Modal Title
Cloud Native Ecosystem Containers Edge Computing Microservices Networking Serverless Storage
4 Factors to Consider When Choosing a Cloud Native App Platform
Jun 2nd 2023 10:00am, by Guilherme (Gui) Alvarenga
How GitHub Uses GitHub to Be Productive and Secure
May 31st 2023 10:30am, by Loraine Lawson
Top 3 Application Security Must-Haves
May 26th 2023 7:59am, by Guilherme (Gui) Alvarenga
Cloud Native Skill Gaps are Killing Your Gains 
May 22nd 2023 7:15am, by Victoria Wright
A Boring Kubernetes Release
May 19th 2023 12:23pm, by Alex Williams
Chainguard Improves Security for Its Container Image Registry
May 31st 2023 6:30am, by Steven J. Vaughan-Nichols
How to Protect Containerized Workloads at Runtime
May 30th 2023 4:00am, by Kevin Casey
How to Containerize a Python Application with Paketo Buildpacks
May 29th 2023 5:00am, by Sylvain Kalache
Can Rancher Deliver on Making Kubernetes Easy?
May 27th 2023 7:00am, by Jack Wallen
Red Hat Podman Container Engine Gets a Desktop Interface
May 23rd 2023 7:30am, by Joab Jackson
Creating an IoT Data Pipeline Using InfluxDB and AWS
Jun 5th 2023 10:25am, by Jason Myers
Dell Intros New Edge, Generative AI, Cloud, Zero Trust Prods
May 31st 2023 11:00am, by Chris J. Preimesberger
Gothenburg, Sweden Used Open Source IoT to Drastically Cut Water Waste
May 23rd 2023 6:58am, by Alex Handy
Building a Plant Monitoring Tool with IoT
May 8th 2023 9:27am, by Zoe Steinkamp
How to Choose and Model Time Series Databases
Apr 28th 2023 3:00am, by Robert Kimani
Case Study: A WebAssembly Failure, and Lessons Learned
May 25th 2023 7:00am, by Susan Hall
RabbitMQ Is Boring, and I Love It
May 15th 2023 6:30am, by Josh Long
How OpenSearch Visualizes Jaeger's Distributed Tracing
May 11th 2023 10:00am, by Derek Ho and Jonah Kowall
Spring Cloud Gateway: The Swiss Army Knife of Cloud Development
May 8th 2023 6:47am, by Juergen Sussner
Return of the Monolith: Amazon Dumps Microservices for Video Monitoring
May 4th 2023 7:23am, by Joab Jackson
WithSecure Pours Energy into Making Software More Efficient
Jun 1st 2023 7:14am, by Joe Fay
Don't Force Containers and Disrupt Workflows
May 25th 2023 3:10pm, by Alex Williams
How to Decide Between a Layer 2 or Layer 3 Network
Apr 25th 2023 10:00am, by Gino Dion
Linkerd Service Mesh Update Addresses More Demanding User Base
Apr 11th 2023 6:17am, by Joab Jackson
Wireshark Celebrates 25th Anniversary with a New Foundation
Mar 28th 2023 5:00am, by Joab Jackson
Microsoft Fabric Defragments Analytics, Enters Public Preview
May 23rd 2023 8:00am, by Andrew Brust
Forrester on WebAssembly for Developers: Frontend to Backend
May 17th 2023 6:00am, by Loraine Lawson
Return of the Monolith: Amazon Dumps Microservices for Video Monitoring
May 4th 2023 7:23am, by Joab Jackson
IBM's Quiet Approach to AI, Wasm and Serverless
May 4th 2023 6:00am, by Loraine Lawson
Cloud Control Planes for All: Implement Internal Platforms with Crossplane
Apr 13th 2023 10:00am, by Bassam Tabbara
The Architect’s Guide to Storage for AI
Jun 1st 2023 7:44am, by Keith Pijanowski
8 Real-Time Data Best Practices
Jun 1st 2023 5:00am, by Jennifer Riggins
Raft Native: The Foundation for Streaming Data’s Best Future
May 30th 2023 9:44am, by Doug Flora
Why the Document Model Is More Cost-Efficient Than RDBMS
May 25th 2023 9:24am, by Rick Houlihan
Amazon Aurora vs. Redshift: What You Need to Know
May 25th 2023 6:27am, by Casey Samulski
Frontend Development Software Development Typescript WebAssembly Cloud Services Data Machine Learning Security
