2x43: Shouting and shaming


Stuart Langridge, Jono Bacon, and special guest Alan Pope standing in for Jeremy present Bad Voltage, in which Tiger Tokens are a more viable currency than you think, AI gets things wrong again, and:

  • [00:02:20] A popular open source dependency in use by many packages, with two million weekly downloads, was "compromised" in maybe a new and interesting way. The maintainer handed over the package to another developer... who then published an update which stole cryptocurrency wallets. The problem was identified and handled pretty quickly, but this has ignited a great deal of conversation and controversy about the role and responsibilities of open source project maintainers, npm, and the like. We get into it.
  • [00:15:40] Jaywalking is a crime in China, and they have cameras to detect it and then publish the pictures publicly to shame the jaywalker. Dong Mingzhu, head of a major Chinese company, got shamed... because the cameras took a picture of a picture of her on the side of a bus and thought it was her. Is this just lulz, or a(nother)cautionary tale about the increasing role of flawed AI in decision making?
  • [00:25:40] Google employees ask their bosses to cancel Project Dragonfly, the big G's planned search engine for China which obeys the Chinese government's requirements on blocking certain search terms around human rights and banned religions. Amnesty International have weighed in, and there will be protests. This all speaks to a larger discussion about the power of collective bargaining, and a culture which gives (or doesn't) employees the ability to speak up about high-level decisions they disagree with.
  • [00:39:25] The Android hacking community are alight with speculation after a Huawei developer adds a commit to Google's Fuchsia kernel to enable their Kirin 970 board. The Internet Extrapolation Engine is in overdrive, speculating this means the so-called "Android replacement" is being tested on the "Honor Play" series of Huawei devices. Is this a thing? And a detour into the nature of Android replacements; why do Samsung have Tizen and bada?
  • [00:49:00] Twitter: some are specifically recommending that you screenshot, not quote-tweet, controversial tweets that you disagree with because Twitter sees a quote-tweet as an implicit "this is worth sharing" vote and adds credit to that controversial message. Some thoughts on whether this is a good idea, and how small decisions can lead to behavioural bad choices, along with more dodgy AI decisions as Twitter spend some time banning people who tweet about killing Sean Bean in Hitman 2. We're interested in feedback on how to solve this problem without taking your ball and going home by opting out of social media entirely; let us know on the forum or Slack. Can social media be used as a force for good without also enabling this sort of thing?

Come chat with us and the community in our Slack channel via https://badvoltage-slack.herokuapp.com/!

Download from https://badvoltage.org



(my apologies for being petty)


Regarding Google employees acting up: Yes, engineers are in high demand and Alphabet has to try to keep them happy to keep them from leaving the company and to maintain a good public image. But Alphabet is simply a company controlled by its shareholders, both contracting with the military and offering their services in China would have been legal things withing the borders of the respective jurisdictions. The shareholders are going to want revenge for losing out on a 10 billion dollar Department of Defense (DoD) contract and the revenues generated by more than a billion people in China. The DoD contract alone was worth ten percent of Alphabet’s annual revenue. You can’t have this sort of insurrection among your employees. You can’t let them dictate your business decisions just because they happen to have some leverage because they are currently in high demand. I’m 100% sure Alphabet has already made lists with the names of those who stood up and those who didn’t. The rebels will slowly be removed from the company, while the trusted employees will be moved to other, lesser known subsidiaries which will then simply offer military-grade versions of the Google services to the DoD. Just like Amazon and all the others have been doing for years already. And the list with the names of the “Google rebels” will definitely spread across Silicon Valley. If you acted up at Google, you will also act up at Facebook, Amazon or any other large company, and all of them want to be able to offer their services to the military or in all other countries without an outcry.

Regarding Fuchsia: Google has never had a problem with telling people what they’re planning and handing out Betas. Heck, half of their products never left Beta status. The fact that they’ve still not made a single official statement about Fuchsia so far reaffirms me in my belief that Fuchsia is just a research project created to keep their core Android developers from quitting the company just out of boredom. Have you seen who’s on the core team? Brian Swetland and Dave Bort, who worked on BeOS and Danger OS. Travis Geiselbrecht, the guy who created Little Kernel (the base for many smartphone bootloaders and other OSes) and has worked on Apple iOS and Palm WebOS. Ian Hickson, who has hacked on web browsers and graphical user interfaces since his days at Netscape and Opera. Matías Duarte, who’s designed the user interfaces for WebOS, Danger OS and most of Google’s products (including Android’s Material Design). Collin Jackson, Zac Bowling and George Kulakowski from Apportable, a company which sold tools for making iOS apps run on Android. Contrary to popular belief you don’t need a lot of people to build a full-blown operating system (Be Inc. did it with less than 50), you just need the right people. And these are the right people. Android has basically been complete since about version 6 or 7. These people are probably bored as hell. You don’t want them to quit and work for the competition, or even become the competition. Hence Fuchsia. It’s the hip new project everybody is allowed to work on for a few hours a week to boost morale, and maybe later something of value can be found in its source code. It’s standard practice in large companies.


That’s the point of collective bargaining. The people running the business might not like it if their workers stand against some new corporate policy, but if the workers hang together, then those at the top have no choice but to accept it. Sure, that’s a fairly utopic vision and it doesn’t always work out like that, but the idea that those who run the company can do what they want and workers have no choice but to accept it is equally far from the way things should be as well; it’s not the norm from which this is a deviation.


Sadly I do think that Google has become the deviation. At which other large, global company have workers stood up to keep their bosses from doing something immoral? Amazon has no problem bidding for the exact same DoD contract Google had to give up. Pretty much every large company out there is involved in at least some kind of human rights violation. All those clothing brands must have loads of people who know about the horrible conditions in those Asian sweat shops. Blackberry already gave regimes access to its data centers 15 years ago. Apple must have loads of people who know about the horrible conditions at Foxconn. Someone at Tesla ordered those rare-earth elements from a warlord in Kongo. But when these issues are brought up, it’s almost always by someone from outside the company. Alphabet has more than 85,000 employees, only a small (but vocal) minority is involved in these protests. The other ones would happily build a military version of GMail and GDrive and go home at 5 PM.

Most people simply have zero interest in any moral issues which don’t affect themselves. Even Snowden had no problem joining the CIA for four years before he decided to become a whistleblower.


Absolute gentlemen’s vegetables

We have a moral obligation to leave the world better than we found it. I appreciate far too many people don’t appreciate this.

If you don’t agree with your employer’s decision’s you can either leave or fight from the inside and I agree with @sil this is the point of collective bargaining.

Similarly if you don’t agree with your government vote for the opposition, or stand on your own platform. Don’t buy products from companies who’s polices disagree with your beliefs.

The point being: Stand up and be heard. If you are a dick sane people will realise it and ignore you, if not you will be listened to.

I fully understand that this is easier for some than others depending on the savings we have to cushion any transition and our ability to find alternative employment.

I don’t know if our beliefs chime or not but you stand up for your ideals, I stand up for mine and the public can decide who to follow.


Can the protests at Google be called “collective bargaining” being that it is such a very small percentage of the employees protesting? What if it is a situation that everyone else in the company is fine with it? Wouldn’t it be the tail wagging the dog? The squeakiest wheel gets the lube.

I make these comments in a generic sense and not specific to what’s going on at Google.


I always have the feeling that the term “moral obligation” is just used to coerce people into doing something they don’t want to do, using guilt and shame. And it doesn’t even seem to work.

There are two dimensions here: “How easy is it to leave” and “Who is affected by the actions”. I can’t leave my country that easily, and if our government does something which affects me directly then I have an incentive to stop it. If my government does something on the other side of the planet, it’s different. The engineers at Google can pretty much leave whenever they want, and Google’s actions with the military or in China have no negative consequences for them. There’s no motivation to risk their jobs. That’s why at maximum 5% of their employees acted up.

I hope you don’t have too strong beliefs, or you’ll quickly be left with zero companies you can buy from.


I don’t see how I am not defining how you make the world better that is up to you.

Agreed, we choose to accept some factors and act on others. I choose not to work on military projects for example. But we each need to decide what is important to us.

I prefer to use small, independent, local companies where possible but I am not going to pretend I don’t use big companies too. You pick your battles as required.


I believe it’s solvable problem, it only hasn’t been solved yet.

I’m optimistic, it can be done. Not by using a super-smart AI that takes the responsibility from us, but in some way that is analog to how Stackoverflow solved technical forum questions.

It’s harder with social media than with forum questions though.
E.g. simple downvotes don’t work, as was pointed out in the show.

But I’m pretty sure that the first social media platform who gets this right will be very successfull with the great majority of fairly reasonable (and currently not very vocal) people.
Shaping social environments so that it’s easier for everyone to not act like a dick is what we do since at least the beginnings of agriculture…I don’t see why social media should be the only place where noone will find a way to make it work.


Regarding transferring control of open source projects and abandonware, I would rather the maintainer abandon the project than hand it over to an unvetted newcomer. Small projects get abandoned all the time and, if the projects are actually useful, they get forked and maintained by new developers. There is some churn to this process but I think of it as part of the circle of life for open source projects.

Open source licenses usually disclaim all responsibility for what the software does, but there is still a form of social contract between a project’s developer and its users. The users can’t demand new features or prompt bug fixes of a developer, but, especially with projects tied to package managements systems with automatic updates, they should be able to trust that they won’t have malware pushed to them. Handing over a project without vetting violates that trust. I disagree that requiring a few patches before handing over a project is not a significantly higher barrier than just handing over to someone who asks for it. Typically it will take much more work for a newcomer to a project to understand the structure and make meaningful contributions than it will take for an experienced developer to assess the patches (at least assess that the patches were made in good faith, if not do a thorough review for all edge case bugs).

One related issue I see fairly regularly with open source projects is that original developers guard them too closely. I have used many tools over the years maintained by one person, who merges in lots of good contributions from others without ever giving anyone else heightened privileges. Eventually, that author loses interest or the time to maintain the project and abandons it. Often you will see projects on GitHub where the last several issues are questions about future direction and requests to share maintainership. These are where I see forks that I mentioned above, but if the original author had been a little more proactive earlier on the original project could have picked up the momentum to become self-sustaining.


I’d say “in no particular order,” but it’s easy to run through the show notes.

The uproar over the rogue NPM package maintainer is the height of self-entitlement, isn’t it? While this incident is obviously a bad outcome, the fact that a package is (a) available, (b) free, © available under a license that allows whatever dependency the users need, and (d) maintained, all that is not enough for these people. They also want someone to essentially patrol every package for them (presumably also for free) and prevent them from downloading something bad. “With enough eyes, all bugs are shallow,” but a lot of those eyes would rather complain that someone else isn’t pulling his weight, I guess. And, whenever anybody complains about needing to comply with a license or how a project is maintained, I wonder who’s forcing them to use an existing package instead of writing their own, since they clearly know better…

In the paper that coins the phrase Tragedy of the Commons, Garrett Hardin makes a point to cite Hegel’s maxim, “freedom is the recognition of necessity.” The same can be said about a lot of fields, but maybe it’s time people (and–ahem–companies) stop treating open source software like an impossible-to-regulate commons that’s inevitably going to descend into robber barons and warlords, and take some responsibility for solving and averting problems…

The Dragonfly discussion seemed…odd. Is it really hard to understand why someone would own things (computers) that are all but required for survival but have, at some abstract level thousands of miles away, a reliance on slave labor, but wouldn’t want to take actions that make it easier to oppress people? I see similar arguments from vegetarians in certain parts of the world: If you eat meat, why would you object to someone strangling a puppy in your presence? Both comparisons are missing something about the context that’s important.

