Mastodawn

Gina Häußge Jun 28, 2024

So this was a whole shit show that as of now has cost me 2 days of investigation, clean-up, mitigation, will likely cost me more time & also feels extremely crappy all in all.

I'm just glad I didn't base any *really* important decisions on those manipulated numbers, that would have been REALLY bad.

Now I have to live with knowing that most of the growth I saw the past 2 years was likely faked, which feels quite terrible tbh. Feels like not doing a good job after all.

https://octoprint.org/blog/2024/06/28/stats-manipulation/

OctoPrint's anonymous usage stats were manipulated

OctoPrint's anonymous usage stats were manipulated, here's what we know

OctoPrint.org

Gina Häußge Jul 2, 2024

Well, the analysis and mitigation is ongoing, and in the process of that I found another ... thing. The verdict is still out on this being a case of a rampant running CI, or some weird VPN endpoint, or something evil. The traffic from the cloud IP I found was definitely organic, but still had some issues and also was too short lived per instance identifier.

Nuked everything from that source. Goodbye 100k instances 😢

Shitty week, really. And still not done with analysis and mitigation.

Gina Häußge Jul 3, 2024

Well. FFS 😡 Even more manipulation. Spent the whole day analysing again, compiled a report, confronted Obico about it and they admitted it. Will post about that on the OctoPrint blog tomorrow. I have no energy left today.

https://obico.io/blog/2024/07/03/my-apologies-for-the-mistake/

My apologies for the stupid and selfish mistake I made and the harm I have caused | Obico Knowledge Base

I'm writing this post to apologize to Gina Häußge, one of the most important and respectable person in 3D-printing community, as well as to the OctoPrint community for the stupid and selfish mistake I made and the harm I have caused:

Just did a round on the punching bag, with Limp Bizkit's "Break Stuff" blasting from the sound system.

Doesn't solve this of course, but at least the adrenaline is out of my system again. I can seriously not recommend it enough to have a punching bag in your office... And that's not a joke. I literally have that.

Gina Häußge Jul 4, 2024

And here's my post on round two of the shitshow that's been keeping me busy for the past week.

I just hope that's it for now, I'm completely and utterly drained by this, both emotionally and physically.

As a consequence of all of this, we've decided that commercial plugins will no longer get their stats tracked publicly, among some other consequences, effective as soon as I can implement the necessary filtering on the stats data exports.

https://octoprint.org/blog/2024/07/04/more-stats-manipulation/

More manipulation of OctoPrint's anonymous usage stats

It has barely been a week since I discovered that someone had been manipulating OctoPrint's anonymous usage stats in OctoEverywhere's favor, and now it has come to my attention that Obico has also been doing the same

OctoPrint.org

DJGummikuh Jul 4, 2024

@foosel I must say, despite the unspeakable amount of bullshit this entire situation is, I absolutely love the context-adjusted Octoprint Logos for this occasion 😅️

Gina Häußge Jul 4, 2024

@DJGummikuh Same! You got @janinahimmen to thank for it. When I told her about this second round of this whole shitshow, a few minutes later she sent that one to me. Made me laugh.

Zlasha Jul 4, 2024

@foosel Wow, as fucked up this egoistic bitch move is - esp in an open source environment, your handling of the incident is well thought out! Kudos

Graham Sutherland / Polynomial Jul 4, 2024

@foosel ugh, what a disappointing turn of events!

glad you've invoiced them for your time.

Gina Häußge Jul 4, 2024

@gsuberland we still will need to see if they actually will pay those invoices, but I really felt like this couldn't stay unpunished... if they don't, you can bet on that becoming public knowledge however

Harald now @ treehouse.systems Jul 4, 2024

@foosel they can be glad you don't sue them for https://dejure.org/gesetze/StGB/303b.html @gsuberland

§ 303b StGB - Computersabotage - dejure.org

Strafgesetzbuch § 303b - (1) Wer eine Datenverarbeitung, die für einen anderen von wesentlicher Bedeutung ist, dadurch erheblich stört, dass er 1. eine Tat...

dejure.org

Gina Häußge Jul 4, 2024

@oliof @gsuberland Thank you for that reminder, I'll bring that up should I get pushback from them.