Dev News: A New Rust Release and Chrome 114 Updates
Jun 3rd 2023 9:00am, by
Dealing with Death: Social Networks and Modes of Access
Jun 3rd 2023 6:00am, by
LangChain: The Trendiest Web Framework of 2023, Thanks to AI
Jun 1st 2023 10:57am, by
30 Non-Trivial Ways for Developers to Use GPT-4
Jun 1st 2023 9:39am, by
Bluesky vs. Nostr — Which Should Developers Care About More?
May 30th 2023 7:51am, by
Can DevEx Metrics Drive Developer Productivity?
Jun 7th 2023 3:00am, by
SRE vs. DevOps? Successful Platform Engineering Needs Both
Jun 6th 2023 10:53am, by
API Management Is a Commodity: What’s Next?
Jun 6th 2023 9:59am, by
The Art of Platform Marketing: You’ve Gotta Sell It
Jun 6th 2023 6:05am, by
How Adobe Uses OpenTelemetry Collector
Jun 5th 2023 10:02am, by
Dev News: A New Rust Release and Chrome 114 Updates
Jun 3rd 2023 9:00am, by
Dev News: New Microsoft Edge Tools and Goodbye Node.js 16
May 27th 2023 6:00am, by
Dev News: Angular v16, plus Node.js and TypeScript Updates
Apr 22nd 2023 4:00am, by
This Week in Computing: Malware Gone Wild
Mar 25th 2023 7:10am, by
TypeScript 5.0: New Decorators Standard, Smaller npm
Mar 24th 2023 11:25am, by
The Need to Roll up Your Sleeves for WebAssembly
Jun 5th 2023 6:00am, by
Python and WebAssembly: Elevating Performance for Web Apps
Jun 5th 2023 3:00am, by
Demystifying WebAssembly: What Beginners Need to Know
Jun 2nd 2023 5:35am, by
Case Study: A WebAssembly Failure, and Lessons Learned
May 25th 2023 7:00am, by
New Image Trends Frontend Developers Should Support
May 25th 2023 6:00am, by
Dell Intros New Edge, Generative AI, Cloud, Zero Trust Prods
May 31st 2023 11:00am, by
Cloud Dependencies Need to Stop F---ing Us When They Go Down
May 25th 2023 10:00am, by
Microsoft Fabric Defragments Analytics, Enters Public Preview
May 23rd 2023 8:00am, by
A Boring Kubernetes Release
May 19th 2023 12:23pm, by
Optimizing Mastodon Performance with Sidekiq and Redis Enterprise
May 18th 2023 10:30am, by and
Creating an IoT Data Pipeline Using InfluxDB and AWS
Jun 5th 2023 10:25am, by
Dealing with Death: Social Networks and Modes of Access
Jun 3rd 2023 6:00am, by
Bringing AI to the Data Center 
Jun 1st 2023 6:13am, by
8 Real-Time Data Best Practices
Jun 1st 2023 5:00am, by
MongoDB vs. PostgreSQL vs. ScyllaDB: Tractian’s Experience
May 31st 2023 6:10am, by and
API Management Is a Commodity: What’s Next?
Jun 6th 2023 9:59am, by
Meta-Semi Is an AI Algorithm That 'Learns How to Learn Better'
Jun 6th 2023 3:00am, by
Donald Knuth Asked ChatGPT 20 Questions. What Did We Learn?
Jun 4th 2023 6:00am, by
Maker Builds a ChatGPT DOS Client for a 1984 Computer
May 31st 2023 11:04am, by
Google’s Generative AI Stack: An In-Depth Analysis
May 31st 2023 7:59am, by
4 Factors to Consider When Choosing a Cloud Native App Platform
Jun 2nd 2023 10:00am, by
VeeamON 2023: When Your Nightmare Comes True
Jun 2nd 2023 7:47am, by
Compiled Python Code Used in a New PyPI Attack
Jun 2nd 2023 6:00am, by
Demystifying WebAssembly: What Beginners Need to Know
Jun 2nd 2023 5:35am, by
PyPI Strives to Pull Itself Out of Trouble
Jun 1st 2023 11:43am, by
Platform Engineering Operations CI/CD Tech Life DevOps Kubernetes Observability Service Mesh
Can DevEx Metrics Drive Developer Productivity?
Jun 7th 2023 3:00am, by Jennifer Riggins
SRE vs. DevOps? Successful Platform Engineering Needs Both
Jun 6th 2023 10:53am, by Paige Cruz
The Art of Platform Marketing: You’ve Gotta Sell It
Jun 6th 2023 6:05am, by Michael Coté
7 Core Elements of an Internal Developer Platform
Jun 5th 2023 6:41am, by Viktor Farcic
How to Host Your Own Platform as a Product Workshop
May 31st 2023 9:09am, by Jennifer Riggins
Can DevEx Metrics Drive Developer Productivity?
Jun 7th 2023 3:00am, by Jennifer Riggins
The Need to Roll up Your Sleeves for WebAssembly
Jun 5th 2023 6:00am, by B. Cameron Gain
VeeamON 2023: When Your Nightmare Comes True
Jun 2nd 2023 7:47am, by B. Cameron Gain
The Cedar Programming Language: Authorization Simplified
Jun 2nd 2023 6:07am, by Alex Williams
How to Improve Operational Maturity in an Economic Downturn
May 31st 2023 8:30am, by Jonathan Rende
Is DevOps Tool Complexity Slowing Down Developer Velocity?
May 17th 2023 6:29am, by Heather Joslyn and Lawrence E Hecht
AI Has Become Integral to the Software Delivery Lifecycle
May 12th 2023 11:01am, by Richard MacManus
4 Core Principles of GitOps
May 11th 2023 2:17pm, by Alex Williams
5 Version-Control Tools Game Developers Should Know About
May 9th 2023 10:00am, by Sharone Zitzman
Mitigate Risk Beyond the Supply Chain with Runtime Monitoring
May 8th 2023 10:00am, by Mike Long
Can DevEx Metrics Drive Developer Productivity?
Jun 7th 2023 3:00am, by Jennifer Riggins
Donald Knuth Asked ChatGPT 20 Questions. What Did We Learn?
Jun 4th 2023 6:00am, by David Cassel
Dealing with Death: Social Networks and Modes of Access
Jun 3rd 2023 6:00am, by David Eastman
Defend Open Source from Trolls: Oppose Patent Rule Changes
Jun 2nd 2023 6:49am, by Michael Dolan
How to Build a DevOps Engineer in Just 6 Months
Jun 1st 2023 10:43am, by Keri Barnett-Howell
SRE vs. DevOps? Successful Platform Engineering Needs Both
Jun 6th 2023 10:53am, by Paige Cruz
The Art of Platform Marketing: You’ve Gotta Sell It
Jun 6th 2023 6:05am, by Michael Coté
7 Core Elements of an Internal Developer Platform
Jun 5th 2023 6:41am, by Viktor Farcic
Open Source Jira Alternative, Plane, Lands
Jun 2nd 2023 9:00am, by Darryl K. Taft
How to Build a DevOps Engineer in Just 6 Months
Jun 1st 2023 10:43am, by Keri Barnett-Howell
How Adobe Uses OpenTelemetry Collector
Jun 5th 2023 10:02am, by Susan Hall
7 Core Elements of an Internal Developer Platform
Jun 5th 2023 6:41am, by Viktor Farcic
The Need to Roll up Your Sleeves for WebAssembly
Jun 5th 2023 6:00am, by B. Cameron Gain
My Further Adventures (and More Success) with Rancher
Jun 3rd 2023 7:00am, by Jack Wallen
How to Protect Containerized Workloads at Runtime
May 30th 2023 4:00am, by Kevin Casey
How Adobe Uses OpenTelemetry Collector
Jun 5th 2023 10:02am, by Susan Hall
Red Hat Ansible Gets Event-Triggered Automation, AI Assist on Playbooks
May 24th 2023 6:22am, by Joab Jackson
Observability: Working with Metrics, Logs and Traces
May 22nd 2023 8:23am, by Jessica Wachtel
Why Upgrade to Observability from Application Monitoring?
May 19th 2023 11:49am, by George Hamilton
Datadog’s $65M Bill and Why Developers Should Care
May 17th 2023 10:56am, by Loraine Lawson
Don't Force Containers and Disrupt Workflows
May 25th 2023 3:10pm, by Alex Williams
Linkerd Service Mesh Update Addresses More Demanding User Base
Apr 11th 2023 6:17am, by Joab Jackson
How to Create Zero Trust Architecture for Service Mesh
Mar 27th 2023 7:00am, by Joe Fay
Ambient Mesh: Sidestepping the Sidecar
Mar 1st 2023 8:44am, by Jeff Goldman
Service Mesh Demand for Kubernetes Shifts to Security
Oct 27th 2022 11:04am, by B. Cameron Gain
Linux / Open Source / Tech Life

