Friend who is not a software person sent me this tweet, which amused me as it did them. They asked if “runk” was real, which I assume not.
But what are some good examples of real ones like this? xz became famous for the hack of course, so i then read a bit about how important this compression algorithm is/was.
Git, by Linus? Maybe even linux itself? Ok actually Linus might just be Steve Wozniak without an annoying Steve Jobs guy next to him, while actually being a lot bigger than Apple maybe?
It’s really hard to imagine a world without Git. If it hadn’t been invented I think it would have been necessary to create it it’s one of those things that’s hard to imagine and then impossible to work out how you can survive without it.
Yet the vast majority of the world probably don’t even know what it is, and wouldn’t even understand it if it was explained to them.
t’s really hard to imagine a world without Git
I’ve lived it.
- CriticalFile.vbs
- CriticalFile.V2.vbs
- CripicalFile.V2.5.vbs
- CriticalFile.DONOTEDIT.txt
- _Old.CriticalFile.aspx
- LinkToCriticalFilesFold.lnk
- GuideToDeploying.CriticalFliles.doc
- CritFil.bat
There is a guy named Arthur David Olson who maintains a small database of all the time zones in the world, including things like leap seconds and such. It’s used by everybody and it is updated several times a year. See here:
If we could all just stop making changes to time zones, that would make my job very slightly easier.
Perhaps we’ll move to UTC+10¼, and then move forward 45 minutes in the summer.
If the day number is a prime, then we’ll go back π hours.
Hope that will help!
Pretty much every basic terminal command for linux. Grep is the one that comes to mind.
The modern man uses
ripgrep👍But it’s three more letters. No deal.
Its going installed binary is
rg.I shall begrudgingly consider it then, with much begrudgement.
Sqlite isn’t quite one person, but it is a very small team and is extremely widely used. https://www.sqlite.org/mostdeployed.html
Curl comes to mind. Libcurl is at the foundation of almost all networking.
curl is most definitely not developed solely by one person though, it has thousands of contributors. in fact, there is so much red tape around curl that you can’t even discuss making a change to it without first writing an RFC and having it approved by a committee.
And they still get emails from randos when some program that uses curl doesn’t work (the Readme is top notch).
I cannot for the life of me find what you’re referencing. I only remember the
sqlite/etilqsfiasco with McAfee.https://github.com/mackyle/sqlite/blob/a009acaca1fe25d909d8b5180c0120af1abc2b82/src/os.h#L56-L79
https://bagder.github.io/emails/ has the email collection.
Here’s an example from NASA
I feel a bit split about this. Seems it is an actual law, and it kind of makes sense. You probably don’t want random components from unknown people and places in your multi million dollar space equipment. But it feels rather arrogant to just demand such things.
Is NASA actually a customer? Did they pay for a license to use curl (genuine question - I’m not familiar enough with it to know if enterprises and organisations require a paid license)? Are they planning on becoming a paying customer? Do they make donations to the project? If not, it feels kind of rude to send a demand letter to the lead developer of a free piece of software straight up demanding a formal letter stating where the free software is being developed and maintained (for free), or if outside the USA, that the free software has been tested in the USA. Oh, and a bonus demand that such information be returned within 5 business days (naturally with an implied “or else”, just to really make sure those pesky people maintaining open source software for free really get the memo)
In any case, why don’t all their scary 3 letter spy agencies go and figure it out on behalf of NASA themselves? It’s open source, they could just like, read the source, test the source, and audit the source themselves. Or fork it and make any modifications they’d like to ensure its safety
I don’t blame the person sending the emails, obviously, they’re just following orders, but the whole email reads as very entitled and arrogant, assuming NASA don’t provide any compensation to the project and projects maintainers for their use of curl
https://daniel.haxx.se/blog/2020/12/17/curl-supports-nasa/
https://daniel.haxx.se/blog/2023/02/07/closing-the-nasa-loop/
Their process for validating software doesn’t have a box for “open source”, and basically assumes it’s either purchased, or contracted. So someone in risk assessment just gets a list of software libraries and goes down it checking that they have the required forms.
As the referenced talk mentions, the people using the software understand that all the testing and everything is entirely on them, and that sending these messages is bothersome and unfair, and they’re working on it. Unfortunately, NASA is also a massive government bureaucracy and so process changes are slow, at best.
The TLAs don’t generally help NASA, and getting them involved would unfortunately only result in more messages being sent.As for contributions, I think that turns into an even worse can of worms, since generally software developed by or for the US government isn’t just open source, but public domain. I think you’d end up with a big mess of licensing horror if you tried to get money or official relationships involved. It’s why sqlite is public domain, since it was developed at the behest of the US.
Mostly just context for what you said. NASA isn’t being arrogant, they’re being gigantic. Doing their due diligence in-house while another branch goes down a checklist, sees they don’t have a form and pops of an email and embarrassing the hell out of the first group.
The time limit thing is weird, but it’s a common practice in bureaucracies, public or private. You stick a timeline on the request to convey your level of urgency and the establish some manner of timeline for the other person to work with. Read the line again, but extremely literally: “we have a time frame of 5 days for a response”. “Our audit timeline guessed that it would take a business week for you to reply, so if you take longer we’re behind schedule”. The threatening version is “your response is required on or before five business days from the date of this message”.
The presumption is that the person on the other end is also working through a task queue that they don’t have much personal investment in, and is generally good natured, so you’re telling them “I don’t expect you to jump on this immediately, but wherever you can find a moment to reply this week would keep anyone from bothering me, and me from needing to send another email or trying to find a phone number”
I saw a post earlier about Empress returning to game cracking. For modern video games that use Denuvo DRM, she’s the only person who can really crack it, as far as I know. Singlehandedly holding up the AAA game piracy scene.
She is kind of a shithead tbf and fwiw it’s more like she’s the only person who is willing to do it. granted cracking denuvo is something that is extremely difficult and only a small subset of people can do but it’s not like she’s literally the only person on the planet who can. There was that guy who would just release the yearly update of football manager, for one.
It’s far more likely the people who have that skill set just don’t really want to bother with cracking videogames and the potential legal issues that come with distributing them online.
