needed to make sure you had plenty of 'free' space before installing something, because the OS lied to you about the space available. That and there was a performance penalty too.
Stack ranking basically chooses sociopaths over the nice guy. Applied over several years it is bound to have a statistically significant effect on who your middle layer managers are.
It does not matter if Nadella is a nice guy. It does not matter if everyone reporting to him is a nice guy. They are still forced to operate with a megacorp filled with lizard people.
On the other hand, it might be just the usual confusion that large administrative structures needed for megacorps cause.
>> “I haven't updated the original article since I'm not sure what the etiquette for updating a highly shared article is.”
Adding “UPDATE:(date)text” either in the footer - with a brief dip in the header saying there’s an updated in the footer is an easy way to accomplish this.
Did Linus Torvalds "Sherlock" Bitkeeper by writing git? I also recall there wasn't much sympathy for Paragon Software (https://news.ycombinator.com/item?id=22706172) when exFAT support was added to the Linux kernel, obsoleting their product.
This furor is a surprising flip-flop given the usual "information wants to be free" and "patents for software are dumb" cheerleading that we usually see around here.
Hmm, it's not like f.lux were the only ones doing it. If they were the first, then credit to them for the concept (and for the software, I'm not belittling it).
This seems like genericisation in trademarks to me. Sometimes things grow to be useful more broadly -- that seems like something to celebrate.
If you're railing against capitalism in general however, then I'm with you! Distribution of wealth shouldn't be left to a fight between a small cadre of corporation owners vs. the populous.
As author of an open source tool that was already steatlh-forked twice without any contact whatsoever by VC-backed startups - including clearly copying text from my website/FAQ - without giving any sort of credit on the idea/implementation they used for 80% of their product but on the contrary claiming how revolutionary their products are and best idea since sliced bread, and even not satisfying the basic MIT license terms, I can completely understand your frustration.
At least they were nice enough to pay you a trip to Seattle and (briefly) mentioned your project in the release announcement, I didn't even get a "thank you".
As a result of this I re-licensed my code from MIT to OSL-3 and reduced my involvement in this project a lot so I focus on the things that actually matter in life: my wellbeing and spending the time with my family.
My former employer is still using it and saving yearly multiple times my previous 6 digit salary, so I got a nice promotion out of it before I left.
It also helped me get my current job at AWS(pretty much half of the interview I was just talking about how I built it), and I now make some $500 monthly (before tax) from a few users who pay for official binaries.
I'm now only working on it occasionally, just enough to maintain this income stream, but previously I put a lot of time and effort into building it.
My motivation to work on it plummeted when I saw those companies reap the benefits of my hard work without giving anything back.
Can't think of a more wasted effort then trying to compete with maintaining a package manager in your spare time than a clone from the OS vendor who can out resource, outspend, out market, out evangelize, out reach you, etc.
It would a futile endeavour, a realization acknowledged by the author, any further dev cycles on it would be wasted & are better spent elsewhere.
The most cynic part of this story is sending him an email the day before the launch with a heads-up that WinGet was launching.
And the icing on the cake is the "btw, we are giving you the exclusive so keep it secret".
Like, wtf. He ain't TechCrunch. Why the fuck are they giving him that exclusive? Nothing yells "we stole your stuff, but dude it was open source so you really can't complain, and thanks for the idea" more than that.
I mean, getting an email like that is bad, but it's better than not getting an email like that :D
Last year a huge game company released something built on my tiny open-source game engine (uncredited), and I only found out about it later from a kind internet stranger. All things considered, better to know in advance so you can at least have your own response ready, so you can comment in the relevant HN/reddit threads, etc.
That said, the "keep it secret" part of the mail here does sound weird, but given the other history there may have been an NDA in place.
But there is the promise of your OSS engine being used again, future potential. Microsoft essentially cut this person off from being involved in the future of Windows packaging and only told him 24 hours in advance. I'd need that amount of time just to process.
Sure, all I said is that getting the email is better than not getting it. Obviously his case was worse than mine, the one just reminded me of the other - partly the lack of credit, and partly because the company in my case was owned by Microsoft.
Thanks for sharing. I actually wonder now if your experience happens fairly often, and Keivan's experience infrequently, though they're fairly similar circumstances. Integrating OSS or OSS concepts into a program vs a library have different implications but the engineering work required is the same. WinGet on paper, as a product, meets all of the requirements desired by the community. To appreciate the toll it takes on your competition in the OSS community is just alien compared to rules around corporate competition, where in the US there is effectively no scrutiny around imitation. It's a natural place for a team at Microsoft to land. I wish in your case that you didn't have to find out third-hand, but it does seem satisfying to think a bespoke game engine had that much reach!
Yeah, I think what we're talking about is surely the norm... Sending "hey we're releasing something built on your project" emails isn't in anyone's job description, after all. And there's no real upside, but the potential downside is that someone takes offense, tries to spoil your announcement, etc.
That said, in my case the summary makes it sound better than it actually was. The game they released was a one-off promo thing, which made a big splash for a few days but was effectively dead by the time I heard about it a week or two later. Then there followed a dialog with a separate team inside Microsoft, about hopefully updating it, which dragged on for a while and basically resulted in their bit getting updated but not mine, etc. etc. Altogether it was a big distraction and a pretty dreary episode.
That was just MS sending "Thoughts & Prayers" for the death of his multi-year efforts that they've cloned & looking to extinguish & claim originality credit for with their celebratory announcement.
Not clear if they were trolling or just tone deaf.
I took at as Microsoft tending their new, more community oriented image. Apparently they mailed the Chocolatey team too. I think the intent is that we should see MS as “it’s unfortunate they had to step on toes like this but Windows needs as package manager. At least they contacted some parties involved, even a day in advance!”
I might be wrong, but I read this as an apology from a PM that tried to get something done for the guy he based work off, but ended up never managing to because BigCorp got in the way.
He might have felt bad about it and clear part of his conscience, or try to soften the blow.
That was bad but I thought the worst part (icing) was "our package manager will be open source too so obviously we would welcome any contribution from you". Wow!
what is the point of an exclusive if you have to keep it secret - I mean if he were TechCrunch for example, if he got the exclusive I guess he should publish, isn't that the point of an exclusive? I find it a very confusing phrase.
I'm not so sure about this because I believe package managers are one of those things that's best maintained outside of a commercial OS vendor, though one might consider RedHat as a counterexample.
You and countless other made impossible. Created community Microsoft could not ignore. It had to adopt, it had to change. Scary beast really. It does not know how to work with, it knows how to ride.
It took path you've paved. I see it - there is no dependency resolution, no make dependencies - as simple as possible so people can participate. More like Flatpack than apt.
Microsoft does not like fragmentation. There would be a big pull of users. It's interesting how they are going to fight mallware, spyware, ransomware. Issues like chrome Stylish and npm leftpad. With all respect it is not clear you could manage it, there is quite a list in the queue [0].
Please don't despair, you've made gift to community not Microsoft.
Did you link the wrong article? The one you linked basically says that (1) you are using yaml files to describe the package instead of scripts and (2) you have the ability to specify multiple installers per package to support multiple architectures.
If that's all the innovation that MSFT has supposedly 'copied'...
I looked at both repos and they share no code at all.
In his article, the author claims that " If I were the patenting type, this would be the thing you would patent. ps. I don't regret not patenting anything."
That's really not how patents work, and looking at the repo, a second year CS student could do the same really. I don't see anything that could remotely be patented. It reads where to find the installer from a config file and determine what to do based on an enum.
Throughout the article the author uses the term acqui-hire but it seems Microsoft was simply considering him for a PM position (and he failed the interview). There's nothing to acquire since there's no patent, no IP and no brand. Only a registered domain and what seems like an anemic userbase, if any.
Being featured in The Verge[0] and on HN's front page will probably bring a lot more eyeballs to the startups he's trying to promote. So congratulation for the free advertising!
This is a common design. Only MS can tell you the truth.
Is there anything you're talked offline made you feel they copied your idea?
I think I will not credit everyone on my comparison tables. I only credit who inspired me hugely. MS hasn't implemented everything AppGet had. I bet MS is waiting for public feedback for the next point. Acutally MS has its Roadmap:
https://github.com/microsoft/winget-cli/blob/master/doc/wind...
For the spec, only two common options: YAML & JSON. And every YAML spec looks this way.
I flew to Seattle on December 5th to have a full day of interviews/meetings at Microsoft HQ. I met with four different people; three of the meetings were more like your typical interviews; the meeting with Andrew was more about what we should do once this is all over and how we would migrate AppGet’s process and infrastructure to be able to handle Microsoft’s scale. We talked about some of our options, but in general, I thought everything went well.
My last meeting ended at around 6 pm. I took an Uber to the airport and was back in Vancouver.
And then, I didn’t hear anything back from anyone at Microsoft for six months.
For what it's worth – and I'm not really sure whether it's helpful to say this, or whether it's even true – this situation often means "you didn't pass the interview."
The reason I mention it, is that it took an embarrassingly long time for me to understand this. Maybe it's common knowledge. But an identical situation happened to me at Magic Leap. I hesitate to mention their name, lest it sound like I'm calling them out or something, but I'm not. And in general I no longer feel negatively towards companies that end up doing that, so I don't think any particular stigma should be attached to Magic Leap for doing that.
I'm trying (and possibly failing) to share a personal experience of "I used to feel awful in situations like this; now I realize it's just business, and the decision of pass/fail has extraordinarily little to do with the skill of the programmer being interviewed, so don't take it as a sign of anything."
None of this is to undermine your overall point that it's generally not cool to ghost a candidate (to put it mildly), and that it's a doubly not-cool move to then clone the product of the candidate in question. But, it happens, and I just wanted to reassure you that yes, it does happen. It would've helped me to hear that at one point, so here it is, just in case.
Cmon, I live in a country where there is a legal obligation to inform candidates whether they passed the interview. It's not a very high bar. We shouldn't be accepting this kind of behaviour - especially from someone as renowned as Microsoft. It would have been absolutely trivial for them to send a polite three sentence email when they made their decision.
I mean, not to shoot the messenger, you're right, that's exactly what it meant, but it isn't acceptable behaviour.
You obviously live in a country where people aren't sue happy. Half of the reason they don't respond when you fail an interview is because they don't want to open themselves up to legal liability if the first-year HR rep says something stupid when the person asks "but why?"
Yes sometimes it means that. But if the company is desirable, knows its desirable and knows the interview means a lot to the interviewee, then its the height of arrogance and cruelty to 'ghost' them. Screw that 'just business', its not just business, its shitty behavior out of a company that has the resources to do the right thing.
