“Trust” as in: trust it enough to run it on your machine.
(And assuming that you can’t understand code yourself)
Who’s out here trying to figure out the political or other beliefs of developers? I’ve got around 50 docker containers running on my server, there’s no way I’m going through people’s profiles to see if they’re morally aligned with me.
No. If I disagree with someone politically it’s likely because they want me and anyone like me dead. Those people are dead to me.
I’m pretty sure we’ll disagree politically on many issues but I don’t want you or anyone like you dead. I hope people in the US will stop viewing politics as cults and start to communicate with people disagreeing with them.
For the first 40+ years of my life, sure. For the past 10…we are suffering from a cult.
Do you support trans rights? Do you support immigration? Do you support the demilitarization of police and complete restructuring of the current US “justice” system? Do you know why credit scores exist? Do you support using taxes to provide for our most vulnerable? Do you know what diversity, equity, and inclusion are?
If you said no to any of those, then I doubt we share common ground
I doubt many people outside the US have any clue about whether the US justice system needs to be restructured, so there goes ~95% of the global population.
Excluding people from discussions because they don’t agree with ‘one’ point is setting yourself up for failure.
You aren’t winning anyone over with an all-or-nothing attitude, you’re cutting off many potential allies.
Yes, since not liking or disagreeing with someone isn’t the same thing as likelihood they are pushing malicious code. If something is open source that’s a really good sign, because they could also push closed source code and be more likely to get away with it that way. More points if it clearly has other eyes on it; even if I am not checking over the code myself, someone probably is for a lot of projects.
It’s like “separate art from artist” except even more so because software tends to be even more quantifiable as its own independent thing than art is.
it depends on what the software is doing i guess
no.
IMO conservatives are untrustworthy and can’t identify fact from fiction.
would you run software from a dev who has a problem discerning reality? do you think a schizophrenic person writes stable maintainable code?
mental health is an important part of gaining trust in your product. ironic that they continue to trust and support a geriatric nazi-wannabe, but goes to show how compromised conservatives are when it comes to their decision making skills.
TempleOS?
technically the guy went crazy because of the project.
it depends entirely on the context, what the software is, alternatives… etc
if it is open source and sources I trust approve of it, sure
Only if they specifically seem fascist, because that’s the one political group that likes to know everything you do and censor any dissenting opinion.
I mean… I used reiserFS for years and that guy killed his wife, I’m not too keen on that.
I guess its fine as long as its not actively malicious code, its not like I’m letting them into my brain.
On that though, I find it unlikely someone who differs from me politically would have the same priorities, and as such their projects are much less likely to show up on my radar.
Edit: spelling correction, Autocorrupt, ykwim?
https://en.wikipedia.org/wiki/ReiserFS
Reiser was convicted of the first-degree murder of his wife, Nina Reiser
Does anyone have a link to that handwritten letter (with translation) from prison where he resigned as maintainer of reiserfs?
I’d see it as a seal of quality if the developer is a crank.
I trust the Lemmy developers enough to use their platform hosted on external servers despite them being Marxist clowns, but I wouldn’t self host without a thorough code review.
And I’m seriously just waiting for a decent piefed app in order to ditch the platform altogether. So far voyager is the most functionally complete one, but doesn’t look very appealing.
If there’s no alternative that has the feature set that software has, the alternatives are ultimately worse, and/or I cannot find a fork from another less egregious dev, then it’s like I’d have any other choice if I need the software. If I don’t need the software, good chance I might just stop using it and just uninstall.
It’s why back when I heard that the people in charge of Audacity, back a few years ago, had potential plans on adding telemetry, I stopped using it all together. Of course I kinda moved back because, as far as I know, all the forks are basically dead and the team went back on those plans due to community uproar. Now I just keep it unable to connect via firewall to be safe.
Lemmy is exactly that for a lot of people, the developers are quite controversial.
Obviously most users are not installing the software from those developers on their personal machines, but serving a federated instance certainly involves doing so.
I don’t “trust” tankies, because no authoritarian can ever be trusted, nor do I trust lemmy. I just prefer to vote with my content/wallet, and Reddit showed the world they don’t deserve their user base, or any of their content.
This is an open non-profit platform anyone can scrape. That’s good enough for me, until something with a better value proposition comes along.
i’m so excited about the progress piefed is making and my home instance’s plans to migrate
Wait. How similar is piefed to Lemmy? Does Voyager work with it?
Voyager has “experimental “ support for piefed. I do believe they are working on expanding on that.
I’m waiting for boost to add piefed support (confirmed to be coming) then I’m going to switch
extremely similar with some serious quality of life improvements and better dev leadership. the api, per my understanding, is similar to lemmy, but not wholly compatible. voyager, i do not think, does not support piefed currently (i will need to switch apps)
I run thousands of pieces of software and I have no idea what the political leanings of the developers are. Obviously I know about the main Lemmy developers because this seems to be a recurring topic here. However why would I start caring about these particular developers now?
There have been developers who have done shady things in their projects and it usually torpedoes the trust in the project and people fork and move away. However whatever I may think about the Lemmy developers politics I have no reason to believe they are doing nefarious things in their software.
The developer is kind of just a sack of shit. I’m 90% sure Lemmy development is funded by either Russia or China, and I suspect Russia.
I kinda doubt it. Let’s not forget this is a global community, and Marxism-Leninism has different levels of support in different parts of the world.
If this was a state-funded project, I think the development would have gone a lot more swiftly, and the leads would be even more puritanical in pushing their beliefs. As it is, I’ve argued pretty extensively from a liberal perspective on .ml before, even personally with dessalines, and while they don’t exactly love me over there, I’m careful to respect their rules and they haven’t banned me.
