Hacker News new | past | comments | ask | show | jobs | submit login
Deleting the golang subreddit (groups.google.com)
358 points by sacado2 on Nov 25, 2016 | hide | past | web | favorite | 367 comments

This is asinine and it going through would seriously harm how mature I assumed the community around Golang was (actually reading through those posts already did, but either way I guess I'm just one person right?).

The CEO edited a comment and admitted he edited it, and it was stupid, and he shouldn't have done it.

I'm 100% sure there is a way for someone at any given platform they'd choose to replace it with to access a DB of posts and edit it without triggering any sort of edit marker.

I'm also sure if that process exists a CEO is someone who could probably make it happen, and in fact in some (most?) places someone lower in the chain of command can probably make it happen.

Spez's actions harm himself more than users of the site. By confirming what any technically minded person probably already knew (you can edit raw data backing something like a post), he gave the masses a new source of drama any time something they don't like appears on the site.

The sensible amongst us should be above childish drama like this.

What is there on /r/Golang that they expect to see edited?

If their qualm is political instead of practical then the users themselves should leave Reddit, and not burn down the entire village on their way out.

I'm not so sure dismissing this as "childish drama" is smart. Sure, it's technically possible, but technical possibility does not mean it should be used, especially in this sort of way.

I don't think it's a bad idea to disassociate yourself from a company who's behaving in a way you don't want to condone.

It may not be smart, but it definitely is not stupid as you might have insinuated.

Individuals deciding to exit because they disagree with company policy (editing content and apologizing) is one thing, forcing others, who don't care about stupid internet drama and conspiracy theories, to do the same is entirely something else. (that something else is borderline despotic)

Again "stupid internet drama and conspiracy theories" this is not.

An admin abused their power. It's ripe for abuse and they've proven they're willing to abuse it and not mature enough to treat that power respectfully. I have a hard time respecting a company with someone like that as CEO. No conspiracy, no politics, just what happened.

I would argue that a moderator shutting down a community of 25,000 individuals because of their own personal opinions is just as much if not the greater abuse of power.

This is emblematic of what's wrong with so many subreddits and so much of the social web that comes in the form of "forums" -- it seems like we have entire generations of users who have associated the totalitarian nature of forums with things being "advanced" on the internet.

Social media isn't mostly about free thought, free speech, and free inquiry anymore. Nowadays, it's mostly about the rapid dissemination of conformity. Woe betide you if you actually have a nuanced opinion that doesn't fit neatly with either side of an issue. Your fellow posters/commenters will reject their pattern-match and call you a liar and 5th columnist for the other side.

Technology came and killed the impulse towards freedom. It taught people through repeated iteration that conformity to the mob was the highest good. It taught smart people that wrangling their way into positions of centralized power to exercise authoritarian rule was the insider move. It taught everyone that suppression of anything that you didn't like was the winning move. It was called the internet.

Thanks for this, I have noticed that in the online communities where I hang out, it is nice to have the words of what has been annoying me. Thanks so much.

Well, now that we've identified the problem, what can we do about it? Right now, large swathes of the internet are ruled by bullying stupids. What's more, that old saw about how you shouldn't argue with an idiot, because passerby just see two idiots? -- that's definitely in operation as well.

The one thing that I have done is criticize in a way that makes the person look terrible if they ban you for it. I don't know how well this does for the bigger picture. Sometimes it is quite scary doing this though. My apologies for not replying earlier. I think spreading awareness like you were in your comment is also great, at least for people who have experienced this before, because they say 'oh yeah, that's true'.

This is self righteous, moralising nonsense. You are free to say whatever you want on the internet. Set up a blog or website and go nuts.

You aren't free to dictate the behaviour of companies who don't want content on their site that is objectionable or factually baseless.

Likewise it is just hypocritical and hilarious to complain about conformity just because your opinions don't correspond with theirs. Those people have the right to say and think what they want just like you do.

This is self righteous, moralising nonsense. You are free to say whatever you want on the internet. Set up a blog or website and go nuts.

I'm not so sure you're understanding where I'm coming from. I used to find online a place where I could freely express an opinion without fear of onerous consequences. Back in the old USENET days, there were trolls and heavy-handed moderation and all manner of unpleasantness, but there was also a widespread cultural respect for free speech.

Would you say that undoing net neutrality, then Comcast dropping all packets associated with anything expressing an anti-Comcast opinion is good and savory behavior? Would complaining about that be self righteous, moralizing nonsense?

The idea that people shouldn't engage in physical violence and intimidation could by the same logic be called self righteous, moralizing nonsense. ("FFS, just go and work out, take karate, or buy a gun or something!") Well, of course not. There is tremendous value in an open society where people can depend on the rule of law, driveable roads, electricity, plumbing, etc... Being civilized is literally valued at trillions of dollars in productivity. Likewise, there was tremendous value in open forums where people were free to express themselves and generally agreed to disagree. That's not what we have today. Basically, people bully other people by numbers and social pressure, or through moderation mechanisms. Your idea of "freedom" seems to be like a medieval form of "freedom" where any robber baron can set up a castle and start issuing his own laws and coinage. A truly open society is open globally, and people are free to roam and transact in a relatively relaxed fashion. Now, the morality of today's online world seems to be leaking into the real world, with that kind of deleting "moderation" applied to people's membership in civic organizations. Sorry, but that's petty and non-enlightened. It's like you don't believe the truth will set you free, and it's only pressure, numbers, and mechanisms that will win the day.

"Would you say that undoing net neutrality, then Comcast dropping all packets associated with anything expressing an anti-Comcast opinion is good and savory behavior? Would complaining about that be self righteous, moralizing nonsense?"

That is the perfect analogy for this situation.

Furthermore, I'd say a group of moderators who resort to discussing the future of their subreddit in a democratic and mature fashion; ensuring the integrity of their future, is far from comparable to what the CEO of Reddit has done.

Unfortunately, your verbosity and rhetorics don't make up for "the truth", "civilization", "anti-corporate revolt" or any other intellectual and ethical monopoly you claim to hold on reality. You automatically assume that your correspondents are fools and boiling frogs. If people have left your lengthy claims of net neutrality being broken by the shutdown of a subreddit with individuals who are accused of doxxing alone, that is because they would rather play tetris than tap hundreds of times on their little devices in order to show your opinions the proverbial door on the subject of this matter. And that is, unfortunately for you, the core value of free speech.

"Woe betide you if you actually have a nuanced opinion that doesn't fit neatly with either side of an issue. Your fellow posters/commenters will reject their pattern-match and call you a liar and 5th columnist for the other side"

lol, his comment fits this perfectly.

Exactly. Didn't make it far through that thread, but what is the proposed alternative? It's a bizarre, kneejerk reaction by a few people that ultimately may harm an entire language still in its formative years.

> may harm an entire language still in its formative years.

Who cares? If people don't want to use the language they won't, and if people do, they will. I refuse to feel bad for the language.

Willing to abuse it - that is conspiracy -. How do you know that something done once will repeat? Will google restart google buzz because they did it once? Will everyone jump ship to RoR because they did it before? I am doing everything I can not to create strawmen believe me, but your explanation simply does not cut it.

Because the power is there and it's tempting to use. Restarting Buzz may not have economic sense for Google, but abusing admin-edit powers has obvious value for the abusers and may be hard to catch if the abuser is not an idiot. "Opportunity makes a thief", and all.

But, realistically, the power is there on any site featuring user contributions - Hacker News, Twitter, Slashdot, etc. etc. Humans are fallible; given infinite time, the same thing will happen on those sites too, and probably worse. If you push someone hard enough (I don't know the full story, but I believe the CEO was provoked) they will lash out and do something stupid unless they are incredibly serene or lack any emotion.

If that possibility is too much of a concern, maybe we need to come up with an alternative - like some kind of decentralised, mass-distributed reddit-like. Actually, wasn't that usenet? Is it too late to get that back?

When people get "pushed hard enough" the usual thing is deleting comments and banning users. That's a known and accepted moderation power. Sure it's abused sometimes, but at least it's not lying and wrongly attributing negative comments to people.

Invisibly editing comments is a very unexpected route to take. I doubt you could push most CEOs to that. They would just delete the comment.

That's a known and accepted moderation power. Sure it's abused sometimes...

