Saturday, November 23, 2024

Developer Insanity – Willfully Sabotage 2 Popular Open Source Libraries, Here Are The Effects

Date:

Open source technology is undoubtedly a great resource for users of the world wide web, but how happy are the developers who work “for free” to make money, perhaps some multinationals. This is what Marak Squires, one of the GiftHub developers, must have thought, who reportedly said he was tired of supporting companies that make millions from their (free) work.

Marak Squires di GitHub Sabotage Due to Open Source Libraries – Adobe Stock

To do this, Squires has deliberately damaged two open source libraries created by himself, with an update code that activates infinite loops impacting millions of users who access them. The two libraries are color.js and faker.js and are used, respectively, to add colors to Node.js consoles and general dummy data for demos. Two libraries of 23-25 ​​million weekly downloads.

Open source, the block: modalities, causes and consequences

Open source matrix 20220112 cmag
Open Source Matrice – Adobe Stock

To give his gesture even more force, developer Squires added a “new shape of american flag“To the latest version of colors.js and then posted it to GitHub and NPM, activating three lines of the words “freedom freedom freedomFollowed by incomprehensible characters that repeat themselves indefinitely. In the same way, or almost, Faker.js it has been sabotaged with the release of version 6.6.6.

The “problem” was first reported by computer beep, where the problem arose: Squires, in fact, has introduced an infinite loop in the libraries that has effectively crashed thousands of projects that depend on the correct functioning of the two libraries. Therefore, users, including those who work with the Amazon Cloud Development Kit, reported the bug to GitHub thinking they were hacked.

According to the authority the edge, colors.js seems to have been updated to work normally, while faker.js can still be affected by the bug. But even if that were the case, users of the latest library can fix the problem by downgrading the update to the older version of the file, more precisely v5.5.3.

Behind Squires’ motivations, there seems to be a willingness not to want to continue supporting companies like the Fortune 500 and others with their free work. “Not much more to say – wrote Squires – You can present this as an opportunity to send me a six-figure annual contract or have someone else work on the project.“.

If Squires wanted to raise the issue of unpaid open source work, he has succeeded. In fact, there has been extensive discussion on the subject, with statements that have come from around the world.

Second filipo valsorda, Google Go team members and open source development companies must pay open source developers: “Open source software runs the Internet and, by extension, the economy. This is an indisputable fact about reality in 2021“read a statement issued last year.

READ ALSO >>> Samsung forever lowers the curtain on Tizen: goodbye to the App Store too

Kayla Underkoffler, Senior Security Technologist at HackerOne, also said that projects like the Internet Bug Bounty help organizations of all sizes tackle cyberattacks like Log4Shell by raising funds to incentivize research on open source vulnerabilities.

READ ALSO >>> Google vs Apple: new break point for iMessage that ‘marks’ Android users

Most organizations do not have direct control over open source software within supply chains to easily correct these weaknesses. Protecting this often underfunded software is a must for any organization that relies on it.“, He warned.

Ebenezer Robbins
Ebenezer Robbins
Introvert. Beer guru. Communicator. Travel fanatic. Web advocate. Certified alcohol geek. Tv buff. Subtly charming internet aficionado.

Share post:

Popular

More like this
Related

Practice Acrylic Nail Techniques Without Needing a Fake Hand

When you're starting your journey with acrylic nails, practice...

Inside the World of Common Snapping Turtles: Behavior and Habitat

The common snapping turtle (Chelydra serpentina) is one of...

How to Use Video Marketing to Promote B2C Products?

Video marketing has emerged as a powerful tool for...

Adapting to Change: The Future for Leopard Tortoise Environments

Leopard tortoises, known for their striking spotted shells and...