We’ve seen a mass outpouring of online pro-Ukraine signaling, almost entirely displacing the enjoyment of COVID-19. I’ve seen the blue and yellow everywhere, both online and also on roadside billboards and other locations. As I write this the colors of Ukraine have been ubiquitous on social media for nearly two months, as the contemporary successor to “#Resist”, “muh blue wave 🌊”, “#BLM ✊🏿”, and signaling of vaccine compliance – but with broader support. And this stuff has reached new levels, particularly effecting areas of the internet that I care most about: gaming and software development communities.
Average Ukraine supporter
That’s to be expected, but I’ve never liked platforms themselves taking explicitly political lines in general – and for a while many platforms weren’t too bad. In the software world, it was always there but mostly in the background. Every open source project has a “community code of conduct” that effectively requires you to be a homosexual, but it wasn’t really in your face and it was easy to disregard.
I first noticed that a major escalation in this respect was taking place everywhere during the renaissance of Black Lives Matter in the wake of the George Floyd riots. Now I assume that most platforms will have political statements about the current thing all over the place.
The open source community hub at GitHub, which will come up again in this post, has this message on its main screen once you log in:
GitHub is a part of the (((international community)))
You can click the link to find more about how GitHub is standing with the international community.
“GitHub is united with the people of Ukraine and the international community in condemning these horrific acts of violence against a sovereign nation and its people. We continue to monitor the events in Europe surrounding the unlawful Russian military invasion of Ukraine.”
In case you need a reminder of what the “international community” consists of:
The International Community: North America, Europe, Australia, Japan, and Israel
Despite their symbolic stance with the “international community”, GitHub made it clear that they will not violate critical open source community norms by blocking Russian developers. They do however support Ukraine by using blue and yellow heart emojis:
“And like many others around the world, we hope for a peaceful resolution for the people of Ukraine and other impacted communities. 💙💛” – GitHub
Many open source communities are following suit. I recently had to work on a PHP application and saw this when running Composer to install dependencies:
Why is this shit in my terminal?
The software development community once railed against attempts to slip adverts into the terminal output. But now that there’s a new political hysteria, this latest encroachment of on-screen real estate has taken place uncontested.
Furthermore, GitHub user Andrew Stetsenko has a repository that provides a list of things that people can do to support Ukraine.
“Call on your government for action. Your business may also be able to help. Brainstorm within your organization for ways to help. Attend all protests you can in your country. Governments are supposed to listen to the people. Control the narrative.”
Emphasis mine.
“There’s a lot of disinformation from Russian media. Most of their news media and channels are completely controlled by the government.”
He also asks people to sign this petition to escalate the situation:
“We, people around the world, are asking NATO member states and Ukraine-friendly countries to close the airspace over Ukraine and deploy peacekeeping troops in Ukraine, provide military assistance to Kyiv and support the Ukrainian people.” – Petition
There’s also the updated README of the open-source project “Leaflet”, one of my favorite Javascript libraries which supports embedding interactive maps into websites. It turns out that it was developed by a Ukrainian who used to live in a place that I am told is called “Kyiv”.
“The Russian soldiers have already killed tens of thousands of civilians, including women and children, and are committing mass war crimes like gang rapes, executions, looting, and targeted bombings of civilian shelters and places of cultural significance. The death toll keeps rising, and Ukraine needs your help.”
How can one help in the face of such horrors? By supporting mainstream liberal journalists of course!
“If you want to help, educate yourself and others on the Russian threat, follow reputable journalists, demand severe Russian sanctions and Ukrainian support from your leaders, protest war, reach out to Ukrainian friends, donate to Ukrainian charities.”
Emphasis mine again.
The README goes on to wish death on people who still support Russia’s actions.
All of this is a serious problem for the idea of an open-source community, for the same reason that it’s a best practice to ban discussions of politics and religion within a workplace. It’s a complete distraction and it can create a hostile environment for contributors that don’t share the prevailing groupthink. But the norms against this have been thoroughly discarded, and the Ukraine situation has provided the latest example of this.
