This is a text automatically translated from Italian. If you appreciate our work and if you like reading it in your language, consider a donation to allow us to continue doing it and improving it.
The articles of Cassandra Crossing I'm under license CC BY-SA 4.0 | Cassandra Crossing is a column created by Marco Calamari with the “nom de plume” of Cassandra, born in 2005.
New comment from Cassandra on a very important piece of news that perhaps went a little too under the radar. We are not telling you anything and we recommend reading this article to understand more.
This article was written on March 21, 2022 from Cassandra
Cassandra Crossing 497/ Neo Luddism
Sometimes one finds power in one's hands; How will he use it?
“A specter is haunting free software: the specter of Luddism being reborn.”
This paraphrase of the incipit of the "Communist Manifesto" is actually an attempt to describe an apparently different phenomenon which happened twice in two months; the developers, or more precisely the maintainers of some software libraries, to be precise the libraries Javascript colors And node-ipc, they inserted, in a new version of the libraries that they patiently and free of charge, a destructive payload, a real malware.
In the case of colors the payload is elementary, it "simply" sends the first call to the library into an infinite loop, while in the very recent case of node-ipc the payload is a real malware (of the "wiper" type) that attacks the developer's machine, erasing and overwriting the software he was working on.
In this case the “official” motivation is an “act of protest” against Russian aggression against Ukraine; node-ipc, in particular, unleashes its destructive action only if the computer on which it is launched has an IP registered in Russia or Belarus, thus behaving like a "naive" version of the much more well-known and powerful Stuxnet, therefore a real "weapon".
But let's stop here in the technical description; further IT details are easily available on the Internet, and Javascript confirms itself as the most dangerous language in the world, together with all those, such as Perl and Python, which automatically load libraries from vast and magmatic Repositories of software, into which thousands of unknown developers pour their sweat.
Security specialists and intelligence agencies have been worrying about this phenomenon since January, which technically belongs to the class of "supply-chain attack" attack vectors (remember "Solarwinds"?); Even the president of the United States talked about this new case, so the issue must be quite important.
Cassandra is instead interested in the "political", or rather "class" aspect of this phenomenon.
And not with regards to taking sides in the ongoing conflict, but with regards to the current "accumulation of software capital" which has allowed the contemporary software ecosystem, both free and proprietary, to be born and evolve, to the point of becoming the basis of technological society of the third millennium.
It is a very important phenomenon, which the future history of the "technological revolution" will tell as the historic event that it was.
And in this context, which required many words to be expressed, Cassandra would like to understand the motivations that pushed two human beings, so similar to the hacker culture in certain traits of behavior (need it be repeated "in the original positive sense"?) to employ part of their life in the service of others, to act in a manner very similar to that of cybercriminals.
And here there are no certainties; if we see these people as part of a production system based on the exploitation of labor, then the term of Neo Luddites, that is, of workers who destroy the machines they work with as a form of revolt against exploitation, is absolutely fitting.
This is a description in terms of “power”. The software “workers”. Open source or Free, who donate their work every day without even being paid, even by those who "exploit" their work commercially (extreme form of "exploitation" of work), destroy, or rather damage "the machines", the software ecosystem of which they are part.
It is not Cassandra's job to judge or point fingers, tracing that line, always very evanescent, questionable and difficult to identify that separates the "good" from the "bad".
No, instead let's go back to the technical definition of the phenomenon, the world of software turns out to be populated by many, many unknown people who have a personal, powerful and unstoppable "attack vector" at their disposal; stuff that makes the cybercriminals behind “SolarWinds” seem like confusing incompetents from this point of view.
And power corrupts.
In the third millennium we cannot afford this type of behavior. Not because it is intrinsically more or less wrong, but because, in our Luddite comparison, there is only one "machine", it is the entire software ecosystem, which we cannot afford to "break", because we all live inside it.
And who, in this moment, discovers himself fragile and vulnerable; and that for this very reason it will have to change profoundly.
It is a real shame, not only for the dangers, costs and consequences that this change will require, but because the last crumb of the Internet of the past, that of abundance, in which everyone was good and generous, is today really disappeared.
Not even free software developers can "trust" each other anymore, because power corrupts, it corrupts even those you wouldn't expect.
Marco Calamari
Video column “A chat with Cassandra”
Cassandra's Slog (Static Blog).
Cassandra's archive: school, training and thought
Join communities
If you have found errors in the article you can report them by clicking here, Thank you!