Conversation

Conversation

Notices

lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Sunday, 09-Jan-2022 19:40:00 EST lnxw48a1

Dev breaks all users of his code because he's angry about corporate freeloaders. https://nu.federati.net/url/284572 [www bleepingcomputer com]
In conversation Sunday, 09-Jan-2022 19:40:00 EST from nu.federati.net permalink
Attachments
1. Invalid filename.
  
  Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps
  
  from BleepingComputer
  
  Users of popular open-source libraries 'colors' and 'faker' were left stunned after they saw their applications, using these libraries, printing gibberish data and breaking. Some surmised if the NPM libraries had been compromised, but it turns out there's more to the story.
1. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Monday, 10-Jan-2022 06:03:34 EST lnxw48a1
  in reply to
  
  https://abc7ny.com/suspicious-package-queens-astoria-fire/6425363/ [abc7ny com]
  
  Same guy, it looks like.
  
  Frankly, if you don’t want freeloading off your work, don’t use licenses designed to encourage freeloading., such as MIT. Use community building licenses like LGPL, GPL/GPLv2/GPLv3 and AGPL/AGPLv3. Or dual-license … LGPL for non-profits and a commercial pay-for-use license for profit-making entities.
  
  But I suspect that he has other issues.
  In conversation Monday, 10-Jan-2022 06:03:34 EST from nu.federati.net permalink
  Attachments
  1. Invalid filename.
    
    Neighbor on Queens man with bomb-making equipment: 'Obviously the man is sick'
    
    from ABC7 New York
    
    The investigation continues into the discovery of bomb-making materials after a fire inside a home in Queens, and the neighbor who first noticed something strange is speaking out about what led authorities to the suspect.
  1. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Monday, 10-Jan-2022 08:17:15 EST lnxw48a1
    in reply to
    
    Some people are angry that GitHub and NPM undid his modifications and locked his accounts. But if he's intentionally putting malicious code into a commonly-used public repository, that's the only responsible choice.
    
    If your chosen 3rd party software repository would not intervene in that case, it is a good reason not to use anything in said 3PSR.
    
    In conversation Monday, 10-Jan-2022 08:17:15 EST from nu.federati.net permalink
  2. GeniusMusing (geniusmusing@nu.federati.net)'s status on Monday, 10-Jan-2022 20:40:13 EST GeniusMusing
    in reply to
    
    Developer Bricks Open-Source Apps Colors and Faker, Causes Chaos
    https://gizmodo.com/an-open-source-developer-just-caused-a-whole-lot-of-cha-1848331944
    
    >However, Gizmodo was not able to find any independent corroboration that the bomb-Squires and coding-Squires are one and the same.
    In conversation Monday, 10-Jan-2022 20:40:13 EST from nu.federati.net permalink
    Attachments
    1. Invalid filename.
      
      An Open-Source Developer Just Nuked Two Apps, Causing Chaos
      
      from Gizmodo
      
      A whole lot of software projects were ruined recently when the developer behind two coding libraries decided to corrupt them with a series of bizarre commits.

Public

Notices