Mastodawn

Andrew LeCody Jun 30, 2024

So this was a whole shit show that as of now has cost me 2 days of investigation, clean-up, mitigation, will likely cost me more time & also feels extremely crappy all in all.

I'm just glad I didn't base any *really* important decisions on those manipulated numbers, that would have been REALLY bad.

Now I have to live with knowing that most of the growth I saw the past 2 years was likely faked, which feels quite terrible tbh. Feels like not doing a good job after all.

https://octoprint.org/blog/2024/06/28/stats-manipulation/

OctoPrint's anonymous usage stats were manipulated

OctoPrint's anonymous usage stats were manipulated, here's what we know

OctoPrint.org

Gina Häußge Jul 2, 2024

Well, the analysis and mitigation is ongoing, and in the process of that I found another ... thing. The verdict is still out on this being a case of a rampant running CI, or some weird VPN endpoint, or something evil. The traffic from the cloud IP I found was definitely organic, but still had some issues and also was too short lived per instance identifier.

Nuked everything from that source. Goodbye 100k instances 😢

Shitty week, really. And still not done with analysis and mitigation.

Gina Häußge Jul 3, 2024

Well. FFS 😡 Even more manipulation. Spent the whole day analysing again, compiled a report, confronted Obico about it and they admitted it. Will post about that on the OctoPrint blog tomorrow. I have no energy left today.

https://obico.io/blog/2024/07/03/my-apologies-for-the-mistake/

My apologies for the stupid and selfish mistake I made and the harm I have caused | Obico Knowledge Base

I'm writing this post to apologize to Gina Häußge, one of the most important and respectable person in 3D-printing community, as well as to the OctoPrint community for the stupid and selfish mistake I made and the harm I have caused:

Gina Häußge Jul 3, 2024

Just did a round on the punching bag, with Limp Bizkit's "Break Stuff" blasting from the sound system.

Doesn't solve this of course, but at least the adrenaline is out of my system again. I can seriously not recommend it enough to have a punching bag in your office... And that's not a joke. I literally have that.

🪬🍄🌈🎮💻🚲🥓🎃💀🏴🛻♓🧿Jul 3, 2024

@foosel like a chainsaw!

Harald now @ treehouse.systems Jul 3, 2024

@foosel in your place I would send these people deferred invoices, going into force immediately on repeat occurrences.

Gina Häußge Jul 3, 2024

@oliof ... now that's an idea. To at least invoice the time taken now for all this analysis. I'll think about that. We are also discussing bans and such. But I'm not making any decisions today.

Harald now @ treehouse.systems Jul 3, 2024

@foosel you are showing an _enormous_ amount of civility and restraint. Kudos to that.

If I were to judge, these people owe you not only compensation for the cleanup time, but they also owe the community for the deception, something they will never be able to make up for in my opinion.

Uckermark MacGyver

@foosel you're the best! 🤗 💪

DJGummikuh Jul 3, 2024

@foosel what a hornets nest

Gina Häußge Jul 3, 2024

@DJGummikuh I'm so fucking done with everything right now, ngl.

AxWax Jul 3, 2024

@foosel What is wrong with people? 😩

Sorry that you have to go through all this!

Peter Mount Jul 3, 2024

@axwax @foosel agreed, that's not good and pretty crappy someone did this

Daniel Gibson Jul 3, 2024

@foosel
What is it with those two plugins?
Their titles in the overviews are suspiciously similar ("Full Remote Access, AI Failure Detection") - are they forks of each other or just competitors? Looks like they have some kind of dick competition (and piss on everyone elses lawn as a sideeffect) O_o

(sorry if this is a stupid question, I'm not familiar with the Octoprint ecosystem. TBH I don't even own a 3D printer)

Fritz Adalis Jul 3, 2024

@foosel
These people are fucked up. Sorry you have to go through this.

DJGummikuh Jul 3, 2024

@foosel "I did it because I suspected OE did it" is by far the most moronic kind of excuse I can possibly think of. These people are the reason why we can't have nice things 🤬

Gina Häußge Jul 3, 2024

@DJGummikuh That was also what made me extreme-facepalm. It's not like I wouldn't have immediately investigated. Could have saved me and themselves a lot of time. But nooooooo. "If they cheat, so will I" ... fucking Kindergarten.

balloob Jul 3, 2024

@foosel ban those assholes. Kick them out. They don’t respect you, they don’t respect Octoprint nor its community.

Jim P.Jul 3, 2024

@foosel Yikes! Give them the entire boot. No mercy.

I can't fathom how someone could think that would ever be acceptable behavior.

