HTTP Expert

Tag: toxicity

  • Sociotechnical Fissures: An Exhaustive Analysis of Identity, Tribalism, and Weaponized Toxicity in Software Ecosystems

    Executive Summary

    The digital infrastructure of the modern world is built upon the collaborative labor of millions of software developers. This ecosystem, often idealized as a meritocratic “bazaar” of ideas, is increasingly fracturing under the weight of profound sociotechnical fissures. This report provides an exhaustive, multi-dimensional analysis of the hate speech, harassment, and threats that have come to characterize significant sectors of the software development community. Specifically, it investigates how the choice of programming languages—once a matter of technical trade-offs—has evolved into a marker of social identity, fueling tribal conflicts that mirror religious and political extremism.

    Synthesizing data from extensive 2024-2025 empirical studies on GitHub toxicity, psychological frameworks of social identity, and high-profile case studies across major ecosystems (Rust, Linux, JavaScript, Python), this document reveals a disturbing trend: the weaponization of technical disagreement. We observe that “religious wars” over syntax or memory management are no longer metaphorical. They manifest as coordinated campaigns of harassment, “death threats” leveled against maintainers of critical infrastructure, and the systematic burnout of open-source leadership.

    The analysis identifies “Identity Fusion”—a psychological state where the personal self becomes porous with the group identity—as a primary driver of this toxicity. When a developer’s self-worth is fused with a specific technology (e.g., “I am a Rustacean”), technical critiques are perceived as existential threats, triggering aggressive defense mechanisms. Furthermore, the report highlights the “moralization” of engineering attributes, where features like memory safety are framed as ethical imperatives, thereby justifying the vilification of those who use “unsafe” legacy tools like C or C++.

    Quantitative analysis of recent datasets (Sarker et al., 2025) underscores the scale of the problem, revealing that severe toxicity—including identity attacks and threats—constitutes a significant portion of hostile interactions, particularly in gaming-adjacent and volunteer-run projects. The implications are systemic: the normalization of abuse is not merely a cultural issue but a supply chain security risk, as burned-out maintainers abandon critical projects or, in extreme cases, weaponize their own code in protest. This report serves as a comprehensive documentation of these dynamics, offering a lens into the dark matter of the open-source universe.

    1. The Psychology of Code: Identity, Tribalism, and the “Religious War”

    To comprehend the virulence of hate speech in developer communities, one must first dismantle the prevailing myth that software engineering is a purely rational discipline. The evidence overwhelmingly suggests that for many practitioners, code is not merely a tool but a substrate for identity formation. The psychological mechanisms at play—Social Identity Theory, identity fusion, and the sunk cost fallacy—transform technical preferences into tribal allegiances, creating a fertile ground for intergroup conflict.

    1.1 Social Identity Theory and the Genesis of Techno-Tribalism

    Social Identity Theory (SIT), articulated by Henri Tajfel and John Turner, provides the foundational framework for understanding developer factionalism. SIT posits that individuals derive a significant portion of their self-concept from their perceived membership in social groups.1 In the absence of traditional community structures, professional and technical affiliations fill this void. A developer does not simply write in a language; they become a representative of that language’s community. The labels “Pythonista,” “Rustacean,” or “Gopher” are not marketing terms but identity markers that delineate the in-group from the out-group.

    Research indicates that once this social categorization occurs, individuals naturally engage in “in-group favoritism” and “out-group derogation” to enhance their self-esteem.1 In the context of software, this manifests as the systematic devaluation of rival technologies. The derogatory rhetoric directed at PHP developers—often framed as ridicule regarding the language’s inconsistency or the perceived amateurism of its user base—serves to elevate the status of those using “serious” languages like Haskell or C++.3 This is not technical critique; it is a status game played through the proxy of syntax.

    The intensity of this affiliation is characteristic of “tribalism,” defined as a cohesive extended familyhood marked by internal loyalty and external suspicion.4 While tribalism can foster community support, its shadow side is the cognitive distortion of objective information. The “sacred values” of the tribe (e.g., “functional purity” in Haskell, “freedom” in Linux) become immune to compromise. When these sacred values are challenged—for instance, by the introduction of systemd in Linux which violated the “do one thing well” dogma—the reaction is not debate, but the excommunication of the heretic.4

    1.2 Identity Fusion and the Porous Self

    Beyond simple group identification lies the more extreme phenomenon of “Identity Fusion.” In high-fusion individuals, the boundary between the personal self and the social self becomes indistinct. For a fused developer, an attack on their preferred framework is experienced viscerally as an attack on their own personhood.4 This psychological state explains the disproportionate aggression seen in niche communities like Elm or specific Rust sub-cultures.

