This is amazing:
https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/
tl;dr:
1. a developer of a bunch of popular #npm packages publishes new, intentionally broken versions of them as he doesn't want to support for-profit companies with his free work;
2. NPM *reverts* the packages to older versions against developer's wishes;
3. GitHub *blocks* the developer for acting "irresponsibly".
That story again: developer blocked by #Microsoft #GitHub for making changes to his own code.
This is why #AGPL and @forgefriends are so important!
@rysiek @forgefriends worth noting that the man was also previously arrested for trying to make bombs and assaulting his partner, so careful about cheering him on as some kind of righteous martyr
https://abc7ny.com/suspicious-package-queens-astoria-fire/6425363/
someone also noted he tried to run a fundraiser with some kind of sob story about funding FOSS to fund his legal costs after that there incident where his house went on fire while he was building a bomb and his insurance refused to cover it
@rysiek @forgefriends like there's Aaron Swartz and then there's the Unabomber %)
@outie @forgefriends dragging Aaron into this is absolutely crap move.
Nobody's cheering the developer. But him being a shitty jerk doesn't make everyone else here right. And the story should focus on the broader problem of how completely screwed dependency management is, and how Big Tech lives off of free work provided by FLOSS developers, rather than personal history of that dude.
