| ▲ | ekjhgkejhgk 4 hours ago |
| I know that GrapheneOS has almost a cult following on HN, but I'll make two comments. 1- GrapheneOS has a long history of long rants attacking people and projects. The leads will tell you that they're just correcting falsehoods etc, but a lot of companies/brands are target of falsehoods and don't bother to respond. I don't claim that GrapheneOS is wrong on anything they say, I'm just saying that these rants are a choice, and I see them as a red flag. 2- I once interacted with GrapheneOS on mastodon and I said something like the above. Something along the lines of "you know regardless of whether or not you're factually correct, these public attacks on other people companies are really bad for your image". Within 2 or 3 exchanged tweets they were threatening me with legal action. To me being a litigious project/person is an even bigger red flag than above. I have never in my life met someone who both lightly threatens legal action AND is an upstanding person. Just my opinion, don't get upset over it. EDIT: I just want to spell it out AGAIN - I don't claim that anything on their post is factually wrong, I have no idea. |
|
| ▲ | roughly 4 hours ago | parent | next [-] |
| Graphene is not a consumer brand and they do not intend to be a consumer brand. They do one thing: make as secure a phone OS as they can. That’s it. If you’re expecting them to do anything in a friendly way, it ain’t gonna happen, that’s not who they are or what they do. That will absolutely limit their scope and reach, but it also allows them to focus on the one thing they’re trying to do without making compromises. For contrast, Signal is a very secure messenger which also wants to be user friendly so as to get the largest user base they can, which leads to all kinds of compromises - everything that’s come out that looks like a vulnerability in Signal originates in some feature or capability added to make the product more user friendly. Graphene will not make those trades. Neither approach is de facto right - they spring from fundamentally different philosophies on how to maximize user safety, and both have been extremely successful in their missions, but you’ve gotta recognize what you’re looking at when you look at Graphene. |
| |
| ▲ | ryandrake 3 hours ago | parent | next [-] | | > They do one thing: make as secure a phone OS as they can. That’s it. If you’re expecting them to do anything in a friendly way, it ain’t gonna happen, that’s not who they are or what they do. These things are not mutually exclusive: You can make a great technical product while being friendly. You can make a great technical product while not being friendly. You can make a compromised or flawed technical product while being friendly. You can make a compromised or flawed technical product while being unfriendly. This comes up pretty often in other HN threads, unrelated to Graphene. There's this weird personality type who insists that they aren't legally obligated to be friendly or nice or pleasant, therefore it's fine for them to be unfriendly or jerks or unpleasant. | | |
| ▲ | HybridStatAnim8 25 minutes ago | parent | next [-] | | GrapheneOS needs to defend themselves. If there were less attacks, there would be more friendly interactions. They dont currently have much a choice in sounding neutral and objective, due to the attacks. | |
| ▲ | abnercoimbre 3 hours ago | parent | prev | next [-] | | As a community organizer for systems programmers: welcome to my world! I've finally made some headway after a decade, helped by the mass layoff apocalypse. (Turns out social skills help you stay solvent.) | |
| ▲ | 1attice 3 hours ago | parent | prev [-] | | Actually, you can't make a great product if you've alienated your allies, because all successes are intrinsically social, from the iPhone to Python to even the processor itself. Going it alone is that nineties libertarian romanticism, a persistent self-destructive tendency that in present market conditions is unsustainable | | |
| |
| ▲ | HybridStatAnim8 28 minutes ago | parent | prev | next [-] | | Well thats not true. There is little time to be friendly when they have to defend themselves so much. That doesnt mean they dont want to be. | |
| ▲ | orblivion an hour ago | parent | prev | next [-] | | It's not just about being friendly. If they have a bubble around them of employees, true believers, and people just afraid of speaking out that chills free expression of criticism, the truth has trouble getting out, which hurts trust. Still a user though. | | |
| ▲ | HybridStatAnim8 24 minutes ago | parent [-] | | GrapheneOS is open to all criticism. The issue is what is called criticism is often actually an attack that is trying to be downplayed or disguised. | | |
| ▲ | orblivion 13 minutes ago | parent [-] | | Maybe true, but but the flip side is that sometimes what is called an attack is actually criticism. That's how it appears to a lot of us from the outside. |
|
| |
| ▲ | ekjhgkejhgk 35 minutes ago | parent | prev | next [-] | | It's not about friendliness, it's about trust. Everybody else on this thread understood this. There's many examples of people being unfriendly and still coming across as someone of character, Linus Torvalds comes to mind. | |
| ▲ | fwipsy 4 hours ago | parent | prev | next [-] | | If they were doing that one thing, they would not have posted this. It's fine not to market to consumers, but this raises additional concerns about the founder's judgement. Someone else claimed that they deleted update signing keys for copperhead devices. That's seriously concerning if true; possibly bad enough to switch away from grapheneOS. | | |
