Code Project Bait

There is a whole type of GitHub code project where the high-level pattern is:

“Hey guys, I am just your everyday young Eastern European (*cough* Russian) and/or Asian (*cough* Chinese or North Korean) man (a sweet and innocent one, ofc) and after an *incredible* short sprint of pure and unique technical genius I made some *utterly* cool (and never been done before, ever, like no possible trustable alternatives were widely avail to you prior to now, right?) software tool you are WELCOME to use!”

A pause to let that soak in.

“Yes, it will entail, as an obvious consequence of its features and solution domain, giving a bunch of strangers on the far side of the planet (and thus beyond all US/Western law enforcement... wait a minute, that’s a mildly interesting clue!) *total* read access to copies of all your own company/private source code, secrets, PII, IP, and/or remote root acquired at will and without trace, at scale, and at the tap of a button. Etc etc etc etc.”

A pause to let the above part sink in too.

“But... you can *totally* all trust us, bro!”

What could possibly go wrong?

And such projects get *thousands* (if not millions) of users, each. Each said enduser being peer pressured to Like or Fork or Otherwise Promote the project, thus helping to amplify (like seeds blown in the wind) its uptake virally among yet more marks in the endless sea of suckers. Which are being born in large batches fresh every minute, as per PT Barnum.

Although FOSS is only ever a total Good Thing and net-win for humanity... right?

(The Anakin-and-Amidala meme here.)

...

AUTHOR’S NOTE: Please BOOST this post/toot/tweet if you agree with any of it. I’m still hoping to buy a yacht via social media karma. Thanks! -- Mike