That you'd say this is an indication of how far the culture online has fallen. What's now taken as an accepted use of moderation power was once considered abusive.

These other sites have demonstrated trustworthiness, as has Reddit up until this.

We all know that site operators can change things, but some of them have enough integrity to be trusted not to.

The power has always been there. The fact that it's taken until now for the CEO to use it suggests that it's not actually ripe for abuse. And the fact that the CEO immediately reverted it, apologized, and is watching the community blow up, serves as even further motivation for not abusing this power again.

>The fact that it's taken until now for the CEO to use it suggests that it's not actually ripe for abuse.

And you know this how, exactly? Because the perpetrator said so?

I find the scenario that this was the first and only time this was done implausible.

Because nobody's even hinted that this has been done before. When someone's comments are edited, that person can see it[1], as can anyone who remembers the comment pre-edit. Add to that the fact that comments that are worth editing (beyond the rather unimportant "fuck u/spez" type of comment) are also presumably highly visible, it would be pretty hard for them to have a history of editing comments without someone having noticed before now.

[1] Modifying Reddit software to let them hide the edit from the comment author would be visible to anyone with source access, meaning it can't be done without the support of all of their developers, and so probably wasn't.

Reddit's website source code is actually open sourced. The backing database is not though.

The anti-spam measures aren't open sourced, which means they could conceivably have other changes that aren't open sourced too.

Then leave. Don't use the site.

How is this a big deal?

If you're not comfortable with a platform then by every means, don't use it.

...but why does what you think mean that everyone should be affected?

Network effect. If only few people leave, each of them has to face a penalty for leaving (in this case not being able to participate in one of Go's main discussion hubs). If the whole community decides to leave (or rather move), there is no such penalty.

This would be selfish, coercive and has 0 chance of working in the real world: I guarantee you there will be /r/golang2 or /r/gogophers within minutes of the the original subreddit being closed.

As mentioned by someone else in the thread: the subreddit was in existence before being taken over by the golang team, it was fine before them, it will be fine after them if they choose to leave.

Because then people don't get to be righteous.

That's the best thing about righteous people. The ease with which they want to control and dictate the opinions and behaviours of other people.

Because the long term damage could be larger than the short term costs.

I do not know if that is the case, that is up to the mods of /r/golang.

The reason he removed the post was because he was being called a paedophile for killing off the pizzagate subreddit.

There is a ton of drama and conspiracy nonsense tied up in this. Frankly /r/the_donald should have been removed as well for the libelous and disgraceful comments.

I largely agree with you, but wanted to add some more context.

The issue is, and has always been, caused by a serious problem in the reddit's admins have in being perceived as being unable to enforce the rules fairly.

From time to time communities that are overall "okay" get deeply invested in an issue and "drama" is spawned. Sometimes rules are broken. When particular subs visibly break rules and the rules are not enforced their opponents feel license to also break rules. Both sides of these disputes could name a dozen or times that the other side broke the rules. They have mountains of evidence of this, and don't trust the admins as a result.

Because of that, and the explicitly political nature of r/the_donald, none of the admins have felt they could enforce those rules. Into that toxic hellbroth of a situation /r/pizzagate repeatedly had dox-drops containing actual child pornography. Visibly breaking like the only true real rules reddit has, the admins took the only option they had, and ware demonized for it.

Largely because all moderator actions had become so politicized, and after reviewing reported content that I suspect may have been genuinely traumatizing to review he made a mistake.

It shouldn't be possible. There is certainly a reason for the ability to edit user posts to exist, but in an age where governments can and do demand details of a users activity, such a permission needs to be tightly controlled and properly audited.

He's the CEO. He has absolutely no need for that level of access to end user accounts, any more than the CEO of a bank needs permission to silently skim money out of customers accounts.

I have no opinion whatsoever in this controversy about the golang sub. But I'd like to call out something in particular about the point you're making:

I see this kind of reductionism to what's "technically possible" a lot around here in regards to security and user trust. Let's go back to meatspace to get a more balanced perspective perhaps. Your mailman can read your mail and steal your packages. Your bank can steal your money. Your waiter can poison you. Your car mechanic can overcharge you.

It's not about what's "technically possible" (though a solution to make it technically impossible would be useful). It's about TRUST in another human being who is in a position of power. Trust is built by having a long record of good behavior and can be destroyed by a single bad action.

> Your mailman can read your mail and steal your packages


If my mailman edited one of my letters he would be instantly fired and hopefully prosecuted.

> Your mailman can read your mail and steal your packages. Your bank can steal your money. Your waiter can poison you. Your car mechanic can overcharge you.

And then they could end up prosecuted and/or loose their jobs, will any of it happen to Reddits CEO?

> Spez's actions harm himself more than users of the site.

I'm not sure. If everyone would say "alright, it was incorrect but we don't want any internet drama", then how exactly would it hurt him? Closing a subreddit seems to me like exactly the kind of thing that could communicate a "not OK".

I think it's especially necessary as the edits had been done in a trump support group subreddit. Even though I don't agree with them at all, I think setting a precident that manipulating discussions are ok if I don't like the political content would be even worse.

Closing /r/golang would only hurt the people who subscribe to /r/golang, which is probably not /u/spez.

If I'm mad at the US president, burning down my house isn't an effective protest and would hurt basically everyone but the president.

Moving your community to another platform which has a better history of respecting their users isn't metaphorically similar to burning your house down. Its more like immigrating to Canada because Trump won.

If he just left reddit and deleted his account, that's one thing. Shutting down the community and deleting the content is another. But going through steps to make sure that community can never rebuilt itself after it's gone is so far beyond a protest against one person that I can't even believe it's being considered.

Literally, in that Google Groups conversation they said they wanted to delete everything and make it private so no one could ever use it again. That's insane.

There has to be a less destructive way than to simply delete the subreddit, perhaps put up a date that new post will be disallowed and links to other official Forums.

Then when posts are no longer allowed, leave a read only copy up for some time, then leave nothing but the links to other communities.

Why even disallow new posts? What's the point? It's not an official support forum, he shouldn't have the right to shut down a community site and bar people from using it.

Many people not be aware of the issue and the network effect would have those people stay, despite the most talented leaders of the Go community leaving.

It stops being a community it the non-experts are separated from the experts by inaction of the experts.

If someone really likes Reddit that much, let make another go language sub.

> Moving your community to another platform

A) the community does not belong to the golang team, the subreddit originally existed independently of the golang team. B) The community is not a piece of furniture to be moved at will; they have to choose to move.

If they do proceed with this (say they take a vote), the best they can hope for is fragmenting the community between Reddit and Voat or whatever.

If there are 25,000 users in a community, then it's not "your" community.

One act of self-immolation is widely credited with catalyzing the Arab Spring.


I agree, and also yes he admitted it, but isn't that worse?

There weren't any safeguards or anything to catch it on the reddit organisation side. It was only users noticing forcing an admission that means it's even a matter of record.

What kind of safeguards could be put in place that couldn't be disabled or overridden by the admins?

No UI for traceless edits and DB password split in three parts like nuclear launch codes. Then the CEO couldn't do it alone and he would have some time to think things through before others agree to participate in such fishy business, if they do at all.

> No UI for traceless edits and DB password split in three parts like nuclear launch codes.

That works well for nuclear launch codes because the only time you need to combine the split parts to make the full launch code is when you are actually going to launch (and perhaps during scheduled readiness tests). This should be fairly infrequent.

For a database, you'll have processes that frequently need access. For persistent processes, you'll need to have the reconstituted password available at least whenever the persistent processes start. If you architecture has dynamic processes that access the database (e.g., you have something internal working over a REST or CGI or similar interface, that starts upon receiving a request), you need a way to get the password to them.

Most solutions I've seen for supplying the full password in these cases have been fairly easy for someone with admin access to the machine running whatever it is that holds the full password and/or to a machine running one of the processes that needs to full password to get a copy of the password.

That's proposing a technical solution for a social problem, which is usually a bad idea.

The password one is good, but if three admins decided to conspire to change a comment, what then?

Then you have collusion, and this is what we want. This is a very typical control in regulated environments. It makes the action more difficult to execute, and it tends to carry an additional penalty as a separate offense.

