PHP-FIG Membership reevaluation

[pedrofr...@gmail.com]

Hello.

I’d like to start a discussion about PHPixie’s membership in this group.

As some of you are probably aware by now, Dracony defrauded numbers by astroturfing and making use of bots to leverage packagist installs, github stars and general usage of his framework.

Before we continue, I’d like to remember some of his history here.

1) Dracony’s first application was denied MOSTLY due to lack of popularity.

“-1 from Laravel for lack of significant user base that would be effected by any FIG standards.”

“Historically, we only admitted projects with a reasonably large userbase = influence. Can you give any (verifiable) usage numbers of PHPixie? The number of stars/forks on GitHub is not convincing.” (Bernard Schussek)

“I agree with Bernhard that the userbase and influence of PHPixie is limited.” (Doctrine)

“Agree with Taylor, there is a definite lack of user-base, and this has been used to bounce small projects in the past.” (phil sturgeon)

(and many others)

2) Dracony has since been caught with fake accounts on Reddit, astroturfing PHPixie. Here’s some evidence: https://gist.github.com/AndrewCarterUK/96bf6fae02ef8b93f93b. He was banned for a few days, his alt accounts were permabanned.

3) Dracony has been caught benefitting from bots starring his github repository: Proof: https://twitter.com/dracony_gimp/status/727790568420585472 (backup to Andrew's reply: https://twitter.com/AndrewCarterUK/status/728335760001241088, in case he deletes). Github detected the bot usage and removed said stars.

4) And now, Andrew Carter has released a study in which he estimates (with enough reasonable evidence) that 95% of packagist installs are fradulent: http://andrewcarteruk.github.io/programming/2016/05/09/phpixie-fraud.html.

Since this group considers project popularity important to a member’s application and that such member has defrauded such statistics, his admission should be voided. If his admission can't be voided, members from this group should consider banning this project from this group for using such unethical tactics.

As additional reasons, unlike most projects here, PHPixie still only has 1 maintainer. The project was also involved in many controversies (such as the previous sexist logo). In my personal opinion, his membership here not only aggregates little to no value, but, as of right now, actually taints this group’s reputation.

Since this group doesn’t have a proper complaint channel, I’ll leave this discussion here. I'm not a member, so I'm not sure if anyone can request a membership reevaluation. If I can't, I'll just leave this as a complaint, and leave to the members to judge and to decided what to do next.

[Dracony]

I made a point of not participating in these witchhunts anymore, but since it made it's way all the way here, I'll post once more from the start.

e

1) PHPixie joined the group in September it had just over a hundered daily installs till then, so you cant say it was it's current statistics that got Pixie to be accepted. Even with a hundred installs per day Pixie still had more stars and downloads than some other FIG members at the time. I can't say I am not happy aboout it getting over a 1000 installs per day now, but I just checked the packagist graph and it does seem like there was a spike a few month ago ( again way later than wehn I joined the group). Now obviously I can't tell if some of those are made by bots, CI systems or whatever, I honestly just liked seeing the number increasing.

2) Bot accounts on github are a given, and they get vbanned by hundreds every day, there's really no telling what they're doing. E.g. right now I checked one of the trending repos on github and behold, already there are bot accounts following it, e.g. https://github.com/larryheathcote. Github has so many strict rules about banning them that there is really no point in trying to inflate anything this way. I suspect as soon as you get on to the trending page you get a whoole bunch of them following you, and then they get banned and your numbers get back to normal and you never notice it. 

The only reason Andrew caught and screenshoted them was me tweeting about randlomly getting a lot of github stars on the same day ( I hope you agree this is not a smart thing to do if I wanted to have bots and keep it secret: https://twitter.com/dracony_gimp/status/727790568420585472 )

3) The whole fake accounts on reddit thing is a separate story, check the thread I guess. Basically 2 people got their account suspended and I got my silenced for 3 days (all because Andrew posted in on the mod subreddit). And even then they got suspended for "vote manipulation", bit for being socpuppets. Usually when I post smth on reddit I ask people in the Pixie chat to upvote it. I gurss this counted as vote manipulation (although 2 votes is literally nothing). Btw I kind f gace up posting stuff on reddit about pixie since then.

Ressurecting the sexist logo thing is really scraping the bottom of the barrel tbh.

The bottomline is I'm really surprised at all the pitchforks, really. Even before I joined FIG I was posting here frequently and actually consider myself a quite active member. But nobody seems to appreciate any of it, just because there's some graph spiking at 2 am =(

[Michael Cullum]

Hi Pedro,

Thanks for posting this topic. Andrew came to the secretaries a couple of days ago with details of his study and we had been looking into it since then to then bring the issue to the attention of the FIG membership for you to decide if any course of action should be taken.

To clarify the position of the bylaws on any expulsion of member projects, this the membership bylaw states the following:

• If, in the judgement of PHP-FIG, a Voting Representative is acting inappropriately and to the detriment of PHP-FIG's ability to meet its objectives, a vote may be taken to request a replacement Voting Representative in accordance with the Voting Protocol bylaw or to expel the Member Project where replacing a Voting Representative is not possible. 
• ...
  
• A Member Project may also be expelled if their Voting Representative is subject to a replacement request from PHP-FIG but a suitable replacement is not available.
  
• The expulsion of a Member Project requires a vote in accordance with the Voting Protocol bylaw.

And as pointed out by the OP, any such vote would need to be instigated by a voting member however it would be highly recommended to have a discussion period beforehand, although this is not required by the bylaws. If a voting member wishes to start this vote, we'd kindly request they consult the secretaries first, although this is of course not necessary, so we can ensure that it's carried out fairly and without bias.

We would also add that project activity and popularity are not a set criteria for FIG membership (although the unwritten rule appears to be that projects should have known deployments, worked on by more than one person and not be aspirational), each member may vote as they wish and are not bound by any rules on who to admit. What is being discussed here is not necessarily whether or not PHPixie is popular enough to be a FIG member, but whether Dracony/PHPixie misled the FIG before his membership vote and whether he has acted detrimentally to the FIG's objectives, has brought the FIG into disrepute or if he has acted inappropriately.

Finally, this discussion is obviously going to be quite personal for some involved but as a gentle reminder, could we try and keep a sense of decorum and civility to discuss the facts. The wider PHP community and the communities of the member projects you represent don't want to see the FIG squabbling like children. If this discussion does descend into personal insults, name calling and flaming (as has happened regarding this particular matter on other mediums) then we will lock the discussion topic and have to just immediately trigger a vote, which isn't fair on those involved and want to explain their viewpoints or defend themselves.

Many thanks,

The Secretaries

[Dracony]

Btw, after I posted the above post, another spammy acount starred the same repo: https://github.com/ajhendrix25

So I hope you see my point =\

On Monday, May 9, 2016 at 7:36:43 PM UTC+2, pedrofr...@gmail.com wrote:

[Andrew Carter]

Corrections/adjustments time.

Regarding (1), Dracony is correct that nobody can prove that it was him that did it. However, what can be known (as a fact) is that CI systems were not responsible and that this was the result of intentionally fraudulent behaviour by someone.

Regarding (2), the 40 or so accounts were all liking only PHPixie's active components. I reported this to the secretaries at the time and they will be able to confirm this. Here are the archives:
- http://web.archive.org/web/20160505151735/https://github.com/PHPixie/Project/stargazers
- http://web.archive.org/web/20160505151948/https://github.com/khalilschimmel

Regarding (3), I reported one account to the reddit admins and the next morning two other accounts that I suspected (but didn't report) were also banned. The ban was not issued by reddit moderators (they can't do that) but site level reddit administrators after an investigation. They also weren't banned for the sock-puppet action (where he was talking to himself but pretending to be different users of his framework), they were banned for vote manipulation.

