Open Source is one person

I've heard good things about work done by this guy Linus. I'm pretty sure that I've used his work.

I think he comes from a country that borders Russia, so should we be worried?

I've done OSS for many decades; mostly by myself, but sometimes, in teams of volunteers.

If anyone has any experience, working in teams of volunteers, it can be ... challenging.

It can definitely work, but not as often as you'd think. If it works, there's usually some "BDFL," or a common goal that has everyone on the same beam. In my case, it was usually the latter.

I find it more concerning that the DoD uses node.

I might be wrong but npm etc feels like a very large attack surface.

> So while NPM has over 4 million single person projects, they have about 900,000 maintainers for those 4 million single person projects. This will be an important data point at the end.

Am I missing something or was it not, in fact, an important data point at the end?

If they had done an activity check they would have seen that half of all projects have zero maintainers.

[Relevant xkcd.](https://xkcd.com/2347/)

It's interesting to see the periodic rediscovery of "capitalism + technology relies on unpaid, voluntary labour", or as the author puts it, "Open source, the thing that drives the world, the thing Harvard says has an economic value of 8.8 trillion dollars".

The one flaw that I see in the author's analysis though is that they don't seem to account for whether the packages accounted for by their source have dependents or monthly downloads. There's *a lot* of dead code out there. When excluding abandoned packages, I bet the picture is still grim, but it might be less so.

The title of the register article is completely disgusting

> Putin on the code: DoD reportedly relies on utility written by Russian dev

then in the article:

> Hunted Labs told us that it didn't speak to Malinochkin prior to publication of its report today, and that it found no ties between him and any threat actor.

[flagged]