This is bigger than trolling. We know people inspect the social network activities of others. This kind of abusive can result in all sorts of bad things. What if and admin didn't like you, edited your history, and then suddenly you lost your job for some fabrication of, e.g., a racist comment?

Use a bot to monitor comments and an SCM like git to detect potentially suspicious differences. Like a comment change that is not marked as user edited. Or a comment change that seems to shift the original meaning significantly.

Would those be managed by the community, or by the admins? If it was official, it seems like the admins could still shut it down, or edit that database to ignore their changes.

I bet that the CEO of Google would have a very difficult time, if even possible, editing individual emails sent or received with gmail, editing YouTube comments, etc.

You are correct.

Look at what happened to Gavin Belson...


His offhand remark about knowing people's interests showed a real lack of judgement as well (even if he was 100% not serious the reaction from the interviewer is telling):


Link to relevant video section: https://youtu.be/uSVqoW1rz6w?t=13m55s

He edited comments invisibly (not showing the usual edit mark), replacing the content with content against the rules of the subreddit. Thus when subreddit mods saw content that was against the rules, they banned the victims' accounts.

> replacing the content with content against the rules of the subreddit. Thus when subreddit mods saw content that was against the rules, they banned the victims' accounts

Got a source for this? From what I've read about what happened (not a whole lot), this seems like it's been passed through multiple rounds of the telephone game.

All solid information I've heard, and seen directly admitted, is that he edited mentions of /u/spez to mentions of /u/<random-moderator-of-the-subreddit> in a single thread in a single subreddit.

Yes, it's against the /r/the_donald rules to insult the /r/the_donald mods. Here's an /r/the_donald mod saying they banned some of the users by mistake after /u/spez edited their comment.


... thank you, I have now changed my opinion of his actions from "morally dubious and dumb" to "morally dubious but absolute genius trolling"

Even more genius would have been to make himself a mod of the_donald, so every time they insulted him they broke the rule anyway...

Insulting the mods is definitely against the rules of the_donald rofl. They take after their ~God Emperor~

> The CEO edited a comment and admitted he edited it

Well, it was an entire page of them, but an interesting thing I found while following a bit of this as it blew up was coming across a user that mentioned a comment that was seemingly also deleted by the admin [1]. It seems the CEO may have been doing more than just editing comments. Not that it changes the view of your post though.

[1] https://www.reddit.com/r/The_Donald/comments/5ekdy9/the_admi...

I would think that deleting a comment would be less controversial than editing a comment. Deleting a comment without needing the moderators involved is a power I would entirely expect an admin to wield.

>The CEO edited a comment and admitted he edited it, and it was stupid, and he shouldn't have done it.

Many comments.

And the possibility of other comments being edited, and him not admitting to those being edited (which I assume is what the golang admin is worried about).

This is where I'd insert a certain GWBj quote about being fooled again...if I was on /.

And what were the changes like? Curious.

People were accusing him of being a pedophile because redit removed a subreddit that was involved in a conspiracy falsley accusing other people of being pedophiles. He changed the attribution of the accusation to be against the people doing the brigading.

Funny. They site says that they don't do that.

Quoting from Reddit Help: Will you remove something defamatory about me or my friend? [0]:

  The best way to deal with incorrect information on the Internet is to post
  the correct information next to it. The reddit community is usually very
  supportive of such a response, and will likely vote to give the correction
  greater prominence than the original post. Redditors love a good
[0] https://reddit.zendesk.com/hc/en-us/articles/204528069-Will-...

That quote heavily suggests that it's talking about a one-off post rather than a foaming-at-the-mouth mob spamming libellous abuse.

In that event, wouldn't it better to pull down the post? Better than edits, no?

Of course, but like I said in another post, human beings are not 100% rational 100% of the time, particularly when suffering from a barrage of abuse.

Sure, but he should resign. Pizzagate is ridiculous, "spez is a pedo accusations" are ridiculous, but a CEO of a massive (user-wise) company silently and childishly editing their comments in a confusing way is also ridiculous.

Witch hunts and brigading are also against their rules.

    The reddit community is usually very
  supportive of such a response
No they're not. They prefer trolling or upvoting whatever sounds cooler.

From what I understand people on The_Donald subreddit were accusing him of being a shill, so he edited his name in those posts to be The_Donald's moderators instead.

If you had guessed stupid political garbage mixed with internet trolling, congratulations you get a cookie.

Actually the people on /r/The_Donald branched off and opened another discussion that led to the Pizzagate (accusing a restraunt owner, Hillary Clinton and others of being pedophiles). And when /u/spez deleted the Pizzagate stuff (people were actually harassing the restruant owner), the mods started abusing and accusing /u/spez of being a pedophile.

And also take note that witch-hunting is prohibited on reddit and can warrant legal action.

Article about the incident including the original comment in which u/spez admitted to what he had done:


He replaced "fuck /u/his user ame/" by "fuck /u/the_donald mod/" in several comments in other poeple comments.

> The CEO edited a comment and admitted he edited it, and it was stupid, and he shouldn't have done it.

The only reason I've heard that this even remotely defensible is because it was against Trump supporters.

I'm sorry, but that doesn't cut it with many of us.[1]

I don't care about political beliefs. He abused his power in such an obvious & egregious way that he should be terminated.

[1] And not that it should matter, I hate Trump as much as the vast majority of Reddit & Hacker News.

I guess it wasn't really against Trump supporters, but against people causing a restaurant owner to be harassed in real life. Happened to be Trump supporters, but to be honest it could have been any other subreddit; wouldn't have been the first time.

> What is there on /r/Golang that they expect to see edited?

This is an insane question to ask. This is as flawed as arguing for mass surveillance because you have nothing to hide now.

The questions should instead be "can we trust our comments to not be edited when management disagrees?". What if future management starts loving python so much they decide to do something malicious to other programming languages? It wouldn't be hard to really hurt Go with the eyes of 25,000 Gophers subscribed.

All sites have this ability but few successful ones have demonstrated a willingness to use it. I fully expect that if Twitter or Facebook were caught doing this we would see an enormous backlash and huge drop in stock price. Then shortly after stockholders would demand the CEO leave.

EDIT - If you must downvote, please comment so we can discuss.

This is some ridiculous assumptions, spez was clearly distressed with being harassed by trumpets, he did an April fool style edit and smart trolling, he did not made subtle edit to change the hive mind.Reddit lives on drama, everybody should calm down.

> What if future management starts loving python so much they decide to do something malicious to other programming languages?

Well, why not figure it out then? Why solve a problem you haven't had yet? That seems to fall squarely under YAGNI.

> Spez's actions harm himself more than users of the site. By confirming what any technically minded person probably already knew (you can edit raw data backing something like a post), he gave the masses a new source of drama any time something they don't like appears on the site.

Vehemently disagree. You can extend the same argument to the NSA conducting effectively unrestricted surveillance on citizens. Those of us who are technically minded knew it was going on years before Snowden showed up. That still doesn't make the action morally correct, nor justifiable in any way.

> Those of us who are technically minded knew it was going on years before Snowden showed up

I seem to recall it being dismissed by the technically minded as possible but largely tinfoil hat conspiracy before Snowden showed up.

If Larry Page or Sundar Pichai edited some of your emails, would you still want to use Gmail?

And before you say that it's "different" because emails are private, let's remember this:


Emails are not private. At least not Gmail/Outlook emails. ProtonMail or PGP email should be safer.

It's not really comparable. He wasn't editing Private Messages between two people, but public discussion (which was calling him a pedophile supporter).

The reddit admins aren't known for making the greatest judgement calls, but that just makes them more human.

The fallout of this will probably be a bunch of nothing. It doesn't affect the 90% of lurkers, nor the rest of the site which doesn't give a shit about US politics. The people who it does affect (/r/The_Donald) will find that they need reddit to attract new users. It's doubtful their community could stand own their own or it would have done so already. It's no secret that they didn't trust the admins before the election.

> It's not really comparable. He wasn't editing Private Messages between two people, but public discussion (which was calling him a pedophile supporter).

Why does it matter what the discussion was about?

>The reddit admins aren't known for making the greatest judgement calls, but that just makes them more human.

I don't get it. Is being 'more human' good or bad? Is 'humanity' somehow a property that emerges from deceit and hypocrisy, or does it emerge from some other portion of this scandal?