    In the case of Elm, a purely functional language for the frontend, the community is often described by detractors as having a “cult-like” adherence to the decisions of its creator, Evan Czaplicki.6 For fused members of this community, the rigid enforcement of “no runtime exceptions” is a core tenet of their professional reality. When outside critics attack the language’s restrictive interop policies (such as the removal of synchronous JavaScript interop in version 0.19), fused members perceive this as an assault on the safety and predictability that defines their coding existence. Conversely, detractors who feel betrayed by these decisions often engage in harassment that targets the creator personally, viewing him as a “dictator” who has deprived them of their agency.6 The language of “cults” is frequently weaponized in these disputes, serving to delegitimize the cohesion of the target group while reinforcing the attacker’s identity as a “freethinker”.8

    1.3 The Sunk Cost Fallacy and Defensive Aggression

    The Sunk Cost Fallacy reinforces these tribal dynamics by binding a developer’s sense of worth to their accumulated knowledge capital. Mastering a complex ecosystem like C++ or the intricacies of the Rust borrow checker represents an investment of thousands of hours.9 This massive cognitive investment creates an inertia where the individual feels compelled to defend the utility of that skill set against emerging threats.

    When a new paradigm emerges that threatens to render that investment obsolete, the psychological response is often “defensive aggression.”

    • The C++ vs. Rust Dynamic: For a C++ veteran, the rise of Rust is not just a market shift; it is a devaluation of their expertise in manual memory management. The rhetoric from the Rust community, which frames C++ not just as outdated but as “unsafe” and “immoral,” directly attacks the C++ developer’s professional competence.10
    • The Reaction: To resolve the cognitive dissonance caused by the suggestion that their life’s work is contributing to digital insecurity, the threatened group may lash out. They might label Rust proponents as “zealots” or “evangelists,” dismissing the technical merits of memory safety to protect the value of their own sunk costs.11 This is evidenced in forums where discussions about safety features devolve into ad hominem attacks on the “cult” of the new language.11

    1.4 The “Religious War” Metaphor: From Metaphor to Reality

    The term “religious wars” has been a staple of computing culture since the 1970s, originally describing the impassioned debates over text editors (vi vs. Emacs) or formatting styles (tabs vs. spaces).13 Paul Graham, in his seminal essay “Keep Your Identity Small,” posits that such discussions degenerate because they engage identity rather than expertise. He argues that fruitful discussion is impossible when participants feel that their identity is at stake.14

    In the contemporary landscape, this metaphor has become dangerously literal. The arguments are no longer just about preference; they are about “truth” and “morality.” The Linux community’s reaction to systemd—which involved “jokes” about hiring hitmen and genuine death threats against Lennart Poettering—demonstrates how technical disagreement can escalate into campaigns of terror that mimic religious persecution.5 The “Unix Philosophy” is treated by adherents not as a design pattern but as scripture; deviations are heresy, and the heretic must be punished to purify the community. This escalation from technical critique to moral condemnation is the defining feature of modern developer toxicity.

    2. The Rust Ecosystem: Memory Safety as Moral Crusade

    The rise of the Rust programming language has precipitated one of the most intense sociotechnical conflicts in the last decade. Rust’s central value proposition—guaranteeing memory safety without the overhead of a garbage collector—has been elevated by a vocal subset of its community from a technical feature to a moral imperative. This “moralization” of technology has created deep fissures between Rust and the entrenched C/C++ communities, resulting in a unique flavor of harassment and counter-harassment.

    2.1 The Moralization of Technical Attributes

    In the discourse surrounding Rust, memory safety is frequently framed as an ethical obligation. Proponents argue that because memory safety vulnerabilities (such as buffer overflows and use-after-free errors) are responsible for a vast majority of critical security breaches (up to 70% in systems like Chrome and Windows), continuing to start new projects in C or C++ is an act of professional negligence.10

    This framing shifts the debate from “which tool is more efficient?” to “who is a responsible citizen of the digital world?” Consequently, C++ developers often feel that they are being accused of actively harming society. This moral righteousness fuels the “Rewrite It In Rust” (RIIR) phenomenon, where enthusiasts aggressively lobby maintainers of existing C/C++ projects to port their codebases. While often well-intentioned, this advocacy frequently crosses the line into harassment. Maintainers of mature, stable C projects report being bombarded with demands to rewrite their software, often accompanied by derogatory comments about their “unsafe” legacy code.11 The term “Evangelism Strike Force” has been coined—often pejoratively—to describe this aggressive proselytizing, which opponents view as dogmatic and insufferable.11

    2.2 Case Study: The Actix-Web Incident

    The potential for this high-minded culture to devour its own is starkly illustrated by the Actix-web incident. Actix-web is a high-performance web framework for Rust that, at its peak, topped many benchmarks. However, achieving this performance required the framework’s creator to use a significant amount of unsafe code blocks—a feature of Rust that allows the developer to bypass the compiler’s safety checks for performance optimization.

    The community’s reaction was swift and brutal. Purists within the Rust ecosystem scrutinized the code, identifying instances of unsafe usage that they deemed unnecessary or unsound. What began as technical code review quickly devolved into a massive “dog-piling” event on Reddit and GitHub.17 The creator was subjected to hundreds of comments questioning their competence, integrity, and responsibility. The tone of the critique was not constructive; it was punitive, driven by the community’s obsession with safety purity.

    Overwhelmed by the toxicity, the maintainer made the drastic decision to delete the project’s repository and quit open-source development entirely (though the project was later revived by a new team).18 This incident serves as a tragic case study in how the specific values of a community (safety) can be weaponized against its own contributors. The harassment was rationalized by the attackers as a defense of the language’s integrity, illustrating how “noble” goals can justify abusive behavior in the minds of the perpetrators.

    2.3 The Trademark Policy Controversy (2023)

    In April 2023, the Rust ecosystem faced a different kind of threat: a governance crisis that triggered a fierce backlash against the Rust Foundation. The Foundation released a draft trademark policy that proposed strict limitations on the use of the “Rust” name and logo. The policy included provisions that would prohibit the use of the name in ways that could be “confusing” or “political,” and even attempted to regulate the content of events using the Rust name.16

    The community viewed this as a corporate power grab and a betrayal of the open-source ethos of freedom. The backlash was instantaneous and severe. Social media channels and forums lit up with vitriol directed at the Foundation’s staff and board members. The criticism ranged from reasoned legal arguments to abusive ad hominem attacks and conspiracy theories about corporate capture.21 The intensity of the revolt forced the Foundation to issue a public apology, acknowledging that the draft was flawed and that the process had lacked transparency.16

    This episode highlighted the fragility of trust in modern open-source governance. The community’s identity as “free and open” was threatened by the perceived corporatization, triggering a defensive mobilization that, while effective in changing the policy, also generated a significant amount of toxic waste. It demonstrated that hate speech in these communities is often a ” antibody response” to perceived threats to the community’s autonomy or identity.

    3. The Linux Ecosystem: The Shadow of the Benevolent Dictator

    The Linux kernel community has historically been the epicenter of the “abrasive meritocracy” model of software development. For decades, the community operated under the implicit assumption that technical excellence justified, or even required, interpersonal aggression.

    3.1 Linus Torvalds and the Normalization of Abuse

    Linus Torvalds, the creator and “Benevolent Dictator For Life” (BDFL) of Linux, established a culture where blistering, profanity-laden critique was the norm. Torvalds famously defended his abrasive style—which included telling people to “shut the f*** up” and calling them “brain-damaged”—as a necessary filter for maintaining the quality of the kernel.15 He argued that “fake politeness” and “office politics” were detrimental to the honesty required for high-stakes engineering.24

    This leadership style trickled down, creating a mailing list culture where verbal abuse was a rite of passage. Contributors like Sarah Sharp publicly challenged this culture, calling for an end to the “verbal abuse” and “physical intimidation” rhetoric, only to be met with dismissal or further harassment from the “old guard” who viewed civility as weakness.24 The community became polarized between those who saw the abuse as a toxic barrier to entry (especially for women and underrepresented groups) and those who viewed it as the immune system of the project.

    3.2 The 2018 Turning Point and the CoC Wars

    In 2018, the pressure on Torvalds reached a breaking point. Anticipating a critical article by The New Yorker that would expose the extent of the toxicity and sexism in the kernel community, Torvalds issued a surprising public apology.26 He admitted that his attacks were unprofessional and that he needed to “take a break to get help on how to behave differently”.28

    Simultaneously, the Linux Foundation introduced a new Code of Conduct (CoC) based on the Contributor Covenant. This move sparked a fierce backlash from a segment of the community who viewed the CoC as an ideological imposition by “Social Justice Warriors” (SJWs) intended to prioritize diversity over code quality.29 Some developers threatened to rescind their code contributions, citing the potential for the CoC to be weaponized to purge politically incorrect contributors. This period of transition laid bare the deep political and cultural fissures within the open-source world, where the very concept of “professional conduct” is a contested battleground.

    3.3 Case Study: Systemd and the Death Threats against Lennart Poettering

    While the kernel governance debates were heated, the introduction of systemd—a init system that replaced the traditional System V init scripts—triggered a campaign of harassment that crossed into criminal territory. Lennart Poettering, the lead developer of systemd, became the target of a vitriolic hate campaign driven by users who felt that his software violated the sacred “Unix Philosophy” of modularity and simplicity.5

    The harassment included:

    • Death Threats: Poettering received credible threats against his life.
    • “Hitman” Markets: Reports surfaced of “jokes” on dark web markets and IRC channels about crowdfunding a hitman to assassinate him.15
    • Hate Sites: Websites were created specifically to vilify him and his work.

