Recently the news broke that a developer sabotaged two of his own libraries open source, causing interruptions in thousands of applications that used them.
Mark Squires, the author of two JavaScript libraries with over 21 dependent applications and over 000 million weekly downloads, updated his plans late last week after being unchanged for more than a year. The updates contained code to produce an infinite loop which caused gibberish to appear from dependent applications, preceded by the words "Freedom Freedom Freedom."
squires did not provide any reason to do so, but a "faker.js" file was changed to "What really happened to Aaron Swartz?"
Swartz was a leading developer who helped establish Creative Commons, RSS, and Reddit. In 2011, Swartz was accused of stealing documents from the JSTOR academic database in an attempt to make them freely accessible.
The activist iInvolved in great causes such as Net Neutrality, he opposed the SOPA and PIPA laws (equivalent to Hadopi in the United States). Aaron Swartz committed suicide in January 2013. Subject to depressive episodes, he was under heavy judicial processes. He faced no less than $ 4 million in fines and 30 years in prison for decrypting and stealing 4 million academic documents from MIT and the Jstor site. An act carried out in the name of free access to knowledge. An act that also earned him the accusation of "crime" ("felony") by the American justice.
Aaron Swartz stubbornly refused to accept the term, according to his colleague Lawrence Lessig. A refusal that, after 18 months of negotiations, would lead to a trial with potentially very severe penalties.
In reaction to his death, several professors at MIT have decided to honor his struggle, which they support, by uploading PDF files of their work to fight against the copyright of scholarly articles. In addition to these professors, MIT also officially and as an institution decided to conduct an internal investigation to determine how the Boston school had acted, in detail, since the start of the document “theft” issue. What if their decisions had not been disproportionate?
At the same time, since included the Swartz reference in the "Readme" fileSquires also tweeted those same words and included a link to a thread claiming that Swartz was murdered after discovering child pornography on MIT servers. This now-deleted post (but available on the Web Archive), included in the thread, read:
“No, it is not Aaron Swartz who should be tried, but this high salaried institution of learning, MIT, which is responsible for the heinous crimes that led to his death. The risks taken by Swartz, who thus threatened MIT, can only be understood through the theme of child pornography orchestrated and produced by his acclaimed teachers and distributed to his wealthy and powerful backers. MIT's cyber pokers serve a clientele that includes the highest echelon of the State Department, large corporations, intelligence agencies, the military and the White House.
Every element of the Swartz Affair indicates that he died in a heroic attempt to expose the perversion that has corrupted the hearts and minds of the world's elite, a heinous and often deadly vice that traumatizes innocent children and threatens every family on this planet.
This display of facts is a winding road that leads from the Sacred Ivy Halls in Boston to the outskirts of Phnom Penh, where a world-renowned professor has organized youth sex services for visiting dignitaries and sent encrypted child pornography via satellite to bases. of illicit data. on the MIT campus.
Nicholas Negroponte, you no longer have a place to hide in Southeast Asia or Africa. You are under surveillance and you will be persecuted relentlessly, not only for child pornography and pimping, but now as an accessory to murder. Your only way out is to return the video files with the full list of names, and you better do that as soon as possible, because the powerful pedophiles on this list will silence you to cover their own tracks. "
Library Sabotage Raises Concerns on software supply chain security, which is crucial for many organizations, including Fortune 500 companies. The two sabotaged libraries, Faker.js and Colors.js, have created problems for people using the cloud SDK from Amazon.
Critics have long said that large corporations take advantage of open source ecosystems without paying properly to the developers for their time. In turn, responsible software developers are unfairly tested.
In fact, Squires said in 2020 that he will no longer support large companies with the work he does for free.
"Take this opportunity to either send me a six-figure annual contract or fork the project and have someone else work on it," he wrote.
The ability of a single developer to curb such a large application base highlights a fundamental weakness in the current architecture of free and open source software. Add to that the havoc caused by overlooked security vulnerabilities in widely used open source applications and you have a recipe for potential disaster.
Source: https://web.archive.org
Hello! This news is missing something that for me also draws a lot of attention: when all these events happened, GitHub (apparently) suspended the programmer's account, alluding that he had violated the "terms of service", blocking him from accessing his own code ... WTF ? Since when do you decide what things an open source programmer can do with their own projects?