Developer Bricks Open-Source Apps Colors and Faker is a mess

Image of the article titled An open source developer caused a lot of chaos by Nuking two of his own apps

Photo: Matic Zurman (Getty Images)

The eccentric developer behind two very popular open source NPM coding libraries has spoiled both libraries with a series of weird updates – a decision that led to Labneh From a large number of projects that I relied on for support.

Marak Squires is the creator of the popular JavaScript libraries remember And Colors—Its ilk are key tools for developers in their various coding projects. To give you an idea of ​​how widespread the use of these colors is It said see more than 20 million downloads per week and Faker gets about 2 million. Suffice to say, they get a huge benefit.

However, Squires recently made a strange decision to spoil it all When he executed a number of malicious updates that sent libraries to libraries – he took a whole lot of dependent projects with them. In the case of Colors, Squires sent an update that caused the source code to continue in an endless iterative loop. This causes the apps you use to emit the text “Liberty Liberty,” followed by a flood of scrambled, stale data, effectively crippling their functionality. With Faker, meanwhile, a new update was introduced recently that has blown up the entire library’s code. Squires later announced that he would no longer maintain the program “for free”.

It seems that the whole episode, which drove developers who rely on both programs into a panic, was so first observed by researchers with Snake, an open source security company, as well as PC.

According to those sources, about 20,000 coding projects rely on these libraries for their work, and as a result of recent commitments, many of them are now effectively “spoofed” – or, in general public terms, decommissioned. (“Bricking” is the technical term for when a piece of hardware becomes damaged due to a software problem or other damage and becomes unusable.)

The most confusing thing about this whole episode is that it’s not entirely clear Why Squires did this. Some online commentators have attributed the decision to A Blog post Published in 2020, he criticized major companies’ use of open source code from developers like himself. It is true that US companies tend to cut back on financial corners by taking advantage Freely available codecs (just look at the file log4j recent disaster, for example), though, if you’re an open source programmer, you’ll ostensibly know and expect it.

Indeed, the way Squires smashed his libraries seems to defy simple explanation. For one thing, the commits that messed with the libraries were accompanied by weird text files that, in the case of Faker’s update, pointed to Aaron Swartz. Schwartz is a well-known computer programmer found dead In his apartment in 2013, apparently a suicide. The Squires also made a number of other strange public references to Swartz around the time of the malicious crimes.

“NPM reverted to a previous version of the faker.js package and Github suspended my access to all public and private projects. I have hundreds of projects. #AaronSwartzSquires tweeted on January 6. Days before news broke of mass building, Squires also tweeted about Schwartz and Share this Reddit thread He links his death to the store with recently convicted sex offender Jeslaine Maxwell.

The latest turn of events has also fueled online speculation about whether Squires is the same person who has been charged. To reckless endangerment In 2020, when a Queens apartment building owned by Merck Squires caught fire, investigators discovered a cache of homemade bomb-making materials. A number of people commented on Squires’ apparent connection to this incident on Monday: “Personally I started removing all Mark’s stuff from my projects whenever possible after this incident,” chirp Nathan Beck, AWS Cloud Developer, referring to the “Bombshell” episode. “The man is unstable, and I wouldn’t trust his code for anything.” However, Gizmodo has not been able to find any independent proof that Bomb-Squares and Squires-Squires are one and the same.

Anyway, it’s a very strange story – one that doesn’t feel particularly fortuitous at this point. As such, we’ve reached out to Squires for comment and will update this story if he responds.

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button