https://github.com/RIAEvangelist/node-ipc/issues/233
People like the maintainer are doing nothing but harm to the mutual trust that exists in the open source community.
This is not the way.
This is some weird fanfic. Russia is dangerous, but you have to do A LOT for those dangers to follow you outside of the country (much less to the US!)
It’s hard enough for Russians to get visas to travel to the west, and in the west you actually go to prison.
FWIW my wife fled Russia after her driver was shot and killed by the mob in an effort to get at her father.
If true, this arrangement was pretty much doomed to fail anyway. node-ipc did a good thing by notifying them of their folly before the Belarus KGB or Russian FSB did.
> Due to internet censorship there, one of the web services used to contact us securely was hosted on servers located inside Belarus
This story is fucking crazy. Just think about it for a moment. A clearnet service hosted in Belarus to “securely” report war crimes? With all the data stored inside Belarus?
If this story is true, it’s absolutely a good thing that their server got wiped.
>We are an American NGO based in Washington, D.C. that monitors human rights infringements by authoritarian regimes in Belarus, Russia and other post-Soviet states. Since our start in 2014, we have been in contact with over 2,500 whistleblowers that provided us with detailed reports on various kinds of abuse happening there.
>Due to internet censorship there, one of the web services used to contact us securely was hosted on servers located inside Belarus. Normally, we backup the received content to an external server on 20th day of every month, as this is reasonable given the volume we usually get, but since the start of the invasion on February 24th, traffic to our web service has increased over fiftyfold. Our staff has been working round the clock to accomodate the influx and during one of their tasks, package containing node-ipc module was updated on a production server, which resulted in executing your code and wiping over 30,000 messages and files detailing war crimes commited in Ukraine by Russian army and government officials. Due to the way the files were stored on the server, we are not able to recover any data and it's most likely gone forever. For some of the senders, this might as well have been their last contact with the outside world, as many of them were front-line soldiers that could've been killed in action during the offensive.
>Personally, me and my colleagues are absolutely devastated. All I can say that your little shenanigan did more damage to us than Putin or Lukashenka ever could. Profesionally, our counsel suggested filing criminal charges federally and it's likely we'll be proceeding this way.
npm i --before=`date -I -d '-5 days'`
https://github.com/RIAEvangelist/node-ipc/issues/319
The maintainer has taken to banning anyone pointing this out. I don't believe this is someone with good intentions. Riaevangelist may have had their account stolen. Either way they are clearly operating in support of Russia under a false flag, an increasingly common and complex issue.
Given the supposed criminal nature of these acts GitHub and other serves must step in to remove the offending commits, releases, and maintainers. Allow someone else to fork it.
I don't see how this is clear at all. What is the evidence that this is a false flag?
There were plenty of comments on HN that were supportive of locking Russian citizens out of their accounts and disabling their domain names. I don't find it hard to believe that someone went a step further.
However, the person who filed this should have had better backups.
Edit: ok, re-read it. They have a process for backups but the invasion interrupted the process. That sucks.