Diseased Open Source Software Community - it's about ethics in Code of Conducts

[Margo Martindale]

Doesn't this idiot know basic obsec? He should have assumed that every account was breached and changed passwords before pulling any shit like this.

Also the weaponization of open source software is retarded and gay.

I've heard US intelligence agencies are actually having trouble recruiting those sorts of people because they don't want to have to move to Virginia and give up smoking weed, which actually explains a lot about the quality of US gay ops vs 4chan gay ops.

The biggest reason is that private companies are hiring these people for a lot better pay and work environment than the government offers.

The book 'This Is How They Tell Me the World Ends: The Cyberweapons Arms Race' goes into some interesting details on this (but goes full retard at the end with trump reeeeeing and Russia boogeyman election medeling. Still recommend reading the first 3/4 though)

 

[Common Shadow]

Did he mention that he cheated on his wife and that he is extremely sorry? Not sure he said that.

 

[Shaka Brah]

That's a lie spread by marijuana addicts. The real reason is that the government pays absolutely terrible wages to anyone who has a skill that is valuable in the private sector (and they overpay useless people) and the work environment is very bureaucratic.

Aside from the obvious political witch hunts they do on their staff, this is one of the primary reasons US intel is now staffed by so many otherwise-unemployable trannies. Sane people with skills can do so much better in the private sector.

 

[Moths]

do all these people that get hacked have like really shit passwords or?

 

[Kendall Motor Oil]

That's why I don't trust these package repositories or software that pulls in 50.000 of them. It's basically closed source and a black box at this point. There's literally no realistic way to tell what it does, especially when updates are rolling. If you are a linux, learn about sandboxing and namespaces, at the very least.

On top of that, this is so completely misguided there's no telling where to even begin. Literally doing Putin a favor by isolating his people from western influence.

Whats shitty is this ends up vindicating companies with outdated security policies who keep employees on a very outdated private repository. Automotive companies in the US are very bad about this and end up running outdated software with vulnerabilities.

So this dumbass was just fucking with random Russian civilians? What good would that even do?

If you're going to get taken out by l33t Russian haxors and ruining your reputation in the field, at least go down fighting Russian glowies or something, this is just pathetic.

Maybe he was hoping Russian FAANG would be totally owned.

Also the weaponization of open source software is retarded and gay.

Adopt the the Anti-Fascist licence, bigot. Not only open source but privacy software. Leftists in tech worked on developing decentralization and privacy systems only to not need them when "their people" took over the institutions. They are now trying to figure out how to undermine their own anti-censorship/anti-snooping tech because "fascists" use it. There was a tranny at Mozilla who was researching "extremism" on these systems and how to stop it.

 

[Berrakh]

Programmers and Trannies. Tale as old as time.

 

[moocow]

Try getting a dev to do anything but write code and send it to devops.

...whom they'll immediately blame when their shit gets compromised and devops "didn't catch it fast enough." They will also complain when devops does learn about stuff like this and warns the dev team about it then automates the pipeline refusing to allow builds with affected versions because "it broke my code!"

Webshit developers suck. At least you can tell a C++ guy his shit's broken to his face and he'll take it like a man, laugh about having to start an hours-long build process all over again once he figures out a fix then walk back to his desk to get started.

What an idiot, so many mistakes were made. Where's the sense of self-preservation?

That has been thoroughly bred out of the modern NPC. They're pro-gun control, want to defund police, work hard to free the very same violent criminals who victimize them, howl for blood when someone does defend themselves with a gun (Kyle Rittenhouse, anyone?) and cheer when the government punishes someone for doing so.

These people have no sense of self-preservation, and worse still, they've actually been trained to despise it.

Doesn't this idiot know basic obsec?

He published malware from his own account to a public repository built on a source control system explicitly designed to keep a full record of all changes (and even has a "blame" feature to tell you who made a given change) and made only a token effort to try to obfuscate the naughty code in the update.

Dude doesn't even know what the term "opsec" means.

 

[Mister Uno]

do all these people that get hacked have like really shit passwords or?

A lot of fags even in the tech industry will use the same password for a bunch of different accounts, which is retarded. Just use a password manager, its not hard.

 

[Search]

Wait, I thought only exceptional faggots use unhealthy amount of shitty npms... That means he specifically targeted his Russian 'brothers in bussy'?
I'm confused...

 

[Kendall Motor Oil]

...whom they'll immediately blame when their shit gets compromised and devops "didn't catch it fast enough." They will also complain when devops does learn about stuff like this and warns the dev team about it then automates the pipeline refusing to allow builds with affected versions because "it broke my code!"

Which is all bullshit because devops is meant to facilitate proper code->production practices but devs refuse to do anything but "code" and toss the code to someone else when "its done". Devops is such a shit role depending on the company and team. I don't know if devs are largely retarded or refuse to change from the old "waterfall" development and siloed department days. Gone are the days when you just do one thing. You are responsible for your code from inception to production which requires basic knowledge of the processes and systems. Given people like this guy and many of the devs pushing to censor "the right", not enough is being done to beat these egos down.

Also, I partially blame github's "social coding" for the attitude this guy has. Github's social features and general structure encourage a less severe version of narcissism and political zealotry compared to Twitter.
I'm MATI, Mad At The Industry.

