Diseased Open Source Software Community - it's about ethics in Code of Conducts

[BoomerSperg1922]

Sure, maybe it'll turn out to be legit and bdsmith72 there just sucks at articulating things. But in the meantime, my gaydar is picking up strong signals.

the only evidence that points to it being legit is that level of incompetence by an NGO is exactly the sort of thing you'd expect from one.

NGO IT hiring practices are 'hey dont you have a cousin who built you a PC once 5 years ago?'

 

[⠠⠠⠅⠑⠋⠋⠁⠇⠎ ⠠⠠⠊⠎ ⠠⠠⠁ ⠠⠠⠋⠁⠛]

What makes you think this clown is libertarian?

He's an open sexual pervert. What makes you think he isn't a libertarian?

 

[moocow]

IANAL, but typically contracts do not preempt criminal charges. You can’t just have someone sign a contract, and have it insulate you from criminal suits. Civil suits are a different thing, but I’m reasonably sure this’d fall under whatever cyber crimes statute the US has. In addition, I think the way those cyber crime suits work is they are bought by the state, and the state hasn’t agreed to the license anyway. At most, I see it being argued for a bit in court if charges are brought. Honestly, he deserves whatever is coming to him, NPM is a fucking mess, but this guys a right twat to have abused his position of trust like this. At the very least it’ll hopefully encourage JS developers to be a little more careful about dependencies, although it can be hard, since in JS development dependencies rapidly become horrendously nested, cause even now the standard library is quite lacking.

There are federal level computer crimes that could easily be applied here too, of the "unlawful access to a computer system" variety. The Computer Fraud and Abuse Act (CFAA) alone defines a wide selection of charges; they usually have the words "government computer" in them but they also include "or a computer system involved in interstate or foreign commerce," which has (successfully) been interpreted to mean "any god damn computer connected to the internet in any fashion for any purpose." They spanked the authors of the Morris worm and the Melissa virus with a variety of these, for instance.

I imagine the deciding factor on whether the glowies will spank him is whether any kind of meaningful "counter-action" is provoked by this stupidity that targets and potentially harms American stuff. We all know California's pozzed law enforcement won't touch him but if the feds end up taking a black eye from this, they'll go after him instead.

 

[brahsparagus]

How? I've heard a few dozen people say this but no one has explained why. Just repeating shit they heard from the news.

Nigger tried to take over a country full of mad cunts without a 3-4x larger occupying force. Nigger was convinced they'd roll over and yield in under a week. Finally, Nigger absolutely BTFO Kharkiv, arguably the most pro-Russian city in Ukraine (outside of the Dungbass) to the point that they will never be happy in Russia.

TL;DR NIGGER

 

[DumbDude42]

Cheeki breeki comrades https://2ch.hk/b/res/265092109.html / https://archive.vn/zKuo5

btw I am personally impressed that DeepL can translate "soy web developer" from Cyrillic.

>>265096317
Actually, Jews support fascism. It's no secret at all. The first openly fascist was the Jew Abba Achimair, who wrote Notes of a Fascist. His like-minded and like-minded party members were Jews who supported Hitler and thought he wasn't a bad guy. The Likud party, which has been in power in Israel for many years, is an openly fascist party, which relies on the leader and excludes any possibility of dissent. Among its ministers are women who personally shot children in ethnic cleansing in Palestine while serving in the army. So Jews and fascism are about as related as cause and effect.

these russian imageboard guys sure have some interesting opinions kek

 

[HunterHearstHelmsley]

All this opining about whether a virus can be legally distributed if it has a EULA reminds me of the South Park episode.

Libertarian guy with Asian wife

What makes you think this clown is libertarian?

His wife is Asian.

 

[Oxyjen]

What leftism does to a motherfucker. Has a cute wife, still leaves her for a fat "chick" with a penis. Reset the male feminist clock.

I’m not really convinced that the cheating allegations are as serious as some here have made out. It’s pretty unlikely he actually fucked anybody on Ashley Madison (8 years ago) and it’s not clear to me that he was even trying to fuck the tranny (4 years ago) from the message sent. Obviously it could still potentially cause massive strain in his marriage.

Yeah that part is disappointingly thin. Even the hacker’s tweet says “fails to”, and as far as I can see the insinuation is only based on the simping introduction and the fact that he’s subsequently been blocked by the trans person in question.
If there was actually anything juicy it surely would have been posted?

 

[LanceHaver]

He's just started a new repository - this was all just a long-con lesson to teach people about supply chain attacks (lol)

 

[Not Really Here]

There are federal level computer crimes that could easily be applied here too

18 USC 1030 (5) (A)

He's fucked if they bother to charge.

