>Open source, as it has grown, is broken and the larger it grows the more likely that catastrophic events will occur. Given the potential for damage with this exploit, the fact that it was so limited is a blessing. It’s also not limited to node.js or npm, there is just as much misplaced trust in sister ecosystems like Python’s pypi and Ruby’s gems and with Github as a service itself. Anyone can publish to these and control can change without any notice. Even without a change of control, there’s so much code that thoroughly vetting it all in the first place would grind any team to a halt. In order to meet timelines, developers install what they need to install and security teams and automated tools just aren’t able to adapt to the pace at which software changes.
Wrong. It's the users' fault for not auditing all 37,000,000 lines of code in the dependency tree before deploying it.
Mason Brooks
open sores and buttcoiners btfo
Joshua Ross
Why the hell do you think we don't want systemd? No one can audit that shit and now almost everything depends by default on some redhat shit.
Jaxson Gray
What you meant is that npm and the mentality and ecosystem it created was a mistake.
Nolan Myers
Equivocation NPM was a mistake, not open source.
Jace Collins
>consume >consume >consume what the fuck has been consumed?
Dominic Fisher
>Open source was a mistake. Had this been closed sourced, it would never be made public and possibly, companies wouldn't bother fixing it because it would cost more money and resources. Fuck off with your FUD.
Jonathan Rodriguez
>boohoo someone made software for free and I used it but he doesn't want to maintain it anymore Just fork it instead of being a faggot. They shouldn't update mindlessly
Jaxson Ortiz
>the broken javascript ecosystem broke again >somehow this is the fault of open source "news" shadow written by Steve Ballmer
Eli Gutierrez
You mean the "I'm entitled to free stuff!" mentality? That's thanks to open sores. >Had this been closed sourced, it would never have happened FTFY >companies wouldn't bother fixing it because it would cost more money and resources Le evil capitalist corporations meme XD
Kayden Ortiz
post >yfw you aren't affected because you don't touch NPM or JS in the slightest
>npm Are you retarded? nobody use nodejs. Javascript = malware.
Logan Bennett
>Le evil capitalist corporations meme XD Not evil, just lazy. You'd never believe what kind of ancient shit is found in corporate IT.
Julian Ortiz
>Le evil No, they don't want to waste money. Just how business works.
Also >I don't know it happened so it never happened Don't get angry if you have double digit IQ.
Jaxson Martinez
>companies wouldn't bother fixing it because it would cost more money and resources. On top of that, they would optionally sell it to intelligence agencies as an intended backdoor.
Austin Edwards
>An application was be built
Landon Watson
>Le evil capitalist corporations meme XD Your NEET is showing (and bootlicking above all) Companies are reactive to problems, only big tech shit can afford investment on prevention
Cameron Collins
“THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.”
Blaming others for your inability to read is uncalled for. The license makes it clear as daylight that it comes with no warranties of merchantability. Moving to closed source won’t fix your inability to read. No one cares if you choose to use proprietary libraries either. Hence:
Open Source does not force you to be lazy, that’s just a trend in JavaScript community. Don’t blame Open Source because your community needs left-pad (just an example). Although the project comes with no warranties, Open Source does not force you to do a bad job in doing project management, neither does it prevent you to write bugs. Open Source is not your antivirus. Had this been closed source, issues like this probably would never actually fixed. Companies may optionally sell the exploit as a desired backdoor to intelligence agencies. You know the ins and outs of the exploit because the source is open. Your NPM package is compromised does not mean that the Open Source is compromised. You had the option to either audit or ignore the package yet you chose to use it, which is entirely your choice.
Refrain from spreading malicious propaganda filled blogs. Not that I expect you to listen. It’s a free world.
Joshua Gutierrez
Honestly CI vendors could make a killing with this. >trust in open sores projects gets hit by this >sell a CI service to scan builds for miners >projects that use and pass this service get to certify themselves as miner-free
Jaxon Ortiz
These are bad practices period and not limited to open source.
Alexander Cruz
fug, how with we ever recover?
Jaxon Cox
So I decided to take my anger out on the cuck who wrote this gg, OP
If you're still here based pajeet I would point out to him that just because javascript is for retards doesn't mean developers aren't on the hook for vetting what they use, especially when the majority of js code is written for commercial projects. It's just simple due diligence. This is exactly whu software devs shouldn't be conflated with engineers.
Carter Perry
With closed source it would have never been inserted in the first place since the company makes money by selling a good product. Free software makes you no money unless you backdoor it. It not only has no protections against this sort of thing, it's begging for it.
Kayden King
>implying closed source does not mine what is utorrent?
Gavin Smith
Master bait
Kevin Collins
More like RIP npm. Wrong, it absolutely would have.
>what is utorrent? The best torrent client ever written.
You're obviously a fool for propaganda if you believe there's a miner in a 391KB client that pulls 2% CPU util actively seeding 30 torrents out of 877 @ 14Mbps.
>pic related wtf is wrong with people nowadays? What kind of retard would write something like this, read it, somehow acknowledge it brings meaningful insight to the discussion then proceed to hit enter. OP opboated it too. Don't bother with these subhumans op, they won't understand anything you tell them. js/npm ecosystem is flawed by design there is nothing we can do but laugh at these retards whenever they fuck up (which is pretty often).