Interpret all of that as you wish.

[Korvin Szanto]

Hi All,

In my humble opinion, this is a (arguably justified) witch hunt. In the same way it was ridiculous for people to bring up the going-ons in the php mailing list here, I think it's equally frivolous to try to bring up actions elsewhere unrelated to the PHP-FIG to get a current member expelled. While Roman may be controversial, he is rather active compared to the majority of current FIG members who have better stats and he seems to care deeply about the FIG and about writing quality code.

That is not to say that these issues aren't very bad, using bots or fake accounts to manipulate community feedback has no place in an ethical project lead by people who care about community. Roman, I hope that you think hard about these things you claim to not have done and think hard about what this kind of manipulation does to the ecosystem as a whole. 

I personally plan to continue my boycott of phpixie components, but I just don't think that this issue is something we should deal with by expelling the project. Especially when that project is active in the mailing list. We should certainly screen for this kind of behavior when we are accepting new members, but I'm not sure that I agree that this is a good reason to expel a project.

Just my 2c, thank you for bringing up the issue and thanks to Andrew Carter for doing the research. I know that with this information we as a group come to a conclusion that is right for us, at this time I just feel like this is an unneeded distraction from more pressing issues.

Best wishes,

Korvin

--
You received this message because you are subscribed to the Google Groups "PHP Framework Interoperability Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to php-fig+u...@googlegroups.com.
To post to this group, send email to php...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/6c53d8b1-c3e4-412a-8bdb-3c4d1bf47079%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Dracony]

The account I just linked to (https://github.com/larryheathcote) is also following only one trending repo. I suspect the repo itself is irrelevant, they just follow whatever is trending at the moment, because it's easier to randomize then and seem more legit. If you didnt see my tweet these account would disappear without notice and nobody would know. 

[pedrofr...@gmail.com]

Hey, Michael. Thanks for taking the time to reply.

Just as a brief addition (I know folks here don't like many replies from the same person), I'd like to note that the policy you sent me refers merely to member expulsion, not to the voiding of a fraudulent act. Many laws (and common sense in general) just void (without the need for following a rescision protocol) acts that were conceived through fradulent/erroneous means.

Also, Draconys says he only had a little over a hundred installs per day at the time of his admission. This is not entirely true. This is his exact phrase, in his application: "PHPixie userbase has grown significantly, especially in the Eastern Europe, it scored high(#6) on Sitepoint's framework survey, and since the new release has been getting ~500 daily installs, althout it has not even been tagged stable yet.".

Andrew's study shows that even today, he gets (through non-fraudulent means) about 5 installs a day, which wouldn't make PHPixie not nearly as relevant as it needed to be to get approved here.

Dracony's defense is pretty straightforward and its rebuttal should be obvious. Also, even in the unlikely event of him not being the perpetrator of these unethical practices, he was directly benefited from them and his admission here should be voided anyway, for the act was would have been as misconcepted, even in good faith. 

Even though I'm not a voting member, I figured I'd post this here and bring the issue to everyone's attention.

[Jeremy Lindblom]

UNSUBSCRIBE

--
Jeremy Lindblom (@jeremeamia)
Software/Platform Engineer at Engrade (part of McGraw-Hill Education)

Co-organizer of the Arizona PHP User Group (@azphp)

Co-founder of the Pacific Northwest PHP Conference (@PNWPHP)

--

You received this message because you are subscribed to the Google Groups "PHP Framework Interoperability Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to php-fig+u...@googlegroups.com.
To post to this group, send email to php...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/a506e29e-3838-4719-aef1-a5ace1d0c390%40googlegroups.com.

[Kayla Daniels]

Pedro,

Thanks for opening this thread here.

I feel this incident is bringing the FIG into disrepute which I feel definitely hampers our ability to meet our objectives.

As a voting member I am deeply bothered by this.

I'm open to discussion about the topic and this thread serves well for that but I would like to see a vote regarding it in the very near future. I'm more than happy to be the person that calls for said vote.

Kayla

[Dracony]

The thing is, if you just wrote the facts as they were, the response wouldn't be so dramatic. Asking in my chatroom for people to upvote my posts may count as an amazing 2 vote "vote manipulation" but you always refer to it as sockpuppeting. When you linked to Github accounts you never mentioned that you found them by me tweeting about it (which is not very sneaky, especially with obviously fake accounts with no avatars), not that they were deleted so soon that they wouldnt get noticed otherwise. When speaking about packagist you never mentioned that the spike only began recently and implied there was some botting involved when I was voted into FIG (and I had only a 100 installs per day then).

In fact I believe if you would scrutinize other projects with such diligence you'd get others accused too. Accounts get suspended on reddit for voting etc. on regular basis, but nobody notices that until somebody likes you turns it into a separate topic and spices up the narative.

[Dracony]

As for the whole Eastern European thing, here are PHPixie articles on the site similar to Techcrunch in Russia: https://habrahabr.ru/search/?q=phpixie

Note the amount of views and stars under each post. Also unlike sites like reddit to vote their you actually have to get by invite, so no vote manipulation is possible.

[Korvin Szanto]

On Mon, May 9, 2016 at 11:53 AM Dracony <draco...@gmail.com> wrote:

The thing is, if you just wrote the facts as they were, the response wouldn't be so dramatic. Asking in my chatroom for people to upvote my posts may count as an amazing 2 vote "vote manipulation" but you always refer to it as sockpuppeting. When you linked to Github accounts you never mentioned that you found them by me tweeting about it (which is not very sneaky, especially with obviously fake accounts with no avatars), not that they were deleted so soon that they wouldnt get noticed otherwise. When speaking about packagist you never mentioned that the spike only began recently and implied there was some botting involved when I was voted into FIG (and I had only a 100 installs per day then).

In fact I believe if you would scrutinize other projects with such diligence you'd get others accused too. Accounts get suspended on reddit for voting etc. on regular basis, but nobody notices that until somebody likes you turns it into a separate topic and spices up the narative.

I reject the idea that this is somehow normal. Asking for upvotes on reddit is and always has been listed as something that is against the rules https://www.reddit.com/help/contentpolicy I personally make sure to read the rules before I post in a community.

I challenge you to find this kind of fraudulent activity with other projects, I guarantee you will not find concrete5 purchasing downloads or asking for upvotes because we believe that our community voice can speak for itself. Censorship or manipulation has no place in a open source project and the idea that this is somehow commonplace is laughable.

I'm glad to come to your defense on the idea that this is not a strong enough offense to expel you, but I am absolutely not okay with the suggestion that manipulating statistics is somehow normal and okay.

Thanks,

Korvin

--

You received this message because you are subscribed to the Google Groups "PHP Framework Interoperability Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to php-fig+u...@googlegroups.com.
To post to this group, send email to php...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/26532132-4c6c-46e3-b6bf-74e1f12e4bc3%40googlegroups.com.

[Dracony]

Ok, where does the "purchasing downloads" come from, Korvin? I don't find anything unethical about posting into a pixie chat: "I wrote a new blog post, can you upvote it on reddit plz?", because I'm already talking to people that like my project who would upvotw it themselves if they saw it online. All I'm doing is brining to their attention that I posted it, really. 

