[1]: https://www.preethamrn.com/posts/who-actually-uses-is-odd
[2]: https://www.bleepingcomputer.com/news/security/big-sabotage-...
Imagine now if he had done that towards Israelis or Arabs/Palestinians and how both the internet and governments would react.
He only got away with such blatant crime because the entire west was against Russia. Mad that the overton window went so wide for a while there.
I do realize that he may have simply changed his opinion - yet it is the most controversial one and he stood by it ideologically as expressed numerous times through a variety of mediums.
It's a bit tinfoil hat, but I am disappointed and there's no harm in informing others about these observations and this experience. Mind you - and that's about all I'll add - that the repository stagnated in development for some time, increasing my senses about something being off considerably (browser extension ownership for example get bought frequently by criminals to convert a user base into a cash cow, or worse)
Disclaimer at the end of the article: If I am totally misinterpreting my observations and the Discord hostility without even an attempt at producing counter-arguments or productive and professional openness and communication, at least it serves as a cautionary tale of what could be. In any case, no disrespect or attempt to taint anyone's (opensource) software development ventures and/or their personality is intended. The name of the project or its developers will not be shared, if you can find it, be discrete or this article will be removed. Thank you.
Thanks for your time. Have a great weekend.
I am watching the advisories for the dependencies closely. Please check my other comment as well.
Thank you, have a great weekend.
Usually the evidence is what makes the difference, but if you can't/won't share the evidence then what good are the accusations?
In modern Russia, if one receives money transfer from any other country, they may receive "Foreign Agent" (иностранный агент) status
https://en.wikipedia.org/wiki/Foreign_agent
"prohibited from receiving state funding, teaching at state universities, or working with children"
> if they engage in "political activity", a broadly interpreted term
The title is not "I caught a Russian developer doing bad things during war!!", the title mentions "a cautionary tale", which from my point of view is a PSA through the means of sharing observations and my interpretation, with some speculation to inform the reader of possible avenues which may affect them, if not through this repository, through another.
To close my writing I'll include the content of a comment in response to a different user, which should define my intent:
"My point would mainly be to spread awareness and share an experience and my interpretation of it, not "slander" and paint a target on my back by namecalling and divulging more information which doesn't serve a purpose beyond wanting clout under the assumption that the war does not affect myself and others around me."
Thanks. Have a good weekend.
I don't know about others, but I have't witnessed some kind of similar refusal by Russian devs to cooperate with Western devs, not there's been any protests in the form of altering repos.
What really changed in Russian IT after the war started is that 1) it strenghtened Russia's infosec - for example, our company finally started reviewing random dependencies developers found on the Internet before going to production 2) some companies went into "hiding" and changed their legal names, "moved" their offices abroad, changed country info in GitHub profiles etc., to avoid being associated with Russia because it's now problematic if you want to deal with Western companies/devs (refusal to work with). As for not receiving donations etc. - it's not easy to set up because of sanctions.
Seems like an interesting attack vector. LibFoo was made by BadGroup, use LibBar instead, it's GoodGroup approved!
Meanwhile LibBar has security flaws, known or unknown, intentional or unintentional, which quickly get absorbed into other projects in a political frenzy to expel LibFoo at all costs (and said actions also are incentivized given that they drive publicity, engagement, etc).
I would have thought this completely nuts, prior to the whole node-ipc malware debacle. I would expect state actors to make the most of this expanded Overton window.
Are there not enough examples already proving the state of things in the industry right now? All the points the author mentioned are valid, in my opinion. Even if in this particular case it may not be true, there is a large background suggesting why it could be true.
I'm tangentially aware of at least one US company that was outsourcing work to Russian and Ukrainian coders. Apart from the obvious "team" dynamics collapsing, it's not even possible (legal) to pay Russians at this point if you are a US company.
I'm also aware that the narrative inside Russia as to the cause of the war is very different to the narrative I hear. Naturally I believe the narrative I hear as do they.
In this global work-space, who you hire and where they live can become material quickly.
Unless you are buying oil, diamonds and many other things through NATO allies or proxy companies registered. But I agree, rules for thee but not for me.
https://www.washingtonpost.com/business/2023/11/14/russian-o...
- Yes, you can't rely on open-source project going in the same direction as you want.
- Yes, any process involving people has a phycological and interpersonal component.
> To this day we read about the war and it feels distant[...]
> [..]don't get blindsided, especially in times of war[...]
I'm glad the author is not affected by the war, but I supposed it's fair to say that it is not hard for the author to stay unbiased (or it might be just indifferent).
Thanks for reading. Have a good weekend.
If at least they explicitly put forward a theory like "it's russian influence to slow down western digital development" it would have some internal consistency, but no. They suppose it's russian influence (again, without basis) without any theory of _why_ Russia would care about an inconsequential CSS-related lib. Shrug.
Most likely he didn't want to deal with the maintenance burden of CSS-in-JS or React.
I must be Russian because I don't want to deal with that either. Those darn Russians...
Going against a strong personal opinion after stagnation of development and a complete pivot on multiple levels is normal to you?
Shall I mention mainframes still run COBOL? Should I introduce the latest version of this library to achieve the same? You do know it entails more chance of something wrong happening, and yes the developer is Russian, didn't we have an advisory against Kaspersky?
Why would a repository with six figure stars be negligible and Kaspersky not? Please read other comments as well. Thanks for your perspective and have a great weekend.
>Shall I mention mainframes still run COBOL? Should I introduce the latest version of this library to achieve the same?
What the heck are you even trying to say here?
>Going against a strong personal opinion after stagnation of development and a complete pivot on multiple levels is normal to you
I mean, maybe his country launching itself into war and mining it's population for bodies to throw at Ukranian bullets and most educated or valuable people fleeing made him reevaluate his feelings on lots of things? Do you have any actual concerns about the code, or are you honestly trying to draw some crazy conspiracy between "A library went a direction I don't like" and "This might be an attack against my work"?
people's minds change, APIs change: look at the mess that was Python 2 -> 3, Angular 1 -> 2, react-router 4 -> 5, etc.
