Comments such as:

letting more people help with Kbin development.

Why not getting some help? I know that Ernest already said he has a problem trusting people, but

Why has Ernest insisted on being the only developer to work on this? This creates a potential “single point of failure” situation.

I understand the desire to keep kbin a solo project in order to maintain control over it, but if this is going to see any success in the long term, then there needs to be a team.

come up in almost all threads about KBin’s performance. At the time I just read them as nincompoops being whiners.

In hindsight does remind one a bit of similar social pressure leveled against Lasse Collin, does it not?

Not saying people are trying to backdoor this place or anything. The similarity just seemed worth pointing out.

  • Pamasich@kbin.social
    link
    fedilink
    arrow-up
    0
    ·
    9 months ago

    I don’t know what this xz thing is about, first time hearing it. But people saying he should get more help are trying to help him, not having malicious plans like installing backdoors or whatever.

    I do think people should ask less for more maintainers — the project is already opensource, so it’s up to maintainers to join, not him to seek them out. But he should still get some help with managing the instance. Pauses in development are fine imo, but the instance shouldn’t be swarmed with spam and account deletion requests lost in limbo just because ernest got sick or something, which can happen with the best work life balances.

    • FfaerieOxide@kbin.socialOP
      link
      fedilink
      arrow-up
      0
      ·
      9 months ago

      I don’t know what this xz thing is about, first time hearing it.

      Someone pressured the maintainer of a compression tool used in a bunch of open source software to hand over the keys by citing burnout and offering to “help” then spent ~3 years slowly adding tiny changes that combined to form a backdoor in SSH that nearly compromised the entire internet or something.

      It was only barely caught by accident because it made some thing some guy was doing that wasn’t even related a fraction of a second slower.

      Been all over the FOSSiverse for days, and the social engineering that was used on the xz maintainer reminded me personally of similar pressure certain people have applied to Ernest in most threads about kbin performance I have seen.

      • FaceDeer@fedia.io
        link
        fedilink
        arrow-up
        0
        ·
        9 months ago

        The reason it worked is because sometimes burnout is a real problem, and getting extra help is a real solution. The fact that this was exploited in one situation doesn’t mean that all of a sudden there isn’t any real burnout or genuine offers to help any more.

        A project can sometimes benefit from help even if there is no burnout. People have limits.

  • celeste@kbin.social
    link
    fedilink
    arrow-up
    0
    ·
    9 months ago

    I typed a reply about how bad actors will use reasonable arguments to get their way, so we’d need genuine evidence

    my comment didn’t send properly tho and i got an error message, so if you see me commenting twice, sorry

  • tiredofsametab@kbin.run
    link
    fedilink
    arrow-up
    0
    ·
    9 months ago

    I switched away because kbin seemed stuck and unresponsive to users and uncommunicative. Changes that were made seemed to be ones the Ernest wanted to and not addressing issues that people were feeling in some cases.

    I am a software developer for a living and I can tell you that you can both have more people contributing and be secure. Most projects do not have bad actors who successfully poison things. When someone does, they get caught in the review process. If this is your concern, then prove that Ernest himself isn’t a bad actor? I don’t believe he is, but being one person in control would certainly make that easy.

    • FfaerieOxide@kbin.socialOP
      link
      fedilink
      arrow-up
      0
      ·
      9 months ago

      I mean, he’s developing and administrating what’s essentially a Reddit clone all on his own.

      And doing a damn fine job.

      The question was if you saw similarity in the pressure to add maintainers to the project with the social engineering that lead to xz getting backdoored.

      • FaceDeer@fedia.io
        link
        fedilink
        arrow-up
        0
        ·
        9 months ago

        No, he’s not. Kbin was recently down for a week. Then voting and comment counts broke. Before all that I had to get into the habit of reloading the page I was on every time I wanted to vote on something. It’s a terrible user experience.

        That’s not to say I don’t like him or he’s not a good dev or whatever. Just that people have limits and it sure seems like he’s bumping against his.

        • FfaerieOxide@kbin.socialOP
          link
          fedilink
          arrow-up
          0
          ·
          9 months ago

          I think Ernest is doing a fine job. [shrug] Especially when you consider none of us are being charged to be here.

          Could we please stop talking about if Ernest is burning out though? That was never the question of this thread.

          The question was if the comments reminded you of the social engineering that engendered the xz backdoor.

          • FaceDeer@fedia.io
            link
            fedilink
            arrow-up
            0
            ·
            9 months ago

            I didn’t say anything about burning out. A job can be too big or difficult for a person without them burning out.

            Ultimately, it’s just a question of results. If kbin.social is working poorly but other alternatives are doing good, I move on. That works well in the Fediverse especially, as evidenced that I am commenting from fedia.io.

            • OpenStars@startrek.website
              link
              fedilink
              English
              arrow-up
              0
              ·
              9 months ago

              Likewise I also moved on from Kbin. Obviously we have no power over that project, that belongs solely to the person who created it, but we do control our own actions. e.g. I used to sing the praises of the Fediverse and go out of my way to not equate it with Lemmy - always saying like Lemmy/Kbin. Now I still do the former but I actively tell people that Kbin might not be a good match for them. Ernest has kept it as alpha version software - which is fine, there is a need for such things, and it will become great, someday… hopefully. But today is not that day, and that is super good for people to know, e.g. that they don’t have to leave the Fediverse entirely to get a more functional experience, just Kbin.social.

              • FaceDeer@fedia.io
                link
                fedilink
                arrow-up
                0
                ·
                9 months ago

                fedia.io is running mbin, which is a fork of kbin. It seems to be doing well, so you could switch to Lemmy/mbin if you don’t want to include kbin any more but still want to show alternate clients are possible.

                • OpenStars@startrek.website
                  link
                  fedilink
                  English
                  arrow-up
                  0
                  ·
                  9 months ago

                  Thank you for the suggestion. So far I’ve just taken to saying “Fediverse”, perhaps I’m holding out hope for still more clients in the future:-)? Also it’s shorter than Lemmy/Kbin/Mbin:-).

      • ImADifferentBird@lemmy.blahaj.zone
        link
        fedilink
        English
        arrow-up
        0
        ·
        9 months ago

        He is doing an excellent job, and I do not mean to denigrate his work when I say the task is beyond any one person, no matter how talented and dedicated. Look at the issues that went on recently while Ernest was indisposed, and we had months of federation issues that led to communities migrating away and Kbin.social getting defederated by other instances.

        This project is getting too large for any one person, and it’s far too important to have one point of failure. And even someone as great as Ernest needs an understudy.

        • FfaerieOxide@kbin.socialOP
          link
          fedilink
          arrow-up
          0
          ·
          9 months ago

          This project is getting too large for any one person, and it’s far too important to have one point of failure. And even someone as great as Ernest needs an understudy.

          That’s what “Jigar Kumar” said about xz.

          • ImADifferentBird@lemmy.blahaj.zone
            link
            fedilink
            English
            arrow-up
            0
            ·
            9 months ago

            The existence of one bad actor doesn’t make the principle any less true.

            Kbin has long since surpassed what Ernest is capable of handling by himself. Either he’s going to have to learn to delegate, or it’s going to collapse under its own weight.

      • eveninghere@beehaw.org
        link
        fedilink
        arrow-up
        0
        ·
        9 months ago

        And he’s burning out. And more maintainers would be even better.

        Yes, it’s similar, but every one-man project with real-world use is similar in that regard.

          • HeartyBeast@kbin.social
            link
            fedilink
            arrow-up
            0
            ·
            9 months ago

            I’m not going to pick through his last year’s posts and make a diagnosis, but if you’ve seen no evidence of that, I think you’re wilfully ignoring the signs.

            • FfaerieOxide@kbin.socialOP
              link
              fedilink
              arrow-up
              0
              ·
              9 months ago

              I’m not going to pick through his last year’s posts and make a diagnosis, but if you’ve seen no evidence of that, I think you’re wilfully ignoring the signs.

              Ok, I’ll continue “ignoring” evidence you can’t even describe (“He talked somewhere about…”), much less cite.

              For all we know his frequent absence is down to a great work-life balance on his part.

              Irrespective this thread is not about who is or is not burnt out, it’s about how posts like your are what enabled the xz backdoor to happen.

              • HeartyBeast@kbin.social
                link
                fedilink
                arrow-up
                0
                ·
                9 months ago

                Irrespective this thread is not about who is or is not burnt out, it’s about how posts like your are what enabled the xz backdoor to happen.

                I thin you need to chill a bit. Open source has a long illustrious history of people cooperating to build software and submit patches and enhancements which are then scrutinized by project leads. Yes, occasionally bad actors use this model to try and slip through exploits, but you don’t throw out one of the strengths of open source because of that. You make sure mechanisms are in palce to allow robust scrutiny.

                • FfaerieOxide@kbin.socialOP
                  link
                  fedilink
                  arrow-up
                  0
                  ·
                  9 months ago

                  I thin you need to chill a bit.