>The fallout of this will probably be a bunch of nothing. It doesn't affect the 90% of lurkers, nor the rest of the site which doesn't give a shit about US politics.

agreed that the fallout will be minimal, but I disagree that it only affects US political boards. The reality is that we don't really know the scope of the problem; we have to take the word of parties, that have already been proven dishonest, regarding the depth and scope of their own wrong-doings.

>It's doubtful their community could stand own their own or it would have done so already.

I'm sure reddit was an awesome vehicle for their messages, but the internet is a big place, and there were people/places/forums/groups/zines like this before reddit was around.

> It's no secret that they didn't trust the admins before the election.

and now it's no secret that they were right.

> Why does it matter what the discussion was about?

Because anybody would get pissed off if they were called that for doing their job (stopping a witch hunt). He inadvertently deflected the hatred causing the doxing of a pizza shop to himself.

He should have just ignored it, since you can't really nuke the thread or it'd make things worse, but at the end of the day you'd still feel like shit.

> and now it's no secret that they were right.

Editing user content tends to get caught. Especially in high profile shit like the elections. The editing tools he used were probably spam related (so the spammer wouldn't know).

The "known secret" was that they were trying not to drown /r/all in US politics everyday, which is justifiable.

>The CEO edited a comment and admitted he edited it, and it was stupid, and he shouldn't have done it.

Only incident we know of. It's overwhelmingly likely that they both had tools built for this and had used them before.

And admitted he edited them? Yeah, after he was called out in front of the entire world.

>The sensible amongst us should be above childish drama like this.

Not sure if trying to rationalise massive fuckups by C-level execs like this is "sensible", nor is ignoring the fact that reddit in all likelihood has ready tools (unless you're saying that it's more likely he had direct access to prod db) for stealthily editing user comments.

Who's down-voting this comment? What's controversial in here? If anything, this comment seems way more even-handed than it should be. Are we down-voting for showing self-restraint now?

I try not to worry about HN downvotes on comments less than 12 hours old. (Or really downvotes in general.)

Lots of my comments go several points negative only to be dug back out hours later as the more sporadic, calmer crowd filters through and quietly votes.

Someone has to make a stand. People moving their communities off of reddit is a great thing. That place is a disorganized, broken, low quality cess pool. Let's skip the "B-B-But you have to find the good small subreddits!". Even those are mostly shit and in-jokes. Reddit is a former shell of its past.

>Spez's actions harm himself more than users of the site.

If people like you keep defending him for really no reason. People lose jobs over much less. I think he has got to go.

As an active member of a half dozen "good, small subreddits", there actually are some really great communities on Reddit if you can find them. I don't disagree that much of Reddit is a goddam mess, but there absolutely are some redeeming subs.

I read your post, but still have no idea what you said. It reminds of Eric B at TechCrunch Disrupt interrupting Gavin Belson's interview with the press.

I was the one who proposed deleting /r/golang. It is not some official Go or Google position.

As much as I used to love Reddit and was addicted to it, my personal position is that Reddit is no longer a trustworthy platform (if it ever was).

Editing user content is beyond offensive. I never even considered such a thing in my years of running LiveJournal. That is a major violation of user trust and trust in the platform.

If Github or Gerrit or Google Groups or Google's SMTP servers were modifying our code or mailing list content, we would ditch them in a heartbeat.

We shouldn't demand less from Reddit.

But because I learned that /r/golang existed 7 years ago (before I or other Googlers were even involved with it), I no longer propose deleting it. But I think the Go project should disassociate from it and give it back to the community as an unofficial space, as it used to be.

It's just too unreliable of a platform to be official in any regard.

Now I'm brainstorming how one might build a federated Reddit with public, signed mutation log, ala CT or other chains. And then multiple UIs could render the same public & federated data set.

You have every right to take this position, and if you feel strongly have no obligation to stay. What I cannot understand is the next step of proposing to close the entire subreddit. Don't want to moderate it anymore? Then don't. A subreddit is made up of it's users, not just the moderators.

The background is that we have some official spaces and some unofficial spaces.

I thought our subreddit was an official space that we created. It turns out we didn't create it, so it's not ours to delete.

I'm now proposing we just make it unofficial.

Even if you did create it initially I don't think that deletion would be a good course of action here.

>>It turns out we didn't create it

No shit.


Yes, that's what I learned too. That was before my time.

Did you learn it by scrolling down on the front page and looking at the text below the list of moderators? I sincerely hope you aren't trusted to run a public community ever again if your first reaction is to start an off-site proposal to shut a community down.

Dude, calm down. That's why he didn't just do it without getting input from others.

You can't reasonably expect someone to never have gaps in their knowledge.

> That's why he didn't just do it

Even if he tried he couldn't have done it. :v

Uriel did. Unfortunately we can't ask him about his opinion anymore.

So the only thing holding you back from deleting a subreddit with tons of information, 25.000 subscribed users and what looks like a rather active and healthy discussion isn't that it would be a dick move to both golang in general and the community, but that you're not actually the owner.

Could you get any more childish?

Not attaching your brand to poor service is also part of managing a community.

If AWS started MITMing client HTTP connections and injecting code, would you be surprised people moved their official websites off the platform, even if a lot of people knew the old IP address?

That's not childish, that's not doing business with bad partners, and Im not convinced a space that started as official could ever truly be made "non-official".

What I mean is that the subreddit doesn't belong to bradfitz, or Google, or the golang creators. It has never started as official because the creator was /u/uriel. The Google guys may have joined after, but the fact is that it is not their community. They're not even paying a single dime for it.

If AWS started MITMing my connections, absolutely, I would drop it. But the analogy doesn't hold because /r/golang isn't bradfitz's subreddit.

The proper and only response would be to drop moderatorship, leaving in a thread his reasons, and leaving /r/golang as it is. As it stands, the only thing stopping him from doing that is that the he's not the original owner.

And, you could also argue that when a community reaches a certain size, it doesn't belong to you anymore. It belongs to that community. To delete it is petty and childish.

The reddit CEO played a prank.

Google actively helps China censor dissent.

They do? How? Google was still blocked in China last time I was there afaik.

It was just an overreaction (and a pretty understandable one) because he is so pissed off at Reddit.

...funny, that's basically the same thing Spez said about what he did.

Well, except Spez actually did it. Brad asked for feedback/proposed doing it.

Hey bradfitz, thanks for coming over to HN. I created an alt account just to appeal to you: Please do not delete r/golang. I happen to like the subreddit and the community of people on there. It's great place for me to find news & learn more about the language, and it would be very hard for me (who doesn't happen to be in a physical environment that fosters the discussion of the language) to find a similar community online.

If you happen to dislike reddit, please feel free to step down as moderator and move on. Please do not use this opportunity to grandstand and destroy the community for the rest of us, who do not happen to care about the drama surrounding the CEO (personally, I think it was childish of him, but I would not go to the extent of disrupting the community for others).

Thanks for listening.

The symbolic gesture that the project is disassociating is okay. Deleting the repo is not.

>It's just too unreliable of a platform to be official in any regard.

The /r/golang subreddit is for devs who want answers and who don't want to be held up by the whims of stackoverflow mods. It isn't rocket science and even if we can't trust the answers, why would anyone edit the answers? If you remember, the reddit CEO only edited the usernames, that too, I am sure it was a prank.

If anyone edits the messages which we post on /r/golang, it will lead to the answer being invalid and or something else, the world isn't going to collapse, there won't be congressional hearings just because some dev wasn't able to run gofmt and the answer posted by another random guy on the Internet was changed and can't be "trusted".

We want answers on /r/golang and it isn't much about trust.

Thank you for no longer proposing to delete it.

The question I've had is why didn't reddit SREs stop the DB edits as an attack. Even using valid creds, the queries should've been anomalies and logging should've picked up the unusual access pattern.

There's three possibilities that come to me:

1. The CEO explicitly told reliability/security staff to ignore his edits. Policy fail of epic proportions.

2. The edits were performed using designed tools and queries, which means reddit had before now intended to make silent edits to user data as part of regular business.

3. Reddit lacks the internal safeguards to know if user data was unexpectedly written to. This option is dangerous to hosting code on reddit, because an attacker could silently, maliciously change examples without reddit ever detecting the damage (or users seeing an edit mark).

I expect that we're in case 2, followed by 3 and then 1 (in terms of likelihood), but none of the ways that a large tech company could have this happen are reassuring about P&P at reddit, or make me want to rely on them for hosting a community.

> Reddit SREs

You've been working at Google too long. Reddit has on the order of a few dozen employees, not all of them technical. Welcome to how the rest of the Internet works.

I've never worked at any company with more than 50 employees, and have worked on a team with as few as 5 engineers. Even without an explicit SRE role, someone is doing that work -- keeping the servers (reliably) on the internet and performing, mitigating attacks, etc.

You should be able to tag the row with a dirty flag on second (or later) write using rules internal to the DB without incurring a large performance penalty, if you already have any kind of sanity checking. So at a basic technical level, this is bad design or an intentional capability.

Similarly, even on the team with 5 engineers, our production DB didn't have a way to directly access it, and tunneling through an API box to get network access would trigger an access warning to the appropriate person, because you shouldn't be accessing prod API servers directly either. (Similarly, spinning up a new instance in a security group to inherit permission.)

This isn't detecting advanced exfiltration techniques using information theory... It's basic network topology and server monitoring. And I suspect that reddit has at least a couple ops guys.

This really smacks of intentional capability, followed to lazy design.

Either you are the outlier or I am - I'm honestly not sure. But having consulted with a dozen or so digital agencies over the past year not a single one had the sort of monitoring that you're suggesting. This doesn't mean that it's a bad idea, quite the opposite, but in my experience the reality of a small to medium sized agency is that if a client isn't paying for it than you're not working on it.

It's what I consider the difference between a software developer and a computer-systems engineer to be.

I'm likely the outlier, because my early mentors (college + first couple years of career) were mostly aerospace engineers or chemical processing equipment engineers, where safety is critical. Code can kill in both those fields. (They themselves had adapted a lot of systems and failure mode analysis from mech engineers in the same field.)

I don't think that the mitigations I pointed out require much technical work though -- most of them can be as simple as a single setting, extra program installed during build (and maybe a couple config settings), or a single cloud monitoring rule (eg, detecting launches). They do, however, require adhering to policy, discipline on the part of staff, and analyzing the full scope of your tech (and how it interacts). I guess my point is that these things often aren't done because of ignorance or haste rather than engineering cost (or legitimate need to be done faster).

It's just we have poor standards for what "engineering" is in tech, so we don't cross our 't's and dot our 'i's the way a mechanical engineer is expected to.

But that's no reason not to try and raise the bar.

> Even without an explicit SRE role, someone is doing that work -- keeping the servers (reliably) on the internet and performing, mitigating attacks, etc.

To be honest, not in any of the several places I've worked. And I'm a security engineer. Lean startups are desperately trying to prove their product; time is spent on reliability, performance, and security almost entirely reactively and not proactively.

I'm not saying this is a good thing. Bad security (and reliability) posture early on inflicts multiples of the original mitigation cost for years. And yet, it's rational. Time spent securing systems from your own employees when you're tiny is time you're not building your product and finding your market. It's a perverse game of Russian roulette: there are 99 bullets and one empty chamber. The analogy is going to break down here, but spending time and money removing one bullet (1:98 chance of death) is less effective than adding another empty chamber (2:99 chance of death).

Especially when having direct access to the database is insanely useful to fix the problems that moving fast and breaking things inevitably causes, only a tiny fraction of startups are going to enact the kinds of measures you mention.

I don't disagree with anything you've said, except that I disagree that it's actually a rational choice based on facts, rather than an apparently rational one based on poor information and training -- again, none of the mitigations I pointed out are really expensive.

Let's take prod DB access: Im not saying make it super locked down, Im saying set your DB security group to only be connected to from your API security group, and set an email warning when an instance launches in that group. Doesn't stop your engineers doing it, but it makes it pretty easy to shout across the office "Hey, who is fucking with prod and why?" Takes like 30 seconds to configure on AWS.

There are serious questions about why your CEO can launch that instance though, and that sounds like massive policy failure. Again, restricting the CEO IAM from launching prod instances takes 30 seconds. (And all your non-engineer accounts should be IAM restricted!)

Ignoring that your probabilities don't work out, Id argue that the situation is really remove 5 bullets or add 1 chamber, and people pick the chamber purely because it's constructive, not out of genuine cost-benefit analysis.

"If I had 3 hours to chop a tree, Id sharpen my axe" -- I think startups are too hasty to chop, because that's being productive, right?

> If you remember, the reddit CEO only edited the usernames, that too, I am sure it was a prank.

He edited the mention of a username in a comment and completely changed the meaning of the comment by changing the target.

I'm sure he thought it was a prank, but that shows extremely poor judgement of the CEO of a company that calls itself "the front page of the internet". Just imagine how unacceptable it would be for the Facebook CEO to edit someone's status, or Twitter to edit tweets.

I know, it was terrible. What's more terrible is that he accepted doing that. now _that_ is a lack of judgement. Would the world have noticed that some "fuck you" comments have been changed in /r/TheDonald's subreddit? nopes!

  > Now I'm brainstorming how one might build a federated Reddit
  > with public, signed mutation log, ala CT or other chains.
  > And then multiple UIs could render the same public &
  > federated data set.
~~~~~~~ begin wavy lines flashback ~~~~~~


~~~~~~~ end wavy lines flashback ~~~~~~

I'd make the subreddit unofficial, too but for other reasons. It is a very unwelcoming place. I'm not the first one who's saying this, but it's really a shame how toxic the /r/golang is.

In order to keep this from being swept under the rug, I can say that I highly empathize with you. I will also say that this issue has improved greatly. When I used to hang out in #gonuts it used to be worse.

I blame this on the egos and the expectations of early adopters and contributors. They came from a point of senior systems programmers. As the language grew in popularity, they were unprepared psychologically for dealing with new or junior programmers: the level of questions put forth were things the original crew had learned early in their careers and took for granted.

It is often this way in early languages. We need to always make room for those who are just learning, or are not experienced as those who initially created the language or space. I have seen this improving in the Golang community. The more new people come in, the more it will improve.

>As the language grew in popularity, they were unprepared psychologically for dealing with new or junior programmers: the level of question..

This is so ironic. Go gained popularity fast the same way Python did, because it is easy to use and a relatively simple language.

Is it? There is some hivemind like the rest of the internet, and tech discussion in general (including here), but the value of the people who frequent the sub should definitely override that. It's still much better then stackoverflow etc.

Please show me how we are toxic. As far as I'm concerned, it's not true at all.

I do not know which universe you are living on. /r/golang is one of the best programming communities I have ever seen. golang-nuts is the worst community I have ever seen.

This is double standards of the epic proportions, on the "official" Google group, you have a person call reddit "hive of scum" and what not and that's fine? doesn't the CoC shoved down our throats tell us to respect others? to not be an ass? or does it not apply to the "elites".

let me reiterate again, reddit might be an unwelcoming place, /r/golang is the most welcoming place ever, I posted a query of AJAX, I got two answers within half hour, one with vanilla JS another with jquery, if I had posted to your beloved google group, they'd have pointed me down to some obscure link and asked me to chase my problem on my own and that would have done probably being snarky.

/r/golang is NOT toxic.


my exp with /r/golang https://www.reddit.com/r/golang/comments/5dkobc/sample_webap....












The fact that I do not have a single (+ve) link on go-nuts speaks volumes about which forum is toxic.

Just read this thread which I started on go-nuts


And tell me later which community is helpful.

edit2: formatting.

Your links are all broken.

On Hacker News user submitted content gets silently edited by the admins all the time. (Specifically submission titles.)

Submission titles "belong" to the content, not the submitter, and that has always been the case.

> Editing user content is beyond offensive

Get over yourself. In the grand scheme of things, a guy editing a handful of posts on a public forum is beyond trivial. There are about a billion things going on in the world which are worse.

> Now I'm brainstorming how one might build a federated Reddit with public, signed mutation log, ala CT or other chains. And then multiple UIs could render the same public & federated data set.

Reddit is 100% open source: https://github.com/reddit/reddit

Also the infrastructure which allows Reddit to exist is not. All those scaling issues they've "solved" over the past ten years? Have fun with those if you're trying to copy and paste the repo..

That is necessary but not sufficient. The design is wrong.

No, the voting algorithm is not open sourced.

The only part not open sourced is the spam filters.

Make a federated replacement for Twitter while you're at it!

It would be interesting to figure out how to tackle, well, "voter fraud" in that kind of system. I see lots of people complaining about how Reddit is vulnerable to upvoting brigades but I don't see anyone proposing solutions.

He kinda did... at least the foundation for such a system


You don't need to rebuild reddit. Just add offsite, trusted backups of comments. If you want to be fancy, allow redditors to enable monitoring of their comments with a bot command, and get notifications in their inbox.

Using /r/golang is the community's call, why do they care about federated things? It isn't like we discuss some sensitive information over it that we need to "trust" reddit. Do we really "trust" Google/FB?

it is about convenience. Almost all traffic for my FOSS projects has come from Reddit and because of Reddit, from twitter.

>Now I'm brainstorming how one might build a federated Reddit with public, signed mutation log, ala CT or other chains. And then multiple UIs could render the same public & federated data set.

The tricky thing is that the admin team is still doing things that you want and need out of a reddit alternative. For example, ensuring that child pornography isn't getting shared. The question is how to set things up so that the right content gets removed while ensuring that how we decide what the right content to remove gets isolated from political pressures that want to influence the narrative.

You "just" need (yeah, easier said than done) to ensure that any intervention from an admin is publicly logged. If admin "foo" removes some content from user "bar", it should just be made visible, something like "user foo removed offensive content from user bar" or "that comment was edited by user foo". The problem here with reddit was not the fact that content was edited, it was that content was edited without anyone knowing it.

Agreed with the above, but also: in this world of "free" services (where the users are farmed like honeybees), voting with one's feet is about the only way to send a message that a company will actually listen to.

I see no problem with individuals leaving, and I see no problem with advocating a shutdown or at least encouraging other people to leave. Work out what the community wants, and go from there.

(I don't use go, but from my personal "this cannot be allowed to stand" perspective: I would love to see communities that are _not_ about hot-button topics stand up and walk out.)

>Now I'm brainstorming how one might build a federated Reddit with public, signed mutation log, ala CT or other chains. And then multiple UIs could render the same public & federated data set.

Your post to delete /r/goland triggered me to actually work out an idea for this ;)

The idea would be to use importers to provide reddit and other sources like mailing lists within the site and at the same time provide native content through Pubsubhubbub.

Of course everything uses Ed25519 Signatures for verification, including user-content.

Tho atm it's merely a pipe-dream with a short and shitty readme.

Totally agree with distancing from Reddit.

I would contribute to a federated non-repudiable system.

Moderation can be just as auditable. (Perhaps with some emergency actions that then require a follow up consensus to make permanent)

On some occasions the original content must be purged, but the signatures can remain. Communal censorship is vastly different from changing the content.

Only played with it a bit in the early days, but someone has an open source distributed reddit clone called Aether


Worth noting that moderators, admins, or community-team level employees do not have the power to edit comments – I believe this was done at the database level. Signed comments is a good idea though.


How is that not almost exactly what he is suggesting? His just includes that Go project also distance themselves from reddit, which is more than reasonable.

It's adorable that you think any site is immune to that kind of interference.

So.. here's the thing. I think that spez did everyone a favor by editing those user comments.

We know that politicians and corporations game the system already with fake accounts, presumably as a tool for manipulating public opinion. We know from the code that user comments aren't encrypted at all, or their voting tallies. It would require a very small tweak to manipulate things from the server side.

Given that, users should _not_ have been placing any trust in the sanctity of the results they see to tell them how the hive actually thinks or even if the linked source is accurate. People need to learn to question the motives of what's presented to them. I'm not saying to automatically distrust everything, just to look past whatever spin is put on an article and look at the primary sources.

The fact that someone has the capability and willingness to edit comments was so shocking to some people is a sign that these surprised people needed this kind of a wake-up call.

We can speculate, due to the missing warrant canary, that the government has, or has had, at least one user under surveillance from the system. This is very public proof that even the content of comments can be manipulated, which might help some poor schmuck out one day when his 'anonymous' internet comment gets misconstrued and comes back to bite him.

Not to mention, its pretty widely known that /r/the_donald uses bots to up the votes and push their stuff higher on /r/all. Not that Im thrilled that Spez did what he did, but /r/the_donald has been pushing the line ever since it was created.

This exactly. I am more suprised and disappointed that subreddit survived long enough to let this "scandal" happen, than about the thing itself.

A subreddit with a fraction of the userbase and activity than other subs would constantly have multiple posts on the frontpage at any given time, and noone cared to look into it or do something against it. I wouldn't be surprised if that sub beat out some default subs during that time, which is just straight up ridiculous.

This shouldn't have happened, true, but the reason for that is not as much /u/spez screwing up than it is all of reddit screwing up.

There have been exactly ZERO r/The_Donald posts on the frontpage, ever. It is not and never was a default subreddit.

You are talking about r/all, which almost no one browses according to the Reddit admins themselves. And as of a few months ago, at most 3-4 posts from any one subreddit are on each page of r/all.

Why exactly should they be banned? I can't help but suspect that the real reason is that you want to silence their politics.

I browse /r/all almost every day. I don't subscribe to everything I'm interested in, so I check /r/all to see if I'm missing everything. Before they changed the algorithm, page one was nearly 100% /r/the_donald spam. I don't care about their politics, that's their own business, but it's pretty obvious they're gaming the system. Again, that's fine. That's their own business. So reddit changed the way the posts are displayed to make /r/all usable to a wider audience again, problem is now it's mostly porn after you get past page one.

To remove politics from the argument, I don't watch basketball. So if /r/nba decided they wanted to have all their posts on the front page and told their readers to up vote everything they see no matter what, I'd have the same reaction. It's not what the system was designed for. I want to see a healthy mix of what reddit users actually think are the most interesting posts of the day. One subreddit, especially one that's not even that popular, taking over /r/all is not what I want to see. Doesn't matter which subreddit. I want to see a good mix.

The main issue is that Reddit does not have a built-in way to filter out subreddits. There is a ton of uninteresting and offensive content on Reddit, and the only way I can use the site is to filter subreddits using Reddit Enhancement Suite. I like /r/all because it lets me discover new content outside of my subscriptions, but I can't read it on mobile or on other computers--without RES there is too much crap to wade through.

it does have a built-in method, it just expects you to pay for gold to get a spam filter for /all

Do you have any proof of this? I haven't heard this before and they certainly have an active enough community to push things to the r/all quickly.

Their votes to comments ratio is much, much higher than other subreddits, which is very suspect.

Another suspect thing is that time when the Reddit algorthm broke and the first 50 pages of r/all were turned into /r/the_donald post. Apparently what happened is that the sorting broke and they were ordering posts by activity, revealing that /r/the_donald posts were being upvoted at a rate that dwarfed other subreddits.

Similarly, the actual votes to polling results were also very skewed. It likely correlates.

Trump supporters turned out to be 47% of voters and it's been said many times he had a strong base of energized young people. It's entirely possible it's fully legitimate in my mind at least.

From what I've read, Trump didn't actually get any more votes than republicans in the past few presidential races, it's just the democratic turnout was a lot lower than expected, i.e. fewer people overall voted (or more voted for the third-parties).

In other words, no, you have no evidence.

Early on mods encouraged users to upvote everything to counter brigading. Then they noticed that it got them on /r/all. So now they just randomly post notices of brigading.

Just wanted to also throw out there that the mods' technique was to sticky a post for everyone to see and upvote. The Admins told them that abusing stickies in such a fashion (frequently, and without good reason) was considered a form of (up)voter manipulation.

There's this: http://redd.it/4ze7gm

Disregard the title as it's not a "botnet." It's a user script that adds functionality to RES: automatically upvote everything in The_Donald, automatically downvote everything in other subreddits, and allows importing lists of specific users to up/downvote.

In fairness, bots have been influencing many subs for quite some time. An analysis of how one sided /r/politics was and how many seemingly bot accounts (very new accounts with abnormal activity, heavy publishing/etc) posted nothing but pro Hillary / anti Trump articles with an immediate push of votes.

