Friend who is not a software person sent me this tweet, which amused me as it did them. They asked if “runk” was real, which I assume not.
But what are some good examples of real ones like this? xz became famous for the hack of course, so i then read a bit about how important this compression algorithm is/was.
Git, by Linus? Maybe even linux itself? Ok actually Linus might just be Steve Wozniak without an annoying Steve Jobs guy next to him, while actually being a lot bigger than Apple maybe?
It’s really hard to imagine a world without Git. If it hadn’t been invented I think it would have been necessary to create it it’s one of those things that’s hard to imagine and then impossible to work out how you can survive without it.
Yet the vast majority of the world probably don’t even know what it is, and wouldn’t even understand it if it was explained to them.
And it all happened because botbicket decided to become greedy, to which Linus responded with taking a month break from Linux to make his own basic versioning tool, and here we are.
Without bitbuckets decisions, wer all still be stuck with SVn shudder
Not necessarily! Maybe we would live in a world of mercurial, or even some other alternative.
And it wasn’t bitbucket (botbicket?), it was BitKeeper, which gave the Kernel folks a license to use BK, but with some restrictions. Among those was a “no reverse engineering” clause, which is what eventually lead to the revoking of that license—lots of interesting articles on this!—frustrating Linus for a few weeks, and finally the start of Git.
Minor correction, it was Bitkeeper/BitMover - not Bitbucket. They were proprietary software linux used w/ a community license, and they later removed that free tier.
t’s really hard to imagine a world without Git
I’ve lived it.
- CriticalFile.vbs
- CriticalFile.V2.vbs
- CripicalFile.V2.5.vbs
- CriticalFile.DONOTEDIT.txt
- _Old.CriticalFile.aspx
- LinkToCriticalFilesFold.lnk
- GuideToDeploying.CriticalFliles.doc
- CritFil.bat
The first job I had out of college was doing development on the production server with this method of version control. I still have nightmares.
Lots of people still split latex documents into one section per file, because subversion used file locks and we only knew how one person could edit a file at a time.
It’s not like there was nothing at all in that space before git came along, e.g. we had svn before, and mercurial more or less in parallel.
Git is not the only version control software out there, and not the first one either.
Facebook for example is famous for not using git. Because their own modified copy of mercurial fits their needs better.
Microsoft didn’t use git until relatively recently either. They had to make some big contributions to make it work for their system.
Man, I remember ancient gmod addons released using (iirc) turtle svn so they could auto update. Was a wild time.
Th devs at my current organization use turtle svn, but that seems to be more down to organizational politics combined with a misunderstanding that git is platform agnostic rather than anything based on merits
turtle svn
that’s a name I’ve not heard in a long, long time.
That’s a name I’ve never heard before. I have heard of Tortoise SVN though.
Meh, I knew what wizardbeard meant.
their own modified copy of mercurial fits their needs better
The version I heard was that hg people were way nicer to them and very much willing to help compared to git.
I feel like Linus got a taste of his own medicine dealing with Gtk and Gnome people while developing Subsurface and that caused them to switch to Qt.
IIRC it’s both, sort of. They’ve contributed a lot to mercurial and, yes, that’s largely thanks to mercurial folks being more open and receptive to their desired changes compared to git. But they also have internal tools that build on top of mercurial, tools that you’re very unlikely to see used outside facebook projects.
Everybody would use Mercurial, since Fossil completely lost the race, and both Subversion and CVS are unfit for today’s needs.
What is too bad, because Fossil would be much more productive than Git or Mercurial if the software just finished running at all; and Mercurial is way easier to learn than Git.
Really easy to imagine that world to most people. Like me. Who inspite of using computers since my 386sx family pc, never got into software engineering.
I understand a little about it, but its just a name of a thing i dont know how to use lol
I just find it funny how its a kind of ignorance(for entirely understandable reasons)is bliss situation to me, but a horror to those who use it
Git has tons of contributors though.
Yeah, and Linus mostly handed off the project to Junio Hamano quite early on (same year, 2005). Seriously, huge kudos to Junio for all his work. Still, it’s fun to say this quirky guy who likes penguins started not one, but two free software projects that took the world by storm. Humbling, even.
The do-nothings vs the did-somethings.
A few libraries come to mind immediately: fftw (I think the most widely used fft library) or GMP (I think the most used multi precision library).
Seconded. https://www.fftw.org/
Based on my cheatsheet, GNU Coreutils, sed, awk, ImageMagick, exiftool, jdupes, rsync, jq, par2, parallel, tar and xz utils are examples of commands that I frequently use but whose developers I don’t believe receive any significant cashflow despite the huge benefit they provide to software developers. The last one was basically taken over in by a nation-state hacking team until the subtle backdoor for OpenSSH was found in 2024-03 by some Microsoft guy not doing his assigned job.
I heard about that last one on a podcast and it was the first thing I thought of when I saw this post. Genuinely interesting story (if you’re into that sort of thing). The pod was saying how it’s both a flaw of open source that it could happen that way and an advantage because it was discoverable due to the fact that the code is open source.
