Author Arrested

You may have heard of ReiserFS.

It was a Linux filesystem. B+ tree design. Efficient with small files. For a while it was a serious contender against ext3. It got merged into the kernel mainline. It was in a position to become the standard.

In 2006, its author Hans Reiser was arrested for the murder of his wife. Convicted in 2008. Development stopped. A technically superior filesystem lost its shot at becoming the standard because of its author's act of violence. ext4 became the standard. ReiserFS was forgotten.

In the OSS world, the distance between a product and its author is short. Corporate software survives personnel changes because the organization carries it forward. Personal OSS has no such guarantee. The author disappears, the product disappears.

Something similar happened in the npm world. The author of colors.js and faker.js sabotaged his own packages in protest against unpaid OSS labor. He pushed version 6.6.6 with an infinite loop. Thousands of dependent applications broke. Not an arrest, but one person's decision collapsed a supply chain.

We build systems on top of code written by strangers. There is no guarantee that those strangers will still be sane tomorrow.