The trick is to stop giving af about demands from random assholes. Using software doesn’t entitle anyone to updates. Part of the point of open source is if you want it to be different, the source code is available for you to do that.
Yup. I’ve contributed to a number of FOSS projects (including lemmy) and try to always observe the proper etiquette. That means (IMO):
- read through the contribution guidelines and follow them to a T
- check for feedback at least once/day
- allow at least two days for initial feedback, and gradually back off (so bump after 2 days, bump again after another 3-4 days)
- if there’s no feedback after a week, bring it up on another channel (IRC, Matrix, email, etc)
- never demand anything, always ask how to help
None of that is written down anywhere, but to me it’s common sense. If you don’t want to do that, fork the project and maintain it yourself. Maybe they’ll pull your changes in if they’re good.
meanwhile Linus hounding down the google devs for making stupid pull requests
I’ll allow it.
Do you have some context for this? I’m out of the loop.
Years ago, Linus Torvalds, creator of Linux, was notoriously mean to people who submitted bad code.
Like he would straight up call it absolute dogshit and say they should feel ashamed, he’d call them fucking morons, on one occasion I believe he even told someone to kill themselves.
In the years since, though, he’s said that he’s found the abrasive authority figure schtick doesn’t really work and has the unfortunate side effect of making others involved adversarial too, or will hasten the notorious FOSS developer burnout, and he has changed to a much warmer and friendlier way of working, and been quite apologetic about his past attitude.
Oh he’s still perfectly blunt about code, and even about people if need be but he makes sure he has a good night’s worth of sleep before he does that to not do it in anger. Which means dress-downs are now of the “I’m not angry, I’m disappointed” type. I’m not aware of him ever telling people to kill themselves, just erm “wondering”:
Of course, I’d also suggest that whoever was the genius who thought it was a good idea to read things ONE F*CKING BYTE AT A TIME with system calls for each byte should be retroactively aborted. Who the f*ck does idiotic things like that? How did they noty die as babies, considering that they were likely too stupid to find a tit to suck on?
(And to be fair, yes, reading things one byte at a time is fucking stupid. Not something you’d ever expect in a kernel)
I’m not referring to that incident, I’m referring to his criticisms when he was using OpenSUSE and became frustrated at having to use the root password to do basically anything:
“If you have anything to do with security in a distro, and think that [users] need to have the root password to access some wireless network, or to be able to print out a paper, or to change the date-and-time settings, please just kill yourself now. The world will be a better place.”
And just as with you said above, yes, he is right, but it was completely uncalled for and unprofessional to go about the criticism in such a way.
I do find his quips funny, and in some workplaces it’d just be behind-closed-doors banter, but it’s right that he doesn’t go on mean rants anymore. Publicly humiliating devs and wiping your hands clean of the situation while your fans continue to harass them is not optimal.
To be fair, he has to deal with a lot of nonsense in his job. A lot of companies try to push utter crap through, and if his subsystem maintainers miss something, it makes his life much more difficult. He’s merging tons of changes every day and doesn’t have the time to review everything.
So I think some righteous anger is justified here. His subsystem maintainers should know better, and his anger was usually directed at them, not some random new contributor.
Absolutely. His workload was insane and unending, and if crap code made its way through, he’d get a portion of the blame. It’s very human to lash out in the way he did, particularly when he frequently saw the same mistakes over and over again.
But it’s right that he made steps to not act in that way anymore. Linux developer burnout is bad enough even without Linus and others publicly calling you a shithead or telling you to kill yourself when you fuck up.
Yup. My point was that it’s not necessarily autism or bullying that brought us here, but years of dealing with people who should know better. I’m glad he’s toned it down though, but I did secretly enjoy reading his creative insults (and wouldn’t want to be on the receiving end).
I would simply deal with these bullies by telling them to fuck off and fork their own thing instead of bugging me to push an update on the main. This feels nore like it should be happening to closed source things where the only way to get a thing in it is to beg the dev.
Unfortunately, that’s the social element of social engineering. Not all developers feel that way and it’s possible to trick them.
Luckily, most developers are on the spectrum and aren’t affected as much by that type of social engineering.
deleted by creator
I think most people who are “on the spectrum” are undiagnosed, this survey asked about diagnosed autism.
And that’s pretty close to the average in the population of 1 in 36, or 2.8%.
Completely a meme answer. IT workers including software devs in the past were seen as nerdy loner types
Well, it’s fun that they mention F-Droid, because the maintainers are bullies who bully their contributors and generally act very unpleasant. They like to make new rules on the spot.
I abandoned using the project altogether, not someone I want to support.
Seems to me like they’ve done a pretty good job keeping their store free of malicious apps, I’ve never heard of any breaches like I have of every other store including Snap and Flatpak.
Maybe they’re pissing some people off in the process, but maybe it’s the right people to piss off. They’ve been able to hold it together in the FOSS app space better than most.
What rules?
That apps published there can’t be wrappers around a web application.
Good rule, those should be web addresses, not apps. Or even better, native applications rather than web apps, but it does depend on the context.
Eh… why? More to the point, it’s not mentioned anywhere in their guidelines, it was made up on the spot by the fella doing the code review.
They are inefficient and bloated.
And personally, I prefer good reasoning over good rules. If something comes up that is a bad idea but there’s no existing rule against it, the rules should be changed to address it. As long as the reasoning is sound, I think it’s a good thing, especially when we’re talking about something like a software distribution platform as opposed to say laws that determine freedom or imprisonment.
Also if you’ve made a web app, let it be installed as a web app. Both FF and Chrome let you install web apps in one click.
Inefficient and bloated describes 90% of all apps I’ve ever seen, regardless of technology used, so I fail to see your point.
If you really want to have it available on F-Droid, you can always put it in a separate repository. So I can see it being annoying that they reject it from their repo, but there’s still a reasonable path forward.
Well, I have the app on Google Play store, which was originally meant to be the alternative, now it’s the main store.
What’s a wrapper in this context?
An app that’s just WebView?
Not WebView, but a so-called TWA, aka Trusted Web Activity, a features specifically designed to wrap PWAs and give them full-blown app capabilities.
What additional capabilities does that give the app beyond using Firefox or Chrome to install it as a PWA?
It’s probably far more common than most people realize. Open source software doesn’t automatically make it secure, and in many cases can be less secure than closed source as it’s just one or two people doing it for free.
Much easier to be tempted to do something wrong or to get others to help in and take the weight off.
Closed source software has the exact same bullying issue, the difference is instead of the bullies being random people on the internet, they are managers with power over you. They are at least as likely to make you do something dangerous as the randoms, but they don’t have to try as hard to hide it.
It’s not the same, but it can be.
Bullying in closed source software is a company culture issue. Bullying in open source software can come from anywhere, and a good CoC won’t necessarily fix it because outside community members can just bully from different accounts. But that also means bad company culture can’t be fixed as easily as playing whack-a-mole in a FOSS project.
in many cases can be less secure than closed source as it’s just one or two people doing it for free.
Absurd take. How could having the source closed possibly enhance the security?
I think they mean that a lot of proprietary software (supposedly) has a large (or at least well-founded) team working on it
Hahahahahahahahaahaha
(I work for a software company.)
Weird that they would say something totally different from what they mean…
I mean, they didn’t though Theoretically, well-funded teams would be able to create more secure software and fix vulnerabilities faster than some random guy who works a full-time job and codes in his free time
You say they didn’t, and then go on to make a point they didn’t make…
They didn’t comment on funding whatsoever. Plenty of open-source software gets funding, and not all closed source software gets funding.
The issue is with bullying and burnout. Nothing to do with being closed or open source.
I’m sorry that I’m apparently not getting my point across to you
Proprietary software is often made by a corporation, who pays full-time developers. Those full-time developers are given a salary to work on that software. That salary is normally more than what open-source devs make off their software. The team who is paid to work full-time on the software will patch issues faster (theoretically)
I bet you’ll find something wrong with this, but I don’t care
There’s nothing wrong with what you’re saying, I’m not challenging the point you’re making here.
I’m challenging your ability to mind-read and ascribe that point to a different commenter.
How do you qualify the security of a closed source code when you can’t verify it?
I mean you can see the source code. You’ll know if anyone does something weird if you have two braincells.Edit: Clown here move along.
You’re manually reviewing the entire code of every open source product you use? Manually reviewing the code at every commit of every open source software you use?
Nope, I’m just a clown who doesn’t actually work in tech.
I forgot it wasn’t any of my business to ask. My bad
I can’t tell if you’re joking but if you are that’s hilarious
Oh shit I must’ve said something really dumb now.
(I wasn’t joking).
It’s not a dumb point so much as just naive – and its the lesson we learned from the xz backdoor.
Sure the source code is out there for anyone to see, but are the right people actually looking?