The markers that show that the future of Open Source might not be as good as it is today.

the-markers.md

Notes:

• Adding a link does not equal an endorsement of any kind.
• Ordered by year and discovery date.

---

2018

1. “Drupalgeddon2” touches off arms race to mass-exploit powerful Web servers
2. More than 2,000 WordPress websites are infected with a keylogger
3. Ads and Ad blockers
4. You have GNU sense of humor! Glibc abortion 'joke' diff tiff leaves Richard Stallman miffed
5. LLVM contributor hits breakpoint, quits citing inclusivity intolerance
6. Project:Infrastructure/Incident Reports/2018-06-28 Github
7. Postmortem for Malicious Packages Published on July 12th, 2018
   1. How to build an npm worm
8. Open source hasn’t made tech more open
9. A Case Study in Not Being A Jerk in Open Source
10. Researchers: Last Year’s ICOs Had Five Security Vulnerabilities on Average
11. Linux distro hacked on GitHub, “all code considered compromised”
12. REVERTED: Add text to MIT License banning ICE collaborators
    1. Lerna: Restore unmodified MIT license
    2. https://twitter.com/JavaScriptDaily/status/1034842426861645824
    3. https://twitter.com/webmink/status/1034883166874607616
13. The crusade against open-source abuse

2015

1. Google to close Google Code open source project hosting
2. VMware alleged to have violated Linux’s open source license for years
3. Developers ignoring security issues in open source components
4. The dark side of commercial open source
5. Why the open source software model is fundamentally broken
6. Why the open source business model is a failure
7. Linux kernel dev who asked Linus Torvalds to stop verbal abuse quits over verbal abuse
8. Will Linux survive the death of Linus Torvalds?
9. RedHat And SUSE Announced To Withdraw Support For OpenLDAP

2014

1. 10,000 Linux servers hit by malware serving tsunami of spam and exploits
2. Drupal sites had “hours” to patch before attacks started