    Poettering publicly attributed this toxic environment to the culture fostered by Torvalds, stating, “By many he is a considered a role model, but he is quite a bad one”.15 He noted that the open-source community, often advertised as a welcoming place, was in reality “quite a sick place to be in.” The systemd wars illustrate that when technical tools are elevated to the status of religious dogma (the Unix Philosophy), deviations are treated as blasphemy, justifying violence in the minds of the “true believers.”

    4. The JavaScript Ecosystem: Supply Chain Sabotage and Framework Factions

    The JavaScript ecosystem, characterized by its massive scale, rapid churn, and reliance on a centralized package registry (npm), faces a unique set of toxic dynamics. Here, hate speech and threats are often intertwined with supply chain security and the intense rivalries between frontend frameworks.

    4.1 Protestware: Code as a Weapon of Political Expression

    The concept of “protestware” emerged explosively in the JavaScript community, blurring the lines between activism, sabotage, and harassment.

    • node-ipc and the Ukraine War: In March 2022, the maintainer of the popular node-ipc package, Brandon Nozaki Miller (RIAEvangelist), released a modified version of his code that contained a payload designed to overwrite files on computers located in Russia and Belarus with a heart emoji, as a protest against the invasion of Ukraine.32
    • The Fallout: While motivated by a political stance, the action was widely perceived as a betrayal of the implicit trust that underpins the open-source supply chain. The incident caused massive disruption and panic, as the malware (or “wiper”) affected developers and build servers globally, regardless of their political affiliation.
    • The Reaction: The backlash was severe. The maintainer faced a torrent of death threats, doxxing attempts, and abuse. The incident polarized the community: some viewed it as legitimate civil disobedience, while the majority viewed it as a dangerous precedent that justified the revocation of trust in individual maintainers.32 This event demonstrated that in the JavaScript world, the code itself can become a vector for political violence and the subsequent hate speech is a reaction to the violation of the “neutrality” of the infrastructure.

    4.2 The Framework Wars: React vs. Vue

    The rivalry between React (developed by Meta) and Vue.js (a community-driven project) has often drifted into cultural stereotyping that fuels toxicity.

    • The “Bro” Narrative: A persistent narrative within the frontend community characterizes the React ecosystem as dominated by “tech bros”—aggressive, hyper-masculine, and elitist. This is often contrasted with the Vue.js community, which is framed as more inclusive, humble, and diverse.34
    • Consequences: These stereotypes create tribal barriers. Developers who prefer Vue may be dismissed by React proponents not on technical merit, but through the lens of this cultural prejudice—labeled as “amateurs” or “designers” rather than “real engineers”.35 Conversely, React developers are targeted for their association with “Big Tech” and its perceived evils. This factionalism creates a hostile environment for beginners, who find themselves caught in the crossfire of a culture war they do not understand.

    4.3 DHH and the TypeScript Rebellion

    David Heinemeier Hansson (DHH), the creator of Ruby on Rails and a prominent figure in the web development world, sparked a massive controversy in late 2023 by removing TypeScript from the Turbo 8 library.

    • The “Heresy”: TypeScript has achieved a near-hegemonic status in modern web development, with static typing seen by many as the only professional way to write JavaScript. DHH’s decision to revert to pure JavaScript was viewed by the TypeScript community as a regression and a dangerous precedent.
    • The Hate: DHH reported receiving “death threats” and an avalanche of abuse on social media. The discourse framed his technical decision as a moral failing. The intensity of the anger revealed that for many developers, TypeScript provides a sense of safety and order; removing it induces anxiety that is transmuted into aggression against the agent of chaos (DHH).

    4.4 Supply Chain Attacks as Hostility

    Beyond protestware, the npm ecosystem is plagued by malicious actors who use the platform for direct attacks.

    • Typosquatting and Account Hijacking: Attackers use techniques like “Shift Key” attacks (creating packages with slightly different capitalization) or phishing campaigns to compromise maintainer accounts.37
    • Impact: While primarily motivated by financial gain (cryptominers, credential theft), these attacks contribute to an atmosphere of paranoia and hostility. Maintainers are constantly on edge, knowing that a single mistake could lead to their project being weaponized, which in turn leads to them being blamed and harassed by the victims of the attack.

    5. Python and the Limits of Governance

    Python, widely regarded as one of the most welcoming and diverse communities (exemplified by its popular slogan “Come for the Language, Stay for the Community”), faced a defining crisis that exposed the limits of its governance model.

    5.1 The Fall of the Benevolent Dictator

    Guido van Rossum, the creator of Python, served as the project’s “Benevolent Dictator For Life” (BDFL) for decades. This model centralized decision-making but also centralized the abuse.

    • PEP 572 (The Walrus Operator): In 2018, van Rossum accepted a proposal to introduce assignment expressions (the := operator). The proposal was controversial, with critics arguing it harmed readability and violated the “Zen of Python” (specifically, “There should be one– and preferably only one –obvious way to do it”).
    • The Abuse: The technical disagreement escalated into a personal attack campaign on social media (Twitter) and mailing lists. Van Rossum was subjected to a barrage of tweets and messages that questioned his judgment and leadership in deeply personal terms.39
    • Resignation: Citing the toll on his mental health, van Rossum resigned as BDFL. He stated, “I’m not going to look up the tweets, but the tone was really hurtful,” and expressed his exhaustion with having to fight for every decision.40

    5.2 Transition to the Steering Council

    The resignation forced Python to adopt a democratic Steering Council model. This transition diffused the target for abuse—it is harder to dog-pile a committee than a single individual. However, the incident remains a cautionary tale. It demonstrated that even in a community with a strong reputation for kindness, the combination of social media amplification and technical dogmatism can break the spirit of even the most seasoned leaders. It highlighted that the “dictator” model is unsustainable in the modern era of hyper-connected, hyper-critical developer discourse.

    6. Quantifying the Hate: The Landscape of Toxicity (2024-2025)

    Moving beyond case studies, recent empirical research provides a critical quantitative dimension to this analysis. The paper “The Landscape of Toxicity: An Empirical Investigation of Toxicity on GitHub” (Sarker et al., 2025) offers the most comprehensive dataset to date.

    6.1 Prevalence and Typology of Toxic Interactions

    Analyzing millions of Pull Requests (PRs) and comments, the study reveals that toxicity is a pervasive, systemic feature of the platform.

    • Profanity as Dominant: The study identifies profanity as the most frequent form of toxicity.41 While some defend this as mere “developer culture” or “freedom of speech,” the data suggests that environments with high levels of profanity are correlated with higher incidences of severe harassment.
    • Severe Toxicity: Approximately 22% of the toxic interactions identified were classified as “severe,” including direct insults, identity attacks (racism, sexism, homophobia), and threats of violence.41 This refutes the minimization of toxicity as merely “passion.”
    • Recidivism: The data indicates high recidivism rates. A small number of toxic users are responsible for a disproportionate amount of the abuse. Contributors who have authored toxic comments in the past are significantly more likely to repeat the behavior, suggesting that toxicity is often a stable trait of specific individuals rather than solely a reaction to situational stress.42

    6.2 Structural Correlates of Toxicity

    The research highlights key structural factors that influence toxicity levels:

    • Gaming vs. Non-Gaming: One of the most striking findings is that open-source projects related to gaming are seven times more toxic than non-gaming projects.42 This suggests a “bleeding over” of the toxic norms of gamer culture (hyper-competitiveness, trash-talking, gatekeeping) into the collaborative development space.
    • Corporate vs. Community: Corporate-sponsored projects were found to be less toxic than purely volunteer-driven ones.42 This is likely due to the presence of professional moderation, enforced Codes of Conduct, and the fact that contributors are often participating as part of their employment, where abusive behavior carries real-world career consequences.
    • Project Popularity: There is a positive correlation between project popularity (stars, forks) and toxicity. As projects scale, they attract a broader, less cohesive user base, diluting shared community norms and increasing the volume of “drive-by” harassment.42

    6.3 Platform Dynamics: GitHub, Stack Overflow, and “Dev Twitter”

    The ecosystem of hate extends beyond the code repositories.

    • Stack Overflow: Long criticized for its hostility to beginners, Stack Overflow’s toxicity is so systemic that it has infected AI models. An experiment training an LLM (“StackGPT”) exclusively on Stack Overflow data resulted in a model that responded to queries with insults and condescension, mirroring the platform’s infamous “duplicate question” culture.43
    • Twitter/X: The “Dev Twitter” ecosystem acts as an accelerant. The brevity of tweets and the algorithmic prioritization of engagement (often outrage) facilitate “dog-piling.” When a figure like DHH or a Rust advocate posts a controversial opinion, the platform enables the rapid mobilization of thousands of users to harass the target, often spilling over into GitHub issues and private emails.44

    7. Systemic Implications and Future Outlook

    The phenomena described in this report—techno-tribalism, identity fusion, and the weaponization of code—pose existential risks to the sustainability of the software ecosystem.

    7.1 The Maintainer Crisis and Supply Chain Security

    The most immediate casualty is the maintainer workforce. Open source relies on the volunteer labor of a relatively small number of individuals. When these individuals are targeted by death threats, burned out by constant abuse, or harassed into quitting, the infrastructure they support becomes vulnerable.

    • Security Risk: A maintainer under siege is less likely to audit code carefully, more likely to miss vulnerabilities, and more susceptible to ” burnout-induced apathy,” where they simply stop patching the software.46
    • The Void: When leaders like van Rossum or the Actix-web creator step down, it creates a power vacuum that can destabilize entire ecosystems.

    7.2 The Shift to “Professionalization”

    The industry is undergoing a painful transition from the “hacker ethic” of the past (unregulated, meritocratic, abrasive) to a “professional engineering” model.

