- Joined
- Feb 28, 2019
DeepL is pretty damned amazing. I just wish there was something like the old Google Translate Extension that could translate entire webpages on the fly, only with DeepL.
Diseased Open Source Software Community - it's about ethics in Code of Conducts
- Thread starter CrunkLord420
- Start date
-
🐕 I am attempting to get the site runnning as fast as possible. If you are experiencing slow page load times, please report it.
- Joined
- Mar 13, 2022
What an insufferable prick. He could have critiqued modern software development (which, to be fair, IS shit) without having released a shitty piece of malware that almost certainly harmed innocents and did nothing to help anybody. The man would murder someone in cold blood and his defense would be "decide if you are OK trusting people when we still have people willing to start wars in our world."
Too bad he can't erase fartsniffer104 and yeeterlol from the page.Imagine being up at 1AM on a Saturday and you're spending your time renaming issues like this
View attachment 3086175
View attachment 3086174
- Joined
- Jan 16, 2017
Sure buddy, I'm sure the Kremlin and the Russian Military and Intelligence services are definitely going to use open-source Javascript from some balding American soylord.
Unlike, say, Russian dissidents who would want to know exactly what code they're running and don't have the money for commercial code because the Russian economy bombed.
Talk about an own goal. Fuck me, this moron didn't spend even 30 seconds thinking through the logical consequences of doing this. Fucking Reddit poisoning, man.
Unlike, say, Russian dissidents who would want to know exactly what code they're running and don't have the money for commercial code because the Russian economy bombed.
Talk about an own goal. Fuck me, this moron didn't spend even 30 seconds thinking through the logical consequences of doing this. Fucking Reddit poisoning, man.
- Joined
- Jun 12, 2020
What leftism does to a motherfucker. Has a cute wife, still leaves her for a fat "chick" with a penis. Reset the male feminist clock.
- Joined
- Mar 3, 2021
Pretty much what @Markass the Worst said, yeah. Also the bit about the NGO and "on recommendations of legal counsel we're thinking about filing criminal charges federally" kind of gives it away as a LARP too. Not to mention that they redacted the statement because they were asked to, but then immediately reuploaded it on another platform with an embed link. (Presumably they were 'asked to withdraw it by GitHub', because who else would be okay with them just reuploading it anyway to weasel out of the withdrawal?)
Sure, maybe it'll turn out to be legit and bdsmith72 there just sucks at articulating things. But in the meantime, my gaydar is picking up strong signals.
That's going to be the most interesting part of what happens next, I think. Sure, the MIT License is pretty emphatic about the responsibility/warranty disclaimer, but does that apply to intentionally and maliciously sabotaging your own code, and for the purpose of committing a criminal act? I reckon even if the former is covered under the letter (but sure as fuck not the spirit) of the FOSS license, then surely the latter (i.e. the willful destruction of others' property) is a still big deal.
Equivocal_Iki
kiwifarms.net
- Joined
- Mar 15, 2019
- Joined
- May 17, 2019
People are cheering on this guy being fucked and his life ruined, but I'm not actually seeing any evidence anything bad has happened to him other than him being sent pizzas and a failed SWATting attempt.
- Joined
- Jun 15, 2017
This is incorrect.
Russian dissidents are personally rich, extremely well-funded, and get dollar-denominated salaries. Many of them haven't lived in Russia for years, and a shitton emigrated in the recent weeks. Dissident orgs do use open-source Javascript from balding American soylords, we know it from their job openings.
I didn't get to see of lot of the Russian military (I only made it as far as the first checkpoint of a heavy weapons lab), but I have the impression they hire poor talented autists who can't make it in commercial IT, due to not fitting the soy corporate culture, and pay them a pittance. You have to love math for real and have excellent health to get in.
And then there are well-funded agencies (like the censorship office Roskomnadzor) which pay almost the same as businesses and attract the same crowd of terminally online redditors and dangerhairs with septum piercings. During the very short time I worked there, the censorship engine went down for half a day because they didn't lock the version of pip (python package installer).
