“Trust” as in: trust it enough to run it on your machine.

(And assuming that you can’t understand code yourself)

  • HubertManne@piefed.social
    link
    fedilink
    English
    arrow-up
    0
    ·
    10 months ago

    Really depends on the level of disagreement. If its total idiocy like maga or monarchist or something I would likely stay away. If they don’t think ubi is a good idea I can get passed that.

  • Frezik@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    0
    ·
    10 months ago

    You use so much open source software–often indirectly–that it’s almost impossible to avoid every asshole with an opinion.

    That said, there is one dev where I disagreed with his actions so much that I actively avoid his stuff. It’s not really political, but he’s one of those devs who can do incredible work on his own, but has the social skills of a moldy sandwich. You may have used his work in the past indirectly, as his event library (libev) used to be the basis for Node.js. (The Node.js devs moved elsewhere many years ago due to technical issues such as Windows compatibility).

    Anyways, he had a Perl event library known as AnyEvent. It has a bit of a weird, inside-out interface compared to most other event libs, but it works really well once you get the hang of it. The problem that came up was that he didn’t like the way a certain extension module used AnyEvent. He threw a tantrum and had AnyEvent detect if that extension was loaded, and die() with a big error message about his personal opinion on the matter. This broke perfectly functioning systems when they upgraded AnyEvent.

    That’s when I stopped using his stuff and urged my coworkers to do the same. Can’t risk that time bomb going off. Wasn’t a small matter, either, as he also wrote the most common way to parse JSON on Perl.

  • 0x01@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    10 months ago

    Lemmy is exactly that for a lot of people, the developers are quite controversial.

    Obviously most users are not installing the software from those developers on their personal machines, but serving a federated instance certainly involves doing so.

    • WhatAmLemmy@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      10 months ago

      I don’t “trust” tankies, because no authoritarian can ever be trusted, nor do I trust lemmy. I just prefer to vote with my content/wallet, and Reddit showed the world they don’t deserve their user base, or any of their content.

      This is an open non-profit platform anyone can scrape. That’s good enough for me, until something with a better value proposition comes along.

          • The D Quuuuuill@slrpnk.net
            link
            fedilink
            English
            arrow-up
            0
            ·
            10 months ago

            extremely similar with some serious quality of life improvements and better dev leadership. the api, per my understanding, is similar to lemmy, but not wholly compatible. voyager, i do not think, does not support piefed currently (i will need to switch apps)

    • masterspace@lemmy.ca
      link
      fedilink
      English
      arrow-up
      0
      ·
      10 months ago

      The developer is kind of just a sack of shit. I’m 90% sure Lemmy development is funded by either Russia or China, and I suspect Russia.

      • Tuukka R@sopuli.xyz
        link
        fedilink
        arrow-up
        0
        ·
        10 months ago

        I’m 90% sure Lemmy development is funded by either Russia or China

        Why do you think so?

      • Carrolade@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        10 months ago

        I kinda doubt it. Let’s not forget this is a global community, and Marxism-Leninism has different levels of support in different parts of the world.

        If this was a state-funded project, I think the development would have gone a lot more swiftly, and the leads would be even more puritanical in pushing their beliefs. As it is, I’ve argued pretty extensively from a liberal perspective on .ml before, even personally with dessalines, and while they don’t exactly love me over there, I’m careful to respect their rules and they haven’t banned me.

        I think they really are just idealistic supporters of communism, mostly from places where that’s a little more common.

        • masterspace@lemmy.ca
          link
          fedilink
          English
          arrow-up
          0
          ·
          10 months ago

          If it was state funded by a functioning state I would agree with you, but I wouldn’t be surprised if Russia was kicking these guys a modest living to undermine American social media companies.

          I mean, I got banned personally by Dessalines from lemmy.ml for mildly suggesting that a meme felt like it was a Chinese op designed to provoke in-fighting in western countries.

          Not rudely, not aggressively, literally just questioning whether it could be in the comments below.

          • Gigasser@lemmy.world
            link
            fedilink
            arrow-up
            0
            ·
            10 months ago

            Tbh, I think most people just don’t understand that Lemmy is where all the quote un quote “tankies” that got banned or felt disenfranchised with reddit ended up in. They truly believe in whatever they are saying. Some of these people tend to be pro China and or even Russia, AND are real people who actually believe in their ideology and what they are saying, and aren’t just foreign agents. As for undermining American social media companies? Tiktok is already one of the most popular social media sites out there.

          • Carrolade@lemmy.world
            link
            fedilink
            English
            arrow-up
            0
            ·
            10 months ago

            Yeah, I won’t say it’s impossible or anything. I just think there’s other reasonable explanations too.

            Personally I just avoid mentioning China when I’m over there. lol It’s easier to keep everything civil if you avoid naming names, and China is a particularly sore spot for them. You also can’t forget that free speech is not a foundational part of their ideology like it is ours. They’re more about seizing the means of production than the free contesting of ideas.

            It does feel a little like walking on eggshells.

    • Alex@lemmy.ml
      link
      fedilink
      arrow-up
      0
      ·
      10 months ago

      I run thousands of pieces of software and I have no idea what the political leanings of the developers are. Obviously I know about the main Lemmy developers because this seems to be a recurring topic here. However why would I start caring about these particular developers now?

      There have been developers who have done shady things in their projects and it usually torpedoes the trust in the project and people fork and move away. However whatever I may think about the Lemmy developers politics I have no reason to believe they are doing nefarious things in their software.

  • kureta@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    10 months ago

    I would probably trust but depending on the issue, I might just refuse to run it on my machines on principle. Just like how I wouldn’t want to hang one of Hitler’s paintings on my living room wall no matter how good it might be.

  • nomad@infosec.pub
    link
    fedilink
    arrow-up
    0
    ·
    10 months ago

    I’m assuming this is a dig at Lemmy? The author is a tanky, the software is Janky and we are all having a fun time anyways.

      • snoons@lemmy.ca
        link
        fedilink
        English
        arrow-up
        0
        ·
        10 months ago

        In this situation, any closed source developer/project manager would never disclose such issues, if they caught them at all.

        I trust open source code a hell of a lot more then close sourced stuff because anyone can look at it/test it and see if somethings fucky.

      • Skorp@sh.itjust.works
        link
        fedilink
        arrow-up
        0
        ·
        10 months ago

        He lied about stopping use of GrapheneOS. He can be seen in videos long after still using GrapheneOS on his Pixel. Also, the reasons he stated for not using/trusting it were nonsense. There was not, and is not, a technical way to target a user with malicious OTA updates.

        He was also one of 3 owners of a for-profit telecom that included Nick Merrill (Founder of Calyx). https://sec.gov/Archives/edgar/data/2009536/000200953624000001/xslFormDX01/primary_doc.xml is the SEC filing for shares issued in February 2024 .

        • ares@feddit.org
          link
          fedilink
          arrow-up
          0
          ·
          10 months ago

          I don’t see how any of this is an excuse to what has been said in the chats. Micay also lied about stepping down from GOS.

          • Skorp@sh.itjust.works
            link
            fedilink
            arrow-up
            0
            ·
            10 months ago

            You understand that in those chats, Micay had been the victim of ongoing harassment, perpetuated by Rossman and Calyx leadership, which culminated in doxxing and then a SWAT attack which is a threat on their life.

            They didn’t lie about stepping down. They took a back seat to development work and the public eye because of these experiences. It was an enormous toll on their mental and physical health.

            Now does that excuse Rossman for mislabeling na individual with mental diagnoses? Does that excuse them and other people for dismissing what they say based on these false labels?

        • ilmagico@lemmy.world
          link
          fedilink
          arrow-up
          0
          ·
          10 months ago

          Ok first of all: GrapheneOS is great, probably the best alternative Android OS, but their PR skills are rock bottom. Still, many ignore that due to how good it is.

          With that said, I don’t believe their claim that it’s impossible for them to target a user with a malicious OTA: their reason is basically that the update server never even knows who is downloading, and so it can’t send a different file to just one user. That’s true, but thet could, in theory, make a single OTA that everybody gets, but checks for a specific IMEI or other device ID and only there enables some malicious payload.

          I trust them not to do it, for many reasons, but technically they could. I also don’t think they’d do it to Louis, despite the beef they have with him.

          • other8026@lemmy.ml
            link
            fedilink
            English
            arrow-up
            0
            ·
            10 months ago

            Well, the fact is it is impossible to target someone with a modified update. The update client sends no IDs to the server, it just fetches static files and determines whether it needs to update or not. The server only has static files.

            thet could, in theory, make a single OTA that everybody gets, but checks for a specific IMEI or other device ID and only there enables some malicious payload.

            That would be very obvious in the code. And how would devices be targeted if GrapheneOS project members don’t know the unique IDs because they’re not sent in the first place? There are also community members who build GrapheneOS on their own and check if the builds match because GrapheneOS builds are reproducible. It just isn’t possible. But even if people don’t believe all of that, they can still disable the updater app and sideload updates manually. Instructions are on the website.

      • pastermil@sh.itjust.works
        link
        fedilink
        arrow-up
        0
        ·
        10 months ago

        True that…

        Then lemme try to give the answer you were asking for.

        Let’s start with Linux. The kernel itself has hundreds, if not thousands, of contributors. Next there’s the pieces of software that run on it, each with its own set of contributors.

        There’s no way you can do anything meaningful by going thru this huge list just to see what their political backgrounds are. I’m sure there are controversial people contributing to the very pieces you are running right now.

        Even if you did find some problematic backgrounds, what are you gonna do anyway? Stop using it? Do you think it would affect them? It’s not like you’re paying them. On the contrary, you’re probably just gonna make your life harder.

  • zxqwas@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    10 months ago

    Depends on the software. I’d not trust a vpn that was made in an authoritarian state. I’ll play a game made in one.

    As for the developer if they are more famous for their political views than the software I’d probably not install it.

  • mesa@piefed.social
    link
    fedilink
    English
    arrow-up
    0
    ·
    10 months ago

    There’s such different views on life that I don’t think its possible to get software designed close to what you or I believe in.

    If the source is open, the code is viewable. So yes I think I can trust, at least the code.

    Also there’s a saying “trust but verify”. So actually check to see if the binaries your getting actually behave the way you think.

  • Rikudou_Sage@lemmings.world
    link
    fedilink
    arrow-up
    0
    ·
    10 months ago

    I can’t really apply “you don’t understand the code yourself” because I do.

    So I do check the code if it’s something critical, but otherwise don’t bother. For example the Lemmy server I’m running I didn’t really check much because it can’t really do any harm to me.

    But if I was running Lemmy somewhere on my home network, I’d either isolate it or thoroughly check it (but probably just isolate it from the rest of the network and put it in a VM, nobody’s got the time to read other people’s source code).

    Since you’re asking specifically for “on my machine” I usually put stuff I don’t fully trust in a VM.

  • leaky_shower_thought@feddit.nl
    link
    fedilink
    arrow-up
    0
    ·
    10 months ago

    for me, it generally boils down to “show me the work, then i decide”.

    some works are more influenced by politics like art pieces and written works. some, like architecture, plumbing and network stacks, much less so.

    in this case, even if you don’t know code but can be a good appraiser of political taint then you can decide on your own what to endorse or not.