PHP-FIG Membership reevaluation

[pedrofr...@gmail.com]

Hello.

I’d like to start a discussion about PHPixie’s membership in this group.

As some of you are probably aware by now, Dracony defrauded numbers by astroturfing and making use of bots to leverage packagist installs, github stars and general usage of his framework.

Before we continue, I’d like to remember some of his history here.

1) Dracony’s first application was denied MOSTLY due to lack of popularity.

“-1 from Laravel for lack of significant user base that would be effected by any FIG standards.”

“Historically, we only admitted projects with a reasonably large userbase = influence. Can you give any (verifiable) usage numbers of PHPixie? The number of stars/forks on GitHub is not convincing.” (Bernard Schussek)

“I agree with Bernhard that the userbase and influence of PHPixie is limited.” (Doctrine)

“Agree with Taylor, there is a definite lack of user-base, and this has been used to bounce small projects in the past.” (phil sturgeon)

(and many others)

2) Dracony has since been caught with fake accounts on Reddit, astroturfing PHPixie. Here’s some evidence: https://gist.github.com/AndrewCarterUK/96bf6fae02ef8b93f93b. He was banned for a few days, his alt accounts were permabanned.

3) Dracony has been caught benefitting from bots starring his github repository: Proof: https://twitter.com/dracony_gimp/status/727790568420585472 (backup to Andrew's reply: https://twitter.com/AndrewCarterUK/status/728335760001241088, in case he deletes). Github detected the bot usage and removed said stars.

4) And now, Andrew Carter has released a study in which he estimates (with enough reasonable evidence) that 95% of packagist installs are fradulent: http://andrewcarteruk.github.io/programming/2016/05/09/phpixie-fraud.html.

Since this group considers project popularity important to a member’s application and that such member has defrauded such statistics, his admission should be voided. If his admission can't be voided, members from this group should consider banning this project from this group for using such unethical tactics.

As additional reasons, unlike most projects here, PHPixie still only has 1 maintainer. The project was also involved in many controversies (such as the previous sexist logo). In my personal opinion, his membership here not only aggregates little to no value, but, as of right now, actually taints this group’s reputation.

Since this group doesn’t have a proper complaint channel, I’ll leave this discussion here. I'm not a member, so I'm not sure if anyone can request a membership reevaluation. If I can't, I'll just leave this as a complaint, and leave to the members to judge and to decided what to do next.

[Dracony]

I made a point of not participating in these witchhunts anymore, but since it made it's way all the way here, I'll post once more from the start.

e

1) PHPixie joined the group in September it had just over a hundered daily installs till then, so you cant say it was it's current statistics that got Pixie to be accepted. Even with a hundred installs per day Pixie still had more stars and downloads than some other FIG members at the time. I can't say I am not happy aboout it getting over a 1000 installs per day now, but I just checked the packagist graph and it does seem like there was a spike a few month ago ( again way later than wehn I joined the group). Now obviously I can't tell if some of those are made by bots, CI systems or whatever, I honestly just liked seeing the number increasing.

2) Bot accounts on github are a given, and they get vbanned by hundreds every day, there's really no telling what they're doing. E.g. right now I checked one of the trending repos on github and behold, already there are bot accounts following it, e.g. https://github.com/larryheathcote. Github has so many strict rules about banning them that there is really no point in trying to inflate anything this way. I suspect as soon as you get on to the trending page you get a whoole bunch of them following you, and then they get banned and your numbers get back to normal and you never notice it. 

The only reason Andrew caught and screenshoted them was me tweeting about randlomly getting a lot of github stars on the same day ( I hope you agree this is not a smart thing to do if I wanted to have bots and keep it secret: https://twitter.com/dracony_gimp/status/727790568420585472 )

3) The whole fake accounts on reddit thing is a separate story, check the thread I guess. Basically 2 people got their account suspended and I got my silenced for 3 days (all because Andrew posted in on the mod subreddit). And even then they got suspended for "vote manipulation", bit for being socpuppets. Usually when I post smth on reddit I ask people in the Pixie chat to upvote it. I gurss this counted as vote manipulation (although 2 votes is literally nothing). Btw I kind f gace up posting stuff on reddit about pixie since then.

Ressurecting the sexist logo thing is really scraping the bottom of the barrel tbh.

The bottomline is I'm really surprised at all the pitchforks, really. Even before I joined FIG I was posting here frequently and actually consider myself a quite active member. But nobody seems to appreciate any of it, just because there's some graph spiking at 2 am =(

[Michael Cullum]

Hi Pedro,

Thanks for posting this topic. Andrew came to the secretaries a couple of days ago with details of his study and we had been looking into it since then to then bring the issue to the attention of the FIG membership for you to decide if any course of action should be taken.

To clarify the position of the bylaws on any expulsion of member projects, this the membership bylaw states the following:

• If, in the judgement of PHP-FIG, a Voting Representative is acting inappropriately and to the detriment of PHP-FIG's ability to meet its objectives, a vote may be taken to request a replacement Voting Representative in accordance with the Voting Protocol bylaw or to expel the Member Project where replacing a Voting Representative is not possible. 
• ...
  
• A Member Project may also be expelled if their Voting Representative is subject to a replacement request from PHP-FIG but a suitable replacement is not available.
  
• The expulsion of a Member Project requires a vote in accordance with the Voting Protocol bylaw.

And as pointed out by the OP, any such vote would need to be instigated by a voting member however it would be highly recommended to have a discussion period beforehand, although this is not required by the bylaws. If a voting member wishes to start this vote, we'd kindly request they consult the secretaries first, although this is of course not necessary, so we can ensure that it's carried out fairly and without bias.

We would also add that project activity and popularity are not a set criteria for FIG membership (although the unwritten rule appears to be that projects should have known deployments, worked on by more than one person and not be aspirational), each member may vote as they wish and are not bound by any rules on who to admit. What is being discussed here is not necessarily whether or not PHPixie is popular enough to be a FIG member, but whether Dracony/PHPixie misled the FIG before his membership vote and whether he has acted detrimentally to the FIG's objectives, has brought the FIG into disrepute or if he has acted inappropriately.

Finally, this discussion is obviously going to be quite personal for some involved but as a gentle reminder, could we try and keep a sense of decorum and civility to discuss the facts. The wider PHP community and the communities of the member projects you represent don't want to see the FIG squabbling like children. If this discussion does descend into personal insults, name calling and flaming (as has happened regarding this particular matter on other mediums) then we will lock the discussion topic and have to just immediately trigger a vote, which isn't fair on those involved and want to explain their viewpoints or defend themselves.

Many thanks,

The Secretaries

[Dracony]

Btw, after I posted the above post, another spammy acount starred the same repo: https://github.com/ajhendrix25

So I hope you see my point =\

On Monday, May 9, 2016 at 7:36:43 PM UTC+2, pedrofr...@gmail.com wrote:

[Andrew Carter]

Corrections/adjustments time.

Regarding (1), Dracony is correct that nobody can prove that it was him that did it. However, what can be known (as a fact) is that CI systems were not responsible and that this was the result of intentionally fraudulent behaviour by someone.

Regarding (2), the 40 or so accounts were all liking only PHPixie's active components. I reported this to the secretaries at the time and they will be able to confirm this. Here are the archives:
- http://web.archive.org/web/20160505151735/https://github.com/PHPixie/Project/stargazers
- http://web.archive.org/web/20160505151948/https://github.com/khalilschimmel

Regarding (3), I reported one account to the reddit admins and the next morning two other accounts that I suspected (but didn't report) were also banned. The ban was not issued by reddit moderators (they can't do that) but site level reddit administrators after an investigation. They also weren't banned for the sock-puppet action (where he was talking to himself but pretending to be different users of his framework), they were banned for vote manipulation.

Interpret all of that as you wish.

[Korvin Szanto]

Hi All,

In my humble opinion, this is a (arguably justified) witch hunt. In the same way it was ridiculous for people to bring up the going-ons in the php mailing list here, I think it's equally frivolous to try to bring up actions elsewhere unrelated to the PHP-FIG to get a current member expelled. While Roman may be controversial, he is rather active compared to the majority of current FIG members who have better stats and he seems to care deeply about the FIG and about writing quality code.

That is not to say that these issues aren't very bad, using bots or fake accounts to manipulate community feedback has no place in an ethical project lead by people who care about community. Roman, I hope that you think hard about these things you claim to not have done and think hard about what this kind of manipulation does to the ecosystem as a whole. 

I personally plan to continue my boycott of phpixie components, but I just don't think that this issue is something we should deal with by expelling the project. Especially when that project is active in the mailing list. We should certainly screen for this kind of behavior when we are accepting new members, but I'm not sure that I agree that this is a good reason to expel a project.

Just my 2c, thank you for bringing up the issue and thanks to Andrew Carter for doing the research. I know that with this information we as a group come to a conclusion that is right for us, at this time I just feel like this is an unneeded distraction from more pressing issues.

Best wishes,

Korvin

--
You received this message because you are subscribed to the Google Groups "PHP Framework Interoperability Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to php-fig+u...@googlegroups.com.
To post to this group, send email to php...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/6c53d8b1-c3e4-412a-8bdb-3c4d1bf47079%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Dracony]

The account I just linked to (https://github.com/larryheathcote) is also following only one trending repo. I suspect the repo itself is irrelevant, they just follow whatever is trending at the moment, because it's easier to randomize then and seem more legit. If you didnt see my tweet these account would disappear without notice and nobody would know. 

[pedrofr...@gmail.com]

Hey, Michael. Thanks for taking the time to reply.

Just as a brief addition (I know folks here don't like many replies from the same person), I'd like to note that the policy you sent me refers merely to member expulsion, not to the voiding of a fraudulent act. Many laws (and common sense in general) just void (without the need for following a rescision protocol) acts that were conceived through fradulent/erroneous means.

Also, Draconys says he only had a little over a hundred installs per day at the time of his admission. This is not entirely true. This is his exact phrase, in his application: "PHPixie userbase has grown significantly, especially in the Eastern Europe, it scored high(#6) on Sitepoint's framework survey, and since the new release has been getting ~500 daily installs, althout it has not even been tagged stable yet.".

Andrew's study shows that even today, he gets (through non-fraudulent means) about 5 installs a day, which wouldn't make PHPixie not nearly as relevant as it needed to be to get approved here.

Dracony's defense is pretty straightforward and its rebuttal should be obvious. Also, even in the unlikely event of him not being the perpetrator of these unethical practices, he was directly benefited from them and his admission here should be voided anyway, for the act was would have been as misconcepted, even in good faith. 

Even though I'm not a voting member, I figured I'd post this here and bring the issue to everyone's attention.

[Jeremy Lindblom]

UNSUBSCRIBE

--
Jeremy Lindblom (@jeremeamia)
Software/Platform Engineer at Engrade (part of McGraw-Hill Education)

Co-organizer of the Arizona PHP User Group (@azphp)

Co-founder of the Pacific Northwest PHP Conference (@PNWPHP)

--

You received this message because you are subscribed to the Google Groups "PHP Framework Interoperability Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to php-fig+u...@googlegroups.com.
To post to this group, send email to php...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/a506e29e-3838-4719-aef1-a5ace1d0c390%40googlegroups.com.

[Kayla Daniels]

Pedro,

Thanks for opening this thread here.

I feel this incident is bringing the FIG into disrepute which I feel definitely hampers our ability to meet our objectives.

As a voting member I am deeply bothered by this.

I'm open to discussion about the topic and this thread serves well for that but I would like to see a vote regarding it in the very near future. I'm more than happy to be the person that calls for said vote.

Kayla

[Dracony]

The thing is, if you just wrote the facts as they were, the response wouldn't be so dramatic. Asking in my chatroom for people to upvote my posts may count as an amazing 2 vote "vote manipulation" but you always refer to it as sockpuppeting. When you linked to Github accounts you never mentioned that you found them by me tweeting about it (which is not very sneaky, especially with obviously fake accounts with no avatars), not that they were deleted so soon that they wouldnt get noticed otherwise. When speaking about packagist you never mentioned that the spike only began recently and implied there was some botting involved when I was voted into FIG (and I had only a 100 installs per day then).

In fact I believe if you would scrutinize other projects with such diligence you'd get others accused too. Accounts get suspended on reddit for voting etc. on regular basis, but nobody notices that until somebody likes you turns it into a separate topic and spices up the narative.

[Dracony]

As for the whole Eastern European thing, here are PHPixie articles on the site similar to Techcrunch in Russia: https://habrahabr.ru/search/?q=phpixie

Note the amount of views and stars under each post. Also unlike sites like reddit to vote their you actually have to get by invite, so no vote manipulation is possible.

[Korvin Szanto]

On Mon, May 9, 2016 at 11:53 AM Dracony <draco...@gmail.com> wrote:

The thing is, if you just wrote the facts as they were, the response wouldn't be so dramatic. Asking in my chatroom for people to upvote my posts may count as an amazing 2 vote "vote manipulation" but you always refer to it as sockpuppeting. When you linked to Github accounts you never mentioned that you found them by me tweeting about it (which is not very sneaky, especially with obviously fake accounts with no avatars), not that they were deleted so soon that they wouldnt get noticed otherwise. When speaking about packagist you never mentioned that the spike only began recently and implied there was some botting involved when I was voted into FIG (and I had only a 100 installs per day then).

In fact I believe if you would scrutinize other projects with such diligence you'd get others accused too. Accounts get suspended on reddit for voting etc. on regular basis, but nobody notices that until somebody likes you turns it into a separate topic and spices up the narative.

I reject the idea that this is somehow normal. Asking for upvotes on reddit is and always has been listed as something that is against the rules https://www.reddit.com/help/contentpolicy I personally make sure to read the rules before I post in a community.

I challenge you to find this kind of fraudulent activity with other projects, I guarantee you will not find concrete5 purchasing downloads or asking for upvotes because we believe that our community voice can speak for itself. Censorship or manipulation has no place in a open source project and the idea that this is somehow commonplace is laughable.

I'm glad to come to your defense on the idea that this is not a strong enough offense to expel you, but I am absolutely not okay with the suggestion that manipulating statistics is somehow normal and okay.

Thanks,

Korvin

--

You received this message because you are subscribed to the Google Groups "PHP Framework Interoperability Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to php-fig+u...@googlegroups.com.
To post to this group, send email to php...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/26532132-4c6c-46e3-b6bf-74e1f12e4bc3%40googlegroups.com.

[Dracony]

Ok, where does the "purchasing downloads" come from, Korvin? I don't find anything unethical about posting into a pixie chat: "I wrote a new blog post, can you upvote it on reddit plz?", because I'm already talking to people that like my project who would upvotw it themselves if they saw it online. All I'm doing is brining to their attention that I posted it, really. 

This is very different to buying upvotes from an external service ot something. And can I stress that the amount of votes we're talking about here is 2(two) which is literally nothing, so please, can we remove it as a discussion point entirely? The most random things posted on /r/php get more than that

[Korvin Szanto]

"Purchasing downloads" comes from the evidence posted in this thread. Reddit's algorithm is notoriously tuned to prefer posts that get a few upvotes really soon after posting over posts that gradually get upvotes over time. This is shown by /u/unidan who was a great content contributor to reddit, but he used the method you seem to have no issues with to manipulate his own posts ranking in the otherwise fair ranking system reddit uses. For that, he was permanently banned and is now used as an example for why "Just manipulating a couple of votes" is more harmful than you seem to want to portray it.

As you continue to try to justify this, I'm leaning more toward a +1 vote for expulsion, if I were you I'd figure out exactly what I did wrong and I'd do some deep introspection and apologize. 

Best wishes,

Korvin

To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/7df52a61-e6db-4cb0-bf7b-dfba72a7c48b%40googlegroups.com.

[Korvin Szanto]

Forgot the source for my /u/unidan stuff: https://en.wikipedia.org/wiki/Unidan

[Roman Tsjupa]

What evidence? At most you can say that maybe somebody somewhere is running bots that spike at 2 am, who knows if it's only done for Pixie actually or why its happening. When you say "purchasing" you explicitly link it to be my doing or me having any influence over it. That''s just to many assumtions for one thing. I mean, what if this happened to your project? 

You received this message because you are subscribed to a topic in the Google Groups "PHP Framework Interoperability Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/php-fig/cjLBp2weYaA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to php-fig+u...@googlegroups.com.

To post to this group, send email to php...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/CANeXGWX%3D5%3DXdmWpJMdsws-uc%2B5_vjLUSxNmKvoO2v1JgZHJ8Kg%40mail.gmail.com.

[Korvin Szanto]

Roman,

If this happened to my projects and someone pointed it out, I'd immediately post publicly denouncing the use of that kind of manipulation and I'd do everything in my power to stop it. I would NOT go on public forums and try to justify it or play it off as no big deal.

Anyway I've said waaaay more than my peace in here, I'm not going to be responding to this thread anymore unless needed.

Thanks,

Korvin

To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/CANamvv2QsS8neYO-CfsuF7Qy1sJ5J%2BvwTw_PkzmgKcHqdNPjgA%40mail.gmail.com.

[Dracony]

Unidan's tale has really nothing to dow with me, remeber that only 2(two) users had been suspended for upvoting my posts, this is not close to Unidan scale. Nobody would ever talk about it if it wasn't for the withchunt post. Please stop this 2 people thing.

To unsubscribe from this group and stop receiving emails from it, send an email to php-fig+unsubscribe@googlegroups.com.

To post to this group, send email to php...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/7df52a61-e6db-4cb0-bf7b-dfba72a7c48b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to a topic in the Google Groups "PHP Framework Interoperability Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/php-fig/cjLBp2weYaA/unsubscribe.

To unsubscribe from this group and all its topics, send an email to php-fig+unsubscribe@googlegroups.com.

To post to this group, send email to php...@googlegroups.com.

[Dracony]

@Korvin I did exactly what you sai you would:

"I'd immediately post publicly denouncing the use of that kind of manipulation" - posted on same thread, but you wont see that comment since it got over -20 downvotes

"I'd do everything in my power to stop it" - well, I did, although everything in my power = nothing, since what can I do?

"I would NOT go on public forums and try to justify it or play it off as no big deal." - literally not what I did. I was just really frustrated that instead of telling me on twitter, or even posting a graph on reddit, Andrew built an entire polarized article about it and immediately started advocating me getting banned from FIG.

[Pedro Cordeiro]

Roman, you had motive. You had already been denied participation in this group due to lack of popularity.

Also, I think this discussion is getting sidetracked. It doesn't really matter if you did it or not. If you did it, your admission was approved over fraudulent data. If you did NOT, your admission was approved over wrong data anyway. PHPixie doesn't have the popularity it claims to have, nor did it have said popularity (500 daily installs) at the time of your approval. The admission should be VOIDED even if you're just the victim you claim to be.

What you call a witchhunt is actually just the community responding to the (very) unethical things that PHPixie benefited from (I'll refrain to say that YOU did it specifically, even though I personally believe you did, because you're the only maintainer and the only one to benefit directly from all of this).

I too won't post here anymore. I think everything that had to be said was already said. Even if the other members don't feel like this is enough reason to void PHPixie's admission (or to expel PHPixie - please notice the semantic difference), I think I did my part in raising the debate.

Thank you for everyone's time and I'm sorry to bring non-technical-related drama to everyone's lives. I just felt like this could matter at some level for some people. After all, PHP-FIG doesn't have a strict acceptance policy for no reason.

Kayla, I'm glad you're willing to conduct the vote. I'll be following it closely.

- Pedro.

To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/7df52a61-e6db-4cb0-bf7b-dfba72a7c48b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to a topic in the Google Groups "PHP Framework Interoperability Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/php-fig/cjLBp2weYaA/unsubscribe.

To unsubscribe from this group and all its topics, send an email to php-fig+u...@googlegroups.com.

To post to this group, send email to php...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/CANeXGWX%3D5%3DXdmWpJMdsws-uc%2B5_vjLUSxNmKvoO2v1JgZHJ8Kg%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to a topic in the Google Groups "PHP Framework Interoperability Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/php-fig/cjLBp2weYaA/unsubscribe.

To unsubscribe from this group and all its topics, send an email to php-fig+u...@googlegroups.com.

To post to this group, send email to php...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/c315128e-573f-4aa7-ba13-63ee6e94b0f5%40googlegroups.com.

[Dracony]

Again, my admission happened way before this spike occured. Check the current 400 stars I have on github and see if you can spot any bots, I actually dare you. Also check the links to the Russian tech site I linked above you'll notice I get huge amounts of traffic from there, e.g. my Pixie 3 tutorial (https://habrahabr.ru/post/263551/) got over 16k views and 115 bokmarks, and that's just one of them.

[Pedro Cordeiro]

Roman, now you are just blatantly lying. That stat about ~500 daily installs was what YOU said in your application to FIG. Thankfully, there is an archive and people can see for themselves: http://i.imgur.com/SjE7aLk.png.

PHPixie has never had 500 daily legitimate installs. Today, it only has ~5 daily installs, that could be attributed to manual (or automatic) tests. There is not a single popular project out there done using PHPixie. 

By all metrics, it looks like you're the only PHPixie user, besides being the only PHPixie active developer. There is no point in having PHPixie as a member of FIG, and there are many reasons why PHPixie should not be a member of FIG - PHPixie is suspicious at best, straight fradulent at worst.

Sorry for repeating myself. Justed wanted to point out more inconsistencies.

- Pedro.

To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/784a0e44-add5-4990-bed3-b388b79987ff%40googlegroups.com.

[Kinn Julião]

Hey guys... there's always a good side for a "story" like this...
Now my faith in humanity has been restored since "only bots" are using pixie... no offences people, it's only Monday.

To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/784a0e44-add5-4990-bed3-b388b79987ff%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

--

Kinn Coelho Julião

Toronto - ON/Canada

[Dracony]

Pedro, just so you know packagist doesn't update graphs in real time, check out yesterday to see the installs today. When I said about 500 installs I said I also counted downloads from the 'download as zip' functionality of the old site, which was used way more often than the create-project method. The rest of your argument is just plain stupid, just search github (https://github.com/search?q=phpixie&type=Code&utf8=%E2%9C%93) to see the usage, also join our chat if you like. Also as I already said I challenge you to find bots among my 400 github stars