Post AIOeH6IXoZD5fPshFo by optimal@mastodon.online
(DIR) More posts by optimal@mastodon.online
(DIR) Post #AINYV23xZ2MhhdMLAW by sullybiker@sully.site
2022-04-12T16:45:29Z
0 likes, 4 repeats
This is not cool don't do this:Third npm protestware: 'event-source-polyfill' calls Russia outhttps://www.bleepingcomputer.com/news/security/third-npm-protestware-event-source-polyfill-calls-russia-out/
(DIR) Post #AINeZVpVQuDAuG7OK0 by hacknorris@mastodon.social
2022-04-12T17:53:15Z
0 likes, 0 repeats
@sullybiker better npm with russia or python with meta?
(DIR) Post #AINgBJdPK3Kq2g36Zc by dracoMetallium@pleroma.soykaf.com
2022-04-12T18:11:35.681417Z
0 likes, 0 repeats
@sullybikerWhy is that so many developers are against Russia but none show anti war messages to the people of USA?
(DIR) Post #AINgxpjRHxSdUS0Oae by sullybiker@sully.site
2022-04-12T18:20:20Z
1 likes, 0 repeats
@dracoMetallium I think because people have been trained for years to bark at Russia, and so it's become a morally just war, which is the most dangerous kind of war.
(DIR) Post #AINh0FpfDdZF1C4U7M by sullybiker@sully.site
2022-04-12T18:20:48Z
0 likes, 0 repeats
@dracoMetallium History is full of terrible acts because people believed they were the good guys.
(DIR) Post #AINrYIO7DrE4Ke3ZZI by dottorblaster@fosstodon.org
2022-04-12T20:18:55Z
0 likes, 0 repeats
@sullybiker I understand all the reasons that can lead an individual to do something like this, and yet I think this kind of action is one of the most idiotic things I’ve ever seen in open-source software and software-wise in general
(DIR) Post #AINuvXfMssM8Euu240 by grayrattus@mastodon.social
2022-04-12T20:56:41Z
0 likes, 0 repeats
@sullybiker why? I really don't understand why people have problem with this. Maintainers of packages can do whatever they want. If you don't want to use their code with license that is provided just write your own code.
(DIR) Post #AINyKt3WnKFrgFyqNE by jr@social.anoxinon.de
2022-04-12T20:44:47Z
0 likes, 0 repeats
@sullybiker why shouldn't you do this?
(DIR) Post #AINyKtp1wiFi3aCmPo by sullybiker@sully.site
2022-04-12T21:34:58Z
0 likes, 0 repeats
@jr Do you seriously want me to explain why intentionally creating a supply chain attack is a terrible, terrible thing to do? The damage to the project is already immeasurable. If they want to destroy their own community, they can go ahead.
(DIR) Post #AINycqwHP6NOKN9mjo by sullybiker@sully.site
2022-04-12T21:38:14Z
0 likes, 0 repeats
@grayrattus Don't be obtuse. Deliberate vandalism is a terribly damaging ideal. If they're that keen to fight they can go to Kiev and sign up.
(DIR) Post #AINzWjcvmEk1rlkl8q by ls@social.lsnet.eu
2022-04-12T21:11:38Z
0 likes, 0 repeats
@jr @sullybiker Because this is malware that becomes a risk for everyone. Be it through side effects when determining the location, creating additional vulnerabilities or because it causes other collateral damage.It destroys trust in open source. If we let that happen, soon every protest group will be booby trapping all sorts of software for all sorts of reasons.
(DIR) Post #AINzWkGHPwDVpoABTU by sullybiker@sully.site
2022-04-12T21:48:19Z
0 likes, 0 repeats
@ls @jr It also creates compettion among hackers to perform more and more ambitious exploits. There is no good end. Trust in open source is extremely fragile, and willingly breaking it is nothing short of irresponsible.
(DIR) Post #AIO1ML1Ec80eYgI7Ky by davidhanzlik@mastodon.online
2022-04-12T22:08:47Z
0 likes, 0 repeats
@sullybiker @Gargron I think y'all reacting to a headline... the 'third wave' posts anti-war messaging while leaving functionality unchanged. One commenter likened it to a feature: ""...to some people in Russia, it could be valuable information, something helpful."The article also details the "second wave" (node-ipc) which deleted user data. This is bad behavior, fullstop.https://www.bleepingcomputer.com/news/security/big-sabotage-famous-npm-package-deletes-files-to-protest-ukraine-war/In the 3rds case, saying don't do this is like saying "shut up and dribble" to free laborers.
(DIR) Post #AIO2KJwtilIycBrfP6 by sullybiker@sully.site
2022-04-12T22:19:42Z
0 likes, 0 repeats
@davidhanzlik @Gargron The 'free labour' excuse died a decade ago. if you think doing something for free is a pretext to do what you like, I am not sure I want to live in your ideal of society.
(DIR) Post #AIO9ION10l9pQY6mDg by _trammel@mastodon.social
2022-04-12T23:37:43Z
0 likes, 0 repeats
@sullybiker@grayrattusNothing stopping you from shrinking down to the size of an atom and jumping through a fiber optic cable either. Go fix it yourself since your so anxious.
(DIR) Post #AIO9QNpqsrLQ5KPIOG by _trammel@mastodon.social
2022-04-12T23:39:14Z
0 likes, 0 repeats
@sullybiker@grayrattusBesides it's literally impossible to vandalize your own property.
(DIR) Post #AIO9vtwTYrfwdiXAzw by _trammel@mastodon.social
2022-04-12T23:44:55Z
0 likes, 0 repeats
@sullybikerAnd yet here we are all still talking about it.@davidhanzlik @Gargron
(DIR) Post #AIOG8OKT0azM5D5vw8 by Librenyaa@mastodon.social
2022-04-13T00:54:20Z
0 likes, 0 repeats
@sullybiker Ah yes, I love when people think that Russian citizens have any say whatsoever about what their government does, and punish them instead of their government.Protestware is dumb.
(DIR) Post #AIOHRHN1Cnr3xNrHfc by sullybiker@sully.site
2022-04-13T01:09:02Z
0 likes, 0 repeats
@sasha_sorokin The best thing about that article is the claim FOSS avoids 'reinventing the wheel', which anybody with any familiarity be it developer, user, or sysadmin knows is deeply ironic.
(DIR) Post #AIOKdrPtJNjB5dtQTw by sullybiker@sully.site
2022-04-13T01:44:56Z
0 likes, 0 repeats
@sasha_sorokin The earlier iteration that removed data affected an NGO in Russia, which is what always happens with these things. If you hand somoene a loaded gun, you have no control over what direction it's pointing when the trigger is pulled.
(DIR) Post #AIOKoDcrapZMrmtqpk by sullybiker@sully.site
2022-04-13T01:46:48Z
0 likes, 0 repeats
@Librenyaa There's so many things they could do . Set up web services for an NGO, start a fundraiser. But no, poison the willage well. That'll learn 'em!
(DIR) Post #AIOZJTZljv94fcFdbc by jr@social.anoxinon.de
2022-04-13T04:29:10Z
0 likes, 0 repeats
@sullybiker to be fair I just asked this to make the point that npm dependency management makes supply chain attacks fairly easy and that's why more and more Devs do such things...
(DIR) Post #AIOeH6IXoZD5fPshFo by optimal@mastodon.online
2022-04-13T05:24:53Z
0 likes, 0 repeats
@sullybiker It just shows a message in solidarity with Ukraine. I see nothing wrong with this
(DIR) Post #AIOhqO1aCRpIdtSsd6 by optimal@mastodon.online
2022-04-13T06:04:53Z
0 likes, 0 repeats
@sullybiker @sasha_sorokin This just shows a message, nothing else.
(DIR) Post #AIOtDBjl9K9kgpCfeS by grayrattus@mastodon.social
2022-04-13T08:12:16Z
0 likes, 0 repeats
@sullybiker I disagree. Stupid JS developers take npm security for granted and it's their fault for not checking versions on regular basis.And because you mentioned that devs that made the change should go fight in Kiev I politely want to write fuck you.