Would you trust an open source software maintained by a developer who you disagree with politically (or otherwise don't like the developer)?
-
"Trust" as in: trust it enough to run it on your machine.
(And assuming that you can't understand code yourself)
One my neighbors is a highly skilled craftsman. I dont use that label loosley. I'm a very competent DIYer but his work is in a class above mine. He built a metal railing around his deck and it is immaculate. Clearly constructed by someone with years of welding experience and a keen eye for detail.
We don't really talk politics but I know for a fact that there are at least a few things we disagree on.
That said, I would absolutely hire him to fabricate something for me if I needed it. I really doubt he does his day job because of his political beliefs. I assume he takes a lot of pride in his work and would do the same quality job for me as he would for anyone.
It's a serious error to constantly try to distill people down to their politics. That's a divisive tactic intended to devalue and dismiss "the other side." Whoever that happens to be at the moment. Don't misunderstand what I'm saying. Politics are important and the way our governments and societies operate affects all of us.
But, people are complex and multi-faceted beings with a wide variety of experiences that shape who we are. Our lives are highly contextual and consequently, so are our dealings with others. -
"Trust" as in: trust it enough to run it on your machine.
(And assuming that you can't understand code yourself)
Is the political disagreement around surveillance or something related?
-
Not really directed at Lemmy.
I was thinking about the time Louis Rossman (who used to advocate for using Graphene OS) said he stopped using GrapheneOS because he didn't trust the former lead dev.
Also: https://en.wikipedia.org/wiki/XZ_Utils_backdoor comes to mind.
The whole entire point of free software is trustlessness.
-
"Trust" as in: trust it enough to run it on your machine.
(And assuming that you can't understand code yourself)
jdupes: it's great software. The author left GitHub not because of Microsoft, but because he refused to implement 2fa on his account, which GitHub made mandatory.
-
"Trust" as in: trust it enough to run it on your machine.
(And assuming that you can't understand code yourself)
I've installed thousands of programs on my systems over the past 30 years. Closed source, open source, you name it. Never had a single problem.
Trusting software is such an overblown hangup that people have. Even if it bites me in the ass someday, so what? I'll roll back, reformat, do whatever I have to do. It'll have been worth it.
-
Not really directed at Lemmy.
I was thinking about the time Louis Rossman (who used to advocate for using Graphene OS) said he stopped using GrapheneOS because he didn't trust the former lead dev.
Also: https://en.wikipedia.org/wiki/XZ_Utils_backdoor comes to mind.
In this situation, any closed source developer/project manager would never disclose such issues, if they caught them at all.
I trust open source code a hell of a lot more then close sourced stuff because anyone can look at it/test it and see if somethings fucky.
-
The whole entire point of free software is trustlessness.
You always have to trust others. If a key person can not be trusted anymore, the option to constantly check the code is not really an option.
-
"Trust" as in: trust it enough to run it on your machine.
(And assuming that you can't understand code yourself)
Sure. Brave and GrapheneOS are two that I trust but have misgivings about their project heads.
-
Does it make much difference when your still federalised?
If you had not mentioned it i would be unable to tell that you are not on lemmy, i also believe your comments and interactions are still getting indexed by lemmy instances and help their growth.
That said, your instance is alluring to me.
I didn’t know about piefed till now, how big of a switch/change would it be?
I made the switch some weeks ago and can only speak of my experience using Voyager: The switch was flawless.
-
"Trust" as in: trust it enough to run it on your machine.
(And assuming that you can't understand code yourself)
I already do, I disagree with a lot of foss devs
-
Everyone else, in unison: "yes, someone else will say something if this is a bad program"
Someone Else
: wind gently blowing, as a tumbleweed goes byWhenever I download or run some foss software I always read through 1 random file to ensure no dodgyness is happening in that 1 singular file. I'm doing my part.
-
"Trust" as in: trust it enough to run it on your machine.
(And assuming that you can't understand code yourself)
Not when it comes to anything important like work or other sensitive data.
-
Lemmy is exactly that for a lot of people, the developers are quite controversial.
Obviously most users are not installing the software from those developers on their personal machines, but serving a federated instance certainly involves doing so.
