If this is a conflict of interest, then any Ruby core systems being controlled predominantly by members of the Shopify dev team is itself a conflict of interest. I am fine saying 'we need to make sure these libraries stay independent and community controlled', but that is so clearly not what was going on here. Believing that is just letting the RC FUD and PR control your thinking on the narrative.
I'm sorry but what are Shopify's business activities that directly compete with services provided/maintained by RubyCentral?
As far as arguments about community, Shopify IS the community by virtue of being the ones putting up pretty much all the money to keep this ship afloat.
If you don't have skin in the game your positions won't be taken seriously.
Depending on your point of view, Sidekiq either turned their back on the community or tried to start a coup by pulling funding just so they could morally grandstand.
That attitude is exactly the problem. Shopify does not 'keep the ship afloat' they are just a corporation using open source systems as the foundation of their business. Competition is not by definition the backing of a 'conflict of interest', it legally refers to a person or entity with a stake in a particular outcome having control of the means to achieve that which are not legally sound , ie compromise their judgment. I think Shopify's judgement of what 'is good for the Ruby community' is severely compromised by their corporate interests, and probably by their boards political interests as well. Hence, why they are trying so hard to justify removing Andre.
Do you have any idea how expensive it is to keep the infrastructure running? RubyCentral's operating expenses are in the millions every year and exceed their revenue.
Andre's removal is easily justifiable by his own (lengthy history of) sketchy behavior.
Since when is "open source" something businesses shouldn't be allowed to get value from or even have a stake in? These things are MIT licensed. That's free as in speech AND beer. If you don't like the freedoms of the license and how other people use them, don't use the license. If you don't like someone's stewardship, fork and maintain your own.
> Do you have any idea how expensive it is to keep the infrastructure running?
Yes, I do. All hardware and bandwidth are donated by Fastly and AWS so it costs RC nothing. Their expenses were $20,000/mo for 24/7 ops coverage: $2000/mo for 6 people and $8000/mo for service maintenance (e.g. db and software upgrades). So $240,000/yr, not "millions".
Care to cite the dollar amount of Shopify's yearly contribution (not even counting the humans doing actual labor) and what Sidekiq pulled in funding while you're at it?
I don't know the details of Shopify funding. I donated $250,000 in 2024 and withdrew a planned $250,000 donation in 2025, as has been widely publicized.
Responding to your first paragraph, the rest wasn’t constructive.
Shopify paying for infrastructure related to Ruby is an investment, not charity. Hosting gems costs money and a healthy community depends on that gem hosting. Spotify, in turn, depends on that healthy community to produce and maintain gems, train future employees, stuff like that. They’re not paying that money for fun, it is to protect their interests.
And all of the above would be true even if the OSS committee wasn’t 100% Shopify affiliated. That’s gravy.
Those who write the code have more of a right than those who pay the bills. Anyone can write a check. A select few have the acumen and experience to actually write the code.
You can't unilaterally declare someone "sketchy" and then kick them out in the name of conveience.
No I'm calling him sketchy because that's the sentiment anyone who has been around in the community long enough and dealt with Andre has about him. This is very openly discussed and documented and not just in the aftermath of this event.
People having concerns about Andre's behavior around his money and his open source contributions can't even be called an open secret.
The narrative that one side of this is pushing that this is some little guys vs evil corporate overlords problem is short-circuiting so many peoples' ability to rationalize about this topic.
This is about the personal failings to communicate and organize among a very small group of highly skilled, highly productive people. It's also about how they have fallen into camps and try to apply institutional and social leverage in order to influence millions of bystanders in order to maintain/wrest control. Each credibly accusing the other of doing it for their own benefit.
Nobody is in the right here. If you can't engage with that as your starting point, you aren't serious about this conversation and are just spouting one side's propaganda.
In the aftermath us bystanders are left wanting either stability or revolution. Revolutions generally aren't good for anyone. Especially the people who want it the most.
Honestly fair. There's a little too much of my personal distaste with his actions coming through here.
I think it's fairer to say that if you know him and you are in the community than you know that these opinions of him are had. That is not normal.
I also want to make it clear that there is a separation here. I do not think that Andre is a malicious or bad person. I just have questions about his decision-making based on things he's said & actions that he's taken and that leads me to think that he is untrustworthy. Not in the "will steal from me" sense but in the "will fuck up shit that I care about" sense (which ultimately he did, at least partly, whether through direct actions or poorly maintained relationships with key people). I work with this kind of infrastructure though and that's the kind of attitude that you want to have towards people to be able to do this job effectively. I don't trust a lot of people -- I want any access they have to be out in the open, limited to what's needed, etc. Governance of the project/organization was obviously a shit-show.
When I say that it's obvious to cut ties with him, I'm looking at it from the perspective of someone responsible for a high-profile project. I would make that decision 10 times out of 10 without regret. They still absolutely bungled the crap out of how that went down.
Also, I hate that this crap gets associated with the "Ruby Community". It's really just a subset of the western Ruby ecosystem that cares about foundations and events and semi-social functions. Ruby's core and a whole ecosystem of people working on and around Ruby couldn't give a crap about any of this and it's all just a massive inconvenience. Meanwhile on boards like this everyone is planting their flags and trying to exploit chaos to create change in critical services that people absolutely depend on.
> is short-circuiting so many peoples' ability to rationalize about this topic.
It appears unfair. That's the extent of my rationale. I've not seen any concrete evidence to draw any further conclusion than this. If you're managing a project and you're not cognizant of this, you probably shouldn't be managing projects; in particular, you should stay away from open source projects with a large base of volunteer contributors.
> Nobody is in the right here.
So, they went through all of this, made themselves look bad, cast tons of aspersions, and in the end, they weren't even in the right? This seems a shabby defense.
> are just spouting one side's propaganda.
I don't care about one side or the other. You see this giant crater left by these decisions though? Yea.. that's the problem.
> that's the sentiment anyone who has been around in the community long enough and dealt with Andre has about him.
I've known him personally for years and find him perfectly fine as a person. The Rubygems maintainers worked with him for the past decade without issue. Until you cite actual issues, not vague "concerns", you're just spreading FUD and innuendo.
I don't need to rehash 10+ years of documentation that's all over blog posts and prior threads on this very topic. Even if someone is unfamiliar with the details they can casually google RubyTogether and Andre and find out all kinds of details.
Don't pretend like I'm some nutter flinging wild accusations when primary and secondary actors in this story literally voiced these concerns in emails during this event.
Anyone who has been following this saga and actually cares knows because they read it already.
I have read many of the allegations against Andre, and find them to fall into:
1) Hyperbolic takes on a perceived 'communication problem' when Andre defends strong design decisions that have impacts on the Ruby ecosystem. Anyone doing what Andre does is going to have impacts on the ecosystem, that is the point. I think the ease of maintaining Ruby systems speaks to the overall good outcomes these discussions have had, and Andre's part in them.
2) Personal dislike of Andre due to disagreements over politics and/or worldviews, usually stemming from assertions of 'woke code' or something like that.
3) Distaste over Andre trying to make a living off doing what they love. This is usually couched in the 'shady' type language you have used a few times. I think that is a weird take on what are just common schemes to use data for monetization purposes, so that Andre can make a living doing design and maintenance. Nothing I have ever seen makes me worried for my data in Bundler or Rubygems.
If your main concern is that 'bad things could happen with Andre running Bundler' I have to question if it isn't just as likely, if not more likely, that bad things will happen with a Shopify run RC board running Bundler. Their motivations are much less clear other than being a corporation that is profit driven, so I can't say with confidence they won't put that motive above 'good software decisions' when push comes to shove. I don't see them as de-facto making the Ruby supply chain better by any means. Time will tell.
The document didn't mention a lawsuit and I was just responding to the above comment with only the context of the postmortem and pointing out that this particular article didn't claim anything illegal happened. You and some others here might have much more context that I or other readers of this postmortem don't have.
I seem to remember there were some threats of legal action related to unauthorized access after this kerfuffle but I a) don't know what is going on with that, b) don't know what the law actually says about that and c) don't know if that is what you are referring to. If so, I think it is different than what the original comment alleged which was more about moonlighting/using proprietary information/competing. I think that topic is extremely complicated (e.g. I am not so sure moonlighting for a competitor while an employee is necessarily protected in California...) but that wasn't alleged in the postmortem anyway.
> The document didn't mention a lawsuit and I was just responding to the above comment with only the context of the postmortem and pointing out that this particular article didn't claim anything illegal happened.
You are correct that they did not make any claims, but the article did insinuate illegal behavior on the part of André and Samuel by selectively juxtaposing facts to imply wrongdoing without ever directly stating or saying that their behavior was illegal. For example:
1. André's first commit on RV is placed on the same bullet point as the Ruby Central-funded maintainer offsite, which implies Ruby Central's travel money subsidized a competing project's creation.
2. The `rubygems-github-backup` access token covering "all repos, including private repos" is introduced in the same timeline section as RV development, without any allegation it was used for RV.
3. The "Incident Lessons" section recommends adding an "Outside Business Activities" declaration policy, which only reads as a "lesson" if André's undisclosed side project is being framed as the problem in need of remediation.
4. The report states André "had intimate knowledge of the foundation roadmap" and "did not tell anyone in Ruby Central about this work until it launched". This frames nondisclosure of a lawful side project as a transgression. However, Ruby Central passed on this work, and even if they didn't, André has no obligation to tell Ruby Central about his work!
5. André's proposal to have his consultancy analyze RubyGems.org download logs is presented alongside an OSS Committee member raising PII and "reputational risk" concerns, casting a perfectly sensible rejected business proposal as something suspect.
By my count, Ruby Central makes roughly 10 insinuations throughout the report, but not once do they actually claim any of these constitute a transgression.
> I think that topic is extremely complicated (e.g. I am not so sure moonlighting for a competitor while an employee is necessarily protected in California...)
California is actually quite clear on this! Bus. & Prof. Code § 16600 voids non-compete agreements, and California courts have consistently read it broadly enough that working on a competing project during employment is protected. The line is whether you used your employer's proprietary information or resources to do it, not whether you competed. The report does not allege that Samuel or André used Ruby Central's proprietary information, and given how thoroughly they documented everything else, I'd expect them to have said so if they had evidence of it. Ruby Central is insinuating that working on RV in the first place is a problem, not that they crossed any legal or contractual line.
I might be reading it wrong, but it sounds like you and some others here are either more closely connected to the folks involved or at least have more context. I don't want to imply that I know better what the author or anyone at Ruby Central _actually_ believes or is doing, I'm just commenting on the article at face value. Whether the article is true, deceptive, or in between, I think there is still an interesting general lesson about organizations in it.
> You are correct that they did not make any claims, but the article did insinuate illegal behavior on the part of André and Samuel by selectively juxtaposing facts to imply wrongdoing without ever directly stating or saying that their behavior was illegal.
I think we just took away something very different from the article. I didn't read it that way, I read it more as "these two have already decided to move on to work on this without Ruby Central so it's pragmatic to cut off their access". We might just need to agree to disagree on what the article implies; perhaps we are just reading it with different boundary conditions.
Where we might agree is that repeatedly bringing up the selling user data proposal doesn't add anything to the story except to prejudice the reader against Andre. If it's to show that there was still some communication between Andre and others at Ruby Central, I would have kept it at that. Every time it got mentioned I winced.
> California is actually quite clear on this!
My understanding is quite different. There is a duty of loyalty an employee owes their employer and directly competing with your employer is clearly a breach. There is recent enough case law on this (at least covering terminating an employee for cause as a result). I don't have access to the materials from a previous employer that explained some of this but I did quickly find [1] which roughly agrees with my recollection (though I would not be willing to vouch for this particular site), namely "that Section 16600 has consistently been interpreted as invalidating any employment agreement that unreasonably interferes with an employee’s ability to compete with an employer _after_ his or her employment ends".
I'm not a lawyer (I assume you aren't either but at the very least you aren't _my_ lawyer) so I think it's not worth debating this further, we seem pretty firm in our beliefs on this one.
EDIT: I want to acknowledge that one of the individuals here was a contractor and not an employee. I have no idea how that factors into moonlighting restrictions. I imagine it would be more limited and lean more on what that individual's exact role is at the company? I think my point still stands that my understanding is that the general situation for the average software engineer is more nuanced.
There is a lot of tension that the report seeks to either minimize or avoid. It’s also just really hard to express it in a report like this because there’s no real place for it if the goal is to look professional.
I think the RubyGems fiasco was a result of unresolved tensions. People chose not to be adults about and resolve the issues respectfully. IMHO, I think one of the main problems is that nobody was willing to spin up a core foundation to own critical infrastructure to the Ruby community which remains a problem.
I cannot find the blogposts I remember reading, but recall that there were some bad feelings about Ruby Together and Arko’s leadership of it before it was merged with Ruby Central. It appears these feelings never went away which is made very clear by the way that key Shopify engineers started posting after Ruby Central took over the RubyGems GitHub org [1].
Now combine this with dhh’s right-wing political posts and behavior, his extremely close relationship with the founder of Shopify (dhh is on the board of Shopify), a key Ruby Central donor pulling critical funding because he did not want his money going towards giving dhh more attention and you’re left with Ruby Central effectively being controlled by Shopify (which, as far as I can tell is still the situation) because that’s where all of its funding comes from now.
Frankly, the biggest thing this entire fiasco has shown me is that a lot of us are still a bunch of idiotic teenagers. Integrity and maturity is in short supply where it is needed the most.
> I cannot find the blogposts I remember reading, but recall that there were some bad feelings about Ruby Together and Arko’s leadership of it before it was merged with Ruby Central.
Having used agents some I think 'addictive behavior' is really the closest thing to the feeling it gives me as well. I don't find it engaging my critical thinking brain, and in fact it often subverts that in favor of 'get the next dopamine hit faster' behavior (ie just rerun it, leading to the metaphor the OP is using). It takes a conscious effort for me to get back out of that cycle and start thinking of the fine details of what the code really does, or why I wanted it to do that in the first place. I have called it 'smoking vibes' and 'chasing rAInbows' in my sillier moments. It really does feel good... too good :P
How does it 'count almost everything as gambling'? They just said 'non-deterministic' output is gambling-like, that is not 'almost everything'. Most computation that you use on a day-to-day basis (depending on how much you use AI now I suppose) is in all ways deterministic. Using probabilistic algorithms is not new, but it your point is not clicking...
That starts to get into a very philosophical space talking about human action as deterministic or not. I think keeping to the fact that the artifacts (ie code) we are working off will have deterministic effects (unless we want it not to) is exactly the point. That is what lets chaotic human brains communicate with machines at all. Adding more chaos to the system doesn't strike me as obviously an improvement.
Almost everything is non deterministic to some degree. Huge amounts of machine learning, most things that have some timing element to them in distributed systems, anything that might fail, anything involving humans, actual running computation given that bitflips can happen. At what point does labelling everything that has some random element “gambling” become pointless? At best it’ll be entirely different to how others use the term.
This isn't strictly better to me. It captures some intuitions about how a neural network ends up encoding its inputs over time in a 'lossy' way (doesn't store previous input states in an explicit form). Maybe saying 'probabilistic compression/decompression' makes it a bit more accurate? I do not really think it connects to your 'synthesize' claim at the very end to call it compression/decompression, but I am curious if you had a specific reason to use the term.
The act of compression builds up behaviors/concepts of greater and greater abstraction. Another way you could think about it is that the model learns to extract commonality, hence the compression. What this means is because it is learning higher level abstractions AND the relationships between these higher level abstractions, it can ABSOLUTELY learn to infer or apply things way outside their training distribution.
ya, exactly... i'd also say that when you compress large amounts of content into weights and then decompress via a novel prompt, you're also forcing interpolation between learned abstractions that may never have cooccurred in training.
that interpolation is where synthesis happens. whether it is coherent or not depends.
I mean, actually not a bad metaphor, but it does depend on the software you are running as to how much of a 'search' you could say the CPU is doing among its transistor states. If you are running an LLM then the metaphor seems very apt indeed.
It's 'wild' to this person because it challenges their opinion on Musk and Tesla I have to guess. This is a classic 'it is bad reporting because it does not agree with my worldview' take, aka 'fake news'.
reply