OSS sustainability, log4j fallout, developer damages own code-p1

Adam Baldwin (@adam_baldwin) Amélie Koran (@webjedi)   Log4j vulnerability   https://logging.apache.org/log4j/2.x/license.html https://www.theregister.com/2021/12/14/log4j_vulnerability_open_source_funding/ https://www.zdnet.com/article/security-firm-blumira-discovers-major-new-log4j-attack-vector/  F/OSS developer deliberately bricks his software in retaliation for big companies not supporting OSS.  https://twitter.com/BleepinComputer/status/1480182019854327808 https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/ https://developers.slashdot.org/story/22/01/09/2336239/open-source-developer-intentionally-corrupts-his-own-widely-used-libraries   Faker.js -  https://www.npmjs.com/package/faker Generate massive amounts of fake contextual data Colors.js -  https://www.npmjs.com/pafaker - npmckage/colors get color and style in your node.js console   https://abc7ny.com/suspicious-package-queens-astoria-fire/6425363/   Should OSS teams expect payment for giving their time/code away for free? What are their expectations   Should open source projects be aware of how popular they are? What happens when they reach a certain level of popularity?    OSS Sustainability - https://github.blog/2019-01-17-lets-talk-about-open-source-sustainability/   https://webjedi.net/2022/01/03/security-puppy/   Apparently, "Hobbyists" were the bane of a young Bill Gates: (can you https://en.wikipedia.org/wiki/Open_Letter_to_Hobbyists   https://en.wikipedia.org/wiki/History_of_free_and_open-source_software History of open source   Licensing Overview: https://youtu.be/Eu_GvrSlShI (this was a talk I gave for Splunk on this)   Event-stream = https://www.trendmicro.com/vinfo/hk-en/security/news/cybercrime-and-digital-threats/hacker-infects-node-js-package-to-steal-from-bitcoin-wallets   https://libraries.io/ Libraries.io monitors 5,039,738 open source packages across 32 different package managers, so you don't have to.