> Screw that 'just business', its not just business, its shitty behavior out of a company that has the resources to do the right thing.
To put an even finer point on it, a business is made of people. Individuals. The individuals involved behaved exceptionally poorly (to be charitable) toward another human being. How shameful of these individuals to act that way, and then (presumably) hide behind the collectivist shield of "the business".
A friend of mine sent a resume, didn't hear anything and then got a job offer _4 months_ later. Generally I agree, not hearing anything means you didn't pass, but fuck companies and the people that do that and I don't ever want to work at one.
Under the circumstances, it wasn't just a regular interview and so it was either rude (neglectful) not to get back to him or possibly (unlikely) there were other reasons... i.e. someone in the hierarchy had another plan.
Yes, post-interview ghosting happens, and, I'm ashamed to admit, it happened to a few candidates that I was part of interviewing. But that doesn't make it an acceptable practice — I feel that professionalism demands to let candidates know one way or the other as quickly as possible.
MS and many others don't love OSS or contribute them back. Few really do it. But instead, they are leveraging software because OSS licenses allow it. One example, see GPL, they didn't ever accept it. But they embrace any other software without restrictions on top of "OSS", if not so, they just create its own "permissive" licenses (MSPL).
Many of us are creating software even without expecting to get money back from users of any kind. Money back in many situations can be just a gentle retribution from community (E.g voluntary donations).
What license did you release AppGet under? Almost every open source license at a very minimum requires that credit be given to the original authors. Arguably they are in a situation of legal liability (IANAL).
You don't strike me as the kind of person that would litigate such things, but I would like to think that if the right people at Microsoft became aware of such a liability, they might choose to give you credit (to be on the safe side).
I'm sorry. This does feel like a pretty shitty situation. I hope all of this attention helps connect you with some people you go on to do great things with!
As bad as this is it would be worse to intentionally use an known inferior method for the sake of being different. This can still be corrected by giving props to AppGet. Or you can't blame companies for being companies? Hate the game.
Exactly that: you open-sourced it so it's your donation to the world. Don't be sour if someone copies your idea or makes a ton of money from it.
And what would be the benefit if Microsoft gave you credit for it? Most likely their lawyers would reject it since you may then be able to sue them for...I don't know what, but money in any case.
It's a very Microsoft-thing to do to copy someone else's idea and improve on it (C#, RDP, Excel). If you release something as open-source you have to ask yourself if your doing it out of altruism or for money? In case of the latter you have to plan accordingly, by patenting or with restrictive licensing.
Virtually all open source licenses require at least the inclusion of the original copyright notice in all derivative works. Now, if the code itself were altered in superficial ways, but the structure and mechanism were essentially the same, it is kind of a grey area.
Regardless of the legal case, the idea that concerns of reputation or credit are irrelevant to open source work is a crock. People may be working on open source because they genuinely want to help others, but if you deny them credit for the work they did then you can very well expect the well of open source innovation to dry up pretty quickly. And for a company like Microsoft, reputation is exactly why they are contributing to open source in the first place.
The fact is Microsoft didn't copy anything except the idea, and you don't need attribution for that. Winget was rewritten entirely from scratch and there was no open-source involved.
I'm not even sure if the author's idea was original anyway. It looked more a CLI program to download and run installers.
I agree with this outlook. However, I don't know how I'd react if this were to happen to me. If I do something out of altruism and somebody takes it and makes money off it, I guess it leaves a bad taste? Other than that, I think this approach is done everyday by every developer, whether they take code from other softwares or from StackOverflow, very rarely do they credit or even give reference to where the code has been taken from.
My only fear would be them turning it around and preventing me or others from using the idea in the future with their big squad of lawyers. They wouldn't even need a legitimize claim to pull it off.
Not disagreeing with you, but I think it's better to make it a little bit more clear what exactly was copied. Reading the article mentioned in the OP, the main selling point for appget seems to be that the packages are written in yaml:
But that alone doesn't particularly strike me as a completely novel approach on its own. Looking at package definitions for firefox across various package managers, you can notice that they all look somewhat similar to some degree. Though one could argue that appget and winget looks more similar than others, I'm not sure this is wholesale copying without digging into more details. But again, I'm not trying to argue that it's not, and I also agree the OP should've received more credit.
He's not claiming that his approach was "completely novel". He's claiming microsoft identified his way, that already existed, was the way they wanted to go, toyed with bringing him in to run it and then got overwhelmed by internal Not Invented Here / We Can Do It Better and threw him under the bus.
It's literally the new cuddly microsoft Embracing, Extending and Extinguishing this guy's work.
What new cuddly Microsoft? When did they grow fur? Did people honesty believe that some messaging and branding choices would outweigh the influence of institutional inertia, for such a large company?
The issue is when they didn't just fork the codebase, they repeatedly flew the person who wrote the code out to Seattle on false pretenses, implying a job offer and additional money for their work, then picked the developer's brains until Microsoft learned all they needed from him, then just ignored all communication from him.
The issue is that it was dishonest and scummy behavior.
And you keep the copyright notice, otherwise you're violating the license.
If it's based on the same design (i.e. same file formats, mechanisms, etc.) then the issue is still not giving credit and pointing out the design it's based on. Doesn't cost them a thing and gives a lot of goodwill from people.
Like, if someone uses my code, I'm happy, if they copy the idea and present it as their own that's dishonest.
And lets not forget - they had similar open source project and community. They decided not to participate but create their own. This new project will overshadow existing and eventually kill community.
MS not having the basic decency of reimbursing his travel expenses is also shocking, as well as incredibly petty. What a broken way of dealing with someone who dealt with MS in good faith and brought value to their ecosystem.
The article says there was an issue with reimbursement. It doesn't say that the issue wasn't resolved or that it was MS's fault, both are just your conjecture.
The PR value to Microsoft of making him whole, and of reinforcing the impression of a newly ethical and positive force in the community, would have positively dwarfed the fraction of a rounding error it would have cost to do so. This was such a no-brainer that it's malpractice on somebody's part to have let it come to this. It doesn't matter that they're within their rights under the Apache license. Banal, tone-deaf, emergent corporate amorality shouldn't be the touchstone of the new Microsoft.
This is very unhelpful - I'm not really in a position to code review Microsoft's implementation and compare it to this document. I was hoping for something more like some high level details from the author of AppGet.
No one's asking you to compare. He's just saying winget works exactly the same as appget. So you can read that article about appget to learn how winget works.
Sounded like they wanted to hire you for their package manager and you chose not to pursue. You have every right to be mad I suppose but as you say in the article, and in that comment, you're definitely aware of what happens to open source projects. On the other hand I'm mainly glad their adaptation was open source. I think they have to maintain their own version in order to ensure that they don't wind up with some rogue applications on their package manager.
Which I don't find all that weird. Quoting OP here; "after visiting the campus, I wasn’t too sure I wanted to work for such a big company, also moving from Canada to the U.S. wasn’t something I was too excited about".
In the past, I've been in talks with an employer about a job, and my enthousiasm was only so-so, and that tended to put a brake on the proceedings.
That's perfectly fine but I'd expect the company, especially a company as large as Microsoft, to at least clarify the situation instead of just brutally ending communication.
I too have been in a similar situation (being interviewed at a startup and being clearly not super enthusiastic about the position being offered) but they decided to go with somebody else they gave me a courtesy call letting me know about it. I think it's the right thing to do.
I don't find it particularly weird either, but it makes for a much more nuanced narrative compared to "Microsoft wanted to hire you for your package manager and you rejected them."
I just think Microsoft should have found a way to credit the guy. Even just a footnote in their WinGet announcement blog post would have been better.
> I'm sure there was a reason they decided to not hire me. Maybe I had a shitty attitude? I don't know. I'm not questioning that. But I think an email letting me know and some credit would be fair to expect.
The big companies often end up ghosting the guys they don't want to hire. A long time ago, I was an intern and got fully ghosted by Nvidia. It was very annoying but my life probably worked out better for it.
There's a big difference between ghosting and sending a mail informing you that the process has stopped.
I realize I'm missing some context here, but I can't see how your life would work out better from _not_ receiving a heads up that the process has ended.
Having worked at Microsoft, and seeing the nature of the bureaucracy, the only advice I would give for next time is...
Just realize you can't set terms with a large company like MSFT unless you get lawyers involved early.
Stealing from you outright is simply too tempting, given their resources.
I noticed there were some conditions Keivan tried to set regarding the future evolution of the technology before joining MSFT.
In a large company like MSFT, there were bound to be large internal email threads relaying a play-by-play of negotiations with Keivan to: inside legal counsel, developers who already gave t-shirt sizes for building the tech in-house, product managers, and dozens of others.
No matter what they tell you, they're internally weighing
- Should we just rip him off?
- Should we hire him? Would that be better or worse for liability?
- How IP protected is this? How much can we "borrow"?
- Is it worth the hassle of dealing with an aqui-hire we can't control? Would that expose us to even more IP risk, or less?
Once companies reach this size, they simply can't be trusted to handle a negotiation transparently and in good faith, unless you have well paid lawyers fighting for you, or well established IP protection.
I guess what I'm saying is...
When dealing with any large tech company with near infinite resources -- like MSFT, GOOG, etc --, find a legally defensible upper hand, and assume they are weighing the cost-benefit of screwing you.
(Sadly, this is exactly why lawyers make so much money.)
Hopefully they also weigh in the fact that screwing developers over is terrible publicity. Assume 100k developers see this and are slightly less inclined to trust MS in future, this bad publicity could easily cost them 1mn USD plus. A good will gesture of 100k USD at the start for consulting could have saved everyone a lot of trouble.
I worked for a brand & marketing company for 15 years and I observed that most of my clients had pretty short memories when it came to how they felt about me. If the last few milestones were really great they quickly forgot an incident. Obviously, the more impactful an incident, the longer/more positive milestones had to be. An incident too impactful got your fired - but, in general, this was my experience.
Even in their recent history Microsoft has repeated incidents, but also has some very big positive milestones. Also, keeping in mind, some customers will only see the positive milestones.
Very true. People currently love VS Code and it makes their life much easier. I remember for a long time .NET friends of mine would extol Microsoft just cause Visual Studio worked really well with C#. Microsoft could do no wrong as long they could seamlessly work on Windows Apps.
