OSS sustainability, log4j fallout, developer damages own code-p1
BrakeSec Education Podcast · Amélie Koran, Adam Baldwin, Amanda Berlin, and Bryan Brake
Audio is streamed directly from the publisher (traffic.libsyn.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Adam Baldwin (@adam_baldwin)
Amélie Koran (@webjedi)
Log4j vulnerability
https://logging.apache.org/log4j/2.x/license.html
https://www.theregister.com/2021/12/14/log4j_vulnerability_open_source_funding/
https://www.zdnet.com/article/security-firm-blumira-discovers-major-new-log4j-attack-vector/
F/OSS developer deliberately bricks his software in retaliation for big companies not supporting OSS.
https://twitter.com/BleepinComputer/status/1480182019854327808
Faker.js - https://www.npmjs.com/package/faker Generate massive amounts of fake contextual data
Colors.js - https://www.npmjs.com/pafaker - npmckage/colors get color and style in your node.js console
https://abc7ny.com/suspicious-package-queens-astoria-fire/6425363/
Should OSS teams expect payment for giving their time/code away for free? What are their expectations
Should open source projects be aware of how popular they are? What happens when they reach a certain level of popularity?
OSS Sustainability - https://github.blog/2019-01-17-lets-talk-about-open-source-sustainability/
https://webjedi.net/2022/01/03/security-puppy/
Apparently, "Hobbyists" were the bane of a young Bill Gates: (can you https://en.wikipedia.org/wiki/Open_Letter_to_Hobbyists
https://en.wikipedia.org/wiki/History_of_free_and_open-source_software
History of open source
Licensing Overview: https://youtu.be/Eu_GvrSlShI (this was a talk I gave for Splunk on this)
- Libraries.io monitors 5,039,738 open source packages across 32 different package managers, so you don't have to.