215
this post was submitted on 29 May 2026
215 points (99.1% liked)
Programming
27080 readers
603 users here now
Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!
Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.
Hope you enjoy the instance!
Rules
Rules
- Follow the programming.dev instance rules
- Keep content related to programming in some way
- If you're posting long videos try to add in some form of tldr for those who don't want to watch videos
Wormhole
Follow the wormhole through a path of communities !webdev@programming.dev
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
How to get yourself blacklisted by large sweeps of the FOSS community:
Step 1: Include any kind of undocumented subversive behaviour in your thing.
That's it, doesn't matter what the intent is, simply by demonstrating you are willing to include anything that is remotely subversive without being open about it is usually enough to get blacklisted by a lot of people, because if you did it once... who's to say you won't do it again, but possibly worse next time?
People are extremely coldly receptive to anytime a FOSS dev throws a sudden undisclosed anything in their tool, let alone one that is actively malicious.
If I'm gonna depend on work life on anything FOSS, I ain't touching anything like that, regardless of intent, with a 200 foot pole lol.
All it takes is one button click to get notified:
it's not subversive. it's a string, it has no effect on the code output. Only a rogue bot would interpret it as anything except a string. No human user would ever encounter an issue.
Fortunately, this behaviour is explicitly documented.
They only documented it after all the outcry, which is way too late.
Documenting it post release still counts as having released undocumented behavior.
And if its malicious (which this 100% is), then it doesn't fuckin matter anyways lol. You now are treated akin to a trojan maintainer by companies. You'll get flagged as "don't ever use anything by this person"
Super great way to get yourself flagged and lose any opportunity in the future for possibly licensing stuff you maintain for big bucks. What company would risk paying money to someone who does childish stuff like that lol
imo it's more accurate to call it polarizing and get you blacklisted by the types of people you maybe don't want using your code anyways. Personally anyone doing this I'm going to be more likely to use their code
I understand the sentiment, if you don’t like AI code generation you’re probably thinking you’re on the same side. But what happens if this person finds something else they hate that you don’t hate, and finds a way to sabotage that? They’ve already demonstrated a willingness to be destructive. And you’re running their code so they don’t need anything even remotely as dumb as some AI agents to exploit, they can just write destructive code normally.
You can decide if you want to use it or not, at your own risk. It's free software, written by people in their free time, they owe you nothing.
Sure, you have that right.
And companies will exercise that right by blanket blacklisting everything related to you which can have huge sweeping impacts on your career lol
Its a super super stupid move to make. You are free to do a lotta other shit that tanks your career too lol
That's their business, not mine, not yours.
Is it merely hating AI code generation or is it "AI code generation is in practice anti-FOSS" (unless there's an ethical AI out there, trained exclusively on public domain code, that I don't know about)?
...companies? Sure I guess, if you want to angle your career trajectory towards "unemployable" by all means lol.
I am a tech lead, if any dev under me intentionally added/used a tool to our systems because it had malicious undocumented behaviors of any kind, they would be fired immediately and any company that contacted us for reference would be informed of their behavior.
To be clear, this is the scenario of
Me: hey I saw you installed [tool], that thing is flagged by our systems for the maintainers having done malicious undocumented stuff in the past
Dev: haha yeah thats why I used it
Me: you are joking right?
Thatd be an instant high level escalation to "strip this person of privs and get them off our system asap, and HR now has to be involved"
You dont fuckin do shit like that in a real company if you wanna stay employed lol.
Most open source maintainers never "license [any] stuff you maintain for big bucks" that is often hard to do and/or goes against the philosophy of open source entirely.
And I don't even think this is malicious behaviour as it just nukes the code of this package and nothing else if you are not being careful yourself...
If you don't do version control you are not a good programmer, imo
Uhhh... no this is actually very common. Usually with scaling licenses, "free for use if your company is below [threshold]", its super common...
Are you even reading what you just wrote lol.
Being "sorta" malicious is still malicious. And companies usually have zero tolerance for that shit.
You really underestimate how much damage this could do then, lol...
keep lickin' them boots baby. I want to see them shine!
The fuck are you talking about, lol.