__Miguel_Jul 2, 2024

@foosel Oh, jeez... When it rains, it pours... :|

DJGummikuh Jul 2, 2024

@foosel I am EXTREMELY wary of usage tracking so historically, my octoprint instance was not tracking. You just got one definitely not phoney instance more in your statistics 😄

tjhowse Jun 28, 2024

@foosel Very disappointing to hear about this scummy behaviour.

Rest assured: Octoprint is awesome, and your work is appreciated.

https://octoprint.org/support-octoprint/

Support OctoPrint

Working on OctoPrint takes a lot of time and effort. If you've come to love OctoPrint, consider supporting its ongoing development.

OctoPrint.org

gadgetoid Jun 28, 2024

@foosel I know from Ad click fraud and Boaty McBoatface that if you give people an inch they’ll take a mile- but sheesh, pumping a plug-in a few places up the stats page is… just why!?

I guess it’s at least a form of flattery that they found your project important enough to manipulate… 😬

But don’t sweat it too much- growth is a poor substitute to consistently putting out an awesome tool that people love and use! ❤️

gadgetoid Jun 28, 2024

@foosel I know it’s closing the door after the horse has bolted and volunteering unprompted suggestions. But I am incapable of leaving (literal) shower thoughts unsaid, so: you could remove the ranking from the top ten and shuffle them randomly on the public facing side 🤣

Gina Häußge Jun 28, 2024

@gadgetoid The top ten list was a requested feature by several plugin devs, and I totally get it, it's exciting to watch the movement on that list, especially if you have some skin in the game (and DON'T manipulate the data/have a fanboy manipulate the data... yes, I'm angry still).

But @do3cc just suggested to add some filtering functionality to be able to filter out commercial plugins, and I think that's a great idea that I'll look into implementing.

gadgetoid Jun 28, 2024

@foosel @do3cc now that’s a great idea!

Stats for devs is something I’d have a private log in for, but that would be way more effort and less conceptually “open source.” 🤣 I’m deeply stats pilled from my harrowing time at an affiliate marketing co 🫠

Gina Häußge Jun 28, 2024

@gadgetoid @do3cc I keep everything that I can static, so there's no login on the plugin repo or anywhere else on octoprint.org apart from the forums ;) The only thing I have going is a small oauth frontend-only forwarded thingy so that people can log in their GitHub account and use it to star plugin repos right from within the repo, but tbh I'm not sure that many even use that.

gadgetoid Jun 28, 2024

@foosel @do3cc sensible! Obviously the most effective way to prevent this would be for users not to take liberties and game the stats!

Interesting to know how you’re set up though. And now I’m side-eyeing a Bambu Lab plugin 🤣

Gina Häußge Jun 28, 2024

@gadgetoid Jim Neill aka jneilliii (the man of the many plugins) AFAIK has one brewing already ;)

Ryan Makes, Dreamscaper Jun 28, 2024

@foosel please take a little time to process and cleanse these feelings.

You are succeeding.
Your work is powering my practice, and many others too. I can hear my printer running now, and you are to thank.

This jank episode is a fruit of your success.

As your success grows, more haters and fakers and manipulators and capitalists and scammers, and every type of flim-flam artist will be trying to find an angle.

It may feel bad to spend efforts on defence, but valuable work needs protecting.

Gina Häußge Jun 28, 2024

@ryancoordinator I'm trying to look at it from that point of view, and it seems to help, thank you!

Harald now @ treehouse.systems Jun 28, 2024

@foosel very disappointed to see this. Rest assured that your work on Octoprint is still awesome what you did for hobby 3d printing is valued and cherished.

DJGummikuh Jun 28, 2024

@foosel you are doing a great job! And I mean that people find it worth their time to fakeboost your stats for whatever gain proves this more than anything if you ask me! All the best! 🤗

🇳🇱🇪🇺Jeroen🇺🇦🇺🇦🇺🇦🇺🇦Jun 28, 2024

@foosel How do you feel about OctoEverywhere's response? I mean it sounds sincere and all, but did they convince you it was not the main developer themselves? They do have a financial incentive after all. (To be clear: I'm not accusing them of anything)

Gina Häußge Jun 28, 2024

@jeroen94704 tbh, I'm just relying on clear evidence in my judgement here.

Their statement sounds plausible and there's no proof for or against it. I don't see a point in pushing this further, I'm pretty sure that whoever did this will not be doing it again given the outcome.

🇳🇱🇪🇺Jeroen🇺🇦🇺🇦🇺🇦🇺🇦Jun 28, 2024

@foosel As an aside, I totally dig the alternative logo with this blog post! Awesome detail.

Gina Häußge Jun 28, 2024

@jeroen94704 You've got @janinahimmen to thank for that, who is my best friend and the creator of Octavius ^^ She did an amazing job, and was kind enough to do it despite the heat wave here.

Patrick Gerken Jun 28, 2024

@foosel Personally I wouldn‘t mind if the list is filtered to only show plugins which do not require commercial services so that there world be no monetary incentive to game the list. Maybe have a second list for the other plugins which gets ranked by monthly donations without any count of installed base. But I don’t know if this has any legal implications.
I’m sorry that you got forced into this situation.

Gina Häußge Jun 28, 2024

@do3cc What you already have since of a few weeks ago is "commercial", "cloud" and "free tier" tags on plugins.octoprint.org, and with 1.11.0 those will also be shown in the internal plugin repo browser.

But that's a good point in allowing to filter based on that info, I'll look into adding that.

Olivier Saraja ☕️📚🦖🛸👻Jun 28, 2024

@foosel I cannot understand what the perpetrator was after. What are his gains at faking the stats ? Guenuine question, as I can’t see the point. 🤔 Take care, Gina…

Gina Häußge Jun 28, 2024

@oliviersaraja Boosting the stats of one single plugin, making it be on the top of all of them and thus more visible and seemingly interesting.

Olivier Saraja ☕️📚🦖🛸👻Jun 28, 2024

@foosel oooh, I understand. So the cultprit was Octoeverywhere (well, one of its community members) if I understand correctly. Well done for the analysis. Take care and have a good bouldering session to cleanse your mind 😁

Gina Häußge Jun 28, 2024

@oliviersaraja Exactly.

And no bouldering session today (that would also already have been done), I got my StroVac booster on Wednesday and my left arm is still just a thing of agony whenever I try to heave it over 90 degrees 😅

Olivier Saraja ☕️📚🦖🛸👻Jun 28, 2024

@foosel then have a good rest ☺️

Gina Häußge Jun 28, 2024

@oliviersaraja Hopefully soon, for now it's keeping an eye on the reactions to this thing and waiting for some more updates from OctoEverywhere 😅

But at least my AC is working fine.

Pxl Phile Jun 28, 2024

@foosel this may feel bad but you did a good job. I am using octo because it simply works, and others will agree. It's good though that you come clean with someone else's bad behavior, and that too is part of doing a good job.

Thank you for your work. I am sure you have the community's back. You rock. 💪🏽

Mike Shaver 🤷🏼‍♂️Jun 28, 2024

@foosel @sdwilsh we had a very similar experience with this early in Firefox’s arc, with an ad-blocking extension, but in that case it was the extension author doing it intentionally. very frustrating abuse of the commons. I’m sorry you’re having to deal with it

Gina Häußge Jun 28, 2024

@shaver @sdwilsh I've given OE a heads-up about this possibly also being a part of a supply chain attack, just in case.

he/him Jun 28, 2024

@foosel You are loved, your project is hugely important, and you are setting the standard in your field. You and your teams have a lot to be proud of.

Sandzwerg Jun 28, 2024

@foosel I get your frustration. That totally sucks. Good for you to spot it. Also I totally dig the adjusted mascot for the Blogpost. They look exactly like I would in the same place.

Trevor Flowers Jun 28, 2024

@foosel Supply chain manipulation is such a PITA, especially for generally open projects. Good job finding and sharing the shady behavior.
As always, thank you for your excellent work.

Nathan Byrd Jun 28, 2024

@foosel Wow, many for-profit companies could learn a thing or two from you about how to do a disclosure! Thank you for all of your work on Octoprint and as part of the open-source community. And don’t be disheartened, your project is loved by many, many people, is integral to many maker spaces and has helped everyone from professional builders to budding makers just learning about STEM.

Gina Häußge Jun 28, 2024

@cognitivegears Thank you so much!

Greg Saunier Jun 29, 2024

@foosel I am very sorry to read all this story Gina. I am sure you will find a way to move forward, courage. Thank you for all what you do 🙏

Gina Häußge Jun 29, 2024

@bear_lab Thank you for your words of encouragement! I'm still angry and sad that someone did this, but I am also not going to allow this thing to be the final straw.

Currently trying my best at distracting myself and doing stuff I enjoy (just finished the textblock of another book), come Monday I'll go back to some more investigation and prevention.

Greg Saunier Jun 29, 2024

@foosel Human can be very disappointing unfortunately. I think if you climb tomorrow you might pass something you couldn't before! 💪

Gina Häußge Jun 29, 2024

@bear_lab Next climbing session is scheduled for Tuesday, we'll see what I can do then ^^

Torsten Jun 29, 2024

@foosel Sorry to hear that, I love Octoprint and I am very grateful for your work!

Gina Häußge Jun 29, 2024

@falki Thank you! 💚