Re: [josm-dev] JOSM Plugin no_more_mapping
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 28/10/12 02:02, Frederik Ramm wrote: On 27.10.2012 15:14, colliar wrote: Hey I do not see any reason for deleting the source Maybe it was indeed an overreaction on my part to remove the source from SVN. Of course it is still accessible even if removed, but I have now reinstated it. I am however adamant that removing the compiled jar file from the dist directory, and thereby from the list of downloadable plugins in JOSM, was right. There may be educational value in the source code, but there is no value in having the plugin offered in JOSM for download. The fact that we are Open Source and trying to create as little hurdles as possible (anyone can get an SVN account, anyone can add their plugins to the list, even anonymous website users can add pointers to whatever) does not mean that we're openly inviting shenanigans. Only recently DWG had to block two vandals who were randomly deleting and falsifying data in OSM. When challenged, their response was: Yeah, we were just testing your security, and you should really do something about that. - I wanted to yell: We don't have any security and that's by design, to make mapping easier for everyone, and it is people like you who in the end force us to erect all these barriers and make life harder on everyone, but thanks for all your help! Same here. Some might find it a humorous way of pointing the finger at our vulnerabilities (if someone runs this without looking then he was asking for it!) but I don't find it all that funny. and wonder that it needs only one person to delete working code from svn. It only needs one person to add something bad, and this is by design - we don't want people to have to ask for permission first. Consequently, one person is also sufficient to remove something bad. The alternative is having a plugin task force that approves all plugins (and every update on every plugin...) and that can also be asked to remove ones which are thought to be problematic. As you already did admit your overreaction, thanks. I think it is much easier to include bad plugins in the list than using the OSM svn. Especially JOSM-trac is very liberal regarding submits but so far we do not have that many problems with this policy. Think so, we are talking about different issues, if someone known is submitting some code which I do not get the intention right away is way different than someone else who is just capitalising his/her freedom. Ciao colliar -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEAREIAAYFAlCNQuwACgkQalWTFLzqsCtHSwCbBM45r40zC/1w1YPndf5ZXpSS A10An0fRy6wbtLtOsv4GRh3wnM5+QsDq =KHeP -END PGP SIGNATURE- ___ josm-dev mailing list josm-dev@openstreetmap.org http://lists.openstreetmap.org/listinfo/josm-dev
Re: [josm-dev] JOSM Plugin no_more_mapping
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 20/10/12 23:22, Russell Edwards wrote: My 0.02 on this storm in a teacup. Isn't all of this one of the key points about open source software? The source is open. Ordinary users can place a degree of trust in it because others in the community will review code for safety. And that's exactly what we've just seen on this list. Any ordinary user who doesn't trust others to do this for him/her can educate him/herself and vet the source code personally. Exactly, open source. I do not get it. Ilya already did write that he would extend/update the warnings/docu. * It is open source and every user is responsible for himself as this software comes without warrenty. * It is warning * It is no malware I do not see any reason for deleting the source and wonder that it needs only one person to delete working code from svn. Please, undelete it and open up a wider discussion about this issue. Thanks colliar -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEAREIAAYFAlCL3iwACgkQalWTFLzqsCsSOgCgy4Lt2P1Zeztgzfq6TW3YyTH2 rsgAn0Li01QNbbH+lVzeObt0bLkE0jIj =wyjo -END PGP SIGNATURE- ___ josm-dev mailing list josm-dev@openstreetmap.org http://lists.openstreetmap.org/listinfo/josm-dev
Re: [josm-dev] JOSM Plugin no_more_mapping
Hi, On 27.10.2012 15:14, colliar wrote: I do not see any reason for deleting the source Maybe it was indeed an overreaction on my part to remove the source from SVN. Of course it is still accessible even if removed, but I have now reinstated it. I am however adamant that removing the compiled jar file from the dist directory, and thereby from the list of downloadable plugins in JOSM, was right. There may be educational value in the source code, but there is no value in having the plugin offered in JOSM for download. The fact that we are Open Source and trying to create as little hurdles as possible (anyone can get an SVN account, anyone can add their plugins to the list, even anonymous website users can add pointers to whatever) does not mean that we're openly inviting shenanigans. Only recently DWG had to block two vandals who were randomly deleting and falsifying data in OSM. When challenged, their response was: Yeah, we were just testing your security, and