Which is to say, the attack was likely to hit both dissidents and the Russian propaganda arm (because they're soy, not because they have funding issues). Military and intelligence, not too likely.
- Joined
- Jan 10, 2019
It's been a couple days since shit hit the fan. It will take at least a coue weeks for the real collateral damage to hit. Plus, I doubt his wife is to happy with his tranny chasing ways. If they found his fucking Ashley Madison account, I am almost certain they have his wife's email. That's not even mentioni g the fact he created a fucking virus that can be weaponized against literally every one in the world with some minor modifications to it. It's hitting Russians and Belarusians now, but all you have to do is change it to American IP ranges to become a matter of national security, which isn't difficult. This soynigger is legit retarded for doing this. He should have done what the Notepad++ dev does and just use it to sperg about politics ( whith maybe an annoying text file talking about it), not create malicious malware that has the potential to fuck with pretty nuch every JS running computer out there
- Joined
- Nov 10, 2019
With today's pozzed out faggot US, this is probably the only way he gets the justice he deserves.
- Joined
- Dec 25, 2020
And like most western programmers/tech workers he's a lazy dumbass who just took Javascript and NPM calls for their own use. GGWP faggot.
DabOnJannies
kiwifarms.net
- Joined
- Feb 24, 2022
>Hacker remembers to say Fuck Jannies
I like this guy.
I like this guy.
- Joined
- Jan 15, 2019
It may do it well, but as elitist as this sounds, senior-level (read: actually competent) developers forced to use Javascript for production work are still expected to be skilled enough to be aware of (and avoid/guard against) issues raised by weakly-typed languages.
At my office, it's a standing order that trying to shovel Typescript-related stuff into production code is a fireable offense. And the senior manager who said this was only half-joking. I can easily shield a junior developer from that punishment ... for a first-time offense. It's called a "junior-level" position for a reason. But a repeat offense? Or a senior developer does it? Nah, sorry mate. I'll put in a good word for you but you're still going to stand tall before the man for it.
Yeah, this kind of thing is best done as an inlined
assert anyway:
JavaScript:
const someNumber = untrustedClient.getUserInput('penis_length_in_inches'); // User enters "biblical"
assert(typeof someNumber == typeof 9);
naiveTrustingService.broTrustMe.doThingWithNumber(x);AssertionError, but catching that and taking any action other than screaming loudly is missing the point anyway) but that is a pain point you want. It should never crash by failing that assert, and it will only crash when you (the developer) allow garbage to reach it. In the above example, the right solution is to add validation to getUserInput() directly.What this dipshit's done is taken this bog-simple concept, discarded assert (while still throwing an exception like assert does), made it a function and wrapped it in a god damn module and then shoveled it into npm. So much needless indirection and an external dependency to boot. It's literally a one-line check with built-in language features, but using this "method" instead involves importing a module, instantiating it (or at least assigning it to a local variable), making a function call into the module and wrapping it in a try/catch. Soooo slooooow...
Want to really be sick? Microsoft are trying to shoehorn Typescript into Javascript now. Submitted to the TC39 committee and everything.
It's kinda funny ... I have some modest respect for tools like Babel for accomplishing what they did when all the "fancy" features started appearing in ES6, like spread operators and classes and the like. Not strictly because those features were super-duper awesome, but because when they "transpiled" ES6 down to plain ol' Javascript they at least made correct choices in how to implement those features as efficiently as possible.
To this day it continues to infuriate me how when new language features get added to Javascript, all the implementations of those features end up being slow as fuck. For instance, as useful and expressive as the spread operator is, it's a dog compared to
Object.assign(), which is 209% faster according to a silly benchmark.
- Joined
- Aug 7, 2019
Most companies can't afford and/or undervalue actual security (even IT in general) experts. One of those things you won't see the value in until something actually happens.
