PHP-FIG Membership reevaluation

6779 views
Skip to first unread message

pedrofr...@gmail.com

unread,
May 9, 2016, 1:36:43 PM5/9/16
to PHP Framework Interoperability Group
Hello.

I’d like to start a discussion about PHPixie’s membership in this group.

As some of you are probably aware by now, Dracony defrauded numbers by astroturfing and making use of bots to leverage packagist installs, github stars and general usage of his framework.

Before we continue, I’d like to remember some of his history here.

1) Dracony’s first application was denied MOSTLY due to lack of popularity.
“-1 from Laravel for lack of significant user base that would be effected by any FIG standards.”
“Historically, we only admitted projects with a reasonably large userbase = influence. Can you give any (verifiable) usage numbers of PHPixie? The number of stars/forks on GitHub is not convincing.” (Bernard Schussek)
“I agree with Bernhard that the userbase and influence of PHPixie is limited.” (Doctrine)
“Agree with Taylor, there is a definite lack of user-base, and this has been used to bounce small projects in the past.” (phil sturgeon)
(and many others)
2) Dracony has since been caught with fake accounts on Reddit, astroturfing PHPixie. Here’s some evidence: https://gist.github.com/AndrewCarterUK/96bf6fae02ef8b93f93b. He was banned for a few days, his alt accounts were permabanned.

3) Dracony has been caught benefitting from bots starring his github repository: Proof: https://twitter.com/dracony_gimp/status/727790568420585472 (backup to Andrew's reply: https://twitter.com/AndrewCarterUK/status/728335760001241088, in case he deletes). Github detected the bot usage and removed said stars.

4) And now, Andrew Carter has released a study in which he estimates (with enough reasonable evidence) that 95% of packagist installs are fradulent: http://andrewcarteruk.github.io/programming/2016/05/09/phpixie-fraud.html.

Since this group considers project popularity important to a member’s application and that such member has defrauded such statistics, his admission should be voided. If his admission can't be voided, members from this group should consider banning this project from this group for using such unethical tactics.

As additional reasons, unlike most projects here, PHPixie still only has 1 maintainer. The project was also involved in many controversies (such as the previous sexist logo). In my personal opinion, his membership here not only aggregates little to no value, but, as of right now, actually taints this group’s reputation.

Since this group doesn’t have a proper complaint channel, I’ll leave this discussion here. I'm not a member, so I'm not sure if anyone can request a membership reevaluation. If I can't, I'll just leave this as a complaint, and leave to the members to judge and to decided what to do next.

Dracony

unread,
May 9, 2016, 2:29:38 PM5/9/16
to PHP Framework Interoperability Group
I made a point of not participating in these witchhunts anymore, but since it made it's way all the way here, I'll post once more from the start.
e
1) PHPixie joined the group in September it had just over a hundered daily installs till then, so you cant say it was it's current statistics that got Pixie to be accepted. Even with a hundred installs per day Pixie still had more stars and downloads than some other FIG members at the time. I can't say I am not happy aboout it getting over a 1000 installs per day now, but I just checked the packagist graph and it does seem like there was a spike a few month ago ( again way later than wehn I joined the group). Now obviously I can't tell if some of those are made by bots, CI systems or whatever, I honestly just liked seeing the number increasing.

2) Bot accounts on github are a given, and they get vbanned by hundreds every day, there's really no telling what they're doing. E.g. right now I checked one of the trending repos on github and behold, already there are bot accounts following it, e.g. https://github.com/larryheathcote. Github has so many strict rules about banning them that there is really no point in trying to inflate anything this way. I suspect as soon as you get on to the trending page you get a whoole bunch of them following you, and then they get banned and your numbers get back to normal and you never notice it. 

The only reason Andrew caught and screenshoted them was me tweeting about randlomly getting a lot of github stars on the same day ( I hope you agree this is not a smart thing to do if I wanted to have bots and keep it secret: https://twitter.com/dracony_gimp/status/727790568420585472 )

3) The whole fake accounts on reddit thing is a separate story, check the thread I guess. Basically 2 people got their account suspended and I got my silenced for 3 days (all because Andrew posted in on the mod subreddit). And even then they got suspended for "vote manipulation", bit for being socpuppets. Usually when I post smth on reddit I ask people in the Pixie chat to upvote it. I gurss this counted as vote manipulation (although 2 votes is literally nothing). Btw I kind f gace up posting stuff on reddit about pixie since then.

Ressurecting the sexist logo thing is really scraping the bottom of the barrel tbh.

The bottomline is I'm really surprised at all the pitchforks, really. Even before I joined FIG I was posting here frequently and actually consider myself a quite active member. But nobody seems to appreciate any of it, just because there's some graph spiking at 2 am =(

Michael Cullum

unread,
May 9, 2016, 2:30:26 PM5/9/16
to PHP Framework Interoperability Group

Hi Pedro,


Thanks for posting this topic. Andrew came to the secretaries a couple of days ago with details of his study and we had been looking into it since then to then bring the issue to the attention of the FIG membership for you to decide if any course of action should be taken.


To clarify the position of the bylaws on any expulsion of member projects, this the membership bylaw states the following:

  • If, in the judgement of PHP-FIG, a Voting Representative is acting inappropriately and to the detriment of PHP-FIG's ability to meet its objectives, a vote may be taken to request a replacement Voting Representative in accordance with the Voting Protocol bylaw or to expel the Member Project where replacing a Voting Representative is not possible. 
  • ...
  • A Member Project may also be expelled if their Voting Representative is subject to a replacement request from PHP-FIG but a suitable replacement is not available.
  • The expulsion of a Member Project requires a vote in accordance with the Voting Protocol bylaw.

And as pointed out by the OP, any such vote would need to be instigated by a voting member however it would be highly recommended to have a discussion period beforehand, although this is not required by the bylaws. If a voting member wishes to start this vote, we'd kindly request they consult the secretaries first, although this is of course not necessary, so we can ensure that it's carried out fairly and without bias.


We would also add that project activity and popularity are not a set criteria for FIG membership (although the unwritten rule appears to be that projects should have known deployments, worked on by more than one person and not be aspirational), each member may vote as they wish and are not bound by any rules on who to admit. What is being discussed here is not necessarily whether or not PHPixie is popular enough to be a FIG member, but whether Dracony/PHPixie misled the FIG before his membership vote and whether he has acted detrimentally to the FIG's objectives, has brought the FIG into disrepute or if he has acted inappropriately.


Finally, this discussion is obviously going to be quite personal for some involved but as a gentle reminder, could we try and keep a sense of decorum and civility to discuss the facts. The wider PHP community and the communities of the member projects you represent don't want to see the FIG squabbling like children. If this discussion does descend into personal insults, name calling and flaming (as has happened regarding this particular matter on other mediums) then we will lock the discussion topic and have to just immediately trigger a vote, which isn't fair on those involved and want to explain their viewpoints or defend themselves.


Many thanks,

The Secretaries

Dracony

unread,
May 9, 2016, 2:31:06 PM5/9/16
to PHP Framework Interoperability Group
Btw, after I posted the above post, another spammy acount starred the same repo: https://github.com/ajhendrix25
So I hope you see my point =\


On Monday, May 9, 2016 at 7:36:43 PM UTC+2, pedrofr...@gmail.com wrote:

Andrew Carter

unread,
May 9, 2016, 2:44:40 PM5/9/16
to PHP Framework Interoperability Group
Corrections/adjustments time.

Regarding (1), Dracony is correct that nobody can prove that it was him that did it. However, what can be known (as a fact) is that CI systems were not responsible and that this was the result of intentionally fraudulent behaviour by someone.

Regarding (2), the 40 or so accounts were all liking only PHPixie's active components. I reported this to the secretaries at the time and they will be able to confirm this. Here are the archives:
- http://web.archive.org/web/20160505151735/https://github.com/PHPixie/Project/stargazers
- http://web.archive.org/web/20160505151948/https://github.com/khalilschimmel

Regarding (3), I reported one account to the reddit admins and the next morning two other accounts that I suspected (but didn't report) were also banned. The ban was not issued by reddit moderators (they can't do that) but site level reddit administrators after an investigation. They also weren't banned for the sock-puppet action (where he was talking to himself but pretending to be different users of his framework), they were banned for vote manipulation.

Interpret all of that as you wish.

Korvin Szanto

unread,
May 9, 2016, 2:46:20 PM5/9/16
to PHP Framework Interoperability Group
Hi All,
In my humble opinion, this is a (arguably justified) witch hunt. In the same way it was ridiculous for people to bring up the going-ons in the php mailing list here, I think it's equally frivolous to try to bring up actions elsewhere unrelated to the PHP-FIG to get a current member expelled. While Roman may be controversial, he is rather active compared to the majority of current FIG members who have better stats and he seems to care deeply about the FIG and about writing quality code.

That is not to say that these issues aren't very bad, using bots or fake accounts to manipulate community feedback has no place in an ethical project lead by people who care about community. Roman, I hope that you think hard about these things you claim to not have done and think hard about what this kind of manipulation does to the ecosystem as a whole. 

I personally plan to continue my boycott of phpixie components, but I just don't think that this issue is something we should deal with by expelling the project. Especially when that project is active in the mailing list. We should certainly screen for this kind of behavior when we are accepting new members, but I'm not sure that I agree that this is a good reason to expel a project.

Just my 2c, thank you for bringing up the issue and thanks to Andrew Carter for doing the research. I know that with this information we as a group come to a conclusion that is right for us, at this time I just feel like this is an unneeded distraction from more pressing issues.

Best wishes,
Korvin

--
You received this message because you are subscribed to the Google Groups "PHP Framework Interoperability Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to php-fig+u...@googlegroups.com.
To post to this group, send email to php...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/6c53d8b1-c3e4-412a-8bdb-3c4d1bf47079%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Dracony

unread,
May 9, 2016, 2:47:36 PM5/9/16
to PHP Framework Interoperability Group
The account I just linked to (https://github.com/larryheathcote) is also following only one trending repo. I suspect the repo itself is irrelevant, they just follow whatever is trending at the moment, because it's easier to randomize then and seem more legit. If you didnt see my tweet these account would disappear without notice and nobody would know. 

pedrofr...@gmail.com

unread,
May 9, 2016, 2:48:31 PM5/9/16
to PHP Framework Interoperability Group
Hey, Michael. Thanks for taking the time to reply.

Just as a brief addition (I know folks here don't like many replies from the same person), I'd like to note that the policy you sent me refers merely to member expulsion, not to the voiding of a fraudulent act. Many laws (and common sense in general) just void (without the need for following a rescision protocol) acts that were conceived through fradulent/erroneous means.

Also, Draconys says he only had a little over a hundred installs per day at the time of his admission. This is not entirely true. This is his exact phrase, in his application: "PHPixie userbase has grown significantly, especially in the Eastern Europe, it scored high(#6) on Sitepoint's framework survey, and since the new release has been getting ~500 daily installs, althout it has not even been tagged stable yet.".

Andrew's study shows that even today, he gets (through non-fraudulent means) about 5 installs a day, which wouldn't make PHPixie not nearly as relevant as it needed to be to get approved here.

Dracony's defense is pretty straightforward and its rebuttal should be obvious. Also, even in the unlikely event of him not being the perpetrator of these unethical practices, he was directly benefited from them and his admission here should be voided anyway, for the act was would have been as misconcepted, even in good faith. 

Even though I'm not a voting member, I figured I'd post this here and bring the issue to everyone's attention.

Jeremy Lindblom

unread,
May 9, 2016, 2:48:59 PM5/9/16
to php...@googlegroups.com
UNSUBSCRIBE

--
Jeremy Lindblom (@jeremeamia)
Software/Platform Engineer at Engrade (part of McGraw-Hill Education)
Co-organizer of the Arizona PHP User Group (@azphp)

--
You received this message because you are subscribed to the Google Groups "PHP Framework Interoperability Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to php-fig+u...@googlegroups.com.
To post to this group, send email to php...@googlegroups.com.

Kayla Daniels

unread,
May 9, 2016, 2:52:14 PM5/9/16
to PHP Framework Interoperability Group
Pedro,

Thanks for opening this thread here.

I feel this incident is bringing the FIG into disrepute which I feel definitely hampers our ability to meet our objectives.

As a voting member I am deeply bothered by this.

I'm open to discussion about the topic and this thread serves well for that but I would like to see a vote regarding it in the very near future. I'm more than happy to be the person that calls for said vote.

Kayla

Message has been deleted
Message has been deleted

Dracony

unread,
May 9, 2016, 2:53:07 PM5/9/16
to PHP Framework Interoperability Group
The thing is, if you just wrote the facts as they were, the response wouldn't be so dramatic. Asking in my chatroom for people to upvote my posts may count as an amazing 2 vote "vote manipulation" but you always refer to it as sockpuppeting. When you linked to Github accounts you never mentioned that you found them by me tweeting about it (which is not very sneaky, especially with obviously fake accounts with no avatars), not that they were deleted so soon that they wouldnt get noticed otherwise. When speaking about packagist you never mentioned that the spike only began recently and implied there was some botting involved when I was voted into FIG (and I had only a 100 installs per day then).

In fact I believe if you would scrutinize other projects with such diligence you'd get others accused too. Accounts get suspended on reddit for voting etc. on regular basis, but nobody notices that until somebody likes you turns it into a separate topic and spices up the narative.
Message has been deleted

Dracony

unread,
May 9, 2016, 2:57:02 PM5/9/16
to PHP Framework Interoperability Group
As for the whole Eastern European thing, here are PHPixie articles on the site similar to Techcrunch in Russia: https://habrahabr.ru/search/?q=phpixie

Note the amount of views and stars under each post. Also unlike sites like reddit to vote their you actually have to get by invite, so no vote manipulation is possible.

Korvin Szanto

unread,
May 9, 2016, 2:59:04 PM5/9/16
to php...@googlegroups.com
On Mon, May 9, 2016 at 11:53 AM Dracony <draco...@gmail.com> wrote:
The thing is, if you just wrote the facts as they were, the response wouldn't be so dramatic. Asking in my chatroom for people to upvote my posts may count as an amazing 2 vote "vote manipulation" but you always refer to it as sockpuppeting. When you linked to Github accounts you never mentioned that you found them by me tweeting about it (which is not very sneaky, especially with obviously fake accounts with no avatars), not that they were deleted so soon that they wouldnt get noticed otherwise. When speaking about packagist you never mentioned that the spike only began recently and implied there was some botting involved when I was voted into FIG (and I had only a 100 installs per day then).

In fact I believe if you would scrutinize other projects with such diligence you'd get others accused too. Accounts get suspended on reddit for voting etc. on regular basis, but nobody notices that until somebody likes you turns it into a separate topic and spices up the narative.

I reject the idea that this is somehow normal. Asking for upvotes on reddit is and always has been listed as something that is against the rules https://www.reddit.com/help/contentpolicy I personally make sure to read the rules before I post in a community.

I challenge you to find this kind of fraudulent activity with other projects, I guarantee you will not find concrete5 purchasing downloads or asking for upvotes because we believe that our community voice can speak for itself. Censorship or manipulation has no place in a open source project and the idea that this is somehow commonplace is laughable.

I'm glad to come to your defense on the idea that this is not a strong enough offense to expel you, but I am absolutely not okay with the suggestion that manipulating statistics is somehow normal and okay.

Thanks,
Korvin


--
You received this message because you are subscribed to the Google Groups "PHP Framework Interoperability Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to php-fig+u...@googlegroups.com.
To post to this group, send email to php...@googlegroups.com.

Dracony

unread,
May 9, 2016, 3:04:59 PM5/9/16
to PHP Framework Interoperability Group
Ok, where does the "purchasing downloads" come from, Korvin? I don't find anything unethical about posting into a pixie chat: "I wrote a new blog post, can you upvote it on reddit plz?", because I'm already talking to people that like my project who would upvotw it themselves if they saw it online. All I'm doing is brining to their attention that I posted it, really. 

This is very different to buying upvotes from an external service ot something. And can I stress that the amount of votes we're talking about here is 2(two) which is literally nothing, so please, can we remove it as a discussion point entirely? The most random things posted on /r/php get more than that

Korvin Szanto

unread,
May 9, 2016, 3:20:22 PM5/9/16
to PHP Framework Interoperability Group
"Purchasing downloads" comes from the evidence posted in this thread. Reddit's algorithm is notoriously tuned to prefer posts that get a few upvotes really soon after posting over posts that gradually get upvotes over time. This is shown by /u/unidan who was a great content contributor to reddit, but he used the method you seem to have no issues with to manipulate his own posts ranking in the otherwise fair ranking system reddit uses. For that, he was permanently banned and is now used as an example for why "Just manipulating a couple of votes" is more harmful than you seem to want to portray it.

As you continue to try to justify this, I'm leaning more toward a +1 vote for expulsion, if I were you I'd figure out exactly what I did wrong and I'd do some deep introspection and apologize. 

Best wishes,
Korvin

Korvin Szanto

unread,
May 9, 2016, 3:21:15 PM5/9/16
to PHP Framework Interoperability Group
Forgot the source for my /u/unidan stuff: https://en.wikipedia.org/wiki/Unidan

Roman Tsjupa

unread,
May 9, 2016, 3:25:59 PM5/9/16
to PHP FIG
What evidence? At most you can say that maybe somebody somewhere is running bots that spike at 2 am, who knows if it's only done for Pixie actually or why its happening. When you say "purchasing" you explicitly link it to be my doing or me having any influence over it. That''s just to many assumtions for one thing. I mean, what if this happened to your project? 

You received this message because you are subscribed to a topic in the Google Groups "PHP Framework Interoperability Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/php-fig/cjLBp2weYaA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to php-fig+u...@googlegroups.com.

To post to this group, send email to php...@googlegroups.com.

Korvin Szanto

unread,
May 9, 2016, 3:28:48 PM5/9/16
to PHP FIG
Roman,
If this happened to my projects and someone pointed it out, I'd immediately post publicly denouncing the use of that kind of manipulation and I'd do everything in my power to stop it. I would NOT go on public forums and try to justify it or play it off as no big deal.

Anyway I've said waaaay more than my peace in here, I'm not going to be responding to this thread anymore unless needed.

Thanks,
Korvin

Dracony

unread,
May 9, 2016, 3:31:18 PM5/9/16
to PHP Framework Interoperability Group
Unidan's tale has really nothing to dow with me, remeber that only 2(two) users had been suspended for upvoting my posts, this is not close to Unidan scale. Nobody would ever talk about it if it wasn't for the withchunt post. Please stop this 2 people thing.
To unsubscribe from this group and stop receiving emails from it, send an email to php-fig+unsubscribe@googlegroups.com.

To post to this group, send email to php...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/7df52a61-e6db-4cb0-bf7b-dfba72a7c48b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to a topic in the Google Groups "PHP Framework Interoperability Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/php-fig/cjLBp2weYaA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to php-fig+unsubscribe@googlegroups.com.

To post to this group, send email to php...@googlegroups.com.

Dracony

unread,
May 9, 2016, 3:40:26 PM5/9/16
to PHP Framework Interoperability Group
@Korvin I did exactly what you sai you would:

"I'd immediately post publicly denouncing the use of that kind of manipulation" - posted on same thread, but you wont see that comment since it got over -20 downvotes
"I'd do everything in my power to stop it" - well, I did, although everything in my power = nothing, since what can I do?
"I would NOT go on public forums and try to justify it or play it off as no big deal." - literally not what I did. I was just really frustrated that instead of telling me on twitter, or even posting a graph on reddit, Andrew built an entire polarized article about it and immediately started advocating me getting banned from FIG.

Pedro Cordeiro

unread,
May 9, 2016, 3:49:40 PM5/9/16
to php...@googlegroups.com
Roman, you had motive. You had already been denied participation in this group due to lack of popularity.

Also, I think this discussion is getting sidetracked. It doesn't really matter if you did it or not. If you did it, your admission was approved over fraudulent data. If you did NOT, your admission was approved over wrong data anyway. PHPixie doesn't have the popularity it claims to have, nor did it have said popularity (500 daily installs) at the time of your approval. The admission should be VOIDED even if you're just the victim you claim to be.

What you call a witchhunt is actually just the community responding to the (very) unethical things that PHPixie benefited from (I'll refrain to say that YOU did it specifically, even though I personally believe you did, because you're the only maintainer and the only one to benefit directly from all of this).

I too won't post here anymore. I think everything that had to be said was already said. Even if the other members don't feel like this is enough reason to void PHPixie's admission (or to expel PHPixie - please notice the semantic difference), I think I did my part in raising the debate.

Thank you for everyone's time and I'm sorry to bring non-technical-related drama to everyone's lives. I just felt like this could matter at some level for some people. After all, PHP-FIG doesn't have a strict acceptance policy for no reason.

Kayla, I'm glad you're willing to conduct the vote. I'll be following it closely.

- Pedro.

--
You received this message because you are subscribed to a topic in the Google Groups "PHP Framework Interoperability Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/php-fig/cjLBp2weYaA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to php-fig+u...@googlegroups.com.

To post to this group, send email to php...@googlegroups.com.

--
You received this message because you are subscribed to a topic in the Google Groups "PHP Framework Interoperability Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/php-fig/cjLBp2weYaA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to php-fig+u...@googlegroups.com.

To post to this group, send email to php...@googlegroups.com.

Dracony

unread,
May 9, 2016, 3:57:18 PM5/9/16
to PHP Framework Interoperability Group
Again, my admission happened way before this spike occured. Check the current 400 stars I have on github and see if you can spot any bots, I actually dare you. Also check the links to the Russian tech site I linked above you'll notice I get huge amounts of traffic from there, e.g. my Pixie 3 tutorial (https://habrahabr.ru/post/263551/) got over 16k views and 115 bokmarks, and that's just one of them.

Pedro Cordeiro

unread,
May 9, 2016, 4:19:07 PM5/9/16
to php...@googlegroups.com
Roman, now you are just blatantly lying. That stat about ~500 daily installs was what YOU said in your application to FIG. Thankfully, there is an archive and people can see for themselves: http://i.imgur.com/SjE7aLk.png.

PHPixie has never had 500 daily legitimate installs. Today, it only has ~5 daily installs, that could be attributed to manual (or automatic) tests. There is not a single popular project out there done using PHPixie. 

By all metrics, it looks like you're the only PHPixie user, besides being the only PHPixie active developer. There is no point in having PHPixie as a member of FIG, and there are many reasons why PHPixie should not be a member of FIG - PHPixie is suspicious at best, straight fradulent at worst.

Sorry for repeating myself. Justed wanted to point out more inconsistencies.

- Pedro.

Kinn Julião

unread,
May 9, 2016, 4:24:35 PM5/9/16
to php...@googlegroups.com
Hey guys... there's always a good side for a "story" like this...
Now my faith in humanity has been restored since "only bots" are using pixie... no offences people, it's only Monday.


For more options, visit https://groups.google.com/d/optout.



--
--
Kinn Coelho Julião
Toronto - ON/Canada

Dracony

unread,
May 9, 2016, 5:05:17 PM5/9/16
to PHP Framework Interoperability Group
Pedro, just so you know packagist doesn't update graphs in real time, check out yesterday to see the installs today. When I said about 500 installs I said I also counted downloads from the 'download as zip' functionality of the old site, which was used way more often than the create-project method. The rest of your argument is just plain stupid, just search github (https://github.com/search?q=phpixie&type=Code&utf8=%E2%9C%93) to see the usage, also join our chat if you like. Also as I already said I challenge you to find bots among my 400 github stars

Larry Garfield

unread,
May 9, 2016, 5:13:33 PM5/9/16
to php...@googlegroups.com

Technically, the current bylaws have no prerequisites for project membership. "People are using it in production" is an informal expectation that many current members have expressed they take into account, myself included. The FIG 3 proposal includes formalizing that requirement but it is in the current bylaws. (Icicle also doesn't technically pass that bar either, and everyone knew that when they voted on it.)

Fraudulent behavior, if true, is problematic regardless of the number of installs a project has or doesn't have. I make no statement on that point at this time.

--Larry Garfield

Joe Ferguson

unread,
May 9, 2016, 5:41:47 PM5/9/16
to php...@googlegroups.com
Hello everyone,

To allow members to catch up to the flurry of emails, I would respectfully ask that people keep responses brief and avoid repeating already made points. There is an established unofficial convention to try and self rate limit on this mailing list to a couple of responses per person per day maximum to keep the mailing list digestible and I'd ask people try and and keep to that.

As previously mentioned, lets keep things civil as things are starting to head towards waters in which we do not wish to tread.

-- 
- Joe Ferguson
JoeFerguson.me
MemphisPHP.org

Timon Lukas

unread,
May 9, 2016, 6:05:23 PM5/9/16
to PHP Framework Interoperability Group
Just out of interest: How can you be so incredibly sure that there is not a single bot among your stargazers? It does sound a little suspicious if you already had that happen, but are not sure that no part of your userbase is a bot.

Andrew Carter

unread,
May 9, 2016, 6:08:18 PM5/9/16
to PHP Framework Interoperability Group
To add to the catalogue of fraud that I've managed to associate with PHPixie, somebody recently linked me to the results of the SitePoint frameworks survey.

The published survey is here: http://www.sitepoint.com/best-php-framework-2015-sitepoint-survey-results/
The repository for this is here: https://github.com/sitepoint-editors/php-fw-survey-2015
The raw data for this can be found here: https://raw.githubusercontent.com/sitepoint-editors/php-fw-survey-2015/master/dump/survey.csv

The survey asks users what there favourite frameworks are for personal and work use (etc).

It also asks how many years of programming and PHP experience they have. An obvious metric of error is any user that claims to have more PHP experience than programming experience (impossible).

Using a quick script (https://gist.github.com/AndrewCarterUK/b4245f5e8adc5c0148d1f4cad8b41680), I obtained the following data:

Looking at non PHPixie users, 2.3% of responses claim to have more PHP experience than programming experience [170 / (7735 - 423)].
Looking at PHPixie users, 60% of responses claim to have more PHP experience than programming experience [251 / 423].

Opening the data in Excel and filtering for PHPixie mentions shows that these fields are pretty much just the result of a rand(1, 6) call.

The trail of fraud and deception that can be associated with this project never fails to surprise me.

Dracony

unread,
May 9, 2016, 6:10:00 PM5/9/16
to PHP Framework Interoperability Group
Well, because none of them seem like the kin of generic no-avatar star-only-few-repos registered-yesterday accounts you see in Andrews screenshots. Actually even the spammy account I linked in my first reply here already got banned (in less than 4 hours), and here I also found this one: https://github.com/users/makaylagoodwin, will probably get banned soon too.

Dracony

unread,
May 9, 2016, 6:29:57 PM5/9/16
to PHP Framework Interoperability Group
Andrew, now, seriously claiming to be able to recognize the rand(1,6) call in the field where users specify the years of experience they have with PHP is now really like really scraping the bottom of the barrel. It's normal to have a lot of users in the 1-6 years range, it's not like PHP has been around for 100 years or anything. You are now basing your claims on what ammounts to your interpretation of empirical data, and that is the very definition of subjective.

Kinn Julião

unread,
May 9, 2016, 6:33:24 PM5/9/16
to php...@googlegroups.com

Hey bro, stop creating users and removing it.
As Joe mentioned, this is getting out of control... Not only that, but imagine what kind of impressions people may have about you just following this thread...

Andrew Carter

unread,
May 9, 2016, 6:34:35 PM5/9/16
to PHP Framework Interoperability Group
Please read again. The claim is based upon the fact that it's impossible for someone to have more PHP experience than programming experience.

$yearsProgramming >= $yearsPhpProgramming

When this isn't true, the user has misunderstood the question.

Now 60% of the responses mentioning PHPixie made that error.

The error rate for the other responses was a far more reasonable 2%.

Would you agree that this is sufficient evidence that most of the PHPixie responses to that survey were fraudulent?

Dracony

unread,
May 9, 2016, 6:42:46 PM5/9/16
to PHP Framework Interoperability Group
People not caring about the rest of the form? Translating the form with google translate and making mistakes. Idk, what kind of explanation do you expect?

There's a lot of weird statistics with that data, for example Laravel scored 60% more than symfony did, and yet if you compare packagist graphs at the time it was downloaded 3 times less often than Symfony.
And yet I don't see you making any claims about Laravel or Nette frauding those statistics or anything. And please don't consider this an accusation or a jab on other frameworks, I'm just showing that sometimes the results you get from a poll are not exactly intuitive



Joe Ferguson

unread,
May 9, 2016, 6:44:41 PM5/9/16
to php...@googlegroups.com
Since people seemed to have missed my email: https://groups.google.com/d/msg/php-fig/cjLBp2weYaA/MU2P4a6cDQAJ

I’m going to lock this thread until morning (CDT). This will allow members to catch up on the 33+ emails they have in their inbox.

During this time, I’d implore the repeat participants of this thread to read this post by Larry from 2013: https://groups.google.com/forum/#!searchin/php-fig/agreement$20limit/php-fig/fhoYjwufhwE/cCtkmhilmkEJ

-- 
- Joe Ferguson
JoeFerguson.me
MemphisPHP.org

Joe Ferguson

unread,
May 10, 2016, 8:20:48 AM5/10/16
to php...@googlegroups.com
Good Morning/Afternoon,

I have unlocked the thread. Please remain civil, and please be respectful of those who are trying to keep up by not rapid firing multiple responses. I understand this can be difficult between parties in this scenario.

-- 
- Joe Ferguson
JoeFerguson.me
MemphisPHP.org

Paul Jones

unread,
May 10, 2016, 9:49:23 AM5/10/16
to php...@googlegroups.com
All,

I have conflicting thoughts about this.

* * *

- Andrew's detective work and analysis is impressive in-and-of itself.

- The analysis does appear to reveal automated/manipulated/designed/generated behavior, rather than natural phenomena.

- The behavior could certainly be classified as "purposely misleading", perhaps even "fraudulent".

- As to the source of the behavior, proof is relatively difficult to come by without deeper investigation.

- In the mean time, and in the absence of other similar behaviors from other actors, I think "who benefits?" is a reasonable heuristic, and in this case, I think it is Dracony benefits; thus, he is a reasonable initial suspect.

- Even so, it is behavior that occurs outside this group, and does not affect this group directly. (It is possible for one to behave "poorly" in one arena and behave "well" in another. Has his behavior within the group been poor?)

- The thought of banning someone for "bad behavior outside the group" gives me pause, as "bad behavior" is ill-defined. I think some people in this group behave badly outside the group, and I know that many think the same of me, but I don't think those behaviors are cause for banishment.

- I think the argument that PHPixie's download numbers were a major deciding factor in gaining entrance to the group is incorrect. I'll go so far as to say that nobody here actually qualifies applicants by quantifiable measures; they qualify applicants by how much they like the applicant. So "purposely misleading download numbers on a fraudulent application" are not a valid reason for banishment.

- If we discover fraudulent behavior *within the group*, e.g. by faking emails in discussion of topics to make it look like one opinion is more popular than another, then I think we would have a real cause for expulsion.

- What I'm left with is: "How exactly does this behavior affect the group?"

- If the answer is a generic "It makes us look bad!" that's not quite enough; any behavior anyone disagrees with anywhere will "make us look bad" to some group.

- If the answer is "We don't like to look like we ignore purposely misleading manipulation of common objective measures of project statistics", I think that's a much stronger appeal. These kinds of statistics are the closest thing to a currency or scoreboard we have in this world, aside from unquantifiable "reputation."

- I'm not a fan of banning anyone, even temporarily, for out-of-group behavior. But this may straddle the line between out-of-group and in- (or of-) the-group sufficiently to warrant attention.

* * *

I admit to indecision on this topic, certainly until Dracony behaves badly within the group (if ever); as far as I recall, he has not done so, and in fact has had productive dealings here.


--

Paul M. Jones
http://paul-m-jones.com



Phil Sturgeon

unread,
May 10, 2016, 11:20:49 AM5/10/16
to PHP Framework Interoperability Group
Now is a great time to remind people about the self-throttling rule in this group. Say your peace, let others say theirs.

My piece: I find is absolutely mind-boggling that Paul is defending "bad behaviour outside of the group" and acting like it doesn't matter in this instance, but was dragging up a bad-joke/mean comment at a bar after a conference not so long ago to try and kick a FIG Secretary out. Make your mind up Paul.


Now, whilst that FIG Secretary drama was certainly not at all valid in any way, this situation is definitely a concern. The FIG has bounced legitimate and sizable PHP projects on a regular basis due to a failure to meet some basic metrics. Didn't Laravel fail on first pass? PHPSpec too? Hell, we've had some real big projects fail to meet these metrics. 

Then we find out that the vast majority of PHPixie numbers are faked, and we see that this is a known pattern, with similar stories happening on Reddit and GitHub. Now, these is either some huge poorly run conspiracy by a well-meaning friend of Dracony, to inflate the apparent success of a project that nobody in the real world is actually using, or it's fraud by Dracony himself. After previous conversations with this chap I definitely know which way my suspicions lean.

Mikey C pasted in a great bylaw here:
  • If, in the judgement of PHP-FIG, a Voting Representative is acting inappropriately and to the detriment of PHP-FIG's ability to meet its objectives, a vote may be taken to request a replacement Voting Representative in accordance with the Voting Protocol bylaw or to expel the Member Project where replacing a Voting Representative is not possible. 
PHPixie is making the FIG look like an absolute joke, and a vote should be held for the removal of this project. That's really all there is to say on the matter.

Paul Jones

unread,
May 10, 2016, 11:45:53 AM5/10/16
to php...@googlegroups.com

> On May 10, 2016, at 10:20, Phil Sturgeon <pjstu...@gmail.com> wrote ...

... in his usual fashion. You know how I like consistency, Phil; thank you for always being a drama queen.

Besides, I thought you left? (/me shrugs)

Glenn Eggleton

unread,
May 10, 2016, 11:58:53 AM5/10/16
to PHP Framework Interoperability Group
Hi Phil,

I don't think it is just PHPixie that is making the FIG look like an absolute joke. See the above comment. I wouldn't classify that as classy and/or professional at all.

Ciaran McNulty

unread,
May 10, 2016, 12:46:40 PM5/10/16
to PHP Framework Interoperability Group
On Tuesday, 10 May 2016 16:20:49 UTC+1, Phil Sturgeon wrote: 
. Didn't Laravel fail on first pass? PHPSpec too? Hell, we've had some real big projects fail to meet these metrics. 

As a point of order, PhpSpec failed due to the apathy/disinterest of the voting members rather than failing on any install metrics.

-C
 

Stelian Mocanita

unread,
May 10, 2016, 5:20:19 PM5/10/16
to PHP Framework Interoperability Group
For reasons I can not explain even to myself, I read this entire thread and wanted to share my 2c.

Whatever the case might be with the statistics for PHPixie (Dracony did it, a friend did it, an enemy did it, etc), the fact of the matter remains that his name is associated with this organization. The correct and honorable thing to do Dracony, is to remove yourself from this organization to not taint its name. Later on you could safely reapply and get the vote of confidence of your peers and colleagues proving that you are in this group for your worth and not for some boosted statistics.

Cheers,
Stelian

Marc Towler

unread,
May 10, 2016, 5:30:36 PM5/10/16
to php...@googlegroups.com

Hey all,

I am a long time lurker of the FIG threads and whilst it might not matter at all I thought I would bring my thoughts into this in the perspective of an outsider looking in.

Dracony's time here has been a bit of a roller-coaster. It started off quite rough for him when he applied to bring his project in as a voting member and a lot of issues were aired and now some more issues have come to light. Whilst some of it cannot be proven to be directly tied to his actions, there was only one who benefited from the end results.

If he is found to have been responsible for all the issues raised then that is easily enough to have him removed and whilst I was never a fan of him in the beginning, he has shown in my opinion to be of use to the project overall.

I don't feel that FIG will benefit from being associated with the issues so removal of PHPixie would be good until it can be proven Dracony was not involved in the issues but I feel that FIG would lose an interested and somewhat useful member in the long run

--
You received this message because you are subscribed to the Google Groups "PHP Framework Interoperability Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to php-fig+u...@googlegroups.com.
To post to this group, send email to php...@googlegroups.com.

Robert Hafner

unread,
May 10, 2016, 9:18:40 PM5/10/16
to php...@googlegroups.com

This conversation makes FIG look far worse than having Dracony as a member does.

FIG should be focused on building Framework Interoperability. That is it’s purpose, and that’s what it should be judged by. If some people want to view the PHP Interfaces we make in a negative light because someone did something sketchy, even though that sketchy item was outside the group and has zero effect on the PHP Interfaces that are being released, then those people are not the kind of people I would expect to do well as developers in the long run.

Our criteria for membership should be simple- do they contribute or detract from the group’s mission? If a member of the group truly thinks he’s going to make it significantly harder to accomplish our mission then they should take responsibility for asking for a vote.

Personally I think the sexist logo episode was worse than this, and frankly the “proof” being provided wouldn’t stand up in any court of law, so I think we should keep this outside drama where it belongs- outside. Lets focus on that whole interop thing.

Rob

Jeroen De Dauw

unread,
May 11, 2016, 12:29:28 AM5/11/16
to php...@googlegroups.com
Hey,

A big +1 to what Robert said. Let's not be the PHP Drama Group or the PHP Court of Social Justice.

Cheers
Software craftsmanship advocate | Developer at Wikimedia Germany
~=[,,_,,]:3

Андрей Виноградов

unread,
May 11, 2016, 4:58:25 AM5/11/16
to php-fig

Good day everyone,

I never thought I would post to this group, especially on a topic like this. The thing is that it’s my actions that are the reason for the recent events. Long story short:

I work in a small webdev agency (4 developers) with rather bad management. Some time ago we got a new contract for our next project that is to start in summer. We mostly work with Wordpress and my coworkers have very light framework experience. I used PHPixie on my previous job and convinced them we’d use it in this new project, since I’ll be doing all the heavy lifting anyway.

The only problem is our management, they found some random framework comparison site and deemed PHPixie was not enterprise grade. It has to be said that one our manager used to be a Wordpress developer, and thinks himself a “software architect”, although I doubt he ever heard of SOLID and the like. Every library we use for PHP and JS has to go through him, and he usually directs us to the stuff he used 5 years ago, which is terribly outdated. We still build interfaces with jQuery for that reason. Sometimes we want to use a simple JS plugin for highlighting and it gets rejected based on the npm download count. Ironically we also don’t use npm.

So we decided to increase the download count on packagist with a bunch of proxies running on a cron. The only limitation packagist has is throttling downloads per IP per day, so with proxies it’s easy. The idea was to present the download count and github stars as proof of stability just in case we can’t push it otherwise. None of us suspected it would amount to this though. Especially since we sometimes also bump the npm download count (although on a smaller scale) and it has never backlashed.

I don’t use reddit so I missed when the whole thing began and then I thought it would die down in a day. I have never heard of Andrew and when we made the script we didn’t suspect there would be somebody monitoring PHPixie with such scrutiny and intent. I am still really surprised at how aggressive his narrative is actually. I definitely didn’t expect an expulsion post.

As a closing thought, considering how easy these numbers are to fake I’d rather they weren’t displayed at all. Sort projects by popularity sure, but showing these numbers sometimes hurts the projects since how hard it is to convince somebody to use them because of lack of enterprise quality. And I think it only encourages this kind of behavior in the long run.

I would also like to apologize to Dracony for putting him through this, and not coming out earlier. I really did not expect this. And sorry to everyone here for having wasted your time on this.

Andrej Vynogradov

Andrew Carter

unread,
May 11, 2016, 5:17:18 AM5/11/16
to PHP Framework Interoperability Group, ball...@mail.ru
Hello "Andrej Vynogradov",


I don’t use reddit so I missed when the whole thing began and then I thought it would die down in a day.

Can I ask when it was that (1) you became aware that the fraud had been exposed and (2) you became aware of this thread in the FIG?

I'm just wondering why it took you so long to appear.

Regards,

Andrew

Андрей Виноградов

unread,
May 11, 2016, 5:33:00 AM5/11/16
to php-fig
I have friends who more closely follow the PHP things, they saw a link to it on HackerNews. Like I said, I thought it would just die down, and this won't be necessary.
After seeing your replies on reddit and here I suspected you'd say something like this, but please stop these attacks. These emails are embarassing for me to write as they are, even without your sarcasm.


Wednesday, May 11, 2016 11:17 AM +02:00 from Andrew Carter <andrewca...@gmail.com>:


Удачи,
Андрей Виноградов
ball...@mail.ru

Andrew Carter

unread,
May 11, 2016, 5:52:04 AM5/11/16
to PHP Framework Interoperability Group, ball...@mail.ru
Hello Андрей,

I'm just trying to verify your claim.

If it turns out that this is all part of Roman's elaborate fraud - then clearly he is bringing deception and scandalous behaviour to the FIG - which is obviously not acceptable.


The primary reason that I don't believe your claim is that you said:

I don’t use reddit so I missed when the whole thing began and then I thought it would die down in a day.

Whoever controls the fraud scripts definitely didn't "miss when the whole thing began" because they triggered the scripts within a couple of hours of the article being published and posted to reddit, as the image linked below shows:

https://res.cloudinary.com/andrewcarteruk/image/upload/v1462959743/phpixie-post-publish_pw9unw.png

It seems like the actual fraudster was almost immediately aware of the exposure and then attempted to smooth out the download pattern slightly to make it look more genuine.

Regards,

Andrew

Андрей Виноградов

unread,
May 11, 2016, 6:08:11 AM5/11/16
to php-fig
Well, like I said, I'm not the only one having access to these. Maybe one of the other devs seen it and decided to stop the cron, but fired it again instead, and then didn't admit to it.
Although I would not be surprised if somebody after reading your post wrote a similar one (it's like 15 lines of code) to further bump the discussion just for fun.


Удачи,
Андрей Виноградов
ball...@mail.ru

Roman Tsjupa

unread,
May 11, 2016, 6:34:27 AM5/11/16
to PHP FIG

Hi Andrej, I really appreciate you coming out here, especially considering you coukd have just kept quiet without getting exposed. Although it saddens me a bit that the recent spike in downloads was not a result of my efforts.

Also I would like to remind Andrew about post throttling. Your investigations are crossing the personal attack boundary quite frequently, but please dont extend them to other people too. And please dont cause this thread to lock again.

--
You received this message because you are subscribed to a topic in the Google Groups "PHP Framework Interoperability Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/php-fig/cjLBp2weYaA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to php-fig+u...@googlegroups.com.

To post to this group, send email to php...@googlegroups.com.

Андрей Виноградов

unread,
May 11, 2016, 7:23:43 AM5/11/16