More manipulation of OctoPrint's anonymous usage stats
Gina Häußge, creator of OctoPrint, uncovered manipulation of usage stats by Obico, leading to dropped sponsorship and invoicing for cleanup. Changes to handling commercial plugins planned to prevent future manipulation. Gina to take a break for recovery.
Read original article
The creator of OctoPrint, Gina Häußge, discovered manipulation of the project's anonymous usage stats by Obico, following a similar incident with OctoEverywhere. Upon investigation, irregularities were found in the data, with instances showing biased usage of Obico and discrepancies in reported versions. Obico admitted to manipulating the stats to boost their plugin's ranking, expressing regret for not coming clean earlier. Gina dropped Obico as a sponsor and plans to invoice both Obico and OctoEverywhere for cleanup efforts. Changes will be made to how commercial plugins are handled, including no longer publicly tracking stats for them. Gina expressed exhaustion and disappointment over the situation, emphasizing the need to prevent further manipulation of usage stats critical for the project. Despite upcoming commitments, Gina plans to take a break to process the events. The community's support has been crucial, but Gina aims to address the issue and recharge before moving forward.
Related
Backdoor slipped into multiple WordPress plugins in ongoing supply-chain attack
A supply-chain attack compromised 36,000 websites using backdoored WordPress plugins. Malicious code added to updates creates attacker-controlled admin accounts, manipulating search results. Users urged to uninstall affected plugins and monitor for unauthorized access.
Open Sourcing Kinopio
The creator of Kinopio, a thinking canvas app, open sources the kinopio-client app on its 5th anniversary. Users can now run, modify, and enhance the lightweight app (~220kb) locally or on the kinopio-server. This move aims to foster community contributions despite potential risks.
OctoPrint's anonymous usage stats were manipulated
Gina Häußge discovered fake tracking events manipulating OctoPrint's usage statistics. Perpetrators simulated outdated software instances, leading to data cleanup and preventive measures. OctoEverywhere acknowledged the incident, pledging collaboration for resolution.
Dev rejects CVE severity, makes his GitHub repo read-only
The 'ip' project's developer, Fedor Indutny, made the GitHub repository read-only due to a disputed CVE report (CVE-2023-42282) about 'node-ip' misidentifying private IP addresses. This incident underscores challenges with inexperienced CVE filings.
Mozilla is an advertising company now
Mozilla acquires Anonym, a privacy-focused advertising company founded by ex-Facebook executives. Integration aims to balance privacy and advertising. Critics question Mozilla's advertising shift, prompting users to explore alternative privacy-centric browsers.
2 commentsThat said, the actual consequences of the stats being manipulated on the project as a whole seems rather low? Someone was able to unfairly win a popularity contest for a while... Not a big deal. From Octoprint side it seems to be have been handled professionally and with integrity. If anything I think it increases my respect and trust for the project. So I hope the maintainer finds some time to sit back and relax, see that this was not a big problem in the grand scheme of things. One can laugh at these petty companies that are trying to game the high score list by cheating.
When you have a "community" the games are endless, and need not have any connection to the original purposes.
why does a simple tool need to have a community? Why must popularity contests and personality cults be a factor in our software? How can such things lead to better software? Aren't they much more likely to lead to results like this?
Related
Backdoor slipped into multiple WordPress plugins in ongoing supply-chain attack
A supply-chain attack compromised 36,000 websites using backdoored WordPress plugins. Malicious code added to updates creates attacker-controlled admin accounts, manipulating search results. Users urged to uninstall affected plugins and monitor for unauthorized access.
Open Sourcing Kinopio
The creator of Kinopio, a thinking canvas app, open sources the kinopio-client app on its 5th anniversary. Users can now run, modify, and enhance the lightweight app (~220kb) locally or on the kinopio-server. This move aims to foster community contributions despite potential risks.
OctoPrint's anonymous usage stats were manipulated
Gina Häußge discovered fake tracking events manipulating OctoPrint's usage statistics. Perpetrators simulated outdated software instances, leading to data cleanup and preventive measures. OctoEverywhere acknowledged the incident, pledging collaboration for resolution.
Dev rejects CVE severity, makes his GitHub repo read-only
The 'ip' project's developer, Fedor Indutny, made the GitHub repository read-only due to a disputed CVE report (CVE-2023-42282) about 'node-ip' misidentifying private IP addresses. This incident underscores challenges with inexperienced CVE filings.
Mozilla is an advertising company now
Mozilla acquires Anonym, a privacy-focused advertising company founded by ex-Facebook executives. Integration aims to balance privacy and advertising. Critics question Mozilla's advertising shift, prompting users to explore alternative privacy-centric browsers.