That Time A Guy Broke The Internet.
If you are a coder like me, you are all too familiar with error messages. Who among us hasn’t experienced the minor annoyance of a syntax error, or the blinding rage of a broken line of code that destroys your entire project.
On what seemed to be a typical morning in March of 2017, programmers around the world all experienced the same error-born agony. Code around the globe was suddenly broken. And it could all be traced back to the same place.
A tiny, 11-line package called ‘left-pad’.
This is ‘left-pad’
That’s right. The contents of this little box disrupted hundreds of thousands of presumably already stressed out coders.
But to understand why, we first have to understand an important concept within the world of programming: open-source.
Open-source is a concept similar to an honor-amongst-thieves mentality. Early programmers at MIT were the first to cement the core values of open-source. As Richard Stallman wrote in his manifesto on programming “ The fundamental act of friendship among programmers is the sharing of programs.” He would go on to champion ideas of a more communal and widely useful access to code within the programming community, while railing against the commercialization of the industry.
Now that we all know about the wonderful world of open-source, let’s get into the drama of March 2017.
If you are not familiar with the messaging app Kik, you are probably over the age of 16. If you are familiar with the app, you should know that it has gotten a really sketchy reputation and you might not want to tell people you use it…
Regardless, in 2017 a programming team at Kik got together and created a shiny new code package that they wanted to ‘share’ with the world, a package that they so creatively named ‘Kik’. A package that was NOT to be open-source material. Unfortunately for them, the site to which they attempted to post their package, npm, already hosted another package with that name. It had been written by a man named Azer Koçulu, an independent programmer and firm believer in open-source community standards. And so, rather than change the name of their own work, Kik did what any billion dollar company does when the ‘little guy’ stands in their way. They sent a legal team to do some saber-rattling.
On March 11th, 2017, Mr. Koçulu received an email from the a patent and trademark lawyer representing Kik. Initially their correspondence seemed harmless. The lawyer asked “Can we get you to rename your
kik package?”, and Koçulu simply responded no, he would not rename his package as it was part of an open-source project he was developing .
Now strap in folks because this is where the story gets wild.
In a staggering display of corporate professionalism and decorum, Kik responded to Koçulu’s denial, writing “We don’t mean to be a dick about it, but it’s a registered trademark in most countries around the world and if you actually release an open source project called
kik, our trademark lawyers are going to be banging on your door and taking down your accounts and stuff like that — and we’d have no choice but to do all that because you have to enforce trademarks or you lose them.”
That’s a real quote from a real person who went to law school and is employed as a lawyer for a billion dollar company. And as hilarious as that weird attempt to be “just like the little guy” was, it was nothing compared to Koçulu’s response:
“Hahah, you’re actually being a dick, so, fuck you. Don’t email me back.”
He went on to consider Kik’s request, naming his price at $30,000 “for the hassle of giving up with my pet project for bunch of corporate dicks.”
Love the spirit. Love the commitment. Love seeing the little guy refuse to back down and give up something he was building FOR EVERYONE so a large corporation (best known for the staggering number of drug dealers on their site) could charge people to use their service.
Unfortunately, the folks over at npm did not share my enthusiasm.
Quickly realizing that Mr. Koçulu was not responding to their “hey bro man, take a chill pill and roll over on your integrity” approach, Kik told npm the situation they had found themselves in.
To npm, Kik’s stance made a lot of sense. The large corporation called “Kik” should probably own the package by the same name. As they put it in a letter to both parties “In this case, we believe that most users who would come across a
kik package, would reasonably expect it to be related to kik.com. In this context, transferring ownership of these two package names achieves that goal.”
And so, npm renamed Mr. Koçulu’s package, giving his title to Kik.
Now, while the above gif is a bit lighthearted, Mr. Koçulu’s reaction to npm’s decision was not. “I know you for years,” he wrote, “and would never imagine you siding with corporate patent lawyers threatening open source contributors.” He went on to say “I don’t wanna be a part of NPM anymore” and asked that his content be removed from the site — a request that npm did not feel compelled to honor.
This is where open source comes in. You see, Mr. Koçulu turned out to be quite a prolific contributor to npm. He had written and hosted over 270 packages through the site, all of which were open-source. This meant that his packages had been written into tens of thousands of programs, and those programs had been written into tens of thousands of programs (and so on and so forth). So when Mr. Koçulu decided (without any more warning to npm than his original request to take down his material) to pull all of his code from their platform -
HE. BROKE. THE. INTERNET.
On the podcast Reply All, host Alex Goldman delivered the perfect analogy for this action — Think of it like this. The designer of screws suddenly decides he doesn’t want anyone to use his design anymore, and so he takes them all out of existence without warning. Can you picture the insanity that would cause?
Most of the internet’s problems that day seemed to stem from one package Koçulu had written called, you guessed it, ‘left-pad’. The package essentially functions like the tab key on your keyboard. It is so small, you wouldn’t ever think about it until it was gone. And left-pad was everywhere. Most notably, it was written into the foundation of React. And so any program built in React immediately began throwing an Err 404 message. This included companies like Facebook, Quartz, and, hilariously, Kik.
About two hours after the issue was first noticed, Mr. Koçulu published a blog describing his encounter with Kik and npm, and laying out the reasoning behind his actions. In his blog, he wrote “This situation made me realize that NPM is someone’s private land where corporate is more powerful than the people, and I do open source because, Power To The People. Summary; NPM is no longer a place that I’ll share my open source work at, so, I’ve just unpublished all my modules. This is not a knee-jerk action. I love open source and believe that open source community will eventually create a truly free alternative for NPM.”
And while Mr. Koçulu basked in the effectiveness of his protest, Npm was left scrambling. Thousands of their users were experiencing catastrophic breakage and the code to fix it was simply gone. In an unprecedented move by npm, they decided to un-un-publish Mr. Koçulu’s work choosing “the needs of many over the wishes of the creator”. And their “legal” justification for these actions? Open-source.
Ironically, while Mr. Koçulu had left the site due to what he viewed as a disregard for the open-source community, npm was able to use the MIT-License (an open-source license that essentially says “this is free. Have at it”) that he had attached to his code to justify pulling all his material back onto their servers. In their opinion, when Mr. Koçulu had published these packages as open-source material, they no longer belonged to just him. They were meant for the world, and therefore in the spirit of open-source, he had no right to pull them.
In an interview with the Reply All Podcast, the CEO of npm actually expressed his admiration and understanding for Koçulu’s actions. However, business, in this case, was business.
And just like that, the internet was set aright.
These events have certainly pointed out an issue with the way that the modern web has come to be written. Large corporations build their programs on top of programs developed by outside programmers, and this process gets repeated in a seemingly endless cycle. This essentially creates a world in which the internet depends on the good-faith of the programming community. But it should also give us all pause, after all an 11 line program was able to break the most used packages on the largest package hosting source in the world.
Yet despite the acknowledgment of its tenuous nature, the open-source community has continued to thrive. I see it working every day within the Flatiron program, as I have found that it is essential for programmers to help and rely on one another. We fill in gaps in each other’s knowledge, offer fresh eyes on difficult code. Essentially, we at Flatiron are learning the values of open-source along side the skills that will one day allow us to contribute to it.
It is difficult to pull a moral out of this story. Most of the parties involved, whether corporate stooges or warriors for the people, believed they were in the right with the actions they took. But what Mr. Koçulu’s actions seem to have proven is this: More often than not, the internet works. And due to this fact, we can assume that our fragile web, built as an ever growing patchwork of each other’s code and programs, is safe and secure in the hands of the open-source community. Because in the open-source community we help each other.