 

[Shaka Brah]

Which is all bullshit because devops is meant to facilitate proper code->production practices but devs refuse to do anything but "code" and toss the code to someone else when "its done". Devops is such a shit role depending on the company and team. I don't know if devs are largely retarded or refuse to change from the old "waterfall" development and siloed department days. Given people like this guy and many of the others pushing to censor "the right", not enough is being done to beat these egos down.

The majority of coders who go to college aren't trained to code well or deal with criticism, it's mostly producing autism projects and political indoctrination. That's why so many of them are shit. Even well-trained and dedicated coders aren't usually trained for the real-world job environment they end up doing and need mentoring.

 

[Search]

Which is all bullshit because devops is meant to facilitate proper code->production practices but devs refuse to do anything but "code" and toss the code to someone else when "its done". Devops is such a shit role depending on the company and team. I don't know if devs are largely retarded or refuse to change from the old "waterfall" development and siloed department days. Gone are the days when you just do one thing. You are responsible for your code from inception to production which requires basic knowledge of the processes and systems. Given people like this guy and many of the others pushing to censor "the right", not enough is being done to beat these egos down.

Amen, brother!

 

[Common Shadow]

do all these people that get hacked have like really shit passwords or?

Most companies should have randomized password encryptors similar to the ones Steam uses; kind of like two-step authentication. Problem is most companies operate on tech ten even twenty years older than modern tech and are therefore lazy in thinking their machines are not susceptible to the new malware and backdoor programs.

 

[Alligator Alcatraz]

Whoever made that doxdoc, thank you for the (probably unintended) nostalgia of old warez readme docs. All it needs is the keygen which plays midi music. Thank you for the comfy feels.

 

[Generic Retard]

Whats shitty is this ends up vindicating companies with outdated security policies who keep employees on a very outdated private repository. Automotive companies in the US are very bad about this and end up running outdated software with vulnerabilities.

The thing with automotive/railway software and electronics is, that you have to guarantee a level of safety to the user and you can't do that, when you just use the newest release. Companies have to do their own testing to guarantee safety. Safety is valued over security here. It's not NASA, but still...
Usually the systems are not very open to use possible vulnerabilities anyways (although now and then there are cases where cars get hacked from the entertainment side, even though entertainment and powertrain should be split safely).

Oh and if the software is under some GPL, then it has to be vetted and made sure that you absofuckinglutely don't disregard the licence, that includes crediting the developers. (for every version)

 

[Shaka Brah]

do all these people that get hacked have like really shit passwords or?

It's probably due to using the same password for all his socials. If you look, the dox shows a yahoo account as one of his oldest accounts. Yahoo was pwned several times and there are reams of passwords leaked out online. Some services won't even let you sign up with a yahoo email because of how insecure they are.

 

[Kendall Motor Oil]

The thing with automotive/railway software and electronics is, that you have to guarantee a level of safety to the user and you can't do that, when you just use the newest release. Companies have to do their own testing to guarantee safety. Safety is valued over security here. It's not NASA, but still...
Usually the systems are not very open to use possible vulnerabilities anyways (although now and then there are cases where cars get hacked from the entertainment side, even though entertainment and powertrain should be split safely).

Oh and if the software is under some GPL, then it has to be vetted and made sure that you absofuckinglutely don't disregard the licence, that includes crediting the developers. (for every version)

I'm talking about outside the hardware coding. The data analytics, website, billing, and such. For example, if you need to use AWS and want to use terraform or ansible, the one available is 4 years out of date and you must request the team review the release you want and add it. The process can take months due to the backlog and official releases from the companies isn't a good enough guarantee. The rest of the industry doesn't have such policies.
For mission critical applications like vehicles and payment processing, I can understand the scrutiny.
Speaking of coding scrutiny and security, you gentlemen may find this scary.

Spoiler: Toyota Camry code audit

The Camry ETCS code was found to have 11,000 global variables. Barr described the code as “spaghetti.” Using the Cyclomatic Complexity metric, 67 functions were rated untestable (meaning they scored more than 50). The throttle angle function scored more than 100 (unmaintainable).

 

[Desu Mountain]

Whoever made that doxdoc, thank you for the (probably unintended) nostalgia of old warez readme docs. All it needs is the keygen which plays midi music. Thank you for the comfy feels.

Those things are still around. I know because poorfag.

 

[Dr. Silvestrechu]

What an immensely shitty thing to do. Burning you rep like this, just to fuck with ordinary users? lmao, probably afraid to do anything targeting the Russian government in case he got v@

This is your brain on reddit.

 

[⠠⠠⠅⠑⠋⠋⠁⠇⠎ ⠠⠠⠊⠎ ⠠⠠⠁ ⠠⠠⠋⠁⠛]

For sure. If I were a Russian previously not a big fan of this Ukraine war thing, would a tranny-loving faggot American trying to indiscriminately wipe my countrymens' civilian computers make me more or less likely to support Putin and his claims that the west is trying to destroy all of us?

The retardation of this move is off the charts.

While Putin's approval rating is well north of 70%, especially after the operation to stop Russians being murdered by NATO filth, I'm betting that IT folks are disproportionately represented in that remaining 20-25% of liberal faggots.

whoops