Friend who is not a software person sent me this tweet, which amused me as it did them. They asked if “runk” was real, which I assume not.

But what are some good examples of real ones like this? xz became famous for the hack of course, so i then read a bit about how important this compression algorithm is/was.

  • weker01@sh.itjust.works
    link
    fedilink
    arrow-up
    0
    ·
    5 months ago

    A few libraries come to mind immediately: fftw (I think the most widely used fft library) or GMP (I think the most used multi precision library).

    • refalo@programming.dev
      link
      fedilink
      arrow-up
      0
      ·
      5 months ago

      curl is most definitely not developed solely by one person though, it has thousands of contributors. in fact, there is so much red tape around curl that you can’t even discuss making a change to it without first writing an RFC and having it approved by a committee.

    • mox@lemmy.sdf.org
      link
      fedilink
      arrow-up
      0
      ·
      5 months ago

      Libcurl is at the foundation of almost all networking.

      That’s not remotely true, but it is nevertheless outstanding work and very much deserving of recognition and support.

    • xmunk@sh.itjust.works
      link
      fedilink
      arrow-up
      0
      ·
      5 months ago

      And they still get emails from randos when some program that uses curl doesn’t work (the Readme is top notch).

          • ZC3rr0r@lemmy.ca
            link
            fedilink
            arrow-up
            0
            ·
            5 months ago

            Thanks for sharing these gems. I can almost feel the exasperation in some of the emails and their replies.

          • Baku@aussie.zone
            link
            fedilink
            English
            arrow-up
            0
            ·
            5 months ago

            I feel a bit split about this. Seems it is an actual law, and it kind of makes sense. You probably don’t want random components from unknown people and places in your multi million dollar space equipment. But it feels rather arrogant to just demand such things.

            Is NASA actually a customer? Did they pay for a license to use curl (genuine question - I’m not familiar enough with it to know if enterprises and organisations require a paid license)? Are they planning on becoming a paying customer? Do they make donations to the project? If not, it feels kind of rude to send a demand letter to the lead developer of a free piece of software straight up demanding a formal letter stating where the free software is being developed and maintained (for free), or if outside the USA, that the free software has been tested in the USA. Oh, and a bonus demand that such information be returned within 5 business days (naturally with an implied “or else”, just to really make sure those pesky people maintaining open source software for free really get the memo)

            In any case, why don’t all their scary 3 letter spy agencies go and figure it out on behalf of NASA themselves? It’s open source, they could just like, read the source, test the source, and audit the source themselves. Or fork it and make any modifications they’d like to ensure its safety

            I don’t blame the person sending the emails, obviously, they’re just following orders, but the whole email reads as very entitled and arrogant, assuming NASA don’t provide any compensation to the project and projects maintainers for their use of curl

    • Piece_Maker@feddit.uk
      link
      fedilink
      English
      arrow-up
      0
      ·
      5 months ago

      Wasn’t there also very recently a whole thing about the single guy who maintains the NTP spec threatened to retire so he could get a “real” job, which caused a gigantic internet-wide panic as pretty much everything we do relies on computer’s clocks being perfectly synced?

    • rothaine@beehaw.org
      link
      fedilink
      English
      arrow-up
      0
      ·
      5 months ago

      It’s also worth pointing out that this was sued in a copyright lawsuit some time ago. The wikipedia article mentions it, but here’s the slashdot discussion if you want to feel like stepping into a time machine: https://m.slashdot.org/story/158778

      It caused a momentary panic when everyone realized that this thing runs the system clocks for everything everywhere, and if it got taken down by a copyright suit it would be disastrous for, well, everybody.

      • MisterFrog@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        5 months ago

        It would make sooo much more sense for the ISO to set something up, and make governments each responsible for keeping it updated, since they’re the ones doing the changing.

        Require all participants to amend their law/regulations, so there’s a note to prompt whoever is in power and changes it next.

        I’m sure some places would still neglect to do it… Haha

      • MisterFrog@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        5 months ago

        Perhaps we’ll move to UTC+10¼, and then move forward 45 minutes in the summer.

        If the day number is a prime, then we’ll go back π hours.

        Hope that will help!

  • Godort@lemm.ee
    link
    fedilink
    arrow-up
    0
    ·
    5 months ago

    NTP is the one that comes to mind for me.

    Basically every device uses it and until fairly recently was maintained by a single person

    • dohpaz42@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      5 months ago

      Yeah that debacle still pisses me off. Especially the fact that someone could possibly trademark and enforce a trademark a name that’s already in use. It’s made even worse that the package that now uses the stolen name is defunct.

      I hope all of the bad actors burn in Hell.

        • dohpaz42@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          5 months ago

          What did NPM remove? My understanding is that NPM restored the deleted package. If you’re referring to giving the author the ability to delete their packages, I’m on the fence about that. On the one hand, if it’s open source, it’s a part of the community. On the other hand, it’s also still the author’s code, and if they are the only author, then it’s their sole decision if they want to host their code under their account.

    • magic_smoke@links.hackliberty.org
      link
      fedilink
      arrow-up
      0
      ·
      5 months ago

      Azer did nothing wrong.

      Laurie Voss made a bad call and should feel bad.

      The principals of free software was, is, and always will be more important than every single dollar in silicon valley combined.

      • Omgpwnies@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        5 months ago

        No arguments there, if you’re gonna depend on a piece of code, you better own it or have a rock solid plan b.