I find MS seems quite immune to terrible publicity in the recent years. "But it's not the same company as before! They are doing open-source now!" yada yada
They are not immune. As someone who has been supportive of Microsoft getting their act together, and who recently spoke at a Microsoft-sponsored conference, this stuff makes me hesitant to give any Microsoft-owned properties money and discourages me from trying new Microsoft products.
There will be newer people after you flocking to the new Microsoft. Given how scummy and bad they have been in the past and how many people have been cheerleading them here, do you really think it works that way?
When people were warning against Microsoft on this forum they were just set aside as cynical, grumpy Unix-beards. If that happens even here, what do you think will happen elsewhere?
I think it's changing. I was one of the young people who did not believe the neckbeards (who are evangelists in their own right) since I wasn't around when the EEE strategy happened. I was happy with Windows because for me it was a better user experience, but today I run Linux and OSX. The world is more connected now than it was. These sentiments can spread faster now.
Giving them constructive criticism and using their open source stuff, but strictly not giving them money might be an acceptable way with dealing them.
For example, I wanted to buy Win10 recently, and also wanted to sign up for Teams. Both experiences were so unimaginably ridiculously terrible, that I ended up cancelling the Teams subscriptions the same day and not buying Win10.
On the other hand .NET (Core), PowerShell, TypeScript and VS Code are all great things.
If WinGet contains AppGet code and they didn't credit him then yes, absolutely, moral rights in copyright (attribution, right of association, integrity) cannot be transferred during the lifetime of the owner and yes MSFT can be sued for breaching them. It is extremely likely the penalties meted out by a judge wouldn't cover the costs of a lawyer. Not that anything like this would ever see a courtroom, MS will offer a settlement which in this case will be on the magnitude they gave to Mike Rowe for MikeRoweSoft.com (which was an xbox and some travel vouchers and such).
If they stole his unpatented ideas then there's nothing.
In the update and the responses/interviews the author gave he clearly states that Microsoft copied his source, an absurd claim considering both repos are public.
He goes to say that "If I were the patenting type, this would be the thing you would patent. ps. I don't regret not patenting anything."
I mean come on. Every package has a .yaml manifest where there's a download link for every architecture, a hash, a version and an installation recipe. There's nothing to patent here. It would be extremely hard to argue there's no prior art, considering most languages and distributions have been shipping with package managers built just like these for years. Even my text editor has one!
Realistically, the author managed to get a lot of attention for his other startup for almost no cost. By bashing the company that's trendy to bash right now.
This is interesting perspective. Do you think this have the potential to negatively affect responsible parties on MSFT side given the negative PR generated?
This was definitely not a great experience, but my hunch is what happened is some higher ups decided no, they don't need to hire you, the original team tells recruiting to notify you, recruiting drops the ball somehow, team goes on with their lives believing that you were told they were no longer interested, and everyone (except you, since you never got notified) believed the whole thing was resolved.
The original people (not recruiters) who reached out to you should've connected after the decision was made. They probably figured the recruiters would do their dirty work, so no need to engage.
Full disclosure: I worked at Microsoft for over a decade, so I know how slow and lumbering it can be. I bet some emails were missed and people didn't follow up because "they had a lot of other things they were tracking".
> some higher ups decided no, they don't need to hire you
Total misjudgment on their part. Thanks to this one HN post they already lost in terms of developer good will way more than his potential salary would be.
Every time anyone who uses WinGet, who read this, will think 'oh, yeah, that's the tool that Microsoft build their version of behind original author's back, while stringing him and ghosting for few months".
Realistically, though, a year from now nobody will care. I mean, I started in this industry in the "MS is outright evil" era. How many people did they screw over? If I remember correctly, there was even a guy who was owed a pile of stock/stock options and when he got cancer they suddenly went missing (no need to pay the dead guy!). Day by day, year by year, these misdeeds are seen as irrelevant. MS is a different company these days (almost literally). Should we hold them accountable for their past sins forever? (I have a friend who still refuses to buy products from Nestle given their ancient "poison in baby formula is OK as long as it saves us money" stance. That's older than I am!)
In reality, these kinds of antics just don't hurt companies significantly -- even ridiculously horrible things that are arguably crimes against humanity (have I invoked Godwin's law?) In comparison to some of the incredibly awful things companies do (and get away with), this is minor to the point of not even being a footnote in the annals of evil (note to self: don't google that term to check the spelling...).
However, there will be a few of us who will be reminded of why we don't do business with MS (and hence will have no need of WinGet). It won't make any difference, but it will be there.
About Nestlé's poison baby formula: I though their baby formula was safe, but the problem is that they gave it away (maybe still do?) for free to new mothers in developing countries and when the mothers stopped lactating (because their own milk wasn't being drunk) they made the price hopelessly unaffordable so now the babies couldn't drink from either source, or at least needed to over-dilute the formula.
Totally reasonable to still boycott them, makes more sense than getting annoyed at Microsoft in a situation like this (which is also deserved but more minor in the grand scheme of things).
That's more recent. A long time ago (and I'm working from memory, so best to fact check anything I say, because my memory is terrible) it was common to use a particular rat poison in dry milk (and I forget exactly what it was). There were certain standards as to how much rat poison you were allowed to have. It was well known that this would kill a small percentage of babies, but it was thought to be a reasonable tradeoff at the time. To be fair, it wasn't just Nestle. In Japan, the dairy giant Morinaga had the exact same problem. I believe there were law suits that dragged on for literal generations and eventually things changed.
Which was inadverted addition of arsenic specific to Morinaga in Japan, and not Nestle. However, the committe which managed the case and dragged it on was not created by the company but the Japanese government consisting of a newspaper publisher (??), a hospital director, 2 lawyers and a human rights lecturer.
So it seems like an insufficiently related market and lack of oversight made this drag on causing many deaths and even more people crippled by arsenic. One person was sentenced to 3 years in prison.
Compare with China who executed 2 people involved in the 2008 milk scandal and gave much harsher sentences to others. Although that scandal was deliberate rather than a cover up of bad practices.
My understanding was that it's while it is in bulk storage in warehouses. It keeps the rat population down. I've been trying to find evidence that I'm correct about this and like another commenter has posted, it may be that I'm confusing the Morinaga problems with Nestle. However, I was sure I heard about Nestle before I heard about Morinaga, but... My memory isn't the greatest :-(
What Nestlé did was unforgivable. It was clearly lead by psychopaths at the time and we have no way of knowing that is not still true.
The problem is people have short memories and are driven by convenience so will conveniently forget how evil a company is when they show another side. Or sometimes they can continue being evil and people still just do nothing because it's so convenient (see Amazon).
There is not enough direct experience of the evil for our monkey brains to make sense of it. If you see someone kill a baby with their own two hands you will never trade with that person again, they are dead to you full stop. If a company knowingly kills babies by proxy and extorts mothers you get mad for an afternoon then you forget. We need to evolve as a species or find some way to make it more real.
I guess it might help to reaffirm the beliefs of somebody who was teetering in their distrust of Microsoft like myself.
I've been anti-Microsoft for about 15 years but even I'll admit that I've warmed up to them over the past few years because of their seemingly good works (and amazing PR). Stuff like this helps me remember why healthy skepticism is still super important when it comes to giant companies like MS.
Yes. Microsoft really dropped the ball on this one.
So much of what Microsoft has been doing — GitHub, .NET Core, NPM, Visual Studio Code, Windows Subsystem for Linux, etc. — has been to build goodwill with “developers! developers! developers!” Taking the resources to do an acquihire (or hire + bonus) right is small relative to the PR hit.
Exactly. All the things you mentioned are great, and a sign that after decades of being insular, blindly corporately evil, Microsoft started becoming worthy of interest.
And when I first heard about WinGet I though, "Yay! They continue to catch up to the place where developers are! Good for them!", but then this surfaced.
> Windows Subsystem for Linux, etc. — has been to build goodwill with “developers!
WSL has been built for webdevs not to flock to *NIX from Windows, nothing else.
Even naming it "Windows Subsystem for Linux" is an insult, since it sounds as if it was something for Linux, when in reality it's a "Linux Subsystem for Windows" and doesn't benefit Linux itself in any way.
> Even naming it "Windows Subsystem for Linux" is an insult…
The developers of WSL have said* that was mostly a legal concern. Calling it “Linux Subsystem for Windows” (listing “Linux” first) has wider implications for copyright/licensing:
> Just who is allowed to call a product or service Linux, anyway?
> Linus Torvalds has an answer for that: Nobody. Not without his say-so.
> The term "Linux" is a trademark and Torvalds owns it. His assignee, an organization called the Linux Mark Institute (LMI), is empowered to collect licensing fees from companies and individuals who want to use the word commercially.
Are you telling me MS could not be bothered to even ask Linus? And if there's a fee to pay it? They're a multi-billion dollar corp telling us they love Linux now.
Alternatively, calling it something like Nix subsystem for Windows or maybe just LSW would also do the trick, this seems like a lame excuse.
It's a bit lame to say recruiting must have dropped the ball. If you've engaged with someone, you're inspired by their technology, etc., etc. then handing them over to recruiting for a rejection is pretty weak.
It's a totally different world inside a huge company like Microsoft, though. It's massive and its own little world. After working inside for a few years, you start thinking that it's "normal". You see projects start up and get shut down, you see people trying to get into the company, you see people trying to transfer to other teams within the company, you see people trying to leave the company, you see people in the same team for a decade or more, etc. Because of the scale of things, you sort of become numb to a lot of things you see, so I sort of "understand" if somebody just figured recruiting would sort out that someone wasn't the right "fit" for the company.
I don't think this kind of behavior is necessarily the right one, but it's the outcome of a large behemoth made up tens of thousands of people.
No experience at Microsoft but plenty with lawyers in large corps and I would rate another possibility highly, which is that the team wanted to contact him but lawyers recommended "no further contact" as the safest legal IP path. Essentially, they were trying to close the barn door on clean-rooming the software and any further conversation could leak non-open-source ip that would then bring about a liability later on.
I can see that happening at Microsoft for sure. There's no doubt legal would've been involved with the conversations and gave heads up to all people on the interview loop.
This is probably what happened. As a hiring manager i want to tell the candidates whenever we reject them but sometimes recruiting drops the ball and never reaches out with rejection email or call (our team usually calls them).
This happened to one of my referrals so i know this firsthand.
Microsoft pretends to want to acquire a product or software and then release their own implementation.
The developer was obviously brain-picked for any implementation ideas, as stated at scale. They should have been paying a retainer, or had an offer inside of two weeks.
After Microsoft flirted with acquiring Intuit, then shortly thereafter released Money to compete directly with Quicken, I assume all due diligence is just a way to hoover up intel.
To inform a buy vs build decision. To better validate market assumptions. To identify key contributors and poach them.
Whatever.
No earnest money? Fine. They clearly were going to drain my blood and powder my bones. Their prerogative. But they can proceed to kill me and my product without my help.
The code basically takes a .yaml manifest, reads where to find the package and get the installation instructions from an enum. I don't think there was much brain-picking here.
You point is that this is simple, yet Microsoft with Thousands of engineers working over the span of decades never internally developed this idea or framework except after picking the brain of this particular person and doing a copy of that particular competing project.
Paintings are just paint on a canvas, and all code is just clicks on a keyboard. That doesn’t make it any less immoral to blatantly copy without recognition.
It’s perfectly fine to carry out a fork, the irony here is that Microsoft likely tried you play this angle of “we’re just competing, not copying you” because they thought carrying out a fork with attribution would blow up in their face, which this now has.
If the developer had asked for a retainer straight off the bat I feel like MS would have just ignored him and started building WinGet earlier. All the AppGet source was right there for them to look at. They wouldn't have had the benefit of Andrew picking his brains one to one, but that probably wasn't 100% necessary anyway.
You mean you have never been part of an interview or supposed acquihire were you were brain picked? That’s happened to me at least five times already.
There is far more to things than code. Examples: what is your ARPU, why didn’t you do it this way, how many bytes per unit time can you upload this way, where do you see the market going, who is still at the company, what do you think of this type of market?
I've been learning a little bit about "the new Microsoft" and its new relationship with open source, and I think I get it now.
MSFT is treating open source communities and free F/OSS code contributions the way they might have treated blogging and IT forums in a prior era.
It's "developer community" and "power user" engagement. It's a hybrid product management and marketing function.
In this particular scenario, the winget product manager views the appget author as a "Windows enthusiast" of sorts, not a competitor, a peer, or a colleague. Just a "power user persona" of the Microsoft userbase.
So, when you understand this, reading the PM's email to him ahead of winget's launch makes more sense.
> We give appget a call out in our blog post too since we believe there will be space for different package managers on windows. You will see our package manager is based on GitHub too but obviously with our own implementation etc. our package manager will be open source too so obviously we would welcome any contribution from you.
Specifically: it's like getting called out explicitly by a forum mod, or being a frequent blog commenter who is mentioned by name in a blogger's main post.
It's "an honor" to have appget explicitly mentioned in an "official" Microsoft announcement. And to have your community work "inspire" so much of winget's design! So when the PM wrote the email, he probably wasn't even thinking it would feel like trolling. He was probably thinking, "isn't it cool we are doing this 'F/OSS collaboration thing' together? How 'New Microsoft' of us!"
And I can't say I blame him. Microsoft is just less smooth about their appropriation of F/OSS for marketing purposes. Other companies manage to do it without the developers noticing.
If you want to see what Microsoft thinks of open source and contributors, then all you have to do is read the license they want you to agree to before doing so:
I love how those stories of the early years are so different from what I think of looking at companies today -
> Jeff picked me up at the airport, and we drove to Microsoft's main building where we were joined by Neil Konzen, a talented 23 year old who was Microsoft's main systems programmer on the Macintosh. I knew Neil from his days as an early Apple II hobbyist, when we collaborated on adding features to an assembly language development system when he was only 16.
Just... "Microsoft's main systems programmer on the Macintosh" is such a weird sentence to read today. On the other hand, Microsoft also shipped Xenix, a full-on licensed Unix™ OS before they shipped DOS.
I'm perfectly familiar with Microsoft being an application vendor for Apple's platforms, long before that was Macintosh:) What threw me off with the notion of them employing a systems programmer for a non-MS OS.
It makes more sense when you consider that 'systems programmer' doesn't mean 'writes operating systems' (especially back then) and the line between application and systems programming was quite blurry (double especially back then).
Microsoft buying a big chunk of Apple (admittedly to stave off antitrust claims that there was no competition in the OS market) is a major reason Apple is alive today.
On the other hand, Apple unintentionally granting a perpetual license on their interpretation of the WIMP GUI (admittedly not without perusing the look-and-feel lawsuit) is what kept Microsoft in the OS business.
Neil Konzen's P.L.E. (Program Line Editor) helped make my early days of Apple II programming bearable. It later was expanded into GPLE and published by Beagle Bros.
Windows NT is designed out of the box for extending and embracing Unix. The whole Linux Subsystem thing isn't something new that required deep reworking of the kernel.
You should read the book Showstopper! to learn that NT was actually designed to be as far away from Unix as it could be. Dave Cutler, NT’s chief architect, hated Unix with a passion. He thought it was a rubbish OS. The internals are based on VMS, Cutler’s previous OS. That’s why NT has never been a good posix system and why microsoft has essentially given up with WSL2 and is now just running linux in a vm.
Great book. Another interesting wrinkle that’s been somewhat lost to time is that (as the book documents) NT was developed simultaneously on x86 and a RISC architecture (MIPS I believe).
The Linux Subsystem actually doesn't use the NT subsystem technology that you're thinking of. They did end up inventing a few new kernel concepts (like pico processes) in order to do WSL v1.
Indeed. There was a windows services for Unix subsystem based on Xenix mentioned elsewhere and that was based on the subsystem architecture.
When you use it, you get a nice Korn shell and it is built on PE binaries linked against PSDLL.DLL. there's a functioning but very old version of GCC that ships with it.
The PE binaries mark up the desired subsystem to be invoked so you don't have to be in the environment to execute one - the kernel takes over.
PSDLL acts as a translation layer for NT much as kernel32 does for win32. You can't run unmodified Linux binaries like you can with wsl. On the other hand, WSL requires that you invoke lxss with some special com magic to get access to Linux first so you can't just exec an elf file directly. The Pico processes you mentioned - these allow the kernel to install specific handlers/translators of their syscall functionality into the windows kernel.
So yeah architecturally they're pretty different and WSL isn't really the same subsystem concept they started with. On the other hand it that's probably a good thing because everything needed a rebuild for SUA.
On the other hand, WSL2 is based on virtualisation rather than NT kernel personalities. Apparently building it 'on top' or 'inside' NT ends not not being good enough.
I don't think that's a failure of the NT subsystem approach, I think that's just that Linux turned out to have a massive and changing ABI surface and Microsoft didn't want to try and recreate the whole thing by clean room reimplementation. Yes, there were some difficulties because of different underlying primitives, but in my outsider's opinion, they could have made it work if they've been wanting to spend the time and effort.
The problem they couldn't solve is file system performance -- there's just too much of difference conceptually between files in Windows and files in Linux to make it perform reasonably well for the sorts of jobs people were using.
In the end, it just makes more sense to pull in the actual Linux kernel than to try and achieve the same performance semantics.
Windows file system performance in general is abysmally bad, we are talking Linux being 10x-100x faster on mass operations on small files for instance.
Due to this lots of Linux stuff is based around huge masses of tiny files (build processes, VCS, docker, etc) and there was just no chance the windows kernel was ever going to come remotely close performance wise.
If Microsoft is serious about supporting open source then this is the kind of story that it needs to stop happening.
It may be perfectly legal to come out with their own version of AppGet, to base it on AppGet, and give it a name that is very close to AppGet, and if the developer wasn't a fit for Microsoft then they don't have to hire him.
But behaving in this way is like biting the hand that feeds you in terms of open source they come out sounding like a*oles.
When it was clear they didn't want to do an acqui-hire one solution would be to indicate that it was possibly they were going to create their own version of the product and perhaps 'purchase' the AppGet design/concept, or pay a consultancy fee for the time the developer was being interviewed - even for a token sum.
And it's working. Linux users are even excited about WSL, cross-platform C#, Microsoft in a VM being called Linux native, github being bought, etc.
Linux users aren't more principled or anything than windows users. I'd go as far and say that people just want free stuff and some are willing to put more effort into it. We have no higher standards or morals and are no better than the windows or mac crowd.
Not sure how MSFT usually handles it, but when I was acqui-hired (by a different large tech company, not quite on MSFT scale, but no trifle) I dealt almost exclusively with a person from Business Development. Maybe it is a bad sign that they had you discussing with people in their engineering group directly. Sounds like they were gathering data from you with no real plan to acquire. Then again every company may do it differently.
For me, there were some questions about my technology, but not a lot. Mostly we agreed on terms, and then they came up with a 40 page contract :) (the bus-dev guy said they don't really treat a small acquisition like mine that much differently than a larger acquisition in terms of contract verbiage). I had my lawyers (no I did not have any before this offer), review it.
But overall I felt that someone, who later I'm pretty sure turned out to be the CEO, had told their Business Development guy, just acquire this thing (and bring him along if you can), so they just went about doing that and it came out ok.
I had to go back and look it was a while back, it took longer than I remembered it. The initial reach out was in May 2011. I had some initial conversation with them in May and June, sent them some overview of the company, etc. Then didn't hear back for a while. In December 2011 conversations started back up. By then the company had actually launched a product where they could see my business being useful. I sent them some small amount of data as a sample. I had actually proposed a simpler lower cost proposal of them just purchasing the data they wanted and not the business or acquiring me to work there. Anyway sometime at beginning of Feb 2012, things started to move faster and then it was done by beginning of March 2012. So in my mind/memory it was really January 2012 to beginning of March but really started in May 2011.
Lots of times the process starts through some mid-level manager expressing interest in a possible m&a, and initiating what I'd call "casual" due diligence, along the lines of what the PP described. The issue here, from the target's pov, is that the person/team sponsoring the research/engagement isn't empowered to execute an acquisition -- ultimately, they're just performing research to build a business case that validates the viability of the purchase, and helps provides insights sufficient to guide the acquiring company's deal team on desirable base contract terms & structures. All this feels like it's an acquisition moving quickly to small companies that haven't been through it before, but it really isn't. Only after the corporate development analysts & attorneys get involved will it move quickly, but that's primarily for two reasons: 1) the due diligence is already largely completed, and 2) they hold the purse strings.
Note that it's pretty common for years to pass between the first and second stages of this process, and there are any number of reasons why acquisition negotiations can either suddenly accelerate (it becomes competitive, partnering isn't going to work as a fallback, the target is going out of business, the acquiring company needs to unload cash fast, ...) or slow down (partnering becomes more desirable than acquisition, 1st party development becomes competitive, various legal reasons intervene, business strategy shifts away from whatever made the acquisition interesting in the first place, org changes shift the focus away from the acquisition, ...).