Do you have a link to the podcast?
Sounds like the open source security podcast. Specifically this episode: https://opensourcesecurity.io/2024/04/01/xz-bonus-spectacular-episode/
Kurt and Josh are great, one of my favourites.
Which podcast? Sounds like something I’d be interested in listening to
Also replied to another comment, sounds like this one here: https://opensourcesecurity.io/2024/04/01/xz-bonus-spectacular-episode/
And those are only fully packaged user-facing software.
I’d guess almost all of the Rust code for low level hardware access is maintained by a single person. Most of them once joined forces and created a standard, it had 4 developers last time I checked. The only usable cryptography library for C# has a single developer, and while on crypto, that meme got widespread because of OpenSSL, that had a single developer who spent most of his time on OpenSSH and other BSD user-facing software.
Also, while we are on crypto, the modern algorithms were all created by a single researcher, that got famous for a work on how to decide if you can trust a crypto algorithm. Almost everybody uses his code.
Anyway, that meme first appeared because of Javascript, when a developer removed his library (with ~10 lines of code) from the language’s repository and almost every Javascript software broke.
Ronald is Linus Torval, and his contribution is immeasurable.
Isn’t Linus pretty famous for his tech tips YouTube channel?
Wrong Linus, That’s Linus Sebastian.
Woosh?
You’d be surprised how many programmers don’t know who Torvalds is if you ask them. They might be aware of his impact or some of the things he did, but the name Linus will not ring a bell for them. So yeah, might be a whoosh, might not be, but there is enough plausible naiveness imo.
One can only hope
I think Linus sits at the intersection of both groups. Linus is not some Ronald. The Ronalds of this world are for example the creator of core-js.
Still mad about what happened to that guy.
What happened to him?
It’s linked on that page. https://github.com/zloirock/core-js/blob/master/docs/2023-02-14-so-whats-next.md
I just finished reading his story and wtf! Man, I sent him $25. It’s not a lot, but hopefully it covers my tiny bit of usage of that polyfill, back when I used it.
I had no idea that package was used so extensively. Good lord! I actually just recently removed it from most of my projects because the features I needed it for now have broad browser support.
Oh hey! I’ve used that package for years.
And so did most of the world
I just read his usage statistics on the GitHub page. Holy crap! I thought it was just some small project that a cool dude shared back when I originally found it. Perhaps it was, back then.
Actually I think he has already had an adequate amount of recognition:
-
“In 1999, Red Hat and VA Linux, both leading developers of Linux-based software, presented Torvalds with stock options in gratitude for his creation.[29] That year both companies went public and Torvalds’s share value briefly shot up to about US$20 million”
-
his autobiography is in several hundred library collections worldwide
Awards he’s received:
-
2 honorary doctorates
-
2 celestial objects named after him
-
Lovelace Medal
-
IEEE Computer Pioneer Award
-
EFF Pioneer Award
-
Vollum Award
-
Hall of Fellows of the Computer History Museum
-
C&C prize
-
Millenium Technology Prize
-
Internet Hall of Fame
-
IEEE Masaru Ibuka Consumer Electronics Award
-
Great Immigrants Award
Wow! A company gave away money without being contractually obligated to do so? The world sure has changed since then. I’m glad that Torvalds is doing well, he completely changed the world.
I wonder how Brahm Cohen is doing. He also had a huge impact on the world. I know he got a write-up in Wired Magazine after inventing Bit Torrent (that’s how I learned about it way back then), but I haven’t heard much about him since.
-
xz seems like another good example
I’d put the deflate algorithm over the LZMA algorithm just because deflate is used by both windows (zip) and Unix (gzip). Windows I don’t think has added LZMA/xz support until recently if at all.
I’d say ffmpeg is a good example, it’s used by almost every piece of software that has to manipulate audio or video (including messaging applications), yet not many people know about its existance.
And Fabrice Bellard, the original author of ffmpeg, went on to create qemu which pretty much made open-source virtualization possible. Also TCC (even if I don’t think that one is widely used), he established a world record for computing decimals of Pi using a single machine that had ~2000× less FLOPS than the previous record, and so much more…
Fabric Bellard’s body of work is fairly strong evidence for time travel having happened already.
Or just genius.
There is a guy named Arthur David Olson who maintains a small database of all the time zones in the world, including things like leap seconds and such. It’s used by everybody and it is updated several times a year. See here:
It’s also worth pointing out that this was sued in a copyright lawsuit some time ago. The wikipedia article mentions it, but here’s the slashdot discussion if you want to feel like stepping into a time machine: https://m.slashdot.org/story/158778
It caused a momentary panic when everyone realized that this thing runs the system clocks for everything everywhere, and if it got taken down by a copyright suit it would be disastrous for, well, everybody.
Wasn’t there also very recently a whole thing about the single guy who maintains the NTP spec threatened to retire so he could get a “real” job, which caused a gigantic internet-wide panic as pretty much everything we do relies on computer’s clocks being perfectly synced?
If we could all just stop making changes to time zones, that would make my job very slightly easier.
