From Bleeping Computer
Users of popular open-source libraries 'colors' and 'faker' were left stunned after they saw their applications, using these libraries, printing gibberish data and breaking.
Some surmised if the NPM libraries had been compromised, but it turns out there's much more to the story.
The developer of these libraries intentionally introduced an infinite loop that bricked thousands of projects that depend on 'colors and 'faker'.
The colors library receives over 20 million weekly downloads on npm alone, and has almost 19,000 projects depending on it. Whereas, faker receives over 2.8 million weekly downloads on npm, and has over 2,500 dependents.
But the target of this action wasn't the end user - but the big corporations...
[...] The reason behind this mischief on the developer's part appears to be retaliation—against mega-corporations and commercial consumers of open-source projects who extensively rely on cost-free and community-powered software but do not, according to the developer, give back to the community.
In November 2020, Marak had warned that he will no longer be supporting the big corporations with his "free work" and that commercial entities should consider either forking the projects or compensating the dev with a yearly "six figure" salary.
"Respectfully, I am no longer going to support Fortune 500s ( and other smaller sized companies ) with my free work. There isn't much else to say," the developer previously wrote.
(Score: 2, Touché) by khallow on Wednesday January 12 2022, @04:15AM (6 children)
So what? If you're giving it away for free to people who don't subscribe to the gift economy, there you go. I don't see the point of being upset. The expectation that others would contribute wasn't rational in the first place.
(Score: 0) by Anonymous Coward on Wednesday January 12 2022, @09:34AM (1 child)
Yeah, but they could at least pretend to respect things like ownership and intellectual property. It's his code and his repos, to do with as he wishes, not for ShitHub to decide.
(Score: 2, Insightful) by khallow on Wednesday January 12 2022, @02:19PM
Well, he wished to release the code to the public under license. Restrains his present wishes quite a bit.
(Score: 2) by crafoo on Wednesday January 12 2022, @01:47PM (3 children)
Fine. I don't see any problem what so ever then when people get taken for a cruise down "you should have tested that" fairway.
(Score: 1) by khallow on Wednesday January 12 2022, @02:23PM (2 children)
Because? One inconvenient truth doesn't justify bad behavior.
(Score: 0) by Anonymous Coward on Saturday January 15 2022, @11:03PM (1 child)
Here's an inconvenient truth for ya - he warned people 14 months ago that he wasn't going to support this forever, and that people should fork it.
They didn't? So he broke it? It's no worse than spiking your lunch with laxatives to catxh the office lunch thief. Actually, it's not even as bad …
But either way, if you're not paying for it you don't have any right to complain when shit happens happens. Here's your full refund of your purchase price - $0.00.
Remember the old joke of how if houses were built like software the first woodpecker would end civilization? Depending on a seemingly unlimited supply of free labour from developers isn't going to work during a time of increased and permanent shortages because of the aging population - covid was just gasoline on the fire.
But the software industry is in denial because it doesn't have a viable financial model for open source, and one of the incentives - that contributing developers will have a leg up with potential employers - simply isn't true during times of scarcity, when employers don't want employees to waste time on side projects, and employees can say "fuck you, pay me overtime or I'm going elsewhere."
Even non-unionized workers are realizing that the power balance has shifted. And after outsourcing to India almost bankrupted Boeing, employers play that game at their own risk.
(Score: 1) by khallow on Wednesday January 19 2022, @03:59PM
That's two incredibly dumb arguments. "Spiking your lunch with laxatives" with the expectation that someone will eat it, is something like assault, poisoning, maybe even attempted murder or murder, whatever the harm and felony charges end up being. It's not sane and it's not legal.
Second, as your first paragraph shows, the developer had the legal and respectable choice to just drop support for his software. That would have done it.