Comment by blasdel
13 years ago
John Gruber's original Markdown.pl is one of the worst small programs I have ever read, completely riddled with outright bugs and misfeatures that continually bite its users in the ass. It's awful even by the already low standards of hand-written many-pass regex-based spaghetti-parsers.
Nobody should be using the original script, and unfortunately many of the other implementations out there are direct transliterations that replicate all of its absurd errors, like where if you mention the MD5 hash of another token in the document, the hash will be replaced with the token, because it uses that as an inline escaping mechanism! Reddit got hit with a XSS virus that got through their filters because of it: http://blog.reddit.com/2009/09/we-had-some-bugs-and-it-hurt-...
See the changelog for what started as a PHP transliteration and turned into a rewrite that squashed 125 (!) unacknowledged bugs: http://michelf.com/projects/php-markdown/
The worst part is that he outright refuses to either disclaim or fix his implementation, and so far he's repudiated everyone else's attempts to do so. He's a terrible programmer and a worse maintainer, he really still thinks the documentation on his site is comprehensive and canonical. As much as Jeff Atwood leaps at every chance to play the fool, there's no way his directorship can be anything but an improvement.
I'm so tired of this mentality that says basically, if you release something for free on the internet, you are obligated to maintain and support it for the rest of your life. Gruber created this program, for free. You are under no obligation to use it. Don't like it? Here's your money back. It may be true that the code is shit. If you think so, don't use it.
Like other responders, I worry that this mentality causes fewer coders to release their projects, for fear of backlash like this post. Think about it: Your feelings toward Gruber are incredibly negative and hostile, and in fact, you would have better feelings toward him if he had kept Markdown to himself and never released it at all. Does that seem fair to you? If the ill will generated by people like yourself outweighs the good will generated by those who appreciate the code I release, or if I fear that it might, what motivation do I have to release my code?
The problem is not that Gruber doesn’t want to maintain Markdown. If that were it, perhaps it would be easier to move on without him.
It’s that he thinks the best option is to do nothing. He claims the title of BDFL without playing the role.
See his first reply to the Markdown mailing list in nearly three years: http://six.pairlist.net/pipermail/markdown-discuss/2012-Octo...
You have it absolutely correct
He enjoys the credit for being the creator of something used by millions every day, but is entirely unwilling to take the responsibility that comes with that creation being a very public mess.
It works for his usage, but all the ambiguities and undefined behaviors affect a huge number of people, and his only response he's made for eight years has been to retain sole moral authority and refuse to use it.
3 replies →
I don't think they're asking for lifetime maintenance and support. I think they're asking that if the author is aware of bugs and exploits, they should at least make the small effort to alert users who are still downloading their code.
If the exploits are as well-known as the grandparent comment asserts, and Gruber is aware of them, there really is no excuse for him to leave the code up without any warning that it contains known exploits. However, if he has no idea and everyone is assuming he knows without someone telling him, that's not exactly fair.
It is far easier to destroy than create. Or to put it in the vernacular of the times: haters gonna hate.
What an embarrassing post to be occupying the top of this thread. Blaming Markdown.pl for security flaws? I suppose the memory corruption bugs in the "optimized" C Markdown parsers are somehow his fault too?
He wrote a text-to-HTML parser with a particularly elegant little language design and got on with his life, which involves writing more than keeping up with bug reports in Perl scripts. Get over yourself; comments like this make us all look bad.
The punchlines were this:
unfortunately many of the other implementations out there are direct transliterations that replicate all of its absurd errors
he outright refuses to either disclaim or fix his implementation
This is important to know if you are interested in Markdown.
Personally, I encountered edge cases almost as soon as I started using it.
Except that the source code specifically tells you to report bugs to him.
We all write code with bugs and flaws and we sometimes release it online.
'Fix or deprecate' is not an unrealistic obligation on a technology journalist with a public persona and a large readership.
> What an embarrassing post to be occupying the top of this thread. Blaming Markdown.pl for security flaws?
I believe markdown.pl is being blamed for over 100 bugs. Not just security flaws.