                  I’m not the one calling people willfully ignorant about things a thread isn’t even about.

                  one of the strengths of open source because of that.

                  I don’t think being a jerk is a strength

          • eveninghere@beehaw.org
            link
            fedilink
            arrow-up
            0
            ·
            9 months ago

            I used it as a support to my argument, so, it’s relevant. No evidence, you say… I don’t want to talk too much about someone’s health issue. Just believe what you believe. I don’t think you can change your view through online discussion.

  • survivalmachine@beehaw.org
    link
    fedilink
    arrow-up
    0
    ·
    9 months ago

    Erm, I thought kbin was open source? Can’t anybody fork it if they have a problem with it? This sounds like a whiny nothingburger.

    • FfaerieOxide@kbin.socialOP
      link
      fedilink
      arrow-up
      0
      ·
      9 months ago

      Erm, I thought kbin was open source? Can’t anybody fork it if they have a problem with it? This sounds like a whiny nothingburger.

      They can. That’s what mbin is.

      That’s part of why I don’t get why people always pressure Ernest to add maintainers.

        • FfaerieOxide@kbin.socialOP
          link
          fedilink
          arrow-up
          0
          ·
          9 months ago

          I said that already, mbin might be good but I didn’t like the advertisement.

          I’m not quite sure what your position is. I am by no means an mbin booster. In fact I find some of the people pushing mbin over kbin (in lieu addition too) jerks about it.

          This whole thread has been about the similarities I noticed between comments people made about/to Ernest previously and the sort of comments we later learned led to the xz backdoor.

          When I started to read breakdowns about the social engineering behind the xz backdoor I was like, “Waaaaitaminute, I’ve seen that sort of talk before.” I found it notable to point out the similarity and maybe poke around at it.

          People decided to use the thread (to my excessive chagrin) to talk shit about kbin and rehash the exact same pressures I was attempting to analyze.

          • HarkMahlberg@kbin.social
            link
            fedilink
            arrow-up
            0
            ·
            8 months ago

            When I started to read breakdowns about the social engineering behind the xz backdoor I was like, “Waaaaitaminute, I’ve seen that sort of talk before.” I found it notable to point out the similarity and maybe poke around at it.

            People decided to use the thread (to my excessive chagrin) to talk shit about kbin and rehash the exact same pressures I was attempting to analyze.

            It’s a shame, because I noticed similar patterns was looking forward to some good discussion about it here. Alas…

  • exscape@kbin.social
    link
    fedilink
    arrow-up
    0
    ·
    9 months ago

    Honestly, no. Kbin has been barely usable for a long time and I’m starting to consider giving up.
    I have a notification waiting for me, but I get a 404 on the page to check it out. /sub also didn’t work yesterday. I spent a few minutes trying to edit a comment just an hour ago.

    Nothing against Ernest, a page of this size is hard to manage alone or almost alone, but it’s still a pain as a user.

    • FfaerieOxide@kbin.socialOP
      link
      fedilink
      arrow-up
      0
      ·
      9 months ago

      I have a notification waiting for me, but I get a 404 on the page to check it out.

      Append ?p=1 at the end of the URL; that sometimes fixes it.

      Next, relax.

  • HubertManne@kbin.social
    link
    fedilink
    arrow-up
    0
    ·
    9 months ago

    its open source. it can and has been forked. he can do what he likes. The call for moderation made sense but code is different. Granted I think he should bring in help for himself but that is for him to decide.

  • cai@kbin.social
    link
    fedilink
    arrow-up
    0
    ·
    9 months ago

    This is an absurd thread. By collecting together critical comments, and picking back up a loud fight that previously died down over a week ago, you are absolutely adding to any pressure towards our lad in charge.

    Touch grass

  • wjrii@kbin.social
    link
    fedilink
    arrow-up
    0
    ·
    9 months ago

    Yes, there is some similarity. You’re not wrong.

    However, it’s much more likely to be due to the common experience of solo devs whose projects blow up than it is about bad actors on kbin.

    If you’re so inclined, you can always check the profiles of those who were pushing for it and particularly those who were volunteering; the boehs.org link should supply some helpful red flags to look for. Ernest would be wise to check IP activity and even ask for IRL credentials of those he would consider giving any real level of access to. Beyond that, it’s firmly in the realm of “mildly interesting.”

  • static@kbin.social
    link
    fedilink
    arrow-up
    0
    ·
    9 months ago

    xz was successful because it was believable, but a malicious actor would more likely target libraries that are depended on by many, like xz.