What Happens When Developers Leave Their Open Source Projects?

Jul 5th, 2020 6:00am by
Featued image for: What Happens When Developers Leave Their Open Source Projects?
Feature image by Natalya Letunova on Unsplash.

Open source software is the heart of enterprise business tech. Without projects like Docker, Kubernetes, Rust, NGINX, MariaDB, Apache, and so many others, big business would struggle under the unbearably slow and inflexible weight of proprietary software.

The open source projects leading enterprise computing stand as some of the biggest success stories in the modern era of computing. But not every open source project enjoys such sweet victory. In fact, you’ll find the various repository landscapes rife with abandoned projects. Dig deep enough and you’ll even find outdated or abandoned open source components in proprietary software.

Although one might be led to shrug this off, so long as the components and software still functions. But when a project is abandoned, and users continue employing the project, it leaves those users open to security risks.

Consider this: A project is abandoned and left in a repository. Users desperate to get something to work fail to check for when the last update occurred and install the package. There’s no telling what security vulnerabilities were discovered since that project was last updated. Those vulnerabilities are now found on that user’s desktop or server. So this isn’t just about whether or not a project will still function, long after it’s abandoned — it’s more about why the abandoned project is still available.

One might be inclined to believe the abandoned projects should be automatically culled from a repository, after X months of inactivity. And that would probably be a viable solution. However, there’s one other thing to consider, one that I’ll illustrate with a rather infamous project that rose to serious popularity and then, seemingly overnight, was abandoned.

The Truck Factor

Before we get into that example, let’s talk about a term most projects would rather not consider. One of the first questions that might come to mind is why are projects left behind? Or what does it take for a project to be designated as “abandoned”?

For this, you must consider the Truck Factor. Truck Factor defines the minimal number of developers that must leave before a project becomes unsustainable. In most cases, Truck Factor only applies to projects that include a small number of developers. Where does the name “Truck Factor” come from? How many developers must get hit by a truck… It’s a bit morbid, but that’s the only origin story I can find for the nomenclature.

Oftentimes, open source projects are abandoned because of time. A developer creates a passion project and works on it while in school or during their “off hours.” But then life happens. Work. Family. Children. Those pet projects—even ones with respectable user bases — fall to the wayside. Other times, projects just hit an immovable force. Say, for example, the Google Drive Linux client, Grive. This project was a darling of Linux desktop users, as it was one of the few options that made it possible to sync Google Drive. However, Google made serious changes to how sync functioned, and Grive no longer worked.

Out of those ashes rose a fork of the abandoned Grive, Grive2. Grive2 works with the Drive REST API as well as partial sync. Grive2 is still in active development and makes it possible for Linux desktop users to sync Google Drive.

For an incredibly detailed look into the Truck Factor, read the paper, “On the abandonment and survival of open source projects: An empirical investigation“, written by Guilherme Avelino, Eleni Constantinou, Marco Tulio Valente, and Alexander Serebrenik.

CyanogenMod

Around 2010, a new operating system exploded onto the mobile market, CyanogenMod. This project caught the attention of users, developers, investors, and even Microsoft and Google.

CyanogenMod came into being from a method of rooting Android, which would allow modified firmware to be installed on any rooted device. When the rooting process was discovered, Stef Kondik (who goes by the handle Cyanogen) developed a modified Android firmware she dubbed CyanogenMod.

This, of course, didn’t sit well with Google and, thanks to a collection of proprietary apps (Gmail, Google Maps, YouTube, and the Google Play Store), Kondik received a cease and desist order demanding the proprietary GApps be removed from CyanogenMod.

