Video download link | md5sum 70ea0f9ea4cf595dea1913731f6ca4c3
Protestware is Newspeak for Malware
Creative Commons Attribution-No Derivative Works 4.0
Summary: After dozens of highly misleading 'news' pieces blaming "open source" for the actions of malicious/misguided Brandon*, shipping malware to many people through Microsoft servers, it is probably time to explain what really happened; it's part of a pattern of blame-shifting by Microsoft and so far this year we've seen many waves of dishonest Fear, Uncertainty, Doubt (FUD) tactics utilised for dramatisation and soon weaponised to create/reinforce a stigma
THE noise cancellation has been set up and now we should be able to make videos more rapidly, albeit much more is left to be configured later (like a proper Web browser that blocks ads).
This video is a belated repsonse to last month's FUD that even reached SJVN at
ZDNet. The media was too eager to misportray and misattribute a "supply chain" (
typically means Microsoft) attack. It's really quite ridiculous, but we haven't -- until now at least -- done a proper rebuttal. It may seem like old news already, but it's never too late to correct falsehoods. There's also
racism involved.
"If the media fails to earn people's trust, this is why."Basically, in recent years we keep seeing NPM issues blamed on the victims, or on the recipients who got malware infections from Microsoft's own servers. The media never bothers mentioning that Microsoft controls NPM and is therefore responsible for it. We'll certainly get back to this topic some time in the future, as part of our Microsoft GitHub Exposé series.
We'd rather not link to any of the misleading pieces in this case (we found not a single accurate one, or any piece that got the narrative/culpability right), but it is explained briefly in the video above. If the media fails to earn people's trust, this is why. ⬆
What is it, Brandon?
____
In the words of bnchs in IRC, "Brandon turned his library into malware for nothing but to seem like a "hero" to people; it didn't take too long for Snyk, and eventually CVE, to catch on to his hidden malware [and] after people discovered it, he has attempted to delete the commit and any evidence of his malware [...] of course, it was too late [...] but I personally wouldn't trust NPM." (NPM is Microsoft)
