Joe Cooper πŸ‡ΊπŸ‡¦ πŸ‰Mar 30, 2024
The abusive behavior that was being used to manipulate Lasse Collin into bringing on more maintainers for #xz went unnoticed because abusive behavior in Open Source communities is so pervasive. In context, we can clearly see it was part of an orchestrated operation. Out of context, it looks like just another asshole complaining about stuff they have no right to complain about. https://robmensching.com/blog/posts/2024/03/30/a-microcosm-of-the-interactions-in-open-source-projects/
A Microcosm of the interactions in Open Source projects | RobMensching.com

Originally a thread on Twitter about the xz/liblzma vulnerability, when I finished typing it, I realized I had a real world slice of Open Source interaction that deserved more attention.

Show threadphiltor πŸ‡ΊπŸ‡¦πŸŒ»Mar 30, 2024
@swelljoe This feels like the inflection point where open source has lost its innocence.
Show threadJoe Cooper πŸ‡ΊπŸ‡¦ πŸ‰Mar 30, 2024
@philtor that happened when tech companies built themselves into the biggest and most powerful organizations in the world by exploiting the commons and used it for surveillance. But, this is pretty bad, too. I'm shook about it, thinking back on the countless interactions with assholes in the communities I'm involved in. Were they just a regular asshole or were they part of an operation? Hard to know, but my tolerance for assholes going forward will be much lower. I'm charging up my banhammer.
Show threaddango🍑Mar 30, 2024
@swelljoe @philtor big and powerful tech companies seem to understand better than most "if you don't pay for it, there's no guarantees". I've personally seen at least some open source funding make the budget by the reasoning of "an unfunded project that we rely on is a security vulnerability". one problem tho is they're still squeamish about individuals vs "foundations"
Show threadJoe Cooper πŸ‡ΊπŸ‡¦ πŸ‰
@dango_ @philtor sure, they hire OSS developers and they donate a little money. But, we're less free in many ways than we were when the free software movement began, tied into all these surveillance systems with no realistic way to opt out. I can't work without allowing Google into my daily life, for instance. Google is far more effective at the surveillance game than whatever state (or whoever) funded this attack.
Mar 30, 2024 at 9:39pmWeb
Show threadLukefromDCMar 31, 2024

@swelljoe @dango_ @philtor I do keep Google's servers all the way out of my life, since I have the option to do so. I don't shop online and so can get away with treating most of the commercial/monetized Internet as broken.

If someplace cannot be found without say, Google Maps, I will not attempt to go there. Same with Snitchbook and Instacrap: no accounts and their servers blocked.