you should really do something about that. - I wanted to yell: We don't have any security and that's by design, to make mapping easier for everyone, and it is people like you who in the end force us to erect all these barriers and make life harder on everyone, but thanks for all your help! Same here. Some might find it a humorous way of pointing the finger at our vulnerabilities (if someone runs this without looking then he was asking for it!) but I don't find it all that funny. and wonder that it needs only one person to delete working code from svn. It only needs one person to add something bad, and this is by design - we don't want people to have to ask for permission first. Consequently, one person is also sufficient to remove something bad. The alternative is having a plugin task force that approves all plugins (and every update on every plugin...) and that can also be asked to remove ones which are thought to be problematic. Bye Frederik -- Frederik Ramm ## eMail frede...@remote.org ## N49°00'09 E008°23'33 ___ josm-dev mailing list josm-dev@openstreetmap.org http://lists.openstreetmap.org/listinfo/josm-dev
Re: [josm-dev] JOSM Plugin no_more_mapping
On 10/19/2012 10:36 PM, Frederik Ramm wrote: Hi, Someone noticed that there is a plugin called no more mapping which claims to stop JOSM from working forever. The plugin has been added to SVN by user zverik and it seems to be a relatively harmless prank. I don't know the motivation but if the motivation was to demonstrate that even bad plugins can easily be offered by JOSM to the unsuspecting user then it succeeded ;) I will remove it from SVN now. Zverik, are you reading this? Can you explain why you did that? I think there is no harmful intent, but the target audience is power mappers that are suffering from OSM addiction. In this case the plugin is supposed to help you concentrate on things other than mapping. Sometimes users install a bunch of plugins (all of them in extreme cases) without reading the plugin description. If you unintentionally install this plugin, it will be very irritating, so I agree we shouldn't keep it in the main plugin repository. Paul ___ josm-dev mailing list josm-dev@openstreetmap.org http://lists.openstreetmap.org/listinfo/josm-dev
[josm-dev] JOSM Plugin no_more_mapping
Hi. Paul got it right, I've made this plugin just because there has to be an option. It even counted days without mapping. My record is a week. As for installing without reading, I've made all the precautions possible. There was a big warning in plugin list, standing-out red icon and extensive instructions on how to disable it after it's been installed. I'd put more warnings if there was a way. I guess the user that was offended didn't even try to install it. And based on his words it got removed along with the source code. Oh well. Have fun knowing that any of your plugins could be deleted because someone didn't like the description. IZ ___ josm-dev mailing list josm-dev@openstreetmap.org http://lists.openstreetmap.org/listinfo/josm-dev
Re: [josm-dev] JOSM Plugin no_more_mapping
On Fri, 19 Oct 2012, Frederik Ramm wrote: Someone noticed that there is a plugin called no more mapping which claims to stop JOSM from working forever. The plugin has been added to SVN by user zverik and it seems to be a relatively harmless prank. I don't know the motivation but if the motivation was to demonstrate that even bad plugins can easily be offered by JOSM to the unsuspecting user then it succeeded ;) I've seen and checked it and considered it relatively harmless :-) Not useful, but also not dangerous. Ciao -- http://www.dstoecker.eu/ (PGP key available) ___ josm-dev mailing list josm-dev@openstreetmap.org http://lists.openstreetmap.org/listinfo/josm-dev
Re: [josm-dev] JOSM Plugin no_more_mapping
Hi, On 10/20/2012 03:51 PM, Dirk Stöcker wrote: I've seen and checked it and considered it relatively harmless :-) Not useful, but also not dangerous. It is certainly not dangerous. But it only took a day on talk-de for someone to suggest that the next plugin is probably going to be upload your bank data to fraudsters. On the one hand, this has the positive effect of heightening people's awareness - you can't trust a JOSM plugin to do only good, you have to read the description (and ideally the source). On the other hand, we *want* people to update frequently, instead of waiting until they have the time to actually read through the description or even source code yet again. We want them to trust us that we do the right thing. There is a market for editors out there, and our editor, JOSM, is one of the products. We are in friendly competition with other editors and we want to make our editor the best one, at least I think we do. Offering a plugin that bricks JOSM, even if meant as a tongue-in-cheek feature, makes it too easy for JOSM's detractors. I can already see the snarky Twitter comments such jokes might lead to - and the resulting image is JOSM, the editor that stops working as soon as you hit one wrong button. Bye Frederik -- Frederik Ramm ## eMail frede...@remote.org ## N49°00'09 E008°23'33 ___ josm-dev mailing list josm-dev@openstreetmap.org http://lists.openstreetmap.org/listinfo/josm-dev
