"Working on a project" doesn't only mean pushing commits. It also means deciding what to do, syncing with committees, running a team structure, thinking about how and where to get funding, and handling the mental pressure of "I'm responsible for this".
Evan You[0] has over 4x more contributions than Henry Zhu[1] this year.
Evan's absolutely correct, there's a lot of 'invisible' community activity, but in my experience of OSS, it's typical to have a 'contribution' on GitHub every day, which is missing in the case of a Babel maintainer who's being paid $130k/y
Let's compare to the other maintainers: [2][3][4][5][6].
Contribution counts aren't and shouldn't be everything, but they speak on a macro-scale. It's not an unreasonable expectation to review a PR a day.
Evan's metric and henry's are not directly comparable.
Someone on vue core team (perhaps evan himself) said internal group co-ordination and management is handled by other team members, most prominent among them being Chris Fritz[1] (before he stepped down) and Sarah Drasner[2].
This reduces managerial burden on Evan and gives him more energy & time to focus on technical challenges
While Henry is the senior most member in babel team, so most of the management work is on him. which eats his time a lot more.
The necessary "glue" work that often doesn't get tracked but eats a lot of time, energy, and cognitive capacity is very often overlooked. I'm not saying that is or isn't what happened here.
I've worked with a lot of teams where no sort of solid leadership existed. Filling that gap is often difficult to justify because there's a tremendous amount of thought involved and it's a thankless task. Sure you can take the existing structure and direction and just plug away but ultimately, most efforts that do this fail. You need to look ahead and think about future adaptability if you want success. People often act like software development is as straightforward as data entry. You should have X entries per day. If you didn't add X entries then you must be slacking. Development requires not only technical prowess which is difficult to maintain in-and-of-itself but creativity, vision, and strategy. If you ignore the rest your project will fail or at least become an artifact of times past at some point.
We actively discourage team leads from trying to be the "team lead that still codes a bit here and there", they mostly just get in the way and don't focus on the team's real needs.
I.e. we'd rather them take a late lunch or go home early than push a sub par PR nobody wants to criticise.
To add another data point, on the BabelJS Slack, in the last 12 months, @Henry (hzoo, based on the matching profile pictures) has posted 96 messages, and @nicolo-ribaudo 251.
One can bring the messages up with these filters:
"from:@Henry before:2021-05-12 after:2020-05-11" and
"from:@nicolo-ribaudo before:2021-05-12 after:2020-05-11"
it's insane Github reports PR stats. I always knew this would happen. But never so publicly. You just assume that your management is looking at it constantly and basing their decisions on it. Because why wouldn't they. Their entire philosophy is "never let a metric go to waste."
All this does is encourage bad behavior. Not squashing commits, throwing up tons of one line changes. Remember that contest Digital Ocean did for Hacktoberfest? Remember what a total shitshow they caused on Github? People were making egregious commits for a fucking t-shirt. Now imagine real money on the line.
Technically you can do and undo the same thing a trillion times and have a trillion commits. In the end your net impact in the code will be zero, yet you will be the PR champ.
1. His language sounds like he knew Henry personally. I will take it with a grain of salt. But same applied to creator of the Babel, since he could have beef with Henry.
2. He said lots of circumstantial things about the matter. Namely: 130K isn't high for NYC; he could have and probably had better offer easily; he didn't need to maintain Babel but did, etc. All these are good but didn't answer the direct question, is he worth 130K for his work in the project. Even with the understanding that lots of work is in private, his public contribution in recent years seems to be way too low to not make people raise eyebrows.
3. Also, it's funny he said "is 130k too much for someone to maintain Babel" to the creator, who probably earned way less for creating Babel from scratch.
I do know Henry personally and Henry actually consulted me when he was debating whether he should quit his job to work on Babel full time. We also occasionally talk about the burdens of OSS maintenance so I know first hand how hard he's been trying to keep Babel afloat.
The linked comment above is one that people interested should read. Especially people who only read the relatively inflammatory and context free initial tweet.
I agree that there are a ton of non-code related things that a project leader should be doing, but the vast majority should be visible in some way. Mailing list discussions, roadmaps, code reviews, creating/triaging issues, etc. It should be pretty easy to get a representative picture of what a project leader did over a whole year.
This is the way it happens in India. We have to enter an OTP to authenticate the transaction. The OTP comes as a SMS and it tells the amount.Some merchants tie up with bank and we can enter the OTP on the merchant's site or choose to go to the bank's site to enter OTP. In any case the OTP page is a new page and the amount is displayed.
Didn't know about this. His clemency petition [1] doesn't mention any serious crimes. It even lists over 250 organizations, eminent individuals and leaders have voiced their support[2] for clemency.
With the info we have it looks like hackers changed the email id of the accounts and then used forgot password to reset the password. What’s concerning is that they were able to do it for accounts with 2FA enabled. I think disabling 2FA should be extremely privileged actions and should not accessible to most employees.
Didn't Twitter buy "Moxie Marlinspike"'s company specifically to get him to fix their security? I guess they didn't really get much out of that. Now I'm starting to get nervous about the security of Signal.
If it’s really a social engineering attack then I think it happened because everyone is working remotely and it is easier to perform social engineering attacks. Maybe this incident will have impact on their long term remote work plans.
I wouldn't be too surprised to learn that some people that are working from home are actually working from a coffee shop (in countries where they have re-opened obviously) or other public places with little to none protection against social engineering attack.
I dunno why you're getting downvoted. I think this idea makes some sense.
If you're doing something shady to your employer, it seems to me that it would feel a lot safer to do so while working from your home office by yourself then when sitting right in the middle of an office pod with other coworkers.
I agree, also remote employees might not have the same layers of security as they do if they were in the office. For example, there could be a firewall that blocks malicious code at the office or someone is logging into the VPN on their home computer that is infected with malware.
