Open Source Developer Intentionally Corrupts His Own Widely-Used Libraries

“Users of popular open-source libraries ‘colors’ and ‘faker’ were left stunned after they saw their applications, using these libraries, printing gibberish data and breaking..” reports BleepingComputer.
“The developer of these libraries intentionally introduced an infinite loop that bricked thousands of projects that depend on ‘colors and ‘faker’.”

The colors library receives over 20 million weekly downloads on npm alone, and has almost 19,000 projects depending on it. Whereas, faker receives over 2.8 million weekly downloads on npm, and has over 2,500 dependents….

Yesterday, users of popular open-source projects, such as Amazon’s Cloud Development Kit were left stunned on seeing their applications print gibberish messages on their console. These messages included the text ‘LIBERTY LIBERTY LIBERTY’ followed by a sequence of non-ASCII characters… The developer, named Marak Squires added a “new American flag module” to colors.js library yesterday in version v1.4.44-liberty-2 that he then pushed to GitHub and npm. The infinite loop introduced in the code will keep running indefinitely; printing the gibberish non-ASCII character sequence endlessly on the console for any applications that use ‘colors.’ Likewise, a sabotaged version ‘6.6.6’ of faker was published to GitHub and npm….

The reason behind this mischief on the developer’s part appears to be retaliation — against mega-corporations and commercial consumers of open-source projects who extensively rely on cost-free and community-powered software but do not, according to the developer, give back to the community. In November 2020, Marak had warned that he will no longer be supporting the big corporations with his “free work” and that commercial entities should consider either forking the projects or compensating the dev with a yearly “six figure” salary….

Some dubbed this an instance of “yet another OSS developer going rogue,” whereas InfoSec expert VessOnSecurity called the action “irresponsible,” stating: “If you have problems with business using your free code for free, don’t publish free code. By sabotaging your own widely used stuff, you hurt not only big business but anyone using it. This trains people not to update, ‘coz stuff might break.”

GitHub has reportedly suspended the developer’s account. And, that too, has caused mixed reactions… “Removing your own code from [GitHub] is a violation of their Terms of Service? WTF? This is a kidnapping. We need to start decentralizing the hosting of free software source code,” responded software engineer Sergio Gómez.

“While it looks like color.js has been updated to a working version, faker.js still appears to be affected, but the issue can be worked around by downgrading to a previous version (5.5.3),” reports the Verge:

Even more curiously, the faker.js Readme file has also been changed to “What really happened with Aaron Swartz…?”

Squires’ bold move draws attention to the moral — and financial — dilemma of open-source development, which was likely the goal of his actions.

Read more of this story at Slashdot.

‘A Quadrillion Mainframes On Your Lap’

“Your laptop is way more powerful than you might realize,” writes long-time Slashdot reader fahrbot-bot.
“People often rhapsodize about how much more computer power we have now compared with what was available in the 1960s during the Apollo era. Those comparisons usually grossly underestimate the difference.”

Rodney Brooks, emeritus professor of robotics at MIT (and former director of their AI Lab and CSAIL) explains in IEEE Spectrum:

By 1961, a few universities around the world had bought IBM 7090 mainframes. The 7090 was the first line of all-transistor computers, and it cost US $20 million in today’s money, or about 6,000 times as much as a top-of-the-line laptop today. Its early buyers typically deployed the computers as a shared resource for an entire campus. Very few users were fortunate enough to get as much as an hour of computer time per week.

The 7090 had a clock cycle of 2.18 microseconds, so the operating frequency was just under 500 kilohertz. But in those days, instructions were not pipelined, so most took more than one cycle to execute. Some integer arithmetic took up to 14 cycles, and a floating-point operation could hog up to 15. So the 7090 is generally estimated to have executed about 100,000 instructions per second. Most modern computer cores can operate at a sustained rate of 3 billion instructions per second, with much faster peak speeds. That is 30,000 times as fast, so a modern chip with four or eight cores is easily 100,000 times as fast.

Unlike the lucky person in 1961 who got an hour of computer time, you can run your laptop all the time, racking up more than 1,900 years of 7090 computer time every week….

But, really, this comparison is unfair to today’s computers. Your laptop probably has 16 gigabytes of main memory. The 7090 maxed out at 144 kilobytes. To run the same program would require an awful lot of shuffling of data into and out of the 7090 — and it would have to be done using magnetic tapes . The best tape drives in those days had maximum data-transfer rates of 60 KB per second. Although 12 tape units could be attached to a single 7090 computer, that rate needed to be shared among them. But such sharing would require that a group of human operators swap tapes on the drives; to read (or write) 16 GB of data this way would take three days. So data transfer, too, was slower by a factor of about 100,000 compared with today’s rate.

So now the 7090 looks to have run at about a quadrillionth (10 ** -15) the speed of your 2021 laptop. A week of computing time on a modern laptop would take longer than the age of the universe on the 7090.

Read more of this story at Slashdot.