Reddit is gamed all over the place, in all subs. Between that, and fake amazon reviews, it's really feeling like this is a problem we need to start spending some time to try and push against.

No idea what we can do.. probably nothing..

after the election, I no longer believe the donald used bots. People just seriously under estimated trumps very large support.

Widely known by who? Source that statement.

As one of many T_D users, I sure love to be called a Russian bot. So, citation needed.

Edit: to people downvoting, please elaborate.

I'm far from stating that t_d used bots to push submissions up, because there is no definite proof, but what I know for sure is that the US election ruined browsing /r/all for me. While it was mostly porn and memes before, every now and then I would bump into something interesting from a subreddit I didn't know. But during the election it was 90% of either t_d or sandersforpresident.

EDIT: Apparently reddit has changed the /r/all algorithm so this is no longer true. Thanks everyone for informing me!

Reddit actually tweaked the /r/all algorithm to change this.

Which basically looks like a political move and it is kind of sketchy in that regard, but for users like you it's probably beneficial.

It only looks like a political move because a political subreddit is the one that forced the change. If it was any other subreddit, no one would have cared. I'm sure if /r/hillaryclinton did the same thing, they would have reacted the same. It's not good user experience for one subreddit to take over the site like that.

I didn't know, thank you! I've edited my post so it doesn't misinform people.

You should use RES to filter out political subreddits from r/all.

Unsubscribe to the default subs, subscribe to the ones that interest you. My reddit experience was more or less untouched by the election shitshow.

Any one subreddit is at most 3-4 posts on any page of r/all. This change was made months ago.

Interesting that you inserted the word "Russian" there.

It's a long running joke on the sub after being constantly accused of being bots (and probably bots created by Russian hackers closely working with Trump.)

Looks like a strawman used to dismiss (legitimate or not) concern from other users.

It's really, really not. Accusations of Russian influence on Trump's campaign are common to the point of almost being a meme. So /r/the_donald turned it into one. Not much different than the "steel beams" meme.

This coming from a person who filters out /r/the_donald so I don't have to see it.

We know from the code that user comments aren't encrypted at all, or their voting tallies.

Of course not, how would you show the comments to visitors if they were encrypted?

This is very public proof that even the content of comments can be manipulated [...]

How would anyone be surprised by this, it's all just rows in a database. If you are in the right position with the right credentials, you can do whatever you want.

> Of course not, how would you show the comments to visitors if they were encrypted?

By encrypting them with a key before storing them, and decrypting them before rendering them. It's not difficult, but could put additional load on the server.

Protecting access to the key would be more difficult, but it's possible with security tools. If it's a file, the idea would be to restrict access to the key to the service processes so a user on the system can't use it to encrypt their own entry. If it's an environment variable then you need to protect where that is inevitably stored and called. Then you restrict access to the database so its only accessible from specific production servers, and restrict access to the servers to only people who need the access. It's separation of duties.

But I get your point about the right person being in the right position. Separation of duties goes to hell when you've got a CEO who's a developer and also works in operations. You can't restrict his write access to production data while allowing him to work on the code. Even if your processes are in place, surely the CEO of a company can get around them.

If you're going to downvote this, I'd really appreciate a response as to why.

If spez wants to fix this, he needs to set up a trusted third party backup of comments as they evolve in time, to guarantee that comments remain unedited by admins. It needs to be done in a secure way that prevents tampering.

This service could be extended by the community to other social feeds and blogs - just archive them to have traces of their change in time.

I get their point, but I also think that a large part of the reason that people are using the Golang subreddit is Google Groups.

If the Go team could just abandon Google Groups as the main forum for discussing Go, then just maybe there wouldn't be a need for the subreddit. I know that some people like Google Groups, but there's at least an equally large group that absolutely hate it. Personally I find it to be such an awful platform that I would prefer pretty much anything else, that includes tolerate shitty behaviour from the Reddit CEO.

Yep. Its user experience is straight from the 90s. Can't edit your messages to fix typos, can't do pleasant and friendly formatting with preview, and don't even get me started on controls over notifications.

It's a mailing list.. you want it to be a forum, but that's not the point or what it is meant to be.

Some of us prefer mailing lists and interacting over email in our preferred client over having to go to various websites and deal with their varying user interfaces.

> It's a mailing list..

Except absolutely awful, it's worse than the standard mailman ML and that's saying something.

> you want it to be a forum, but that's not the point or what it is meant to be.

One of the issues being google groups looks a lot like a forum (dedicated web UI, starring, replies to threads, etc…) without any of the good points of a forum.

Basically, for most people google groups is the lowest common denominator of a forum and a mailing list, making it unmitigated garbage.

D has a forum that is also a mailing list and it is far superior to Google Groups. It's also probably the fastest site on the web I've ever seen.


You can still access the posts through NNTP, as well! The DFeed software is an impressive piece of work.

And for people who don't like mailing lists, /r/golang exists. Not sure why we can't have both.

Isn't the point of the thread that a subset of the (google groups-bound) golang community wants the subreddit removed?

Second that. Google Groups is a big problem, stops me from reading anything golang related there.

It is not just about the UI, UI sucks but the feedback they give on google groups is terrible. Reddit community is so amazing that once I was having doubts about AJAX, within ten minutes, I had two answers, one with plain JS AJAX and another with jquery. If I had been asking on google group, which I have done only once when they replied back so horribly that I stopped using it, they'd have directed me to some obscure link on the Internet and asked me to chase it down.

Reddit isn't stackoverflow. This is an open source community, if someone has a problem with it, they are welcome to leave, make /r/golang as an unofficial subreddit, which it was, when it started and before the robotic overlords took over the subreddit.

Is it really true that /r/golang is friendlier than go-nuts? If so then Golang should make /r/golang official and wind down go-nuts. Community friendliness is way more important than platform politics, and the unfriendliness on go-nuts might turn some people off to Golang.

Yes, /r/golang is way more friendlier than go-nuts.

I say this by proof.

1. One year ago I started learning Go. It was difficult to understand it, I read a lot of books and stuff. I started working on http://github.com/thewhitetulip/Tasks, Later, I realised that there isn't a free resource to teach what I learned, so I tried to share my knowledge by creating this, http://github.com/thewhitetulip/web-dev-golang-anti-textbook....

The first post I made was to /r/golang: I got immensely +ve feedback, suggestions etc.

The second post I made was that google group, I was told "The language is called Go and not Golang" and the condensed feedback from the elites was (after someone rallied behind me saying that give real feedback and this is being jerk and blah blah) that "it might be the case that suraj wrote a good book but people won't take it seriously until the language name is corectly used"

Who cares about the title of the book? I certainly don't. I have read astaxie's book, codegansta's book, both had golang in their title. Their content was amazing. I loved them, didn't care about the title

The links are below

As another instance, I wanted help in AJAX one year ago, I asked /r/golang, I got two examples in half hour, one with plain JS another with jquery.

Do you really think that if /r/golang was so "toxic" and "scum" as they call it on the go-nuts mailing list (a glaring violation of the CoC shoved down our throats) that there would be a consensus among /r/golang to unequivocally say "if Go authors don't participate in /r/golang then they are welcome to step down?"

I do not understand what they want to do, Guido created python, is he the mod of /r/python, does he care what authors name their book? "oh the language is Python with a capital P", no, he does what he does and let's the community handle the community.

my exp with /r/golang













The fact that I do not have a single (+ve) link on go-nuts speaks volumes about which forum is toxic.

Just read this thread which I started on go-nuts


And tell me later which community is helpful.

For example, on my phone, it just prompted me for a gmail login to read the thread, with no obvious way around the login.

Google Groups is just another thing Google will dump in time anyway. Why does it have to be some officialious Google thing anyway, why not let the people—the programmers who use Go—choose where they want to discuss it.

I'm not too up to date on this. What is your preferred alternative to Google Groups? Mailman?

NNTP, phpbb, anything else. Google Groups literally have the worst interface of any product that I've used in the last 6 - 8 years.

But yes, an old fashion mailing list, archived on marc.info, would be a huge step up.

I can only assume that Google Groups is some sort of half baked example to show that GWT works.