This is very different to buying upvotes from an external service ot something. And can I stress that the amount of votes we're talking about here is 2(two) which is literally nothing, so please, can we remove it as a discussion point entirely? The most random things posted on /r/php get more than that

[Korvin Szanto]

"Purchasing downloads" comes from the evidence posted in this thread. Reddit's algorithm is notoriously tuned to prefer posts that get a few upvotes really soon after posting over posts that gradually get upvotes over time. This is shown by /u/unidan who was a great content contributor to reddit, but he used the method you seem to have no issues with to manipulate his own posts ranking in the otherwise fair ranking system reddit uses. For that, he was permanently banned and is now used as an example for why "Just manipulating a couple of votes" is more harmful than you seem to want to portray it.

As you continue to try to justify this, I'm leaning more toward a +1 vote for expulsion, if I were you I'd figure out exactly what I did wrong and I'd do some deep introspection and apologize. 

Best wishes,

Korvin

To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/7df52a61-e6db-4cb0-bf7b-dfba72a7c48b%40googlegroups.com.

[Korvin Szanto]

Forgot the source for my /u/unidan stuff: https://en.wikipedia.org/wiki/Unidan

[Roman Tsjupa]

What evidence? At most you can say that maybe somebody somewhere is running bots that spike at 2 am, who knows if it's only done for Pixie actually or why its happening. When you say "purchasing" you explicitly link it to be my doing or me having any influence over it. That''s just to many assumtions for one thing. I mean, what if this happened to your project? 

You received this message because you are subscribed to a topic in the Google Groups "PHP Framework Interoperability Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/php-fig/cjLBp2weYaA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to php-fig+u...@googlegroups.com.

To post to this group, send email to php...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/CANeXGWX%3D5%3DXdmWpJMdsws-uc%2B5_vjLUSxNmKvoO2v1JgZHJ8Kg%40mail.gmail.com.

[Korvin Szanto]

Roman,

If this happened to my projects and someone pointed it out, I'd immediately post publicly denouncing the use of that kind of manipulation and I'd do everything in my power to stop it. I would NOT go on public forums and try to justify it or play it off as no big deal.

Anyway I've said waaaay more than my peace in here, I'm not going to be responding to this thread anymore unless needed.

Thanks,

Korvin

To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/CANamvv2QsS8neYO-CfsuF7Qy1sJ5J%2BvwTw_PkzmgKcHqdNPjgA%40mail.gmail.com.

[Dracony]

Unidan's tale has really nothing to dow with me, remeber that only 2(two) users had been suspended for upvoting my posts, this is not close to Unidan scale. Nobody would ever talk about it if it wasn't for the withchunt post. Please stop this 2 people thing.

To unsubscribe from this group and stop receiving emails from it, send an email to php-fig+unsubscribe@googlegroups.com.

To post to this group, send email to php...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/7df52a61-e6db-4cb0-bf7b-dfba72a7c48b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to a topic in the Google Groups "PHP Framework Interoperability Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/php-fig/cjLBp2weYaA/unsubscribe.

To unsubscribe from this group and all its topics, send an email to php-fig+unsubscribe@googlegroups.com.

To post to this group, send email to php...@googlegroups.com.

[Dracony]

@Korvin I did exactly what you sai you would:

"I'd immediately post publicly denouncing the use of that kind of manipulation" - posted on same thread, but you wont see that comment since it got over -20 downvotes

"I'd do everything in my power to stop it" - well, I did, although everything in my power = nothing, since what can I do?

"I would NOT go on public forums and try to justify it or play it off as no big deal." - literally not what I did. I was just really frustrated that instead of telling me on twitter, or even posting a graph on reddit, Andrew built an entire polarized article about it and immediately started advocating me getting banned from FIG.

[Pedro Cordeiro]

Roman, you had motive. You had already been denied participation in this group due to lack of popularity.

Also, I think this discussion is getting sidetracked. It doesn't really matter if you did it or not. If you did it, your admission was approved over fraudulent data. If you did NOT, your admission was approved over wrong data anyway. PHPixie doesn't have the popularity it claims to have, nor did it have said popularity (500 daily installs) at the time of your approval. The admission should be VOIDED even if you're just the victim you claim to be.

What you call a witchhunt is actually just the community responding to the (very) unethical things that PHPixie benefited from (I'll refrain to say that YOU did it specifically, even though I personally believe you did, because you're the only maintainer and the only one to benefit directly from all of this).

I too won't post here anymore. I think everything that had to be said was already said. Even if the other members don't feel like this is enough reason to void PHPixie's admission (or to expel PHPixie - please notice the semantic difference), I think I did my part in raising the debate.

Thank you for everyone's time and I'm sorry to bring non-technical-related drama to everyone's lives. I just felt like this could matter at some level for some people. After all, PHP-FIG doesn't have a strict acceptance policy for no reason.

Kayla, I'm glad you're willing to conduct the vote. I'll be following it closely.

- Pedro.

To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/7df52a61-e6db-4cb0-bf7b-dfba72a7c48b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to a topic in the Google Groups "PHP Framework Interoperability Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/php-fig/cjLBp2weYaA/unsubscribe.

To unsubscribe from this group and all its topics, send an email to php-fig+u...@googlegroups.com.

To post to this group, send email to php...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/CANeXGWX%3D5%3DXdmWpJMdsws-uc%2B5_vjLUSxNmKvoO2v1JgZHJ8Kg%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to a topic in the Google Groups "PHP Framework Interoperability Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/php-fig/cjLBp2weYaA/unsubscribe.

To unsubscribe from this group and all its topics, send an email to php-fig+u...@googlegroups.com.

To post to this group, send email to php...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/c315128e-573f-4aa7-ba13-63ee6e94b0f5%40googlegroups.com.

[Dracony]

Again, my admission happened way before this spike occured. Check the current 400 stars I have on github and see if you can spot any bots, I actually dare you. Also check the links to the Russian tech site I linked above you'll notice I get huge amounts of traffic from there, e.g. my Pixie 3 tutorial (https://habrahabr.ru/post/263551/) got over 16k views and 115 bokmarks, and that's just one of them.

[Pedro Cordeiro]

Roman, now you are just blatantly lying. That stat about ~500 daily installs was what YOU said in your application to FIG. Thankfully, there is an archive and people can see for themselves: http://i.imgur.com/SjE7aLk.png.

PHPixie has never had 500 daily legitimate installs. Today, it only has ~5 daily installs, that could be attributed to manual (or automatic) tests. There is not a single popular project out there done using PHPixie. 

By all metrics, it looks like you're the only PHPixie user, besides being the only PHPixie active developer. There is no point in having PHPixie as a member of FIG, and there are many reasons why PHPixie should not be a member of FIG - PHPixie is suspicious at best, straight fradulent at worst.

Sorry for repeating myself. Justed wanted to point out more inconsistencies.

- Pedro.

To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/784a0e44-add5-4990-bed3-b388b79987ff%40googlegroups.com.

[Kinn Julião]

Hey guys... there's always a good side for a "story" like this...
Now my faith in humanity has been restored since "only bots" are using pixie... no offences people, it's only Monday.

To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/784a0e44-add5-4990-bed3-b388b79987ff%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

--

Kinn Coelho Julião

Toronto - ON/Canada

[Dracony]

Pedro, just so you know packagist doesn't update graphs in real time, check out yesterday to see the installs today. When I said about 500 installs I said I also counted downloads from the 'download as zip' functionality of the old site, which was used way more often than the create-project method. The rest of your argument is just plain stupid, just search github (https://github.com/search?q=phpixie&type=Code&utf8=%E2%9C%93) to see the usage, also join our chat if you like. Also as I already said I challenge you to find bots among my 400 github stars

[Larry Garfield]

Technically, the current bylaws have no prerequisites for project membership. "People are using it in production" is an informal expectation that many current members have expressed they take into account, myself included. The FIG 3 proposal includes formalizing that requirement but it is in the current bylaws. (Icicle also doesn't technically pass that bar either, and everyone knew that when they voted on it.)

Fraudulent behavior, if true, is problematic regardless of the number of installs a project has or doesn't have. I make no statement on that point at this time.

--Larry Garfield

To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/CAOkYe%2B9BrLU%3DenQ%2BaXT-13C7Nb-TCdCo2jCeNj7GuAt77pSpJQ%40mail.gmail.com.

[Joe Ferguson]

Hello everyone,

To allow members to catch up to the flurry of emails, I would respectfully ask that people keep responses brief and avoid repeating already made points. There is an established unofficial convention to try and self rate limit on this mailing list to a couple of responses per person per day maximum to keep the mailing list digestible and I'd ask people try and and keep to that.

As previously mentioned, lets keep things civil as things are starting to head towards waters in which we do not wish to tread.

-- 
- Joe Ferguson
JoeFerguson.me
MemphisPHP.org

To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/444bb0ba-692b-4d0c-a3cc-5817376ea4ec%40email.android.com.

[Timon Lukas]

Just out of interest: How can you be so incredibly sure that there is not a single bot among your stargazers? It does sound a little suspicious if you already had that happen, but are not sure that no part of your userbase is a bot.

[Andrew Carter]

To add to the catalogue of fraud that I've managed to associate with PHPixie, somebody recently linked me to the results of the SitePoint frameworks survey.

The published survey is here: http://www.sitepoint.com/best-php-framework-2015-sitepoint-survey-results/
The repository for this is here: https://github.com/sitepoint-editors/php-fw-survey-2015
The raw data for this can be found here: https://raw.githubusercontent.com/sitepoint-editors/php-fw-survey-2015/master/dump/survey.csv

The survey asks users what there favourite frameworks are for personal and work use (etc).

It also asks how many years of programming and PHP experience they have. An obvious metric of error is any user that claims to have more PHP experience than programming experience (impossible).

Using a quick script (https://gist.github.com/AndrewCarterUK/b4245f5e8adc5c0148d1f4cad8b41680), I obtained the following data:

Looking at non PHPixie users, 2.3% of responses claim to have more PHP experience than programming experience [170 / (7735 - 423)].

Looking at PHPixie users, 60% of responses claim to have more PHP experience than programming experience [251 / 423].

Opening the data in Excel and filtering for PHPixie mentions shows that these fields are pretty much just the result of a rand(1, 6) call.

The trail of fraud and deception that can be associated with this project never fails to surprise me.

[Dracony]

Well, because none of them seem like the kin of generic no-avatar star-only-few-repos registered-yesterday accounts you see in Andrews screenshots. Actually even the spammy account I linked in my first reply here already got banned (in less than 4 hours), and here I also found this one: https://github.com/users/makaylagoodwin, will probably get banned soon too.

[Dracony]

Andrew, now, seriously claiming to be able to recognize the rand(1,6) call in the field where users specify the years of experience they have with PHP is now really like really scraping the bottom of the barrel. It's normal to have a lot of users in the 1-6 years range, it's not like PHP has been around for 100 years or anything. You are now basing your claims on what ammounts to your interpretation of empirical data, and that is the very definition of subjective.

[Kinn Julião]

Hey bro, stop creating users and removing it.
As Joe mentioned, this is getting out of control... Not only that, but imagine what kind of impressions people may have about you just following this thread...

To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/d969f57e-2596-4727-be05-78723ee48c77%40googlegroups.com.

[Andrew Carter]

Please read again. The claim is based upon the fact that it's impossible for someone to have more PHP experience than programming experience.

$yearsProgramming >= $yearsPhpProgramming

When this isn't true, the user has misunderstood the question.

Now 60% of the responses mentioning PHPixie made that error.

The error rate for the other responses was a far more reasonable 2%.

Would you agree that this is sufficient evidence that most of the PHPixie responses to that survey were fraudulent?

[Dracony]

People not caring about the rest of the form? Translating the form with google translate and making mistakes. Idk, what kind of explanation do you expect?

There's a lot of weird statistics with that data, for example Laravel scored 60% more than symfony did, and yet if you compare packagist graphs at the time it was downloaded 3 times less often than Symfony.

And yet I don't see you making any claims about Laravel or Nette frauding those statistics or anything. And please don't consider this an accusation or a jab on other frameworks, I'm just showing that sometimes the results you get from a poll are not exactly intuitive

To view this discussion on the web visit <a href="https://groups.google.com/d/msgid/php-fig/784a0e44-add5-4990-bed3-b388b79987ff%40googlegroups.com?utm_medium=email&utm_source=footer" rel="nofollow" target="_blank" onmousedown="this.href='https://groups.google.com/d/msgid/php-fig/784a0e44-add5-4990-bed3-b388b79987ff%40googlegroups.com?utm_medium\x3demail\x26utm_source\x3dfooter';return true;" onclick="this.href='https://groups.google.com/d/msgid/php-fig/784a0e44-add5-4990-bed3-b388b799

[Joe Ferguson]

Since people seemed to have missed my email: https://groups.google.com/d/msg/php-fig/cjLBp2weYaA/MU2P4a6cDQAJ

I’m going to lock this thread until morning (CDT). This will allow members to catch up on the 33+ emails they have in their inbox.

During this time, I’d implore the repeat participants of this thread to read this post by Larry from 2013: https://groups.google.com/forum/#!searchin/php-fig/agreement$20limit/php-fig/fhoYjwufhwE/cCtkmhilmkEJ

-- 
- Joe Ferguson
JoeFerguson.me
MemphisPHP.org

To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/46421048-25cc-472b-af90-f0538b4515c8%40googlegroups.com.

[Joe Ferguson]

Good Morning/Afternoon,

I have unlocked the thread. Please remain civil, and please be respectful of those who are trying to keep up by not rapid firing multiple responses. I understand this can be difficult between parties in this scenario.

-- 
- Joe Ferguson
JoeFerguson.me
MemphisPHP.org

[Paul Jones]

All,

I have conflicting thoughts about this.

* * *

- Andrew's detective work and analysis is impressive in-and-of itself.

- The analysis does appear to reveal automated/manipulated/designed/generated behavior, rather than natural phenomena.

- The behavior could certainly be classified as "purposely misleading", perhaps even "fraudulent".

- As to the source of the behavior, proof is relatively difficult to come by without deeper investigation.

- In the mean time, and in the absence of other similar behaviors from other actors, I think "who benefits?" is a reasonable heuristic, and in this case, I think it is Dracony benefits; thus, he is a reasonable initial suspect.

- Even so, it is behavior that occurs outside this group, and does not affect this group directly. (It is possible for one to behave "poorly" in one arena and behave "well" in another. Has his behavior within the group been poor?)

- The thought of banning someone for "bad behavior outside the group" gives me pause, as "bad behavior" is ill-defined. I think some people in this group behave badly outside the group, and I know that many think the same of me, but I don't think those behaviors are cause for banishment.

- I think the argument that PHPixie's download numbers were a major deciding factor in gaining entrance to the group is incorrect. I'll go so far as to say that nobody here actually qualifies applicants by quantifiable measures; they qualify applicants by how much they like the applicant. So "purposely misleading download numbers on a fraudulent application" are not a valid reason for banishment.

- If we discover fraudulent behavior *within the group*, e.g. by faking emails in discussion of topics to make it look like one opinion is more popular than another, then I think we would have a real cause for expulsion.

- What I'm left with is: "How exactly does this behavior affect the group?"

- If the answer is a generic "It makes us look bad!" that's not quite enough; any behavior anyone disagrees with anywhere will "make us look bad" to some group.

