How an angry programmer almost broke the internet by deleting 11 lines of code

It's a strange case that involves copyright lawyers, a petulant developer, and a look into how tech titans make money

Matt Weinberger
Thursday 24 March 2016 18:45 GMT
Comments
One programmer came very close to breaking the internet
One programmer came very close to breaking the internet (Rex)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

This week, one angry programmer broke a whole mess of the software the internet runs on with the simple deletion of one simple program consisting of 11 lines of code.

Everything is OK now. But it's a strange case that involves copyright lawyers, a petulant developer, and a behind-the-scenes look into how tech titans like Facebook, Spotify, and Netflix make the sausage.

It all starts with a developer named Azer Koçulu, who wrote an otherwise unremarkable piece of code called Kik, an extension for the popular programming language Node.js. Koçulu put his Kik module up on NPM, essentially an App Store for Node.js programmers, as a free download for developers to work into their apps at their leisure.

The other Kik

Kik, the popular social network of the same name, took notice and sent Koçulu an email requesting that he change the name of his module. By Koçulu's own admission in a blog post, Kik's initial request was reasonable. Still, Koçulu wouldn't budge.

"When I started coding Kik, didn't know there is a company with same name. And I didn't want to let a company force me to change the name of it," Koçulu writes.

Given that Kik did have copyright on its side, Koçulu says that NPM CEO Isaac Schlueter took away his ownership of the module in question without asking.

Upset, Koçulu announced in that blog entry that he was removing his Kik from NPM entirely — as well as all of his other code.

It's likely that nobody would have noticed — except that Koçulu is also the person who created a very silly, very basic, but very popular NPM module called "npm left-pad." It's 11 lines long and doesn't actually do anything complicated, but it's been downloaded over 575,000 times.

And when it vanished, developers on Reddit, Twitter, and elsewhere definitely took notice.

Kik creator Ted Livingston
Kik creator Ted Livingston (Business Insider)

A house of cards

This is where things get sticky.

A module like npm left-pad is basically a shortcut so a developer doesn't have to write a whole bunch of basic code from scratch. If a developer calls on an NPM module, it's basically shorthand for "put this code in later," and a software compiler will just download the code when the time is right.

Most of the time, this works just fine. But sometimes, software ends up relying on what's essentially a house of cards: One Node.js module calls on another, calls on another, calls on another. Again, usually it works fine — right up until npm left-pad is taken offline.

Boom — down went the house of cards. Popular software projects like Babel, which helps Facebook, Netflix, and Spotify run code faster, and React, which helps developers build better interfaces, were suddenly broken and no more work could be done with them. Overall, over a thousand software projects were affected, according to the npm blog.

Fixing the problem would require that programmers sift through all of those dependencies, making sure that absolutely nothing relied on that one silly 11-line bit of code.

And so, after a mass outcry from developers all over the world, NPM was forced to "un-un-publish" the code in question, handing it over to a new owner.

In a series of Twitter posts, NPM CTO Laurie Voss says that the company wasn't totally comfortable handing over what's still Koçulu's intellectual property, but much of the software industry had ground to a halt over the issue.

All told, the storm is over, and npm left-pad is back online. But the wounds are still deeply felt: "Have We Forgotten How To Program," asks one blog entry urging developers to rethink how they build their apps.

Read more:

• Tampons are used as a weapon against the EU
• The bonfire of the hedge funds
• Apple is unveiling a new iPhone next week

Read the original article on Business Insider UK. © 2015. Follow Business Insider UK on Twitter.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in