It is highly disturbing that you would go through my private profiles and nicknames to prove what? Ever heard of nicknames on the Internet? Ever heard a person can have multiple projects over the many years?
I published an open source library, it is not even v1.0 yet.
I think it’s reasonable: just look at how many scams there have been over the last few years since cryptocurrency made it so easy to convert running code into money. The open source world is not what it was a couple decades ago and it’s reasonable to have the discussion about how to trust someone in a way which might have seemed obsessive twenty years ago, similar to how we used to think realistic faked images were hard to make and thus uncommon but now have to think about provenance for everything.
The point is that there was exactly nothing of suspicion.
This was to correct the doubt that the HN poster was not the same person as the GitHub user.
Conceding to you that a search can be useful, GP could've stopped at "The github is old and the person has other reputable projects". There was no reason to expand to the LinkedIn.
If there is something of suspicion or not lies in the eye of the beholder.
Only LinkedIn showed the link between the HN profile and the Github profile, because it lists both the project mentioned on the HN profile as well as the project listed in the Github profile.
> If there is something of suspicion or not lies in the eye of the beholder.
That may tell more about the beholder than you think.
> Only LinkedIn showed the link between the HN profile and the Github profile, because it lists both the project mentioned on the HN profile as well as the project listed in the Github profile.
What if there was no link between the HN profile and GitHub, then? Would you conclude that, because you can't reliably link the HN profile to the GitHub profile (that was independently already trustworthy), this would make the project seem suspicious?
In other words -- Would your projects be more suspicious, if I, a total stranger, made Show HNs about them?
If it were a legitimately suspicious issue, I’d think sharing was the right thing to do.
I disagree with the idea that having multiple nicknames is suspicious, though. But, if that is something the poster believes, I guess I can see why they’d share it.
I am absolutely, perfectly, 100% fine with how OP structures, manages, names, and presents his online profiles.
After the latest fun incidents with NPM and others, I just wanted to make a point how the way the project is currently "marketed" and distributed — and again, PERFECTLY fine for a first draft and "look what I built" — might stand in the way of it getting further traction.
And I did so in a very stream-of-consciousness way, trying to illustrate what I mean by "Trust & Safety issue".
I still don’t see the issue. There’s a HackerNews account and a GitHub account. The HackerNews account could be some random person.
All of the other aspects of identity are on the other side, the GitHub account with the real name, other projects, a reputation. So then, consider the Hackernews account to be some random, start the check-out at the GitHub, and you don’t see anything particularly suspicious.
This is a public web site hosted on Github, and it belongs to the Github user matisojka, whose public Github profile is at https://github.com/matisojka, containing, in public, the full name "[name-redacted]" — put there by no other than yourself!
You came here to promote your tool, asking for feedback ("Curious if the HN crowd finds it useful"), so YOU expect me to download and run YOUR software on MY system, and therefore trusting your software to not wreck havoc on my personal computer system.
And then flip out if I dare to do a quick, superficial cross-check on whose software I'm installing? Using only public information that you yourself put onto the Internet on public pages yourself?
Are you seriously suggesting that I broke into private web sites or computer systems in order to illegally retrieve information that was not meant for public eyes? Like, seriously?
"go through my private profiles" -> can you point at a SINGLE private profile that I went through? Just ONE?
You asked for feedback. Your literally wrote "AMA" — "Ask me anything".
And all I did was just that: asking you to understand that if you want this project to gain traction, that the nature of the way it is currently distributed, and the way that the Apple ecosystem treats it, might be a roadblock for this.
A roadblock for a project that I love and want to see succeed.
you could have avoided all that (including all the awkwardness) just by inspecting the open-source source code, my man. no need to google the author to see if he passes your personal "sniff tests". Have you done that for the authors of your OS, your browser, and your routers too?o I mean, Apple isn't even open-source; they could be sending all manner of things to their servers that you wouldn't be happy about, and you wouldn't know
And since when does publishing open source software require you to present any credentials at all? I am not hiding anything, I just published using my regular accounts - some of which I have been using for more than a decade.
Where exactly did I say that "publishing open source software require[s] you to present any credentials"?
That is not the point of my original comment.
The point of my original comment was that downloading and using software from the Internet is a process that requires trust, at least if you want your project to gain traction, and that this specific project might have — at least to some people — road blocks in this regard.
