Mon. Jan 24th, 2022

An open-source developer just nodded at two of his own apps for a title titled

Pictures: Mattick German (Getty Images)

The bizarre developer behind two very popular open-source NPM coding libraries has recently corrupted both through a number of bizarre updates – a decision that has resulted in Brick Project drives relying on them for support.

Marak Squires is the creator behind the popular JavaScript library Fake And Color– whose choices are the main materials of their various coding projects for developers. To give you an idea of ​​how widely these are used, color Spoken Sees more than 20 million downloads per week and Faker gets about 2 million. Suffice it to say, these are very useful.

However, Squares has recently made the bizarre decision to shuffle all of this While he performed a number of malicious updates that wreaked havoc on libraries – he took many dependent projects with him. In the case of color, Squares sent an update that caused its source code to go into an endless repetition loop. As a result, apps use it to emit “Liberty Liberty Liberty” text, which then leads to meaningless, distorted data splurges, effectively crippling their functionality. With Faker, meanwhile, a new update has recently been launched that basically nukes the entire library code. Squares later announced that it would no longer maintain the “free” program.

The whole episode, which seems to have sent developers into panic mode depending on both programs The first observation With by researchers Snyk, An open source security company, as well Blipping computer.

According to these sources, about 20,000 coding projects rely on these libraries for their work, and as a result of recent commitments, many of them are now effectively “bricked”. Or, in layman’s terms, they are fucked up. (“Breaking” is a technical term when a hardware is corrupted by a software problem or other damage and becomes unusable.)

The most confusing thing about this whole episode is that it’s not entirely clear Why Squares did it. Some online commentators have blamed this decision Blog post He published in 2020, where he protested against the use of open-source code from developers like himself in large companies. It is true that corporate America tends to cut financial corners Exploits Freely available coding tools (see only Recent log4j defeat, For example), however, if you are an open-source coder, you will probably know and expect it.

In fact, the way Squares blew up his libraries seems to refute simple explanations. For one thing, the libraries had strange text files with confusing commits that, in the case of the Faker update, referred to Aaron Schwartz. Swartz was a well-known computer programmer Found dead In 2013, an apparent suicide occurred at his apartment. Squares made several more bizarre public references to Swartz during the malicious promise.

“NPM is back to the previous version of the faker.js package and Github has suspended my access to all public and private projects. I have 100s project. # Aaron Swartz, “Squares tweeted on January 8. Just days before the news broke, Squares also tweeted about Swartz and Red shared a Reddit thread Gisline Maxwell, a recently convicted sex trafficker, is linked to her death.

The recent spate of events has also sparked online speculation as to whether Squares is the same person who was charged. For reckless danger In 2020, when a fire broke out in a Queens apartment building owned by Marac Squares, investigators managed to discover the hidden content of homemade bomb-making materials. A number of people commented on Square’s apparent connection to the incident on Monday: “Personally, I have started removing all Marak items from my project whenever possible after this incident.” Tweet Nathan Peck, a developer at AWS Cloud, in reference to the “bomb” episode. “Dude isn’t stable, and I can’t believe his code.” However, Gizmodo found no independent evidence that Bomb-Square and Coding-Square were one and the same.

Anyway, at least I didn’t go down without explaining myself first. For example, we’ve reached out to Square for comment and will update this story if he responds.

Source link

By admin

Leave a Reply

Your email address will not be published. Required fields are marked *