Re: [josm-dev] JOSM Plugin no_more_mapping
2012/10/20 Frederik Ramm frede...@remote.org: There is a market for editors out there, and our editor, JOSM, is one of the products. We are in friendly competition with other editors and we want to make our editor the best one, at least I think we do . I can already see the snarky Twitter comments such jokes might lead to - and the resulting image is JOSM, the editor that stops working as soon as you hit one wrong button. nice idea, here it is: https://twitter.com/dieterdreist/status/259719381368586240 (didn't want to steal this from you, but I thought you would never post it yourself). Following your ideas above I was remembered of the old marketing verdict, that also bad news can be useful (raise popularity). cheers, Martin ___ josm-dev mailing list josm-dev@openstreetmap.org http://lists.openstreetmap.org/listinfo/josm-dev
Re: [josm-dev] JOSM Plugin no_more_mapping
On Sat, 20 Oct 2012, Frederik Ramm wrote: I've seen and checked it and considered it relatively harmless :-) Not useful, but also not dangerous. It is certainly not dangerous. But it only took a day on talk-de for someone to suggest that the next plugin is probably going to be upload your bank data to fraudsters. On the one hand, this has the positive effect of heightening people's awareness - you can't trust a JOSM plugin to do only good, you have to read the description (and ideally the source). On the other hand, we *want* people to update frequently, instead of waiting until they have the time to actually read through the description or even source code yet again. We want them to trust us that we do the right thing. Nobody should trust JOSM. Users should always be aware of the fact that all software can be malicious. If a joke helps remembering that fact then it was not only funny, but helpful. Even if I would check every single line of new JOSM code (which I don't do) I would not be able to prevent bad code. There is a market for editors out there, and our editor, JOSM, is one of the products. We are in friendly competition with other editors and we want to make our editor the best one, at least I think we do. Offering a plugin that bricks JOSM, even if meant as a tongue-in-cheek feature, makes it too easy for JOSM's detractors. I can already see the snarky Twitter comments such jokes might lead to - and the resulting image is JOSM, the editor that stops working as soon as you hit one wrong button. Well. I'm relatively liberal. As long as it does no harm I tend to leave the developers a lot of freedom. We are still doing OpenSource here. If somebody expects industrial standards, then he can pay for it. In this case a JOSM license probably would be around 5.000 to 10.000 Euro and a warranty probably something like 5 times of that value a year. Developing OpenSource should still make fun and a joke sometimes is ok I think :-) I myself will not fight against such stuff, but I will also not encourage that. Ciao -- http://www.dstoecker.eu/ (PGP key available) ___ josm-dev mailing list josm-dev@openstreetmap.org http://lists.openstreetmap.org/listinfo/josm-dev
Re: [josm-dev] JOSM Plugin no_more_mapping
On 10/20/2012 03:35 PM, Ilya Zverev wrote: Hi. Paul got it right, I've made this plugin just because there has to be an option. It even counted days without mapping. My record is a week. As for installing without reading, I've made all the precautions possible. There was a big warning in plugin list, standing-out red icon and extensive instructions on how to disable it after it's been installed. I'd put more warnings if there was a way. If all these warnings are necessary, this is a good indication, the plugin isn't suitable for the main repository. I'm afraid, many users won't get the humorous part and will just be irritated. I guess the user that was offended didn't even try to install it. And based on his words it got removed along with the source code. The source code is still available in the svn history: https://trac.openstreetmap.org/browser/subversion/applications/editors/josm/plugins/no_more_mapping?rev=28821 Oh well. Have fun knowing that any of your plugins could be deleted because someone didn't like the description. I don't see that happening to the other plugins you wrote - they are actually useful. ;) Paul ___ josm-dev mailing list josm-dev@openstreetmap.org http://lists.openstreetmap.org/listinfo/josm-dev
Re: [josm-dev] JOSM Plugin no_more_mapping
My 0.02 on this storm in a teacup. Isn't all of this one of the key points about open source software? The source is open. Ordinary users can place a degree of trust in it because others in the community will review code for safety. And that's exactly what we've just seen on this list. Any ordinary user who doesn't trust others to do this for him/her can educate him/herself and vet the source code personally. Russell ___ josm-dev mailing list josm-dev@openstreetmap.org http://lists.openstreetmap.org/listinfo/josm-dev