Etc

1. After a 10-year Linux migration, Munich considers switching back to Windows and Office
   1. Comments on Slashdot
2. OpenSSL to get a security audit and two full-time developers
3. How to Avoid Burnout Managing an Open Source Project
4. HN: Open Source Exploitation and Burnout
5. HN: The reason people burn out on open source
6. Fighting burnout with Open Source
7. What it feels like to be an open-source maintainer
8. This open-source tech company’s IPO filing reads like an argument against building a business on open source
9. How one developer just broke Node, Babel and thousands of projects in 11 lines of JavaScript
10. Mark Shuttleworth says some free software folk are 'deeply anti-social' and 'love to hate'
11. Open Source Won. So, Now What?
12. Ubuntu creator takes CEO role again after layoffs and death of Unity
13. Staff, projects shed as Ubuntu maker Canonical tries to lure investors
14. Mozilla gives up on last vestiges of Firefox OS, lays off 50
15. Cyanogen Inc. shuts down CyanogenMod in Christmas bloodbath
16. Elegant 0-day unicorn underscores “serious concerns” about Linux security
17. Why There Will Never Be Another RedHat: The Economics Of Open Source
18. PhantomJS Announcement: Stepping down as maintainer
19. Exercism - "Behind the Scenes" Sustainability
20. npmGate: I've Just Liberated My Modules
    1. In Defense of Hyper Modular JavaScript
21. Cyrus Retirement
22. HandBrake Hacked!
23. Fuzzing Irssi
24. The Open Source Business Model is Under Siege
25. The Apache Software Foundation Struggles from Too Much Success
26. Hacked in Translation – from Subtitles to Complete Takeover
    1. Comments on HN
27. Open Source Survey 2017
    1. Problems encountered in open source
    2. Ngative behavior in open source
28. Facebook Takes TIP in New Direction as Investors Doubt Open Source Payback
29. Libraries.io Releases Data on Over 25m Open Source Software Repositories
30. Open source files and code (and license) for Arduino products missing?
31. Diversity in Open Source Is Even Worse Than in Tech Overall
32. So long, farewell and goodbye
33. Linux is not as safe as you think
34. Could Open-Source Code Make Our Y2K Fears Finally Come True?
35. MPC-HC v1.7.13 is released and farewell
36. The Kite debacle is democracy at work
    1. How a VC-funded company is undermining the open-source community
37. Krita Foundation in Trouble
38. Facebook Yarn's for your JavaScript package
39. This typosquatting attack on npm went undetected for 2 weeks
40. crossenv malware on the npm registry
41. An anonymous response to dangerous FOSS Codes of Conduct
42. Dealing with Angry, Negative, Problematic or Disruptive community members
43. Explaining React's license
    1. disappointing: "Explaining React's license"
    2. React is Considered Harmful™, as far as I'm concerned...
44. I’m harvesting credit card numbers and passwords from your site. Here’s how.
45. FreeBSD Code of Conduct controversy
    1. Dropping maintainership for pydio / softether / wmconfig
    2. Slashdot: FreeBSD's New Code of Conduct
    3. Veniamin Gvozdikov: Dropping maintainership
    4. Johan Hendriks: Dropping maintainership
    5. FreeBSD's politics problem
    6. Is the community become fragile?
46. Botched npm Update Crashes Linux Systems, Forces Users to Reinstall
47. Top 5 Linux pain points in 2017
48. Ethereum fixes serious “eclipse” flaw that could be exploited by any kid
49. Archiving the project: suspending the development
    1. Comments on HN
50. Reminder: anyone offering ETH in response to this tweet is a scammer.
51. Support for OpenID ends on July 1, 2018
52. Slack decides to close down IRC and XMPP gateways
53. Android apps infected with Windows malware reemerge
54. Android’s biggest issue is as prominent in 2017 as it’s ever been
55. Tesla's Cloud Hit By Crypto Mining Malware Attack
56. Is patronage a sustainable solution to open source sustainability?
57. Why GitHub Won't Help You With Hiring
58. Conflicts of interest and the AMP Project
59. AMP: the missing controversy
60. Announcing Caddy Commercial Licenses
    1. HN Comments
    2. Caddy webserver goes south
61. Electron critical vulnerability strikes app developers
62. Google banning cryptocurrency-related advertising
    1. Financial Services: New restricted financial products policy June 2018
    2. Cryptocurrencies fall as Google announces ad ban
63. Samba 4: Authenticated users can change other users' password
64. EU wants to require platforms to filter uploaded content & code
    1. EU proposal
65. Half of Android Devices Didn’t Get Security Patches in 2016
66. Node Docker image broken
    1. yarn not found in node:alpine
67. A fork on Github is no fork
68. Just some notes about my attempt to upgrade to webpack 4
69. Firefox Master Password System Has Been Poorly Secured for the Past 9 Years
70. 700k+ publicly exposed PostgreSQL databases 2018
71. 235k+ Devices Vulnerable to Heartbleed 2016
72. Frustrated Maintainers
    1. https://twitter.com/dankim/status/975854126138617857
    2. https://twitter.com/dstufft/status/976098004791910401
    3. "This problem costs us 4 man days"
    4. https://twitter.com/MikeMcQuaid/status/969654593088098304
73. Google starts blocking “uncertified” Android devices from logging in
74. Oracle wins appeal as Google possibly liable for billions over Java usage in Android
75. The Node.js world is imploding
    1. The Truth About Rod Vagg
    2. Node.js forks again – this time it's a war of words over anti-sex-pest codes of conduct
76. How a VC-funded company is undermining the open-source community
77. Some Android phone manufacturers are lying to users about missed security updates
78. Exit scammers run off with $660 million in ICO earnings
79. OLPC’s $100 laptop was going to change the world — then it all went wrong
80. A Florida Man Has been Accused of Making 97 Million Robocalls

---

© 2017-2018 Justin Dorfman

This work is licensed under a Creative Commons Attribution 4.0 International License.