Hacker News new | past | comments | ask | show | jobs | submit login
Code Shelter: A Maintainer Community for Abandoned FOSS Projects (codeshelter.co)
342 points by rantanplan 60 days ago | hide | past | web | favorite | 76 comments

This is amazing!

As one of the creators of a distributed package manager for C++ and friends [1] we made a funny discovery:

Many C libraries that a big chunk of the ecosystem depends on, have not been updated for many years. Some of those can only be downloaded from sourceforge or ftp server.

Even worse, some libraries are copy and pasted from project to project and have no actual home.

We uploaded them to github and started maintaining them.

If you know any abandoned C/C++ projects or C/C++ projects you need a hand in maintaining, we are happy to help.

[1] https://github.com/loopperfect/buckaroo

If none of the big tech companies will step up to adopt openssl, we should put it down, like in a real pet shelter.

That whole Heart Bleed incident was a blessing for OpenSSL. It's now quite active: https://github.com/openssl/openssl/commits/master

Would you guys like to become Code Shelter maintainers?

I signed already up. Let's see how it goes...

Fantastic! Did you send us an email as well? It's generally unlikely we'll see the application if you didn't (although I'll look now).

That feels like a broken process. How will you mitigate that?

It's by design, as a test that the maintainers have read the instructions and told us a bit about themselves and what they like, as well as just getting to know them. It generally works well, I think, except in this specific case where the meeting was done out-of-band.

Alright, I've added you, thanks!

You should set up an opencollective.com account (like Patreon for FOSS projects) - I would support this project and I am sure there are others that would too.

That's actually a great idea, thank you! I'll get on that right now.

EDIT: I made one: https://opencollective.com/code-shelter

What do people think the collective should be used for? I haven't used OpenCollective much.

Kudos StavrosK I would suggest reaching out to code shelter's community to figure out where the most need is.

Thanks, I just changed the URL to remove the hyphen but couldn't edit my comment :(

It's a great idea, and certainly much needed. I wish the name wouldn't imply as much misfortune and this sense of giving all hope up on the part of the original author. They have possibly toiled along for years. Some name that inspires a sense of honor and gratitude might be a lot more attractive to potential code donors.

It's meant in the sense of "shelter from the rain". Why do you think it has a sense of giving up all hope? One of the main goals when creating it was to not require the creator to move the repo away from their name.

To an American ear the name evokes "animal shelter", a place where abused or abandoned pets end up (generally a place with a negative or sad connotation (ex A: the Sarah McLachlan ASPCA commercial)), or a "homeless shelter" (with even more negative connotations).

Hmm, I see, thanks. In my mind, "shelter" is generally positive, but I see how it may not be taken as such by everyone.

FWIW, I think it's a good name, and it didn't strike me as negative when I first heard it.

The negative connotations never occurred to me, and I've been a volunteer for both animal rescue organizations and domestic violence shelters.

Same. "Cemetery" would be the worse alternative, IMO.

A different perspective: shelter makes me think homeless shelter, so a place for code on the streets without a home. Perhaps fitting, but heavy with additional meaning.

Didn't feel any negative connotation at all. Not a native English speaker, though.

Maybe it's a subjective association. But isn't a shelter a place for a homeless person?

Yes, a place where they can get food, a bed and (hopefully) living conditions. In my mind, it's a positive. Sounds like it's not so for everyone, hmm.

It's fascinating, because shelters in and of themselves are positive things: they're built to be refuges or safe havens. Places where you expect help is at hand.

They sound negative when you start to look at the reason for them existing. Not because shelters are bad, but because homelessness and abuse and abandonment is bad.

From a UK perspective, shelter to me makes me think of a bus stop or an awning to get out of the rain, or to get some shade.

Yes, that's how I perceive it as well. The fact that you're in circumstance X might suck, but shelter for that is always good. It's interesting to me that people find the word "shelter" itself negative because they associate it with the unwanted circumstance. I wonder if the same happens with "haven", "succor", etc.

Sorry for the negativity, man. I hope this thing succeeds in a big way. Only consider this point a little while, and don't rule out grepping through the code base with the name change just now.

Oh no problem, I'm just wondering whether many people think this is a negative and whether it'll be a problem down the line.

The meaning of words changes all the time. I don't think this is a big issue. If Code Shelter does good work and establishes a positive reputation, the phrase will generally develop positive meaning.

The degree to which the word shelter has negative associations for some people is not something I would see as deal breaker territory.

I will add that there are far more uses for shelter than just homeless shelter or animal shelter. Just a few examples:

A book about a New York woman's house hunt was titled "Gimme Shelter." (Author: Mary Elizabeth Williams)

The basic essentials in life are typically listed as food, shelter and clothing.

Shelter from the storm is a well known positive expression for sanctuary during a crisis.

Shelter magazines is the umbrella term for magazines having anything to do with homes, such as home plans, bed and bath, kitchen makeovers etc.

I think the order and placement of the words is also important.

The format "(noun) shelter" is similar to and might more readily bring to mind "animal shelter" and "homeless shelter" than a phrase in the "(verb) shelter" and "shelter _____" formats.

The mind is very pattern-happy after all :)

Personally, I liked the name and logo. I do see the points about it being taken negatively, but I didn't take it that way, and I had a reasonable guess at what the project was after reading the first two words of the headline. Just one data point.

At least it's a better name than OrphanProjets. Cool logo, suits it very well.

It is, and it is also hope.

Either way, you probably don't want to be using a name that implies failure on the part of the person who started the project.

Maybe it's a success in the career or family life that leads to it, you wouldn't know.

Cool initiative. IIUC it lowers the cost of asking for and vetting help, which can be substantial. Moving a project to a stewarding entity even more so -- actually I imagine easily matching/getting new maintainers on board could ease eventually moving to a stewarding entity, eg Software Freedom Conservancy (which I volunteer for) requires accepted projects to have multiple maintainers from multiple organizations https://sfconservancy.org/projects/apply/ which is a giant leap for an unmaintained project. I believe other ~foundations also have extensive onboarding procedures/requirements.

The "add project" link on the FAQ page 404s: https://www.codeshelter.co/faq/ [fixed now]

How would this project approach FOSS projects that were abandoned, then sort-of-picked-up by another maintainer, but with no actual continued development?

Example: Meteorite MKV repair engine

Original site: http://www.mkvrepair.com/

Original code: https://sourceforge.net/p/meteorite/code/HEAD/tree/

"New" code (last activity 3 years ago): https://github.com/abarnert/meteorite

I would love to see this project continued, and even added into other FOSS projects like VLC.

> The "add project" link on the FAQ page 404s: https://www.codeshelter.co/faq/

Fixed, thanks for the heads up (there was an inopportune line break).

> How would this project approach FOSS projects that were abandoned, then sort-of-picked-up by another maintainer, but with no actual continued development?

The idea is that Code Shelter increases the bus factor, ie if the developer (or developers) of a project all drop off, there's a way for people to continue the project through Code Shelter.

What will usually happen is that a CS member will be interested in a project and notice that it's unmaintained. If the project is already in CS, they can just start maintaining it, or ask the maintainer to add it to CS. Since maintainers are volunteers, there's no guarantee that someone will take the project up, but the aim is to have a large enough pool of both maintainers and projects that matching is frequent.

Just to mention a tiny bit of friction that I find, that you're probably already aware of...

I would totally apply to do this but my OSS contributions are pretty sparse and go back a couple of jobs. I'm sure that I have the requisite experience but my GitHub profile for the last year and change is pretty empty. The application process totally discourages me from applying.

Yes, that's one thing that's currently a pain. How do you judge if someone is a good fit to take over (or, even harder, co-maintain) someone else's project just by looking at their Github profile?

Currently it's based a lot of "is this person already a maintainer of widely-used OSS libraries", as this is both a good signal and (hopefully) effectively foils malicious people, since, if you wanted to deploy some malicious code, you'd probably do it on the libraries you already have.

If you have any better ideas for how to "interview" maintainers, please let me know!

My expectation is that someone who is willing to attach their real name to something isn't willing to jeopardize their reputation and career over doing something malicious to a project.

Identity verification, similar to what Keybase supports, where people add a verification code to their social platforms might work here. Enough to verify to a certain degree whether someone is who they say they are. Maybe add a call to their employer to verify that they hold the role that they say they do also.

To me that would be enough skin in the game.

Hopefully that would solve that issue, but there's also the matter of someone being senior enough to be able to understand the direction of a project, set it, etc. Basically, you need to be able to trust every single one of the maintainers to have commit access on your project, with everything that entails.

For completely abandoned projects, it may not matter as much, but for projects that just need more eyes/hands, it's a larger consideration.

> For completely abandoned projects, it may not matter as much, but for projects that just need more eyes/hands, it's a larger consideration.

Maybe add an agreement that if the community calls for a changing of the guard at some point that pending a review the maintainer will step down if the review process agrees.

I know HN is not terribly fond of crypto, but I think KYDcoin is a project that tackles this very usecase (specifically for crypto devs): https://review.kydcoin.io/

They review dev teams and attest they have seen personal information that matches the persons while the developers still can keep pseudonymous nicknames.

Maybe an inspiration?

how about a probation period? in that time, contributions are more actively reviewed than usual.

eg 3 months or 10 patches (whichever takes longer)

only after that they become a trusted member.

it's like joining any other project. new members need to show their will to contribute, and that doesn't necessarily relate to past contributions.

Who reviews the contributions? It's a good idea when the project has other maintainers, but when the new person is the only one, that can't really work...

i mean adding a person to the maintainer community. the review can be spread over current members of the community. 5-10 current members review 1-2 patches each from a candidate, regardless of which project the candidate contributes to.

even if you limit that extra work on repos you personally don't care about to once a month you can help one person to join the community per year, which is enough for the membership in the community to double each year.

That would be good, although it would require maintainers to become familiar with repos they might not be, just to review the user's contributions. It's a very good idea, though, since the contributions can just be regular PRs.

I just noticed that CodeShelter webpage is using .co domain name. My problem with that is that it's so often mistaken for .com that virtually any other tld is better.

Hmm, I chose it specifically because it looks like Com, but the latter was unavailable. I'll see if I get another one as a backup, thank you.

there is a vast number of top level domains now available. i'd choose a memorable one from there.

.com doesn't actually strike me as the best choice since it used to mean commercial businesses. .co sounds better at least since it matches the first letters of code

.space .info .online .world .care .directory .community (i love that one) .support (also great) .help .cloud .network .codes (maybe shelter.codes :-) .software (shelter.software?)

just some ideas.

there is also codeshelter.fail, but i think it was established that negative connotations are a bad idea :-)

This is kinda off topic, but how on earth did the team who took 300,000$ for light table end up foisting it off on volunteers?

Well, unless you think $300k sets you up for life and unless they could get a revenue stream going, it's going to run out and be back in the hands of volunteers no matter what.

This line of questioning (or accusation) is a good example of the phenomenon where people often expect a disproportional amount of your future time because they once gave you a one-time quantity of money, or possibly by pointing to money that other people gave you.

Look at it another way: $300k got us Light Table which was a pretty cool editor. I used it to help people get started with Clojure and I didn't pay them a dime. It didn't get us eternal paid support and maintenance, though. How could it? It also unfortunately never developed the ecosystem around it like Atom and VS Code were able to, so now it's here trying to find maintainers.

Also, pretty much all editors are dependent on volunteers to create plugins and ecosystem, even ones you directly pay money for like Sublime.

so now it's here trying to find maintainers

and it found one

this issue discusses the transition:


That was 6 years ago.

What does that have to do with anything?

It is not very big sum of money.

300000$/6years = 50000$ yearly

For this money you can hire around 0.5 developer.

