I unfortunately decided to share my "gem squat" hack which I have been using non-maliciously for some time now.
Over a night of fun times, we decided that it would be fun to exercise the rubygems.org API.
Unfortunately, it does seem that our attempt at a fun joke turned into a nightmare for the whole setup.
I'd like to apologise for the abuse and I'll make sure to mention to those involved to not continue with this.
I was given a heads-up from Tim to delete them all a few hours
ago, we're in the process of cleaning it up...and I already deleted
andywithoutatop. I was preparing to wipe out the whole account. The
gems and gemspecs are already gone from S3...if you dont have a
copy of the gem available we can get the gem from a mirror.
Just curious, how did you guys actually push gems with the same
name up to the service? We have multiple gems with 88k+
dependencies and the same name. If you still have the gemspecs
available on your machine I'd like to inspect them. Thanks for
working with us here.
Funnily enough that did become a pain while trying to upload the
gems. I did run in to multiple issues where it'd complain about the
name being taken. I think the gemspec is on another machine
somewhere. I'll try and dig it up if you need it.
PS. I think it was the universalsoldier platform we used to
create the gem that ensured it was shawesome enough to duplicate
"[after he shot four police officers in the super market with
ease] See! They're every where!"
PPS. Also, it seems it'd be nice to validate required ruby and
rubygems versions. Although the former could be somewhat limiting
the latter is actually controlled by a set of people so it wouldn't
be an issue. it'd also be nice to either deny a gem with a future
date or actually have it in the system and only release it when
that date comes around.
This was mainly brought about by Jeremey's RubyConf talk and
lots of alcohol.