Developer nukes his extensively used JS libraries to protest corporate use without compensation

Cal Jeffrey

Posts: 3,447   +1,029
Staff member
A hot potato: Open-source software (OSS) comes in a variety of flavors. Some are massive projects developed and maintained by thousands of volunteers. Others are smaller programs that might only be supported and worked on by a single developer sharing to GitHub. Because OSS is sometimes freely used by large corporations, there is a bit of controversy over whether these companies should contribute to the community monetarily.

It appears that an open-source developer has intentionally fried two widely used javascript libraries. The commits to faker.js and colors.js caused programs using them to get stuck in an infinite loop.

Developers use the faker library to generate fake contextual data for testing or demos, while colors adds color to javascript consoles. Thousands of programs use these public packages, with faker seeing around 2.5 million weekly downloads and another 22.4 million per week for colors.

Marak Squires, the developer of the two libraries, uploaded version 6.6.6 of faker to GitHub and the NPM registry earlier last week. Colors "v1.4.44-liberty-2" was committed on Saturday. Both updates cause the same behavior. When called, "Liberty Liberty Liberty" outputs on the first three lines followed by a string of Zalgo text representing an American flag. Colors has since been fixed, but faker remains on version 6.6.6. Developers using faker should switch back to the last valid version (5.5.3).

Squires's reasoning for sabotaging the libraries is unclear. Some suggest that because of the "liberty" theme and a seemingly sarcastic GitHub issue report, Squires may be trying to grab attention for the plight of unthanked open-source developers.

Back in November, in a comment thread on his faker.js GitHub page titled, "No more free work from Marak - Pay Me or Fork This," Squires said he was going to quit freely supporting "Fortune 500" companies that, in his mind, steal his work without compensation.

"Respectfully, I am no longer going to support Fortune 500s ( and other smaller sized companies ) with my free work," he noted. "There isn't much else to say. Take this as an opportunity to send me a six-figure yearly contract or fork the project and have someone else work on it."

Squires has also changed the "read me" file for faker.js to simply say, "What really happened with Aaron Swartz?"

Aaron Swartz was a developer/hacktivist who helped found Creative Commons, RSS, and Reddit. Swartz was accused of stealing documents from JSTOR to make them public and then committed suicide in 2013 after a prolonged legal battle.

Regardless of his motives, the stunt got Squires suspended from GitHub, removing his access to the two affected libraries, as well as the hundreds of other public and private projects he has uploaded.

While most in the community were not surprised that GitHub punished Squires for rendering his own software useless, many support him for his decision to call attention to a for-profit industry that has grown to feel entitled to the unpaid labor of others.

"Removing your own code from [GitHub] is a violation of their Terms of Service? WTF?" said developer Sergio Gómez in support of Squires's actions. "This is a kidnapping. We need to start decentralizing the hosting of free software source code."

"The responses to the colors.js/faker.js author sabotaging their own packages are really telling about how many corporate developers think they are morally entitled to open source developers' unpaid labour without contributing anything back," tweeted another OSS community member.

It's worth mentioning that most members of the OSS community support the continued development of free-to-use software because they are passionate about programming. However, there is an expectation that those that benefit from OSS use contribute something back to the community, even if it's just fixing bugs or some other type of support.

Permalink to story.

 

m4a4

Posts: 2,840   +3,604
TechSpot Elite
Was it setup to be free? Were the terms of use non-restrictive to the point that large corporations could use it freely? If so, that's the creators fault.

And as for the creator sabotaging their own code, that should also be up to the creator. Unless it is somehow against TOS, free users have no expectation of working code without a contract (by purchasing it).

All sides look like they are in the wrong...
 

sorten

Posts: 124   +158
Fortune 500 companies don't have their own curated npm registry rather than pulling from the public registry? That's news to me.

This seems to be a growing trend in the OSS community. There are licensing options that allow for free use for companies under a certain size or annual revenue numbers, but I guess that takes time & money to set up.
 

Dimitriid

Posts: 2,080   +3,983
Fortune 500 companies don't have their own curated npm registry rather than pulling from the public registry? That's news to me.

This seems to be a growing trend in the OSS community. There are licensing options that allow for free use for companies under a certain size or annual revenue numbers, but I guess that takes time & money to set up.

This licensing options are sometimes just not used by the open source community because of what I can only describe as fanatic adherence to the commonly used GPL variants of licensing. Without getting (too deeply) into politics, that's kind of the reason why open source ends up the way it does: It was created with important short sights in regards of who gets to use it and who maintains it.

Basically in a perfect world that's necessarily a world without a profit motive, the model would work well since devs would actually take the incentive of always forking core libraries and never using them directly on their own frameworks and projects.

That however, takes time. And time is literally money so the more time one can save translates into literal profits in the mind of a profit seeking entity like well, all of the Fortune 500 quoted by this dev.

Free software needs to account for the existence of both proprietary software and the basic need for devs to exist within a capitalist mode of production instead of building up massive projects and basically the entire cloud infrastructure and much of the modern web development on the backs of a few hobbyists that are understandably just not equipped to maintain the backbone of such massive endeavors while getting compensated still as how they started: As hobbyists seeing little to nothing in the ways of remuneration for work that has grown orders of magnitude beyond their initial thoughts about just doing a bit of coding for fun or learning.
 

brucek

Posts: 1,103   +1,618
Totally within his rights: never sharing it in the first place; or abandoning at any time; or charging money for fixes or feature requests.

Not within his rights: fraudulently describing the function of the software, deliberately enticing others to install it under the false belief it will do A when instead it will do harmful action B. The fact that there's no charge is no more a shield than if a house handing out free Halloween candy laced some of it with poison. (Obviously, the severity is far different, but the reason it's wrong is the same.)

Economic commentary: he's looking in the wrong direction for compensation. His and everyone else's entire tech life is built on a vast mountain of contribution that came before him. There is mutual benefit, lots of it. Further, using his talents to push all corporations into wastefully re-implementing their own proprietary versions of common functionality, is in no one's interest.
 

sorten

Posts: 124   +158
This licensing options are sometimes just not used by the open source community because of what I can only describe as fanatic adherence to the commonly used GPL variants of licensing. Without getting (too deeply) into politics, that's kind of the reason why open source ends up the way it does: It was created with important short sights in regards of who gets to use it and who maintains it.

Basically in a perfect world that's necessarily a world without a profit motive, the model would work well since devs would actually take the incentive of always forking core libraries and never using them directly on their own frameworks and projects.

That however, takes time. And time is literally money so the more time one can save translates into literal profits in the mind of a profit seeking entity like well, all of the Fortune 500 quoted by this dev.

Free software needs to account for the existence of both proprietary software and the basic need for devs to exist within a capitalist mode of production instead of building up massive projects and basically the entire cloud infrastructure and much of the modern web development on the backs of a few hobbyists that are understandably just not equipped to maintain the backbone of such massive endeavors while getting compensated still as how they started: As hobbyists seeing little to nothing in the ways of remuneration for work that has grown orders of magnitude beyond their initial thoughts about just doing a bit of coding for fun or learning.
Yeah, I don't doubt that many FOSS projects are started, and the developer doesn't even understand the license they've selected, if they've selected one.

Many of these projects start as hobbies or as resume builders. What sounds better on a resume than "I'm the author of library x that is downloaded 2M times per month"? Of course, this guy permanently destroyed that goodwill by sabotaging his own projects.

I don't agree that in a perfect world we'd all fork repos every time we pull them into our software. That approach requires a huge amount of work to apply patches, and should only be necessary if we need significant changes to the library and those changes can't be accomplished with a pull request (or the author has rejected the PR).
 

Dimitriid

Posts: 2,080   +3,983
I don't agree that in a perfect world we'd all fork repos every time we pull them into our software. That approach requires a huge amount of work to apply patches, and should only be necessary if we need significant changes to the library and those changes can't be accomplished with a pull request (or the author has rejected the PR).
To expand on this you're right that it wouldn't make sense on 100% of cases. However as a common practice it should depend on who's building the framework or project to scope out not based on "This work is already done and free I can incorporate it" but "Who maintains this, how many commits it currently has and how would our project impact it"

As in if you grab code to just put it on a small project for personal use or for a small business client it's probably ok to reference directly. But if you're setting up to build something like a frontend for a potentially huge e-sales website or if you're building a framework you're hoping thousands end up using as the basis for their work then the common practice and the provisions of the licensing should take into account the potential scope and strain put on someone else's work.
 

tellmewhy

Posts: 179   +86
Most of the time developers do not provide a payment method and it would be difficult to handle the taxation of this type of voluntary payment.
On the other hand, the money transfers for large financial entities are very formal and they can not be spent voluntarily. They will spend more internally to handle the formality (the paper work) and move the money than the payment to the developer.
 

McMurdeR

Posts: 481   +609
No one would be unsympathetic towards a person who puts a lot of work into something without getting paid, but if you accept the premise of OS from the outset, than that's just how it is. If you don't like it than stop doing it - end your OS development and go start your own business - but purposely sabotaging the OS software is a childish breach of trust against the entire community.

This action does a lot of damage to open source as a concept, because it creates risk in relation to using OS software. It will drive business towards paid platforms, and drive up the cost of software for little people who can't afford it.
 

dangh

Posts: 502   +771
I don't get on why owner and creator of a lib has been denied access to his own work, when he is not responsible nor provides any warranty for the lib to be working. I think he should sue github for that reason and should be able to do whatever he wants to do. He do not provide a support, he is not bound by any contract with people using his creations, and any company using it should have been forking this repo for their own use, if they would like to.
 

bviktor

Posts: 783   +1,197
Both sides are st*pid. The creator for releasing something as open source, then still thinking that compensation should be mandatory. The suspension is also completely unjustified though, it's his own code, he can do whatever he wants with it.
 

stewi0001

Posts: 2,734   +2,464
Anytime I work with open source stuff that isn't being maintained by a community, I try to encourage my boss to toss some money their way.
 

Theinsanegamer

Posts: 3,317   +5,507
No one would be unsympathetic towards a person who puts a lot of work into something without getting paid, but if you accept the premise of OS from the outset, than that's just how it is. If you don't like it than stop doing it - end your OS development and go start your own business - but purposely sabotaging the OS software is a childish breach of trust against the entire community.

This action does a lot of damage to open source as a concept, because it creates risk in relation to using OS software. It will drive business towards paid platforms, and drive up the cost of software for little people who can't afford it.
There are licensing methods that allow something to be OS yet require payment for commercial use.

This strikes me as a creator who made these libs, they became widely popular, and he's been kicking himself for years for giving it away, is salty about it, and has found a way to demand cash. As someone else mentioned, he has no easy method of donations being given to him for his work, nothing listed in his software or on github. He wants a 6-figure salary for his work. He's gotten greedy.

Github are arseholes, they have no right to suspend him from his work, like it or not he is the project's creator, and the owner of said code. They can fork it, but they cant block him from accessing it. I smell a lawsuit.
 

Raytrace3D

Posts: 333   +403
Was it setup to be free? Were the terms of use non-restrictive to the point that large corporations could use it freely? If so, that's the creators fault.

And as for the creator sabotaging their own code, that should also be up to the creator. Unless it is somehow against TOS, free users have no expectation of working code without a contract (by purchasing it).

All sides look like they are in the wrong...
Yup, the developer sets the terms so if the terms were free than who's to blame but himself. If the terms where in violation, rather than seek redemption through breaking code, try the legal route and he'll get the paycheck he was after.
 

trparky

Posts: 1,064   +1,186
try the legal route and he'll get the paycheck he was after.
But how many years will that take? How expensive will that be? And even if the person won the case, will the payout even be worth it?

Suffice it to say, I agree with the reason why the person did what they did just not what they did. We've seen time and time again that companies just take from the open source community and give nothing back. Companies treat open source developers as free third-party contractors and that's wrong.
 

GoldenGoat

Posts: 33   +28
He is making the open source community look bad. He is totally in his right to stop supporting his project if he is not happy with the way things are going, but sabotaging it only teaches that open source is not trustworthy, not that they need compensation. This following Log4j really makes open source look bad. I don't think GitHub should punish the guy, but they are probably just trying to protect themselves from getting sued. It would be a bogus lawsuit to blame GitHub, but things like that happen and sometimes the court makes the wrong decision. It's not like there are technology courts that have a clue.
 

brucek

Posts: 1,103   +1,618
I don't get on why owner and creator of a lib has been denied access to his own work, when he is not responsible nor provides any warranty for the lib to be working. I think he should sue github for that reason and should be able to do whatever he wants to do. He do not provide a support, he is not bound by any contract with people using his creations, and any company using it should have been forking this repo for their own use, if they would like to.
The important distinction you are missing is intent to harm. His software having a bug, or missing a feature, or not getting attention is all at his discretion. His software intentionally and maliciously doing something different from what is described, in an attempt to trick people into downloading it and causing harm to downstream systems, should fall into some category of fraud and/or cybercrime (criminal law) and one or more torts (civil law.)
 