All this took place as the government of Ukraine made an apparently serious appeal for every other country on earth to ban support of Russia.
“I call on all states to criminalize the use of the ‘Z’ symbol as a way to publicly support Russia’s war of aggression against Ukraine. ’Z’ means Russian war crimes, bombed out cities, thousands of murdered Ukrainians. Public support of this barbarism must be forbidden.”
Ukraine is supposedly a country that “shares our values of freedom”, etc.
Shortly after the beginning of the Ukraine war, an active member of the open source community named RIAEvangelist added a new library to the popular Javascript public package registry NPM (Node Package Manager). The package was called peacenotwar.
All the package did was add a text file to the user’s computer called “WITH-LOVE-FROM-AMERICA.txt”, containing a perfect distillation of the retarded ideology of an average reddit user:
“War is not the answer, no matter how bad it is. War brings tragedy and destruction, robbing generations of precious moments and hope for the future. The goal should always be peace.
The soldier puts on their boots for their country, obeying the orders of their government. Find the strength to forgive, come together, and stand up to real injustice and evil.
We are all connected through humanity and only separated because of geographic lines. We may feel insignificant as individuals but when enough people act with the same intention, we create big movements.
Do what you think is right, follow your own morals.
May God bless you and your family. Stay safe.” – RIAEvangelist
This story gets darker. That same user then added malicious code into another project he maintained, called node-ipc, a package for inter-process communication (that’s the “IPC”) that had over one million weekly downloads and was depended on by many large open source projects.
The malicious software went beyond creating new text files with juvenile messages about peace. It also started destroying data on machines it got installed on by overwriting files with a heart emoji – but only if the machine was based in Belarus or Russia (determined by a public IP address check).
From Bleeping Computer:
“Select versions (10.1.1 and 10.1.2) of the massively popular ‘node-ipc’ package were caught containing malicious code that would overwrite or delete arbitrary files on a system for users based in Russia and Belarus.”
GitHub had to put out a critical security advisory:
“The package node-ipc versions 10.1.1 and 10.1.2 are vulnerable to embedded malicious code that was introduced by the maintainer. The malicious code was intended to overwrite arbitrary files dependent upon the geo-location of the user IP address. The maintainer removed the malicious code in version 10.1.3.”
Because of the way dependencies work, this effected all the software that depended on the project.
“Popular JavaScript front end framework ‘Vue.js’ also uses ‘node-ipc’ as a dependency. But prior to this incident, ‘Vue.js’ did not pin the versions of ‘node-ipc’ dependency to a safe version and was set up to fetch the latest minor and patch versions instead, as evident from the caret (^) symbol” – Bleeping Computer
This act crossed a line among many open source contributors, since it hurt many “innocent people” such as human rights groups trying to report on Russian war crimes. More importantly, this affair revealed a major weakness in the open source model and was a major blow to the credibility of the movement.
One GitHub user commented:
“This behavior is beyond f**** up. Sure, war is bad, but that doesn’t make this behavior (e.g. deleting all files for Russia/Belarus users and creating strange file in desktop folder) justified. F*** you, go to hell. You’ve just successfully ruined the open-source community. You happy now @RIAEvangelist?”
While erasing the files of precious human rights activists and damaging the credibility of the open source cult was a bridge too far, the online coding community still generally supports new levels of malicious activity. GitHub user Sergey Zenchenko has a GitHub gist outlining Russian targets and encouraging people to participate in DDoS attacks against them.
“Task # 1 We encourage you to use any vectors of cyber and DDoS attacks on these resources.”
One user was astute enough to warn users that the gist was explicitly encouraging people to commit a federal crime. Open enabling of crime isn’t something that is normally widely supported on the site. Even repositories that support piracy or the breaking of DRM protections profusely pretend to be for “research purposes” (similar to “in Minecraft”). This makes it unusual for viral GitHub gists to openly support breaking federal law.
Less unusual on many social platforms is the mind-blowingly stupid takes that can be found in the comment section:
“‘Crime’ is no more than some words that a politician once wrote in a paper saying it is wrong. But is it wrong to try to shutdown the websites of a government that is massacring innocent people? Whatever your answer for that is, you should reach that conclusion by yourself, not by what is written on a mere piece of paper.” – AnthraxHost, Oliver-Wendell-Holmes-tier legal philosopher
The gist led to an argument about the legitimacy of engaging in vigilante cyber attacks on Russia social services infrastructure.
“Can you at least exclude the public services? Those sites provide access to essential services like medical. I understand you all want to help Ukranian people, but you need to remember that not everybody in Russia wanted for this “operation” to happen, so can you restrain yourself from hurting people who didn’t want this.” – VlaDexa
This is a good point, although it’s not clear why hurting civilians who do support the Z invasion would be any more legitimate or humane.
But that comment isn’t the shot, so VlaDexa got corrected by Confucius-tier moral philosopher on GitHub called ceszkraft:
“Have you seen the news dude? Do you see what the ukraine’s people are suffering everyday? please just stfu” – ceszkraft
What a retard
One Reddit user raised a related question on the r/hacking subreddit:
Very good question
“Correct me if I’m wrong but in this cyber war between Russia and Ukraine the anonymous hacker group have been using Ddos attacks, so if they get caught will they be arrested or will an exception be made due to their cause. In my country Ddos is punishable by a jail sentence/ fine. Any insight helps, thanks” – u/Armweak5104
If DDOS is illegal, then what about “Anonymous”? That’s a really good question that probably doesn’t have a good answer. The conversation quickly focused on whether or not someone could get away with hacking Russian infrastructure without consequence.
“Oh trust me the feds won’t bat an eye if you hack something russian
Unless the russian government snitches on you to the US feds but with the current war going
Yeah nah they aren’t gonna help
Go wild” – u/Not_Cheese_cake (a complete moron)
Even if you take a different view of the conflict from mine (I believe Russia’s actions to be justified), please do not take advice from someone saying “Yeah nah” on reddit.
Random people on GitHub and Reddit trying to organize DDOS attacks are not a serious threat to the stability of any Russian infrastructure. It is trivial for any enterprise system with public internet exposure to mitigate such things. Nevertheless, DDOS is still a federal crime. Even state-sponsored cyber attacks are done with military authorization. Civilians engaged in DDOS activity against a country are illegally acting as cyber partisans.
There are reasons why partisan warfare is often a bad idea, and some of them translate to cyber activities. Even from the perspective of supporting Ukraine, random vigilantes taking out infrastructure is a bad idea. Successful cyber attacks ruin intelligence collection, and there are many circumstances where combatant leadership would prefer to collect intelligence from vulnerable infrastructure rather than disrupt it. That’s a call that would be made with a proper chain of command that weighed the benefits and downsides of either approach. Furthermore, cyber attacks not tracked as part of an overall plan can cause operational problems as well (just as if a real military unit makes an attack without orders). All partisans can do is get in the way.
A likely Ukraine supporter provided some sense to the DDOS conversation:
“I know there was a DDoS script floating around here and I do not agree with that behavior for the following reasons:
- Military and intelligence agencies need for internet connectivity and compromisable services to be up.
- Any individual found to be interfering with those operations will receive a swift and just punishment.
- Don’t be a dumbass. Leave the Ops to the pros and stop larping.
This isn’t directly targeted at you or anyone else, but goddamn people are either really dense or useful idiots that can’t see when they’re doing more harm than good by bandwagoning.” – u/NotChadImStacy
From the earlier thread on r/hacking, in response to a comment that suggested that most Russians are probably good people who don’t like war:
“Sadly “MOST” russians are pieces of shit. Russians you are talking about is like 30% of population.
Edit: I don’t expect anyone outside Eastern Europe to understand it. If you have lived here, you know about all this propaganda, and if you know russian language, you know for a fact what I am talking about. Downvote all you want, but the fact that russia is filled to the brim with trash people is a fact.” – u/HarrasingStone
The hysteria continued, with users online acting in exactly the same way as large corporations. As users called for increasing hostility against all things Russian, corporations ceased operations in Russia or banned Russian users to protest the conflict.
“Merck said it pauses investments in Russia, but will continue to supply life-saving medicines and vaccines to the country” – Reuters
To further explore the online attitudes of people towards Russia and Ukraine, I took a visit to one of my oldest stomping groups: the hellscape of Blizzard’s official World of Warcraft forum. Almost immediately after the Ukraine conflict began, players rallied to a thread calling for a ban on Russians playing the game.
“Russia needs to be blocked from WoW. Iran and the illegally annexed Crimea region are already blocked. These posts are appearing every day on the EU forum. People don’t want to play with Russians who make troll remarks about massmurdering civilians and thinking they are clever by using ‘Z’ as a dogwhistle.” – Zephinism, Level 60 Orc Hunter
A few people had clever responses, such as calling for Blizzard to ban the United States and Saudi Arabia over the Yemen crisis, but most thread participants supported banning all Russians from playing games online.
“Everything needs to be done to destroy the Russian economy and send them to the dark ages. Get them off WoW, get them off every damn thing. Sorry to Russian citizens but your country is the biggest threat to the human race we currently have and needs to be stopped.” – Cody, Level 60 Troll Druid
“I trust sources like NYT or official UN reports more than Ukrainian news sources if that tells you anything. I don’t limit myself to a single news source.” – Kharneus, Level 60 Human Mage (you’ve never debated someone like him before)
Whether as the result of player pressure or not, Blizzard decided to ban Russians (and Belarussians) from playing World of Warcraft and other games. The ban also extended to Russian separatist regions of Ukraine.
One reddit user complained of being mistakenly caught up in the ban:
“Hi. My name is Yaroslav and I live in the Kramatorsk city, Ukraine. The city that was and is under Ukraine control. Past week I had problems with an access to battle.net and tonight I and looks like many other people got theirs b.net accounts banned. Nothing is in the mail, no way to contact support because you need to log in for it. For me World of Warcraft was a one of the little things that kept me distracted from the horrors that are going on around me and now just because I live close to sanctioned region I lost it.” – u/Corvius
“Blizz Customer Support explained that players from Luhansk, Donetsk and Crimea might have problems accessing the game, so it’s based on IP and it’s not a ban. Kramatorsk is in Donetsk Oblast, so yeah.” – u/arfw
Much like other reddit threads, the overwhelming consensus was in favor of this gamer regaining access but ultimately supporting the blocking of all Russians from everything. This is apparently also Blizzard’s corporate position, since the OP claimed that he was able to resolve his issue with customer support.
Online culture has deteriorated a lot over the past decade, and the recent mob behavior and obsession with “the current thing” has led to the disregard of decent norms. I have increasingly vague memories of an internet culture that was more seriously skeptical of American imperialism, more committed to free expression, and that prioritized norms of internationalism and openness over enthusiastic collaboration with U.S. sanctions.
That’s a distant memory now as online communities, even around technology and gaming, are continually bending over backwards to be involved with whatever the current thing is. It’s been a long time since these communities were anything like a real counter-culture, and while I’m sure that I’m guilty of holding a romantic vision of an earlier age I can’t help feeling that something of value has been lost.
These fucking “support current thing” cunts ruin everything, and that includes the only ‘safe space’ White guys had in the form of gaming communitys. America needs to collapse so these fat faggot neckbeard nerds can get curb stomped.
You must live in a shit area. I’ve seen one Ukraine flag irl, luckily.