Skip to content

Instantly share code, notes, and snippets.

Last active June 11, 2020 16:59
  • Star 8 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save jdorfman/099954cffd018d0ca2037a1a0f86026f to your computer and use it in GitHub Desktop.
The markers that show that the future of Open Source might not be as good as it is today.


  • Adding a link does not equal an endorsement of any kind.
  • Ordered by year and discovery date.


  1. “Drupalgeddon2” touches off arms race to mass-exploit powerful Web servers
  2. More than 2,000 WordPress websites are infected with a keylogger
  3. Ads and Ad blockers
  4. You have GNU sense of humor! Glibc abortion 'joke' diff tiff leaves Richard Stallman miffed
  5. LLVM contributor hits breakpoint, quits citing inclusivity intolerance
  6. Project:Infrastructure/Incident Reports/2018-06-28 Github
  7. Postmortem for Malicious Packages Published on July 12th, 2018
    1. How to build an npm worm
  8. Open source hasn’t made tech more open
  9. A Case Study in Not Being A Jerk in Open Source
  10. Researchers: Last Year’s ICOs Had Five Security Vulnerabilities on Average
  11. Linux distro hacked on GitHub, “all code considered compromised”
  12. REVERTED: Add text to MIT License banning ICE collaborators
    1. Lerna: Restore unmodified MIT license
  13. The crusade against open-source abuse


  1. Google to close Google Code open source project hosting
  2. VMware alleged to have violated Linux’s open source license for years
  3. Developers ignoring security issues in open source components
  4. The dark side of commercial open source
  5. Why the open source software model is fundamentally broken
  6. Why the open source business model is a failure
  7. Linux kernel dev who asked Linus Torvalds to stop verbal abuse quits over verbal abuse
  8. Will Linux survive the death of Linus Torvalds?
  9. RedHat And SUSE Announced To Withdraw Support For OpenLDAP


  1. 10,000 Linux servers hit by malware serving tsunami of spam and exploits
  2. Drupal sites had “hours” to patch before attacks started


