I’ve heard people mention curl and imagemagick. Any others that you know about?

  • Eric_the_Cerise@fedia.io
    link
    fedilink
    arrow-up
    70
    ·
    edit-2
    1 year ago

    Werner Koch, the guy who created, and who has maintained for 25 years now, pretty much all by himself, GnuPG, the modern email encryption replacement for PGP.

    Just the other day, I realized I actually live just a few kms away from the guy, here in Germany … very tempted to reach out to him someday and actually buy him an actual coffee.

    • spartanatreyu@programming.dev
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      That was the one I couldn’t remember, I got GPG and PGP confused but I remember it involved email encryption.

      This guy was the reason that every security dev had those personal public keys clearly posted next to their email address on every announcement and blog post they ever released.

  • Black616Angel@feddit.de
    link
    fedilink
    English
    arrow-up
    65
    arrow-down
    1
    ·
    1 year ago

    Sci-Hub anyone?

    Alexandra Elbakyan manages this truly awesome source of scientific papers completely on her own. She got sued twice and lost, had to change the URL multiple times due to takedowns and only gets along by donations.

    • SkyeStarfall@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      18
      ·
      1 year ago

      It is a crime to humanity to lock knowledge behind a huge paywall. She does God’s work.

      And it’s not like the actual scientists/academics support knowledge being locked away either, or profit from it.

    • Gork
      link
      fedilink
      English
      arrow-up
      9
      ·
      1 year ago

      She’s the best thing that’s happened to the s scientific publishing field. I’m no longer a student but I still enjoy reading scientific papers and I’ll be damned if I have to pay $20 per article (which doesn’t go to the authors) since I no longer have access to a library that maintains relationships with these big publishers.

  • OneDimensionPrinter@lemm.ee
    link
    fedilink
    English
    arrow-up
    54
    arrow-down
    2
    ·
    edit-2
    1 year ago

    Left pad https://arstechnica.com/information-technology/2016/03/rage-quit-coder-unpublished-17-lines-of-javascript-and-broke-the-internet/

    Had GPT summarize what happened.

    The “left pad” incident refers to a controversy that arose in 2016 when a developer named Azer Koçulu removed his JavaScript package called “left-pad” from the NPM (Node Package Manager) registry. This caused a ripple effect, breaking numerous projects that relied on this package and highlighting the potential risks of relying on external dependencies. The incident sparked a debate about the stability and trustworthiness of the open-source ecosystem and led to discussions about best practices for managing dependencies in software development.

    • Torty@beehaw.org
      link
      fedilink
      English
      arrow-up
      17
      ·
      1 year ago

      This is the one I came to post about. The fact there’s a library for this is so stupid to me.

      I feel like it demonstrates how npm and modules have probably to some degree gotten out of hand.

    • AnonymousLlama@kbin.social
      link
      fedilink
      arrow-up
      6
      ·
      1 year ago

      From memory the NPM blokes had to have a think about how they handle important packages because of that. Didn’t they revert the changes to left pad to ensure everything else didn’t break?

      Fascinating to see the house of cards some of these solutions / libraries are built off

      • JackbyDev@programming.dev
        link
        fedilink
        arrow-up
        7
        ·
        1 year ago

        Yes. They added it back. The policy now is that you can’t remove packages that are depended on (or something to that extent, I don’t know the specifics).

  • spartanatreyu@programming.dev
    link
    fedilink
    English
    arrow-up
    45
    ·
    1 year ago

    cURL was one of these for a while (according to my limited understanding)

    It was made in the 90s and it didn’t get commercial support until a few years ago.

  • fubo@lemmy.world
    link
    fedilink
    English
    arrow-up
    43
    ·
    1 year ago

    Public NTP time servers have occasionally been that piece of infrastructure.

    NTP is used for synchronizing computer clocks, ultimately using highly-accurate time sources such as atomic clocks. The most authoritative public time servers tend to be run by research universities, national labs, and so on.

    Multiple home router vendors have sold devices configured to poll university NTP servers vastly excessively; effectively running a denial-of-service attack against public infrastructure. In a few cases, public time servers have closed down because of abuse by misconfigured consumer devices.

    https://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse

  • jonne@infosec.pub
    link
    fedilink
    English
    arrow-up
    38
    ·
    1 year ago

    TzData is basically maintained by 2 guys. Pretty much every computer, phone and language relies on this database for timezone information.

  • muttley@kbin.social
    link
    fedilink
    arrow-up
    34
    arrow-down
    1
    ·
    1 year ago

    The core-js library is used by 1000s of top websites and is maintained by one guy
    https://github.com/zloirock/core-js

      • Highsight@kbin.social
        link
        fedilink
        arrow-up
        16
        ·
        1 year ago

        It’s honestly a fascinating read. We count so much on these kinds of people to keep our way of life intact, but when they ask for a little help in their own life, they get spat on.

        • gk99@kbin.social
          link
          fedilink
          arrow-up
          9
          ·
          1 year ago

          It’s really, really sad that this sort of stuff doesn’t get picked up and funded for the greater good. Stuff like the NLnet Foundation exists, which has helped fund some pretty major projects (including the development of Lemmy), but something this critical I feel should be consistently funded by even larger entities in order to keep things working right.

  • sasquash471@feddit.de
    link
    fedilink
    English
    arrow-up
    30
    arrow-down
    1
    ·
    edit-2
    1 year ago

    Not a package but FileZilla is developed by Tim Kosse for over 20 years. I know that there are a lot of other FTP-Clients but FileZilla is my favorite. Easy to use and very very stable. There is a pro version sure, but most of the time the regular one does the job. My company throws thousands of dollars a month at Adobe, Microsoft and others. But they would never even think about giving anything to Tim Kosse and others, even though I’ve probably saved days of work with tools like this.

    • ilovededyoupiggy@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      8
      ·
      1 year ago

      My company’s anti-malware started triggering on filezilla’s installer a few years ago because they started packaging apparently sketchy ads in it. Dunno if that’s still the case or not. I ended up switching to WinSCP instead. (Which I believe is actually another example of just one or two guys running that show too.)

  • PAPPP@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    25
    ·
    1 year ago

    In the same kind of vein as imagemagick, Dave Coffin’s dcraw tool at least partly underlies almost every non-proprietary RAW image decoder, and some of the commercial ones (if they don’t use code, they use constant matrices and such).

    He’s not a sole maintainer to any of his major projects anymore, but honorable mention to Fabrice Bellard who initiated both ffmpeg and qemu among other notable activities.

    IIRC the Expat XML parser that’s embedded everywhere was basically on spare-time maintenance by Clark Cooper and Fred Drake for a couple decades, but I think they have a little more resources now.

    SQLite is a BDFL situation more than single-maintainer, but D. Richard Hipp still has his hands on everything, and there are only a relatively small number of folks with commit access.

  • Baldur Nil@programming.dev
    link
    fedilink
    English
    arrow-up
    24
    ·
    edit-2
    1 year ago

    Node frameworks are famous for this purely because of a lack of standard library. I feel like most languages have a standard library that balance being generic but still providing utilities of common used stuff. So a company that doesn’t want to rely on a random guy’s library can build their own with only the features they want. But with Node, any complicated feature is using a tree of hundreds of random packages that you have no idea who created them.