The perspective is that it is a free project shared on Github which prompts a OS-level warning message on macOS, which might certainly intimidate some people.
I really want to see this project succeed, and thus gave feedback on this — what else is a "Show HN" good for, then?
But you're raising the alarm over a standard expectation which suggests an unfamiliarity with the norms here. It's like you're confusing it with an anti-virus alert. They already know about the warning since that's what all software does on macOS until it's notarized.
For them to avoid that Gatekeeper warning, they would have to pay Apple $100 and then notarize their executable through Apple for their hobby project with 30 commits.
This isn't something we'd expect OP to do for this project.
Also the Gatekeeper warning is kind of a norm among developer tools. You can see it in much more popular projects. Just today `brew install --cask syncthing` triggered it when I went to open it. You're trying to be helpful but I hope you find this comment helpful as well.
Finally, all of that is beside the issue of digging up someone's linkedin profile and pseudonyms for the crime of sharing a tool with us that wasn't notarized with a $100 Apple permission slip.
A lack of such a prompt would mean nothing from security point of view. It's not like you run a program you used regularly and now all of a sudden such a warning appears (as if someone replaced the program's binary with another one). You did download this program manually from the internet, the warning is basically just about that.
Yes, but the target group of this project is not "me". It's potentially many people, and I assume (maybe incorrectly) that the author wants their project to succeed and gain traction.
It is highly disturbing that you would go through my private profiles and nicknames to prove what? Ever heard of nicknames on the Internet? Ever heard a person can have multiple projects over the many years?
I published an open source library, it is not even v1.0 yet.
I kindly ask you to delete this comment.
The act of looking is normal. Running your code on their computer requires a lot of trust, after all.
But there’s nothing suspicious about having multiple nicknames. I don’t really get what they are talking about there.
Looking is. Sharing, I'm not so sure? At least for me, it crosses a boundary.
Especially since it's looking and sharing for something as irrelevant as "HN name doesn't check out!"
I think it’s reasonable: just look at how many scams there have been over the last few years since cryptocurrency made it so easy to convert running code into money. The open source world is not what it was a couple decades ago and it’s reasonable to have the discussion about how to trust someone in a way which might have seemed obsessive twenty years ago, similar to how we used to think realistic faked images were hard to make and thus uncommon but now have to think about provenance for everything.
The point is that there was exactly nothing of suspicion.
This was to correct the doubt that the HN poster was not the same person as the GitHub user.
Conceding to you that a search can be useful, GP could've stopped at "The github is old and the person has other reputable projects". There was no reason to expand to the LinkedIn.
If there is something of suspicion or not lies in the eye of the beholder.
Only LinkedIn showed the link between the HN profile and the Github profile, because it lists both the project mentioned on the HN profile as well as the project listed in the Github profile.
> If there is something of suspicion or not lies in the eye of the beholder.
That may tell more about the beholder than you think.
> Only LinkedIn showed the link between the HN profile and the Github profile, because it lists both the project mentioned on the HN profile as well as the project listed in the Github profile.
What if there was no link between the HN profile and GitHub, then? Would you conclude that, because you can't reliably link the HN profile to the GitHub profile (that was independently already trustworthy), this would make the project seem suspicious?
In other words -- Would your projects be more suspicious, if I, a total stranger, made Show HNs about them?
You're seeing my point, don't you?
If it were a legitimately suspicious issue, I’d think sharing was the right thing to do.
I disagree with the idea that having multiple nicknames is suspicious, though. But, if that is something the poster believes, I guess I can see why they’d share it.
I am absolutely, perfectly, 100% fine with how OP structures, manages, names, and presents his online profiles.
After the latest fun incidents with NPM and others, I just wanted to make a point how the way the project is currently "marketed" and distributed — and again, PERFECTLY fine for a first draft and "look what I built" — might stand in the way of it getting further traction.
And I did so in a very stream-of-consciousness way, trying to illustrate what I mean by "Trust & Safety issue".
I still don’t see the issue. There’s a HackerNews account and a GitHub account. The HackerNews account could be some random person.
All of the other aspects of identity are on the other side, the GitHub account with the real name, other projects, a reputation. So then, consider the Hackernews account to be some random, start the check-out at the GitHub, and you don’t see anything particularly suspicious.
