rikudou@lemmings.world
on 04 Apr 2024 07:49
nextcollapse
Well, it’s fun that they mention F-Droid, because the maintainers are bullies who bully their contributors and generally act very unpleasant. They like to make new rules on the spot.
I abandoned using the project altogether, not someone I want to support.
tabular@lemmy.world
on 04 Apr 2024 07:59
nextcollapse
What rules?
rikudou@lemmings.world
on 04 Apr 2024 17:01
collapse
That apps published there can’t be wrappers around a web application.
testEmailVerified@lemmy.world
on 04 Apr 2024 17:34
nextcollapse
What’s a wrapper in this context?
An app that’s just WebView?
rikudou@lemmings.world
on 04 Apr 2024 18:20
collapse
Not WebView, but a so-called TWA, aka Trusted Web Activity, a features specifically designed to wrap PWAs and give them full-blown app capabilities.
hedgehog@ttrpg.network
on 05 Apr 2024 13:13
collapse
What additional capabilities does that give the app beyond using Firefox or Chrome to install it as a PWA?
Buddahriffic@lemmy.world
on 04 Apr 2024 19:06
nextcollapse
Good rule, those should be web addresses, not apps. Or even better, native applications rather than web apps, but it does depend on the context.
rikudou@lemmings.world
on 04 Apr 2024 19:18
collapse
Eh… why? More to the point, it’s not mentioned anywhere in their guidelines, it was made up on the spot by the fella doing the code review.
Buddahriffic@lemmy.world
on 04 Apr 2024 19:32
collapse
They are inefficient and bloated.
And personally, I prefer good reasoning over good rules. If something comes up that is a bad idea but there’s no existing rule against it, the rules should be changed to address it. As long as the reasoning is sound, I think it’s a good thing, especially when we’re talking about something like a software distribution platform as opposed to say laws that determine freedom or imprisonment.
rikudou@lemmings.world
on 04 Apr 2024 19:34
nextcollapse
Inefficient and bloated describes 90% of all apps I’ve ever seen, regardless of technology used, so I fail to see your point.
RvTV95XBeo@sh.itjust.works
on 04 Apr 2024 22:03
collapse
Also if you’ve made a web app, let it be installed as a web app. Both FF and Chrome let you install web apps in one click.
sugar_in_your_tea@sh.itjust.works
on 05 Apr 2024 02:24
collapse
If you really want to have it available on F-Droid, you can always put it in a separate repository. So I can see it being annoying that they reject it from their repo, but there’s still a reasonable path forward.
rikudou@lemmings.world
on 05 Apr 2024 07:42
collapse
Well, I have the app on Google Play store, which was originally meant to be the alternative, now it’s the main store.
Seems to me like they’ve done a pretty good job keeping their store free of malicious apps, I’ve never heard of any breaches like I have of every other store including Snap and Flatpak.
Maybe they’re pissing some people off in the process, but maybe it’s the right people to piss off. They’ve been able to hold it together in the FOSS app space better than most.
DingoBilly@lemmy.world
on 04 Apr 2024 10:02
nextcollapse
It’s probably far more common than most people realize. Open source software doesn’t automatically make it secure, and in many cases can be less secure than closed source as it’s just one or two people doing it for free.
Much easier to be tempted to do something wrong or to get others to help in and take the weight off.
NoneOfUrBusiness@kbin.social
on 04 Apr 2024 12:30
nextcollapse
I mean you can see the source code. You'll know if anyone does something weird if you have two braincells.
Edit: Clown here move along.
bizzle@lemmy.world
on 04 Apr 2024 13:04
nextcollapse
I can’t tell if you’re joking but if you are that’s hilarious
NoneOfUrBusiness@kbin.social
on 04 Apr 2024 13:05
collapse
It’s not a dumb point so much as just naive – and its the lesson we learned from the xz backdoor.
Sure the source code is out there for anyone to see, but are the right people actually looking?
lewdian69@lemmy.world
on 04 Apr 2024 13:28
collapse
You’re manually reviewing the entire code of every open source product you use? Manually reviewing the code at every commit of every open source software you use?
NoneOfUrBusiness@kbin.social
on 04 Apr 2024 13:57
collapse
Nope, I'm just a clown who doesn't actually work in tech.
lewdian69@lemmy.world
on 05 Apr 2024 14:50
collapse
I forgot it wasn’t any of my business to ask. My bad
Weird that they would say something totally different from what they mean…
SqueakyBeaver@lemmy.blahaj.zone
on 04 Apr 2024 17:38
collapse
I mean, they didn’t though
Theoretically, well-funded teams would be able to create more secure software and fix vulnerabilities faster than some random guy who works a full-time job and codes in his free time
You say they didn’t, and then go on to make a point they didn’t make…
They didn’t comment on funding whatsoever. Plenty of open-source software gets funding, and not all closed source software gets funding.