Unfortunately, GApps are core to Android and, without those apps, Android becomes considerably less desirable. However, developers and the open source community didn’t approve of Google’s tactics and brought this to light. Instead of facing down that criticism, Google softened their stance and made it such that the GApps could be included (by way of backing them up from the original firmware and reinstalling them with CyanogenMod).

By 2013, CyanogenMod was struggling, so Kondik started a new business, called Cyanogen Inc, with the sole purpose of monetizing CyanogenMod. In 2014, Kondik turned down an offer from Google to purchase CyanogenMod. Then, in 2015, Microsoft was set to invest in the company (as a possible replacement for it’s failing Windows Mobile platform), but this never came to fruition. Next, a partnership with OnePlus failed, because of a deal Cyanogen Inc. made with MicroMax.

On Dec. 23, 2016, Cyanogen Inc. released the following notice:

“As part of the ongoing consolidation of Cyanogen, all services and Cyanogen-supported nightly builds will be discontinued no later than 12/31/16. The open source project and source code will remain available for anyone who wants to build CyanogenMod personally.”

The project was officially abandoned.

As Harriet Wheeler once sang, “Here’s where the story ends.”

Only it doesn’t.

On Jan. 22, 2017, the first release of LineageOS was made available. LineageOS was a fork of the abandoned CyanogenMod. The LineageOS project is still in active development, the latest release, 17.1, based on Android 10.

The moral of that story? There is metaphorical gold to be mined in some abandoned projects.

And that’s where the idea of culling abandoned projects gets tricky.

Forks happen.

Often.

Sometimes a developer will have an idea that is similar to a previous project. Why reinvent the wheel, when you can simply improve upon its design? So sometimes those abandoned projects can be picked up, dusted off, forked, and made relevant again.

This is only possible, because those projects are open source.

The WordPress and Jenkins Approach

One of the biggest problems with abandoned projects is finding them. If you head over to GitHub, and search for a project, the only way to know if that project has been abandoned is by checking the last update. Sourceforge does include the Inactive tag, which makes it easier to filter for abandoned projects.

WordPress has a different approach. With one of the world’s largest repositories of add-ons, WordPress had to develop a means to tag abandoned projects. By using the adopt-me tag, WordPress makes it easy for developers to find open source projects to adopt. At the moment there are only two pages of projects looking for a new owner, but that list is always changing.

The Jenkins project has adopted a similar tact, with Adopt A Plugin. With this effort, you can email the Jenkins Developers mailing list and request to be made a maintainer of an abandoned project.

What Needs to Be Done

Open source projects get abandoned all the time. Sometimes those projects should be abandoned and sometimes not. It’s that latter case that needs to be addressed. For any developer considering abandoning a project, if you believe the project still has value, consider putting that project up for adoption. Of course, to make this actually work, a service such as GitHub would have to make it possible for developers to easily search for projects up for adoption. At the moment, that feature does not exist. Instead, abandoned open source projects languish in GitHub.

It’s time GitHub helped make it not only possible, but easy for those projects to be resuscitated. This wouldn’t be terribly difficult. All they would have to do is regularly scan repositories for last commit dates. If a commit hasn’t occurred within a set time frame, an email to the maintainer is triggered informing them they have X days to reply until the project is tagged as abandoned. Once tagged as such, the project could then be moved to a special (searchable) repository designated for abandoned projects, making it easy for developers to find. After all, there are plenty of developers out there looking for projects to work on. There might be an abandoned open source project waiting on GitHub for you — one that could change the very landscape of IT or how users interact with services and software.

You never know.

But until GitHub makes this change, finding an abandoned project to dust off can be a challenge.

Group Created with Sketch.
SHARE THIS STORY
RELATED STORIES
Linux: Manage Multiple Versions of Node.js with the NVM Manager An Intro to the Linux Memory Access Workload Simulator (masim) AWS Open Sources Security Tools Ubuntu Pro Tackles the Challenge of Enterprise Open Source Adoption How to Create an Object Storage Bucket with MinIO Object Storage
TNS owner Insight Partners is an investor in: Docker.
RELATED STORIES
New SmartOS: Ready to Serve as Next VM or Container Host Create a Local Git Repository on Linux with the Help of SSH Add Object Storage to Rocky Linux with MinIO What Is Ubuntu Pro and How Can You Use It? Linux: Manage Multiple Versions of Node.js with the NVM Manager
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.