    • Codes of Conduct: The universal adoption of CoCs by major foundations (Linux Foundation, Rust Foundation, OpenJS Foundation) is the primary institutional response.29 While necessary for safety, these are often flashpoints for conflict, viewed by traditionalists as tools of political censorship.
    • Governance Evolution: We are seeing a shift away from BDFLs toward Steering Councils and corporate-backed foundations. This bureaucratization of open source is a defensive measure against toxicity, aiming to depersonalize leadership and provide robust mechanisms for enforcement.

    7.3 Conclusion

    The “religious wars” of programming are no longer a joke. They are a sociotechnical pathology that threatens the mental health of developers and the security of the global digital infrastructure. The evidence presented in this report demonstrates that as long as code remains fused with identity—as long as “unsafe memory” is seen as a moral failing and “dynamic typing” as a character flaw—the toxicity will persist. Addressing this requires not just better moderation tools, but a fundamental cultural shift: decoupling technical disagreement from personal worth and recognizing that behind every pull request is a human being, not just a compiler node.

    Data Appendix

    Table 1: Typology of Hate Speech & Harassment in Developer Communities

    CategoryDescriptionExamplesPrimary TargetsSource
    Dog-piling (Brigading)Coordinated mass commenting to overwhelm a target.Reddit threads linking to GitHub issues; Twitter mobs targeting DHH.Maintainers making controversial decisions.17
    Identity AttacksHarassment based on race, gender, sexuality.Racist comments in PRs; anti-trans rhetoric in CoC debates.Marginalized groups; Diversity advocates.41
    Moralizing HarassmentFraming technical choices as ethical failures.“C++ is immoral”; “You are hurting users by not using Rust.”C/C++ developers; Users of “unsafe” tools.10
    Supply Chain SabotageWeaponizing code to harm or threaten users.Protestware (node-ipc); Malicious commits.The general user base; Corporations.32
    Death ThreatsExplicit threats of physical violence or murder.Threats against Lennart Poettering (Systemd); DHH (TypeScript).High-profile disruptors; BDFLs.5

    Table 2: Key Toxicity Statistics (Sarker et al., 2025)

    MetricFindingImplication
    Severe Toxicity Rate~22% of toxic interactionsA significant portion of abuse is dangerous/extremist.
    Gaming vs. Non-GamingGaming projects are 7x more toxicGamer culture norms are a primary vector for toxicity.
    Corporate vs. VolunteerCorporate projects are less toxicProfessional environments/HR policies mitigate abuse.
    RecidivismHigh among toxic usersToxicity is driven by a small minority of repeat offenders.

    Table 3: High-Profile Casualties of Developer Toxicity

    FigureRoleIncidentOutcome
    Guido van RossumCreator of PythonAbuse over PEP 572 (Walrus Operator)Resigned as BDFL.
    Lennart PoetteringCreator of SystemdDeath threats, hitman jokes over Systemd adoptionContinued work but disillusioned with Linux community.
    Actix-Web CreatorRust Framework MaintainerHarassment over unsafe code usageDeleted repo, quit open source (temporarily).
    Marak SquiresCreator of faker.jsBurnout, lack of fundingSabotaged own packages (Protestware).
    Sarah SharpLinux Kernel DevHarassment, “verbal abuse” cultureQuit Linux Kernel development.

    Works cited

    1. Social Identity Theory – The Decision Lab, accessed December 4, 2025, https://thedecisionlab.com/reference-guide/psychology/social-identity-theory
    2. An Application of Tajfel’s Social Identity Theory to Understand Gamer as a Social Identity Among Saudi College-Level Students, accessed December 4, 2025, https://digitalrepository.unm.edu/context/educ_llss_etds/article/1159/viewcontent/An_Application_of_Tajfel_s_Social_Identity_Theory_to_Understand_G.pdf
    3. PHP: Mocking Closures and performing assertions | by Peter Fox | Medium, accessed December 4, 2025, https://articles.peterfox.me/php-mocking-closures-and-performing-assertions-a14e5b5e2b32
    4. 10 Digital Tribalism and Ontological Insecurity: Manipulating Identities in the Information Environment | Deterrence in the 21st century, accessed December 4, 2025, https://ucp.manifoldapp.org/read/deterrence-in-the-21st-century/section/593f8b2c-5c06-4dc8-8fea-4d7229a2155f
    5. Lennart Poettering – Wikipedia, accessed December 4, 2025, https://en.wikipedia.org/wiki/Lennart_Poettering
    6. Ask HN: What Happened to Elm? – Hacker News, accessed December 4, 2025, https://news.ycombinator.com/item?id=34746161
    7. A sad day for Rust – Reddit, accessed December 4, 2025, https://www.reddit.com/r/rust/comments/eq11t3/a_sad_day_for_rust/
    8. The so-called “Hampstead Satanic Cult” should be a warning to the credulous – BarristerBlogger, accessed December 4, 2025, https://barristerblogger.com/2015/03/24/the-hampstead-so-called-satanic-cult-should-be-a-warning-to-the-credulous/
    9. 10 Cognitive Traps That Sabotage Your Code — Lessons from a Nobel Laureate Daniel Kahneman | by Mihailo Zoin | Medium, accessed December 4, 2025, https://medium.com/@kombib/10-cognitive-traps-that-sabotage-your-code-lessons-from-a-nobel-laureate-daniel-kahneman-e8dc1139c60e
    10. Is Rust better than C/C++? – Level Up Coding, accessed December 4, 2025, https://levelup.gitconnected.com/is-rust-better-than-c-c-402179eff461
    11. “Rust is safe” is not some kind of absolute guarantee of code safety : r/programming – Reddit, accessed December 4, 2025, https://www.reddit.com/r/programming/comments/xtundm/rust_is_safe_is_not_some_kind_of_absolute/
    12. Brian Kernighan on Rust : r/programming – Reddit, accessed December 4, 2025, https://www.reddit.com/r/programming/comments/1n5mw0m/brian_kernighan_on_rust/
    13. Douchebaggery – Coding Horror, accessed December 4, 2025, https://blog.codinghorror.com/douchebaggery/
    14. Keep Your Identity Small – Paul Graham, accessed December 4, 2025, https://www.paulgraham.com/identity.html
    15. Open Source Developer Feuding Gets Uglier — ADTmag, accessed December 4, 2025, https://adtmag.com/blogs/dev-watch/2014/10/open-source-squabbling.aspx
    16. Rust Foundation apologizes for trademark policy confusion – The Register, accessed December 4, 2025, https://www.theregister.com/2023/04/17/rust_foundation_apologizes_trademark_policy/
    17. This doesn’t surprise me. Rust’s toxic community was one of several reasons that… | Hacker News, accessed December 4, 2025, https://news.ycombinator.com/item?id=30442235
    18. ‘I am done with open source’: Developer of Rust Actix web framework quits, appoints new maintainer – The Register, accessed December 4, 2025, https://www.theregister.com/2020/01/21/rust_actix_web_framework_maintainer_quits/
    19. I’ve been using Rust for a while, and I’m so, so tired of hearing this argument…. | Hacker News, accessed December 4, 2025, https://news.ycombinator.com/item?id=33056584
    20. New trademark policy – #70 by jbe – community – The Rust Programming Language Forum, accessed December 4, 2025, https://users.rust-lang.org/t/new-trademark-policy/92370/70
    21. Can someone explain to me what’s happening with the Rust foundation? – Reddit, accessed December 4, 2025, https://www.reddit.com/r/rust/comments/12lb0am/can_someone_explain_to_me_whats_happening_with/
    22. Why the Rust Trademark Policy was such a problem | Hacker News, accessed December 4, 2025, https://news.ycombinator.com/item?id=35583089
    23. 2023-04-11 Board Meeting Minutes – The Rust Foundation, accessed December 4, 2025, https://rustfoundation.org/wp-content/uploads/2024/01/2023-04-11-minutes.pdf
    24. Kernel Dev Tells Linus Torvalds To Stop Using Abusive Language – Slashdot, accessed December 4, 2025, https://linux.slashdot.org/story/13/07/15/2316219/kernel-dev-tells-linus-torvalds-to-stop-using-abusive-language
    25. No more verbal abuse – Sage Sharp, accessed December 4, 2025, https://sage.thesharps.us/2013/07/15/no-more-verbal-abuse/
    26. After Years of Abusive E-mails, the Creator of Linux Steps Aside (The New Yorker) [LWN.net], accessed December 4, 2025, https://lwn.net/Articles/765674/
    27. Linus talked to the New Yorker about verbal abuse on LMKL right before he wrote the apology letter. : r/linux – Reddit, accessed December 4, 2025, https://www.reddit.com/r/linux/comments/9hazny/linus_talked_to_the_new_yorker_about_verbal_abuse/
