Fired For Using An Open Source Library?? The Ant Design Christmas Disaster

i've never in my life heard of people avoiding the term "easter egg"

zZGzHD

the main issue was the original title override to "Ho Ho Ho" text which makes the app useless to the users.

paljain

I think it is only acceptable if they are hidden and you need to do a number of specific interactions to view it, for example, the Android easter eggs or the early Windows ones. Or it is an option for developers to turn on or not if they want (with the default being off).

Though still a risk of having such code present as there might be unintentional interactions if it is not isolated.

Lorondos

Just imagine the confusion of receiving a call from your boss on christmas telling you it's snowing all over the company website, and when you go check the next day it's gone.

kpheine

Easter eggs are fine in open source software. Really _not_ in libraries used by developers, or anything that comes with certain expectations. The VLC icon change is cute. This is not lol

fahadus

If someone got fired over this, I don't think that's somewhere I would want to work anyway...

MrMudbill

I don't think anyone will ever trust that library again

srit

This is why in my company, we re-build entire supply chain for dependencies and libraries. We built a custom toolkit that let us scroll the code for changes before merging them into the dependency. If you don't peg the version of dependencies, then you are exposing yourself to this kind of risk.

theclanguagedeveloper

Yeah, an Easter Egg is traditionally triggered by a very specific (and improbable) input. Something that just HAPPENS on a certain day, for every single user of the thing... is not an Easter Egg. It's a problem (bug) intentionally introduced in your system. Yikes! (and I say that as someone who loves introducing funny little easter egg everywhere I work)

Hexalyse

Good reminder that external code is, ultimately, in someone else's hands

mrDjuroman

Just wait until nuclear engineers start leaving new years easter eggs!

Dom-zyqy

Theo be like: "Wait this is great! I'm so going to make a video about your frustration"

MortvmMM

I personally think that if you are the author of an open source project adding things such as easter eggs are completely fine as long as they get documented and treated as any other feature. Meaning that they have documentation and that if they get added in a commit it gets reported in the changelog.

LeprekusGaming

There was s a reason microsoft et al no longer allow easter eggs. It is unauthorised code almost every time

JaeTLDR

After saw this, I will always put Easter eggs like this in all my projects

dragoscatalin

How many people lost their job because GitHub broke their CI/CD by renaming master branch?

azekeprofit

This is just an overall sad situation.

The maintainer who added the easter egg should've known better considering the scale of the project.

(If true) The more sad part is companies which fired devs over it, or worse, learning that China is literally arresting people for celebrating their own festivals.

wlockuz

Well.. It's open source and not paid. The original author is not liable. Devs used their library for free at their own risk.

genechristiansomoza

And that’s only the source that’s “bundled”. The fun part is source doesn’t relate directly to what is pushed to npm. Fun times. Bundlers need to run on trusted servers otherwise you can never trust minified bundled obfuscated sources. It’s a fundamental problem with npm’s package management system. There’s probably not a need to even bundle source on a package management system anymore. Let the consumer bundle. Scary enough and hard enough to audit when you can see the source.

thegrumpydeveloper

This is why all of my in-code easter eggs can only be activated by punching in the Konami code.

DEUTSCHWULF