Node IPC Going Back in Time
Well I’m sure if you follow this blog (if anyone). You most likley heard of node-ipc. This reminds me a lot from when people did not know how malwayre worked, and the famouse worm that self duplicated by looking up everyone in the email contacts and sending itself out. What does this recent event says about the current ‘software developers’ that it affected. It means that they have or at least had no concern about security. They just trusted their projects to one point of failure. A upstream library gone rouge. How could this been prevented? I think this goes back to the first things that I hinted, central technologies are a bad idea. Let this be a warning to alaways try to audit some code before you let some critical machine do an update. This is why the most important part of open source code is the abilty to audit the code. Now even this is by definition a new type of malware that has been called “protestware”, I disagree with this. How does deleting data from machines that have a Russian IP “protest” anything? What if this “protest” actually deleted work that could had expedited the end of the current Russia v Ukraine war. Or how does punishing every day Russians help them be against the war? If anything it’ll make them empathetic and start agreeing with the propaganda that the west is indeed out to hurt them personally. Brandon Nozaki Miller has himself pushed out of any career, nor will he ever be able to clear his reputation from this. He has hurted the open source trust and will be used as an example into why normal every day people should not switch from Windows or OSX to linux. Everyone is to blame here. Brandon Nozaki Miller, devs that just merged code into projects without auditing before (or looking at the releas notes. I highly suggest checking out the github issue page it is indeed comical, and it is even funnier watching Brandon Nozaki Miller delete the complains. Not only did he screw up and every one knows it, he is censoring opinions about it. To everyone commenting on there it would be better if you do a small snippet like this. No way he can delete this post.
Sat, 26 Mar 2022 18:35:15 -0500