I typed a reply about how bad actors will use reasonable arguments to get their way, so we'd need genuine evidence
my comment didn't send properly tho and i got an error message, so if you see me commenting twice, sorry
this post was submitted on 01 Apr 2024
12 points (100.0% liked)
/kbin meta
110 readers
1 users here now
Magazine dedicated to discussions about the kbin itself. Provide feedback, ask questions, suggest improvements, and engage in conversations related to the platform organization, policies, features, and community dynamics. ---- * Roadmap 2023 * m/kbinDevlog * m/kbinDesign
founded 1 year ago
Yes, there is some similarity. You're not wrong.
However, it's much more likely to be due to the common experience of solo devs whose projects blow up than it is about bad actors on kbin.
If you're so inclined, you can always check the profiles of those who were pushing for it and particularly those who were volunteering; the boehs.org link should supply some helpful red flags to look for. Ernest would be wise to check IP activity and even ask for IRL credentials of those he would consider giving any real level of access to. Beyond that, it's firmly in the realm of "mildly interesting."
It's not the boeh.org link, but here is a similar timeline of events: https://research.swtch.com/xz-timeline
xz was successful because it was believable, but a malicious actor would more likely target libraries that are depended on by many, like xz.
I switched away because kbin seemed stuck and unresponsive to users and uncommunicative. Changes that were made seemed to be ones the Ernest wanted to and not addressing issues that people were feeling in some cases.
I am a software developer for a living and I can tell you that you can both have more people contributing and be secure. Most projects do not have bad actors who successfully poison things. When someone does, they get caught in the review process. If this is your concern, then prove that Ernest himself isn't a bad actor? I don't believe he is, but being one person in control would certainly make that easy.
Ernest Adds More Maintainers to Kbin is one of my favorite 80s comedies
its open source. it can and has been forked. he can do what he likes. The call for moderation made sense but code is different. Granted I think he should bring in help for himself but that is for him to decide.
I don't know what this xz thing is about, first time hearing it. But people saying he should get more help are trying to help him, not having malicious plans like installing backdoors or whatever.
I do think people should ask less for more maintainers — the project is already opensource, so it's up to maintainers to join, not him to seek them out. But he should still get some help with managing the instance. Pauses in development are fine imo, but the instance shouldn't be swarmed with spam and account deletion requests lost in limbo just because ernest got sick or something, which can happen with the best work life balances.
I don't know what this xz thing is about, first time hearing it.
Someone pressured the maintainer of a compression tool used in a bunch of open source software to hand over the keys by citing burnout and offering to "help" then spent ~3 years slowly adding tiny changes that combined to form a backdoor in SSH that nearly compromised the entire internet or something.
It was only barely caught by accident because it made some thing some guy was doing that wasn't even related a fraction of a second slower.
Been all over the FOSSiverse for days, and the social engineering that was used on the xz maintainer reminded me personally of similar pressure certain people have applied to Ernest in most threads about kbin performance I have seen.
The reason it worked is because sometimes burnout is a real problem, and getting extra help is a real solution. The fact that this was exploited in one situation doesn't mean that all of a sudden there isn't any real burnout or genuine offers to help any more.
A project can sometimes benefit from help even if there is no burnout. People have limits.
This is an absurd thread. By collecting together critical comments, and picking back up a loud fight that previously died down over a week ago, you are absolutely adding to any pressure towards our lad in charge.
Touch grass
Touch grass
Suck ya mudda
Honestly, no. Kbin has been barely usable for a long time and I'm starting to consider giving up.
I have a notification waiting for me, but I get a 404 on the page to check it out. /sub also didn't work yesterday. I spent a few minutes trying to edit a comment just an hour ago.
Nothing against Ernest, a page of this size is hard to manage alone or almost alone, but it's still a pain as a user.
I have a notification waiting for me, but I get a 404 on the page to check it out.
Append ?p=1 at the end of the URL; that sometimes fixes it.
Next, relax.