OpenSSL is notoriously in this situation: maintained by a few guys for whom it isn't even a full-time job, so they can't really do the proper work of trimming the fat that's all there
GnuPG is also maintained mostly by the same original guy, who was going broke a few years back so there was a chance he couldn't work on it anymore (https://www.propublica.org/article/the-worlds-email-encrypti...). Fortunately the community came to help and now the future of GPG is a little bit more secure
It's not really the same but ssh is literally everywhere. Absolutely none of our sysadmin work would be possible without it, and yet very few of us actually give back to the OpenBSD foundation. If we all gave a penny every time we installed it every year, the foundation would reach its annual goal (https://www.openbsdfoundation.org/campaign2019.html) but we obviously don't, so they still need to ask for money
Also not specifically in this way but pretty much anything that Daniel J. Bernstein does is so good that it becomes a crypto standard. It's kinda ok because the software he does are "finished" in the sense that no new features are neither needed nor wanted, and his work is more about the primitives than the actual libraries. Still, there's a lot of the upcoming standards that all depend on what this single guy did.
The most newsworthy one in the last year was core js - a JS poly fill library that most other big npm libraries are built on top of. The maintainer is some random guy from a remote part of Russia. About half a year ago, he was sentenced to a prison sentence . He was the sole maintainer of the project (I guess he refused to give other people write access). I’m not sure if any of its dependent projects have done anything about forking the project, but I wouldn’t be surprised if most just ignore it until it causes some hilarious left-padpocalyse.
> The most newsworthy one in the last year was core js - a JS poly fill library that most other big npm libraries are built on top of. The maintainer is some random guy from a remote part of Russia. About half a year ago, he was sentenced to a prison sentence . He was the sole maintainer of the project (I guess he refused to give other people write access).
Core-js most recent commit was 4 days ago, and the repo owner stopped both committing and being the sole committer about 7 months ago with no extended interruption in activity (and there've been several patch releases since), so it looks like whatever happened was dealt with quickly.
JSON.net in .NET land was this type of dependency for many years. It was maintained largely by a single founding developer in New Zealand, eventually even becoming a core dependency of ASP.NET itself. He got hired by MS eventually but it must have been close to a decade of this library being a dep of nearly every .NET web project under James' stewardship.
SQLite feels like this to me. It's more than one person, and it's not thankless work (at least, I hope). But still it is critical to a surprising amount of technology, and maintained by a very few people.
And, at the same time, it's a very underused piece of tech
Every time you think you need a custom file format for a given piece of software... you most likely don't. Just use SQLite. You can use the standard OS file Open/Save dialog box and users will never know the difference.
Yes, that means you now have to write SQL statements to manipulate your data. But that also means that you can get lots of complicated data structures on disk and can manipulate them easily, even outside your own software - just fire up the sqlite CLI and point to your file. There are GUIs as well.
Sometimes this also means you don't need an external RDBMS even for web apps. I've seen so many apps which co-locate a small database in the same box that might as well have been a single sqlite file. I'm actually maintaining one right now that, although relatively important, will only ever be a single box. But sqlite wasn't 'enterprisey' enough, had to use PG. For a couple of tables.
sqlite3 is now very heavily used in the Apple ecosystem - all of Core Data is built on it, and many of Apple’s own apps use it to store all kinds of data. It’s a godsend for tinkerers like me too - just point the SQLite CLI at one of the internal DBs (like the Photos database) and all sorts of cool stuff comes spilling out.
For on-disk document storage I think Apple mostly uses a mix of plain folders with magic extensions (“packages”) and ZIP files nowadays, although there are definitely a lot of exceptions. SQLite isn’t that great for binary blob storage (relatively speaking) so a folder structure is still more useful there, IMO.
SQLite3 is one of the most widely used pieces of software ever. Every browser, every mobile OS, many many apps, all use SQLite3. It is absolutely essential.
SQLite3 is one of the few pieces of open source software that has a very successful business model. The business model is this: SQLite3 is open source, including some tests, but the real test suite -the one used by the developers- is proprietary, and is one of the most thorough test suites ever built. That means that nobody can credibly fork SQLite3[0]! Thus the SQLite3 developers can and have formed a consortium that all the big players (Apple, Google, etc.) pay to join because they so utterly depend on SQLite3.
Consortia have been tried many times, but few as successful as the SQLite Consortium.
What a great model. Open source for the main thing, proprietary test suite.
This model does require building something everyone needs, years of patient care and feeding to make it wildly popular, and a fantastic test suite. So it's not exactly easy to pull off. But it is brilliant, if you can do it.
[0] Even just contributing is very difficult. Try to contribute anything other than a trivial bug fix, and you'll find that a) unless it's utterly trivial, the devs are not interested, b) they are dead serious about checking that the contributor has their employer's permission to place that contribution in the public domain.
SQLite is supported by commercial arrangements (https://sqlite.org/prosupport.html) and used by giant corporations all around the world, quite a different story.
Yes, and SQLite is one of the few dependencies I commonly use in my own software (although, most commonly I use no dependencies (other than the standard library), I think).
Not only can you get a SQLite database (which can be used as a application file format, suitable for many uses), but there are functions such as sqlite3_mprintf() and sqlite3_str_new() and stuff like that; and furthermore, it can allow the user to query it too with SQL commands, even within the program, and to allow user customizability by the use of SQL codes, too, and it allows the user to deal with the file even without your software in some cases (not needing to write a separate decoder). Sometimes virtual tables are useful for doing some things. And, this is in addition to being able to use SQLite as a file format.
ntpd is now looked after by the Network Time Foundation, but more importantly many distributions use other implementations of the protocol like chronyd.
The author of curl has a funny blog post about how random people will sometimes find the curl license in the software of their everyday things (like a Toyota Corolla) and reach out to him asking for help with their things.