It would be very useful to know the percentage of completed deals. Is it 1% or 10% or higher? I think the number tends towards 1% rather than 10%. We (mostly) hear about successful deals and not unsuccessful ones which why this article is very valuable.
That's what I was thinking. How would a company approach you if they were genuinely considering purchasing your product? And how if they want to brain rape you?
Maybe being contacted by a product manager or engineer should make you cautious.
There are parts of Microsoft that understand open source. Most parts of the Windows team ain’t that (exceptions apply). Reading this saddens me a lot as he clearly got screwed. But this is why any project with momentum should consider growing its community and maybe forming a foundation.
For example, Homebrew and its community/infrastructure is better than and bigger than anything Apple could ever do (and we know how they run Mac App Store to begin with).
When the author said “Microsoft would hire me, AppGet would come with me, and they would decide if they wanted to rename it something else” , I can immediately tell that’s not how you do OSS. That would be betraying to your users and maintainers.
Did Microsoft ask Nat Friedman and Miguel de Icaza to bring Mono with them to kill/rename it? No, that’s not what happened. And thats how significant open source projects/communities should work; not controlled by a single person.
Nobody at Microsoft understands open source. The people who pretend to understand are just glorified sales people pretending to be developers promoting every new Microsoft product regardless how shit it is or how much better other competing products are (you know who these sales people are).
Microsoft loves OSS as much as they are able to control it. They are like an abusive partner who "love you" for as long as they control every step of your life but as soon as you step aside they'll grab a hammer and smash you in the face.
Just to be clear, I was very clear with them during our conversation that it would only happen if they committed to keeping the spirit of AppGet (which they did)
I might be wrong, but I don't think to have MS behind a project like that causing it exponentially grow was a betrail of users.
MacPorts (né DarwinPorts) was created by Apple engineers long before the App Store existed. IMHO it’s superior to Homebrew in just about every way, existed long before Homebrew and targets the same audience (unlike the App Store which is targeting a very different population).
If you haven’t looked at MP lately, it’s worth reviewing.
Used it in the days it required everything to run as root (Sudo). Then discovered homebrew and have never looked back. Every package I've looked at is better maintained on brew. Why do you think MP is superior?
Like chown-ing /usr/local to what is supposed to be a non privileged user, reducing this security of everything in there. It’s like people don’t realize there’s a reason port (and apt and dnf and pretty much every package manager) requires “sudo” to install software. Homebrew has always felt poorly thought out to me and every time I try to use it again I come across some broken package that works fine in port.
MacPorts still has a number of Apple engineers contributing to it, although it is no longer an Apple-sponsored project and I have no idea if they are doing so in any professional capacity.
Homebrew, interestingly, has been moving towards an App Store-esque “binary distribution platform” for a while now.
Binary distribution is not bad, it's heaps better than forcing everyone to recompile the very same software again and again on their own laptops. See also Nix.
MacPorts does not force you to do that. Homebrew on the other hand pushes you strongly towards their precompiled binaries, and they have steadily removed customizability of what gets installed on your machine as a result because they don't want to shoulder the added complexity on their side (as they'd need to provide binaries for all the options…)
It includes a lot of Unixy “deep cuts” that aren’t in homebrew, it doesn’t stretch an unrelated analogy into its own jargon (brew, cask, etc.), it easily allows variants of builds when the defaults won’t do, it stays sandboxed in its own namespace by default, etc.
The original problem the brew developers seemed to have with MacPorts (no binary distribution) is now resolved and MP retains all of the flexibility of a source-based package manager.
I also “like” sudoing package installation/removal of system packages. It’s no different from any other Unix package manager. If I’m the only user, I can chown /opt/local Or install to my home directory and run MP without sudo.
>There are parts of Microsoft that understand open source. Most parts of the Windows team ain’t that
The story goes that the new Microsoft understands open source at the top.
A windows package manager is such an essential component of the operating system that it is visible at the top. Even more, Github, npm - package managers are at the core of their strategy.
How big is the risk that the new Microsoft is just lip service and they won't respect the GitHub and npm community either?
Not everyone is able or willing to develop large-scale open-source community/project.. Also, mono is a much large and more significant project that runs on Linux, not a Windows app.
I have a sneaking suspicion that part of the reason for the sudden radio-silence after his on-campus interview is that someone up the chain realized he is also the creator of Sonarr and just nobody wanted to take ownership of that potential liability.
In the post, he says the deal was going to be getting hired and getting a bonus as compensation in exchange for him bringing AppGet's code into Microsoft and leading the project. That's a very simple deal in which no ownership of other projects is being transferred.
I'm not a lawyer but I'm pretty sure that hiring someone doesn't mean that you grandfather their liabilities. If that were the case the world would be chaos.
If Sonarr was the reason to reject him then it was done out of complete pettiness.
Large corporations often have more to fear from the liability of bad PR than they do from lawsuits. Most CEOs hate bad PR more than paying out a billion dollar fine — the billion dollar fine isn’t their money, and doesn’t cost them any status at the country club.
I'm actually having a hard time imagining something like Sonarr making much of a negative pr splash.
It doesn't download pirated shows, nor does it play them. It just organizes and renames and creates lists of missing episodes for files that may or may not be pirated content.
Mmmm... There is a certain segment of the tech industry that is morally opposed to piracy, and actively pursue those people. I know because I've seen the negative connotations they've received. Had a candidate with a homelab, peer inferred it was for piracy, didn't want to hire him because of that.
I've also seen it in the weebs and also brainwashing Japanese Corp culture.
I have a feeling because its m$ their cture dictates that they at least appear they were disgusted with his sonarr authorship.
No, they're not. That's the point. The problem is that nobody cares outside of here. If it shows up on a prominent Windows news site/blog, then I would consider it a PR disaster. But that hasn't yet happened.
Why? From the way you were talking about Sonarr, I expected it to be something more than... a bittorrent organizer. It has nearly 6k stars on github and seems wildly popular. Why would that be taken as anything but a strong "hire this person" signal?
I mean, I believe that it's possible you're correct. But this is just such a foreign "does not compute" situation to me. Is the thought process something like "Sonarr is often used to download things against copyright law -> that's a no-no -> we don't do no-no's here"? I'm trying to phrase this as positively as I can, so I apologize if it sounds like I'm belittling the mindset or something. It's not like that.
(It's mildly unfair to Microsoft to imply that this could be the reason, since as a company policy Microsoft can't show up and say "Well actually, the reason we didn't hire was because X" – and this seems like it would be an outstandingly bad decision. Old Microsoft may have made decisions like this, but in recent years they've made some pretty impressive reforms.)
Pretty easy to understand if you understand how risk-averse big corporations are, and how the image of BitTorrent has been forever polluted by "but, it's copyright infringement!".
Anything mentioning or using BitTorrent is scary for these huge companies, because it's associated with piracy.
Sure, your deploy times to your container fleet can be 70% faster, but if you're using BitTorrent, it'll be very hard to push that through leadership.
Guys, the usual "but BitTorrent can be used for so many legitimate purposes!" fig leaf argument doesn't work here. Sonarr isn't for downloading Linux ISOs. The only thing it does is schedule downloads of TV shows as soon as they air. You can't even use the "but my library is only composed of DVDs I purchased and ripped myself" excuse here. Sonarr only makes sense in the context of automated downloading of stuff that's on thetvdb.com (which is 99.99% copyrighted material).
You may or may not think that's a fine thing to do, but it is the only thing you can pretend Sonarr is for.
A distinction should be drawn that Sonarr does not actually download from Usenet or BitTorrent. It merely interfaces with other programs and apis that can do so.
I was about to hire a guy and discussing him with the president, it came up that he was into ASICs for crypto mining (years before it was a big thing)... president didn’t like it, figured the guy to be a get rich quick type and through his direction we passed over hiring him.
Turns out in this case, it was a good call, but right or wrong it was enough to push the guy back in the pool as he was already on the edge anyhow.
You passed up a guy that had an interest outside your business and that was extremely technical?
I can understand the justifications for culture fit, however, to me it sounds like you passed over someone because he was ambitious outside of work. That's fine if that's your culture, but you should consider that as a red flag.
As the other guy wrote. Wasn’t my final call. I understood the presidents point. If it was just me, I probably would have given him a try.
And also like I said, it worked out in this case, the guy was a get-rich-quick type. He went to work for someone I know and didn’t last there. Sub par work, rushed and didn’t really care. That’s all besides the point.
The point that yes, your outside interests can possibly effect your hiring prospects.
Every time I see the “Microsoft <3 open source” stuff I get really suspicious, and this kinda confirms that I’m right to be. I’m grateful of their more open culture these days (dotnet alone is a big achievement) ... but I feel like there’s been a number of incidents like these which snap me back to reality and remind me they’re really just paying lip service to the idea and don’t truly buy into open source.
Microsoft is a public traded company. You can safely assume that anything they do is really about generating value for shareholders. Of course they don't "love open source". But they probably love what it does for them (e.g. enable them to run Azure).
So much for the "I love the new Microsoft" people here… same as the whole Microsoft, doesn't even have the decency to credit people where credit is due… Of course, nothing illegal here, but this is borderline plagiarism… at least pay the guy, or donate to his foundation or something…
Seems like Microsoft owning GitHub thinks all the code on GitHub belongs to Microsoft…
I remember the "good old days" of the Microsoft Borg.
They were infamous for getting small companies in under NDA, then grabbing their tech, and dumping the small companies (often putting them out of business). They are not alone in this (Apple has done the same thing. I think they even have a term for it -"to Watson" * ). It's just that MS was the most egregious.
It makes me sad to see they are still doing it. I've been fairly impressed by what Nadella has done.
* EDIT: As adamdavidson pointed out, the term that everyone uses is "Sherlocked."
I can’t imagine how deeply upset you must feel over this.
> I didn’t even have to explain to her how the core mechanics, terminology, the manifest format and structure, even the package repository’s folder structure, are very inspired by AppGet.
I read “inspired” as “blatantly copied”. Not shocked at this from Microsoft. But not giving due credit is just a rip off. Seems like Andrew and whoever else corresponded with you were arm twisted by jerks (or had more jerks in their teams).
If anyone in the Winget team is reading this, your organization sucks. It seems to be showing signs of Microsoft from the ‘90s.
The really sad thing is that I still don't think Microsoft has actually solved the package manager problem in any meaningful way. WinGet feels like just yet another subtly incompatible package standard.
I would say Microsoft should buy Chocolatey but they would probably just ruin it. (Not to say this is a uniquely Microsoft problem; it's reminiscent of the Pipenv/Poetry/virtualenv... mess in the Python community.)