Edit: All of the computers in the world connected to the Internet Fall under the "protected computers" category, and some that aren't.

 

[306h4Ge5eJUJ]

He's just started a new repository - this was all just a long-con lesson to teach people about supply chain attacks (lol)

View attachment 3088245

Imagine pulling the "merely a social experiment guise" card in 2022.

 

[AltisticRight]

He deserved all of this, this is the kind of supply chain attack big globohomo companies try to fearmonger about and people who like open source laugh at. What now, it actually happened! I use a Russian VPN among others and I was so glad I wasn't doing any work when this bastard pulled his gay Reddit stunt.

Good on the Russians for hacking this soybearded queer.

Good. Commie chinks can fuck themselves.

1. People use VPNs
2. Not everyone in China is supportive of Russia, I've spoken to a few who supports Ukraine in this debacle, most just don't give a shit and whines about the Rona everyday.
3. Pulling such stunts will just make fencesitters and people who don't give a shit jump to the opposite extreme. If you think a text file saying "From America with love" will change the minds of Pootin simps, you're dumb.

 

[What the shit]

I'm sure those updoots were worth every second of him working on that virus.

 

[Knight of the Rope]

He's just started a new repository - this was all just a long-con lesson to teach people about supply chain attacks (lol)

Well he's right in a sense that many people have (hopefully?) learned a lesson about supply chain attacks and not trusting soy golem JavaScript devs with critical parts of their software stack.

As for his apparent motive, fair enough honestly. What the hell else can he say at this point? He can't come right out and admit that his fellow Redditors and the faggot that runs the "Anonymous" twitter had him brainwashed into thinking that committing cybercrimes is cool as long as you do it to the '${CURRENT_YEAR} deplorables'. I mean, that is what happened, but he correctly expects that nobody will be sympathetic to that excuse. It's not like he has a lot of options here.

 

[Least Concern]

He's just started a new repository - this was all just a long-con lesson to teach people about supply chain attacks (lol)

View attachment 3088245

this is the kind of supply chain attack

supply chain attacks

I've never heard the term "supply chain" applied to package managers before. Is that a NPM-specific thing?

 

[Knight of the Rope]

I've never heard the term "supply chain" applied to package managers before. Is that a NPM-specific thing?

It's a term that seems to have come into vogue back last year. There's nothing NPM-specific about it per se, but NPM being the fucked ecosystem that it is provides examples aplenty. It doesn't help that all of the recent high-profile supply chain attacks lately (this one, the similar situation we had with the colors.js package back in January, ua-parser-js getting fucked back in October) have all been Node packages.

 

[Spasticus Autisticus]

It's a term that seems to have come into vogue back last year. There's nothing NPM-specific about it per se, but NPM being the fucked ecosystem that it is provides examples aplenty. It doesn't help that all of the recent high-profile supply chain attacks lately (this one, the similar situation we had with the colors.js package back in January, ua-parser-js getting fucked back in October) have all been Node packages.

To be fair it hasn't been all npm packages. log4j is probably the worst of all of them, although that was just shoddy work and not a malicious attack.

 

[Slightly Apathetic Mario]

The language in the dox release/hacked Twitter makes me think this was done by an American. Anyone with an interest in the survival of open source software has a casus belli here.

wouldn't be surprised if it's some /pol/fag trying to larp as a "based russian". only /pol/fags would unironically use the term "bussy"

 

[Psychotron]

big globohomo companies try to fearmonger about

Glowies fear monger about it because it's an actual risk.
globohomo companies are staffed with unmotivated people who just learned 2 code because the alternative is starving, so they have a big risk of falling prey to these kind of attacks.

There are companies that claim to do supply chain software, but these are typically all about feel good optics.

 

[Polish Businessman]

There's nothing NPM-specific about it per se

Well, there kind of is. The earliest versions of NPM didn't provide a way to lock down versions of dependencies at all, you had to use external tools to do that. But most people didn't bother, so every time they built their app new untested versions of libraries were pulled.
Later (after about 5 years) they introduced the package-lock.json, but they did it wrong, and then changed its behavior in unintuitive ways, so nobody bothers to use it. Most people put it in .gitignore. No other package manager I know of has this kind of problem, even PHP, often mocked for its inconsistencies, got it right the first time.

 

[NulWillBecomeTranny]

Nigger tried to take over a country full of mad cunts without a 3-4x larger occupying force. Nigger was convinced they'd roll over and yield in under a week. Finally, Nigger absolutely BTFO Kharkiv, arguably the most pro-Russian city in Ukraine (outside of the Dungbass) to the point that they will never be happy in Russia.

TL;DR NIGGER

Where did you learn the invasion was expected to last a week? The shelling will continue until the people's republic is free.