- Joined
- Aug 7, 2019
To be fair, they aren't trying to change any functionality, they are looking to add syntax to help type checkers (treating the syntax as comments). However I'm guessing it's just pretext to further specs
- Joined
- Jan 15, 2019
It's incredible that he's doing all this ... on the world's most popular open-source hosting platform, which is built on (and fucking named after) the source control software that inspired it, and where preserving historical versions of everything (comments, pull requests, text, issue titles, source code, etc.) is a fundamental feature. Anyone can go back in any issue's history or the repository's commits to see the original discussions and nefarious deeds. That and all the "juicy" stuff has been well-preserved by all sorts of people, has hit the search engines and has even formally documented at NIST as a vulnerability.
There's no erasing this now. This is a profoundly stupid person.
No. /g/ has been flooded with trolls (and idiots, I assume) all smugly proclaiming "but muh license!" indemnifies this idiot against damage claims. They're wrong, of course.
A license agreement cannot indemnify a party from prosecution for a crime they commit. Whether a piece of paper two people agreed to says "if you use my software you have to accept anything and everything it does" or not, pwning a computer system is still a crime. The vector of attack (and the license agreement governing it, if any) is irrelevant.
Consider the current plague of software-as-a-service. If you pay for a year of access to Adobe Photoshop, if you stop paying after that year, all they do is stop the software from working for you until you pay for it again. They don't go through your filesystem to delete anything you created with it (or just files at random). I don't doubt it's crossed their minds, but their lawyers have probably warned them they'll get in hot water for that. Even just holding a customer's data hostage on their own computers while resolving a payment dispute is a legal grey area.
This guy? He wrote malicious code with no legitimate purpose (i.e. his users would never want it to be triggered and perform its actions on their own systems), obfuscated it (a little), snuck it into an update without disclosing it or warning anyone and allowed it to be released and deployed. When confronted he openly acknowledged he did it to cause damage to specifically-targeted computer systems, then when he realized he'd made a big mistake he quickly began (poorly) trying to cover his tracks.
Null is spot on -- this was malware. You can't protect yourself from legal action or prosecution just by saying "lol I can do what I want" in the license agreement.
ETA:
This is standard operating procedure for Microsoft: embrace, extend, extinguish.
VS Code and WSL are the "embrace" phase (get everyone hooked on their tools and ecosystem). Typescript is the "extend" phase ("it's our flavor of Javascript! Totally backwards-compatible, but with more features!"). Screwing with the Javascript standards is the beginning of the "extinguish" phase ("everybody uses this anyway, so why not make it the new standard and throw out this old-and-busted ES5 stuff? Our technology includes all its features anyway! Why no, we'll never lock it down and/or remove features, why would you ever think that?").
Last edited:
BlaireWhitesBottom
kiwifarms.net
- Joined
- Aug 1, 2021
BlaireWhitesBottom
kiwifarms.net
- Joined
- Aug 1, 2021
- Joined
- Mar 25, 2019
Faggot deserves it. Putin is off the deep end but doesn't mean the population has to do through bullshit like this becuase of a war. i can guarantee you this moron would smash the windows of a russian-owned business if he knew one.
- Joined
- Oct 26, 2017
What a walking stereotype.
Wow his Youtube channel is exactly what to expect from someone who has never touched a soldering iron yet really loves electronic vehicles. Looks like his two friends are the mechanical and hardware guys while Brandon is the designated camera holder and tool fetcher. A troon saga is looking more and more like a reality.
- California code monkey with ego complex
- Obsessed electric vehicle hobbist
- Crashes his own repo for clout
- Oversells his skill as Director of Front End Technology rather than web developer for Spanish clothing company
- Libertarian guy with Asian wife
- Takes compound last name (listing hers surname first)
- Lists his name in niponeese on Facebook 武嵐呑 aka weeb
- Philanderer
Wow his Youtube channel is exactly what to expect from someone who has never touched a soldering iron yet really loves electronic vehicles. Looks like his two friends are the mechanical and hardware guys while Brandon is the designated camera holder and tool fetcher. A troon saga is looking more and more like a reality.
Last edited: