Recent searches
Search options
Sustainability of critical oss infrastructure is a pressing issue we must address. Shockingly, only 1% of Maven Central users consume 83% of the bandwidth, many being large organizations that should have better supply chain practices. Taking steps to curb this abuse is crucial. Read more: https://www.sonatype.com/blog/maven-central-and-the-tragedy-of-the-commons
@brian_fox really curious about who those heavy users are. The emergence of the huge shaded artifacts does help (AWS SDK bundle at 500 MB) but they’re the only way we can keep control of classpaths and stop things like an AWS increment of their Jackson version breaking something two hops away
@stevel we probably won’t know who they are until throttling happens and they pop their head up.
@brian_fox suspect our VPN may be one of them, despite our internal proxy. It’ll be developers using mvn/ivy/sbt/gradle from OSS projects, but also things like impala/Hadoop/etc builds using the ASF docker images. A Hadoop release pulls a lot down-which is why we use VMs in us-west-2 for faster builds.
@brian_fox good read 
Brian. Where do OSS organizations like Apache measure up? We do have our own Nexus instance at Apache, but I'm curious nonetheless.
@garydgregory Hi Greg, I don't think OSS orgs are even in the ballpark of concern right now based on the magnitude some of these >$500 TRILLION companies are producing.
@brian_fox Occasional reminder that "the tragedy of the commons" is a phrase coined by a white nationalist eugenicist and quasi-fascist specifically to justify the seizure of land and other resources from traditional communities.
Unthinking and careless overuse of communal resources is definitely an issue within F/OSS, but I think we can do better in terms of our language and how we express the problem.
@kittylyst TIL. Thanks for highlighting this. I of course intended more of Aristotle’s concept:
‘What is common to many is taken least care of, for all men have greater regard for what is their own than for what they possess in common with others.’
And not what I now know Hardin misappropriated it for.
@brian_fox @kittylyst Ben thanks for mentioning this; I didn’t know either. I dug up and read the original paper. It’s actually fairly reasonable and uses classic examples of overgrazing, overfishing, parking(!), pollution, etc. But then he uses it to justify population control. Ugh. (They all start off reasonable, don’t they?)
It’s sad because this is an important phenomenon that deserves a good name, but this one is skunked.
https://math.uchicago.edu/~shmuel/Modeling/Hardin,%20Tragedy%20of%20the%20Commons.pdf
@stuartmarks @brian_fox In computing, we do have a number of specific phenomena that need good names but for which the available terms are problematic (or worse).
The one I've especially been looking for a replacement for (unsuccessfully so far) is "Cargo Cult". The closest I have is "Sympathetic Magic" but it's not as well known a term & is not a perfect replacement.
@brian_fox Isn't this just everyone and their dog running builds on GitHub and the like? Because throttling that will have a wider backlash than just a specific company. In fact, GitHub/Microsoft might not even care or notice such throttling, while their users will.
@mrotteveel It's not. In the top percentile, only 50% is cloud vs in the overall total, cloud is 75%. Also, GitHub/MS isn't even the biggest cloud. So while this use case surely contributes some, it is only a small segment from my analysis so far.
But also, it is the users who are driving the behavior. I already have conversations with the hyperscale clouds about this so they aren't the target, the users are.