I'm convinced the sole purpose of some open source projects are to be good enough to prevent other open source projects from filling the void, but bad enough to keep from competing with vested commercial interests.
This might just be one of those cases. Why would Microsoft want to invest in another distribution platform when they already have the Microsoft Store where they can do whatever they want?
Sure, WinGet has an MIT license, but that doesn't mean anything. The only important thing is who gets to commit to the manifest(s) on the master branch. That's Microsoft. They own it. They control it. They curate it. They decide who gets to distribute via it.
I'd bet money they'll tie it in to Azure somehow at some point.
Microsoft is likely looking for a solution that would allow easy distribution of software in enterprise context without having to repackage it.
Having a widely accepted and used package format would solve that. You could just pick the package for notepad++ and others and push them to workstations via Intune.
After reading the second e-mail it is clear that they are trying to do something "official" and that their interest in the specific person is low (to say it mildly). Full of "going-forward" and similar corporate-speak. DANGER DANGER DANGER: when someone loses natural language, he is no longer speaking for himself.
I wish someone would write a serious corporate-speak dictionary, list the most used phrases and what they usually mean, explain different levels of formality etc.
Man, this hurt to read. Keivan’s response is the right one. But I wonder if the arrangements and outcome would have been different had AppGet been closed source.
> I wonder if the arrangements and outcome would have been different had AppGet been closed source.
All of the Windows apps that MS did this to back in the 1990s were closed source. Didn't help. MS has more than enough horsepower to just reverse engineer whatever they can't get the source code for if they care enough about the features.
Right. That was the point: it is not enough to just understand how something was made. You have to be able to recreate it too. And building a similar system in just a bit different way to avoid potential copyright or patent claims is hard. If the system is complex, it is hard squared.
> it is not enough to just understand how something was made. You have to be able to recreate it too
I meant to include both in "reverse engineering".
What I was trying to say was that the large products where MS has failed spectacularly don't seem to me to be products from some other company that they reverse engineered. They seem to me to be products MS thought up itself. MS is better at co-opting ideas invented by others than at inventing its own.
This isn't secret news, but when you interview at MS there is always a secret / hidden interviewer. This is publicly known information from Cracking the Coding interview. This person is called the as appropriate and you only meet them if you pass all the prior interviews.
Per his writeup, he did not meet that person, which means that he most likely did not pass the interview.
He also for some reason didn't follow up on the results of the interview for 6 months, which is unique as most candidates will reach out. Assuming he actually filled out a job requisition, which he probably did to interview, he also should have gotten status from that requisition, so things are a little fishy.
I do not know anything about his case directly, but I would bet that he did not pass the interview and a decision was made to not bring him on as a result.
If Microsoft was trolling him to just pick his brain, they would have done more than two small events, and wouldn't have bothered to reach out to tell him they were releasing a product.
This response also burns any bridges that he had built with the team. He could have still potentially made something of his product if he had kept that relationship open and used his leverage as an existing package manager owner to influence WinGet.
If I was him, I would have at a minimum asked for feedback far earlier than wait for 6 months.
How exactly could a PM interview process (which is just asking you to walk through a bunch of design scenarios) give a stronger hiring signal than having developed a product the company wanted to acqui-hire? Honestly somewhat insulting that they made him go through a full external interview loop. At most it should have been some informal chats of the sort you get when transferring teams internally.
I think the reason this process was used is because if you are some random employee at Microsoft, you don't have the ability to just acquire a company. You probably don't even know who to look for to ask for such a thing. But what you can do is create a req for a position and refer someone you know for it.
I am guessing that the average "higher up" at Microsoft does not know what AppGet is, or even what the priorities for package management in Windows are. It's just not a high level strategy thing, it's a low level engineering thing.
> Honestly somewhat insulting that they made him go through a full external interview loop.
Wait, what? So if someone is a "name brand" celebrity, they should get to jump the queue and coast by with an "informal chat?" How is that fair? I don't care if I'm interviewing John Carmack, he's getting the same evaluation process I would give to any other senior candidate. Software Engineering's got enough problems with interviewing--it doesn't need an aristocracy that gets special treatment.
Technical interviews aren't a hazing ritual that we should all suffer equally out of some misplaced idea of equality. They're just one way of informing the decision of whether to hire someone.
That's absurd. What he has built literally demonstrates he has the ability that the role requires - which is entirely what the entire interview loop is trying to ascertain. If you can ascertain that a person has a skillset without that loop, it is completely unnecessary.
The point of an interview is to figure out the capabilities of a candidate. If they are already known, it makes most of the interview process pointless.
I did, I've since updated the article at the end to note this,
> There was an issue with my travel reimbursement, So I contacted the HR contact and at the same time asked about the Interviews, She told me someone will get back to me about that and they never did. This was on Feb 14th, 2020.
My understanding is when MS decides they aren't going to hire, they cut off all communication, total lot drop. Sometimes at their own campus, no feedback at all.
It's really an angering experience imo. I mean, I get it from a litigious mindset, but still not very humane.
My experience while interviewing with MS is somewhat similar with respect to not hearing back after each stage. The initial phone interview was quick with what seemed like a lower level HR person who asked basic questions from a list with many mispronunciations of MS SQL technologies. I didn't hear anything for three weeks so I called them and they said, "Oh yeah. We want to schedule another phoner with the product team". A few days later I interviewed with for about an hour with two engineers and it was more inline with what I had expected. This time I sent an email the next day thanking them hoping that would at least keep me in the back of their minds. Same thing. About three weeks later I called to find out my status. "Oh yeah. We would like to fly you to Virginia for an in person interview this week". They set up my flight and hotel and I went through three interviews with different groups and left thinking, "Well that was horrible and embarrassing. They are way above anyone I had ever worked with". Same thing. Sent an email thanking them along with my expenses. About six weeks later I needed to know my status since funds were getting low. I called them up and was told I wasn't ready to work for them. But I should add them on LinkedIn to keep in touch. My self esteem was pretty shot, but I ended up with a pretty sweet job that week. I still get emails from them every once in a while when a position opens up, but three years later I still get a little anxious when those emails hit.
So yeah, their post interview stage communication seems to be the weakest part of a process I am sure I was one of hundreds going through at that time.
That's not true, usually you'll get a message from the recruiter. You might not get interview feedback, but you'll know if you got turned down.
Even if you don't, you submit applications through a recruiting site, and it tells you the current status of your application. It'll tell you if the application was rejected.
Replying to myself, because the sibling comment is clearly at odds with what I'm saying, and I think that deserves to be addressed with more nuance than my first comment did.
I think there's a lot of variation in the quality of your interview experience when you interview at Microsoft based on how on top of things the recruiter is, how much the hiring manager prioritizes candidate experience, and headcount/budget complexities. Some teams don't have recruiters, so then the candidate experience is whatever the hiring manager makes time for.
I don't doubt the horror stories. For context, several years ago I applied for three different roles. I got rejected at the resume screen for one of them, rejected after the first phone interview for another, and I ended up taking an offer from the third. For both rejections, I got the news by email notification through Microsoft's careers app, not from the recruiter or from the hiring manager. I think it's a really impersonal way to find out after you've already done an interview round.
The specific point I was making is that, contrary to the parent comment but not the sibling comment, there is a standard way of doing things that ends with following up with the candidate. And, as a candidate, you do have explicit ways of figuring out what happened to your application, even if finding out you failed an interview via an app is kind of shitty. It's definitely not standard to ghost the candidate.
I waited a week and a half with no reply/response from anyone... It was the third email a few weeks after that finally got a dismissive response. This was around 2004 iirc, not sure if it's changed significantly since, or when your experience is related or where/what you were interviewing for.
He mentions this at the bottom of the article. He followed up and continue to get radio silence, even to the point that HR ignored his request for reimbursable expenses.
He was talking about the money was discussed even before coming into the interviews. This makes me think if he was brought to a sham on-site interview in the first place.
The post was trying to imply that because the project was open source, it's a free-for-all for microsoft to just take and modify for their own needs. And that is exactly what happened.
Honestly the tech innovation of AppGet while good, isn't something groundbreaking. Manifests have been used by other package managers in the past. Yes it's stinks he didn't get more credit, but IMO it's blown out of proportion.
I was curious about hearing Microsoft's side of the story.
There's an existing issue filed against the winget repo for this, if you're interested, subscribe to the issue: https://github.com/microsoft/winget-cli/issues/353
I wonder if one day we'll know of all the stories of people who got wined-dined-fucked by the large corporations who then release their own version of an existing product.
I doubt it. I've hinted at in comments here in the past, but I have one such story. It's a footnote, at best, in MS's history, and a thing for a now-dead product, but they turned what I thought was a cool product into their own thing then disappeared it through internal MS politics.
I don't tell the story in any details since I don't want those details getting back to the real me and having a negative impact on my career for whatever reason.
I'm sorry to hear that. When I compared various package managers few months ago I liked AppGet most. What's saddening is winget doesn't even do half of what's appget is capable of right now.
This is the Embrace, extend, and extinguish policy of Microsoft. I just hate how these corporates deal with talent. To them it is nothing more than a profit to make.
I know this might be unpopular with OSS idealists, but I wonder if it might be time for a new license, or indeed if there are already (small 'o') open source licenses that would help with this sort of things.
What I'm thinking of is a license almost identical to the MIT and/or Apache 2.0 license, but with a clause that prohibits mega-corps from wholesale rebranding and using your code.
I have a few OSS projects myself, and help maintain a larger one, and I love the spirit of OSS, so I'm a little split on this one. But I don't really think Microsoft's actions here are truely in the spirit of OSS. Yes, the license allows it, but is it aligned with the OSS ethos? Is it "right"?
Exactly why I started relicensing all of my projects under MPL-2.0. The decision followed an attempt by a webpack team member to wholesale copy a project of mine into the project without attribution or licensing (which is a separate issue). Decided then and there that I needed something more restrictive that still allowed for collaboration.
No, that puts restrictions on everyone, which are so harsh many organisations (even startups) wouldn't touch GPL'd code with a bargepole.
I was thinking more along the ideas of adding restrictions only for corporations of a certain size, or perhaps only if they intend to use it in a certain way - kind of like the licenses that exclude large cloud operators like AWS from using your work without contributing back.
Seriously, business never was and never will be a nice place. For every company in Silicon Valley there's a story about a dickmove, both in startups and corporations. Yes, Microsoft screwed you over. Capitalise on the drama buzz and move on.
