The Day the Internet Broke: A Story of One Programmer’s Revenge

The Day the Internet Broke

Introduction: The Day the Internet Broke

In our world, we often associate people breaking the internet with famous individuals such as Kim Kardashian or Ronaldo, who can cause a stir and make waves with their actions. However, in March 2016, the internet was broken by someone who may not be as famous, but their actions had just as much of an impact. That person was Azer Koçulu, a Turkish open-source programmer who broke the internet by taking down his packages from the npm registry.

The problem with NPM

To understand the impact of Koçulu’s actions, we need to understand npm. npm is a package manager that acts as a registry for packages of code. When developers are coding, they often use packages of code that other developers wrote to save time and effort. Just like our npm package for our ForgetPasses Service.The entire internet is built this way, with developers building their code on top of packages of code that other people wrote. npm is like a database of all the blocks available to use. However, Koçulu’s actions demonstrated how this approach can be problematic.

Koçulu had made a package called “kick” which did a specific thing that isn’t important for this story. There was also a billion-dollar Canadian messaging app company called Kik that wanted to release its own open-source package of code. However, Kik wanted to use the name “kick,” which was already taken by Koçulu’s package. Kik emailed Kuchulu, asking if he could change the name of his project, but Koçulu refused. Kik then threatened legal action, and npm stepped in, siding with Kik and giving them ownership of the “kick” package name.

Koçulu wasn’t happy about this decision, so he got angry and decided to unpublish all 273 of the packages he’d ever made from npm out of spite. This included one called “left-pad,” which was a package he’d made years ago that had a simple function of adding a space or character to the beginning of a string. It was only 11 lines of code and didn’t require any particular skill or brilliance to write, but the moment Koçulu unpublished “left-pad,” websites across the internet started failing, including big ones like Facebook, Netflix, and Spotify.

The Npm package

The source code of left-pad:

module.exports = leftpad;
function leftpad (str, len, ch){
  str = String(str);
  var i = -1;
  if(!ch&&ch!==0) ch = " ";
  len = len - str.length;
  while(++i<len){
    str = ch + str;
  }
  return str;
}

In short, any normal programmer could have written the program himself without much effort. But since many programmers are lazy, they downloaded and used it for their projects, which later caused big trouble for many websites.

The problem in the world-wide-web

It’s not that these big companies or developers were using “left-pad” directly in their code. Rather, they were using big popular npm packages like React or Babel, which used other packages that used other packages, and at some point down the line, used “left-pad” to add a character at the beginning of a string. When Koçulu removed “left-pad,” all the packages built atop it, even the giant ones relied on by multi-billion dollar companies, were crashing.

The chaos was so severe that only 10 minutes later, npm took the unprecedented step of unpublishing “left-pad” to restore functionality to any package that relied on it. In the end, all three parties involved – Koçulu, Kik, and npm – put out long blog posts about what happened. However, Kuchulu’s actions demonstrated the fragility of the internet and how it’s built on top of packages of code that can easily be removed or changed.

Conclusion

In conclusion, Kuchulu’s actions had a massive impact on the internet, and they serve as a reminder of the importance of understanding how the internet is built and the potential consequences of actions that may seem inconsequential. It also highlights the importance of collaboration and communication between developers to prevent similar incidents from occurring in the future. The internet may be resilient, but it’s not invincible, and we should treat it with care and respect.

Credit

Special Credit goes to “Half as Interesting” and his Youtube Video about this topic which inspired this blog post:

Leave a Comment

Your email address will not be published. Required fields are marked *