Other projects, like Linux, have checks against what code gets committed. This is a result of poor project management, not open source. If a company let any employee commit code without audit and/or review, a disgruntled/malicious employee could just as easily slip exploitative code into NT, OS X, Chrome, etc. The difference is those projects, presumably, like Linux have procedures for verifying the code that ends up in final builds. It is not an inherent characteristic of open source/free software that any idiot can commit code without review, only a flaw with retarded ecosystems like JS, Ruby, Python, etc.
Adam Ross
That person is not very good with words. Distros like Debian have a better maintenance handover model.
Kayden White
I don't see the problem, the bitcoin miner was found and removed and everyone can go back to business now.
Or do people really think they didn't have to audit everything that they ship?
I can't understand how braindead one has to be to use an MPAA torrent client.
Dominic Fisher
he's autistic, not uncommon among CS fags
Dominic Butler
uTorrent 3.x is written by the same people who used to write the open source Bittorrent, not the guy who wrote the original god-tier closed source uTorrent. Open source programmers can't code, which is an entirely different point than the one in the OP.
>uses all your RAM rTorrent is fine for dedicated seedboxes. It's terrible from a usability standpoint and a terrible desktop client.
Hudson Torres
>moving goalpost this hard what a fucking cuck. Enjoy your MPAA miner.
Carter Foster
>Open source programmers can't code, Linus programs circles around your miner client. Fact.
Cameron Nelson
Move fast and break security?
At some point JS people will need to come to terms with going SLOW. Nothing should be added or updated in the main NPM registry unless it's reviewed and audited by multiple people, swearing upon their souls and wallets. If you want to publish crap, put in in a public garbage bin repository from which responsible adults can pull changes to the main registry.
Cooper Hill
>Open source programmers can't code true, but closed source programmers are even worse as they're mostly all outsourced pajeets getting paid $2 per hour to write enterprise-ready javashit
Blake Nelson
>enjoy your torrent client I do. Thanks. 30,000 hours running on the current install and over 140TB transferred without a single issue.
Jackson Clark
except for the miner kek
Lucas Fisher
/thread
Lucas Lopez
>uTorrent: Basically complete in 6 months. Hasn't needed an update in 7 years.
>Linux: Still a buggy work in progress after 27 years.
The facts speak otherwise.
Jacob Morgan
Damn, he surrendered so badly.
Adam Fisher
>miner client full of trojans on top of winapi >the most successful and ever evolving operating system to date wew why I wonder
Jonathan Rodriguez
Not even one passable (let alone good) FOSS torrent client is available
Carson Murphy
fukken saved
Blake Kelly
It's called rtorrent, MPAA cuck
David Baker
>command-line client that hogs gigabytes of RAM >good
Thomas Barnes
>the most successful and ever evolving operating system to date There are no true statements in the whole sentence.
Xavier Bennett
>hogs gigabytes of RAM source or fake news
Kevin Butler
>most successful true, it's the most popular OS in the world >ever evolving also true, as it keeps being ported to different archs, getting new filesystems, drivers, more contributors: individual or corporations
Logan Collins
>shilling rTorrent >doesn't even use it
The absolute state of freetardism.
Carter Martinez
But Linux sucks, user, so if you were trying to make an argument for open source, you just failed.
Evan Butler
still waiting for your proof
Josiah Gray
At least they managed to implement filepicker thumbnails in under 3 decades.
Jace Campbell
this entire article is based on the faulty premise that developers have no obligation to investigate the state of their programs dependencies.
Angel Barnes
yeah, by delegating the file explorer as a file picker.
Jack Stewart
>it's the most popular OS in the world [citation needed]
I thought systemd was open. What? I'm not a full time Linux user so I haven't done the research but shit.
Parker Cook
> OS > still not getting it
Landon Torres
not op or a shill but in the proprietary world they don't have to because they can't (insert a smiley with the carat nose)
Aaron Cox
>I don't use the software in question, but prove it to me anyway!
Uhhh... why? Get back to me when the information would be relevant.
Hudson Barnes
No, but improper use is the very reason OP ended up making this thread
Hunter Jones
>still no proof LOL
Gabriel Long
>Angry Birds OS >even relevant lolk >in the proprietary world they don't have to because proprietary software is written by professionals and covered by warranty FTFY
Sebastian Butler
Wait, are you nothing but a retarded fanboi, shilling products you don't even use?
Adrian Howard
>>even relevant More than your video gaming machine as it seems
John Jones
> wheel is the most popular vehicle because cars use it
Closed source gave us wannacry and the equifax leaks, neck yourself OP.
Sebastian Fisher
STILL NO PROOF LMAO
Ian Thomas
>he thinks the beliefs of a mindless fanboi are relevant.
Parker Stewart
Open, massive, entirely controlled by one billion dollar corporation. Auditing systemd is next to impossible without matching Redhat/IBM in funding. It's simply too big and moves too fast to catch problems before they are being exploited. Systemd is a corporate coup over Linux, Red hat/IBM is the new Microsoft.
Juan Sanders
>>command-line client that hogs gigabytes of RAM [citation needed]
Jace King
>he doesn't even use the software Just leave.
Jonathan Young
NO O
BRAIN R A I N
Kayden Rogers
>trying to mislead people by calling wheel a vehicle in the first place linux is a kernel
Adrian Cook
> Open, massive, entirely controlled by one billion dollar corporation That's Linux kernel for you
Jaxon Torres
>wait for proof >threre's none oof
Jayden Bennett
Your retardation is your own problem.
Justin Bailey
>most used business workstation OS in the world >most used corporate server OS in the world >"video gaming machine"