This is really confusing to me. The original discussion was about changing licenses, but somehow (coincidentally?) there was malicious code discovered shortly after? Are these related?
Should be added that the malicious part is often done by a third party that takes over an open source project when the original developer doesn't have the time/energy/money to maintain their open source/free work. Many Chrome extensions end up being sold for thousands or just hundreds of dollars because there's no money in them and the dev isn't all that interested.
Society as a whole could easily avoid this by funding open source/free utilities to the point where malware makers need to spend significant cash to outbid yearly community support, but unfortunately maintaining anything available online for free is a thankless job that barely covers the electricity required to maintain the code.
In this case too, the developers behind the theme seemed to want to monetise their work, which had attained almost 4 million installs, in the past, but found themselves with a rather unwilling customer base. I don't know if they snapped and uploaded something malicious or if they're intentionally making it hard for forks to copy their work, but either way the lesson learned is that if you want to make money you should just abandon your free projects and start something else.
Every time piracy or Youtube ads come up, HNers grandstand on how they don't even pay a dime to the content creators making the hundreds of hours of videos they watch.
GGs if you want a buck for the VSCode theme you made.
I proudly block ads while giving directly to the people that make the stuff I like.
I know I'm in the minority, but I block ads because of memetic hygiene. I don't want to deprive artists but I'm not sitting through adslop for a podcaster's sake.
With Youtube at least, you can buy Youtube premium, so you don't have to sit through Youtube ads without needing an ad blocker (though you'll still have to sit through any ads the Youtuber directly adds into the video itself).
At £12/month YT Premium feels rather expensive for what we'd get out of it (though we have considered it for our Dad who uses it for music and train videos a lot) compared to other subscription services.
Also note that while it takes away the ads, it does nothing about the stalking (which bothers me much more than the adverts themselves) the results from which will be used to serve ads if you cancel in future (and in any case may be made available, directly or otherwise, to third parties, unless that part of the terms has changed).
- build an open-source thing
- wait till thousands or millions of people are using it
- change the license and close down the source
- implement malicious code
- push an update
- profit! you now have your malware running on millions of systems