“Trust” as in: trust it enough to run it on your machine.
(And assuming that you can’t understand code yourself)
Yes because it can be verified by others even if you don’t understand
Everyone else, in unison: “yes, someone else will say something if this is a bad program”
Someone Else™: wind gently blowing, as a tumbleweed goes by
Whenever I download or run some foss software I always read through 1 random file to ensure no dodgyness is happening in that 1 singular file. I’m doing my part.
Lemmy is exactly that for a lot of people, the developers are quite controversial.
Obviously most users are not installing the software from those developers on their personal machines, but serving a federated instance certainly involves doing so.
I don’t “trust” tankies, because no authoritarian can ever be trusted, nor do I trust lemmy. I just prefer to vote with my content/wallet, and Reddit showed the world they don’t deserve their user base, or any of their content.
This is an open non-profit platform anyone can scrape. That’s good enough for me, until something with a better value proposition comes along.
i’m so excited about the progress piefed is making and my home instance’s plans to migrate
Wait. How similar is piefed to Lemmy? Does Voyager work with it?
Voyager has “experimental “ support for piefed. I do believe they are working on expanding on that.
extremely similar with some serious quality of life improvements and better dev leadership. the api, per my understanding, is similar to lemmy, but not wholly compatible. voyager, i do not think, does not support piefed currently (i will need to switch apps)
I run thousands of pieces of software and I have no idea what the political leanings of the developers are. Obviously I know about the main Lemmy developers because this seems to be a recurring topic here. However why would I start caring about these particular developers now?
There have been developers who have done shady things in their projects and it usually torpedoes the trust in the project and people fork and move away. However whatever I may think about the Lemmy developers politics I have no reason to believe they are doing nefarious things in their software.
The developer is kind of just a sack of shit. I’m 90% sure Lemmy development is funded by either Russia or China, and I suspect Russia.
I kinda doubt it. Let’s not forget this is a global community, and Marxism-Leninism has different levels of support in different parts of the world.
If this was a state-funded project, I think the development would have gone a lot more swiftly, and the leads would be even more puritanical in pushing their beliefs. As it is, I’ve argued pretty extensively from a liberal perspective on .ml before, even personally with dessalines, and while they don’t exactly love me over there, I’m careful to respect their rules and they haven’t banned me.
I think they really are just idealistic supporters of communism, mostly from places where that’s a little more common.
If it was state funded by a functioning state I would agree with you, but I wouldn’t be surprised if Russia was kicking these guys a modest living to undermine American social media companies.
I mean, I got banned personally by Dessalines from lemmy.ml for mildly suggesting that a meme felt like it was a Chinese op designed to provoke in-fighting in western countries.
Not rudely, not aggressively, literally just questioning whether it could be in the comments below.
Yeah, I won’t say it’s impossible or anything. I just think there’s other reasonable explanations too.
Personally I just avoid mentioning China when I’m over there. lol It’s easier to keep everything civil if you avoid naming names, and China is a particularly sore spot for them. You also can’t forget that free speech is not a foundational part of their ideology like it is ours. They’re more about seizing the means of production than the free contesting of ideas.
It does feel a little like walking on eggshells.
Tbh, I think most people just don’t understand that Lemmy is where all the quote un quote “tankies” that got banned or felt disenfranchised with reddit ended up in. They truly believe in whatever they are saying. Some of these people tend to be pro China and or even Russia, AND are real people who actually believe in their ideology and what they are saying, and aren’t just foreign agents. As for undermining American social media companies? Tiktok is already one of the most popular social media sites out there.
Not to mention wheres all the disinformation campaigns? It only started to get bad recently on Lemmy.
It’s funded mostly by the Netherlands lol
Well, you may be surprised then to find it’s being funded by NLnet, which apparently gets its money from the EU.
That doesn’t mean it’s not also funded by China or Russia. They’ve been able to work on Lemmy for a while without much public funding.
They get donations, and people can just do stuff on the side
I’m 90% sure Lemmy development is funded by either Russia or China
Why do you think so?
I would probably trust but depending on the issue, I might just refuse to run it on my machines on principle. Just like how I wouldn’t want to hang one of Hitler’s paintings on my living room wall no matter how good it might be.
It depends:
If the software is neutral regarding the poitical topics, then yes of course.
I know one who makes “opinionated software” and says so, openly. If I would strongly disagree, then I would probably not trust the software. Fortunately I agree with his opinion :)
I’m going to guess not everyone who runs a lemmy server agrees with the maintainer’s politics
I’m assuming this is a dig at Lemmy? The author is a tanky, the software is Janky and we are all having a fun time anyways.
Not really directed at Lemmy.
I was thinking about the time Louis Rossman (who used to advocate for using Graphene OS) said he stopped using GrapheneOS because he didn’t trust the former lead dev.
Also: https://en.wikipedia.org/wiki/XZ_Utils_backdoor comes to mind.
The whole entire point of free software is trustlessness.
You always have to trust others. If a key person can not be trusted anymore, the option to constantly check the code is not really an option.
At this point GrapheneOS is big enough that there are people who do pay attention to changes and forks that would notice as well.
