this post was submitted on 08 Aug 2024
1480 points (99.1% liked)

Programming

16977 readers
151 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev

founded 1 year ago
MODERATORS
snowe@programming.dev
Ategon@programming.dev
MaungaHikoi@lemmy.nz
1480
Real examples here? (discuss.tchncs.de)
submitted 1 month ago by megaman@discuss.tchncs.de to c/programming@programming.dev
278 comments fedilink hide all child comments
 

Friend who is not a software person sent me this tweet, which amused me as it did them. They asked if "runk" was real, which I assume not.

But what are some good examples of real ones like this? xz became famous for the hack of course, so i then read a bit about how important this compression algorithm is/was.

you are viewing a single comment's thread
view the rest of the comments
[–] baltakatei@sopuli.xyz 92 points 1 month ago* (last edited 1 month ago) (3 children)

Based on my cheatsheet, GNU Coreutils, sed, awk, ImageMagick, exiftool, jdupes, rsync, jq, par2, parallel, tar and xz utils are examples of commands that I frequently use but whose developers I don't believe receive any significant cashflow despite the huge benefit they provide to software developers. The last one was basically taken over in by a nation-state hacking team until the subtle backdoor for OpenSSH was found in 2024-03 by some Microsoft guy not doing his assigned job.

[–] marcos@lemmy.world 32 points 1 month ago

And those are only fully packaged user-facing software.

I'd guess almost all of the Rust code for low level hardware access is maintained by a single person. Most of them once joined forces and created a standard, it had 4 developers last time I checked. The only usable cryptography library for C# has a single developer, and while on crypto, that meme got widespread because of OpenSSL, that had a single developer who spent most of his time on OpenSSH and other BSD user-facing software.

Also, while we are on crypto, the modern algorithms were all created by a single researcher, that got famous for a work on how to decide if you can trust a crypto algorithm. Almost everybody uses his code.

Anyway, that meme first appeared because of Javascript, when a developer removed his library (with ~10 lines of code) from the language's repository and almost every Javascript software broke.

[–] DamienGramatacus@lemmy.world 7 points 1 month ago (2 children)

I heard about that last one on a podcast and it was the first thing I thought of when I saw this post. Genuinely interesting story (if you're into that sort of thing). The pod was saying how it's both a flaw of open source that it could happen that way and an advantage because it was discoverable due to the fact that the code is open source.

[–] SturgiesYrFase@lemmy.ml 3 points 1 month ago (2 children)

Which podcast? Sounds like something I'd be interested in listening to

[–] EvenOdds@lemm.ee 3 points 1 month ago

Also replied to another comment, sounds like this one here: https://opensourcesecurity.io/2024/04/01/xz-bonus-spectacular-episode/

[–] deuleb_biezelbob@programming.dev 1 points 1 month ago (2 children)

Do you have a link to the podcast?

[–] EvenOdds@lemm.ee 2 points 1 month ago

Sounds like the open source security podcast. Specifically this episode: https://opensourcesecurity.io/2024/04/01/xz-bonus-spectacular-episode/

Kurt and Josh are great, one of my favourites.

[–] yournamehere@lemm.ee 1 points 1 month ago

remember heartbleed?