Diseased Open Source Software Community - it's about ethics in Code of Conducts

  • 🐕 I am attempting to get the site runnning as fast as possible. If you are experiencing slow page load times, please report it.
Chris Hagnagy as mentioned before has sued Defcon for defamation.
Good for him. He deserves his day in court, rather than the mob "justice" he was subjected to.

I haven't been to a tech conference in years, even before the rona stupidity. They weren't more than an arena for clout-chasers, or the sort of people who are more interested in being performative rather than just doing things. As far as I could tell, most of the attendees were there to get drunk and hook up, then later to exploit the organisations behind the conferences for their own profit and power. Tech is a distinctly secondary concern.
 
You can see all the comments on the previous snapshot.

At least someone on the team was sound enough to cover up all of the owner's retardation when he responded to Josh with all his expertise. You can see that in the last comment he was willing to block KF on the CDN but couldn't due to his provider not supporting IPv6 blocks.
Troons are a cancer and must be excised.
 
To which the project owner responds with profanity and pledges to block KF's servers from accessing his repos.
The dev is an eastern european "male feminist" that looks the part
Chris Hagnagy as mentioned before has sued Defcon for defamation.
Good. Defcon needs to clean house or die. It will die either way. The response from these people isn't surprising. A lot of the "hack the planet" people were just following what's acceptably counter culture and shifted when the media shifted its narratives.
To add to your informative Feb post chronicling tech conference drama, I have two rather small things about 2016 Defcon : The "Make Defcon Great Again" hat harassment. A non-tech? woman counting the amount of men and women entering talks and tweeting at Defcon staff about the sex disparity throughout the conference. This is all the person seemed to do during the day.
January 2017: “Counting” of # of women at various security conferences.
@SushiDude seems to have an obsession with counting women vs. men at conferences.
Maybe it was this person and maybe it was 2017 Defcon.
 
Last edited:
A non-tech? woman counting the amount of men and women entering talks and tweeting at Defcon staff about the sex disparity throughout the conference.
So a conference for an activity mainly participated in by autistic, antisocial males with oppositional defiant disorder mainly consists of autistic, antisocial males with oppositional defiant disorder. What amazing research!
 
So a conference for an activity mainly participated in by autistic, antisocial males with oppositional defiant disorder mainly consists of autistic, antisocial males with oppositional defiant disorder. What amazing research!
Next thing we know she'll be illuminating us about how knitting conventions are weighted towards women.
 
I may have stumbled upon one of the cringiest JavaScript framework teams today.

Meet NullStack JS...
https://nullstack.app/

Some highlights from their site:
Link: https://nullstack.app/contributors
Archive: https://archive.ph/Bcr1Q
ns_contrib.png

 
The developers look like people terminally on Twitter but I do appreciate the effort in creating something open source. I don't think they're even the first to adopt waifu branding and the fanart seems to be based on a slightly different character design than the official portrait?
 
Last edited:
A based developer of a third-party Minecraft mod manager kicked out all the leftist political activists and deleted their woke Code of Conduct:
1666115415436.png
This is the commit (Archive) that they're complaining about:
1666116921186.png
The CoC (Archive) was the standard Contributor Covenant one, i.e. woke trash.
The maintainer had previously tried to edit the CoC (Archive), but was harassed:
1666117846898.png


Said woke developers start spreading false rumors that the repository is hacked:
1666115449418.png1666117062285.png
1666117646148.png
1666117650675.png

When it is pointed out that it has not been hacked, they argue that it could be hacked in the future and create a fake CVE. They then sent this fake CVE to Nix (Archive), Gentoo (Archive) and possibly other package managers and successfully got the package removed.

The fake CVE:

OVE-20221017-0001: PolyMC appears to be compromised​

===============================================================================================================================================================​

A 4 minute read.
1666115563757.png
Image generated by Waifu Diffusion V1.3 -- studio ghibli, cyberpunk, trash can, fire, forest fire, forest, lots of fire
PolyMC is a modpack manager for Minecraft that allows users to manage multiple logical installations of minecraft with their own sets of mods or plugins. Today it seems that the main maintainer of PolyMC has deleted all of the contributors from having access to the GitHub ACLs and has removed the code of conduct as of PolyMC/PolyMC@ccf282593dcdbe189c99b81b8bc90cb203aed3ee. The main maintainer has also been reportedly using charged language and slurs freely as a result of being called out for this.
It is unknown at this time if PolyMC is compromised, but software like this being in the hands of reactionaries is a very sketchy situation. I am monitoring this situation and will give updates when I can.
It is unknown if it is safe to run existing installations of PolyMC, as it reportedly fetches metadata about .jar files to run at runtime from a now presumably untrustworthy service.
If you are a user of PolyMC, it may be best to uninstall it until we can get more information about this emerging situation. I am treating this as a compromise of the upstream because that is the least bad way to describe this. If you are a package maintainer for a distribution that packages PolyMC, use `OVE-20221017-0001` as the vulnerability ID for your bug tracker. It may be best to yank or freeze PolyMC until we get more information.
Here are other discussions about this:
Future updates to come.
UPDATE(2022 M10 17 22:35): Minecraft mod launchers work by downloading arbitrary Java bytecode as instructed to by a metadata server. The metadata server that PolyMC uses is in the hands of the threat actor in control of the GitHub organization and as such you should treat any file that the PolyMC launcher downloads as advised by that metadata server as compromised. We do not have evidence of any compromise at this time, but the Minecraft mod ecosystem does not cryptographically sign mods when they are published so we have no way to easily tell.
Some people have advised that users of PolyMC can mitigate this issue by changing the metadata server that the client uses, however I do not feel this is a sufficient fix. I suggest that you should *purge* the PolyMC launcher from your systems and wait a few days for the dust to settle. No offense to the estranged PolyMC devs that are just trying to create a working solution for users, but there is not enough clarity to really know what is going on.
NixOS and Gentoo have masked the PolyMC package. PolyMC is no longer installable via those distributions. I am told that the Flatpak package is not under the control of the threat actor, but I want to wait and see.

1666115585576.png
<Cadey> Happy monday, eh?
He also lost access to Arch:
1666118175067.png
AUR Link: polymc-git 1.4.0.r348.gc089f9b5-2 (Archive) (Credit)

The original dev loses his packages because he could push a malicous update, so the "contributors" actually do something malicious to "stop" him.

Microsoft employees working on Minecraft have lied and said that this is malicous:
1666116615928.png1666116367704.png
Source (Archive)
1666116512780.png1666116373515.png
Source (Archive)

and allegedly revoked the tool's Microsoft account API keys:
1666117461117.png
Source (Archive 1) (Archive 2)
(Edit: this has been confirmed):
1666118127539.png

Massive amounts of reddit brigading and fearmongering:
1666115992416.png

Source (Archive)
1666117089423.png

1666117340971.png
Source (Archive)
1666116667196.png
Source (Archive)
1666116703586.png
1666116715914.png
1666116748489.png
Source (Archive)
1666116785185.png

Source (Archive)
1666116816847.png
Source (Archive)
1666115744330.png1666116121583.png1666116169454.png
Source 1 (Archive) (Should've read the license (GPL) (Archive) and CLA (Archive) then morons).
Source 2 (Archive)
Source 3 (Archive)

I wish they'd look up Notch's politics and stop playing Minecraft for good.

All of this is because the dev isn't a "leftoid", not because he actually did anything malicous.
 
Last edited:
quaawaa said:
A based developer of a third-party Minecraft mod manager kicked out all the leftist political activists and deleted their woke Code of Conduct:
Also covered in the Minecraft thread as it happened. It's infuriating to see how fast misinformation spreads on the Internet nowadays.
 
My question is, did the developer who did this have the "right" to do it. For example if he clearly positioned himself as leader and owner, then it would be his right. However if he shared leadership equally with other devs, then it's bad sportsmanship to make decisions unilaterally. Of course, the other devs are free to voluntarily stop working on the project too.
 
My question is, did the developer who did this have the "right" to do it. For example if he clearly positioned himself as leader and owner, then it would be his right. However if he shared leadership equally with other devs, then it's bad sportsmanship to make decisions unilaterally. Of course, the other devs are free to voluntarily stop working on the project too.
On the one hand, if I had put a lot of work into devving on a project like this, I wouldn't be too happy about the lead dev blowing it up so publicly like this. But on the other hand, I do think both large and small dev projects work best when they have a benevolent dictator to make decisions that need to be made without bureaucracy of committees and that sort of thing. So yes, I think this guy had the "right" to do this, though were I in his position, I think I would have tried to do it a bit more quietly and avoid the drama circus we're currently seeing.

FWIW, I haven't seen this story surface on HN yet, so it may not yet have bubbled out of the leftist Minecraft community. Probably just a matter of time until it does, though - I wouldn't be surprised if there's not some hack at Kotaku putting the finishing touches on their hit piece as I type this.
 
  • Like
Reactions: nah
Back