| ▲ | microtonal an hour ago | parent | next [-] | | He deleted the signing keys because it looked like the other owner of Copperhead OS wanted to make the signing keys available to government agencies and/or criminal organizations. He deleted the signing keys to protect their users against malicious updates, which is the right thing to do and should increase trust in him and the project. It's worth actually reading the linked post. Relevant segment: In 2018, matters between Micay and Donaldson came to a head over Donaldson’s desire to pursue business deals with criminal organizations, and his attempts to compromise the security of CopperheadOS, including by proposing license enforcement and remote updating systems that would allow third-parties to have access to users’ phones. As part of this process, Donaldson began to demand that Micay provide Donaldson with the “signing keys” - i.e. the credentials required to verify the authenticity of releases of CopperheadOS. Donaldson advised that, in order to secure certain new business, potential customers required access to the Keys. The keys had been in continuous use by Micay, in his personal capacity, since before the incorporation of Copperhead. However, more importantly, any party with the keys could mark malicious software as “authentic”, and thereby infiltrate devices using CopperheadOS. Micay was unwilling to participate in that kind of security breach. Since Donaldson had control over certain infrastructure for the open source project, he would be able to incorporate (or hire others to incorporate) the privacy-damaging features described above for all future releases of CopperheadOS. Micay therefore deleted the keys permanently and severed ties with Copperhead and Donaldson. | | |
| ▲ | fwipsy 4 minutes ago | parent [-] | | Ah, thanks for setting me straight. That's reassuring. I think I would still have more respect and trust for GrapheneOS if they either didn't respond, or struck a more neutral tone; but that's more subjective. |
| |
| ▲ | HybridStatAnim8 22 minutes ago | parent | prev | next [-] | | Lol, no. Micay has never concealed this information, it has been publicly accessible on the GrapheneOS website for years. Deleting signing keys under threat of a hostile takeover is the mature thing to do. Would you rather them not have done that and compromise their users? Obviously not. | |
| ▲ | joyous_limes an hour ago | parent | prev [-] | | [dead] |
| |
| ▲ | antonvs 3 hours ago | parent | prev [-] | | I’d prefer that the people behind an OS I’m using on important devices be stable, for hopefully obvious reasons. | | |
|
|
| ▲ | Avamander 4 hours ago | parent | prev | next [-] |
| > Something along the lines of "you know regardless of whether or not you're factually correct, these public attacks on other people companies are really bad for your image" Sometimes they aren't even factually correct and get a bit upset about it when called out. Anyways, I have gotten the same impression and these seem like red flags to me as well. Which is why I'd take everything in that response with a mountain of salt (and I'd pay attention to what they're not saying). |
| |
|
| ▲ | Springtime 4 hours ago | parent | prev | next [-] |
| More context on experiences with Micay[1]. Also went on long rant at Louis Rossmann[2] in an very knee-jerk tone, which led Rossmann to stop using it despite being a long-term advocate for GOS, due to trust issues. Likewise I don't doubt they're talented. [1] https://news.ycombinator.com/item?id=36089104 [2] https://www.youtube.com/watch?v=4To-F6W1NT0 |
| |
| ▲ | HybridStatAnim8 16 minutes ago | parent | next [-] | | Micay was distressed due to ongoing circumstances. Rossmann choice to publicly blast what was supposed to be a private discussion, lied to his own viewers, twisted what was happening, etc. Also note Rossmann has an identity verified kiwifarms account. | |
| ▲ | joyous_limes an hour ago | parent | prev [-] | | [dead] |
|
|
| ▲ | HybridStatAnim8 29 minutes ago | parent | prev | next [-] |
| They dont have any history of attacking others. They have a history of defending themselves from attacks. Other organizations having the resources to continue despite the damage does not mean GrapheneOS can or should deal with the damage it causes. That makes no sense and its excusing horrible behaviour from attackers. They arent rants, the truth just often requires more words than a lie, such is the nature of computer science. As for part 2, Im really not sure what you expected to happen when you made a loaded statement erroneously accusing them of attacking others? |
|
| ▲ | fph 4 hours ago | parent | prev | next [-] |
| One of the main criteria to differentiate "rants" from "correcting falsehoods" is proper citing of sources. In the case of Grapheneos, unfortunately I often see very few sources in what they post online. (But, if you ignore the rants, that's a fantastic OS.) |
| |
|
| ▲ | Guvante 4 hours ago | parent | prev | next [-] |
| "They have a long history of long rants attacking people and projects" in response to a long post... You are very much saying that OP is an attack post. Or at least implying the point that it is tonally dissonant to claim otherwise. If you didn't believe it was wrong you would comment on the post but you are explicitly avoiding doing that. |
|
| ▲ | thenewnewguy 4 hours ago | parent | prev | next [-] |
| Do you have a link to the mastodon interaction where they threatened you with legal action? I ask because I'd be pretty disappointed in GrapheneOS over that kind of thing and it'd probably at least partially change my opinion of them, but it's better to validate these types of serious accusations and get the full context. |
