Reports from the Heart of the Machine
Edit: mayoy, canoe
"Do I need permission to delete my own open source project code?"
A few days ago, users of the open source libraries "faker.js" and "colors.js" turned on their computers and found that their applications were outputting garbled data.
Even more shocking, the developers found that marak Squires, the author of "faker.js" and "colors.js, caused the mess.
Overnight, Marak Squires voluntarily deleted all the code in the "faker.js" and "colors.js" project repositories, causing thousands of developers working on both open source projects to crash outright.
「faker.js」和「colors.js」
faker.js with nearly 2.5 million weekly downloads on npm and color .js about 22.4 million downloads per week, the impact of this deletion is extremely serious, and the tools developed using these two projects include AWS CDK and so on.
If the amount of real data is far from sufficient when building and testing your app, the Faker class tool will help developers generate pseudo-data. Faker.js is a Node .js library that generates pseudo-data for multiple domains, including addresses, businesses, companies, dates, finances, images, random numbers, names, and so on.
faker .js supports generating multilingual information such as English and Chinese, and contains rich APIs, which were usually updated once a month. faker .js can use JavaScript not only on the server side, but also JavaScript on the browser side.
Now, all commit information for the faker.js project has been changed to "endgame," and in README, the author writes the following sentence: "What really happened with Aaron Swartz?"
Swartz is a brilliant developer who helped build Creative Commons, RSS, and Reddit. In 2011, Swartz was accused of stealing files from the academic database JSTOR in order to access them for free. Swartz committed suicide in 2013, and Squires mentioned that Swartz may have meant the doubt surrounding the death.
Marak Squires submitted malicious code to colors .js, added a "a new American flag module," and posted it to GitHub and npm.
He then released faker .js 6.6.6 on GitHub and npm, both of which sparked the same destructive event. The broken version causes the application to output strange letters and symbols indefinitely, starting with three lines of text with "LIBERTY LIBERTY" followed by a series of non-ASCII characters:
Currently, color .js has been updated with a working version. faker.js Project has not yet been restored, and developers can only resolve the issue by downgrading to the previous 5.5.3 version.
To resolve the issue, Squires also released an update on GitHub to address the "zalgo issue," which refers to the faulty text generated by a corrupted file.
"We noticed a zalgo error in the v1.4.44-liberty-2 version of colors," Squires wrote in an ironic tone. "We're working on this problem right now, and there will be a solution soon."
Two days after pushing the update to faker.js, Squires tweeted that his GitHub account, where he had stored hundreds of projects, had been blocked. Squires released the latest commit of the faker .js on January 4, blocked on January 6, and pushed the "liberty" version of colors .js on January 7. However, judging from the changelogs of faker.js and colors.js, it appears that his account has been unblocked. It's unclear if Squires' account was blocked again.
At this point, the story doesn't end there. Squires dug up a November 2020 post on GitHub in which he wrote that he no longer wanted to do free work. "With all due respect, I don't want to use my free job to support the Fortune 500 (and other small companies) anymore and use this as an opportunity to send me a six-figure annual contract or fork a project and get others involved."
Squires' bold move drew attention to the ethical and financial woes of open source developers, which could be the target of Marak Squires' campaign. A large number of websites, software, and applications rely on open source developers to create basic tools and components, all of which are free, and unpaid developers often work tirelessly to fix security issues in their open source software.
What do developers think
Software engineer Sergio Gómez said: "Deleting your own code from GitHub violates their terms of service? WTF? This is kidnapping. We need to start decentralizing the hosting of free software source code."
"I don't know what's going on, but I'm hosting all my projects on a GitLab private instance and never trust any internet service provider."
Some netizens thought that the faker .js the team's reaction was somewhat exaggerated, and said: "No one will make a lot of money with a package that only generates some fake data." faker.js does save developers some time generating pseudo-data, but we can also have interns write similar programs to generate data. It's not that important for businesses."
Some even thought that Marak's actions were impulsive, irrational, and linked to his previous rumors of "selling the house and buying NFTs", believing that Marak needed to learn to control his emotions:
Some people originally sympathized with the open source project being "white-hooked", but now turned to think that Marak was maliciously deleted libraries, and pointed out: "It is his right to stop maintaining his project or delete it completely, but it is wrong to deliberately submit harmful code."
Of course, there are also people who complain about the treatment of open source software (FOSS) developers: "I hope that there will be relevant foundations to provide financial support for FOSS developers", and the reliability and stability of the software are also crucial
Some people say that some large companies do not respect the copyright of open source projects, and the abuse of open source projects is absolutely unfair to FOSS developers. But Marak's .js of faker is not advisable, it is not a positive example, and there are personal negative reasons for Marak.
What are your thoughts on this?
Reference Links:
https://www.kancloud.cn/apachecn/zetcode-zh/1950573
https://zhuanlan.zhihu.com/p/326301266
https://www.reddit.com/r/programming/comments/rz5rul/marak_creator_of_fakerjs_who_recently_deleted_the/
Quickly build an enterprise-grade TTS speech synthesis assistant with NVIDIA Riva
NVIDIA Riva is an SDK that uses GPU acceleration to rapidly deploy high-performance conversational AI services for rapid development of speech AI applications. Riva is designed to help you easily and quickly access sessionAL AI capabilities, out of the box, and quickly build high-level TTS speech synthesis services with a few simple commands and API operations.
January 12, 2022, 19:30-21:00, the main introduction of this online sharing:
Introduction to speech synthesis
Introduction to NVIDIA Riva features
Launch the NVIDIA Riva client to quickly implement text-to-speech functionality
Use Python to quickly build Riva-based TTS speech synthesis service applications