Monday, March 28, 2016

Old Story - Worth Reading - How Hackable is Your Car?

If you drive a recent model car, you may wonder if your car is as hackable as some of the cars hacked during research to provide a proof of concept. In videos widely distributed, hackers were able to take control of cars remotely. Click the YouTube logo to see a sampling or watch the video below.

YouTube-Logo-2016-03-28-07-49.jpg

While we should not freak out yet, it is clear that there are weaknesses in the design of these automobiles. Conspiracy theories have flooded the net, but I would not worry too much. That being said, it is good to know what’s up.

Enjoy your week!

Friday, March 25, 2016

How JavaScript Got Broke!

Just outside of the last 7 days of March 2016, a crazy thing happened with JavaScript. A package manager tool called npm used by a majority of JavaScript developers for developing, testing and releasing their code stopped working. Oddly enough, the source of this broken tool was a tiny little function in GitHub called “left-pad” used for padding strings on the left side with other characters. This little component was a short 11 line file, so when the developer took it off GitHub, npm began to fail to work across the globe.

What’s GitHub?

GitHub is a popular web-based source control management (SCM) and version distribution tool. Since 2008 the platform has provided a place for developers across the planet to store source code for their applications, with support for all programming languages and additional features like issue tracking (bug reporting/management), application wikis, email notifications, Photoshop (PSD) storage and version comparison, project documentation storage and presentation and commit history. Users can request a “pull” from a project in order to split off open source projects to add their own code updates to the repository.

About npm

npm is the default package manager for Node.js, a popular JavaScript runtime environment.

Because npm is the packagers’ packager, and it is intended to encourage reuse of other software, the developers made use of the left-pad source code. As explained in this article over at the Verge, functions like left-pad are typically provided by the language authors, companies like Microsoft with C# and its full Visual Studio environment, and Apple with Objective-C and Swift, so the reliance on a simple string padding function from an individual is an oddity.

As npm has been widely adopted by developers everywhere because of the convenience it provides. Any user can publish their work via npm and you can add that work to your own apps. Likewise, if you write a clever routine and want to share it, all you do is upload to GitHub and publish it on npm for anyone else to include in their own projects.

What Happened

According to the Verge article, more than 2.5 million installs of left-pad occurred in the previous month! Developer Azer Ko├žulu of left-pad has written and published many sets of code to npm, which allows name allocation on a first-come, first-served basis. One project, named Kik, attracted attention recently when a lawyer for the company Kik (or a patent - troll? - agent according to that company) contacted Azer requesting the Kik package be removed immediately. When Azer failed to comply, Kik’s representatives reached out to npm and npm transferred ownership of the package name “Kik” to the Kik company.

Due to this, Azer decided he was not going to use npm any longer. Azer tells the story of “liberating” his modules in this post on Medium. In his post he states that he had to take a stand, removing all of his packages from npm, and that in the long run there will be an alternative developed by the open source community that doesn’t bend immediately to requests like what happened with his Kik package. He apologies to users of his code and tells them where to repoint their projects so they will run again.

With over 250 packages, Azer’s removal of the code will surely impact many developers (and users); however, it has already made a huge impact because of npm and a package called Babel, currently the most popular way to write in the language ES6 (the version of JavaScript created in 2015) to run on most of the latest browsers. Otherwise, the incomplete nature of browsers’ implementations of JavaScript would make using the newest features of JavaScript a difficult if not nearly impossible task.

Learn more at the Verge article and comment below - what do you think of this situation and how it shook the open source community in just a few hours?