| |
| ▲ | ekjhgkejhgk 33 minutes ago | parent [-] | | I don't. My very vague recollection is that I was alarmed and either deleted it or blocked them. So it either no longer exists, but even if it does I have zero interest in digging it out. I'm always anonymous on social media like HN and Mastodon, but who knows what one can discover if they're the kind of unhinged person who will dedicate enough time to doxing someone... |
|
|
| ▲ | its-summertime 3 hours ago | parent | prev | next [-] |
| Do you have links to #2 |
|
| ▲ | jimmySixDOF 4 hours ago | parent | prev | next [-] |
| Is there a similarly bombastic take on Motorola somewhere? |
|
| ▲ | busterarm 4 hours ago | parent | prev | next [-] |
| I'm a former Copperhead customer and GrapheneOS user. Daniel Micay has a history of absolutely unhinged behavior online to the point that 2.5 years ago community backlash to his public behavior basically forced him to step down from leading the project. Great project. It's hard for me to say if things have gotten better or worse since the change, but at the very least things had been quiet and drama-free for a few years. Finally. Until today that is. |
| |
| ▲ | HybridStatAnim8 10 minutes ago | parent | next [-] | | None of this is accurate. Community backlash was not what forced them to step down. The attacks, including attempted murder, was what led them to handing the lead dev position to a trusted project member. None of their behavior is unhinged, thats a horrible thing to say. And no, it has not been quiet for years, attacks have still been ongoing. | |
| ▲ | trueno 4 hours ago | parent | prev | next [-] | | i think a lot of attention is rightly attributed to like, i dunno say tiktok/ig "influencing" and how that can send people who gain a lot of notoriety off the deep end. it absolutely has. but so do software projects. not enough people talk about how software projects also offer up a similar kind of atmosphere: you're suddenly hyperconnected with a whole bunch of humans you don't know and are receiving feedback from people outside of your immediate community. "hackers" for all the interesting ways they've contributed to computer science over the decades also have branches spawned from the original chronically-online, highly-opinionated and sort of antisocial and poorly adjusted sects of civilization. being the face of a project is like pouring rocket fuel on whatever predispositions you might have, and on more than one occasion we've seen people go from occasionally unhinged person to seriously unhinged. this comes with a lot of bad outcomes for quite a few people, primarily it always has some serious amplification qualities to egos and narcissism. and for genuinely good and kind people who are just trying to share their value/contributions and are suddenly jettisoned into spotlights, we often see them suddenly step back and discontinue work on a project entirely. we often see these departures and think solely "must be burn out" and don't put much more thought into what that means. but we don't do enough to frame how software projects just elevate people into a position that most people don't do a good job in mentally and socially, and how it deteriorates the pieces of them that make them feel like they're valuable members of a community/tribe. some have luck making their project communities their tribe, but that's obviously a risky step to take. for many who have a successful project, sometimes it starts as the most validation they've ever received and then they don't know how to reconcile with the exponentially-widened audience when negative reception starts pouring in. daniel micay is just one of like.. many in these sorts of projects i've seen who are simply unfit for the role. for many reasons, i don't think he's a pleasant person at all. i don't have any answers here. i also see this in homebrew scenes for gaming, it's like my least-favorite human petri dish of software development enjoyers. lot of oddball developers in that space and quite a lot of incredibly dramatic fallouts and theatrics that seem to come with the anonymous nature of not tacking your real name / identity to a project, and a consuming audience that has zero idea what goes into development so the negative feedback/demands that come in are in their own way unhinged. | | |
| ▲ | busterarm 4 hours ago | parent [-] | | I'm well familiar with what you're talking about. I see it in the emulation space as well. Famously so with byuu/near. We have all of the parasocial behavior from bystanders as well. Cult mentalities and hero-worship. It's quite a strange phenomenon. | | |
| ▲ | trueno 2 hours ago | parent | next [-] | | oh god yeah the emulation space is absurd. | |
| ▲ | 1attice 3 hours ago | parent | prev [-] | | Welcome to the artworld. 19th century European artist culture resurfaces. Don't cut off your ear :) |
|
| |
| ▲ | cf100clunk 4 hours ago | parent | prev [-] | | [dead] |
|
|
| ▲ | 2 hours ago | parent | prev | next [-] |
| [deleted] |
|
| ▲ | unethical_ban 3 hours ago | parent | prev | next [-] |
| #1 imo is the fact that some orgs are resilient to libel, and some are heavily affected. If someone is lying about your security protect in order to harm your reputation, I don't find it odd to respond with some zeal. #2 on the other hand sounds unhinged, though no source is provided. Threatening legal action for broad criticism of project management is wild. |
| |
| ▲ | HybridStatAnim8 8 minutes ago | parent [-] | | Its not broad criticism, its attacks that use criticism as a false excuse. Defending themselves neutrally and objectively is not unhinged. |
|
|
| ▲ | bubblethink 2 hours ago | parent | prev [-] |
| [flagged] |
