Conversation
We all love the lib, but we all don't like having a browser open every time we do a package install. It's borderline obnoxious. Thank you.
Burn it, burn it with fire
2 similar comments
+1
When this was released I found myself called over by a team member who was almost killing himself trying uplift dependencies in the VS NuGet dialog, but every-time it would fail and attempt to roll-back leaving the solution is a mess. When I looked it was because of this script failing to execute because it didn't have the necessary ExecutionPolicy setting. To make matters worse, as the developers PS prompt defaulted to 64bit, his attempts to resolve this were further frustrated as VS and it's PackageManager run in 32bit so any Set-ExecutionPolicy command needs to be run against 32bit.
I sincerely urge you remove it, I don't think we ever felt it was needed before and we love the lib. We've actual stopped uplifting this lib since this change.
+1
would like this behavior removed from this package
The website helps make everyone aware of documentation which reduces questions, and drives ad impressions which helps pay for my time to work on it.
Ugh no, that is a terrible way to raise funds. This approach is spammy and almost adversarial. I urge you to reconsider.
2 similar comments
For once I agree with damianh. Does it really generate so much revenue that it's worth going against the whole spirit behind Nuget? Json.Net has a dominant position as JSON library because Microsoft is backing it, but if every package opened windows to show ads, then Nuget would quickly die as people went to a cleaner package manager.
1 similar comment
If raising money is an issue you could try using a tipping service such as gratipay?
@JamesNK I appreciate your plight, I really do, can we - as a community - find some alternative way to help fund your efforts? As a goodwill gesture if you have a PayPal funds link I'll happily chuck personal monies your way? How much do the ads raise you in a month? What do we have to match here?
Also worth considering this potential scenario for a developer too, as I believe MachinePolicy overrides LocalMachine, I'm not sure they would - in this scenario - ever get it to install successfully from nupkg.
3 similar comments
@ianbattersby's comment alone should be reason to fix this. Stopping people from being able to install the package due to their security settings just so you can earn more impressions (which I suspect the advertisers wouldn't pay for, if they knew how they were earned) feels slimy.
As a goodwill gesture if you have a PayPal funds link I'll happily chuck personal monies your way?
It's up on the JSON.NET website, and has been there for a couple of years: https://pledgie.com/campaigns/18941
Things costs money, be it the macbook pro used by that ruby dev, or vs.net used by that .NET dev. That has nothing to do with '.NET', as things aren't magically free on other platforms.
Some things cost money, like computers. Some things don't cost money... like most development platforms. If I sit at a Macbook, or a Linux computer, or a Windows computer, I'm able to build Ruby, Python, Node, Java, Erlang, Clojure... etc. apps, you get the point. I just download the bits and go. That's not the case with .Net.
If you peel away all of the default excuses like a free company license (we don't do .Net), student discounts (I'm not a student), Bizspark (I don't have a biz), Visual Studio Express (which prohibits types of .Net OSS I've done), Mono (good but not close to 100%), MS MVP (most of us are not worthy! ) you're left with paying hundreds out-of-your-pocket for... what? The right to invest hours into a .Net OSS project and get yelled at?
Plus, remember that .Net costs are recurring. Gotta keep that MSDN license going, or you have to pay the next time VS updates. Windows itself isn't free, too.
Like @nathanaeljones said, this doesn't exist in other ecosystems. I think he nailed it. Even if this isn't a case where the author has to pay for his tools, seeing the donation/ad-evenue breakdowns and comparing it to the base-cost of what it takes to be a .Net developer is enlightening.
+1. Ads have no place here. I would rather @JamesNK stop development than have to rely on ad revenue.
@sharpjs He's not showing an ad - he's opening the project homepage. Lots of other software does the same thing. Are you volunteering to take over his efforts?
Your previous post implied it's stupid to do OSS without corporate backing. That's what I called unfriendly.
That's not what I said nor implied. I just said that if there are costs with this project that are not met other than with ad money, perhaps @JamesNK should ask MS for sponsorship as this project is a prominent aspect of ASP.NET. But that doesn't mean OSS isn't possible without corporate backing, it just means that there might be costs (there WILL be costs) which you have to take into account when publishing OSS: be it free time, time spent during business hours, hosting some site, hell maybe even speaking about the project on some user group you have to drive to yourself paid from your own pocket. I take those into account too for my own OSS projects and so do many others. It's simply the price to pay for publishing OSS: that's not stupid, it's simply a factor. It's also not a requirement to get corporate backing. I don't see how that's different in other communities, writing ruby still requires a computer, hosting your site on heroku also takes money. :)
I think the .NET ecosystem can be fixed, and we may even eventually get the community at large to say please/thank you instead of the current attitude. But sticking fingers in our ears and saying "nyah-nyah, I can't hear you" to the problems we face is not an effective problem-solving technique.
What problem needs fixing? That publishing software takes an effort and a price, e.g. time/money/both? And I don't know, but other OSS communities are not different at all: there too is a lot of not so friendly fighting among devs, even inside the same projects. That has been the case since we used usenet and mailinglists and that is still true today. Don't kid yourself.
If you peel away all of the default excuses like a free company license (we don't do .Net), student discounts (I'm not a student), Bizspark (I don't have a biz), Visual Studio Express (which prohibits types of .Net OSS I've done), Mono (good but not close to 100%), MS MVP (most of us are not worthy! ) you're left with paying hundreds out-of-your-pocket for... what? The right to invest hours into a .Net OSS project and get yelled at?
Erm... no-one forces anyone to publish any work to be downloaded for free. So if a person or a group of people do so, they do that for a given reason, be it fame, be it because they had fun and want to share what they wrote with others, you name it. OSS devs in .NET space have the VS.NET tax, where ruby / js devs perhaps only have the sublime tax to pay. C'est la vie. I have to pay for MSDN myself, while others get it for free from MS or from their employer. That's life.
If the point is that 'we' as users of .NET OSS have to accept that projects need some kind of income to cover the costs, I am not against that in general. The thing is though that sleazy hidden scripts pushing ads is one of the lowest of the lowest one can do. As there are many other ways to cover costs (whatever these are) for this project, I don't think we should accept hidden scripts which push ads.
I just can't stand whining as if it's us as a community's fault that @JamesNK needs to run ads because otherwise he can't make ends meet and being against that makes us bad people.
I took a look at this and I think folks are overreacting.
First, it's been like this for years. Just this week folks are upset.
Second, I checked, he only pops the browser inside VS on totally new installs of JSON.NET. It's never seen on upgrades or File New Projects. The Glimpse guys do it, NServiceBus does it, etc. It's not like he's sending us to the Paint.NET site.
That said, I'll talk to James about it, on the phone like a civilized friend. It's not useful to write walls of prose and waste keystrokes on a GitHub issue with something like this. Rarely are minds changed in GH issues.
Perhaps the NuGet system can offer an opt-in to suppress window creation from install.ps1 during these installs.
@shanselman isn't this a bit the same as your point about ads in chrome extensions you blogged about? Here too an action is taken by code that's not visible to the user to show ads.
But it's not just the ads, it's also more the fact that a script runs only for showing ads and it requires elevated privileges and if these aren't given the install fails. I think the point some (at least myself) try to make is that this is a bad precedent. We shouldn't want this, and it shouldn't be needed and more direct: it actually shouldn't even be possible: if I pull something from nuget I don't want scripts to run which require elevated privileges, because I don't know what these scripts do. Perhaps you are fine with the current situation, but I sure am not.
@FransBouma the script also runs in order to update the assembly bindings in web-config; which is one of the intended uses of the PS file within nuget.
You don't need PS to do web.config transformations.
@phillip-haydon you can but its very specific and doesnt allow for situations like installing Umbraco from nuget which needs to copy files from the package folder to various locations in the solution.
Really this is a NUGET issue. The powershell creates an untrusted script scenario; you need the package but can't install because windows is saying you really shouldnt blindly run scripts when you don't know what actions they will perform or even what they contain... so you reduce your security in powershell globally to suit the needs of nuget. @shanselman probably knows more about the reasons PS was chosen and required and why the featureset wasn't reduced to a point that PS can only affect files within the given solution.
I agree that this is a nuget issue. The fact is that scripts may be warranted in some use cases, but this leaves a backdoor open for "abusive" scripts. Whether or not opening a browser window to trigger ad impressions can be considered seems to be very subjective. But if nuget is going to survive as a package manager which allows PS there needs to be a level of trust in the publishers to not do evil stuff, and I think this is the core of the whole discussion - when that limit is crossed.
@shanselman It's great you can talk to James directly about this, appreciated. Unfortunately the rest of us don't have such a facility so here is the only channel we have.
First, it's been like this for years.
It's been annoying me for years. But after a day of doing package upgrades / re-installs (literally deleting packages.config because stuff was getting borked and doing install-package) my bit flipped. Seriously, this is not what install.ps1 was designed to do (set up build targets etc). It also reads my console history - far too creepy. On lesser nuget packages I'd have just walked away or found an alternative, but this is one of the most popular packages, and it's dependent on in lots of places.
The Glimpse guys do it, NServiceBus does it, etc.
Doesn't excuse the practice, they shouldn't be doing it either (if they are using for same purpose). If I used those projects, I'd be sending similar PRs their way.
What also needs to be addressed is this project's bus factor of 1. If @JamesNK needs to earn money from MIT licensed OSS project, it becomes a risky proposition to depend on it.
If you just want to bypass the popup, for whatever reason, just use your PowerShell chops creatively:
& Install-Package Newtonsoft.Json
Install-Package "Newtonsoft`.Json"
'Newtonsoft.Json' | % { Install-Package $_ }
This does not solve the problems related to running a script, though, which is the main issue at hand.
"Butt Hurt": Getting your feelings hurt, being offended or getting all bent out of shape because of something petty or stupid.
-Urban Dictionary
(Just so we're all clear on what "butt hurt" means)
It also reads my console history - far too creepy
-@damianh
Dude. You have all the source. You know exactly what it is doing with your console history. It isn't uploading your whole history it to some TOR proxy. He's using it to determine if JSON.net was installed on its own (to show the documentation via the browser) or if it was installed as a dependency for some other project. In other words, he wants to show documentation if your purpose was to directly use JSON.net.
This approach is spammy and almost adversarial. I urge you to reconsider.
-@damianh
through sleazy hidden scripts which show popup ads
-@FransBouma
He shows the documentation which reduces support requests. BELOW THE FOLD, there is a donation link that is a side benefit. He isn't selling big dick pills. He isn't retargeting ads to you. He isn't showing flashing gifs. He isn't showing linkbait ads like "See this one weird trick a chicago woman uses to reduce her energy bills". IT IS A DONATION LINK. IT TAKES TWO SECONDS TO CLOSE. You could probably close the stupid browser window 1500 times over in the same amount of time you've used bitching about it on this forum.
I just can't stand whining as if it's us as a community's fault that @JamesNK needs to run ads because otherwise he can't make ends meet and being against that makes us bad people.
-@FransBouma
I literally laughed out loud, as if the people defending @JamesNK's extremely minor actions are the ones whining. I highly doubt that @JamesNK needs donations to make end meet. I'm sure he's spent untold hundreds of hours (if not thousands) and if he thinks showing THE DOCUMENTATION in addition a donation link is helpful, so be it. If it is such a horrible offense to you, then perhaps you should find another serializer. You, @damianh and the throng of other "+1" users are certainly free to complain about the stupid browser opening. Just like I'm free to say that you're whining about an incredibly minor annoyance on an otherwise awesome and FREE project that has delivered untold MILLIONS OF DOLLARS in benefit.
Look, do I wish that there wasn't a popup, yeah, probably. Embedded deep in our shared nerd DNA is the propensity to get butthurt and rage about stuff. I get it. I've certainly had many occasions where I got carried away. I just want to slap everyone back to reality so they realize that this is an incredibly dumb and minor thing to rage about.
+1 to @shanselman, @darrencauthon, @drusellers, @nathanaeljones and @dodyg
@JamesNK, I'm sorry that you have to put up with such nonsense. I'm donating again, this time for $80 to top off my total contributions to $100. Hopefully you realize the overwhelming, vast majority of devs are appreciative of your work and don't mind the two seconds to close the window if they don't want to read the documentation.
Today I learned, if you want to earn money from people who don't contribute to OSS, start an argument.
@phillip-haydon it's sad that it takes this kind of notoriety to get some payback for your all your work, but @JamesNK didn't start the fire. I too would like to see MS pony up and support the work. Until then - I'm grateful for the reminder to give some back for all the value the software has given me in my work. @JamesNK keep the pop-up as long as you feel that you need it to support your efforts.
@damianh Do I contribute to OSS? No. But I've written/published three free developer tools:
http://www.nitriq.com - .Net Static Code Analysis
http://www.getatomiq.com - Code Duplication Finder - written in .net, but runs against most popular languages (C#, VB, Ruby, Python, HTML, Javascript, etc)
http://www.regexpixie.com - RegEx Tool
In addition, I speak at 10-15 conferences/user groups per year, organize a DNUG with 2 meetings per month and organize a code camp that happens twice a year and am a regular participant on StackOverflow. So, I feel just fine about my contribution to the community. OSS isn't the only way to contribute and I don't tear down people like @JamesNK who do.
Can you just put your e-peens away and discuss the issue at hand? we dont like popups in browsers, so we dont want it anywhere else either .
There are probably hundreds of thousands of .NET developers using and interacting with this package. There are only 58 participants to this thread. This is essentially tempest in a teacup.
If you strenuously object with the browser opening, fine. Fortunately this tragedy doesn't happen very often. For the rare occasion that it happens, I offer my sympathy.
Nah sympathy not necessary 😃 It's OSS so if people think its damaged, it can be routed around.
Edit: .NET consists mostly of dark matter developers, making numeric comparisons to the participants in this thread is not useful.
Everybody had their say, the ticket is closed, the conversation stops for a day...
Quick, somebody call for the Github Shut Up button!!!!!!