Perhaps we’ll move to UTC+10¼, and then move forward 45 minutes in the summer.
If the day number is a prime, then we’ll go back π hours.
Hope that will help!
I bet he’s paid nothing to do it. Then one day, when a timing attack happens that can be traced to the DB, some knobhead CTOs and tech influencers will start talking about “securing the supply chain”. They’ll want other such bullshit and responsibilities to be shoved unto volunteers.
Two quotes come to mind “Fuck you, pay me” and “Open source maintainers owe you nothing”.
It would make sooo much more sense for the ISO to set something up, and make governments each responsible for keeping it updated, since they’re the ones doing the changing.
Require all participants to amend their law/regulations, so there’s a note to prompt whoever is in power and changes it next.
I’m sure some places would still neglect to do it… Haha
It has organizational support from ICANN, so it’s not done in total isolation.
Oh neato, then all good!
curl
Curl comes to mind. Libcurl is at the foundation of almost all networking.
curl is most definitely not developed solely by one person though, it has thousands of contributors. in fact, there is so much red tape around curl that you can’t even discuss making a change to it without first writing an RFC and having it approved by a committee.
And they still get emails from randos when some program that uses curl doesn’t work (the Readme is top notch).
I cannot for the life of me find what you’re referencing. I only remember the
sqlite
/etilqs
fiasco with McAfee.https://github.com/mackyle/sqlite/blob/a009acaca1fe25d909d8b5180c0120af1abc2b82/src/os.h#L56-L79
https://bagder.github.io/emails/ has the email collection.
Thanks for sharing these gems. I can almost feel the exasperation in some of the emails and their replies.
Thank you!! I knew I must have been missing something.
Here’s an example from NASA
I feel a bit split about this. Seems it is an actual law, and it kind of makes sense. You probably don’t want random components from unknown people and places in your multi million dollar space equipment. But it feels rather arrogant to just demand such things.
Is NASA actually a customer? Did they pay for a license to use curl (genuine question - I’m not familiar enough with it to know if enterprises and organisations require a paid license)? Are they planning on becoming a paying customer? Do they make donations to the project? If not, it feels kind of rude to send a demand letter to the lead developer of a free piece of software straight up demanding a formal letter stating where the free software is being developed and maintained (for free), or if outside the USA, that the free software has been tested in the USA. Oh, and a bonus demand that such information be returned within 5 business days (naturally with an implied “or else”, just to really make sure those pesky people maintaining open source software for free really get the memo)
In any case, why don’t all their scary 3 letter spy agencies go and figure it out on behalf of NASA themselves? It’s open source, they could just like, read the source, test the source, and audit the source themselves. Or fork it and make any modifications they’d like to ensure its safety
I don’t blame the person sending the emails, obviously, they’re just following orders, but the whole email reads as very entitled and arrogant, assuming NASA don’t provide any compensation to the project and projects maintainers for their use of curl
Libcurl is at the foundation of almost all networking.
That’s not remotely true, but it is nevertheless outstanding work and very much deserving of recognition and support.
Is-even and is-odd on npm.
For a while, openssl was maintained by 1 or 2 people.
Like half of the npm is maintained by a single, arguably awful, person who writes his microprojects into large pieces of software to maximize how often his code gets installed.
Sounds like a fork is in order
Sindre Sorhus?
Jon Schlinkert, I believe. Sindre has a lot of stuff as well, but has a better reputation afaik
Just looked them up… holy hell. How does one have so many repos! And all the apps he’s made. What’s the story on them?
That’s them, yup!
deleted
left-pad
The popularity of these two packages shows that something is very wrong with JavaScript.
No, it shows people are lazy.
Well, that as well, but it’s an also bit tricky to safely check if a number is even because JavaScript uses floats for numbers.
It’s not tricky. Modulus operator works fine.
Is-even and is-odd are the stupidest packages ever written. Except for all the others that guy wrote.
I would love this even more if one depended on the other and just did a “not even” for example.
I thought that was the case tbh, has it changed?
Edit: is-even depends on is-odd.
It would be even better if each one depended on the other.
Well good news! Time to let yourself love again!
NTP is the one that comes to mind for me.
Basically every device uses it and until fairly recently was maintained by a single person
So they have a donation/support page?
Though OpenNTPD, Chrony or timesyncd if you’re on Systemd, are usually better suited.
Network Time Protocol? Cool, didn’t know that!
The
core-js
story always makes me sad. Sure, he’s developing an open source project and no one HAS to pay him. But the meager amount of donations and the tons of hate he receives isn’t justifiable either.It’s especially sadder when a substantial amount of the donations vanished when Open Collective and others stopped operating to Russians.
I had seen the hate before and foolishly just assumed he was deserving of it. Its a horrible situation he’s in and he is being cast in a bad light because he reached out for help.
Oh dear, that post from the core-js guy made my blood boil. He’s been taken advantage of by the whole world.
The guy that runs Rufus.
Huh… My dad is a software engineer and his name is Ronald. He also secured several software patents when he worked for a big chip wafer manufacturer. He might actually be the Ronald in this meme… 🤔