Anyway, since such requests are apparently ignored here, my password is "bluewave".

Have fun.

The author of the software didn't attack anything. He just pushed some code into a place he had legitimate control of.

Some irresponsible (see what I did?) developers downloaded and executed this code without checking, and as a result their stuff broke.

Every developer is responsible for what goes into his project, including dependencies. When a developer wants to update a dependency, he is responsible for the appropriateness of the update. In order to get an idea, he should audit the changes. For personal code, such an audit may constitute of a quick skim to determine that nothing breaks. For production code, it may also include a security audit.

When a dependency that used to do X now does Y and therefore breaks your stuff, you are the one responsible for dealing with it. The author disclaimed any warranty and any fitness of purpose for his project, and whether his intentions make sense or not is of no consequence.

My point was that there is no such thing as "malicious code". Code is code, and it's your responsibility to determine whether it fits the context. That someone put it out there with an MIT license means the responsibility is yours.

P.S. Ata nishma bachur magniv, lama macharta et ha'autobus? OK, ro'e she'ata gar be-Sverige achshav (Scandinavia ze ha'chalom sheli) az mevin.

The repository contains the console.log code, but you, as a user, would have to knowingly download it and run it. It's not like pushing code into a repository tricks you into running the code.

Trying to "win" by labeling something as "whataboutism" is just idiotism.

What is "malicious code" anyway? Maybe Microsoft Windows is malicious. It does contain code to format your disk.

It's an alarm that should be buzzing through sleepy programmer skulls. It should alert them to the fact that it's no longer the small company that respected programmers, where you felt your account was yours, and your repositories were yours.

The rules have changed with that acquisition, and Microsoft exploited the good reputation of that small company and the inertia of its users. Step by step, the site became more "social", and started suffering from the usual issues. Step by step, we see the same bigco policies that treat users as worker ants. When an ant starts making up a mind of its own, queen ant sends some soldier ants to cannibalize it.

Now, I realize here on HN the tired old rants of Moxie are considered gold. But if you want to skip being treated like an ant, run your own server, maybe support upcoming federation protocols to kill this centralization and bring down the nest, or at least migrate to some place that respects its users in the meantime.

There should probably be a way to merge project lists on various forges into a potentially huge index that can be browsed and searched, independently of each particular forge. Maybe it already exists?

2. everyone likes being __________, but...

3. ... not everyone likes criticism, even when it's __________.

4. therefore, often HN comments are downvoted despite being __________.

At some point ISLANNDs (Internet Small Local Authority for Name and Number Designations) could override it. That way, you could link to http://google.lol/posts/39-put-google-in-the-can and your cohort will enjoy this and the rest of those posts making fun of google, while the rest of the world is disappointed over dead links.

If gwene goes under, it'll suck but I'll have a gwene like on my own server. If RSS goes under, it'll go under here and there, and not wholesale. Good technology is resilient like that.

The reason is that software shared with the world is often shared out of passion and idealism. If only code that's useful to some companies is paid for, the world of free (as in beer or otherwise) software as we know and love is still unsustainable, and not just because fledgling projects tend to be inferior in many ways to everything that came before.

Some software is written simply for the fun of it. Future Crew were kids writing demos and putting them out (by the way, an executable for a program that's written in assembly is not so far removed from its source code; so whether they put out the source code or not is immaterial, here the point is "free as in beer"). These demos were unlikely to be directly useful to companies, but we were still amazed by them and some of us got into programming because of them. Do you want to live in a world where only people who produce software that's useful to some company can sustain themselves?

Their parents provided them with food and shelter, so they didn't have to think too hard about writing and releasing it. People in this thread claim that they don't feel exploited, probably for similar reasons. They probably have an income or enough money to make them feel comfortable giving something away. What happens when circumstances don't go your way, though? Then, while you live off your savings, see them shrink day by day, you realize that society doesn't give you the basic stuff that's needed for living, so why the hell should you give anything away? If you already gave stuff away while you were fat and healthy, and this stuff is being used profitably by others, the resentment can only grow.

That would make it easier to develop and maintain such software, and it would make it easier for people doing other things besides software development (yes, they exist) to open up their artware without starving.

Then there wouldn't be a need for the insane "professional" formalism described in this blog post.