Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Wednesday January 12 2022, @01:05AM   Printer-friendly
from the with-great-responsibility-comes-great-LOLability dept.

From Bleeping Computer

Users of popular open-source libraries 'colors' and 'faker' were left stunned after they saw their applications, using these libraries, printing gibberish data and breaking.

Some surmised if the NPM libraries had been compromised, but it turns out there's much more to the story.

The developer of these libraries intentionally introduced an infinite loop that bricked thousands of projects that depend on 'colors and 'faker'.

The colors library receives over 20 million weekly downloads on npm alone, and has almost 19,000 projects depending on it. Whereas, faker receives over 2.8 million weekly downloads on npm, and has over 2,500 dependents.

But the target of this action wasn't the end user - but the big corporations...

[...] The reason behind this mischief on the developer's part appears to be retaliation—against mega-corporations and commercial consumers of open-source projects who extensively rely on cost-free and community-powered software but do not, according to the developer, give back to the community.

In November 2020, Marak had warned that he will no longer be supporting the big corporations with his "free work" and that commercial entities should consider either forking the projects or compensating the dev with a yearly "six figure" salary.

"Respectfully, I am no longer going to support Fortune 500s ( and other smaller sized companies ) with my free work. There isn't much else to say," the developer previously wrote.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Funny) by Anonymous Coward on Wednesday January 12 2022, @03:38PM (7 children)

    by Anonymous Coward on Wednesday January 12 2022, @03:38PM (#1212129)

    I'm tired of Soylent News and other Fortune 5 companies deriving benefits from my snarky comments. If you guys don't pony up six figures, and maybe a pony now that I've mentioned it, then I'm going to stop posting AC.

    Starting Score:    0  points
    Moderation   +3  
       Funny=3, Total=3
    Extra 'Funny' Modifier   0  

    Total Score:   3  
  • (Score: 0) by Anonymous Coward on Wednesday January 12 2022, @05:23PM

    by Anonymous Coward on Wednesday January 12 2022, @05:23PM (#1212165)

    Uh, did you miss the memo? They're going to start paying us 6 figures next week. Six zeros though... $000,000

  • (Score: 2) by janrinok on Wednesday January 12 2022, @05:29PM (4 children)

    by janrinok (52) Subscriber Badge on Wednesday January 12 2022, @05:29PM (#1212167) Journal

    I agree - I've asked around and most of us here think you should receive at least the same remuneration as an Editor, or even as the Editor-in-Chief. We haven't got any ponies but I think we have a few unicorns left - would a couple of those do instead? I'm not sure that it'll make it up to 6 figures though....

    Soylent News and other Fortune 5 companies

    Looks like somebody thinks we've made the big time guys!

    • (Score: 0) by Anonymous Coward on Wednesday January 12 2022, @07:00PM (3 children)

      by Anonymous Coward on Wednesday January 12 2022, @07:00PM (#1212188)
      Don't you think the site would work better if there was at least one part time paid professional dev available at reasonable rates? On second thought, it's perl - triple time minimum.
      • (Score: 3, Interesting) by janrinok on Wednesday January 12 2022, @10:23PM (2 children)

        by janrinok (52) Subscriber Badge on Wednesday January 12 2022, @10:23PM (#1212230) Journal

        I understand your quip about having to pay extra for a Perl developer, but your comment has a serious side too.

        Maybe employing a programmer would be a good idea, but that would be a big change from having operated since 2014 with an all-volunteer staff. We would have to increase our income accordingly to pay for the developer, and we would have to get involved in contracts, finances, and possibly sundry benefits too. If the community don't wish to support the increased costs by their own contributions then we have to consider alternative ways of raising that income - advertising? selling our data? Not very likely. they are all part of the reason that we did not support Dice's plans for the original /. and created this site in the first place.

        Of course we are aware of the situation that we are in but there is no reason why the software itself should suddenly stop working. We will have to replace the Perl eventually but we still have time to consider what to replace it with. There is not a similar site that we can simply lift up and use. Slash has many thousands of hours of usage and most of the bugs have been found. Writing a new site will undoubtedly result in having to have a team dedicated to writing and testing the replacement while others maintain the current site. Which language to choose for the future site is also an issue. If we are to remain a volunteer organisation then it must be a programming language with sufficient developer support available for many years to come. We have a small but very capable team looking after the hardware systems and they are currently being restructured and simplified to meet our current needs, and we are looking at the options open to us for the future. We know of the frameworks that are out there but they all require a lot of work to change them to our requirements so that we don't simply become another 'framework-based-website' like many, many others already on the web.

        This is only my personal view and it does not indicate any specific plan for the future. We are looking at the alternatives within the constraints and limitations of each of us having families, careers, and a real life to live too.

        But the biggest problem with volunteer websites is that they depend on volunteers.

        • (Score: 0) by Anonymous Coward on Thursday January 13 2022, @01:01AM

          by Anonymous Coward on Thursday January 13 2022, @01:01AM (#1212263)

          I'll give you some free advice I also gave some of your staff, Inline::Python

        • (Score: 0) by Anonymous Coward on Saturday January 15 2022, @09:21PM

          by Anonymous Coward on Saturday January 15 2022, @09:21PM (#1213007)
          So not viable as standalone site using custom code in the long term anyway. Maybe now is a good time to look at hosting providers that you can just use one of the many CMS systems they support.

          Of course, last year would have been a better time - but better late than never. Because perl is like the Monty Python parrot - it's dead.

          The economy has permanently changed. Between the aging population and the dumbing down of the population, we are now into long-term (decade, at least) shortages for many jobs - skilled, semi-skilled, and unskilled. We knew this was going to happen with the aging baby boomer population leaving the workforce, many doing so because of infirmity.

          A good example of this is Harley-Davidson. A bloated, overpriced, and slow bike in comparison to what Harley owners deride as jap scrap. But let's face it, a Kawasaki Ninja bike is way faster, way more agile, way more dependable, and way cheaper.

          Harley owners have always been baby boomers. They stopped publishing the age of their average purchaser back in 2006 when it hit 50. Now it's 65-66. And that age group is starting to have their drivers licenses pulled or restricted because of health problems such as vision deficits.

          So there will eventually be a glut of used Harleys on the market, and only other aging baby boomers will be interested in them.

          This is the same situation as perl - bow a baby boomer language with limited appeal. Even developers who want to "scratch their itch" by helping would rather just do something from scratch. So you're better off starting with the proposition that the "buck feta" code base is a dead end, and ask for help either identifying an alternative that is maintainable going forward, or looking for volunteers that are willing to develop something not written in perl.

          I know if I were offered a million bucks to "do it in perl" I'd say "fuck beta and fuck perl." I've got better things to do with my life.

          Oe of the original value propositions for working on open source projects was giving coders street cred, so they could leverage that into a paid job. As this story shows, that is simply no longer true. Doubly so working on anything written in perl. It makes you less employable because you'll pe pigeonholed as an old fart perl developer. Not a good look nowadays. So if you want to attract talent, scrapping perl is necessary, but not sufficient.

          "It's not a crisis - just the loss of an illusion. Time to take the red pill."

  • (Score: 0) by Anonymous Coward on Saturday January 15 2022, @11:29PM

    by Anonymous Coward on Saturday January 15 2022, @11:29PM (#1213035)
    The libraries in question are javascipt. This site doesn't use javascipt. Javascipt has always been one of the top risk factors of the internet - executing arbitrary code from who knows whete was never a good idea.

    Stupid is as stupid does.