- If the answer is "We don't like to look like we ignore purposely misleading manipulation of common objective measures of project statistics", I think that's a much stronger appeal. These kinds of statistics are the closest thing to a currency or scoreboard we have in this world, aside from unquantifiable "reputation."

- I'm not a fan of banning anyone, even temporarily, for out-of-group behavior. But this may straddle the line between out-of-group and in- (or of-) the-group sufficiently to warrant attention.

* * *

I admit to indecision on this topic, certainly until Dracony behaves badly within the group (if ever); as far as I recall, he has not done so, and in fact has had productive dealings here.


--

Paul M. Jones
http://paul-m-jones.com

[Phil Sturgeon]

Now is a great time to remind people about the self-throttling rule in this group. Say your peace, let others say theirs.

My piece: I find is absolutely mind-boggling that Paul is defending "bad behaviour outside of the group" and acting like it doesn't matter in this instance, but was dragging up a bad-joke/mean comment at a bar after a conference not so long ago to try and kick a FIG Secretary out. Make your mind up Paul.

Now, whilst that FIG Secretary drama was certainly not at all valid in any way, this situation is definitely a concern. The FIG has bounced legitimate and sizable PHP projects on a regular basis due to a failure to meet some basic metrics. Didn't Laravel fail on first pass? PHPSpec too? Hell, we've had some real big projects fail to meet these metrics. 

Then we find out that the vast majority of PHPixie numbers are faked, and we see that this is a known pattern, with similar stories happening on Reddit and GitHub. Now, these is either some huge poorly run conspiracy by a well-meaning friend of Dracony, to inflate the apparent success of a project that nobody in the real world is actually using, or it's fraud by Dracony himself. After previous conversations with this chap I definitely know which way my suspicions lean.

Mikey C pasted in a great bylaw here:

• If, in the judgement of PHP-FIG, a Voting Representative is acting inappropriately and to the detriment of PHP-FIG's ability to meet its objectives, a vote may be taken to request a replacement Voting Representative in accordance with the Voting Protocol bylaw or to expel the Member Project where replacing a Voting Representative is not possible. 

PHPixie is making the FIG look like an absolute joke, and a vote should be held for the removal of this project. That's really all there is to say on the matter.

[Paul Jones]

> On May 10, 2016, at 10:20, Phil Sturgeon <pjstu...@gmail.com> wrote ...

... in his usual fashion. You know how I like consistency, Phil; thank you for always being a drama queen.

Besides, I thought you left? (/me shrugs)

[Glenn Eggleton]

Hi Phil,

I don't think it is just PHPixie that is making the FIG look like an absolute joke. See the above comment. I wouldn't classify that as classy and/or professional at all.

[Ciaran McNulty]

On Tuesday, 10 May 2016 16:20:49 UTC+1, Phil Sturgeon wrote: 

. Didn't Laravel fail on first pass? PHPSpec too? Hell, we've had some real big projects fail to meet these metrics. 

As a point of order, PhpSpec failed due to the apathy/disinterest of the voting members rather than failing on any install metrics.

-C

 

[Stelian Mocanita]

For reasons I can not explain even to myself, I read this entire thread and wanted to share my 2c.

Whatever the case might be with the statistics for PHPixie (Dracony did it, a friend did it, an enemy did it, etc), the fact of the matter remains that his name is associated with this organization. The correct and honorable thing to do Dracony, is to remove yourself from this organization to not taint its name. Later on you could safely reapply and get the vote of confidence of your peers and colleagues proving that you are in this group for your worth and not for some boosted statistics.

Cheers,

Stelian

[Marc Towler]

Hey all,

I am a long time lurker of the FIG threads and whilst it might not matter at all I thought I would bring my thoughts into this in the perspective of an outsider looking in.

Dracony's time here has been a bit of a roller-coaster. It started off quite rough for him when he applied to bring his project in as a voting member and a lot of issues were aired and now some more issues have come to light. Whilst some of it cannot be proven to be directly tied to his actions, there was only one who benefited from the end results.

If he is found to have been responsible for all the issues raised then that is easily enough to have him removed and whilst I was never a fan of him in the beginning, he has shown in my opinion to be of use to the project overall.

I don't feel that FIG will benefit from being associated with the issues so removal of PHPixie would be good until it can be proven Dracony was not involved in the issues but I feel that FIG would lose an interested and somewhat useful member in the long run

--

You received this message because you are subscribed to the Google Groups "PHP Framework Interoperability Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to php-fig+u...@googlegroups.com.
To post to this group, send email to php...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/e3db0323-f70e-458a-b571-84c49b9f4abb%40googlegroups.com.

[Robert Hafner]

This conversation makes FIG look far worse than having Dracony as a member does.

FIG should be focused on building Framework Interoperability. That is it’s purpose, and that’s what it should be judged by. If some people want to view the PHP Interfaces we make in a negative light because someone did something sketchy, even though that sketchy item was outside the group and has zero effect on the PHP Interfaces that are being released, then those people are not the kind of people I would expect to do well as developers in the long run.

Our criteria for membership should be simple- do they contribute or detract from the group’s mission? If a member of the group truly thinks he’s going to make it significantly harder to accomplish our mission then they should take responsibility for asking for a vote.

Personally I think the sexist logo episode was worse than this, and frankly the “proof” being provided wouldn’t stand up in any court of law, so I think we should keep this outside drama where it belongs- outside. Lets focus on that whole interop thing.

Rob

[Jeroen De Dauw]

Hey,

A big +1 to what Robert said. Let's not be the PHP Drama Group or the PHP Court of Social Justice.

Cheers

--
Jeroen De Dauw | https://entropywins.wtf | https://keybase.io/jeroendedauw

Software craftsmanship advocate | Developer at Wikimedia Germany

~=[,,_,,]:3

[Андрей Виноградов]

Good day everyone,

I never thought I would post to this group, especially on a topic like this. The thing is that it’s my actions that are the reason for the recent events. Long story short:

I work in a small webdev agency (4 developers) with rather bad management. Some time ago we got a new contract for our next project that is to start in summer. We mostly work with Wordpress and my coworkers have very light framework experience. I used PHPixie on my previous job and convinced them we’d use it in this new project, since I’ll be doing all the heavy lifting anyway.

The only problem is our management, they found some random framework comparison site and deemed PHPixie was not enterprise grade. It has to be said that one our manager used to be a Wordpress developer, and thinks himself a “software architect”, although I doubt he ever heard of SOLID and the like. Every library we use for PHP and JS has to go through him, and he usually directs us to the stuff he used 5 years ago, which is terribly outdated. We still build interfaces with jQuery for that reason. Sometimes we want to use a simple JS plugin for highlighting and it gets rejected based on the npm download count. Ironically we also don’t use npm.

So we decided to increase the download count on packagist with a bunch of proxies running on a cron. The only limitation packagist has is throttling downloads per IP per day, so with proxies it’s easy. The idea was to present the download count and github stars as proof of stability just in case we can’t push it otherwise. None of us suspected it would amount to this though. Especially since we sometimes also bump the npm download count (although on a smaller scale) and it has never backlashed.

I don’t use reddit so I missed when the whole thing began and then I thought it would die down in a day. I have never heard of Andrew and when we made the script we didn’t suspect there would be somebody monitoring PHPixie with such scrutiny and intent. I am still really surprised at how aggressive his narrative is actually. I definitely didn’t expect an expulsion post.

As a closing thought, considering how easy these numbers are to fake I’d rather they weren’t displayed at all. Sort projects by popularity sure, but showing these numbers sometimes hurts the projects since how hard it is to convince somebody to use them because of lack of enterprise quality. And I think it only encourages this kind of behavior in the long run.

