this post was submitted on 12 Dec 2023
169 points (99.4% liked)

TechTakes

1270 readers
193 users here now

Big brain tech dude got yet another clueless take over at HackerNews etc? Here's the place to vent. Orange site, VC foolishness, all welcome.

This is not debate club. Unless it’s amusing debate.

For actually-good tech, you want our NotAwfulTech community

founded 1 year ago
MODERATORS
[email protected]
169
“just open sourced someone else’s code ama” - a case study in fucking around and finding out (coolmathgam.es)
submitted 9 months ago* (last edited 9 months ago) by [email protected] to c/[email protected]
30 comments fedilink hide all child comments
 

from the linked github thread:

Your project is in violation of the AGPL, and you have stated this is intentional and you have no plans to open source it. This is breaking the law, and as such I've began to help you with the first steps of re-open sourcing the plugin.

the project author (who gets paid for violating the AGPL via patreon) responds like a mediocre crypto grifter and insists their violation of the law be debated on the discord they control (where their shitty community can shout down the reporter):

While keeping code private doesn't guarantee security, it does make it harder for bad actors to keep up with changes. You are welcome to debate this matter in the MakePlace discord: https://discord.com/invite/YuvcPzCuhq If you are able to convince the MakePlace community that keeping the code open-source is better, I will respect the wishes of the community.

aaaand the smackdown:

Respectfully, I won't attempt to "debate" or "convince" anyone; I'm leaving this pull request and my fork here for others to see and use. It is not a matter of "better"; you are violating a software license and the law. It does not "make it harder" for anyone; Harmony hooking exists, IL modification exists, you can modify plugins from other plugins.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 9 months ago* (last edited 9 months ago)

Fun detail, before discord there was other similar chat gaming software also running with full web browser capabilities. I did some digging at the time while I was using it and found it has using adobe flash which was several version out of date. (at the period where a lot of the exploits going round were flash based), stuff like this makes these kinds of chat apps a bit of a risk (teams/slack/skype etc similar (Edit: if I had said electron based apps here I would have looked a lot better than editing it later), I heard if you really are security concious/paranoid you use those apps only via their website versions (as most browsers have reasonable security nowadays)). Up till a year ago (before they put it behind a text file setting you have to enable) they even made it easy to open the development console which malicious people used to socially engineer people into compromising their account. The discord thing isn't in the same risk category as the flash thing but still funny how high the shooting yourself in the foot risk was for the gamer app.