> I suppose the memory corruption bugs in the "optimized" C Markdown parsers are somehow his fault too?
Strawman, you're better than that.
> He wrote a text-to-HTML parser with a particularly elegant little language design and got on with his life
And he did a horrible job of it. Horrible. But he considers himself the BDFL of Markdown. Break that down for me.
> which involves writing more than keeping up with bug reports in Perl scripts
He clearly can't keep up with any bug reports, so it's good his life is more broad than bug reports.
> Get over yourself; comments like this make us all look bad.
No, comments like this make us look like we have higher expectations than "it worked on my machine, suck a dick!"
> And he did a horrible job of it. Horrible. But he considers himself the BDFL of Markdown. Break that down for me.
Christ, you're being a dick. All John Gruber did to you was design a minimalist markup language and write a quick-and-dirty proof-of-concept Perl script to implement it. Just use a better implementation and get on with your day.
4 replies →
>> But he considers himself the BDFL of Markdown
Well he needs to be something other than a pathetic apple fanboy! :D
This would be a lot stronger argument without the ad hominem bits. He's obviously not so terrible if he created this thing that has people so up in arms.
I think there's something to your post, but the tone makes me want to dismiss it. I know, stupid emotions.
This internet lynch mob mentality... I wonder how much this discourages people from releasing things. So, Gruber releases markdown.pl. People like it. People love it. People use it, people reuse it, people rewrite it. Next think you know, he's being insulted on the internet because he released something he wrote to serve his needs and not passing on some sort of figurative mantle or blessing.
> He's obviously not so terrible if he created this thing that has people so up in arms.
Oh please, double standards like this disgust me. Microsoft had shit slung at it for years on end by the tech community because IE was terrible and held back innovation on the web, but no one claimed that IE is "not so terrible" just because everyone cared about it.
The difference with Gruber is that he's a darling of the tech community because he's Apple-anointed nobility. But as a programmer, in my eyes (and in the eyes of any other objective observers) he's absolute shit.
The reason Microsoft is dead to many developers (myself included) is that they used their massive corporate power to shut down good startups making cool stuff.
I didn't care that IE was terrible (until v3 or whenever), I cared that Microsoft went to all the major PC manufacturers and told them that their licensing deals were toast if they preloaded Netscape.
I didn't care that Word was a crappy word processor, I cared that they used their market position on office documents to make minor incompatibilities that prevented WordPerfect from interoperating.
I didn't care that Windows file sharing wasn't half as good as NFS, I care that they continually fucked with the SMB protocol so that no one could sell UNIX machines that could share with Windows networks.
It has been an absolute pleasure watching that Microsoft's power over device makers disappear. The world is better off for it, and Microsoft will always be an asshole in my book.
3 replies →
No, the difference is that Gruber is a person whereas Microsoft is a corporation. Corporations aren't subject to the same social mores - it isn't hurtful to say something nasty about a corporation.
Abandoning basic etiquette that you should have learned in primary school and calling someone "absolute shit" is not cool.
1 reply →
The thing is this isn't something new, I and a number of other people have been enraged by this for eight years now.
Over those years it's grown in usage exponentially, and so has his fame as a sportswriter for team Apple. Throughout that period he's continued to brush off all kinds of attempts to clean up bugs, define ambiguous behavior, or fix the security vulnerabilities. It hasn't mattered what approach people have taken, he just does not give a shit. Here's an example from last week: http://six.pairlist.net/pipermail/markdown-discuss/2012-Octo...
He's spent so long burning off any goodwill I would have for him on the matter, being cordial just isn't a priority anymore. NERD RAGE.
You've been enraged by the handling of a text-to-HTML converting Perl script written by a tech writer?
You're right: he just does not give a shit. I can see why. What possible upside could there be to engaging with someone who handles themselves like you are here?
5 replies →
"Enraged" huh? For "_eight years_"?
Care to show us your alternative? It'll be on Github or GoogleCode, or maybe your personal blog, somewhere we can download it, try it out, and criticize it too, right?