You cannot retroactively relicense code - only new code. Microsoft can just take the last version that's not GPL.
This is why if i were making an open source project, it will start off with GPLv3, with a commercial paid license if anyone wants to avoid the terms of the GPL. That gives the best of both worlds - open access to anyone, and if they want to modify, they must also be willing to contribute in some way.
Yep, this is why GPL exist. "But corporations hate GPL" as I can hear there often, well tough luck… GPL is about the rights of the users, not corporations. Another exemple of why open source projects should adopt GPL or AGPL, nothing less.
Gitlab is a contender for sure. I use it at my dayjob.
I don't know if any of the other big editors have caught up to VSCode in terms of ecosystem though.
Are you kidding me? The Intellij ecosystem alone pre-dates vscode by decades and it’s likely much bigger already. And if you look at emacs and vim... well.
Plus, if they are doing front-end stuff, it's my understanding that ReasonML will also output native code, which should theoretically go a long way to making a OS-native app significantly easier right?
Gitlab, many other lesser known alternatives (such as the aforementioned sourcehut, although that has a different paradigm than github)
> Typescript
Facebook's flow is probably the closest. There's also dart, and many, many other languages that can compile to JavaScript.
> npm
Yarn is the obvious one (although it still uses the npm repo). Or you could leave node altogether and use deno. There are probably other alternatives.
> Visual Studio Code
(Neo)vim and emacs are both good options, although they have a steep learning curve. There's sublime text if you don't mind something proprietary. Probably others I'm less familiar with.
Thanks for the responses. I was half kidding. I depend heavily on all of these and need to double down on them! Some of the alternatives are at Facebook, which I also don't trust, for different reasons. It's hard to boycott FAAMG completely. I avoid getting hired by one of them or being locked into their proprietary technologies though. For instance I use GitHub heavily (just like I'd use YouTube if I made video content) but am not buying into all their extra features like GitHub Actions and GitHub Discussions.
The smaller you are, the greater the risk of adopting SaaS like GitHub IMO, so I've used a lot of the alternatives. I try to run everything I can behind the firewall:
- Gitea for a light weight Git GUI. I don't want pure GitHub SaaS and with GitLab you need to drink the Kool-Aid and marry your workflow to it. GitLab is also really stubborn about their business model and the pricing sucks once you get off the free version. Use the Enterprise Edition in unlicensed mode if you decide to try it.
- Drone for CI. CI is my biggest concern in terms of vendor lock in and Drone has an extremely generous (free), no BS license for small developers. It can be self hosted and the plugin system looks pretty decent. IE: I don't have to rely on them to add functionality I desperately want / need. I don't trust GitHub to never screw us with Actions and I don't think it's possible to self host the server components of actions (for free). I don't trust GitLab to never screw us with feature tiers where new development goes into higher tiers only.
- Nexus for repositories and packages. This is harder than firing up some SaaS service, but it's got pretty much anything you could ever want from a package store / repository / cache. It's also been around for 10+ years and Sonatype has never tried to play any pricing games or engaged in underhanded attempts to leverage it in an effort to shift everyone to SaaS. Warranted or not, I trust them more than Microsoft and GitLab.
- Traefik as a sidecar proxy doing SSL termination for the above services. Once it's set up it just runs without any hassle.
I've fallen off my fair share of bandwagons (hello Adobe Flex) and now whenever I choose technology to use, I always do a mental exercise where I consider the impact of having the vendor abandon me tomorrow. Don't trust anyone when it comes to promised features or promises of fair dealing, reasonable prices, etc.. Disconnect the internet and whatever you're left with are they only things you can truly rely on.
You could keep using the current version of TypeScript even if Microsoft jumps the shark with it, so you might as well take advantage of it IMO. GitHub, Codespaces (VS Code), Actions, etc. are all going to work towards putting your development process onto Azure. Mark my words. It'll happen and everyone will be paying per CPU cycle for things we used to insist on having control of.
JetBrains makes good editors. They give you a perpetual license for old, outdated, versions of the apps if you drop your subscription which is BS. It should be the current version. Besides that though, they're pretty decent. They have a nice, consistent release cadence and the personal license prices are really reasonable compared to the cost of SaaS. For example, I pay $150 USD / year for everything they make compared to Codespaces (VSCode Online) having an estimated monthly price of $23.30 per month for 100 hours / month of use (lol - maybe x2 that). Think about how it's going to work out if you're married to an online only workspace where your only options are to pay up or to lose the ability to work.
Keep in mind though, the risk of being unproductive usually outweighs the risk of being price gouged and mistreated by SaaS vendors. If you're creating $2k+ / week of value, it makes a lot of sense to pay for everything. If you don't, the person down the street will and they'll probably out-compete you if they're writing code while you're being a sysadmin.
I like your list, though I would add Pagure[1] as an option for a GitHub alternative, simply because I like the "open data" principle also applied to project data. And extensibility is nice if you want to support custom workflows. :)
I'm a fan of Drone, might not have every feature ever, but I used it at my old job and it was glorious. It ran without issue, just silently sat there and diligently built things quickly without complaint. I didn't realise how good it was until I had to use Azure DevOps.
No, I didn't, because emacs is what I use and like. Pick an editor that's over 40 years old and not built out of a web browser. I'm not that fussed which one.
Sure, if you want. I learned it as a party trick and it's been useful here and there (mostly when a remote system gets so confused that ncurses doesn't work properly).
Certainly, it starts quickly and is more responsive than editors built out of web browsers.
It amazes me how level-headed the author really is about all this. I feel like I'm a lot more upset about this than the author. And, just like him, I don't care that they "forked" the project. I'm upset of how cunning of Microsoft this whole thing feels.
It's understandable that everybody is blaming Microsoft for the way this was handled. But let's remember that we are only seeing one side of this story, we don't know what really went on from Microsoft and the team's side there.
It doesn't really matter. What ever happened on the Microsoft side should be communicated to him. The fact that they ghosted him after flying him on site and milking him for information looks bad anyway.
What scenario do you have in mind that would make Microsoft look in a positive way in this incident?
op, was done dirty. classic move, even SV had an episode on this kinda business. feign, an acquire-hire. and pick the team's brains out. then launch competing product. I think PG had another essay on this too, never talk to business dev folks
This is why it's important to license FOSS projects under the (A)GPL, rather than the MIT license. It makes it far less profitable for companies to steal your ideas/code, and ensures that anything based on your work will put users first.
Their lawyers will have a hard time justifying that none of the original source was used to create their new win-get project, given that the author of appget has met with the engineering team directly.
So if it were GPL, microsoft would likely need to license their new winget project under GPL, which would be a win/win for open source.
> Their lawyers will have a hard time justifying that none of the original source was used to create their new win-get project, given that the author of appget has met with the engineering team directly.
Well, as the law stands now, due to Google v Oracle, APIs are copyrighted. Hopefully the Supreme Court will fix that in the coming months (they’ve agreed to hear the case), but, as of now, that’s the law.
This is why I personally am very reluctant to the sharing of well founded ideas on platforms such as github, in hackathons, in competitions, in recorded speeches etc. How unlikely it may seem, this is a great example that ideas with traction do get picked up and copied, and the originator screwed over. I honestly sometimes feel as if the openness is pushed and saluted, but with the ulterior motive to skim for ideas.
This is really sad, not only did they copy your idea, not paid you anything (yeah, some kind of azure credit is not really costing them anything) nor gave you credit, they wasted your time and gave you a humiliating silent treatment. At a smaller company I tend to think that wouldn’t have happened but Im not sure to be honest. I hope that you get the credit and end up in the place you deserve to be. I wonder if Andrew is an a-hole or he really just couldnt do anything about it, it is possible that they didn’t want to remunerate you for legal reasons, in the sense that you could have asked for more later on. But no credit? I think Andrew may be as I first thought
Hey Microsoft, whenever you do this, you lose all the goodwill you've built with developers. You have put me back in a buying position where I'm now thinking: how can I cancel my paid GitHub & Azure accounts?
Fuck anyone callous enough to take something as far as an onsite trip with the pretense of a job and then just ghost them. I can't think of a much clearer way to show that much disrespect of someone and their time. And that's just the tip of the iceberg in this case. Remember things like this whenever you see the "microsoft <3 linux" slogan and the rest of the PR facade people are all too willing to swallow.
Heck, I’ve been given an interview day for a c-level position at a billion dollar company by the entire executive team and board only to never hear back from them again.
I feel bad for the OP for getting ghosted by the Microsoft hiring process, I'd at least want a prompt response of _some_ kind; but the package manager features OP says are "copied" are common to cocoapods, homebrew, and others... Winget is certainly not the first, and probably won't be the last package manager to take that tack, so I don't find that appeal terribly compelling (The bad hiring process though... That's annoying). If winget is a "copy" of appget, it doesn't look like a very _good_ or _complete_ one at a glance, so the author could probably keep at appget, what with the publicity; winget doesn't even uninstall or upgrade packages (yet, at least), so it's just a glorified search bar strapped to msiexec (not to lessen anyone's effort or plans, software takes a lot of time and effort to build).
If the JS package manager scene has taught me anything, it's that so long as one another's manifests/registries are readable, developers will happily try multiple programs which actually do the managing, and, to some degree, a little competition is what actually makes things gradually improve. I, at least, hadn't heard of appget prior to today. (Just chocolatey and oneget, both of which I'd used, both of which are likewise "invalidated" by winget, but persist regardless.) But I can only reasonably consider it if its primary maintainer reconsiders its "dead" status.
the Bad PR involved here largely offset what a good bonus to kayone whould have been. If it move the needle, say between Azure and Gcloud, on 10% of the thousand of read of this post, MS could end up losing millions of dollars a year.
When you release free (as in freedom) software, you are not entitled to revenue sharing when people use or modify that software, or if people use the ideas in that software to make new, from-scratch software.
I think Microsoft is a terrible organization and will rejoice the day they finally cease to exist as a concern, but they didn’t do anything wrong here.
PHP didn’t “rip off” Perl, nor did CoffeeScript “rip off” ruby. All the other PoW or PoS blockchains didn’t “rip off” Satoshi.
He needs to stop seeing ideas and concepts as “his” that are property that can be stolen.
Why should they acquihire when they can just reimplement?
Ideas aren’t property, and if you have a good idea, and someone else takes it and runs with it and makes software used by millions that works better than if you hadn’t had that idea, that is the system working as intended, and, ultimately, his ideas, now published and infecting the world, being writ large and used by humans.