Likewise, I’m going to say something unpopular, but it’s about time that the developers for some of these big companies started earning their keep by speaking up, instead of patting themselves on the back for being “10X whatevers” and blindly doing whatever work is put in front of them. And if people rediscover collective bargaining after all these years of white-collar workers being assured we’re peers of the company and can surely negotiate better alone, so much the better. “If you live by the 10X-myth, you die by the 10X-myth,” basically.

And lastly, the thing about Twitter (and all the social media companies) is that their algorithm isn’t looking to make you happy, so screenshots versus reposts probably aren’t going to have much of an effect in the long run. After all, their money comes from advertising, and advertising works better if you’re “emotionally engaged.” And since it’s easier to “emotionally engage” someone by pissing them off instead of relaxing them, that’s what all the algorithms are tuned to do. And this is why the hammer comes down on joking about a video game, but it takes forever to figure out whether to ban white supremacist conspiracy theorist machines.

(It’s like the situation with security: Think about how many times companies have “gotten hacked.” Now, of those, think about the times when the target company’s assets were lost because of such a hack. Failures say a lot about priorities.)

The solution is, much as nobody wants to hear it, probably has three huge steps:

  1. Leave the economics-driven social media sites for open source alternatives.
  2. Investigate how to build systems that make it harder to disrupt communities, including studying things like Discourse. When I did a “grand tour” of the open source networks, the two winning features were Diaspora’s onboarding (limited though it is) and Mastodon’s content warnings, I think.
  3. Update the existing Mastodons/Scuttlebutts/Diasporas/etc. of the world with those features or build even better mousetraps from scratch.

Basically, the current business models make it impossible for the networks to be good, because your interests aren’t their interests. It’s possible that any business model makes it impossible for a network to be good, because Minds looks a lot like the cesspool that other sites’ QAnon and chemtrails have been draining into, and they just have a half-assed cryptocurrency paying users for attention. And the models of the other open source networks make it difficult for them to be good, because none of them were written with community moderation in mind, just blocking.

One possible piece of a solution that I’ve been looking at with Scuttlebutt is using user statistics (how many times they’ve been blocked, how many people follow them, and who did which) to basically recommend candidates for future blocking, so that a new user doesn’t fall into some intellectual or moral wasteland and assume that the entire community either looks like or condones the behavior.


I guess I’m confused, which is a state that I live. If one is content with what one has, why would one stir up the pot for what seems to be the sake of stirring it up?


It would appear that they’re not content, because they’re risking their jobs over this. California’s an “at-will employment” state, so Google can fire any or all of them without needing to prove anything, after all.

Remember, some version of this characterization is how every progressive movement gets smeared by people in power and pop culture. If it’s a political stance, you get the “love it or leave it” approach. If it’s a social issue, they’re “trying to stir up trouble.” Nobody knows what their messages are, often despite clear messages that authorities can’t be bothered to discover.

But my point was specifically that, at the rates companies like Google pay programmers, they’re paying for expertise and opinion, not labor. So (at least, in my opinion) anybody in jobs like that who just keep their heads down aren’t earning their keep, because there’s someone who can program just as well out there who’s willing to work for half the salary.


I misunderstood. I had the impression that you were referring to the techs in general and not to the very small minority that were protesting at Google. One can assume that the majority agrees with, or at least sympathizes with, those that are being vocal about the issue, but that would be an assumption. It might be a safe assumption since Google had once been described as an “echo chamber”.

That, I am sorry to say, reflects a level of arrogance. I am sure you were not intending such an implication, but it does imply that the views and opinions of the programmer at Google has greater value, at a human level, than the one who cleans the toilets. Yes, Googles “commodity” is critically dependent one those programmers, but if the toilets are never cleaned at all, what would be the consequences, eh? And I cannot agree that what the programmers do isn’t “labor”, it’s just “labor” in a different way with a different skill set.

There is an ancient proverb that says that the one skillful in his work will be stationed before kings. In other words, if the programmer is that valuable in his work and work ethic, a smart employer will do whatever he thinks is reasonable, and sometimes a little beyond what he considers reasonable, to keep him. There is a cost to replacing an employee.If an employer is so stupid to disregard such considerations, they are not worth working for.


Please consider the fact that you’re accusing me of arrogance and elitism for–in a conversation focused on programmers–not theorizing about Google’s relationship with its janitors. You then tell me that Google is overpaying programmers because the programmers are so much more important than anybody else.

I’m not saying you’re necessarily wrong, but I am saying that the juxtaposition makes your post seem like an argument for programmers to never voice their opinion because the janitors don’t. And that’s not a point I’m interested in discussing.


No, my comment was in the context that programmers are not “labor” which does imply a higher level of importance as to their opinions over all of the other employees of the company.


If a janitor is equally upset, is his opinion of less value in a human sense? It probably is a business sense. I’m trying to read between the lines that I wrote, but fail to come to the conclusion that I implied that everyone should just shut up.

I know I ruffled your feathers and I am not intending to cause aggravation just for it’s own sake. By saying that programmers on not “labor” struck me as arrogant. Maybe you are different, but I do appreciate it when someone brings it to my attention when my viewpoint is such. I won’t grow otherwise. I try to be respectful to all, and if you find that I have shown you disrespect here, I apologize. That certainly is not my intention.


To you. Not to me.

You did not, because you’re (no offense) just a faceless handful of paragraphs on the Internet.

However, I learned a long time ago not to waste time on people who go out of their way to misinterpret other people and then make the same assertions they claim to be railing against. Their intentions are irrelevant, and that’s all I’ll say on the conversation.


I would define programmers as labour, skilled albeit, but labour non the less.

Does this imply their opinions are more important than others?

This depends: anyone can be taught the basics of programming but to become good takes a special kind of person. You need to be able to analogise a problem and break it down to a system of steps to follow to solve it then code that into a clear set of instructions.

To a certain extent this does make their opinions more important but only over a very limited range of subjects, not all within Google or any other company…

Should Google censor searches in China to keep on the good side of the government and increase its profits?

I would say no, and this is certainly a debate worth having. But, this a political choice and not a technical one so the engineers and programmers within the company should not inherently be listened more than the janitor. We are all entitled to express our political opinions and where we feel strongly enough argue our case. Freedom of Speech and Human Rights are important to me but others are free to set a lower priority on these than I do.

It should be noted that the programmers and engineers within Google earn more than the janitor because the skills they have are only held by a few people and Google prize these skills. This does mean Google do not appreciate the janitor’s skills but the janitor is easier to replace so can be paid less.


That sounds like what my wife tries to do with me every day. :joy:

But I digress. Of course there are levels of skill and competence and one’s earnings should reflect that.

I had a situation that is a bit analogous to what was going on at Google. My boss suggested that we manufacture something that I found highly objectionable. I simply refused. I did not insist that the company not make these things, in fact I said that another employee could make them. I would not. I would not design it nor help in setup or manufacture. My boss wasn’t surprised and simply dropped the idea. I have the right of free speech (and am thankful for it) to go around the area proclaiming my outrage that he was even suggesting to do something that I found morally objectionable, but I would find that repugnant also. I simply worked within what I had and things worked out. For me in that case. If it was a situation that he insisted that this product be a major product of our company, even though I would work on other products, I would have to leave for I could not be associated with it. That would be of great cost to me.

I do not blame the Google employees for being upset over the things the company were up too. I too would find it impossibly repugnant. I don’t know that I could work for a company so willing to do that, even after they backed down. But to go out in public like these employees did? I would be wary of keeping one on or taking one in that would do that. I couldn’t trust them. But, that’s how I go about things.

Please respect our code of conduct which is simple: don't be a dick.