It's worse than that. There's a SECOND imitator that I actually stumbled on today while looking something up about nanoclaw - nanoclawS [dot] io - and that one's harvesting email addresses.
The obvious risk here is a bait and switch, where one of these sites switches their link to the Github repo to point to a malicious imitator repo instead.
One approach would be to go after the sites themselves, not their Google ranking. See if their hosts are willing to take them down. Is there anything you can assert copyright over to hang a DCMA request on? That's hard for an Open Source project, I guess. And the fake sites aren't (yet) doing any actual scamming.
Yeah but you do need to hang the takedown on some technical reason like copyright or scamming. The issue here is there's no obvious victim. Makes a takedown harder.
Since the clone site isn't doing anything obviously malicious like spreading malware or blatantly illegal content none of those parties will take any action whatsoever, nor should they.
It isn't doing that now, but you can't be sure about what they're going to be up to a little ways down the line, the fact that they are clearly trying to misdirect the traffic is proof positive they're up to no good.
Just do a bit of risk assessment if something like this were to be shipped to people that have come to blindly trust the source and you'll see why letting this slip is a very bad idea.
Well, pretending to be an unrelated 3rd party for the purposes of harvesting people's personal information, which can then be used to send them emails, which they will think are from that unrelated 3rd party...
Is this really crypto-jacking? Because it's not clear to me from the article the end user did anything wrong. Maybe it's just "legitimate" cryptomining in an unexpected way.
In many countries, EVERYONE has WhatsApp. In Israel it's how your boss, your work team, your kid's daycare, businesses and government offices communicate with you.
This happened well before Facebook bought them. The solution should have been to not allow the most popular instant messaging platform in the world be bought by a company whose revenue is based on spying on their customers. Unfortunately, the US has had functionally no antitrust action in the past several decades, and what little it has now only exists based on political affiliation.
Which is awesome from a purely technical perspective. The downside is it means your country's communications infrastructure is owned and controlled by Facebook.
If an open protocol version of WhatsApp existed and was universally supported by the default messaging apps on iOS and Android, I'd be all over that.
WhatsApp is the most common worldwide, but not the most common in every country. That could be Facebook Messenger, Telegram, or even something like LINE. (Yes, Messenger and WhatsApp are nearly the same thing these days.) If you have friends from different places you end up with most of the messaging apps installed on your phone.
Came here to post the same. 90% of my messaging is WhatsApp, 10% Telegram. The only thing I use SMS for is 2FA and even that is dying out in favour of push notifications.
Haven't used SMS in 10 years. I had to send a SMS to opt out of one of my carrier's options and I had to do the whole setup for Adnroid's Messages app because I have never opened it.
This seems to be an increasingly popular model: Make an open source project on the one hand and selling a hosted, managed version of the open source product on the other.
IMO the key to doing it right is ensuring that your hosted solution actually provides value: either because its difficult to operate at scale, there are certain regulatory/compliance requirements that need to be met, because certain features are restricted to a hosted product or under an enterprise license, etc.
I've seen a decent number of people create a hosted version of their product, slap SAML/SSO behind an "enterprise" plan, and wonder why nobody their successful OSS product doesn't translate to meaningful hosted revenue.
> Well, it makes sense, you can outsource bug fixing and reporting for free.
In the long term, maybe. In the short to medium term, most of the development ends up being done by the company who created the project.
I guess for simple stuff like typo bugs, people will submit PRs, and maybe organisations with weird use-cases will merge their integrations etc into the project, though.
> Ex: aidoc has an algorithm for brain bleed for case prioritization, not a diagnosis).
Eh... well it's more complicated than that. These systems CAN diagnose, but their regulatory approval is only for use as an aid, not as a diagnosis tool.
I'm not totally convinced by this. Some of the animal archetypes predate the medieval bestiary and appear in, say, Roman or Greek plays, or pre-medieval texts like the Talmud, or Aesop's Fables.
EG Crocodile tears goes back to Plutarch. Lions' association with Kingship is Biblical.
These conditions are exactly what prompted the drug war's start in the first place. Neighborhoods were tired of the addicts and petty (and sometimes not so petty) crime which plagued their day-to-day lives.
I wouldn't be shocked if 10 years from now, these coastal cities are leading the charge on a tough on drugs reversal.
Well, not quite. The reason why the drug wars got started wasn't because of addicts or petty crimes. It was a form of class warfare because they wanted the dirty poors and minorities to stop using their poor drugs.
The history behind the War on Drugs is very explicitly a one divided on racial grounds and a cursory look at things like the legality of marijuana or mandatory minimums tells the full tale.
If this were true, how did the drug laws passed in the 70's hang around for so long? If there was no reason but racism, why didn't Obama, who in his first term had super majorities in Congress, simply wipe them away? You take away the agency and voices of people who live in crime ridden poor neighborhoods which suffer the consequences of high levels of addiction.
In the capital of my state, in just the last few weeks, we've had people high on pcp attack cops (after strangling his girlfriend), shoot at traffic, and pick up a child out of a stroller and slam them on the ground, all unprovoked. Those victims aren't racist in wanting to not have to deal with people high out of their minds.
You're essentially asking why Obama, a fairly centrist liberal by many accounts, didn't end racism forever.
There's a very good reason why black people are disproportionately arrested for drug-related crimes, especially Marijuana, despite having similar usage rates as others.
There's also the fact that members of the Nixon administration outright admitted this fact.
The reason Obama didn't do anything isn't that he's not that worked up over racism, it's just not as simple as waving your hand and saying everything would be great if it only for those racist laws. Drugs reduce inhibitions. People with reduced inhibitions do crazy things, often hurting other people. Families are often willing to support draconian measures so that their kids aren't endangered by some random stranger in some drug induced state of manic paranoia.
Ok so if the only goal of the war on drugs is to arrest people then it's working splendidly. Increasing crime is part of the package rather than an unfortunate side effect because it lets you justify even more arrests. Since the war on drugs does not have improving our society as a goal there is no argument other than racism that could possibly be in favor of it.
The addiction/dependence and public littering problems caused by drugs can be solved with prescribed low dosages which would be administered by a medical professional, not with a prison sentence.
That John Ehrlichman [0] really lives up to his name.
The obvious risk here is a bait and switch, where one of these sites switches their link to the Github repo to point to a malicious imitator repo instead.
One approach would be to go after the sites themselves, not their Google ranking. See if their hosts are willing to take them down. Is there anything you can assert copyright over to hang a DCMA request on? That's hard for an Open Source project, I guess. And the fake sites aren't (yet) doing any actual scamming.
Good luck, though!
reply