Theinsanegamer

Posts: 3,317   +5,507
But how many years will that take? How expensive will that be? And even if the person won the case, will the payout even be worth it?

Suffice it to say, I agree with the reason why the person did what they did just not what they did. We've seen time and time again that companies just take from the open source community and give nothing back. Companies treat open source developers as free third-party contractors and that's wrong.
Two wrongs do not make a right. If you dont want to give your work away for free, dont put it out onto the internet as free to use. In fact, you can license it so individuals can use it but corproations hav eto pay for it! What a novel concept!

I fail to see how a sh1thead developer getting mad his free software (given away for FREE) didnt earn him millions of dollars and then sabotaging it because MUH EBIL CORPORATIONS is any better. I'm sure the small and medium sized businesses, whose owners have built them from the ground up, really appreciate it.
He is making the open source community look bad. He is totally in his right to stop supporting his project if he is not happy with the way things are going, but sabotaging it only teaches that open source is not trustworthy, not that they need compensation. This following Log4j really makes open source look bad. I don't think GitHub should punish the guy, but they are probably just trying to protect themselves from getting sued. It would be a bogus lawsuit to blame GitHub, but things like that happen and sometimes the court makes the wrong decision. It's not like there are technology courts that have a clue.
HE is making the OSS community look bad? The same OSS community that constantly forks software because they cant come to an agreement on how something should work? He's far fromt he only dev that pulled work done on a free project because they didnt get paid for it (shocker).

the OSS community is chock full of these types of puritans that want ot have their cake and eat it too, chosing licenses based on arbitrary wordings and beliefs instead of what would be best for the project (and its creator) going ahead. I love the work they do, but the kind of guys this market attracts are.....special. Look into the drama between palemoon and the mypal browser if you want a real hoot.
 

hwertz

Posts: 128   +68
"Was it setup to be free? Were the terms of use non-restrictive to the point that large corporations could use it freely? If so, that's the creators fault."

But, under the license, he was also within his right to update his own code in any way he wishes, and those using it are welcome to fork. I'm not sure that I support what he did, but I can see producing open source software that people CAN use freely, but still hope that some highly profitable company that is using it would support it financially in some way.

Historically, you'd have patrons who would fund artworks and public works; not just some bare minimum to keep the artist alive, but a decent chunk of change to show appreciation for what the artist is doing. I could see wanting something similar if you've developed software that is being downloaded millions of times a week.
 

trparky

Posts: 1,064   +1,186
The same OSS community that constantly forks software because they cant come to an agreement on how something should work?
Oh yeah. The ever classic "I don't like the way this is going so I'm going to fork it!". Meanwhile, that kind of behavior just adds to the ever-expanding graveyard of dead projects that litter the realms of Sourceforge and GitHub all because someone had a tantrum.
 

wizardB

Posts: 236   +112
Totally within his rights: never sharing it in the first place; or abandoning at any time; or charging money for fixes or feature requests.

Not within his rights: fraudulently describing the function of the software, deliberately enticing others to install it under the false belief it will do A when instead it will do harmful action B. The fact that there's no charge is no more a shield than if a house handing out free Halloween candy laced some of it with poison. (Obviously, the severity is far different, but the reason it's wrong is the same.)

Economic commentary: he's looking in the wrong direction for compensation. His and everyone else's entire tech life is built on a vast mountain of the contribution that came before him. There is mutual benefit, lots of it. Further, using his talents to push all corporations into wastefully re-implementing their own proprietary versions of common functionality, is in no one's interest.
His soft he can do what he like with it and Github is in the wrong they can close and delete but they sure as hell have no right to continue to share his work if he doesn't want it shared.
 

Darth Shiv

Posts: 2,271   +827
This is actually a really great strategy to shake corporates from your library because breaking corporate product will force them into structuring their dev into curated forks or alternatives that are more corporate practice sensitive.