I think they really are just idealistic supporters of communism, mostly from places where that’s a little more common.
If it was state funded by a functioning state I would agree with you, but I wouldn’t be surprised if Russia was kicking these guys a modest living to undermine American social media companies.
I mean, I got banned personally by Dessalines from lemmy.ml for mildly suggesting that a meme felt like it was a Chinese op designed to provoke in-fighting in western countries.
Not rudely, not aggressively, literally just questioning whether it could be in the comments below.
Tbh, I think most people just don’t understand that Lemmy is where all the quote un quote “tankies” that got banned or felt disenfranchised with reddit ended up in. They truly believe in whatever they are saying. Some of these people tend to be pro China and or even Russia, AND are real people who actually believe in their ideology and what they are saying, and aren’t just foreign agents. As for undermining American social media companies? Tiktok is already one of the most popular social media sites out there.
Yeah, I won’t say it’s impossible or anything. I just think there’s other reasonable explanations too.
Personally I just avoid mentioning China when I’m over there. lol It’s easier to keep everything civil if you avoid naming names, and China is a particularly sore spot for them. You also can’t forget that free speech is not a foundational part of their ideology like it is ours. They’re more about seizing the means of production than the free contesting of ideas.
It does feel a little like walking on eggshells.
Not to mention wheres all the disinformation campaigns? It only started to get bad recently on Lemmy.
Well, you may be surprised then to find it’s being funded by NLnet, which apparently gets its money from the EU.
That doesn’t mean it’s not also funded by China or Russia. They’ve been able to work on Lemmy for a while without much public funding.
They get donations, and people can just do stuff on the side
I’m 90% sure Lemmy development is funded by either Russia or China
Why do you think so?
It’s funded mostly by the Netherlands lol
Even It is I’d be okay with it since its opensource meaning I can see if its doing something bad and I can fork ifbit goes sideways.
I’m assuming this is a dig at Lemmy? The author is a tanky, the software is Janky and we are all having a fun time anyways.
Not really directed at Lemmy.
I was thinking about the time Louis Rossman (who used to advocate for using Graphene OS) said he stopped using GrapheneOS because he didn’t trust the former lead dev.
Also: https://en.wikipedia.org/wiki/XZ_Utils_backdoor comes to mind.
In this situation, any closed source developer/project manager would never disclose such issues, if they caught them at all.
I trust open source code a hell of a lot more then close sourced stuff because anyone can look at it/test it and see if somethings fucky.
The whole entire point of free software is trustlessness.
You always have to trust others. If a key person can not be trusted anymore, the option to constantly check the code is not really an option.
Ref. the famous Ken Thompson hack. At some point you’re forced to trust someone.
At this point GrapheneOS is big enough that there are people who do pay attention to changes and forks that would notice as well.
He lied about stopping use of GrapheneOS. He can be seen in videos long after still using GrapheneOS on his Pixel. Also, the reasons he stated for not using/trusting it were nonsense. There was not, and is not, a technical way to target a user with malicious OTA updates.
He was also one of 3 owners of a for-profit telecom that included Nick Merrill (Founder of Calyx). https://sec.gov/Archives/edgar/data/2009536/000200953624000001/xslFormDX01/primary_doc.xml is the SEC filing for shares issued in February 2024 .
I don’t see how any of this is an excuse to what has been said in the chats. Micay also lied about stepping down from GOS.
You understand that in those chats, Micay had been the victim of ongoing harassment, perpetuated by Rossman and Calyx leadership, which culminated in doxxing and then a SWAT attack which is a threat on their life.
They didn’t lie about stepping down. They took a back seat to development work and the public eye because of these experiences. It was an enormous toll on their mental and physical health.
Now does that excuse Rossman for mislabeling na individual with mental diagnoses? Does that excuse them and other people for dismissing what they say based on these false labels?
You understand that in those chats, Micay had been the victim of ongoing harassment, perpetuated by Rossman and Calyx leadership, which culminated in doxxing and then a SWAT attack which is a threat on their life.
Please provide evidence for that. Also why was he a “victim of ongoing harassment perpetuated by Rossman” and Micay never mentioned that in the chats in the video? Did you even see the video? The only accusation in that chat was that he commented under the Techlore video. Everything after that was orchestrated to destroy Rossmanns reputation.
Ok first of all: GrapheneOS is great, probably the best alternative Android OS, but their PR skills are rock bottom. Still, many ignore that due to how good it is.
With that said, I don’t believe their claim that it’s impossible for them to target a user with a malicious OTA: their reason is basically that the update server never even knows who is downloading, and so it can’t send a different file to just one user. That’s true, but thet could, in theory, make a single OTA that everybody gets, but checks for a specific IMEI or other device ID and only there enables some malicious payload.
I trust them not to do it, for many reasons, but technically they could. I also don’t think they’d do it to Louis, despite the beef they have with him.
Well, the fact is it is impossible to target someone with a modified update. The update client sends no IDs to the server, it just fetches static files and determines whether it needs to update or not. The server only has static files.
thet could, in theory, make a single OTA that everybody gets, but checks for a specific IMEI or other device ID and only there enables some malicious payload.
That would be very obvious in the code. And how would devices be targeted if GrapheneOS project members don’t know the unique IDs because they’re not sent in the first place? There are also community members who build GrapheneOS on their own and check if the builds match because GrapheneOS builds are reproducible. It just isn’t possible. But even if people don’t believe all of that, they can still disable the updater app and sideload updates manually. Instructions are on the website.