I would also like to apologize to Dracony for putting him through this, and not coming out earlier. I really did not expect this. And sorry to everyone here for having wasted your time on this.

Andrej Vynogradov

[Andrew Carter]

Hello "Andrej Vynogradov",

I don’t use reddit so I missed when the whole thing began and then I thought it would die down in a day.

Can I ask when it was that (1) you became aware that the fraud had been exposed and (2) you became aware of this thread in the FIG?

I'm just wondering why it took you so long to appear.

Regards,

Andrew

[Андрей Виноградов]

I have friends who more closely follow the PHP things, they saw a link to it on HackerNews. Like I said, I thought it would just die down, and this won't be necessary.
After seeing your replies on reddit and here I suspected you'd say something like this, but please stop these attacks. These emails are embarassing for me to write as they are, even without your sarcasm.

Wednesday, May 11, 2016 11:17 AM +02:00 from Andrew Carter <andrewca...@gmail.com>:

Удачи,
Андрей Виноградов
ball...@mail.ru

[Andrew Carter]

Hello Андрей,

I'm just trying to verify your claim.

If it turns out that this is all part of Roman's elaborate fraud - then clearly he is bringing deception and scandalous behaviour to the FIG - which is obviously not acceptable.

The primary reason that I don't believe your claim is that you said:

I don’t use reddit so I missed when the whole thing began and then I thought it would die down in a day.

Whoever controls the fraud scripts definitely didn't "miss when the whole thing began" because they triggered the scripts within a couple of hours of the article being published and posted to reddit, as the image linked below shows:

https://res.cloudinary.com/andrewcarteruk/image/upload/v1462959743/phpixie-post-publish_pw9unw.png

It seems like the actual fraudster was almost immediately aware of the exposure and then attempted to smooth out the download pattern slightly to make it look more genuine.

Regards,

Andrew

[Андрей Виноградов]

Well, like I said, I'm not the only one having access to these. Maybe one of the other devs seen it and decided to stop the cron, but fired it again instead, and then didn't admit to it.
Although I would not be surprised if somebody after reading your post wrote a similar one (it's like 15 lines of code) to further bump the discussion just for fun.


Удачи,
Андрей Виноградов
ball...@mail.ru

[Roman Tsjupa]

Hi Andrej, I really appreciate you coming out here, especially considering you coukd have just kept quiet without getting exposed. Although it saddens me a bit that the recent spike in downloads was not a result of my efforts.

Also I would like to remind Andrew about post throttling. Your investigations are crossing the personal attack boundary quite frequently, but please dont extend them to other people too. And please dont cause this thread to lock again.

--
You received this message because you are subscribed to a topic in the Google Groups "PHP Framework Interoperability Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/php-fig/cjLBp2weYaA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to php-fig+u...@googlegroups.com.

To post to this group, send email to php...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/1462961288.316276422%40f205.i.mail.ru.

[Андрей Виноградов]

Sorry for also breaking the throttling rule, but I just want to bring this to absolute clarity.
I asked my coworkers and indeed two of them saw the post earlier (mind you I live in Krasnoyarsk so none of us was at work at the time) and decided to "fix" the problem by tweaking the script to smooth the graph out. They gave up on it, because a long-running process would look suspicious to our manager (and yes, it was running on one of our servers too). I don't have the exact timings on that of course, because they didn't take note of it obviously. They also might have adjusted the cron to run on a different hour as the result. Anyway, I'll stop today as soon as I get some free time on my hands.

You are very fat to throw out accusations, Andrew. So maybe try out some of your own medicine: can you prove that the "concerned citizens" from above, like the Pedro who started this topic aren't you sockpuppets? So far I see actual FIG members, like Paul and Jeroen display a more calm opinion on the matter. Please don't take this as an actual accusation, I'm just trying to show how easy it is to accuse people of something and then demand proving innocence.

Удачи,
Андрей Виноградов
ball...@mail.ru

[Jordi Boggiano]

I am not going to get involved in the whole debate, I don't think any of
it deserves much attention really, but I wanted to react to this.

> The only problem is our management, they found some random framework
> comparison site and deemed PHPixie was not enterprise grade. It has to
> be said that one our manager used to be a Wordpress developer, and
> thinks himself a “software architect”, although I doubt he ever heard of
> SOLID and the like. Every library we use for PHP and JS has to go
> through him, and he usually directs us to the stuff he used 5 years ago,
> which is terribly outdated. We still build interfaces with jQuery for
> that reason. Sometimes we want to use a simple JS plugin for
> highlighting and it gets rejected based on the npm download count.
> Ironically we also don’t use npm.
>
> So we decided to increase the download count on packagist with a bunch
> of proxies running on a cron. The only limitation packagist has is
> throttling downloads per IP per day, so with proxies it’s easy. The idea
> was to present the download count and github stars as proof of stability
> just in case we can’t push it otherwise. None of us suspected it would
> amount to this though. Especially since we sometimes also bump the npm
> download count (although on a smaller scale) and it has never backlashed.

I find it rather appalling that you consider this to be an acceptable
practice. If it fools your manager good on you but to be honest if a
project is barely used by anyone basing production code on it is a risk,
and you should know better.

You can mention SOLID all you want, but if you make poor technology
choices you will end up with maintenance issues down the line. Cheating
download counts won't change that, and you might even lead others to use
software they otherwise wouldn't have picked, spreading the damage you
are doing beyond your own project.

Please stop this poor practice immediately, talk to your manager about
his outdated choices, and listen to your manager when he thinks stuff
isn't ready for use. He might well know a thing or two that you don't.

--
Jordi Boggiano
@seldaek - http://seld.be

[pedrofr...@gmail.com]

Sigh. I had decided not to post here anymore, since this is already very flooded (dracony called for self-throttling, but posted here 15 times already) and doesn't really concern me directly, but since my name specifically came up, I'll leave this here: 

> So maybe try out some of your own medicine: can you prove that the "concerned citizens" from above, like the Pedro who started this topic aren't you sockpuppets?

Of course he can. I'd be glad to provide copies of official documents if the secretaries wish so, along with any other identifying information they deem necessary to prove I'm a real person. Would you be willing to do the same?

I don't really care if dracony gets expelled or not. Like I said, this doesn't really concern me directly. I just figured I'd start the discussion, because I think that if I were a member here, I'd feel personally wronged and would like to review my admission vote (since the data I used to base my vote on is obviously faked). People keep saying these are 'outside actions', but I didn't think that to be the case, since everything points to FIG being the motive (and main target) of this deception. If the actual voting members don't care, that's fine. Leave him be. I'd care, though, and I feel like other members care too. 

Needless to say, I don't buy into this whole story about a dude who wanted to use an unknown and unused framework so much, he dedicated so much effort to deceive his boss.

[Paul Jones]

Hi Andrej,

> On May 11, 2016, at 03:58, Андрей Виноградов <ball...@mail.ru> wrote:
>
> So we decided to increase the download count on packagist with a bunch of proxies running on a cron.

...

> I would also like to apologize to Dracony for putting him through this, and not coming out earlier.

Thank you for admitting to your actions here.

However, as Dracony has admitted to sock-puppeting in the past, I think in the interest of full disclosure, it is necessary for you to provide some bona-fides here to help clear Dracony's name. One or more of the following would be a reasonable start:

- The name, address, and website of the agency you work at, with you listed on the website somehow.

- Links to your Github, Twitter, Facebook, or other social media presence, with some historical activity there for comparison; these would probably need to point to your ball...@mail.ru account somehow.

- Links to where you have participated in online forums or mailing lists (besides this one of course) with some historical activity there for comparison; these too would probably need to point to your ball...@mail.ru account somehow.

- Links to a personal site where you publish your writings or code, with a domain name or IP address that can be tracked back to you personally somehow.

(For what it's worth, I googled your name and email address but found little that appears to be related to a PHP developer using PHPixie.)

You appear to be truly apologetic, and to want to help clear Dracony's name from your own actions; showing some bona-fides will go a very long way towards doing that. (Yes, I'm aware that you may shun all other forms of public internet interaction, but that's an easy claim to make if someone does not want to be discovered to be faking an identity.)

Andrej, the choice is yours. Your actions here can still lead to a good outcome for Dracony. Dracony, for your part, I encourage you to press Andrej to make the fullest possible disclosure, to defend your own position here; as Andrei claims repentance, it should not be too difficult.

If bona-fides are not forthcoming to this list, though, or if it looks like they have been constructed primarily as a result of this correspondence, it's going to look a lot like Dracony is now sock-puppeting the FIG directly. In that case, I personally will do what I can to have Dracony expelled for fraud and malfeasance.

[Taylor Otwell]

Agree, more information is needed here. I find it hard to believe that a developer was told they couldn't use PHPixie, and instead of just saying "OK" and choosing a more popular framework like Symfony, Zend, Laravel, Slim, Cake, Silex, etc. they decided to instead go through this elaborate plot of writing scripts to artificially inflate Pixie's install numbers all in order be able to this framework that apparently, according to Andrew's adjusted stats, is used by essentially nobody else in the world. I'm not saying it's impossible, I'm just saying it sounds unlikely. At this point, the crazy one isn't your manager, it's you.

Occam's Razor is a solid bet here.

[Dracony]

> as Dracony has admitted to sock-puppeting in the past

Dracony has never admitted to anything like this, this is Andrew putting words into my mouth. I admitted that there were 2 real people that hanged around the PHPixie chat that would upvote my posts whenever I mentioned I posted something. Those are the two accounts that got suspended, probably because they weren't otherwise very active. AsAndrew pointed out they hanged mostly around PHPixie threads. These people have other accounts now and still hang around /r/PHP. The important part is those are real people, and their comments were their own. This has nothing to do with sockpuppeting.

[Phil Sturgeon]

Ciaran: As Paul mentioned there are no official/internal metrics, but various voting members absolutely take levels of usage into consideration.

I was pointing out that awesome popular projects like yourself have failed to get in, but FIG let PHPixie in (in part) because of its usage metrics. 

Paul: Your response is unsurprisingly consistent too. Entirely devoid of anything constructive and an ad-hominem tossed in. :D

Secretaries: Clearly this thread (with many outsiders like myself popping into simply to say "WTF this sucks") is not going to go anywhere constructive. Lock it down and run a vote. Simple as.

[Joe Ferguson]

On May 11, 2016, at 09:21, Phil Sturgeon <pjstu...@gmail.com> wrote:

Secretaries: Clearly this thread (with many outsiders like myself popping into simply to say "WTF this sucks") is not going to go anywhere constructive. Lock it down and run a vote. Simple as.

I agree that this post has likely run it’s course. Unless it becomes a frenzy of back and forth again, I’d like to leave the topic open so we can get a response to Paul’s questions to Andrej or 24 hours with no satisfiable response before a vote is called. That’s not to say a vote won’t be called before then.

[Alessandro Pellizzari]

On 09/05/2016 18:36, pedrofr...@gmail.com wrote:

> Hello.
> I’d like to start a discussion about PHPixie’s membership in this group.

Hi,

I read nearly all of the messages in the thread, and would like to just
throw in my opinions, as a "concerned citizen".

As for the "cui prodest", well, I think Dracony has some enemies, here
and out of FIG, and I could imagine doing something like this to put him
in a bad light, and have him kicked out of FIG, would be a profit for
someone.

As for the "sexist logo", I think it has been one of the lowest point of
this ml. It's called "pixie", the logo was a pixie, as is represented
100% of the time, everywhere. My wife loved it. I think sometimes people
are too moralist and fundamentalist on some topics...

Deciding to ban someone just on accusations from someone else, on
opinions and without solid proof is a good way to make it to the podium
of "lowest points" in the ml.

If you want to accuse him, you need to find proof that all those
accounts and scripts were created by him.

It shouldn't be Dracony to prove he is innocent. It should be his
accusers' duty to do so, or shut up.

I don't know Dracony, and am sometimes of the opposite idea from his. I
don't know Andrew and don't know why he hates Dracony so much. I don't
really care about who is right or wrong on this particular topic.

What I am really worried about is the "media trial" that is being made
out of it.

Bye.

[Dracony]

I just emailed a bunch of FIG members about this, but seeing how I have further proof I might actually come out publicly on this. 

I believe Andrej is an actual sockpuppet, but not mine. 

Original email:

What got me thinking, was Andrews graph posted on Gitter: https://gitter.im/reddit-php/chat?at=5733034bf36daf63798e99b7

I find it highly improbable that after noticing the damage, they couldn't ssh to the server for so long to remove the cron. 

The account itself was created only today, the reason I know this is because mail.ru also creates profile pages like these: https://my.mail.ru/mail/ballinox/ The only activity on the account is today.

whoever did this doesn't know this about the site, otherwise would at least do something on it.

I started checking linked in profiles and found this one: https://ru.linkedin.com/in/андрей-виноградов-a95682120 same name (in Russian) and also in Krasnoyarsk, but definitely looks like a new account.

What I think is happening, is that someone is doing this to further somehow blackface me down the line. They'll send the Linkedin profile as proof, actually considering you can buy aged twitter accounts for next to nothing, I think that might come too. Then they are going to fuck up making it look like a failed attempt on my side.

It doesn't help that Andrej Vynogradov is like "John Smith" and again seems like somebody tries to seem Russian.

Idk what to do next really. At any rate I would not trust any docs the dude sends.

Further proof:

Since the Linkedin account seemed new I decided to monitor it. And it has changed indeed:

Minutes ago: http://i.imgur.com/omGTT7O.png

Now: http://i.imgur.com/ZkMpCFf.png

Also the url now redirects to: https://www.linkedin.com/in/ballinox

I believe Linkedin was chosen because  it doesn't show(afaik) the join date. But the avatar is obviously fake and turns out in Google Image search:

http://www.moto.com.ua/forumphoto/avatar_max/Green_man_R4M6M8Y9N5.jpg

I think that this is the point. The whole agenda was to add this heartwarming apology and then (since asking for proof would be obvious) provide something which looks half-decent but can be easily rebuked and thus pointing to me.

On Monday, May 9, 2016 at 7:36:43 PM UTC+2, pedrofr...@gmail.com wrote:

Hello.

I’d like to start a discussion about PHPixie’s membership in this group.

[Taylor Otwell]

That is an interesting theory, but what does the "X-Originating-IP" header on the original e-mail from Andrej (79.197.191.210 - Click "Show Original" in Google Groups) come back as a Berlin, Germany IP address, which is where you live?

[Roman Tsjupa]

That it an be spoofed? It's actually my IP. Maybe that's what the dude wants to infringe me by.

--

You received this message because you are subscribed to a topic in the Google Groups "PHP Framework Interoperability Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/php-fig/cjLBp2weYaA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to php-fig+u...@googlegroups.com.
To post to this group, send email to php...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/888ecad4-9f38-4c67-b6c6-2023b2a9e4c6%40googlegroups.com.

[Dracony]

I mean, Andrew retrieved it just like seconds ago with his "trojan email"

[Andrew Carter]

Okay, for me this is the final nail in the metaphorical coffin.

A user on reddit noticed that the earlier emails from the person claiming responsibility contained the mail headers (check here: https://groups.google.com/forum/#!original/php-fig/cjLBp2weYaA/BDwa8y8QDgAJ).

By examining these, you can see that the received from header is remaining "Received: from [79.197.191.210] (ident=mail)". This IP address traces to Berlin, Germany - where Dracony currently resides, even though the culprit claimed to live in Krasnoyarsk.

Anyway, in response to Dracony's private email I replied with this, and copied in Paul as a witness.

Roman,

Those posts were obviously fake (to everybody), and it's highly suspicious that it took you this long to find it out - if indeed it wasn't you.

I've collected a load of data on PHPixie ( http://[omitted]/phpixie-stats.php ) that quite clearly implicates you.

I honestly think the sooner that you own up to this the better.

 That link was to a script on a VPS of mine that literally had one line: file_put_contents(uniqid() . '.txt', var_export($_SERVER, true));

The result:

array (
  'HTTP_HOST' => '[omitted]',
  'HTTP_X_REAL_IP' => '79.197.191.210',
  'HTTP_X_FORWARDED_FOR' => '79.197.191.210',
  'HTTP_CONNECTION' => 'close',
  'HTTP_ACCEPT' => 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
  'HTTP_UPGRADE_INSECURE_REQUESTS' => '1',
  'HTTP_USER_AGENT' => 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36 FirePHP/4Chrome',
  'HTTP_X_CLIENT_DATA' => 'CIW2yQEIorbJAQjBtskBCP2VygEI0ZjKAQ==',
  'HTTP_ACCEPT_ENCODING' => 'gzip, deflate, sdch',
  'HTTP_ACCEPT_LANGUAGE' => 'en-US,en;q=0.8,ru;q=0.6,uk;q=0.4,da;q=0.2,de;q=0.2',
  'HTTP_X_FIREPHP_VERSION' => '0.0.6',
  'HTTP_X_WF_MAX_COMBINED_SIZE' => '261120',
  'PATH' => '/usr/local/bin:/usr/bin:/bin',
  'SERVER_SIGNATURE' => '<address>Apache/2.2.22 (Debian) Server at vps95306.ovh.net Port 80</address>
',
  'SERVER_SOFTWARE' => 'Apache/2.2.22 (Debian)',
  'SERVER_NAME' => '[omitted]',
  'SERVER_ADDR' => '5.196.3.138',
  'SERVER_PORT' => '80',
  'REMOTE_ADDR' => '79.197.191.210',
  'DOCUMENT_ROOT' => '/home/admin/web/[omitted]/public_html',
  'SERVER_ADMIN' => 'info@[omitted]',
  'SCRIPT_FILENAME' => '/home/admin/web/[omitted]/public_html/phpixie-stats.php',
  'REMOTE_PORT' => '56049',
  'GATEWAY_INTERFACE' => 'CGI/1.1',
  'SERVER_PROTOCOL' => 'HTTP/1.0',
  'REQUEST_METHOD' => 'GET',
  'QUERY_STRING' => '',
  'REQUEST_URI' => '/phpixie-stats.php',
  'SCRIPT_NAME' => '/phpixie-stats.php',
  'PHP_SELF' => '/phpixie-stats.php',
  'REQUEST_TIME_FLOAT' => 1462985173.223,
  'REQUEST_TIME' => 1462985173,
)

This confirms that the confession email above was sent from the same person that clicked that link - and that link was only sent to Dracony and Paul.

[Kinn Julião]

It was Colonel Michael Mustard in the kitchen with a candlestick.

Done.

--

You received this message because you are subscribed to the Google Groups "PHP Framework Interoperability Group" group.

To unsubscribe from this group and stop receiving emails from it, send an email to php-fig+u...@googlegroups.com.

To post to this group, send email to php...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/701ec08b-52f9-4352-a4b6-afe848a27ea4%40googlegroups.com.

[Roman Tsjupa]

I said even before your amazing Reveal that it's my IP. Anybody could get to know it either just like you did, or by getting an actual email form me not through google groups(I believe gmail does send the x-originating-ip header then). This actually might be what the big reveal had to be about after the linkedin account was for some reason deemed true.

--
You received this message because you are subscribed to a topic in the Google Groups "PHP Framework Interoperability Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/php-fig/cjLBp2weYaA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to php-fig+u...@googlegroups.com.

To post to this group, send email to php...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/CAF%2Bu_BzqvUA5QFZ19esg3OXUaKL1Wh_m_534qoA%2B6FcpedAz1g%40mail.gmail.com.

[Robert Hafner]

Paul’s questions are completely inappropriate for this list. You should lock this thread now- anything else is just irresponsible and continuing to make this group look pretty damn pathetic.

Let people put their drama posts on reddit where it belongs.

Rob

--
You received this message because you are subscribed to the Google Groups "PHP Framework Interoperability Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to php-fig+u...@googlegroups.com.
To post to this group, send email to php...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/4AC14E5D-524B-4507-9DAF-EDB9A70E9C8C%40joeferguson.me.

[Roman Tsjupa]

This actually might be why such a random email provide was chosen. Do you even know how hard it is to post to a Google Group without a google account? You can only join and use the web interface if you have gmail. To join the group with a random account you'd first need to send an email to php-fig+...@googlegroups.com etc. So why wasn't gmail used instead? It's not like it's hard to register.

The only reason I can think of is because gmail won't send the origin IP header

--
You received this message because you are subscribed to a topic in the Google Groups "PHP Framework Interoperability Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/php-fig/cjLBp2weYaA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to php-fig+u...@googlegroups.com.

To post to this group, send email to php...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/5733420D.4070009%40amiran.it.

[pedrofr...@gmail.com]

I just thought it could be of interest to some members here. I think it has proven to be, since a lot of members came forward agreeing that this is not excusable or ignorable behavior.

It's quite obvious no further identification is going to be provided by Andrej or anyone else. As the author of this thread, I agree with locking it. Not only to stop the flooding, but to prevent people from embarassing themselves any further.

[Korvin Szanto]

I agree with Robert (sort-of) I think we've all seen enough at this point. I'm in favor of locking this thread and calling a vote.

You received this message because you are subscribed to the Google Groups "PHP Framework Interoperability Group" group.

To unsubscribe from this group and stop receiving emails from it, send an email to php-fig+u...@googlegroups.com.

To post to this group, send email to php...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/CANamvv01WatYXvKBK_E0BZVw4_CicztTExyZE-y4Ageqciha-A%40mail.gmail.com.

[Joe Ferguson]

A vote has been called on the matter, and in the interest of preventing this thread from making phones explode again, I’m locking the thread. The discussion has run it’s course and the vote is now open for members to cast their votes.

-- 
- Joe Ferguson
JoeFerguson.me
MemphisPHP.org

To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/CANeXGWXiL02gPZq%2Bdc8YkwVqfTx3MmnZS8%3DBZVdOM3%2B1wZoJuA%40mail.gmail.com.

[Андрей Виноградов]

Well, like I said, I'm not the only one having access to these. Maybe one of the other devs seen it and decided to stop the cron, but fired it again instead, and then didn't admit to it.
Although I would not be surprised if somebody after reading your post wrote a similar one (it's like 15 lines of code) to further bump the discussion just for fun.

Wednesday, May 11, 2016 11:52 AM +02:00 from Andrew Carter <andrewca...@gmail.com>:

--

You received this message because you are subscribed to the Google Groups "PHP Framework Interoperability Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to php-fig+u...@googlegroups.com.
To post to this group, send email to php...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/44853cfa-3df5-4fa7-ab15-bceb867678f2%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Удачи,
Андрей Виноградов
ball...@mail.ru