The issue is with bullying and burnout. Nothing to do with being closed or open source.
SqueakyBeaver@lemmy.blahaj.zone
on 04 Apr 2024 17:45
collapse
I’m sorry that I’m apparently not getting my point across to you
Proprietary software is often made by a corporation, who pays full-time developers. Those full-time developers are given a salary to work on that software. That salary is normally more than what open-source devs make off their software. The team who is paid to work full-time on the software will patch issues faster (theoretically)
I bet you’ll find something wrong with this, but I don’t care
There’s nothing wrong with what you’re saying, I’m not challenging the point you’re making here.
I’m challenging your ability to mind-read and ascribe that point to a different commenter.
Malfeasant@lemmy.world
on 04 Apr 2024 17:33
collapse
Hahahahahahahahaahaha
(I work for a software company.)
HuntressHimbo@lemm.ee
on 04 Apr 2024 16:44
nextcollapse
Closed source software has the exact same bullying issue, the difference is instead of the bullies being random people on the internet, they are managers with power over you. They are at least as likely to make you do something dangerous as the randoms, but they don’t have to try as hard to hide it.
sugar_in_your_tea@sh.itjust.works
on 05 Apr 2024 14:17
collapse
It’s not the same, but it can be.
Bullying in closed source software is a company culture issue. Bullying in open source software can come from anywhere, and a good CoC won’t necessarily fix it because outside community members can just bully from different accounts. But that also means bad company culture can’t be fixed as easily as playing whack-a-mole in a FOSS project.
meanwhile Linus hounding down the google devs for making stupid pull requests
ItsMeSpez@lemmy.world
on 04 Apr 2024 22:08
nextcollapse
Do you have some context for this? I’m out of the loop.
TheGrandNagus@lemmy.world
on 04 Apr 2024 22:40
collapse
Years ago, Linus Torvalds, creator of Linux, was notoriously mean to people who submitted bad code.
Like he would straight up call it absolute dogshit and say they should feel ashamed, he’d call them fucking morons, on one occasion I believe he even told someone to kill themselves.
In the years since, though, he’s said that he’s found the abrasive authority figure schtick doesn’t really work and has the unfortunate side effect of making others involved adversarial too, or will hasten the notorious FOSS developer burnout, and he has changed to a much warmer and friendlier way of working, and been quite apologetic about his past attitude.
sugar_in_your_tea@sh.itjust.works
on 05 Apr 2024 02:19
nextcollapse
To be fair, he has to deal with a lot of nonsense in his job. A lot of companies try to push utter crap through, and if his subsystem maintainers miss something, it makes his life much more difficult. He’s merging tons of changes every day and doesn’t have the time to review everything.
So I think some righteous anger is justified here. His subsystem maintainers should know better, and his anger was usually directed at them, not some random new contributor.
TheGrandNagus@lemmy.world
on 05 Apr 2024 10:31
collapse
Absolutely. His workload was insane and unending, and if crap code made its way through, he’d get a portion of the blame. It’s very human to lash out in the way he did, particularly when he frequently saw the same mistakes over and over again.
But it’s right that he made steps to not act in that way anymore. Linux developer burnout is bad enough even without Linus and others publicly calling you a shithead or telling you to kill yourself when you fuck up.
sugar_in_your_tea@sh.itjust.works
on 05 Apr 2024 13:55
collapse
Yup. My point was that it’s not necessarily autism or bullying that brought us here, but years of dealing with people who should know better. I’m glad he’s toned it down though, but I did secretly enjoy reading his creative insults (and wouldn’t want to be on the receiving end).
Oh he’s still perfectly blunt about code, and even about people if need be but he makes sure he has a good night’s worth of sleep before he does that to not do it in anger. Which means dress-downs are now of the “I’m not angry, I’m disappointed” type. I’m not aware of him ever telling people to kill themselves, just erm “wondering”:
Of course, I’d also suggest that whoever was the genius who thought it
was a good idea to read things ONE F*CKING BYTE AT A TIME with system
calls for each byte should be retroactively aborted. Who the f*ck does
idiotic things like that? How did they noty die as babies, considering
that they were likely too stupid to find a tit to suck on?
(And to be fair, yes, reading things one byte at a time is fucking stupid. Not something you’d ever expect in a kernel)
TheGrandNagus@lemmy.world
on 05 Apr 2024 11:18
collapse
I’m not referring to that incident, I’m referring to his criticisms when he was using OpenSUSE and became frustrated at having to use the root password to do basically anything:
“If you have anything to do with security in a distro, and think that [users] need to have the root password to access some wireless network, or to be able to print out a paper, or to change the date-and-time settings, please just kill yourself now. The world will be a better place.”
And just as with you said above, yes, he is right, but it was completely uncalled for and unprofessional to go about the criticism in such a way.
