Slash Boxes

SoylentNews is people

posted by janrinok on Wednesday January 12, @01:05AM   Printer-friendly
from the with-great-responsibility-comes-great-LOLability dept.

From Bleeping Computer

Users of popular open-source libraries 'colors' and 'faker' were left stunned after they saw their applications, using these libraries, printing gibberish data and breaking.

Some surmised if the NPM libraries had been compromised, but it turns out there's much more to the story.

The developer of these libraries intentionally introduced an infinite loop that bricked thousands of projects that depend on 'colors and 'faker'.

The colors library receives over 20 million weekly downloads on npm alone, and has almost 19,000 projects depending on it. Whereas, faker receives over 2.8 million weekly downloads on npm, and has over 2,500 dependents.

But the target of this action wasn't the end user - but the big corporations...

[...] The reason behind this mischief on the developer's part appears to be retaliation—against mega-corporations and commercial consumers of open-source projects who extensively rely on cost-free and community-powered software but do not, according to the developer, give back to the community.

In November 2020, Marak had warned that he will no longer be supporting the big corporations with his "free work" and that commercial entities should consider either forking the projects or compensating the dev with a yearly "six figure" salary.

"Respectfully, I am no longer going to support Fortune 500s ( and other smaller sized companies ) with my free work. There isn't much else to say," the developer previously wrote.

Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Saturday January 15, @09:21PM

    by Anonymous Coward on Saturday January 15, @09:21PM (#1213007)
    So not viable as standalone site using custom code in the long term anyway. Maybe now is a good time to look at hosting providers that you can just use one of the many CMS systems they support.

    Of course, last year would have been a better time - but better late than never. Because perl is like the Monty Python parrot - it's dead.

    The economy has permanently changed. Between the aging population and the dumbing down of the population, we are now into long-term (decade, at least) shortages for many jobs - skilled, semi-skilled, and unskilled. We knew this was going to happen with the aging baby boomer population leaving the workforce, many doing so because of infirmity.

    A good example of this is Harley-Davidson. A bloated, overpriced, and slow bike in comparison to what Harley owners deride as jap scrap. But let's face it, a Kawasaki Ninja bike is way faster, way more agile, way more dependable, and way cheaper.

    Harley owners have always been baby boomers. They stopped publishing the age of their average purchaser back in 2006 when it hit 50. Now it's 65-66. And that age group is starting to have their drivers licenses pulled or restricted because of health problems such as vision deficits.

    So there will eventually be a glut of used Harleys on the market, and only other aging baby boomers will be interested in them.

    This is the same situation as perl - bow a baby boomer language with limited appeal. Even developers who want to "scratch their itch" by helping would rather just do something from scratch. So you're better off starting with the proposition that the "buck feta" code base is a dead end, and ask for help either identifying an alternative that is maintainable going forward, or looking for volunteers that are willing to develop something not written in perl.

    I know if I were offered a million bucks to "do it in perl" I'd say "fuck beta and fuck perl." I've got better things to do with my life.

    Oe of the original value propositions for working on open source projects was giving coders street cred, so they could leverage that into a paid job. As this story shows, that is simply no longer true. Doubly so working on anything written in perl. It makes you less employable because you'll pe pigeonholed as an old fart perl developer. Not a good look nowadays. So if you want to attract talent, scrapping perl is necessary, but not sufficient.

    "It's not a crisis - just the loss of an illusion. Time to take the red pill."