Developer sabotages his own apps, then claims Aaron Swartz was murdered

Front page layout
Site theme
Sign up or login to join the discussions!

The developer who sabotaged two of his own open source code libraries, causing disruptions for thousands of apps that used them, has a colorful past that includes embracing a QAnon theory involving Aaron Swartz, the well-known hacktivist and programmer who died by suicide in 2013.
Marak Squires, the author of two JavaScript libraries with more than 21,000 dependent apps and more than 22 million weekly downloads, updated his projects late last week after they remained unchanged for more than a year. The updates contained code to produce an infinite loop that caused dependent apps to spew gibberish, prefaced by the words “Liberty Liberty Liberty.” The update sent developers scrambling as they attempted to fix their malfunctioning apps.
Squires provided no reason for the move, but in a readme file accompanying last week’s malicious update, he included the words “What really happened with Aaron Swartz?”

At the same time that he included the cryptic Swartz reference in the readme file, Squires also tweeted those same words and included a link to this thread claiming that Swartz was murdered after he discovered child-abuse porn on MIT servers. This now-deleted post, included in the thread, stated:
No, it is not Aaron Swartz who should be on trial but that lofty institution of hired learning, MIT, which is responsible for the heinous crimes that led to his death. The risks taken on by Swartz, which have threatened MIT, can be understood only through the issue of child porn as orchestrated and produced by its acclaimed professors and distributed to their wealthy and powerful sponsors. The MIT cyber-pimps cater to a clientele that includes the highest echelon of the State Department, major corporations, intelligence agencies, the military brass, and the White House.
Every element in the Swartz case indicates that he died in a heroic attempt to expose the perversion that has corrupted the hearts and minds of the global elite, a heinous and often murderous vice that traumatizes innocent children and threatens every family on this planet.
There’s also evidence that Squires may have been charged two years ago with reckless endangerment after allegedly starting a fire in his Queens, New York, apartment. According to news articles, a then-37-year-old man named Marak Squires was arrested after being taken to the hospital after authorities allegedly observed him acting erratically as they responded to the fire.
The articles said Squires was a software developer and early bitcoin investor. A month after the fire, Squires reported on Twitter having “lost all my stuff in an apartment fire” and asked for financial support.
I lost all my stuff in an apartment fire and am barely staying unhomeless. Lost access to most of my accounts. All precious metal is missing. If anyone could bless with a little cash it would help me from freezing on the street. lol.
Squires didn’t respond to a message asking for comment on this post.
Last week’s sabotage raises concerns about the safety of the software supply chain that is crucial to large numbers of organizations—including Fortune 500 companies. The two sabotaged libraries—Faker.js and Colors.js—created problems for people using Amazon’s Cloud Development Kit. Big companies, critics have long said, benefit from open source ecosystems without adequately compensating developers for their time. In turn, developers responsible for the software are unfairly strained.
Indeed, Squires in 2020 said he would no longer support large companies with work he does for free. “Take this as an opportunity to send me a six-figure yearly contract or fork the project and have someone else work on it,” he wrote.
The ability of a single developer to throw a wrench into such a large base of apps underscores a fundamental weakness of the current free and open source software structure. Add to that the havoc wreaked by overlooked security vulnerabilities in widely used open source apps—think of last month’s Log4j fiasco or the devastating Heartbleed zero-days targeting OpenSSL systems in 2014—and you have a recipe for potential disaster.
You must to comment.
Join the Ars Orbital Transmission mailing list to get weekly updates delivered to your inbox.
CNMN Collection
WIRED Media Group
© 2022 Condé Nast. All rights reserved. Use of and/or registration on any portion of this site constitutes acceptance of our User Agreement (updated 1/1/20) and Privacy Policy and Cookie Statement (updated 1/1/20) and Ars Technica Addendum (effective 8/21/2018). Ars may earn compensation on sales from links on this site. Read our affiliate link policy.
Your California Privacy Rights | Do Not Sell My Personal Information
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of Condé Nast.
Ad Choices


Leave a Reply

Your email address will not be published. Required fields are marked *

© 2022 AI Caosuo - Proudly powered by theme Octo