I do find his quips funny, and in some workplaces it’d just be behind-closed-doors banter, but it’s right that he doesn’t go on mean rants anymore. Publicly humiliating devs and wiping your hands clean of the situation while your fans continue to harass them is not optimal.
Buddahriffic@lemmy.world
on 04 Apr 2024 19:10
nextcollapse
The trick is to stop giving af about demands from random assholes. Using software doesn’t entitle anyone to updates. Part of the point of open source is if you want it to be different, the source code is available for you to do that.
sugar_in_your_tea@sh.itjust.works
on 05 Apr 2024 14:14
collapse
Yup. I’ve contributed to a number of FOSS projects (including lemmy) and try to always observe the proper etiquette. That means (IMO):
read through the contribution guidelines and follow them to a T
check for feedback at least once/day
allow at least two days for initial feedback, and gradually back off (so bump after 2 days, bump again after another 3-4 days)
if there’s no feedback after a week, bring it up on another channel (IRC, Matrix, email, etc)
never demand anything, always ask how to help
None of that is written down anywhere, but to me it’s common sense. If you don’t want to do that, fork the project and maintain it yourself. Maybe they’ll pull your changes in if they’re good.
I would simply deal with these bullies by telling them to fuck off and fork their own thing instead of bugging me to push an update on the main. This feels nore like it should be happening to closed source things where the only way to get a thing in it is to beg the dev.
DAMunzy@lemmy.dbzer0.com
on 04 Apr 2024 19:55
collapse
Unfortunately, that’s the social element of social engineering. Not all developers feel that way and it’s possible to trick them.
Luckily, most developers are on the spectrum and aren’t affected as much by that type of social engineering.
threaded - newest
Well, it’s fun that they mention F-Droid, because the maintainers are bullies who bully their contributors and generally act very unpleasant. They like to make new rules on the spot.
I abandoned using the project altogether, not someone I want to support.
What rules?
That apps published there can’t be wrappers around a web application.
What’s a wrapper in this context?
An app that’s just WebView?
Not WebView, but a so-called TWA, aka Trusted Web Activity, a features specifically designed to wrap PWAs and give them full-blown app capabilities.
What additional capabilities does that give the app beyond using Firefox or Chrome to install it as a PWA?
Good rule, those should be web addresses, not apps. Or even better, native applications rather than web apps, but it does depend on the context.
Eh… why? More to the point, it’s not mentioned anywhere in their guidelines, it was made up on the spot by the fella doing the code review.
They are inefficient and bloated.
And personally, I prefer good reasoning over good rules. If something comes up that is a bad idea but there’s no existing rule against it, the rules should be changed to address it. As long as the reasoning is sound, I think it’s a good thing, especially when we’re talking about something like a software distribution platform as opposed to say laws that determine freedom or imprisonment.
Inefficient and bloated describes 90% of all apps I’ve ever seen, regardless of technology used, so I fail to see your point.
Also if you’ve made a web app, let it be installed as a web app. Both FF and Chrome let you install web apps in one click.
If you really want to have it available on F-Droid, you can always put it in a separate repository. So I can see it being annoying that they reject it from their repo, but there’s still a reasonable path forward.
Well, I have the app on Google Play store, which was originally meant to be the alternative, now it’s the main store.
Seems to me like they’ve done a pretty good job keeping their store free of malicious apps, I’ve never heard of any breaches like I have of every other store including Snap and Flatpak.
Maybe they’re pissing some people off in the process, but maybe it’s the right people to piss off. They’ve been able to hold it together in the FOSS app space better than most.
It’s probably far more common than most people realize. Open source software doesn’t automatically make it secure, and in many cases can be less secure than closed source as it’s just one or two people doing it for free.
Much easier to be tempted to do something wrong or to get others to help in and take the weight off.
I mean you can see the source code. You'll know if anyone does something weird if you have two braincells.Edit: Clown here move along.
I can’t tell if you’re joking but if you are that’s hilarious
Oh shit I must've said something really dumb now.
(I wasn't joking).
It’s not a dumb point so much as just naive – and its the lesson we learned from the xz backdoor.
Sure the source code is out there for anyone to see, but are the right people actually looking?
You’re manually reviewing the entire code of every open source product you use? Manually reviewing the code at every commit of every open source software you use?
Nope, I'm just a clown who doesn't actually work in tech.
I forgot it wasn’t any of my business to ask. My bad
Absurd take. How could having the source closed possibly enhance the security?
I think they mean that a lot of proprietary software (supposedly) has a large (or at least well-founded) team working on it
Weird that they would say something totally different from what they mean…
I mean, they didn’t though Theoretically, well-funded teams would be able to create more secure software and fix vulnerabilities faster than some random guy who works a full-time job and codes in his free time
You say they didn’t, and then go on to make a point they didn’t make…
They didn’t comment on funding whatsoever. Plenty of open-source software gets funding, and not all closed source software gets funding.