Private if they are on the Internet? They are not private at all. Your answer to the OP comment is frankly... wrong.
I guess you are partially right. Still, this feels much unsolicited.
Frankly, I second that sentiment.
I'm not sure how extensive your search was to find OP's LinkedIn, but it's clearly not in his HN profile, and that's enough to be unwarranted imho.
I say this with the utmost respect, but: are you guys serious?
It was YOU, iagooar, who posted a "Show HN" here with a link to the following URL: https://github.com/matisojka/qqqa
This is a public web site hosted on Github, and it belongs to the Github user matisojka, whose public Github profile is at https://github.com/matisojka, containing, in public, the full name "[name-redacted]" — put there by no other than yourself!
You came here to promote your tool, asking for feedback ("Curious if the HN crowd finds it useful"), so YOU expect me to download and run YOUR software on MY system, and therefore trusting your software to not wreck havoc on my personal computer system.
And then flip out if I dare to do a quick, superficial cross-check on whose software I'm installing? Using only public information that you yourself put onto the Internet on public pages yourself?
Are you seriously suggesting that I broke into private web sites or computer systems in order to illegally retrieve information that was not meant for public eyes? Like, seriously?
"go through my private profiles" -> can you point at a SINGLE private profile that I went through? Just ONE?
You asked for feedback. Your literally wrote "AMA" — "Ask me anything".
And all I did was just that: asking you to understand that if you want this project to gain traction, that the nature of the way it is currently distributed, and the way that the Apple ecosystem treats it, might be a roadblock for this.
A roadblock for a project that I love and want to see succeed.
you could have avoided all that (including all the awkwardness) just by inspecting the open-source source code, my man. no need to google the author to see if he passes your personal "sniff tests". Have you done that for the authors of your OS, your browser, and your routers too?o I mean, Apple isn't even open-source; they could be sending all manner of things to their servers that you wouldn't be happy about, and you wouldn't know
> inspecting the open-source source code
But how does one open the open-source source code?
Definitely don't look at any Github profile names while doing so please!
So if the random guy who posted it on HN wasn't the OP, it would've been a thousand times more untrustworthy, obviously?
I don't see your point, and I squinted very hard.
And since when does publishing open source software require you to present any credentials at all? I am not hiding anything, I just published using my regular accounts - some of which I have been using for more than a decade.
Where exactly did I say that "publishing open source software require[s] you to present any credentials"?
That is not the point of my original comment.
The point of my original comment was that downloading and using software from the Internet is a process that requires trust, at least if you want your project to gain traction, and that this specific project might have — at least to some people — road blocks in this regard.
Mate, it's a free project on github they shared with us. Let's keep things in perspective.
The perspective is that it is a free project shared on Github which prompts a OS-level warning message on macOS, which might certainly intimidate some people.
I really want to see this project succeed, and thus gave feedback on this — what else is a "Show HN" good for, then?
But you're raising the alarm over a standard expectation which suggests an unfamiliarity with the norms here. It's like you're confusing it with an anti-virus alert. They already know about the warning since that's what all software does on macOS until it's notarized.
For them to avoid that Gatekeeper warning, they would have to pay Apple $100 and then notarize their executable through Apple for their hobby project with 30 commits.
This isn't something we'd expect OP to do for this project.
Also the Gatekeeper warning is kind of a norm among developer tools. You can see it in much more popular projects. Just today `brew install --cask syncthing` triggered it when I went to open it. You're trying to be helpful but I hope you find this comment helpful as well.
Finally, all of that is beside the issue of digging up someone's linkedin profile and pseudonyms for the crime of sharing a tool with us that wasn't notarized with a $100 Apple permission slip.
A lack of such a prompt would mean nothing from security point of view. It's not like you run a program you used regularly and now all of a sudden such a warning appears (as if someone replaced the program's binary with another one). You did download this program manually from the internet, the warning is basically just about that.
Yes, but the target group of this project is not "me". It's potentially many people, and I assume (maybe incorrectly) that the author wants their project to succeed and gain traction.
Hey dang, can you please remove the above comment 45834359, as per iagooar's request?
I don't see an option for removal on the HN ui.
Same for 45834692 if possible, as this also contains the name.