Pxl Phile Jul 4, 2024

@oliof @foosel @gsuberland now that is really a good point you're bringing up here 👍🏽

Olivier Saraja ☕️📚🦖🛸👻Jul 4, 2024

@foosel Good move. Take a good rest.

gadgetoid Jul 4, 2024

@foosel I’m disappointed but I’m not surprised 😫 what a colossal betrayal of trust. I hope they make good on their promise and pay those invoices without question!

Greg Saunier Jul 4, 2024

@foosel Incredible... You're managing this all well (as usual) and I 100% agree with your decisions.

piofthings Jul 4, 2024

@foosel oh dear! Brilliant investigative work, but yeah, massive breach of trust and waste of your time!

Pxl Phile Jul 4, 2024

@foosel wow that was a shit show, and I am really sorry for how this ended up. I wished I could send consensual hugs per TCP. For now all I can say I understand your actions and feelings. For me both seem very valid, and I am glad you spoke out about your feelings as well.

Yet I hope this whole matter doesn't disturb you financially so much with blocking the culprits and removing them from the sponsor list.

Be well ❤️‍🩹

Cam Davidson-Pilon Jul 4, 2024

@foosel omg invoicing them is such a badass move 😎

Daniel 🏳️‍🌈 Jilg

@foosel @leah what a shitshow! I feel for you!

Daniel Gibson Jul 4, 2024

@foosel
at least the Obico guy owned up instead of attributing it to some anonymous "member of the community" or sth

but this is definitely a shitty situation and not publicly tracking commercial plugins anymore sounds like a reasonable consequence

Daniel Gibson Jul 4, 2024

@foosel
Just realized: OE claiming it was some community member and they didn't know about it is.. surprising.. as the Top 10 listed the number of instances, and as a commercial plugin I guess they know how many users they *really* have and should've noticed that the numbers were 3.5 times too high 🙃

Sandzwerg Jul 4, 2024

@foosel Take a

if you want. What a shit show

Gina Häußge Jul 4, 2024

@sandzwerg Thank you. And yes, indeed.

Alan Langford 🇨🇦🧤🧊摏 Jul 4, 2024

@foosel JFC. Even though I'm using Octo less (thanks for the closed ecosystem and GFY Bambu) this makes me queue up for a donation. If they suspected someone was jacking up stats, why TF didn't they just reach out? Fools!

Just know that your work is loved and appreciated.

David Jul 4, 2024

@foosel so sorry you've had to deal with this. What a steaming pile of shite. You deserve better for the work you've put in over the years. Years!

🪬🍄🌈🎮💻🚲🥓🎃💀🏴🛻♓🧿Jul 3, 2024

@foosel like a chainsaw!

Harald now @ treehouse.systems Jul 3, 2024

@foosel in your place I would send these people deferred invoices, going into force immediately on repeat occurrences.

Gina Häußge Jul 3, 2024

@oliof ... now that's an idea. To at least invoice the time taken now for all this analysis. I'll think about that. We are also discussing bans and such. But I'm not making any decisions today.

Harald now @ treehouse.systems Jul 3, 2024

@foosel you are showing an _enormous_ amount of civility and restraint. Kudos to that.

If I were to judge, these people owe you not only compensation for the cleanup time, but they also owe the community for the deception, something they will never be able to make up for in my opinion.

Zlasha Jul 3, 2024

I like this idea, though why as a deferred invoice? Just send them a normal invoice. Even if they did not pay, they would have to wittingly ignore the invoice and see how much in money quantified effort the have taken from @foosel and the community - leaving out the emotional harm that was caused.

normen Jul 3, 2024

@foosel Perfect 👌 Keep that GIF handy as an attachment for work mails "with emphasis" 😄

concretedog Jul 4, 2024

@foosel that overhand right **chefs kiss**