Skip Navigation
/kbin meta @kbin.social FfaerieOxide @kbin.social

Do the "Ernest needs to add more maintainers to KBin!" comments remind anyone else of the xz social engineering malarkey?

Comments such as:

letting more people help with Kbin development.
...
Why not getting some help? I know that Ernest already said he has a problem trusting people, but

Why has Ernest insisted on being the only developer to work on this? This creates a potential “single point of failure” situation.

I understand the desire to keep kbin a solo project in order to maintain control over it, but if this is going to see any success in the long term, then there needs to be a team.

come up in almost all threads about KBin's performance. At the time I just read them as nincompoops being whiners.

In hindsight does remind one a bit of similar social pressure leveled against Lasse Collin, does it not?

Not saying people are trying to backdoor this place or anything. The similarity just seemed worth pointing out.

47

You're viewing a single thread.

47 comments
  • I mean, he's developing and administrating what's essentially a Reddit clone all on his own.

    • I mean, he’s developing and administrating what’s essentially a Reddit clone all on his own.

      And doing a damn fine job.

      The question was if you saw similarity in the pressure to add maintainers to the project with the social engineering that lead to xz getting backdoored.

      • No, he's not. Kbin was recently down for a week. Then voting and comment counts broke. Before all that I had to get into the habit of reloading the page I was on every time I wanted to vote on something. It's a terrible user experience.

        That's not to say I don't like him or he's not a good dev or whatever. Just that people have limits and it sure seems like he's bumping against his.

        • I think Ernest is doing a fine job. [shrug] Especially when you consider none of us are being charged to be here.

          Could we please stop talking about if Ernest is burning out though? That was never the question of this thread.

          The question was if the comments reminded you of the social engineering that engendered the xz backdoor.

          • I didn't say anything about burning out. A job can be too big or difficult for a person without them burning out.

            Ultimately, it's just a question of results. If kbin.social is working poorly but other alternatives are doing good, I move on. That works well in the Fediverse especially, as evidenced that I am commenting from fedia.io.

            • Likewise I also moved on from Kbin. Obviously we have no power over that project, that belongs solely to the person who created it, but we do control our own actions. e.g. I used to sing the praises of the Fediverse and go out of my way to not equate it with Lemmy - always saying like Lemmy/Kbin. Now I still do the former but I actively tell people that Kbin might not be a good match for them. Ernest has kept it as alpha version software - which is fine, there is a need for such things, and it will become great, someday... hopefully. But today is not that day, and that is super good for people to know, e.g. that they don't have to leave the Fediverse entirely to get a more functional experience, just Kbin.social.

            • I didn't say anything about burning out.

              Fairplay, but that then's two step removed from what this thread is about.

      • And he's burning out. And more maintainers would be even better.

        Yes, it's similar, but every one-man project with real-world use is similar in that regard.

        • And he’s burning out.

          I have seen no evidence of that. Also not the point of this thread.

          • I’m not going to pick through his last year’s posts and make a diagnosis, but if you’ve seen no evidence of that, I think you’re wilfully ignoring the signs.

            • I’m not going to pick through his last year’s posts and make a diagnosis, but if you’ve seen no evidence of that, I think you’re wilfully ignoring the signs.

              Ok, I'll continue "ignoring" evidence you can't even describe ("He talked somewhere about..."), much less cite.

              For all we know his frequent absence is down to a great work-life balance on his part.

              Irrespective this thread is not about who is or is not burnt out, it's about how posts like your are what enabled the xz backdoor to happen.

              • Irrespective this thread is not about who is or is not burnt out, it's about how posts like your are what enabled the xz backdoor to happen.

                I thin you need to chill a bit. Open source has a long illustrious history of people cooperating to build software and submit patches and enhancements which are then scrutinized by project leads. Yes, occasionally bad actors use this model to try and slip through exploits, but you don't throw out one of the strengths of open source because of that. You make sure mechanisms are in palce to allow robust scrutiny.

                And no, I'm absolutely not going go through someone's post history and quote bits that show someone is frazzled. I expect you to have enough empathy

                • I thin you need to chill a bit.

                  I'm not the one calling people willfully ignorant about things a thread isn't even about.

                  one of the strengths of open source because of that.

                  I don't think being a jerk is a strength

          • I used it as a support to my argument, so, it's relevant. No evidence, you say... I don't want to talk too much about someone's health issue. Just believe what you believe. I don't think you can change your view through online discussion.

            • I used it as a support to my argument

              What argument? I'm not sure what you position is.

      • He is doing an excellent job, and I do not mean to denigrate his work when I say the task is beyond any one person, no matter how talented and dedicated. Look at the issues that went on recently while Ernest was indisposed, and we had months of federation issues that led to communities migrating away and Kbin.social getting defederated by other instances.

        This project is getting too large for any one person, and it's far too important to have one point of failure. And even someone as great as Ernest needs an understudy.

        • This project is getting too large for any one person, and it’s far too important to have one point of failure. And even someone as great as Ernest needs an understudy.

          That's what "Jigar Kumar" said about xz.

          • The existence of one bad actor doesn't make the principle any less true.

            Kbin has long since surpassed what Ernest is capable of handling by himself. Either he's going to have to learn to delegate, or it's going to collapse under its own weight.

            • Find a thread that's about that.

              This is not about engaging in the same Jia Tangents we are analyzing.

You've viewed 47 comments.