It's been almost a year since I decided to remove faker.js from Github. Inadvertently, around the same time, an unrelated patch to our colors.js library accidentally triggered a wide-scale Zalgo bug that affected millions of computer systems. These events made international tech news and unfortunately did affect production services owned by Microsoft, Facebook, and Amazon.
For those who are unfamiliar, I'll make a few things clear from the start. faker.js and colors.js are copyrighted open-source software projects which are my property. These projects are licensed under the MIT license. I created these projects and own them perpetually unless I were willing to transfer the license to another party. Github and NPM are companies that are both owned by Microsoft.
faker.js is a project for generating fake/synthetic data. I've covered faker.js in the past with my story about how open-source funding is problematic. colors.js is a separate project for generating colored text and images on the command line console. In the past decade, both projects have been collectively downloaded and installed billions of times from Github and NPM. In 2020 faker.js was stored in the Arctic Code Vault at the Arctic World Archive (AWA), buried 250 meters deep in the permafrost of a frozen Arctic mountain. My work will be preserved for thousands of years.
Microsoft itself depends on faker.js for several projects both internally and in its open-source offerings. Microsoft, to a small degree, depends on faker.js. We've reached out to Microsoft and its Developer Relations teams multiple times in the past to ask for resources to ensure the project's longevity. Microsoft passed each time.
I didn't want the faker.js project hosted with Github / NPM / Microsoft anymore. Fortune 500s profit from our work with no remuneration or acknowledgment. It takes a lot of time, attention, and nerve to be the solo maintainer of a project of that size for over a decade. It made way more sense for me to migrate our projects to a decentralized Web3 Git solution like the Radicle network.
We have thousands of open-source projects scattered among the internet on many websites and hosting solutions. We frequently contribute to many places. A new feature was added to the colors.js project for generating cool ASCII Art American Flags. Unfortunately, this feature was not bug-free and some test code slipped into the release causing issues downstream.
Nobody is perfect. Everyone makes mistakes from time to time. I flawlessly made stable releases to colors.js for thirteen years without incident. We are all human after all, and human errors do happen. This is why having a continuous integration / continuous deployment system in place for dependency management is critical to ensuring your business operates smoothly. To blindly install bleeding edge unpaid third-party dependencies for services that are missions critical to your business is paramount to negligence. Even Amazon and Facebook were affected in real-time by the colors.js Zalgo issue.
What ensued after this bug was released can only be described as chaos. An Engineer from Amazon's team whose product was directly affected reached out to me. As per our internal open-source development process, I opened an Issue in colors to track the bug as soon as it was confirmed. It happened to be a weekend and frankly, after a few hours of effort, I wasn't particularly motivated to spend my time working through Saturday night to help Amazon's Engineering team. I tagged some other open-source developers I've worked with in the past to see if they had time to assist and closed the browser tab. I had already disabled Github notifications years ago. I figured we'd have a working solution by Monday morning.
Over the next twenty-four hours, my Github account was inundated with comments from all the colorful corners of the internet. Dozens of reporters reached out for comments ( I made none ). In a vacuum of information, the rumors became facts. Simply mentioning the name Aaron Swartz in the README of the last NPM release of faker.js was enough to trigger conspiracy theory enthusiasts to join the fray. My account was banned on NPM and Github without notice. Open Collective seized the funding branch of faker.js with no notice or communication. None of this helped the fact we were actively trying to push out an update for colors.js to fix the Zalgo issue but could not due to our continued publishing ban.
Despite being flooded with glowing hot radioactive comments on my Github which I could not remove, truly my biggest concern twenty-four hours later was getting Github to respond to my support emails to re-enable NPM access allowing a quick patch to the Zalgo issue with colors.js ( the primary source of chaos ). Github and NPM support never responded to any of my support emails asking them to restore NPM access so we could resolve the issue. Even today, I cannot publish updates for the hundreds of packages we have on NPM. I suppose I should have given up my Sunday to work for Microsoft and I wouldn't have been banned.
I've been with Github since 2009, way before Microsoft acquired them. I've driven significant traffic to their website. NPM? I was the first person to publicly endorse NPM in 2010 on the Node.js mailing list when TJ was still pitching Kiwi. I even supported Isaac and NPM financially before NPM got funded.
I've been with Open Collective since 2017. Open Collective effectively stole the faker.js funding wing and awarded it to whomever they pleased with no process or so much as an email to me. This entirely back-channeled action represents Open Collective seizing thousands of dollars of faker.js monthly recurring funding agreements and years of fundraising efforts. Shortly after my funding account was seized and appropriated the Open Collective company went on a company-wide retreat in three simultaneous international locations (New Zealand, United States, United Kingdom). These company retreat events cost the Open Collective non-profit hundreds of thousands of dollars to run while I struggled to keep the lights on. The irony is not lost on me.
These software projects we've been discussing are boring pedantic nonsense for the lowest-level common denominator developers. It was a gigantic waste of my time to ever assist in helping disseminate projects like this in the first place. I feel like a supercomputer who was put into sleep mode for a decade and given a low-complexity task to keep its CPU from powering down completely.
Microsoft deserves a lawsuit for what it did via Github and NPM. Open Collective deserves a lawsuit for seizing the funding of faker.js with no notice and awarding it to someone else. The people who forked my project speak disparaging words about my work in interviews and describe my actions using derogatory language on their website. Small swarms of angry entitled developers post their opinions from privileged positions onto social media demanding I never be allowed to work again for the sin of not giving away my labors to them for free.
The whole ordeal leaves a bad taste in my mouth. I've experienced a long history of having my labor and intellectual property exploited. These projects and this story today are just the tips of a deep iceberg. It's why you won't find me making comments to journalists or using my position to expose any particular political point. Today I choose to pay homage to some of our lost open-source friends like Luke Arduini, Terry A. Davis, and Aaron Swartz. I sit here thinking about the best programmers I've ever worked with. I think about why my old roommate James Halliday (substack) now lives off-grid on a volcano. I think about why old coworker Dominic Tarr lives off-grid in a sailboat. I think about why my old friend TJ Holowaychuk completely stopped contributing code. I try not to think about John Galt.
Moving forward, I've decided to volunteer my time to help people solve problems. We've opened up free consulting hours where anyone can book Marak in fifteen-minute intervals and I will assist you with any problem. I'll also be writing here more, focusing on making art, and music, and going back to my roots to research interesting topics like computational time travel.
If you made it this far and want to see something amazing, I spent a few months last winter building a prototype for a browser-based cloud operating system called BuddyPond. It's like Windows 95 + AOL Instant Messenger meets the matrix.
Be excellent to each other.