I’m not some corporate apologist, but he should be proud. (He also probably should have, back when, started a company designed to be digestible that they could have acquired, if he wanted to participate financially, like MySQL or RedHat did.)
While I haven’t read the announcement from Microsoft, it seems to me that the core issues he had were in the downplaying of AppGet and overall lack of attribution, compared to other package managers with less influence:
> But the part that hurts the most was the announcement. AppGet, which is objectively where most ideas for WinGet came from, was only mentioned as another package manager that just happened to exist; While other package managers that WinGet shares very little with were mentioned and explained much more deliberately.
He also mentions that he would’ve appreciated better communication. It doesn’t seem to have been about being “entitled to revenue sharing”. He divorced himself from that completely:
> Am I upset they didn’t hire me? Not really, after visiting the campus, I wasn’t too sure I wanted to work for such a big company, also moving from Canada to the U.S. wasn’t something I was too excited about.
And
> I didn’t create AppGet to get rich or to become famous or get hired by Microsoft.
He needs to stop seeing ideas and concepts as “his” that are property that can be stolen.
Where do you see that in the post? His pretty reasonable expectations are a bit of common decency from the other side - following up on emails and a smidgen of credit. There's no entitlement to ideas or claims anything was stolen.
Taking someone all the way through the interview process, then ghosting them, is doing something wrong.
Add in the fact that they had planned on buying his app outright told him they would hire him instead to speed up the process, and it's an especially crummy thing to do.
I’m not sure I agree with that. No news is the equivalent of all other times: no deal/no hire. I think the game theoretic optimal choice from a liability standpoint is to simply stop sending further messages if you decide not to do business with someone, especially given all of the current litigation-happy people there are out there these days. (Even if you win a suit, you lose lots of money.)
It avoids the possibility of obsessive types getting agitated over an explicit rejection, et c. Anyone clever will see ghosting for what it plainly is: an explicit rejection.
It’s just business, not some trusted friend ghosting you on lunch plans and not calling. This is how business works, and it’s not rude, it’s just the protocol.
I don't know the details of your project, but what if you open sourced under the GPL?
I feels as though the world has soured on the GPL in recent years, but whenever I see this type of sentiment—that open sourcing work is just a gift from small developers to big tech companies, or something thereabouts—I think, wouldn't the GPL solve that problem?
Sure, big companies can still use GPL'd code, but they're forced to give back as much as they take, which is exactly the outcome you want.
(This doesn't necessarily apply to the situation with AppGet, however.)
Big companies are more likely to give back to non gpl code in my experience. The gpl scares them enough that when they use it they isolate it carefully so they don't have to make changes. Non gpl code (depending on license terms of course) get embedded where it is easier to need changes and then a desire to keep up with some other feature means they contribute back.
Of course either way they are a business and will be careful. Their core business will not be contributed.
AFAIK AGPL permits linking without disclosing linked code like LGPL does. Meaning they can still distribute it as their own, train models and serve them with a simpler framework. Just can't build services powered directly by it.
If my web server calls out to AGPL software (such as executing a transform on a PDF using Ghostscript) as an external binary is this covered even though the AGPL code is not directly compiled, linked or modified? I'd assume so otherwise it would be a very easy loophole and code could be firewalled into separate modules but I'm not sure what exact language covers this in the license.
GCC is written specifically to prevent this sort of firewalling of the compiler to prevent it from being plugged into another piece of software and avoid GPL requirements.
The GPL has been used successfully in courts of law. It’s not common as most violators just open source when called out, or settle when sued, but it has worked before. A famous example is D-Link using the Linux kernel in their routers. After a lawsuit in Germany, D-Link had to release their changes.[0]
I don’t understand this idea that a license that the author willingly released his code under is unenforceable, but EULAs are?
Unfortunately, it's come out from the FCC, not just the hardware companies in this case, and it really sucks... Raally need to drain the swamp in the FCC.
Have you actually read the essay to which you're linking?
>Meanwhile, much murmuring has been going on in recent months to the supposed effect that the absence of judicial enforcement, in US or other courts, somehow demonstrates that there is something wrong with the GPL, that its unusual policy goal is implemented in a technically indefensible way, or that the Free Software Foundation, which authors the license, is afraid of testing it in court.
(implying it has never been tested in any court)
>We do not find ourselves taking the GPL to court because no one has yet been willing to risk contesting it with us there.
(Explicitly stating it has never been tested in court)
>I have assisted free software developers other than the FSF to deal with such problems, which we have resolved—since the criminal infringer would not voluntarily desist and, in the cases I have in mind, legal technicalities prevented actual criminal prosecution of the violators—by talking to redistributors and potential customers.
And lastly, the money quote. In the cases of criminal, malicious infringement, they were not able to prosecute.
Your implication that "untested in court" means "likely unenforceable" is quite wrong--unless you see lots of people openly violating a license in cases where it would be economic to pursue them, the more likely explanation for "untested" is simply that the accused infringers get competent legal advice, and comply without wasting their money on a losing court case. Though as other comments note, since the writing of that essay someone (D-Link) finally did refuse to comply without a court order, at which point Harald Welte took them to court and D-Link indeed lost.
And what do you think "not able to prosecute" means? District attorneys (or non-USA equivalents) decide when to prosecute crimes, not private copyright owners. It's very rare for the criminal justice system to intervene in complicated white-collar stuff, especially when a straightforward civil remedy is available. A legal realist might say that means the GPL--and indeed most copyrights beyond those infringed by warez/torrentz sites--is effectively unenforceable criminally, and would in a useful sense be right; but it's enforceable civilly, so no one cares much.
They might. But it is not as simple as WinGet. It would take a team or two a couple of years to reimplement. ML.NET is 2 years old now, still has very limited deep learning capabilities, and is barely visible in trend graphs.
While they would be doing that, Azure will continue to lag behind (still does not even offer T4) on GPU offerings in comparison to AWS and GCP, because there's no compelling reason to run custom deep learning workloads on Azure. Azure is loosing $$$ millions of potential revenue to that. It would be a totally different story if .NET folks would get full TensorFlow and/or PyTorch in place of partial ports available now.
Mate, that sucks. Sorry, fuck those dick heads. That email, meant to aswage their guilt, hey we gave _you_ knowledge of the release date, don't you feel special. Its like people pushing infront of you on the road, nearly making you crash and then thanking you. Grrrr
Typical Microsoft. If they're interested in what you're doing, be acquired or be crushed.
Microsoft loves opensource; they love linux too. Like I love mashed potatoes : well cooked, thinky crushed then with some cream on top.
Homebrew is recapitulating all of the work that previous package managers have done, while making choices like analytics and stomping on /usr/local by default that others wouldn't consider. I think there's still a place for MacPorts.
I honestly really like how HomeBrew doesn't require "sudo" for anything. Random stuff I download from internet should not require system permissions to do anything they want. That part of HB design is what sells it for me.
Things you install system-wide in a folder designated as such should not really be done so by a package manager that makes insecure choices on how it installs software and maintains permissions on that directory.
I don't get it. You open source something (make it public) so everyone can benefit in any way, inspiring, forking, extending, giving back, etc. Someone does so and your offended?
It's really shameful how a prestigious service like AppGet for neglected Windows users got screwed by Microsoft. My sincere thoughts are with kayone and AppGet.
This is the reason I'm hesitant to open source an idea I have to build as a SaaS. I'm a big proponent of self-hosting, so I'd like to offer my SaaS for self-hosting to anyone that wants to.
There is always a risk of <Big Megacorp> might come around, think "oh, that's neat!", and away they are with a marketing budget miles higher than mine.
Hi, just wanted to chime in and ask a question. Wouldn't MS (or any company for that matter) get in legal trouble for endorsing/crediting a developer who has a history of making software that uses/manages pirated content? The software I'm talking about is Sonarr, and it’s made by Keivan himself. I'm not aware of the legalities here, so asking.
Just in case you weren't around in the early 1990s, what happened to you was practically identical to what happened to Stac Electronics. They had a hard-drive compression program, got into 'negotiations' with Microsoft, then nothing. A little while later, Microsoft incorporated their DoubleSpace into MSDOS.
This is unfortunately not much different than MS/Github's treatment of npm. They brought npm in, had lots of conversations, and then released a competing product. In the case of npm, they went on to buy them on the cheap.
There was a lot to be annoyed with npm about, but this isn't the kind of behaviour we should reward.
On a tangentially related note: how did getdeb.net die? Used to use this a decade ago, but then suddenly the domain went blank and now is taken over by a squatter I see.
Microsoft is the king of fake interviews. Absolute snakes. Netflix too. Funny how when you don't work for a competitor no one wants to talk to you, then you work for a competitor or are a competitor and the VP's want to interview you.
Look, people, don't waste anyone's time unless you are going to HIRE someone. If you have a product that a big tech company is interested in, acquisition is the only path you should be considering and you should get help. Wasn't there an article by a hacker news founder which basically said: don't talk to big companies until you are ready to sell, even then get help.
Isn't this completely usual corporate behavior? Even if the little guys building stuff make attempts to do the right thing, like contact and include people from outside who made the thing they are building upon, then at some level, at some stage, the arrangement gets stalled into oblivion to the point that the thing is already done and nothing can be handled gracefully anymore.
You’re putting words in the author’s mouth, because that doesn’t seem like the problem.
The problem was “the slow and dreadful communication speed” and “the total radio silence at the end”, and:
> [T]he […] announcement. AppGet, which is objectively where most ideas for WinGet came from, was only mentioned as another package manager that just happened to exist; While other package managers that WinGet shares very little with were mentioned and explained much more deliberately.
The only complaint I see is the lack of attribution, which is something that is pretty mandatory for open source projects. He's very clear about the situation and that he didn't expect more than he got except for attribution. Did you even read the article?
------
Code being copied isn't an issue. I knew full well what it meant to release something opensource and I don't regret it one bit. What was copied with no credit is the foundation of the project. How it actually works. If I were the patenting type, this would be the thing you would patent. ps. I don't regret not patenting anything. And I don't mean the general concept of package/app managers, they have been done a hundred times. If you look at similar projects across OSes, Homebrew, Chocolaty, Scoop, ninite etc; you'll see they all do it in their own way. However, WinGet works pretty much identical to the way AppGet works. Do you want to know how Microsoft WinGet works? go read the article (https://keivan.io/appget-what-chocolatey-wasnt/) I wrote 2 years ago about how AppGet works.
I'm not even upset they copied me. To me, that's a validation of how sound my idea was. What upsets me is how no credit was given.