    28. Linux kernel hastily adopts standard Code of Conduct – Otter Tech, accessed December 4, 2025, https://otter.technology/blog/2018/09/20/linux-kernel-hastily-adopts-standard-code-of-conduct/
    29. Linux Has a Code of Conduct and Not Everyone is Happy With it, accessed December 4, 2025, https://itsfoss.com/linux-code-of-conduct/
    30. The Culture War Comes to Linux – VICE, accessed December 4, 2025, https://www.vice.com/en/article/what-happens-if-linux-developers-remove-their-code/
    31. Regarding the “Hitman hiring to kill Lennart Poettering” memo, I believe this is the “incident” he’s referring to. : r/linux – Reddit, accessed December 4, 2025, https://www.reddit.com/r/linux/comments/6atany/regarding_the_hitman_hiring_to_kill_lennart/
    32. Open Source Software maintainer Vandalizes Own Code In Anti-Russian Protest, accessed December 4, 2025, https://www.opensourceforu.com/2022/04/open-source-software-maintainer-vandalizes-own-code-in-anti-russian-protest/
    33. An Investigation into Protestware – arXiv, accessed December 4, 2025, https://arxiv.org/pdf/2409.19849
    34. #Reactgate forces React leaders to confront community’s toxic culture head on – Packt, accessed December 4, 2025, https://www.packtpub.com/it-za/learning/how-to-tutorials/react-forces-leaders-to-confront-community-toxic-culture
    35. React.js VS Vue.js. JavaScript frameworks continue to… | by Dharshana S – Medium, accessed December 4, 2025, https://medium.com/@dharshanans54/react-js-vs-vue-js-8526fa5085bb
    36. Why there are more react/Angular jobs than vue on LinkedIn? : r/vuejs – Reddit, accessed December 4, 2025, https://www.reddit.com/r/vuejs/comments/11uod21/why_there_are_more_reactangular_jobs_than_vue_on/
    37. What We Know About the NPM Supply Chain Attack | Trend Micro (US), accessed December 4, 2025, https://www.trendmicro.com/en_us/research/25/i/npm-supply-chain-attack.html
    38. The Rise of Malicious Packages in DevOps – SOCRadar, accessed December 4, 2025, https://socradar.io/rise-of-malicious-packages-in-devops/
    39. The Walrus Operator in Python which led the Leader of Python to Resign – Reddit, accessed December 4, 2025, https://www.reddit.com/r/programming/comments/i0nqgg/the_walrus_operator_in_python_which_led_the/
    40. Decision-Making Process Improvements (or My Frustrations With How PEP 734 Has Played Out) – Python Discussions, accessed December 4, 2025, https://discuss.python.org/t/decision-making-process-improvements-or-my-frustrations-with-how-pep-734-has-played-out/95985
    41. The Landscape of Toxicity: An Empirical Investigation of Toxicity on GitHub – arXiv, accessed December 4, 2025, https://arxiv.org/html/2502.08238v1
    42. The Landscape of Toxicity: An Empirical Investigation of Toxicity on GitHub – ResearchGate, accessed December 4, 2025, https://www.researchgate.net/publication/392842859_The_Landscape_of_Toxicity_An_Empirical_Investigation_of_Toxicity_on_GitHub
    43. I Trained an LLM on Stack Overflow: It Learned to Be as Toxic as the Community | by Sohail x Codes | Medium, accessed December 4, 2025, https://medium.com/@sohail_saifii/i-trained-an-llm-on-stack-overflow-it-learned-to-be-as-toxic-as-the-community-a4b3a088e27a
    44. Terrorism Analysis through Social Media using Data Mining by IRJET Journal – Issuu, accessed December 4, 2025, https://issuu.com/irjet/docs/irjet-v9i4512
    45. Predicting the Political Alignment of Twitter Users – ResearchGate, accessed December 4, 2025, https://www.researchgate.net/publication/220876147_Predicting_the_Political_Alignment_of_Twitter_Users
    46. The Hidden Vulnerabilities of Open Source – FastCode, accessed December 4, 2025, https://fastcode.io/2025/09/02/the-hidden-vulnerabilities-of-open-source/
    47. cross-project-council/CODE_OF_CONDUCT.md at main · openjs, accessed December 4, 2025, https://github.com/openjs-foundation/cross-project-council/blob/main/CODE_OF_CONDUCT.md?__hsfp=868907044&__hssc=160532258.1.1728432005187&__hstc=160532258.8da91b5f8b42a5531651a132262dd89d.1728432005184.1728432005185.1728432005186.1
    48. Code of Conduct | LF Events, accessed December 4, 2025, https://events.linuxfoundation.org/archive/2023/open-source-finance-forum-new-york/attend/code-of-conduct/
    49. Full article: Toxic behavior in multiplayer online games: the role of witnessed verbal aggression, game engagement intensity, and social self-efficacy, accessed December 4, 2025, https://www.tandfonline.com/doi/full/10.1080/17544750.2024.2425662
    50. CyberheistNews Vol 15 #37 [New Report] Shadow AI Threats Are Increasing. Here’s How to Spot Them – KnowBe4 blog, accessed December 4, 2025, https://blog.knowbe4.com/cyberheistnews-vol-15-37-new-report-shadow-ai-threats-are-increasing-heres-how-to-spot-them
    51. Full text of “The Times , 1997, UK, English” – Internet Archive, accessed December 4, 2025, https://archive.org/stream/NewsUK1997UKEnglish/Nov%2004%201997%2C%20The%20Times%2C%20%2366038%2C%20UK%20%28en%29_djvu.txt