"This is How Codes of Conduct Actually Work. You Get Banned Without Anyone Making a Formal Complaint and There’s Nowhere to Even Turn to."
Reprinted with permission from Ryan Farmer.
GNOME Patches One Click Remote Code Execution Vulnerability in Tracker Indexer.
GNOME has a component called Tracker. It’s basically a search indexer. These are nothing new. Many operating systems and desktop environments have had them over the years.
You might remember the “Indexing Service” in Windows XP and how it would cause your hard disk drive to grind and thrash, and it didn’t even make searches that much faster.
GNOME’s Tracker Indexer is pretty awful too. In fact, when I had GNOME, I turned it off.
Every once in a while, for me at least, on Fedora, it would find a file that it didn’t like, crash, and put a core dump in my systemd journal.
Rather than report a bug that would probably never be fixed and would just get me some fresh abuse by GNOME/Red Hat/IBM assholes, I just removed tracker somehow. I can’t remember how I did it now. Maybe I just disabled it.
Most of the time it would index .opus music files okay, but then it would find one it crashed on. Anyway, it solves the problem on my end to just turn the thing that’s totally useless and full of bugs and lulz off, right?
When you use GNOME and Fedora, you quickly find that you’re pissing into the wind if you even try to report a bug. Then you don’t bother to. Then when something breaks, you just deploy a kludge that works for you.
Well, this time, someone found a way to get it to run arbitrary code by tricking the user into dropping a .cue file into their home directory. Whoops.
Here’s a link directly to the blog post, archived by Archive Today to avoid a link to Microsoft GitHub.
GNOME is so bad in so many ways (code, user interface, people maintaining it) that it makes me embarrassed that I even have to qualify “Use Linux, but you should probably avoid GNOME unless you like a lot of weirdness and bugs.”
Most people have gotten rid of rotational storage years ago. What is, even, the point of something like Tracker and all of the potential attack code, on SSDs?
“Soon you will all see things that are more terrible than you could possibly imagine! Well, maybe not THAT terrible, but still pretty bad.”
Since more and more GNOME code is getting pretty bad, and since less and less people have any inclination or qualifications to fix it, and their usual answer to problems they don’t know how to fix is just deleting the entire feature (very soon to include the entire X11 session), I gave up on GNOME completely around the same time as the Walter Francis/Khaytsus incident on IRC.
Since I had to nuke Fedora anyway to get away from these people, and the fact that IBM is dropping packages and disinvesting from the desktop environment, and has become an Enemy of Free Software (promoting Microsoft Office, as well as the separate issue of hiding GPL-licensed source code in their Red Hat Enterprise Linux product), I ended up, ultimately, on Debian 12 with KDE.
I just had the 12.2 updates roll in with no drama.
I recently got an update after several months of nothing on the Code of Conduct violation for Mr. Francis.
jflory7 added a new comment to an issue you are following:
“Hi @baronhk, the Fedora Code of Conduct Committee reviewed this report and agreed this behavior is not acceptable under the Fedora Code of Conduct. The person was issued a warning. Any further violations will result in escalated consequence.Thanks for bringing this to our attention. If this person continues this behavior, please open a new Code of Conduct ticket and bring it to our attention.
-From the E-Mail Update
Well, that’s nice. They wait until things die down and tell me that Walter violated the CoC and will not be punished.
Meanwhile, nobody ever ruled that I was the reason that happened, and I still can’t participate in the alleged Fedora Community.
This is how Codes of Conduct actually work. You get banned without anyone making a formal complaint and there’s nowhere to even turn to. Someone makes a formal complaint about someone important and they’ll “talk to him” several months later.
It’s still important to call them out. Theoretically if he keeps openly trolling people, they’ll eventually do something about him. If anyone deserves to get Kevin Kofler’d (who got banned from Fedora’s KDE sig by people who use Macs and Windows), it’s Walter. █