… is it though?
1 Like
How do we verify all the dependencies pulled in by them and by HA ? And the dependencies of said dependencies ? How do we verify the Python environment itself and pip ? How do we verify the Docker framework, buildroot (on which HAOS is based) and the thousands of dependencies all that is built upon ?
Open source is a house of cards built on trust. If the chain of trust is broken, then everything falls apart.
3 Likes
It’s because this is an abuse of trust.We trust this code to run our homes. It’s not about “the dev spend so many hours, he can do what he wants”. I don’t use the plugin, but I can certainly appreciate the work. But the work doesn’t grant a permission to intrude on peoples homes with unwanted pranks. This was a bad joke that converted all his fine work into a trojan horse.
2 Likes
That’s exactly what this is though. The trust was broken.
1 Like
Just get over it my friend, and all your friends above and below you.
Lesson learned by all.
At least he has had the balls to apologize for his actions on many, many, many occasions; and IS remorseful for his actions 
There are many like yourself who should maybe do the same 
There are probably more consequences from all of this in the background for him that we haven’t heard about yet.
If I were YOU , I would just delete ALL of his cards from YOUR system just to be sure and after all that; in your free time could you kindly share hundreds of hours developing something please ?
Or better still; leave all your automation to others … Not sure …
4 Likes
The dev who did this “joke”should be banned from contributing further. This is inexcusable gross violation of the trust and access granted to the dev by users of HA. I did not consent to allow you to use my home automation system as the ass end of your “joke.”
I’ve recommend HA to a number of people, some that are not that tech savvy. Most who want something that isn’t “spying” on them. How do you think it makes them feel when a stunt like this is made?
A few months back, an-add on got pulled because the dev forgot to disclose that the add-on “phoned home” anonymous data. If that’s an offense then this is certainly one. The dev hacked users HA systems and used them in an unauthorized manner.
The HA team needs to ban the dev immediately and permanently.
A crooked front-end. On the 1st of April. Chill.
3 Likes
I’m note that the dev’s actions in this case could very likely be considered criminal.
Hey. This was a custom object. The dev allowed you to use it. You decided to use it in addition to HA. If you don’t want to use it, remove it. But don’t blame the dev or HA for this.
At least my HA would be <20% so beautiful and useful without the great work from Thomas with all hist custom extentions.
3 Likes
Your Government and Social media platforms have/are doing worse by you than some wonky home automation card ever will 
How so ? I’m intrigued; could you kindly share which country/law you’re referring to, and an example of a criminal case my friend ?
2 Likes
Then you’ve clearly never read an open source license.
Trust in the open source model comes from exactly that, the source is open, YOU can view the source. Everyone can view the source. Someone did actually find this Easter egg in the source and commented on it several months ago. If it were something malicious, it would have no doubt been flagged to the community, by the community.
There was no breach of trust, there is no deeper implication to this.
2 Likes
Don’t apologise!
It had all good intentions and guess what…
- Nobody died.
- We learnt something new!
- Back to normal
- “Eastereggs” should be more frequent
Keep it up guys
5 Likes
Jesus dude, chill a little. He didn’t hack anything or intruded into your privacy or whatever. It was one line of code that rotated your cards a few degrees to make your dashboard look wonky for a day. There’s worse things happening in the world right now…
He fully realizes it was a bad idea, apologized multiple times and presented a quick fix. It wasn’t done in bad faith and humans make mistakes. Give him a break.
3 Likes
No. It is not.
I was wrong.
3 Likes
So, let’s all take a deep breath here. @thomasloven made a mistake and has apologised. Home Assistant is a hobby project that he has greatly contributed to. To seek to vilify him for this is wrong and totally out of proportion to the inconvenience he caused.
3 Likes
Unauthorized access and use of a “computer system” are listed as offenses in various statutes. No one authorized this guy to use their systems as a platform for his “joke.”
Oh, it’s just a slight rotation of cards (and crashing of you system as many reported) today but jokes like this tend to be an arms race. So next year this guy, or a copy cat, decides to make your system completely inaccessible, of flash your lights randomly, or turn off your heat in the middle of the night. Haaaa, sooo funny.
No license saves you from civil or criminal suits, at least not in the US. You cannot sign your right to sue away.
This wasn’t a breach of trust? Tell that to the systems this guy crashed. Tell that to the next person who is the victim of this guys next “joke” that necessarily has to be escalated.
This guy needs to be banned. Full stop.
I’ll copy this post into this thread too:
Just for clarity and for the people who feel they missed out.
Here’s what I meant to happen:
Wonky crooked cards. Harmless fun for the entire family.
Up to three degrees of randomly applied rotation, meaning on a 4K screen with a card in panel mode stretched as far as it could go, a control could move up to 104 pixels (about one inch) out of place vertically. But that’s an extreme case.
What I did not anticipate:
The effect stacks in the automations page when many ha-card elements are used in parallell.
Also, apparently the rotation can cause bad performance on some devices.
What I absolutely did not anticipate:
Common browser behavior means applying a transform to an element makes it throw the render stacking rules to the wind, making context and dropdown menus unusable.
I learned a lot from this one… maybe it can be useful in more constructive ways…
I understand people being really upset about the last two things, and ask you to consider that bugs. It really was not my intent in any way.
Part of the problem is that card-mod has grown more powerful since I came up with the idea. I should have done more testing along the way.
11 Likes