James Q Wilson
kiwifarms.net
- Joined
- Mar 13, 2022
Back in the golden age of piracy.
Diseased Open Source Software Community - it's about ethics in Code of Conducts
- Thread starter CrunkLord420
- Start date
-
🐕 I am attempting to get the site runnning as fast as possible. If you are experiencing slow page load times, please report it.
Electric Pence
kiwifarms.net
- Joined
- Jan 2, 2021
If you're going to hack people, it would probably be prudent to do it with a dedicated computer in a remote warehouse or someplace far from where you live so if it goes south you don't lose everything. Same goes with using a dummy computer for downloading stuff that you suspect might contain a virus or ransomware so if it gets fucked up, you don't lose everything.
But that's just me. I don't know if someone else said what I said, but I don't feel like reading 50 pages worth of comments.
But that's just me. I don't know if someone else said what I said, but I don't feel like reading 50 pages worth of comments.
- Joined
- Jun 14, 2020
No one is sperging aside from you.
- Joined
- Nov 8, 2014
This is awesome. He spergs out, apparently injures nobody but innocent bystanders and plenty of people he didn't intend to target, and essentially destroys his career as an open source developer in the process. Really amazing how karma can work so quickly.
- Joined
- Jun 16, 2021
Fucking funny as shit the cunt had it put this text file full of the hippiest of shits in in all these languages saying we are all human and we shouldn't fight and the motherfucker had the audacity to then single out some humans merely for being in a country because 'Putin bad'! The fucking irony is beautiful, he deserves everything he gets.
- Joined
- Mar 3, 2021
He looks like he's having a full breakdown.
His nonsense about the Hindenburg is also interesting. How does he think the situations are at all similar? And what does he think the solution is, exactly? His supply chain attack happened because he took the years of trust he'd built up as a Node developer (lol) and traded it all in for a chance to fuck everybody over. That's always going to be a risk in any organization of any size. The counterbalance to that is supposed to be that most people that have entrenched themselves as (literal) fixtures of a respected community aren't insane faggots willing to destroy their own reputation for Twitter asspats. (Or to use his weird Hindenburg metaphor, there's nothing anyone can really do if the Hindenburg's pilot, trusted with the controls, wants to suddenly drive it into the ground.)
- Joined
- May 30, 2016
I wonder if for his next trick whether he'll scan his employer's Active Directory and disable any account where the user's name has a Russian naming convention. It'll be just as accurate as what he did here, because he's going to hit American and Ukranian accounts as well. But he won't -- because this is too close to home, and they can find him in the parking lot.
His attempt to become the next Frank Abagnale, Jr. or Kevin Mitnick with the "supply chain security" claptrap is off the mark. Both Abagnale and Mitnick give security training, but there's a reason people listen to them and not to Brandon Nozaki Miller:
1) Abagnale and Mitnick didn't go after individuals not connected to them, and
2) They both became consultants after serving time. In short, they had paid for their mistakes.
Brandon Nozaki Miller has not paid for his mistakes. And no, having your Twitter hijacked does not count.
- Joined
- Feb 9, 2013
Well and probably more importantly, they'll probably be able to provide more profound insights than just "when you get work from other people, you trust them, and sometimes that trust can be misplaced", which is really all he's offering.
Dylan
kiwifarms.net
- Joined
- Jan 31, 2016
This faggot deserves to be turned into a tranny.
With 800cc bolt on, full face lift, lip fillers like baboon ass, and most importantly penile inversion at rumer's.
With 800cc bolt on, full face lift, lip fillers like baboon ass, and most importantly penile inversion at rumer's.
The Demon
kiwifarms.net
- Joined
- Dec 8, 2017
It was an isolated incident that in no way connected to anything he's done
Anne I. O'Nick
kiwifarms.net
- Joined
- Jan 1, 2022
The browser project Pale Moon has developed (another) slapfight between the core maintainers/developers:
https://forum.palemoon.org/viewtopic.php?f=65&t=28003 (a). I don't know what specifically caused this falling out, but there's a lot of good milk in the Pale Moon project. In the meantime we can enjoy one maintainer whacking another on the forums, trying to pull down the project infrastructure, and getting banned.
Reports where that Tobin tried to delete the website, DNS zonefile, etc. Moonchild currently reports the damage following Tobin's flameout:
Backstory:
Pale Moon is fork of Firefox, originally gaining popularity off of the tantrum when Mozilla announced they'd stop supporting XUL (an extension framework) for firefox in 2016 on account of it being an unmaintainable piece of shit. This would have broken many popular plugins, giving PM the userbase it needed.
Since then it's a continuous clusterfuck. In 2019 they had a major security breach where malware was inserted into every archived version of the browser.
Moonchild (M. C. Straver), the primary developer, has been known for tantrums relating to distribution: most open source software releases source tarballs which people can use to build the product, and allow people to follow along and contribute. Pale Moon is not like this, instead the only supported/official release is pre-compiled by the developer and offered as a compiled binary that is impossible to verify matches the source code. The ongoing development of the source code has also been closed, offering only snapshots at the same time as a new binary release. Moonchild is vociferously against anyone forking his project, despite itself being a fork.
Despite ragging on Mozilla about dropping XUL and winning the userbase that cared about that, Moonchild boldly has since decided to drop support for XUL as well in 2021: https://www.ghacks.net/2021/04/28/p...refox-extensions-anymore-that-are-not-ported/ . The appropriate drama ensued as you'd expect /g/ spends 5 years stanning a browser as superior in the way that /g/ does, only for the new developer to pull the exact same shit.
In 2021, the meme dream reached fever pitch and someone created Male Poon to rip the shit out of him, which has since been taken down but archived here: https://git.kiwifarms.net/KotJohansson/Male-Poon
There's a starter for 10, and I hope someone will put in the effort needed to whipping this up into a thread of it's own. They all deserve one.
https://forum.palemoon.org/viewtopic.php?f=65&t=28003 (a). I don't know what specifically caused this falling out, but there's a lot of good milk in the Pale Moon project. In the meantime we can enjoy one maintainer whacking another on the forums, trying to pull down the project infrastructure, and getting banned.
Reports where that Tobin tried to delete the website, DNS zonefile, etc. Moonchild currently reports the damage following Tobin's flameout:
It's a big deal all in all and the project is seriously damaged. Some users are calling it criminal damage and suggesting that charges be pressed.
Backstory:
Pale Moon is fork of Firefox, originally gaining popularity off of the tantrum when Mozilla announced they'd stop supporting XUL (an extension framework) for firefox in 2016 on account of it being an unmaintainable piece of shit. This would have broken many popular plugins, giving PM the userbase it needed.
Since then it's a continuous clusterfuck. In 2019 they had a major security breach where malware was inserted into every archived version of the browser.
Moonchild (M. C. Straver), the primary developer, has been known for tantrums relating to distribution: most open source software releases source tarballs which people can use to build the product, and allow people to follow along and contribute. Pale Moon is not like this, instead the only supported/official release is pre-compiled by the developer and offered as a compiled binary that is impossible to verify matches the source code. The ongoing development of the source code has also been closed, offering only snapshots at the same time as a new binary release. Moonchild is vociferously against anyone forking his project, despite itself being a fork.
Despite ragging on Mozilla about dropping XUL and winning the userbase that cared about that, Moonchild boldly has since decided to drop support for XUL as well in 2021: https://www.ghacks.net/2021/04/28/p...refox-extensions-anymore-that-are-not-ported/ . The appropriate drama ensued as you'd expect /g/ spends 5 years stanning a browser as superior in the way that /g/ does, only for the new developer to pull the exact same shit.
In 2021, the meme dream reached fever pitch and someone created Male Poon to rip the shit out of him, which has since been taken down but archived here: https://git.kiwifarms.net/KotJohansson/Male-Poon
There's a starter for 10, and I hope someone will put in the effort needed to whipping this up into a thread of it's own. They all deserve one.
Last edited:
James Q Wilson
kiwifarms.net
- Joined
- Mar 13, 2022
Yup, what you're looking at there is a big ole violation of the CFAA or The Computer Faud and Abuse Act of 1986. The feds will ass fuck him with it. Minimum of 10 years, maybe more, been a while since the feds have really dunked on someone to make a point.
- Joined
- Oct 8, 2021
We know.
There already is one. We even have Tobin himself posting there. Granted, your post is miles and away better than the OP there, but you still get an alarm clock.
Hồ Chí Minh
kiwifarms.net
- Joined
- Jul 11, 2021
The run-in when the OpenBSD people tried to make a Pale Moon port is infamous and pretty funny. Note this is just a development/staging thing where some OpenBSD devs work on ports: it's not "in OpenBSD ports" or anything close to that. That Tobin guy just went full guns blazing from the first sentence.
More license drama: one, two, three. The concept of "asking nicely" seems foreign to these people. Tobin also banned that MyPal thing from their extension thingy. They ban quite a lot of stuff in there for some reason.
The Pale Moon forums is pretty hilarious; there's quite a few people who are pretty deep in to all sorts of conspiracy stuff, people always shouting at each other, discussions about the Pale Moon browser veer off in to all sorts of weird political (often conspiratorial) directions, etc. You see this here too with weird comments about "enemies" and whatnot. I used to have a list of funny threads I compiled after that OpenBSD issue, but I can't find it right now so I don't think I have it any more.
- Joined
- Apr 25, 2019
He should have been HONORED that it's getting an OpenBSD port as it'll clean up the code base to be secure, clearly defined, and functional unlike the spaghetti mess of shit code that it is right now.
EDIT: Reading that DEMAND letter was fucking golden and Ibara sounded just like Patrick Tomlinson with his dismissal of "Go away petulant child"
- Joined
- Dec 28, 2014
I used to use this with a very old MacBook (in fact the very first one), because it was one of the few browsers still supported for 32 bit OSes, so would still work in Snow Leopard. I'm glad I didn't have to rely on it after the autism of the project began to affect the quality of the product.
It was pretty good for what it did.
Anne I. O'Nick
kiwifarms.net
- Joined
- Jan 1, 2022
I'll take a late rate just so people don't have to read that thread. We need to stop letting the cows schiz out here.There already is one. We even have Tobin himself posting there. Granted, your post is miles and away better than the OP there, but you still get an alarm clock.
Druveer
kiwifarms.net
- Joined
- Oct 12, 2018
In the mid 90s I downloaded something from really good midi music and have really beautiful full screen visualizers... that's all it was (as far as I know) no keygen, just that. Loved it. Wish I could find it or something like it again.
It's pretty much the same issue when you see rich(ish) chinese people wearing shirts that say random english words.
- Joined
- Mar 11, 2020
No real cows involved here but a shocking lack of security oversight. To understand how big of a fuck up this was/is - imagine that a user's SSO they use for ever service was compromised. Now, imagine that not only their entire company's entire set of SSO logins was compromised - but that EVERY SSO account managed by the SSO infrastructure provider was now available to be used by malicious actors.
This is what happened with Okta. An employee (or employees') account was made vulnerable to remote access, with all major privileges. Compounding the issue was the firm's steadfast denial for hours that the intrusion had occurred. Even now, having acknowledged it, the firm continues to downplay the significance.
Their report contradicts itself directly within the first two paragraphs, making the rest of the laughable attempt at a "post mortem" difficult to put much stock in.
Unfortunately for corporate users, there's no much indication any other SSO infrastructure operators are much better. With no industry standard on auditing SSO platforms and with clients having little to no oversight on the security practices of their SSO providers, customers have to take it on a good faith basis that SSO infra providers are protecting their, and their clients', assets in an appropriate matter.
Sadly I expect this story to have little to no lasting impact and for these kind of glaring hijack exploits to continue to pop up from time to time. It'll take a massive abuse (i.e. a Colonial Pipeline situation) before the right parties wisen up and take the industry to task.
EDIT: Microsoft has done a far better job highlighting the modus operandi of these actors than Okta did - and revealed that Okta was just the tip of the iceberg. https://www.microsoft.com/security/...ations-for-data-exfiltration-and-destruction/
EDIT 2: https://www.okta.com/blog/2022/03/oktas-investigation-of-the-january-2022-compromise/ Okta has doubled down on their claim now that NO breach occurred despite Microsoft's independent verification of the threat actor's network and process. This is such a bad look and these guys are such massive beneficiaries of vendor lock-in and customer inertia.
Last edited:
- Joined
- Feb 8, 2021
Giving a single company the ability to forge login credentials all over the place is such an amazingly retarded decision it boggles the mind. I hope saving the few bucks in administration costs was worth this disaster.