Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Wednesday January 12, @01:05AM   Printer-friendly
from the with-great-responsibility-comes-great-LOLability dept.

From Bleeping Computer

Users of popular open-source libraries 'colors' and 'faker' were left stunned after they saw their applications, using these libraries, printing gibberish data and breaking.

Some surmised if the NPM libraries had been compromised, but it turns out there's much more to the story.

The developer of these libraries intentionally introduced an infinite loop that bricked thousands of projects that depend on 'colors and 'faker'.

The colors library receives over 20 million weekly downloads on npm alone, and has almost 19,000 projects depending on it. Whereas, faker receives over 2.8 million weekly downloads on npm, and has over 2,500 dependents.

But the target of this action wasn't the end user - but the big corporations...

[...] The reason behind this mischief on the developer's part appears to be retaliation—against mega-corporations and commercial consumers of open-source projects who extensively rely on cost-free and community-powered software but do not, according to the developer, give back to the community.

In November 2020, Marak had warned that he will no longer be supporting the big corporations with his "free work" and that commercial entities should consider either forking the projects or compensating the dev with a yearly "six figure" salary.

"Respectfully, I am no longer going to support Fortune 500s ( and other smaller sized companies ) with my free work. There isn't much else to say," the developer previously wrote.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by bzipitidoo on Wednesday January 12, @05:24AM (9 children)

    by bzipitidoo (4388) Subscriber Badge on Wednesday January 12, @05:24AM (#1212037) Journal

    Business models suitable for supporting devs are still primitive. That's no reason to break trust and punish users. Did Marak ask for some crowdfunding, before pulling this stunt? No?

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 0) by Anonymous Coward on Wednesday January 12, @09:36AM (2 children)

    by Anonymous Coward on Wednesday January 12, @09:36AM (#1212058)

    Yeah, he wrote free software just to be a beggar, I'm sure.

    • (Score: 1, Insightful) by Anonymous Coward on Wednesday January 12, @10:13AM (1 child)

      by Anonymous Coward on Wednesday January 12, @10:13AM (#1212060)

      If he wrote free software expecting to be wealthy, then he should be classified as insane.

      • (Score: 0) by Anonymous Coward on Wednesday January 12, @10:59AM

        by Anonymous Coward on Wednesday January 12, @10:59AM (#1212066)

        He was already rich from the free software known as Bitcoin.

  • (Score: 1, Insightful) by Anonymous Coward on Wednesday January 12, @02:11PM (4 children)

    by Anonymous Coward on Wednesday January 12, @02:11PM (#1212095)
    >> Business models suitable for supporting devs are still primitive.

    Absolutely false. Keeping the source closed and licensing the software works. Ask everyone working for closed source software businesses. So does running code off a server and charging for use. The only one that doesn't work is the open source model, same as RMS.

    Too funny.

    • (Score: 2, Interesting) by shrewdsheep on Wednesday January 12, @03:24PM (1 child)

      by shrewdsheep (5215) on Wednesday January 12, @03:24PM (#1212122)

      The only one that doesn't work is the open source model, same as RMS.

      Well, that is easily disproved. Quite some open source companies around, even "good" ones: collabora, nextcloud, libreoffice companies,... . It is a bit harder, that's for sure, as you have to keep improving software. You cannot just sit there selling the same (or worse) software (like M$).

      As for RMS: if he doesn't work, he makes infinite profit, right?

      • (Score: 0) by Anonymous Coward on Wednesday January 12, @06:57PM

        by Anonymous Coward on Wednesday January 12, @06:57PM (#1212186)
        Take a close look at closed source apps on Google Play and Apple. Don't you wish ipen source had even 1% of the money developers get for working on that stuff?

        Open source development is mostly for suckers nowadays. In the past you could argue that it gave people seeking paid employment some credibility, but not now, not after log4j, this fiasco, and anyone looking for cred with employers can just write an app or a website that does something interesting without disclosing their source.

        Even devs gotta eat.

    • (Score: 2) by bzipitidoo on Wednesday January 12, @03:37PM (1 child)

      by bzipitidoo (4388) Subscriber Badge on Wednesday January 12, @03:37PM (#1212128) Journal

      > Keeping the source closed and licensing the software works.

      Yeah, works so well that they have absolutely no piracy "problems" whatsoever!

      Nor are users in the least inconvenienced when DRM locks them out of their own property. Or what should be their own property.

      • (Score: 0) by Anonymous Coward on Saturday January 15, @08:45PM

        by Anonymous Coward on Saturday January 15, @08:45PM (#1212999)

        If you're using closed source software you have the executable - you're not entitled to a lifetime of support at no charge, same as open source. You want support, or new features, then pay the closed source devs to make them. Because at some point open source devs will say "fuck it, I gotta eat."

        It's not like the open source community is going to release new versions of software abandoned by developers - the FSF, for example, doesn't actually contribute to updating free abandonware such as emacs.

        The various linux distros don't either - they're too busy twiddling with the desktop UI to bother. (Redhat/IBM will, to increase lock-in, which is why we have unnecessary shit like systemd, which most users neither need nor want).

        log4j was a symptom of how fragile open source development is. And how inept and lacking in coding chops most devs are today, relying on libraries they neither understand nor can write themselves. Time was, a coder's value was in actually being able to code.

  • (Score: 0) by Anonymous Coward on Saturday January 15, @11:25PM

    by Anonymous Coward on Saturday January 15, @11:25PM (#1213034)
    He asked for money back in 2020. He warned everyone that he wasn't going to support it for free forever, and that if he wasn't going to get paid, users should fork it.

    Now, what he did is perfectly legal. Read the standard disclaimer that comes with open-source software. The user does bot own it. They merely have a license to use it. This license comes with absolutely no warranty, including no warranty of fitness for use.

    The developer i certainly has the right to render his own property non-functional, and that's what they did. because, in the end, the code is their property, not the users.

    Anyone who's not happy is free to ask him for a full refund of their purchase price they paid him …

    Don't like it? Pay a dev. A real dev. Not a cut-n-paste monkey. Your business model doesn't allow you to do that? Then your business model deserves to die.