SecurityHeaders.io ScoreSSL Labs Score

This time, my very simple Offline/plg_sys_offline plugin is copied almost verbatim and released as Offlive/plg_sys_offlive (they didn't even have enough creativity to do more than change a single letter of the name). This lazy hack basically removed the Joomla 2.5 compatibility and added a primitive IP white list (by string comparison), and he stole half of that code from Sivanesh Govindan. The rest of the plugin code is line-for-line identical.

Now, normally I'd take this differently, because Joomla allows for extension forks. These forks MUST provide attribution to the original author, however, Ximware/alebak (Alejandro Arroyave Valencia) released it with none. By failing to provide attribution, he's claiming full credit for the development, when in fact he's done virtually no work whatsoever.

So, I'm going to release a new version with an IP whitelist which supports CIDR netmasks, because I can do that as the original author and because I'm not a hack and I know how to implement a CIDR capable whitelist. I may even add other new features, of which, if any are copied into Alejandro's fork - it will be clear that he's just a thief. Version 2.x of the plugin (yet unreleased) adds an advanced (CIDR capable) whitelist, and has been given several performance improvements.

Don't fall for the trap! Just because it's open source, you don't have the right to steal my work and claim it as your own.

This is fun - a conversation on Github that Alejandro deleted (but I saw that coming, so I took screenshots). The funny part is that he's unable to delete the initial comment (the one above). So unless he disassociates himself with Github, that is going to follow him, along with the notes saying he shut down comments and locked the repository. These are very damning actions to an observer. It's unlikely that he'll ever be able to use this Github account for any business dealings - because it shows that he steals code. I wouldn't want that associated with my name; maybe he's the adventurous type.

Alejandro deleted the issue conversation - but he couldn't delete the issue itself.  

You can find it here:
https://github.com/ximware/plg_sys_offlive/issues/1

 

Discuss this article in the forums (0 replies).