Friend who is not a software person sent me this tweet, which amused me as it did them. They asked if “runk” was real, which I assume not.

But what are some good examples of real ones like this? xz became famous for the hack of course, so i then read a bit about how important this compression algorithm is/was.

      • MisterFrog@lemmy.world
        1·
        2 years ago

        It would make sooo much more sense for the ISO to set something up, and make governments each responsible for keeping it updated, since they’re the ones doing the changing.

        Require all participants to amend their law/regulations, so there’s a note to prompt whoever is in power and changes it next.

        I’m sure some places would still neglect to do it… Haha

    • Piece_Maker@feddit.ukEnglish
      1·
      2 years ago

      Wasn’t there also very recently a whole thing about the single guy who maintains the NTP spec threatened to retire so he could get a “real” job, which caused a gigantic internet-wide panic as pretty much everything we do relies on computer’s clocks being perfectly synced?

    • rothaine@beehaw.orgEnglish
      1·
      2 years ago

      It’s also worth pointing out that this was sued in a copyright lawsuit some time ago. The wikipedia article mentions it, but here’s the slashdot discussion if you want to feel like stepping into a time machine: https://m.slashdot.org/story/158778

      It caused a momentary panic when everyone realized that this thing runs the system clocks for everything everywhere, and if it got taken down by a copyright suit it would be disastrous for, well, everybody.

  • Aatube@kbin.melroy.org
    4·
    2 years ago

    core-js (whose maintainer is also a bit picky about and probably doesn’t understand the OSS process) Phil Katz, the guy who invented .zip. To this day, every .zip file contains his initials in hexadecmial. His story is incredibly interesting.

    • Pyro@programming.dev
      2·
      2 years ago

      The core-js story always makes me sad. Sure, he’s developing an open source project and no one HAS to pay him. But the meager amount of donations and the tons of hate he receives isn’t justifiable.

      • Aatube@kbin.melroy.org
        2·
        2 years ago

        It’s especially sadder when a substantial amount of the donations vanished when Open Collective and others stopped operating to Russians.

      • Thomrade@lemm.ee
        1·
        2 years ago

        I had seen the hate before and foolishly just assumed he was deserving of it. Its a horrible situation he’s in and he is being cast in a bad light because he reached out for help.

    • Electric@lemmy.world
      1·
      2 years ago

      Oh dear, that post from the core-js guy made my blood boil. He’s been taken advantage of by the whole world.

  • ricecake@sh.itjust.works
    4·
    2 years ago

    Paul Eggart is the primary maintainer for tzdb, and has been for the past 20 years.
    Tzdb is the database that maintains all of the information about timezones, timezone changes, leap whatever’s and everything else. It’s present on just about every computer on the planet and plays an important role in making sure all of the things do time correctly.

    If he gets hit by a bus, ICANN is responsible for finding someone else to maintain the list.

    Sqlite is the most widely used database engine, and is primarily developed by a small handful of people.

    ImageMagick is probably the most iconic example. Primarily developed by John Cristy since 1987, it’s used in a hilarious number of places for basic image operations. When a security bug was found in it a bit ago, basically every server needed to be patched because they all do something with images.

  • baltakatei@sopuli.xyzEnglish
    4·
    2 years ago

    Based on my cheatsheet, GNU Coreutils, sed, awk, ImageMagick, exiftool, jdupes, rsync, jq, par2, parallel, tar and xz utils are examples of commands that I frequently use but whose developers I don’t believe receive any significant cashflow despite the huge benefit they provide to software developers. The last one was basically taken over in by a nation-state hacking team until the subtle backdoor for OpenSSH was found in 2024-03 by some Microsoft guy not doing his assigned job.

    • marcos@lemmy.world
      1·
      2 years ago

      And those are only fully packaged user-facing software.

      I’d guess almost all of the Rust code for low level hardware access is maintained by a single person. Most of them once joined forces and created a standard, it had 4 developers last time I checked. The only usable cryptography library for C# has a single developer, and while on crypto, that meme got widespread because of OpenSSL, that had a single developer who spent most of his time on OpenSSH and other BSD user-facing software.

      Also, while we are on crypto, the modern algorithms were all created by a single researcher, that got famous for a work on how to decide if you can trust a crypto algorithm. Almost everybody uses his code.

      Anyway, that meme first appeared because of Javascript, when a developer removed his library (with ~10 lines of code) from the language’s repository and almost every Javascript software broke.

    • DamienGramatacus@lemmy.worldEnglish
      1·
      2 years ago

      I heard about that last one on a podcast and it was the first thing I thought of when I saw this post. Genuinely interesting story (if you’re into that sort of thing). The pod was saying how it’s both a flaw of open source that it could happen that way and an advantage because it was discoverable due to the fact that the code is open source.

  • Mossy Feathers (She/Her)@pawb.social
    4·
    2 years ago

    Furthermore, “RUNK” was originally made in the 1980s to take over from a program written on punch cards in the 1960s. Finally, it’s missing some important functions that the original 60s program had because "RUNK"s developer doesn’t see the purpose of those functions and refuses to add them; and no one has publically released a fork of “RUNK” that adds those functions back in, so you have to do it yourself. Thank God it’s open source.

    Edit: oh yeah, and back in 2005 there was an effort to make a GUI for it, but “RUNK’s” sole developer got mad because “back in the 80s we didn’t need GUIs; command line is infinitely faster” and kept intentionally breaking support for the GUI with each bug fix, leading to the project eventually being abandoned.

    • 14th_cylon@lemm.ee
      2·
      2 years ago

      that really sounds like a case where someone ultimately says “fuck you, runk’s developer”. why didn’t that happen?

      • Corbin@programming.devEnglish
        2·
        2 years ago

        Because frankly, Ronald (the current maintainer, not the original author) is very competent. I say this as somebody who has personally been yelled at by Ronald at a kernel summit; I didn’t deserve it, but none of his technical points were wrong. I like to think of myself as the kind of person that, given enough time and documentation, can maintain anything; I think it’d still take three of me to do Ronald’s job. (Well, “job.” I think he technically works for Red Hat or something?) Not to excuse his conduct, just to explain why he’s not been replaced yet.

        • Ms. ArmoredThirteen@lemmy.ml
          0·
          2 years ago

          Wait if it stands for Ronald’s Universal Number Kounter, does that mean both the creator and current maintainer are named Ronald? Is it a dread pirate kinda deal where whoever holds the hat takes the name?

          • Corbin@programming.devEnglish
            1·
            2 years ago

            I’d love to link you to their Wikipedia pages, but both of them are redlinked. As far as I can tell, Dr. V. Ronald was an educator who moved from Canada to the USA as part of the whole Xerox PARC thing and probably was valued for mainframe experience; does anybody have a full bio? The current maintainer is Ron Sunk, who did a full run at MIT up through postdoc before going to Red Hat. The names are a coincidence; runk implements what we now call Sunk summation, after Sunk’s thesis. (As you might guess, that’s an instance of Stigler’s law, since clearly Dr. Ronald discovered Sunk summation first!)

            Also, as long as we’re here, I want to empathize a little with Sunk. The GUIs that folks have placed on runk, like GNOME’s Gunk or Enlightenment’s enk, look very cool, and there’s rumors of an upcoming unified number-counting protocol that will put them all on equal ground. But @MossyFeathers@pawb.social wasn’t joking; Dr. Arnold’s code literally only reads punch cards, and there’s a façade to make it work on modern Linux and BSD transparently. It predates X11, if that’s any help. The tech debt is real.

  • Captain Aggravated@sh.itjust.worksEnglish
    4·
    2 years ago

    I mean, it was either Richard Stallman or Dennis Ritchie that created grep in an evening so that a buddy of his could do research on volumes of text that wouldn’t fit in the RAM of a PDP-11 (or similar machine. I’m telling this story from memory). It’s designed to do what you would do with the ancient text editor ed using the commands Global, Regular Expression, and Print. g re p. grep. Probably the most important piece of software ever written in a couple hours.

  • Godort@lemm.ee
    4·
    2 years ago

    NTP is the one that comes to mind for me.

    Basically every device uses it and until fairly recently was maintained by a single person

  • Sparky@lemmy.blahaj.zone
    3·
    2 years ago

    Idk who needs to know this, but in Norwegian “runke” means to jerk off. “runk” is the word you add a prefix to in conjugation to get the different inflections

    • runke - jerk off
    • runker - jerking off
    • runket - jerked off

    Etc…

    • dohpaz42@lemmy.worldEnglish
      2·
      2 years ago

      Yeah that debacle still pisses me off. Especially the fact that someone could possibly trademark and enforce a trademark a name that’s already in use. It’s made even worse that the package that now uses the stolen name is defunct.

      I hope all of the bad actors burn in Hell.

        • dohpaz42@lemmy.worldEnglish
          0·
          2 years ago

          What did NPM remove? My understanding is that NPM restored the deleted package. If you’re referring to giving the author the ability to delete their packages, I’m on the fence about that. On the one hand, if it’s open source, it’s a part of the community. On the other hand, it’s also still the author’s code, and if they are the only author, then it’s their sole decision if they want to host their code under their account.

          • JackbyDev@programming.devEnglish
            1·
            2 years ago

            But at the same time if the code is properly licensed under an open source license (I would assume/hope NPM didn’t allow non FOSS code) then NPM can refuse to take it down. Yes, they put it back up, but I think it’s important for public repositories (as in packaged code repositories, not got repositories) to never remove things (barring legal requirements, sure).

            For what it’s worth, the policy they adopted after the fact seemed pretty sensible. I think it was something like you can’t take things down once they have ~100 downloads or x number of dependents.

    • magic_smoke@links.hackliberty.org
      1·
      2 years ago

      Azer did nothing wrong.

      Laurie Voss made a bad call and should feel bad.

      The principals of free software was, is, and always will be more important than every single dollar in silicon valley combined.

      • Omgpwnies@lemmy.worldEnglish
        1·
        2 years ago

        No arguments there, if you’re gonna depend on a piece of code, you better own it or have a rock solid plan b.

      • TheSlad@sh.itjust.works
        0·
        2 years ago

        I think he overreacted a bit, not to having his package name forcibly taken from him, but to being asked to give it up in the first place. Kik explained to him that they have to fight this or lose their tradmark because thats how trademark law works. His response was basically “haha fuck you”. He probably could’ve asked for a couple thousand and just changed the name of his project and everything would’ve been fine.

        • magic_smoke@links.hackliberty.org
          2·
          2 years ago

          being asked to give it up in the first place. Kik explained to him that they have to fight this or lose their tradmark because thats how trademark law works.

          I’m not a lawyer but from what I know that’s a load of shit. There’s nothing stopping a trademark holder from granting licensing rights to third parties, without charge, to use their trademark in specific ways.

          They chose not to because its easier, and most people won’t know better, so they roll over.

          His response was basically “haha fuck you”. He probably could’ve asked for a couple thousand and just changed the name of his project and everything would’ve been fine.

          This is the correct response, even if Kik would’ve given him money. It’s his package, he got the name first. Corpos can eat shit, just because its not the easy choice, or the choice you would’ve made doesn’t mean it was wrong. That package should’ve stayed down on principal.

    • oldfart@lemm.ee
      2·
      2 years ago

      The curl author writes a lot about his struggles, but he’s also employed to maintain curl, so not really a good example

    • xmunk@sh.itjust.works
      3·
      2 years ago

      And they still get emails from randos when some program that uses curl doesn’t work (the Readme is top notch).

            • ricecake@sh.itjust.works
              1·
              2 years ago

              https://daniel.haxx.se/blog/2020/12/17/curl-supports-nasa/

              https://daniel.haxx.se/blog/2023/02/07/closing-the-nasa-loop/

              Their process for validating software doesn’t have a box for “open source”, and basically assumes it’s either purchased, or contracted. So someone in risk assessment just gets a list of software libraries and goes down it checking that they have the required forms.

              As the referenced talk mentions, the people using the software understand that all the testing and everything is entirely on them, and that sending these messages is bothersome and unfair, and they’re working on it. Unfortunately, NASA is also a massive government bureaucracy and so process changes are slow, at best.
              The TLAs don’t generally help NASA, and getting them involved would unfortunately only result in more messages being sent.

              As for contributions, I think that turns into an even worse can of worms, since generally software developed by or for the US government isn’t just open source, but public domain. I think you’d end up with a big mess of licensing horror if you tried to get money or official relationships involved. It’s why sqlite is public domain, since it was developed at the behest of the US.

              Mostly just context for what you said. NASA isn’t being arrogant, they’re being gigantic. Doing their due diligence in-house while another branch goes down a checklist, sees they don’t have a form and pops of an email and embarrassing the hell out of the first group.

