Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!
Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.
Hope you enjoy the instance!
Rules
Follow the wormhole through a path of communities !webdev@programming.dev
Friend who is not a software person sent me this tweet, which amused me as it did them. They asked if "runk" was real, which I assume not.
But what are some good examples of real ones like this? xz became famous for the hack of course, so i then read a bit about how important this compression algorithm is/was.
Based on my cheatsheet, GNU Coreutils, sed, awk, ImageMagick, exiftool, jdupes, rsync, jq, par2, parallel, tar and xz utils are examples of commands that I frequently use but whose developers I don't believe receive any significant cashflow despite the huge benefit they provide to software developers. The last one was basically taken over in by a nation-state hacking team until the subtle backdoor for OpenSSH was found in 2024-03 by some Microsoft guy not doing his assigned job.
I heard about that last one on a podcast and it was the first thing I thought of when I saw this post. Genuinely interesting story (if you're into that sort of thing). The pod was saying how it's both a flaw of open source that it could happen that way and an advantage because it was discoverable due to the fact that the code is open source.
Which podcast? Sounds like something I'd be interested in listening to
Also replied to another comment, sounds like this one here: https://opensourcesecurity.io/2024/04/01/xz-bonus-spectacular-episode/