UK Markets close in 58 mins
  • FTSE 100

    7,593.22
    +29.67 (+0.39%)
     
  • FTSE 250

    22,737.11
    +84.40 (+0.37%)
     
  • AIM

    1,154.84
    +0.64 (+0.06%)
     
  • GBP/EUR

    1.2018
    +0.0016 (+0.13%)
     
  • GBP/USD

    1.3636
    +0.0038 (+0.2795%)
     
  • BTC-GBP

    30,998.04
    +252.14 (+0.82%)
     
  • CMC Crypto 200

    1,003.59
    +8.85 (+0.89%)
     
  • S&P 500

    4,577.14
    +0.03 (+0.00%)
     
  • DOW

    35,285.20
    -83.27 (-0.24%)
     
  • CRUDE OIL

    86.43
    +1.00 (+1.17%)
     
  • GOLD FUTURES

    1,836.40
    +24.00 (+1.32%)
     
  • NIKKEI 225

    27,467.23
    -790.02 (-2.80%)
     
  • HANG SENG

    24,127.85
    +15.07 (+0.06%)
     
  • DAX

    15,858.26
    +85.70 (+0.54%)
     
  • CAC 40

    7,193.95
    +60.12 (+0.84%)
     

Developer sabotages own code to break thousands of apps in protest against world’s biggest companies

·3-min read

An open-source programmer responsible for some of the most popular libraries on the internet has sabotaged their own work, seemingly in protest against “Fortune 500” companies.

Marak Squires, a coder from New York, seemingly purposefully corrupted two open-source libraries called “faker.js” and “colors.js”. The former receives 2.8 million weekly downloads from GitHub and supports 2,500 projects, while the latter is downloaded 20 million times per week and supports 19,000 projects.

These libraries support a number of open-source projects including Amazon’s Cloud Development Kit.

The result of downloading these corrupted libraries causes applications to output three lines of text that read “LIBERTY LIBERTY LIBERTY” ahead of an infinite loop of bizarre letters and symbols.

It is unclear exactly why Mr Squires sabotaged the library – the programmer did not respond to a request for comment from The Independent before time of publication – but Bleeping Computer suggests that it could be retaliation against large technology companies.

“Respectfully, I am no longer going to support Fortune 500s (and other smaller sized companies) with my free work. There isn’t much else to say”, Mr Squires wrote on GitHub under the title “Pay Me or Fork This” in November 2020.

“Take this as an opportunity to send me a six figure yearly contract or fork the project and have someone else work on it.”

Two days after pushing the corrupt update for faker.js, Mr Squires’ GitHub account was suspended. As well as these two libraries, Mr Squires stored hundreds of projects on the site. It appears that Mr Squires has now had his account reinstated.

“GitHub is committed to ensuring the health and security of the npm registry. We removed the malicious packages and suspended the user account in accordance with npm’s acceptable use policy regarding malware, as outlined in our Open Source Terms”, a spokesperson told The Independent.

Many websites and apps rely on open-source developers to create tools for free, which can lead to issues such as the Log4j software vulnerability that threatened the entire internet.

The open-source vulnerability was used in millions of applications across the web, including Amazon Web Services, Apple’s iCloud, and the video game distribution service Steam.

Strangely, however, Mr Squires also changed the faker.js Readme file – which is usually an instructive guide for first-time users as to how to properly implement code – to “What really happened with Aaron Swartz?”

Mr Swartz was an American computer programmer and hactivist who helped co-found Reddit, as well as the Creative Commons copyright system and RSS.

In 2011, Mr Swartz was arrested by Massachusetts Institute of Technology (MIT) police for breaking and entering charges after downloading academic journals from the JSTOR database. He was later charged with counts of wire fraud and the Computer Fraud and Abuse Act and, in 2013, committed suicide.

On Twitter, Mr Squires posted a screenshot of a Reddit thread that alleged Mr Schwartz death was somehow linked to Ghislaine Maxwell’s presence as a supposed Reddit moderator of numerous subreddits.

It has been suggested that the user ‘MaxwellHill’ was Ms Maxwell due to the account usage matching up with events from her public life.

Ms Maxwell was found guilty of five federal sex trafficking charges for her role in procuring and grooming underage girls for billionaire Jeffrey Epstein.

Reddit declined to comment on the record when asked by The Independent.

Our goal is to create a safe and engaging place for users to connect over interests and passions. In order to improve our community experience, we are temporarily suspending article commenting