      • TheSlad@sh.itjust.works
        link
        fedilink
        arrow-up
        0
        ·
        5 months ago

        I think he overreacted a bit, not to having his package name forcibly taken from him, but to being asked to give it up in the first place. Kik explained to him that they have to fight this or lose their tradmark because thats how trademark law works. His response was basically “haha fuck you”. He probably could’ve asked for a couple thousand and just changed the name of his project and everything would’ve been fine.

        • magic_smoke@links.hackliberty.org
          link
          fedilink
          arrow-up
          0
          ·
          5 months ago

          being asked to give it up in the first place. Kik explained to him that they have to fight this or lose their tradmark because thats how trademark law works.

          I’m not a lawyer but from what I know that’s a load of shit. There’s nothing stopping a trademark holder from granting licensing rights to third parties, without charge, to use their trademark in specific ways.

          They chose not to because its easier, and most people won’t know better, so they roll over.

          His response was basically “haha fuck you”. He probably could’ve asked for a couple thousand and just changed the name of his project and everything would’ve been fine.

          This is the correct response, even if Kik would’ve given him money. It’s his package, he got the name first. Corpos can eat shit, just because its not the easy choice, or the choice you would’ve made doesn’t mean it was wrong. That package should’ve stayed down on principal.

  • Aatube@kbin.melroy.org
    link
    fedilink
    arrow-up
    0
    ·
    5 months ago

    core-js (whose maintainer is also a bit picky about and probably doesn’t understand the OSS process) Phil Katz, the guy who invented .zip. To this day, every .zip file contains his initials in hexadecmial. His story is incredibly interesting.

    • Pyro@programming.dev
      link
      fedilink
      arrow-up
      0
      ·
      5 months ago

      The core-js story always makes me sad. Sure, he’s developing an open source project and no one HAS to pay him. But the meager amount of donations and the tons of hate he receives isn’t justifiable either.

      • Thomrade@lemm.ee
        link
        fedilink
        arrow-up
        0
        ·
        5 months ago

        I had seen the hate before and foolishly just assumed he was deserving of it. Its a horrible situation he’s in and he is being cast in a bad light because he reached out for help.

      • Aatube@kbin.melroy.org
        link
        fedilink
        arrow-up
        0
        ·
        5 months ago

        It’s especially sadder when a substantial amount of the donations vanished when Open Collective and others stopped operating to Russians.

    • Electric@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      5 months ago

      Oh dear, that post from the core-js guy made my blood boil. He’s been taken advantage of by the whole world.

  • prayer@sh.itjust.works
    link
    fedilink
    arrow-up
    0
    ·
    5 months ago

    I saw a post earlier about Empress returning to game cracking. For modern video games that use Denuvo DRM, she’s the only person who can really crack it, as far as I know. Singlehandedly holding up the AAA game piracy scene.

    • quixotic120@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      5 months ago

      She is kind of a shithead tbf and fwiw it’s more like she’s the only person who is willing to do it. granted cracking denuvo is something that is extremely difficult and only a small subset of people can do but it’s not like she’s literally the only person on the planet who can. There was that guy who would just release the yearly update of football manager, for one.

      It’s far more likely the people who have that skill set just don’t really want to bother with cracking videogames and the potential legal issues that come with distributing them online.

      • vividspecter@lemm.ee
        link
        fedilink
        arrow-up
        0
        ·
        5 months ago

        True, but being the only person willing to do something is kind of laudable in it’s own right. Like all of the open source projects relied upon by millions that are sometimes developed primarily by one person in their free time.

        • quixotic120@lemmy.world
          link
          fedilink
          arrow-up
          0
          ·
          5 months ago

          but my (not really my) conspiracy theory for this is the opposite of open source: when someone is good at cracking games companies like denuvo track them down and offer them jobs to harden their product and take another cracker out of the scene. like I bet denuvo is just filled with nerds that spent their teenage years in sketchy irc rooms with handles like -DooMSlAyEr- and used to actually be members of razor1911 before they realized they could get game companies to pay them 200k a year

          • onlinepersona@programming.dev
            link
            fedilink
            arrow-up
            0
            ·
            5 months ago

            It’s not a conspiracy theory. It’s exactly what Malus did and why it’s harder to root iPhones nowadays (but the EU is seeing to that by forcing them to start opening up their walled garden).

            Can’t remember where I read it, but I think it’s the dude who started AsahiLinux that shared part of his story in the scene. And a few dudes were tracked down and had the choice between a lawsuit and employment. Makes the decision pretty easy.

            Doesn’t help that they did their thing on Github and other public platforms instead of I2P or something.

            Anti Commercial-AI license

    • Dasus@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      5 months ago

      It was somewhat weird waiting for the HP release on her TG channel.

      Like I’ve seen my fair share of terf transphobes, but she’s honestly best described as a hater.

      There were so many rants.

      But like with Harry Potter, I like to separate the artist from the art.

    • JadenSmith@sh.itjust.works
      link
      fedilink
      arrow-up
      0
      ·
      5 months ago

      I can’t help but laugh at how batshit crazy she is. Didn’t she write a rap at some point??

      I’ll never not be convinced that she’s on a fair amount of meth and/or crack.

  • mox@lemmy.sdf.org
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    5 months ago

    I nominate Paul Eggert, and Arthur Olson before him, for the tz database, which we all depend upon whenever the time at which something happens (or did happen or will happen) matters.

    Edit: Tom Scott touches on the subject here.