Try Yahoo Groups and you'll crawl back to Google Groups on your knees.

Thanks! I didn't think we've made much progress, but it was worth a shot.

I'm on a few Google Groups, Mailman, Majordomo, etc. lists and I can honestly say that it doesn't make a huge difference to me. I will agree that the Google Groups archives are somewhat unpleasant.

https://lobste.rs/about, particularly with its mailing list mode.

This! Exactly.

> That is so beyond unethical and immature, I no longer want anything to do with that site. I will be deleting my account on Reddit after backing up my content, and I will no longer be a moderator of /r/golang.

Responding to immaturity with immaturity is a bad idea altogether.

I have never understood Google's choice of "use google groups" for projects, then farming out community relations to third parties like StackOverflow, Reddit, etc. They have enough resources to manage their own support, news dissemination, and discussion mechanisms.

There are a number of reasons to not have an official presence on Reddit, but "I'm taking my ball and going home" isn't one of them.

Why do they use Google groups anymore? The UI sucks, it is heavily moderated. Reddit is like democracy where the elites of the community are treated equally with the others. Even the author's comments can be collapsed. name one place on the internet where this happens, except reddit.

A knee jerk reaction, we want the subreddit back!

p.s. after the Google Pixel thing, I do hope that they don't shut my google account down because I am saying that google groups sucks by citing some hidden rule or something.

Responding to immaturity with immaturity is a bad idea altogether.

Sticking to principles, even when it's uncomfortable and inconvenient to do so is "immature" now?

It's not the principles, it's the actions being discussed to follow through with those.

You know the phrase "I'm taking my ball and going home"? What he wants to do is take someone else's ball, go home, and make sure that no one else is playing with a ball again after he leaves.

He's wanting to destroy something the community finds useful, and not only that, wanting to prevent the community from building and using it on their own in the future if they wanted to continue without his involvement. That's the harmful action. It's fine if he says "I won't use reddit anymore". Perfectly fine. But shutting down the subreddit, deleting all of its content, and specifically reserving the name so the community can't continue in his absence is just... well, immature. There are better ways to handle it. This is a pure temper tantrum.

I don't see anybody painting this as "sticking to principles" and the message certainly does not read that way to me.

While the behaviour of the Reddit CEO was more than a little bit immature and short-sighted, closing down a functioning community in response seems almost as stupid. If they try to shut it down, then the community at Reddit will create a version of it that is not closed down.

I'm not a /r/golang user, but I think this is a political statement of 'we will not tolerate the abuse of users by people entrusted with their data', which I think is fair.

Maybe they should just call for the CEO to leave or something.

> I think this is a political statement

Yet when people protested against SOPA/PIPA, we took it down for a day. Not indefinitely.

Except this is the admins making the statement, potentially taking their ball and going home - leaving a lot of people on the court wondering what to do next.

I wonder how dramatic this really is? There must be a hundred forums to discuss go, people aren't so helpless they can't find their way off of reddit.

Dramatic enough for frequent visitors. Forums are dime a dozen, but a community you get used to and grow to like is unique for you. If HN was to be suddenly shut down, I'd literally be heartbroken.

I mean, if everyone preferred to leave anyway, then it would be an empty gesture to shut it down.

If everyone preferred to leave, this would be a non-issue. The problem is, the only people who seem to be in favor of leaving are the people who aren't using it in the first place. On Google Groups, everyone is in favor of shutting it down. On Reddit, everyone is begging for it to be left up.

There is no good decision that can be made here. Spez was wrong and abused his position. But taking an action against reddit will be seen as a 'win' by the people who started the abusive false pedophilia accusations.

I don't know what the correct answer is other than to say that everyone currently involed looks bad, and anyone who jumps in will come off looking bad. Is the only thing we can do stand back and watch it burn?

/r/CrappyDesign went through this same drama when the big dust up around /r/IAmA happened due to one of the female employees at reddit getting fired. The moderator there felt like the community was all about him, and he therefore had the right to close it down.

And yet as soon as he shut it down, someone opened a request with the admins to take it over, it was granted, and the community now is stronger then ever. If mods want to leave reddit then so be it, but they need to stop any delusions that they are the keystones holding their communities together.

There is a thread on golang subreddit about this. Users are not happy.


From what I understand, the golang team does not want any association with the subredit or reddit as a whole. But I don't understand how /u/spez actions have triggered this. It looks like the proposal of /r/golang deletion is either a political statement, or go team wanted to get rid of it before and were just looking for an excuse.

Everything at expense of /r/golang (and therefore the go language itself) users.

They have been vocal in the past about disliking the subreddit, I think this is just their opportunity.

Edit: disregard this. I remember reading some things a while ago and haven't looked into it, and I shouldn't have jumped in without doing some due diligence.

They? I've never seen the other moderators or myself disliking Reddit before.

This is my opinion alone.

To be completely honest it was a while ago and I don't remember who or what was said at this point.

I edited my original comment, I shouldn't have said anything without actually knowing what I was talking about.

Wow, the amount of people just going "yeah, delete it and make sure it doesn't come back" is staggering. Really bad image how some people seem to think the community and it's resources should be "officially owned".

Want to make a personal statement? Leave the platform, demand the subreddit being marked as unofficial (AFAIK it did start out as a random sub by a random person and only later added people from the Go team as moderators). Don't decide for your users that yes, you don't want to meet there anymore, so we torched it for you.

Note that the discussion on the golang subreddit [1] has a very different tone. One comment that particularly drew my attention is:

> So people that rarely use this subreddit want to get rid of it? Okay.

It seems like the Google Groups people are not the same as the r/golang people.

[1] https://www.reddit.com/r/golang/comments/5eqs64/proposal_to_...

Closing a thriving community just because an admin feels some moral imperative to do it is just short sided.

If you don't like Reddit, write a blog post, blow some steam, delete your Reddit account, be as critical as you wish, but don't kill a community just because you can.

I feel like some people don't understand the gravity of what he did. He edited someone elses comments. What is the point in being part of a community where the website owners may be editing random comments? It undermines the whole thing.

Let me ask a question. If it turned out that Google had started selectively "editing" peoples email coming from Gmail, would you still be fine using Gmail?

There is no gravity. People are overreacting, that's all. Spez simply did what other sites are able to do but never admit if they do or not.

GPG sign everything online if you're concerned about your data changing. Even HN could change your comments if they wanted. What's stopping people? "Trust"?

So what if other websites "could"? It only matters if they DO.

I don't treat everyone like a psychopath because they COULD stab me. I only care if they do.

You don't know if other sites do it unless they admit it.

So the answer to censoring is more censoring, let's nuke an entire community just because I'm on a moral high horse!

Also I fully understand what Spez did and I find it not OK. If you don't agree with what an admin did, you could ask for the respective admin/CEO to resign. The answer should not be to delete a community that you don't own on a whim.

If Google started modifying my emails, I would stop using Gmail and advise my friends not to use Gmail. But I won't ask for Gmail to be killed/deleted just because I don't like it or I don't agree with it.

He pranked some pranksters. That's it.

You mean he massively abused his position.

People have been prosecuted and JAILED for reddit comments don't forget.

> would you still be fine using Gmail?

Well, no. But I also wouldn't force others to stop using it too.

You want to know who is harmed by this? Those of us that read the subreddit but are not on Google Groups.

Just a rookie question, but why the hell don't they just install some forum stuff on a web server?

If I was cynical I'd guess that it's too difficult to arbitrarily enforce the 'Go Community Guidelines' without criticism on Reddit.

As I have stated elsewhere, the Go community is split into two factions, elites (Googlers) and others. Reddit is the only place where others and elites are treated the same, post for feedback on the google group, which has sucky UI and is terrible to use, and you get small comments because they are busy and the feedback isn't at all helpful. Contrast that with Reddit, as someone had pointed to me on HN, I posted a question about AJAX and Go, I got two answers, one in vanilla JS and one in JQuery. Had I asked that in the google groups, I'd likely have not been able to post because it would have been "too simple" or I'd have been shooed away to some obscure stack overflow link. The community wants the subreddit, you can leave if you want. Just because one person screwed up doesn't mean that someone who rarely uses reddit wants to delete the subreddit WITHOUT asking the community. This is against the point of open source. Isn't Go open source?

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact