Not a package but FileZilla is developed by Tim Kosse for over 20 years. I know that there are a lot of other FTP-Clients but FileZilla is my favorite. Easy to use and very very stable. There is a pro version sure, but most of the time the regular one does the job. My company throws thousands of dollars a month at Adobe, Microsoft and others. But they would never even think about giving anything to Tim Kosse and others, even though I’ve probably saved days of work with tools like this.
My company’s anti-malware started triggering on filezilla’s installer a few years ago because they started packaging apparently sketchy ads in it. Dunno if that’s still the case or not. I ended up switching to WinSCP instead. (Which I believe is actually another example of just one or two guys running that show too.)
Interesting, but are those commits to the glibc library itself or commits to the Debian package of it? The link makes it look like the latter, but I could be wrong.
In the same kind of vein as imagemagick, Dave Coffin’s dcraw tool at least partly underlies almost every non-proprietary RAW image decoder, and some of the commercial ones (if they don’t use code, they use constant matrices and such).
He’s not a sole maintainer to any of his major projects anymore, but honorable mention to Fabrice Bellard who initiated both ffmpeg and qemu among other notable activities.
IIRC the Expat XML parser that’s embedded everywhere was basically on spare-time maintenance by Clark Cooper and Fred Drake for a couple decades, but I think they have a little more resources now.
SQLite is a BDFL situation more than single-maintainer, but D. Richard Hipp still has his hands on everything, and there are only a relatively small number of folks with commit access.
Basically every Windows sysadmin is indebted to Mark Russinovich and SysInternals. Fortunetly, PowerToys has come a long way because I’m pretty sure sysinternals haven’t been updated since Windows XP.
The Therac-25, a radiation therapy machine produced by Atomic Energy of Canada Limited (AECL), was implicated in six accidents between 1985 and 1987 where patients received massive radiation overdoses due to software errors.
A developer maintained a NodeJS package called left-pad that would add leading whitespace to strings. He unpublished the package and broke basically the entire Node ecosystem until the repo owner forcibly republished it against the author’s wishes.
It’s honestly a fascinating read. We count so much on these kinds of people to keep our way of life intact, but when they ask for a little help in their own life, they get spat on.
It’s really, really sad that this sort of stuff doesn’t get picked up and funded for the greater good. Stuff like the NLnet Foundation exists, which has helped fund some pretty major projects (including the development of Lemmy), but something this critical I feel should be consistently funded by even larger entities in order to keep things working right.
Node frameworks are famous for this purely because of a lack of standard library. I feel like most languages have a standard library that balance being generic but still providing utilities of common used stuff. So a company that doesn’t want to rely on a random guy’s library can build their own with only the features they want. But with Node, any complicated feature is using a tree of hundreds of random packages that you have no idea who created them.
Someone ought to write a Node.js fork that includes native implementations of popular modules that are unlikely to need maintenance like isodd. Then come with a custom version of NPM that refuse to install the packages.
Deno basically did this by including a standard library that removes the need for the most popular modules. It’s the best js/ts experience I’ve ever had.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !programming@programming.dev
Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!
Cross posting is strongly encouraged in the instance. If you feel your post or another person’s post makes sense in another community cross post into it.
Hope you enjoy the instance!
Rules
Rules
Follow the programming.dev instance rules
Keep content related to programming in some way
If you’re posting long videos try to add in some form of tldr for those who don’t want to watch videos
kbin
Not a package but FileZilla is developed by Tim Kosse for over 20 years. I know that there are a lot of other FTP-Clients but FileZilla is my favorite. Easy to use and very very stable. There is a pro version sure, but most of the time the regular one does the job. My company throws thousands of dollars a month at Adobe, Microsoft and others. But they would never even think about giving anything to Tim Kosse and others, even though I’ve probably saved days of work with tools like this.
My company’s anti-malware started triggering on filezilla’s installer a few years ago because they started packaging apparently sketchy ads in it. Dunno if that’s still the case or not. I ended up switching to WinSCP instead. (Which I believe is actually another example of just one or two guys running that show too.)
RenderDoc is made by one person. It’s used by every graphics programmer. It’s free, open source, faster + better than anything else. I love it.
glibc
Huh, is glibc really only maintained by a small number of people? I would not have expected that.
it’s not much… https://salsa.debian.org/glibc-team/glibc/-/graphs/sid?ref_type=heads maybe 3 people ?
Interesting, but are those commits to the glibc library itself or commits to the Debian package of it? The link makes it look like the latter, but I could be wrong.
ah yeah the original is actually here https://sourceware.org/git/glibc.git
running
git shortlog -s -n -e glibc-2.35..(03.02.2022 to now) givesIn the same kind of vein as imagemagick, Dave Coffin’s dcraw tool at least partly underlies almost every non-proprietary RAW image decoder, and some of the commercial ones (if they don’t use code, they use constant matrices and such).
He’s not a sole maintainer to any of his major projects anymore, but honorable mention to Fabrice Bellard who initiated both ffmpeg and qemu among other notable activities.
IIRC the Expat XML parser that’s embedded everywhere was basically on spare-time maintenance by Clark Cooper and Fred Drake for a couple decades, but I think they have a little more resources now.
SQLite is a BDFL situation more than single-maintainer, but D. Richard Hipp still has his hands on everything, and there are only a relatively small number of folks with commit access.
Basically every Windows sysadmin is indebted to Mark Russinovich and SysInternals. Fortunetly, PowerToys has come a long way because I’m pretty sure sysinternals haven’t been updated since Windows XP.
Mark Russinovich now works for Microsoft and they own Sysinternals. Also the tools get updated quite regularly.
“Mark works for MS” is a massive understatement. He’s CTO of Azure now.
And speaking of Sysinternals, arguably the most exciting update was when ProcessExplorer got a dark mode late last year :)
Wait? ProcessExplorer has dark mode???!
Salvatore Sanfilippo - creator of Redis.
Well, he actually received many appreciations from the community. But it’s worth knowing IMO.
https://www.eu-startups.com/2011/01/an-interview-with-salvatore-sanfilippo-creator-of-redis-working-out-of-sicily/
Look up a machine called Therac-25. great example of this. Terrifying.
That’s terrifying!
I’ll save the next guy a search https://en.wikipedia.org/wiki/Therac-25
Tl;dr:
The Therac-25, a radiation therapy machine produced by Atomic Energy of Canada Limited (AECL), was implicated in six accidents between 1985 and 1987 where patients received massive radiation overdoses due to software errors.
A developer maintained a NodeJS package called left-pad that would add leading whitespace to strings. He unpublished the package and broke basically the entire Node ecosystem until the repo owner forcibly republished it against the author’s wishes.
https://www.theregister.com/2016/03/23/npm_left_pad_chaos/
The core-js library is used by 1000s of top websites and is maintained by one guy
https://github.com/zloirock/core-jsHe also went to prison
It’s honestly a fascinating read. We count so much on these kinds of people to keep our way of life intact, but when they ask for a little help in their own life, they get spat on.
It’s really, really sad that this sort of stuff doesn’t get picked up and funded for the greater good. Stuff like the NLnet Foundation exists, which has helped fund some pretty major projects (including the development of Lemmy), but something this critical I feel should be consistently funded by even larger entities in order to keep things working right.
That feels it went seriously bad
This story got me sad. But also, the guy should know better as not to dedicate all of his time on that. This article talk a bit about this issue.
TzData is basically maintained by 2 guys. Pretty much every computer, phone and language relies on this database for timezone information.
I believe a great example is… you know… the entire internet.
cURL was one of these for a while (according to my limited understanding)
It was made in the 90s and it didn’t get commercial support until a few years ago.
Node frameworks are famous for this purely because of a lack of standard library. I feel like most languages have a standard library that balance being generic but still providing utilities of common used stuff. So a company that doesn’t want to rely on a random guy’s library can build their own with only the features they want. But with Node, any complicated feature is using a tree of hundreds of random packages that you have no idea who created them.
Someone ought to write a Node.js fork that includes native implementations of popular modules that are unlikely to need maintenance like isodd. Then come with a custom version of NPM that refuse to install the packages.
Deno basically did this by including a standard library that removes the need for the most popular modules. It’s the best js/ts experience I’ve ever had.
I just checked it and seems nice! Also seems to have been well received by the community.
I believe the nodejs fiasco is what prompted this comic?https://www.google.com/amp/s/www.theregister.com/AMP/2016/03/23/npm_left_pad_chaos/
Another example is a large number of libraries using an external dependency to check if a number is odd.
I believe it was the OpenSSL-security scandal, iirc.
AMP-free url: https://www.theregister.com/2016/03/23/npm_left_pad_chaos/
It’s possible leftpad was an example Randall was thinking of, but the date of the comic is Aug 17, 2020, more than 4 years after leftpad.
https://www.explainxkcd.com/wiki/index.php/2347:_Dependency