Github has been controversial in recent hours. An open source developer, Marak Squires or Marak on Twitter, He has denounced that the platform has closed his accounts and projects (hundreds, according to him), after switching two libraries created by himself to a different version. Changed libraries are used by many people and are called ‘colors’ and ‘faker’.
Now Marak has a version of events and the platform a very different one. And other voices have been raised if Github users they are used as employees by the platform and the discussion on software, proprietary and open source has been reopened. Marak Squires himself says that he no longer wants to support platforms like this with his work done for free. Remember that Github is owned by Microsoft.
Ok, a programmer decided to make a protest with a bookstore of his, affecting many people, ok.
But, github directly took away access to all of your repositories in response.
Is your account really yours, or do you just work for free for github?
— Diana Nerd 🦄🏳️⚧️ (@diana_nerd) January 9, 2022
With this controversy, the developer also wanted to put on the table the name of Aaron Schwartz, one of the creators of Reddit, RSS and Creative Commons and promoter of various initiatives so that the Internet was a space to share more open license files. He committed suicide when he was very young after having been subjected to a very strong judicial persecution. Marak changed the readme file for faker.js with a new description: “What really happened to Aaron Swartz?”
Swapping two widely used packages on Github
But then it turned out that the developer of these two libraries, Marak Squires, had introduced a “bad commit” (a file review on GitHub, but despite the name given by various media, it did not infect other files or steal data, just was a message change) in colors.js that added “a new american flag module” and that released faker.js version 6.6.6, which also led to the same issues. Sabotaged versions make applications infinitely emit strange letters and symbols, starting with three lines of text that say “LIBERTY LIBERTY LIBERTY”.
It turned out that the developer of these libraries intentionally wanted to affect the thousands of projects that depend on ‘colors’ and ‘faker’. It should be said that the colors library receives more than 20 million weekly downloads only in npm and has almost 19,000 projects that depend on it. For its part, faker receives more than 2.8 million weekly downloads on npm and has more than 2,500 projects and applications that depend on its code.
Following this, the creator of these libraries, Marak, announced that “Github has suspended my access to all public and private projects. I have hundreds of projects. ”
According to Bleeping Computer, it seems that color.js has been updated to a working version, faker.js still had the problem (which can be fixed by downloading an older version, 5.5.3).
The developer’s protest
Marak Squires, the developer, purposely corrupted the two open source libraries on GitHub in protest. What the developer wanted with this, according to what is known so far, has been to protest against megacorporations and commercial consumers of open source projects who trust and widely use community and free software but who, according to the developer, then “do not give anything back to the community.”
In November 2020, Marak warned via a Github post, and archived at web.archive.org, that already would not support large corporations with its “free work” and that commercial entities should consider compensating the developer with a “six-figure” annual salary.
“I will no longer support Fortune 500 companies (or smaller ones) with my free work. There is not much more to say,” was what the developer had warned more than a year ago.
Controversy over Github’s reaction
The controversy does not end here, the fact that Github blocked the developer from accessing its “hundreds” of projects, has led to another dispute on social networks: does the platform treat its users, who give their work for free to others, as if they were employees?
That is to say, a developer can share their creationsBut it seems that you cannot easily modify or delete them without suffering repercussions for doing so. The Verge has contacted GitHub to ask for an explanation, but there are no statements at this time.
Here it should be remembered that although the open source developer shares their creations without charging, Github is owned by Microsoft. The Redmond company paid in 2018 $ 7.5 billion for the platform that allows developers to host their code in the cloud, using the system that was created by Linus Torvalds (the founder of Linux) in 2005. And this led to a lot of dispute and dissatisfaction about the independence of this service.