              The time limit thing is weird, but it’s a common practice in bureaucracies, public or private. You stick a timeline on the request to convey your level of urgency and the establish some manner of timeline for the other person to work with. Read the line again, but extremely literally: “we have a time frame of 5 days for a response”. “Our audit timeline guessed that it would take a business week for you to reply, so if you take longer we’re behind schedule”. The threatening version is “your response is required on or before five business days from the date of this message”.
              The presumption is that the person on the other end is also working through a task queue that they don’t have much personal investment in, and is generally good natured, so you’re telling them “I don’t expect you to jump on this immediately, but wherever you can find a moment to reply this week would keep anyone from bothering me, and me from needing to send another email or trying to find a phone number”

    • refalo@programming.dev
      3·
      2 years ago

      curl is most definitely not developed solely by one person though, it has thousands of contributors. in fact, there is so much red tape around curl that you can’t even discuss making a change to it without first writing an RFC and having it approved by a committee.

    • mox@lemmy.sdf.org
      21·
      2 years ago

      Libcurl is at the foundation of almost all networking.

      That’s not remotely true, but it is nevertheless outstanding work and very much deserving of recognition and support.

  • IceHouse@lemmy.zip
    2·
    2 years ago

    Mark Russanovich was just some guy who had trouble fixing Windows computers so he wrote systernals from scratch including widely used psexec and other required tools if you are forced to be a windows admin. He has since grown up into a very hansom man who runs Azure which sucks.

  • frezik@midwest.social
    2·
    2 years ago

    Steve Jobs and Steve Wozniak are the classic example. Jobs has some technical skill, but not a lot. He’s the “ideas guy” that all other “ideas guy” try to be. I don’t have a lot of respect for the “idea guy”; Jobs was a manipulative narcissist, and he should not be emulated.

    Woz, OTOH, is an absolute genius, and one of the most genuinely nice people you’ll ever meet. Apple made him enough money that he can do whatever he wanted with his life, and what he wanted was to do cool things with computers and pull harmless pranks.

    Bill Gates had Steve Ballmer and Paul Allen. That was more of a collaboration. They all had some level of technical and business skill mixed together. It wasn’t quite the complementary skillset we see with Jobs and Woz. A lot of Microsoft’s success was being in the right place at the right time to make the right deal.

    • JeffKerman1999@sopuli.xyz
      3·
      2 years ago

      A lot of Microsoft’s success was being in the right place at the right time to make the right deal.

      It was also having friends on the IBM board that signed a contract that didn’t make any commercial sense…

      • Anticorp@lemmy.worldEnglish
        1·
        2 years ago

        It was also being ruthless beyond belief, and destroying anything that could have challenged them. They’ve held progress back for 40 or 50 years.

        • AnarchistArtificer@slrpnk.netEnglish
          2·
          2 years ago

          Reflecting on my IT education in school, it feels like it was mostly learning to use Microsoft Office. Reflecting on it makes me horrified, because I feel like we’re heading for a period where only a select few have tech skills and the skills gap we already see is going to get way worse. That’s what intense lobbying from Microsoft will get you

            • AnarchistArtificer@slrpnk.netEnglish
              1·
              2 years ago

              The thing I’m concerned about is how little non-programmers know. I think that much of the world went “oh, GenZ are digital natives, that means they’ll know their way around computers naturally” when if anything, being “digital natives” is part of the problem. But like my original comment said, I attribute a lot of blame to Microsoft’s impact on IT education.

              I can’t speak much on how much programmers tend to know, because I am a biochemist who started getting into programming when studying bioinformatics, and then I’ve continued dabbling as a hobbyist. I like to joke that I’m a better programmer than the vast majority of biochemists, and that’s concerning, because I’m a mediocre programmer (at best).

              • Anticorp@lemmy.worldEnglish
                2·
                2 years ago

                Oh yes, that is very concerning. They grew up with software developed for the lowest common denominator, and phones that do many of the things that computers were relied upon previously. Most people know how to go online, post stuff to social media, and that’s about it. It’s scary.

            • explodicle@sh.itjust.worksEnglish
              0·
              2 years ago

              Yeah! These Generation X programmers know nothing about low-level languages and electrical engineering. They’re compelled to put everything on the World Wide Web even when it’s unnecessary.

              • Anticorp@lemmy.worldEnglish
                1·
                2 years ago

                I don’t really mean coding languages. That’s stuff they learn in school. But what a lot of people seem to be lacking is the ability to find answers on their own, how to troubleshoot problems they haven’t encountered before, and the ability to work independently. There’s a whole lot of hand-holding happening.

                • mesamunefire@lemmy.worldEnglish
                  2·
                  1 year ago

                  There is a lot of surface level stuff going on in software development now days. It’s great for getting the job done, but just learning to solve a problem ends up being very difficult for developers. It will be an interesting 10 years with the invent of AI.