Ref. the famous Ken Thompson hack. At some point you’re forced to trust someone.
In this situation, any closed source developer/project manager would never disclose such issues, if they caught them at all.
I trust open source code a hell of a lot more then close sourced stuff because anyone can look at it/test it and see if somethings fucky.
He lied about stopping use of GrapheneOS. He can be seen in videos long after still using GrapheneOS on his Pixel. Also, the reasons he stated for not using/trusting it were nonsense. There was not, and is not, a technical way to target a user with malicious OTA updates.
He was also one of 3 owners of a for-profit telecom that included Nick Merrill (Founder of Calyx). https://sec.gov/Archives/edgar/data/2009536/000200953624000001/xslFormDX01/primary_doc.xml is the SEC filing for shares issued in February 2024 .
Ok first of all: GrapheneOS is great, probably the best alternative Android OS, but their PR skills are rock bottom. Still, many ignore that due to how good it is.
With that said, I don’t believe their claim that it’s impossible for them to target a user with a malicious OTA: their reason is basically that the update server never even knows who is downloading, and so it can’t send a different file to just one user. That’s true, but thet could, in theory, make a single OTA that everybody gets, but checks for a specific IMEI or other device ID and only there enables some malicious payload.
I trust them not to do it, for many reasons, but technically they could. I also don’t think they’d do it to Louis, despite the beef they have with him.
Well, the fact is it is impossible to target someone with a modified update. The update client sends no IDs to the server, it just fetches static files and determines whether it needs to update or not. The server only has static files.
thet could, in theory, make a single OTA that everybody gets, but checks for a specific IMEI or other device ID and only there enables some malicious payload.
That would be very obvious in the code. And how would devices be targeted if GrapheneOS project members don’t know the unique IDs because they’re not sent in the first place? There are also community members who build GrapheneOS on their own and check if the builds match because GrapheneOS builds are reproducible. It just isn’t possible. But even if people don’t believe all of that, they can still disable the updater app and sideload updates manually. Instructions are on the website.
I don’t see how any of this is an excuse to what has been said in the chats. Micay also lied about stepping down from GOS.
You understand that in those chats, Micay had been the victim of ongoing harassment, perpetuated by Rossman and Calyx leadership, which culminated in doxxing and then a SWAT attack which is a threat on their life.
They didn’t lie about stepping down. They took a back seat to development work and the public eye because of these experiences. It was an enormous toll on their mental and physical health.
Now does that excuse Rossman for mislabeling na individual with mental diagnoses? Does that excuse them and other people for dismissing what they say based on these false labels?
Depends heavily on application (access required, sensitivity of data handled, etc) and nature of disagreement as it pertains to trustworthiness.
Example A: I use Lemmy even though I disagree politically with the original devs because the design appears sound and it doesn’t require access to sensitive data.
Example B: I won’t use anything from the Proton Foundation because the founders’ personal comportment and political leanings have led me to suspect that they intend to sell user data.
Honest question. How?
Proton Mail is built in a way that makes that near impossible.
Yes and most vulnerabilities related to the mail service are, I imagine, related to interop requirements of legacy protocol/clients. I haven’t audited their e2ee but I expect it’s on par with other e2ee cloud providers, and IIRC they passed SOC ii.
My distrust pertains mostly to their operations during a future exit scenario/acquisition when users are, presumably, more heavily invested in the various offerings of their extended productivity suite.
What makes you say that? Any e-mail provider can intercept and read any e-mail they want to. This explanation by cock.li is pretty good on this issue:
How can I trust you? You can’t. Cock.li doesn’t read or scan your e-mail content in any way, but it’s possible for any e-mail provider to read your e-mail, so you’ll just have to take our word for it. No “encrypted e-mail” provider is preventing this: even if they encrypt incoming mail before storing it, the provider still receives the e-mail in plaintext first, meaning you’re only protected if you assume no one was reading or copying the e-mail as it came in. When possible, you should use X.509 or GPG with your mail correspondents to encrypt your message content and prevent it from ever being handled in plaintext on our servers. You should also download and delete your mail from our servers regularly, which alone is almost as good as encrypting your mail.
While I am… suspicious of what the CEO (?) has spouted recently, I am unaware of how that connects to user data. Can you ELI5/summarize/point me in a direction?
That was largely gut-level analysis for my personal decision-making but here are a few of the things I considered:
- Value proposition in the context of acquisition, featuring a heavily-marketed privacy brand and a base of privacy-conscious users (harder to profile, more expensive data)
- Obfuscation of funding sources via ‘venture philanthropy’ non-profit (a la OpenAI) housing closed-doors for-profit operations
- Rapid expansion to full-coverage consumer productivity cloud platform alternatives (vpn, mail, drive, calendar, wallet, passwords, etc)
- Weird pattern of being blocked then let through without future contest by numerous data-hungry entities including thiel, and generally just allowed in a few too many privacy-unfriendly places for my taste
- And the usual reservations re: privatized privacy and commercial OSS
Again sorry that’s all hand-wavy. Probably shouldn’t have thrown shade without something more concrete.