The developer is kind of just a sack of shit. I'm 90% sure Lemmy development is funded by either Russia or China, and I suspect Russia.
-
"Trust" as in: trust it enough to run it on your machine.
(And assuming that you can't understand code yourself)
I presumably already do. Am I expected to know every single maintainer of every single piece of software I boot up? That is a LOT of homework to run an application.
Genuinely can't tell if this a real question or some weird reductio ad absurdum thing on the not separating art from the artist trend in modern society.
-
"Trust" as in: trust it enough to run it on your machine.
(And assuming that you can't understand code yourself)
Depends on the context but generally I will. Like I don't love the lead of GrapheneOS but I still use there project. But I strongly disagree with Protons ethics and many other issues so I avoid them. Really it's a question of how much I want to care and how much I disagree with them.
-
Depends heavily on application (access required, sensitivity of data handled, etc) and nature of disagreement as it pertains to trustworthiness.
Example A: I use Lemmy even though I disagree politically with the original devs because the design appears sound and it doesn’t require access to sensitive data.
Example B: I won’t use anything from the Proton Foundation because the founders’ personal comportment and political leanings have led me to suspect that they intend to sell user data.
Honest question. How?
Proton Mail is built in a way that makes that near impossible.
-
jdupes: it's great software. The author left GitHub not because of Microsoft, but because he refused to implement 2fa on his account, which GitHub made mandatory.
wrote last edited by [email protected]Oh I would not trust software from a developer who does not understand the importance of MFA.
I mean, there's probably nothing wrong with it, but that's such a basic security issue that I would have zero faith they built the rest right.
-
Not really directed at Lemmy.
I was thinking about the time Louis Rossman (who used to advocate for using Graphene OS) said he stopped using GrapheneOS because he didn't trust the former lead dev.
Also: https://en.wikipedia.org/wiki/XZ_Utils_backdoor comes to mind.
He lied about stopping use of GrapheneOS. He can be seen in videos long after still using GrapheneOS on his Pixel. Also, the reasons he stated for not using/trusting it were nonsense. There was not, and is not, a technical way to target a user with malicious OTA updates.
He was also one of 3 owners of a for-profit telecom that included Nick Merrill (Founder of Calyx). https://sec.gov/Archives/edgar/data/2009536/000200953624000001/xslFormDX01/primary_doc.xml is the SEC filing for shares issued in February 2024 .
-
I choose not to do business with anyone who's too vocal about their political disagreements. I'm paying you for your services not your opinion so shut up!
I had a contractor in my house who saw that I had 40k models. Just as he was packing up, he started ranting about how the game had gotten too woke.
Please spare me and just leave.
-
Does it make much difference when your still federalised?
If you had not mentioned it i would be unable to tell that you are not on lemmy, i also believe your comments and interactions are still getting indexed by lemmy instances and help their growth.
That said, your instance is alluring to me.
I didn’t know about piefed till now, how big of a switch/change would it be?
it's the same principal of using one lemmy/piefed mobile client over another. my comments are still going to the fediverse, but if you're using one software, you aren't supporting the growth of another. even if other instances can see the things I post, that's not their growth, since at any time I can cut them off if I do not like the behavior of their users.
as for features, piefed has a few significant things that lemmy does not have. for example, problematic users have a big red or yellow warning sign next to their name everywhere they go, showing that that person has low or very low reputation. at a certain threshold that I set, I can also automatically hide downvoted posts and comments. there's also built-in user notes, so I can tag users and have that tag display next to their name as well.
and finally, piefed has actual user/instance blocking. for example, we found out the hard way that by having .ML as an instance blocked in my personal settings, no .ML users were able to comment on my posts or reply to my comments at all, even though my instance is federated with them.
there's also a lot more settings when it comes to communities. while it was still on lemmy, we used to have a lot of .world users downvoting every post in [email protected], simply because they found the content offensive and did not interact in any other way. downvotes affect discoverability in /all, so those liberals were in effect trying to censor us because they don't like being criticized. we've even had to deal with people using alts as zombies for downvoting. now that we've moved the comm to piefed, we can restrict the people who are allowed to downvote as much as we want, so that sort of abuse is impossible now.
