Even ignoring all the politics and crazy stuff from the "maintainer"; most of their contributions were just shuffling code around and causing a lot of breakage. The typical "but this looks nicer so its better" type of programmer, not the type of code I'd rely on personally.
I might be very wrong in every way but, string parsing and or manipulating and memoiziation... sound like a super strange combo? For the first you know you're already doing expensive allocations, but the 2nd is also not a pattern I really see apart from in JS codebases. Could you provide more context on how this actually bit you in the behind? memoizing strings seems like a complicated and error prone "welp it feels better now" territory in my mind so I'm genuinely curious.
The not knowing is the point. From a security perspective, you have to assume the worst.
And maybe that is F-Droid's point: Security through obscurity. If the build infrastructure with the signing keys is unknown, then it's that much harder for Bad Actor to do things like backdoor E2E encrypted communication apps. This is, of course, the weakness in E2E encryption in apps obtained from mainstream/commercial app stores. For all we know, these may already be backdoored depending on where it came from.
However, the obscurity makes F-Droid hard to trust as an outsider to the project.
Keep in mind this is also often caused by arbitrary "security" consultants that crap out a list of stuff you need to implement. Like jailbreak detection and the like.
One I repeatedly got back in the day was hilarious: "After uninstalling the app credentials stay present in the keychain". Yes thanks genius, I don't get to run code on uninstall.
Why would they ever make it obvious? It makes no sense. google just had the luck of political inaction, and eventually enshitified it further to the point where you might not know it was an ad.
For the same reasons why Google did it in the first place.
To not undermine trust into their product and because ads are lower quality than organic results, and by making them indistinguishable, it will make their product worse.
The chatbot market is still competitive, and while users may tolerate ads alongside their answers, they may not tolerate lower quality answers (that is ads disguised as answers). With Google search, they can get away with it because they are still the best even with the enshitification.
There is another reason why it is in their best interest to make it really obvious there are ads. Chatbots want you to pay directly, sometimes hundreds of dollars a month, they are not getting that kind of money with ads, so obnoxious ads are also a way to say "hey look, if you pay, you won't get ads". It doesn't mean ads won't make a comeback in paid tiers later, but not initially.
So, yes, lots of "probably", but my guess would go towards the first ads being obvious and flashy rather than subtle.
but google did erode trust in their product, and the american government went after them, so they "made it more obvious" which still really didnt change that most people dont care if something is sponsored and just look at the first result.
it's something that continually needs to be reenforced again and again. somebody will be made example of.
It’s interesting, it already is the former for niche areas in coding (e.g., basic web dev tasks). But as a whole for areas like social media or increased surveillance it could very well be a negative, and those affect a whole lot more people than coding and having more software would.
A good lesson. If you as an employer look at this history, and handle it in the interview appropriately (what did you learn / do better now for example) you can figure out if they did.
I'm sure lots won't, but if that is you as an employer you're worth nothing.
Curious what kind of deployments you are running with them? I only have personal stuff with Hetzner; but never had issues so far (bare metal in my case coz cheap for what I get and need).
reply