Not OP, but I left for similar reasons. The CEO publically supported the Republican admin (mildly, but even at the time, stupidly). The statement sent out about it after the fact was also sus, but not really super bad.
I left anyway. I’d rather not pay a CEO to publically support the administration that is specifically targeting my family for political points.
I also heard a lot of fear mongering on the fediverse about how their new AI conversations can’t be private because it gets to their servers directly, but I couldn’t find anyone reasonable online who actually looked into it and confirmed that.
So like, they’ve got all the ingredients for more stupidity, and as we’ve seen time and again, everything pressuring them to fuck up/enshitify is also there in the background too.
You use so much open source software–often indirectly–that it’s almost impossible to avoid every asshole with an opinion.
That said, there is one dev where I disagreed with his actions so much that I actively avoid his stuff. It’s not really political, but he’s one of those devs who can do incredible work on his own, but has the social skills of a moldy sandwich. You may have used his work in the past indirectly, as his event library (libev) used to be the basis for Node.js. (The Node.js devs moved elsewhere many years ago due to technical issues such as Windows compatibility).
Anyways, he had a Perl event library known as AnyEvent. It has a bit of a weird, inside-out interface compared to most other event libs, but it works really well once you get the hang of it. The problem that came up was that he didn’t like the way a certain extension module used AnyEvent. He threw a tantrum and had AnyEvent detect if that extension was loaded, and
die()with a big error message about his personal opinion on the matter. This broke perfectly functioning systems when they upgraded AnyEvent.That’s when I stopped using his stuff and urged my coworkers to do the same. Can’t risk that time bomb going off. Wasn’t a small matter, either, as he also wrote the most common way to parse JSON on Perl.
Yes.
Whether you’d boycott it is another thing.
I moved off of lemmy because I didn’t want to use software made by a tankie, so no.
Does it make much difference when your still federalised?
If you had not mentioned it i would be unable to tell that you are not on lemmy, i also believe your comments and interactions are still getting indexed by lemmy instances and help their growth.
That said, your instance is alluring to me.
I didn’t know about piefed till now, how big of a switch/change would it be?
it’s the same principal of using one lemmy/piefed mobile client over another. my comments are still going to the fediverse, but if you’re using one software, you aren’t supporting the growth of another. even if other instances can see the things I post, that’s not their growth, since at any time I can cut them off if I do not like the behavior of their users.
as for features, piefed has a few significant things that lemmy does not have. for example, problematic users have a big red or yellow warning sign next to their name everywhere they go, showing that that person has low or very low reputation. at a certain threshold that I set, I can also automatically hide downvoted posts and comments. there’s also built-in user notes, so I can tag users and have that tag display next to their name as well.
and finally, piefed has actual user/instance blocking. for example, we found out the hard way that by having .ML as an instance blocked in my personal settings, no .ML users were able to comment on my posts or reply to my comments at all, even though my instance is federated with them.
there’s also a lot more settings when it comes to communities. while it was still on lemmy, we used to have a lot of .world users downvoting every post in !libjerk@anarchist.nexus, simply because they found the content offensive and did not interact in any other way. downvotes affect discoverability in /all, so those liberals were in effect trying to censor us because they don’t like being criticized. we’ve even had to deal with people using alts as zombies for downvoting. now that we’ve moved the comm to piefed, we can restrict the people who are allowed to downvote as much as we want, so that sort of abuse is impossible now.
If it has lots of independent eyes on the code and provides a service I need and can’t find a superior solution to, sure, as I will not be needing any services that disagree with my political opinions and as long as I’m not financially supporting said developer.
Would you drive on a road made by nazis? Your life literally depends on the quality of the road, but where does political ideology come in to this equation?
With software though, different things are at stake, but how will ideology affect the quality? I think it does have a effect on features and how the project is run, but isn’t quality a mostly separate area?
You are not supposed to trust anyone who doesn’t have a duty of providing trust. It is why companies like Red Hat, canonical and Novell were paid billions; they did the reviews and provided support. Yes, some distributions try to provide some of that (like Arch, Debian, etc) but only for core packages (everything else is just the Wild West and it could be malware again)
Is the political disagreement around surveillance or something related?
One my neighbors is a highly skilled craftsman. I dont use that label loosley. I’m a very competent DIYer but his work is in a class above mine. He built a metal railing around his deck and it is immaculate. Clearly constructed by someone with years of welding experience and a keen eye for detail.
We don’t really talk politics but I know for a fact that there are at least a few things we disagree on.
That said, I would absolutely hire him to fabricate something for me if I needed it. I really doubt he does his day job because of his political beliefs. I assume he takes a lot of pride in his work and would do the same quality job for me as he would for anyone.
It’s a serious error to constantly try to distill people down to their politics. That’s a divisive tactic intended to devalue and dismiss “the other side.” Whoever that happens to be at the moment. Don’t misunderstand what I’m saying. Politics are important and the way our governments and societies operate affects all of us. But, people are complex and multi-faceted beings with a wide variety of experiences that shape who we are. Our lives are highly contextual and consequently, so are our dealings with others.
