Hacker News new | ask | show | jobs
by chaostheory 1617 days ago
I've already posted this before, but what Marak has done is anything but reasonable. If anyone was being a "dick", it was him.

If he just wanted corporations to pay, there are plenty of other alternatives like changing the license for future versions like SugarCRM did. It's been years since they've done that and they have plenty of customers.

https://sugarclub.sugarcrm.com/engage/b/sugar-news/posts/sug...

Since the developer in question has been acquired in the past (https://en.wikipedia.org/wiki/Nodejitsu), he could also make it into a SAAS play. He has the connections, skill and experience.

Otherwise, he can just walk away like everyone else. Maliciously changing code to break people's stuff is uncalled for. If he wanted to charge people from the start, then maybe he shouldn't have used the free for all MIT license for his code? If you want more restrictions on usage, choose a more restrictive license. Here's one of many restrictive licenses that changes depending on who's using the software

https://writing.kemitchell.com/2021/06/15/Big-Time-1.0.0.htm...

Fakerjs is also not completely original work. It's a port of a Ruby library which is also named Faker. That Ruby library is also likely a port of a Perl library that is also named Faker. I haven't read anything about Marak even mentioning to support those projects financially.

On a related note, Marak is not well mentally which helps rationalize what he did

https://www.qgazette.com/articles/more-charges-possible-for-...

"A team of NYPD investigators and FBI agents found potassium nitrate, which is used in fertilizer, metal containers, fuses and other bomb-making materials in the crate, along with printed bomb-making and survivalist materials and a book on how to make a bomb scattered throughout the home, the source said."

'The chemicals separately are what they are, but taken together they can assemble an explosive device,' NYPD Dep. Commissioner of Intelligence and Counterterrorism, John Miller, said. 'There were books about military explosives, booby traps and other things.'"

I could be wrong, but Marak purposely trying to sabotage other people's projects was a precursor to him attempting to hurt people in real life. This was not reasonable behavior from a sane person. He should not be getting this much support from so many people on HN.
3 comments
VPenkov 1617 days ago
Morally the author is in the wrong according to many. He did publish malicious versions against the short term interest of the community.

However he also distributed the software under the MIT license - that is "as-is" and "without warranty of any kind". So I'm having some trouble understanding why would you point out his personal life, psychological state, or his past projects as justification for anything related to Faker?

I haven't checked earlier versions of Faker but 5.5.3 does credit both the Ruby and the Perl libraries.

link
IiydAbITMvJkqKf 1617 days ago
No court in the world will accept the MIT liability waiver as a defense, when the vendor intentionally distributed malicious code.
link
chaostheory 1616 days ago
In the spirit of the law, that license is meant to protect authors from honest mistakes. I highly doubt that purposely made malicious changes will fully protect authors.
link
przemelek 1616 days ago
To be honest I'm commenting only part with "f.. it I'm not longer working on it", I have ambivalent feelings to "lets change code in such way that builds will go into infinite loop or fail", ambivalent because as it is not nice, but somebody who was a victim of such situation should learn not to add dependencies to newest version, because here was only some small "joke", but it might be something much worse like poisoning whole code with some malicious thing.

Problem is in this that default behavior is "we are not paying for tools", people are looking for free tools to avoid fighting with procurement and everyone seems happy. Only really big companies are giving something back, most is simply leeching from OpenSource community. You are mentioning several ways how this guy was able to collect money, yep, but again changing license would mean that somebody else will fork previous version and thats all.

I'm not saying that this action was super, but for me it is result of problem deep in whole idea of "free libraries" and "free tools", often this all base on some poor guy or gal spending weekends on some project, which at the start was cool and funny, but later becomes burden.

link
chaostheory 1616 days ago
> Problem is in this that default behavior is "we are not paying for tools"

The problem is if the person wants to get paid, then they need to use licensing that is more restrictive and sets the expectations for eventual payment. The MIT license is a "do whatever you want with my code as long as you don't sue for inadvertent mistakes" license. No one else is at fault for that license except for Marak. The expectation of doing what you want based on the license is inline with behavior. If he wanted to change behavior, he just has to change the license or don't go open source. You can't have your cake and eat it too ie. you can't have open source's viralness and expect everyone to pay. If you want a near guarantee that people will pay for your work when they use it, don't go open source. Open source is not about getting paid.

> You are mentioning several ways how this guy was able to collect money, yep, but again changing license would mean that somebody else will fork previous version and thats all.

Since we're on this subject, I'm going to remind you that Marak didn't come up with faker on his own. He ported it and maybe even the data from a ruby project that was also called faker. To my knowledge, he hasn't shared any of the monetary contributions to his project with the people maintaining the ruby version of faker.

If his software is so simple that someone can just fork it and gain an audience, then maybe it's too simple to replicate and too much of a commodity; but as I've already pointed out SugarCRM successfully transitioned to closed source and I believe redis has successfully transition to a more restrictive license. Neither of them messed with other people's projects. There's no excuse for the bullshit that Marak pulled. Zero. Changing the license is more simple than adding an infinite loop to waste CPU cycles.

> which at the start was cool and funny, but later becomes burden.

I've already written this, but most people just walk away instead of doing something malicious.

link
npn 1617 days ago
> he must do this, he must do that.

how about you do it for him? like forking and maintaining your own copy of faker.js and all the nodejs packages you are actively using in the first place?

ad hominem does not help your argument.

link
IiydAbITMvJkqKf 1617 days ago
The word "must" never appears in the comment you quoted.

Please read the comment before accusing its author of ad hominem attacks.

link
chaostheory 1616 days ago
You either didn’t read my comment, or you meant to respond to a different one. He didn’t have to do anything. He could have just walked away.

I only wrote the other stuff to show that there are other better alternatives to getting paid as a response to people who supported the terrible thing that Marak did to open source.

link