Library deliberately corrupted by its developer relaunches as community project

A popular library that was deliberately corrupted by its own developer has been relaunched as a community-driven project.

Last week, Developer reported that users of open-source projects depending on the ‘colors’ and ‘faker’ libraries by Marak Squires were confronted with their applications indefinitely printing gibberish messages on their console—rendering them useless.

Squires corrupted his own libraries, seemingly in retaliation for others using them for...

Google wants to increase government collaboration to secure open-source

Google says that it wants to increase government collaboration to help secure open-source after participating in a White House summit.

On Thursday, Google participated in the White House Open Source Software Security Summit with the aim of building on its “work with the Administration to strengthen America’s collective cybersecurity through critical areas like open-source software.”

The past year has been particularly bad for open-source security problems, with...

Open-source developer corrupted his own popular libraries

An open-source developer intentionally corrupted his own libraries that have been used by thousands of projects.

Users of open-source projects that depend on the ‘colors’ and ‘faker’ libraries by Marak Squires were confronted with their applications indefinitely printing gibberish messages on their console—rendering them useless.

The colors library receives over 20 million weekly downloads on npm alone and has almost 19,000 projects depending on it. The faker...

GitHub Octoverse 2021: Developer diversity is increasing, code is shipping faster than ever

The 2021 edition of GitHub’s annual Octoverse report highlights a welcome increase in the diversity of the developer community alongside many other interesting trends.

According to the report, almost 60 percent of active GitHub users are now distributed outside North America. The world’s largest repo service is seeing the fastest user growth in Indonesia, Brazil, India, Russia, Japan, Germany, Canada, the UK, and China.

Developers are both writing and shipping code...

Appwrite raises $10M to build its open-source Firebase rival as community grows by 40,000

Appwrite has raised $10 million to build its open-source rival to Google’s Firebase amid rapid developer community growth.

The open-source Backend-as-a-Service (BaaS) provider raised the cash via two successive seed funding rounds led first by Ibex Investors and Seed Camp and followed by Bessemer Venture Partners and Flybridge Capital Partners.

Flybridge is a particularly interesting investor as the firm was an early investor in Firebase back in 2013.

Uri...

Linux Foundation: Companies are struggling to find open-source talent

The Linux Foundation and edX have released the 2021 Open Source Jobs report which reveals the struggle companies are having in finding talent.

As the world recovers from the pandemic, the general talent shortages across industries have been well-documented. However, the new report shows just how pronounced the problem is when it comes to hiring open-source expertise.

Technology helped to keep the world moving during the pandemic and even the most resistant-to-change...

Travis CI flaw exposed thousands of open-source projects’ secrets

A flaw in popular software testing tool Travis CI exposed the secrets of thousands of open-source projects.

Travis CI is a hosted continuous integration service used to build and test software projects hosted on GitHub and Bitbucket.

For at least a week – between 3-10 Sept – open-source repos that used Travis CI had their keys, credentials, and tokens exposed.

Ethereum developer Felix Lange discovered a flaw with how Travis CI handled environmental...

Sonatype analysis reveals a 73 percent surge in open-source demand

A report from Sonatype has revealed a 73 percent surge in the demand for open-source despite a year of high profile vulnerabilities.

The growing use of open-source to keep up with the pace of modern development makes it a prime target for cybercriminals. We’ve seen this multiple times in practice over the past year with devastating attacks like that on SolarWinds even making national headlines for its widespread implications.

In fact, Sonatype’s report highlights a...

Google wants to ‘advance cybersecurity’ by fixing open-source and increasing training

Google has committed $10 billion over the next five years to “advance cybersecurity” by fixing some of the key problems with open-source and offering more training.

The announcement follows Google’s participation in President Biden’s White House Cyber Security Meeting this week. Leading tech executives including Alphabet CEO Sundar Pichai put their heads together following an increasing prevalence and seriousness of cyberattacks.

Open-source is vital and speeds...

Stanford Law and GitHub launch initiative to protect open-source developers

Stanford Law and GitHub are partnering on an initiative to protect the legal rights of open-source developers.

Section 1201 of the Digital Millennium Copyright Act from 1998 prohibits the circumvention of technological measures employed by, or on behalf of, copyright owners to protect access to their works.

Open-source developers regularly face takedown claims under Section 1201 but, rather than fight it, they often decide to avoid the cost and risk by just removing the...