Author: Qin
Lili Source: https://zhuanlan.zhihu.com/p/478412327
Today, I was bored and swiped GitHub to see a project that made my blood pressure rise.
At first glance, 2.4k star should not seem like a small project, it should be a more useful project, but the next thing really makes me very angry
For open source projects, I don't like to download pre-built finished products. I prefer to build from source code by myself, so I am skilled in clone and build locally according to the instructions written in the readme.
As soon as I run it after the build, since it says that it supports Xuetangxing, then enter the address of Xuetangxing and go in and try it out.
Soon, it returned me a video link that is not legal
Then look through the code to see if there is any place that needs to be fine-tuned.
It's amazing to flip through the code. I didn't find any relevant components of XuetangX in the code at all...
I wonder if the project is divided into modules, and then I go to the help of any module that is missing when I clone.
But that's obviously not the case
When I tossed and confused for a long time, I found that there is a line of small words under the readme
Damn you didn't say it sooner
A look at the commit record is really
Open the Release page
Well, if you use GitHub Release but don't upload attachments, you have to use domestic rogue network disks.
What's up with this VIP user?
As the saying goes, curiosity killed the cat, so I decided to download it and try it out
Since this version is obviously different from the open source version in the warehouse, for safety's sake, open sandboxie decisively and run it in a new sandbox.
After installing and starting, okay, sandboxie reported an error to me
The strict template I opened by default does not allow administrator rights, so if you request administrator rights in the sandbox, an error will be reported
But why do you need administrator privileges for a downloader? ? ?
Forget it, I believe that you don't have the ability to break through the sandbox by escalating privileges. Allow one administrator privilege.
As soon as I opened it, this popped up
Log in? Still have to scan the code to log in?
I forked this window, popped it up again, forked it again, and then directly opened the scan code in the browser to log in
How much did you charge for WeChat, and you have to bundle WeChat? Force users to register for WeChat first, right?
Follow the instructions to open the official website of the project, not to mention the css style of the picture, obviously not tested on the high score screen, the 4k screen is directly white on the right side
Who gave you the courage to write open source code? Is the source code you released and the installation package you released the same thing? Can users build something with the same functionality as an installation package from source code?
And according to my analysis of the files in the installation package, this project uses at least node.js, electron, crypto-js, aria2, wkhtmltopdf, ffmpeg and other open source projects, but I haven't seen any use of these in the software and official website. Annotation of open source projects
Publicity should be promoted under the banner of open source, but you are unwilling to honestly implement open source in place. Then who gave you the confidence to promote it like this?
I'm not saying that open source projects can't make money. On the contrary, I support open source projects to make money in a suitable way. For example, mupdf is completely open source but requires additional license fees for commercial use. For example, onlyoffice provides an open source version with exactly the same functions but limited number of users. For example, I contributed translations. LADB is fully open source but paid for listing on the play store I even support a paid copy. These open source projects are all profitable in a suitable and sustainable way, while ensuring the purity of open source, that is, users can access all source code and build fully functional versions by themselves
Even if you really don't want to continue to open source the new version of the source code, you can choose to give up maintaining the current project and create a new project that is not open source.
But I really can't accept the behavior of attracting attention and making money under the banner of open source, but not implementing open source. This kind of behavior that the installation package is obviously different from open source completely loses the security, reliability and reviewability of open source, but uses People's trust in open source software can be said to be sucking open source blood
As a developer who really insists on absolute open source and supports the open source ecology, I really don't want to see the situation of selling dog meat under the banner of open source, and stop sucking the blood of open source.
However, after GitHub blocks the user, his project may still appear in the recommendation, which is amazing
PS: After 4/18 in 2021, the open source source code has not been updated any more. It can be said that the author has absorbed the blood of open source for at least a year, but he can still have more than 700 stars up to now. Are the stars of some Github users given? is too random.
