• Home
  • About
  • Contact us
  • Submit a News Releases
Tech News, Magazine & Review WordPress Theme 2017
  • Computing
  • Entertainment
  • Gaming
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space
No Result
View All Result
  • Computing
  • Entertainment
  • Gaming
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space
Technovanguard — Be at the forefront of technology news
No Result
View All Result

Open source developer corrupts his own files, impacting millions

Justin Rowell by Justin Rowell
10.01.2022
Home Computing

A GitHub developer has reportedly corrupted two important open source files he created with an update that triggers infinite loops, impacting millions of users who access the libraries for software development.

Marak Squires developed the two libraries, colors.js and faker.js, to add colours to Node.js consoles and generate fake data for demos. According to the Node.js package manager website NPM, colors.js has more than 23m weekly downloads while faker.js has nearly 2.5m.

First reported by Bleeping Computer, Squires intentionally introduced an infinite loop that ‘bricked’ thousands of projects that depend on the two libraries. This led to users, including those working with Amazon’s Cloud Development Kit, to report the bug to GitHub thinking they were compromised.

Squires added a ‘new American flag module’ to the latest version of colors.js and then posted it on GitHub and NPM, triggering three lines of the words “liberty liberty liberty” followed by incomprehensible characters in a loop. Faker.js was similarly sabotaged with the publishing of version 6.6.6.

According to The Verge, colors.js seems to have been updated to work, while faker.js may still be affected. Users of faker.js can resolve the issue by downgrading the update to a previous version of the file, v5.5.3.

Days after posting the updates, Squires took to Twitter to complain that his account had been suspended by GitHub.

NPM has reverted to a previous version of the faker.js package and Github has suspended my access to all public and private projects. I have 100s of projects. #AaronSwartz pic.twitter.com/zFddwn631S

— marak ? (@marak) January 6, 2022

While not stated explicitly, the motivation behind Squires’ actions could date back to November 2020 when, according to a GitHub post found by Bleeping Computer, he wrote that he no longer intended to support Fortune 500 and other companies with his free work.

“There isn’t much else to say. Take this as an opportunity to send me a six figure yearly contract or fork the project and have someone else work on it,” he wrote.

Squires’ actions have once again raised the issue of unpaid open source work that often plays an important role in the software infrastructure that is monetised by major companies.

Filippo Valsorda, a member of the Google Go team and an open source developer, argued in a blog post last year that companies should pay open source developers: “Open source software runs the internet, and by extension the economy. This is an undisputed fact about reality in 2021.”

Last month, some of the world’s major tech companies, including Microsoft, Apple and Amazon, were affected by a cybersecurity threat dubbed Log4Shell. This stemmed from a Java-based logging utility that could potentially give a hacker unrestricted access to a company’s computer system.

Governments across the world, including the US and Ireland, rushed to advise organisations with web servers to take immediate steps before hackers get there first. “There is no evidence of any successful exploitation of this vulnerability in the State,” the National Cyber Security Centre said.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Technovanguard’s digest of need-to-know sci-tech news.

The post Open source developer corrupts his own files, impacting millions appeared first on Technovanguard.


Next Post
Tom Clancy’s Rainbow Six Extraction Hands-on Preview – Left 4 Siege

Tom Clancy’s Rainbow Six Extraction Hands-on Preview – Left 4 Siege

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended.

The science fiction and fantasy books we’re excited for in 2022

The science fiction and fantasy books we’re excited for in 2022

09.01.2022
Qualcomm’s new Snapdragon chip promises more power, less battery drain

Qualcomm’s new Snapdragon chip promises more power, less battery drain

15.06.2022

Trending.

LANL Publishes Guide to Quantum Computer Programming

LANL Publishes Guide to Quantum Computer Programming

15.06.2022
A Global Ocean Biogeochemical Observatory Becomes a Reality

A Global Ocean Biogeochemical Observatory Becomes a Reality

21.03.2022
ROCK5 Model B : une carte de dev sous RK3588

ROCK5 Model B : une carte de dev sous RK3588

13.01.2022
7 Essentials You Need to Complete Your Twitch Streaming Setup

7 Essentials You Need to Complete Your Twitch Streaming Setup

15.12.2021
XT-ZB1 DevKit : un module Zigbee et Bluetooth RISC-V à 2€

XT-ZB1 DevKit : un module Zigbee et Bluetooth RISC-V à 2€

27.12.2021
Technovanguard — Be at the forefront of technology news

Technovanguard - The latest news from the world of IT and modern technologies.

Categories

  • Computing
  • Entertainment
  • Gaming
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space
  • Без рубрики

Tags

FEATUREDNEWS

Recent News

Tech giants form Metaverse Standards Forum to promote collaboration

Tech giants form Metaverse Standards Forum to promote collaboration

26.06.2022
The Umbrella Academy cast shares their favorite group scenes from season 3

The Umbrella Academy cast shares their favorite group scenes from season 3

26.06.2022
  • Home
  • About
  • Contact us
  • Submit a News Releases

© 2021 technovanguard.com.

No Result
View All Result
  • Computing
  • Entertainment
  • Gaming
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space

© 2021 technovanguard.com.