The issue is with bullying and burnout. Nothing to do with being closed or open source.
I’m sorry that I’m apparently not getting my point across to you
Proprietary software is often made by a corporation, who pays full-time developers. Those full-time developers are given a salary to work on that software. That salary is normally more than what open-source devs make off their software. The team who is paid to work full-time on the software will patch issues faster (theoretically)
I bet you’ll find something wrong with this, but I don’t care
There’s nothing wrong with what you’re saying, I’m not challenging the point you’re making here.
I’m challenging your ability to mind-read and ascribe that point to a different commenter.
Hahahahahahahahaahaha
(I work for a software company.)
Closed source software has the exact same bullying issue, the difference is instead of the bullies being random people on the internet, they are managers with power over you. They are at least as likely to make you do something dangerous as the randoms, but they don’t have to try as hard to hide it.
It’s not the same, but it can be.
Bullying in closed source software is a company culture issue. Bullying in open source software can come from anywhere, and a good CoC won’t necessarily fix it because outside community members can just bully from different accounts. But that also means bad company culture can’t be fixed as easily as playing whack-a-mole in a FOSS project.
How do you qualify the security of a closed source code when you can’t verify it?
.
meanwhile Linus hounding down the google devs for making stupid pull requests
Do you have some context for this? I’m out of the loop.
Years ago, Linus Torvalds, creator of Linux, was notoriously mean to people who submitted bad code.
Like he would straight up call it absolute dogshit and say they should feel ashamed, he’d call them fucking morons, on one occasion I believe he even told someone to kill themselves.
In the years since, though, he’s said that he’s found the abrasive authority figure schtick doesn’t really work and has the unfortunate side effect of making others involved adversarial too, or will hasten the notorious FOSS developer burnout, and he has changed to a much warmer and friendlier way of working, and been quite apologetic about his past attitude.
To be fair, he has to deal with a lot of nonsense in his job. A lot of companies try to push utter crap through, and if his subsystem maintainers miss something, it makes his life much more difficult. He’s merging tons of changes every day and doesn’t have the time to review everything.
So I think some righteous anger is justified here. His subsystem maintainers should know better, and his anger was usually directed at them, not some random new contributor.
Absolutely. His workload was insane and unending, and if crap code made its way through, he’d get a portion of the blame. It’s very human to lash out in the way he did, particularly when he frequently saw the same mistakes over and over again.
But it’s right that he made steps to not act in that way anymore. Linux developer burnout is bad enough even without Linus and others publicly calling you a shithead or telling you to kill yourself when you fuck up.
Yup. My point was that it’s not necessarily autism or bullying that brought us here, but years of dealing with people who should know better. I’m glad he’s toned it down though, but I did secretly enjoy reading his creative insults (and wouldn’t want to be on the receiving end).
Oh he’s still perfectly blunt about code, and even about people if need be but he makes sure he has a good night’s worth of sleep before he does that to not do it in anger. Which means dress-downs are now of the “I’m not angry, I’m disappointed” type. I’m not aware of him ever telling people to kill themselves, just erm “wondering”:
(And to be fair, yes, reading things one byte at a time is fucking stupid. Not something you’d ever expect in a kernel)
I’m not referring to that incident, I’m referring to his criticisms when he was using OpenSUSE and became frustrated at having to use the root password to do basically anything:
And just as with you said above, yes, he is right, but it was completely uncalled for and unprofessional to go about the criticism in such a way.
I do find his quips funny, and in some workplaces it’d just be behind-closed-doors banter, but it’s right that he doesn’t go on mean rants anymore. Publicly humiliating devs and wiping your hands clean of the situation while your fans continue to harass them is not optimal.
I’ll allow it.
The trick is to stop giving af about demands from random assholes. Using software doesn’t entitle anyone to updates. Part of the point of open source is if you want it to be different, the source code is available for you to do that.
Yup. I’ve contributed to a number of FOSS projects (including lemmy) and try to always observe the proper etiquette. That means (IMO):
None of that is written down anywhere, but to me it’s common sense. If you don’t want to do that, fork the project and maintain it yourself. Maybe they’ll pull your changes in if they’re good.
I would simply deal with these bullies by telling them to fuck off and fork their own thing instead of bugging me to push an update on the main. This feels nore like it should be happening to closed source things where the only way to get a thing in it is to beg the dev.
Unfortunately, that’s the social element of social engineering. Not all developers feel that way and it’s possible to trick them.
Luckily, most developers are on the spectrum and aren’t affected as much by that type of social engineering.
.
Completely a meme answer. IT workers including software devs in the past were seen as nerdy loner types
I think most people who are “on the spectrum” are undiagnosed, this survey asked about diagnosed autism.
And that’s pretty close to the average in the population of 1 in 36, or 2.8%.