  1. After a 10-year Linux migration, Munich considers switching back to Windows and Office
    1. Comments on Slashdot
  2. OpenSSL to get a security audit and two full-time developers
  3. How to Avoid Burnout Managing an Open Source Project
  4. HN: Open Source Exploitation and Burnout
  5. HN: The reason people burn out on open source
  6. Fighting burnout with Open Source
  7. What it feels like to be an open-source maintainer
  8. This open-source tech company’s IPO filing reads like an argument against building a business on open source
  9. How one developer just broke Node, Babel and thousands of projects in 11 lines of JavaScript
  10. Mark Shuttleworth says some free software folk are 'deeply anti-social' and 'love to hate'
  11. Open Source Won. So, Now What?
  12. Ubuntu creator takes CEO role again after layoffs and death of Unity
  13. Staff, projects shed as Ubuntu maker Canonical tries to lure investors
  14. Mozilla gives up on last vestiges of Firefox OS, lays off 50
  15. Cyanogen Inc. shuts down CyanogenMod in Christmas bloodbath
  16. Elegant 0-day unicorn underscores “serious concerns” about Linux security
  17. Why There Will Never Be Another RedHat: The Economics Of Open Source
  18. PhantomJS Announcement: Stepping down as maintainer
  19. Exercism - "Behind the Scenes" Sustainability
  20. npmGate: I've Just Liberated My Modules
    1. In Defense of Hyper Modular JavaScript
  21. Cyrus Retirement
  22. HandBrake Hacked!
  23. Fuzzing Irssi
  24. The Open Source Business Model is Under Siege
  25. The Apache Software Foundation Struggles from Too Much Success
  26. Hacked in Translation – from Subtitles to Complete Takeover
    1. Comments on HN
  27. Open Source Survey 2017
    1. Problems encountered in open source
    2. Ngative behavior in open source
  28. Facebook Takes TIP in New Direction as Investors Doubt Open Source Payback
  29. Releases Data on Over 25m Open Source Software Repositories
  30. Open source files and code (and license) for Arduino products missing?
  31. Diversity in Open Source Is Even Worse Than in Tech Overall
  32. So long, farewell and goodbye
  33. Linux is not as safe as you think
  34. Could Open-Source Code Make Our Y2K Fears Finally Come True?
  35. MPC-HC v1.7.13 is released and farewell
  36. The Kite debacle is democracy at work
    1. How a VC-funded company is undermining the open-source community
  37. Krita Foundation in Trouble
  38. Facebook Yarn's for your JavaScript package
  39. This typosquatting attack on npm went undetected for 2 weeks
  40. crossenv malware on the npm registry
  41. An anonymous response to dangerous FOSS Codes of Conduct
  42. Dealing with Angry, Negative, Problematic or Disruptive community members
  43. Explaining React's license
    1. disappointing: "Explaining React's license"
    2. React is Considered Harmful™, as far as I'm concerned...
  44. I’m harvesting credit card numbers and passwords from your site. Here’s how.
  45. FreeBSD Code of Conduct controversy
    1. Dropping maintainership for pydio / softether / wmconfig
    2. Slashdot: FreeBSD's New Code of Conduct
    3. Veniamin Gvozdikov: Dropping maintainership
    4. Johan Hendriks: Dropping maintainership
    5. FreeBSD's politics problem
    6. Is the community become fragile?
  46. Botched npm Update Crashes Linux Systems, Forces Users to Reinstall
  47. Top 5 Linux pain points in 2017
  48. Ethereum fixes serious “eclipse” flaw that could be exploited by any kid
  49. Archiving the project: suspending the development
    1. Comments on HN
  50. Reminder: anyone offering ETH in response to this tweet is a scammer.
  51. Support for OpenID ends on July 1, 2018
  52. Slack decides to close down IRC and XMPP gateways
  53. Android apps infected with Windows malware reemerge
  54. Android’s biggest issue is as prominent in 2017 as it’s ever been
  55. Tesla's Cloud Hit By Crypto Mining Malware Attack
  56. Is patronage a sustainable solution to open source sustainability?
  57. Why GitHub Won't Help You With Hiring
  58. Conflicts of interest and the AMP Project
  59. AMP: the missing controversy
  60. Announcing Caddy Commercial Licenses
    1. HN Comments
    2. Caddy webserver goes south
  61. Electron critical vulnerability strikes app developers
  62. Google banning cryptocurrency-related advertising
    1. Financial Services: New restricted financial products policy June 2018
    2. Cryptocurrencies fall as Google announces ad ban
  63. Samba 4: Authenticated users can change other users' password
  64. EU wants to require platforms to filter uploaded content & code
    1. EU proposal
  65. Half of Android Devices Didn’t Get Security Patches in 2016
  66. Node Docker image broken
    1. yarn not found in node:alpine
  67. A fork on Github is no fork
  68. Just some notes about my attempt to upgrade to webpack 4
  69. Firefox Master Password System Has Been Poorly Secured for the Past 9 Years
  70. 700k+ publicly exposed PostgreSQL databases 2018
  71. 235k+ Devices Vulnerable to Heartbleed 2016
  72. Frustrated Maintainers
    3. "This problem costs us 4 man days"
  73. Google starts blocking “uncertified” Android devices from logging in
  74. Oracle wins appeal as Google possibly liable for billions over Java usage in Android
  75. The Node.js world is imploding
    1. The Truth About Rod Vagg
    2. Node.js forks again – this time it's a war of words over anti-sex-pest codes of conduct
  76. How a VC-funded company is undermining the open-source community
  77. Some Android phone manufacturers are lying to users about missed security updates
  78. Exit scammers run off with $660 million in ICO earnings
  79. OLPC’s $100 laptop was going to change the world — then it all went wrong
  80. A Florida Man Has been Accused of Making 97 Million Robocalls

© 2017-2018 Justin Dorfman

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment