Diseased Open Source Software Community - it's about ethics in Code of Conducts

[Frail Snail]

He's just started a new repository - this was all just a long-con lesson to teach people about supply chain attacks (lol)

View attachment 3088245

Well, the repo is currently empty. Which makes sense because, unless you have the power of precognition, you can't predict which packages are going to be a security risk ahead of time (unless it's NPM, where all of them are a risk). Here's my test contribution to it: "Am I using any software authored by Brandon Nozaki Miller?" "If yes, my security is compromised."

Nigger tried to take over a country full of mad cunts without a 3-4x larger occupying force. Nigger was convinced they'd roll over and yield in under a week. Finally, Nigger absolutely BTFO Kharkiv, arguably the most pro-Russian city in Ukraine (outside of the Dungbass) to the point that they will never be happy in Russia.

TL;DR NIGGER

Thank you for the summary, Dr. Harris.

 

[LanceHaver]

Well, the repo is currently empty. Which makes sense because, unless you have the power of precognition, you can't predict which packages are going to be a security risk ahead of time (unless it's NPM, where all of them are a risk). Here's my test contribution to it: "Am I using any software authored by Brandon Nozaki Miller?" "If yes, my security is compromised."

I think he's just initalised the repo for some future tool, although there are already plenty of Node dependency-scanning tools, Node even has one built one (npm audit) although it's not that great. It's just weird.

 

[emuemuemu]

What makes you think this clown is libertarian?

>abusing a position of trust to violate property rights of a group of people just because government propaganda told you they are the enemy so it's ok to do shitty things to them
If Ben ultra-zionist-warmonger Shapiro can call himself libertarian then anyone can I guess.

I've never heard the term "supply chain" applied to package managers before. Is that a NPM-specific thing?

I think any package manager is a potential vector for a supply chain attack.

https://debconf17.debconf.org/talks/100/

 

[stakenifes]

I hope to fucking god he goes to jail because this is unambiguously a virus. You can't "file" criminal charges but you can ask a prosecuting attorney or law enforcement agency to look into it, but chances are - if this story is real - they definitely will.

To the OSS community, he's trying to play this off as a 'lesson' to save face, but this is much more malicious than something that someone like Sorkin did, so I hope this cunt gets chased by the FBI. If not, coz politics, I hope some random organisation(s) file a suit. Cunt deserves jail.

 

[karz]

This would be an impressive display of hacking finesse if the IPs targeted were associated with Russian Intelligence services like FSB and SVR.
But that didn't happen, and it wasn't a targeted attack.
Instead, some autistic FOSS sped got his ass cheeks clapped for trying to be a vigilante.
I hope he lands in a courtroom for making an ass of himself and making a mess for Russian citizens who have nothing to do with Putin's war.

 

[Kaede Did Nothing Wrong]

I wonder which NGO could this person be referring to. you would think a cyber attack with consequences like this would make the news quickly. there's amnesty, human rights watch, maybe bellingcat, idk who else? he is toast if this really happened imo.

 

[Chen Stirner]

He's just started a new repository - this was all just a long-con lesson to teach people about supply chain attacks (lol)

View attachment 3088245

I can only imagine the look on his face when he came up with this excuse for his actions.

 

[as a latinx i]

app4soft yells at foone (notable tech troon on twitter)

nigga literally created /r9k/ and was responsible for nuking /pol/ the first time

https://archive.ph/TtFjw

https://archive.ph/KfXt0

oh yeah he was (still is?) muties with sarah

 

[The Demon]

don't worry bro, it's just protestware. it's a non violent, plus it's all public, licensed, documented, and open source. at least, now it is

 

[joebobmurphy]

don't worry bro, it's just protestware. it's a non violent, plus it's all public, licensed, documented, and open source. at least, now it is

Mostly peaceful malware.

 

[WhiteNight]

He's an open sexual pervert. What makes you think he isn't a libertarian?

Because he has only expressed interested in adults.

 

[moocow]

He's just started a new repository - this was all just a long-con lesson to teach people about supply chain attacks (lol)

"Sorry about that malware I wrote and spread to millions of computers surreptitiously (possibly including yours) then lied about and mocked everyone for being upset about. Please install this other software I wrote (that I pinky-swear isn't also malware) to help you find potential malware and vulnerabilities in your other software."

Fuck this asshole.

 

[Da Grim Reaper]

Just saying, the way Americans are treating Russians lately will backfire hard in the future.
If it wasn't for their ignorance, there would be no enemies, because they are the ones making their own enemies.

 

[Breadbassket]

Just saying, the way Americans are treating Russians lately will backfire hard in the future.
If it wasn't for their ignorance, there would be no enemies, because they are the ones making their own enemies.

Creating a large amount of resentment in a giant group of people has never backfired for the United States and its citizens.

 

[LanceHaver]

He updated his weird new repo:

A cursory look of the files (there's only three: index, findFiles and readFiles), it just recursively parses all your Node packages, and if one doesn't have the version explicitly set, it will increment the vulnerability count. In line with the whole 'this was a tough lesson in how important version pinning is '. He also has a bunch of weird messages in the commits:

His weird sentences and intentionally bad spelling are probably a mix of irony and he's obviously losing his mind a bit

 

[Phil The Thrill]

Now that he has destroyed his best work the next step is to ruin his tenuous marriage and then become a troon.

FOSS programmer? Check.
Obsessed with Japan? Check. Bonus points if he has an animu waifu profile picture on GitHub.
Terminally online? Check.
Slacktivist overly invested in $CURRENT_THING to give his life purpose? Check.

Listen to this man, he's called it. He knows.

 

[Carpenter Trout]

I have an hunch that Apple and the likes will probably make their goal to demonize open source even more. lol.
even mental outlaw was pissed off.

 

[Computer Guardian]

I have an hunch that Apple and the likes will probably make their goal to demonize open source even more. lol.
even mental outlaw was pissed off.

I wouldn't be shocked considering one of their opponents (GNU/Linux) is built off of open source, so what better than to try demolishing one of the few universal good parts of such competition.

 

[Reverend]

The russian dox info/format was straight out baller and old school as it comes. Future edge lords can learn from that format when they try to be as badass as the ruskies are.

 

[Ted Kaczynski]

Where did you learn the invasion was expected to last a week? The shelling will continue until the people's republic is free.

This thread isn't for discussing Jews fighting each other, why are you two sperging so hard