Surely 8 years of rage is enough encouragement to write your own replacement for ~1000 odd lines of Perl?
Or by "enraged", did you mean "annoyed enough to write critical posts on random internet sites, but not motivated enough to spend an evening or two solving the problem myself"?
"NERD RAGE" indeed…
3 replies →
> He's obviously not so terrible if he created this thing that has people so up in arms.
Being great at designing a format and writing code are two different things: one can be great at once while being terrible at the other.
The perceived simplicity of the format (driven by the naivete of the implementation) played a significant role in making it popular, but lays a minefield of bugs and ambiguities for implementors especially if they want any combination of sanity and interoperability.
Wisest thing in this thread.
It is a great format.
The original parser (and specification) has serious problems.
I find it disheartening that the top voted comment is so blatantly rude. I'm not sure what is gained by calling John Gruber a terrible programmer and maintainer. If you want to praise Jeff Atwood for taking over the stewardship of Markdown, great.
Go read Markdown.pl, and then consider the millions of uses it's had in the last eight years with neither maintenance, guidance, or abdication.
At some point there's no constructive criticism left to give.
His program is bad and he should feel bad
Christ, maybe I should pull all my open source projects that I no longer work on down from github for fear of people actually using it and then complaining when I don't maintain it indefinitely.
The dude released a script to the public under a free software license and people used it. If you think it's bad, fork it and fix it, otherwise don't use it, that's how the open source ecosystem works.
3 replies →
Grow up.
Get over yourself. The guy wrote something that suited his own needs and released it so that others could use it too if they wanted. Programmers ported it to other languages because they liked the idea and wanted to see it thrive -- I've used the PHP port in many homespun web apps over the years. Is it perfect? No, and no software is. But when I've needed a script that easily converts line breaks and hyphens into paragraphs and unordered lists (the normal use case I've taken advantage of), it's done the job every time.
> Is it perfect? No, and no software is.
You may want to look into seL4. (If you consider formal verification to be perfection, that is.)
This is one of the reasons Why left the programming community. People are not thankful. Even if you release a great idea - with obviously _not_ the best code - the one thing you get is criticism. Maybe also the words that "you are the worst programmer on earth" following the words that "you put your family in such a shame".
You know what programmers think because of such comments? "My code is so bad I can't release it. Even if the idea is good." And this Sir helps no-one.
Stop this shit.
> You know what programmers think because of such comments? "My code is so bad I can't release it. Even if the idea is good." And this Sir helps no-one.
I agree. This has even stopped me from __starting__ a few FOSS projects I've wanted to develop.
The possibility of someone criticizing your work is stopping your from "starting" FOSS projects?
Out of curiosity, what do you do now?
I assume he means http://en.wikipedia.org/wiki/Why_the_lucky_stiff
2 replies →
Gruber's Law: the highest upvoted comment for any Daring Fireball link or Markdown discussion on HN will tend to be a repulsive ad hominem whinge.
What I love here is that not just satisfied with running down Gruber, you also feel the need to get in a little swipe at Jeff ("as much as [he] leaps at every chance to play the fool"), a man who seems broadly in agreement with you (though is far more constructive in his approach).
Stay classy.
>>John Gruber's original Markdown.pl is one of the worst small programs
Perl makes it look small, if you have to write something like this in Java or Python, multiply the LOC by at least 20. But I assure it will be higher.
No. I was curious and checked - this: https://github.com/waylan/Python-Markdown is slightly below 3k loc mark (2977) excluding extensions, and by the look of it it's much more heavily commented (I didn't strip blank lines or comments at all). Markdown.pl has 1450 loc.
So - no, bullshit, you need to multiply by 2 at most in case of Python :)
Another interesting comparison would be with the Text::Markdown CPAN module which is Gruber's original code & comments converted to an OO interface with POD documentation added + bug fixes.
This comes (including blank lines, comments & POD) to 1739 loc - https://metacpan.org/source/BOBTFISH/Text-Markdown-1.000031/...