Or 2-3 developers in southern EU.

Money was raised for purpose of hiring two specific developer but this sum of the money would be gone even if you hired two developer from east europe.

I admire your bravey in volunteering and investing your precious and finite time in researching million lines of code that was forgotten by the rest of the world that some of its mettle, perhaps was still enpowering the program we use day by day but underappreciated.

Also, I think it's definitely a touching story to review how us evolve and obsolete code and algorithms, it's like a genetic and natural selection and we can learn from it to not let history happen again.

Thank you, but there's also a large number of projects which many people use but that aren't that actively maintained. It's those projects that Code Shelter mostly aims to help with.

I don't particularly qualify for maintainer as I have not been very active in open source, but I found a bit I could contribute to puppet-samba.

I have more free time lately and a difficulty I have found is easily locating places I could contribute without a huge time commitment.

For example I found some pretty minor changes needed to make testing work on puppet samba, it was a 15 minute task but helpful in any case.

For puppet projects, they should go to https://github.com/voxpupuli for community support.

This is kinda weird. I wouldn't consider tellform abandoned, but I guess it is.

It doesn't have to be, maybe they just need some help.

This is really cool, glad to see someone tackling this problem.

I have added several of my abandoned projects, here is a quick summary of them if there is any interest:

https://github.com/satoshinm/WebSandboxMC: Bukkit plugin providing a web-based interface with an interactive WebGL 3D preview or glimpse of your server - this bundles the NetCraft frontend in a Minecraft server plugin. There are requests from Spigot users https://github.com/satoshinm/WebSandboxMC/issues/100 to make it active again, which is what inspired me to add it to Code Shelter.

https://github.com/satoshinm/NetCraft: Web-based fork of https://github.com/fogleman/Craft . Craft has been featured on Hacker News before, but it is pretty much abandoned, so I forked it into NetCraft, but then in turn ran out of time/interest to update it. The summary still applies: "Voxel game for modern web browsers (Chrome, Firefox, Safari) and desktop operating systems (Windows, macOS, Linux). Just a few thousand lines of C using modern OpenGL (shaders)." Heavily inspired by Minecraft, but much smaller and simpler.

https://github.com/satoshinm/pill_serial: Triple USB-to-serial adapter firmware for flashing onto an STM32F103C8T6 "blue pill" minimum development board . With this firmware you can make your own USB-to-serial adapter, times three, by flashing a <$2 blue pill board.

https://github.com/satoshinm/pill_duck: Scriptable USB HID device for STM32F103 blue pill (inspired by USB Rubber Ducky) . Another project for the "blue pill", this one lets you make an automated USB keyboard/mouse device, an imitation of the popular Rubber Ducky hacker tool, but a lot cheaper.

https://github.com/satoshinm/pill_6502: emulated 8-bit 6502 CPU and 6850 ACIA for STM32F103 blue pill . Want to build a retrocomputer but an authentic 65C02 chip is too much? Play around with a classic processor without buying old hardware? Emulate it with the cheap blue pill, with enough support at least to run the Microsoft OSI BASIC ROM.

I have started a few more abandoned projects on https://github.com/satoshinm?tab=repositories&type=source but these seem to have generated the most interest (especially the NetCraft/WebSandboxMC combination, but the pill_ projects can be quite handy), no longer can maintain them myself but would be great to see continued maintenance provided a community finds them valuable.

These are pretty great, I'm especially interested in the Arduino Nano rubber ducky ones. Do you want to be a Code Shelter maintainer?

Isn't this what's sourceforge is for?

Does SourceForge have a pool of maintainers that can help with projects? That's the first I'm hearing of that.

Or the Apache foundation.

Apache might be a good fit for the high profile refugees like LightTable. The little stuff, maybe a shelter model is more appropriate. JMHO.

Doesn't becoming a Apache foundation project require that you have developers? Or do they have money to pay people to work on abandon project?

If a project becomes inactive, Apache puts it into the Attic and development ceases.

Curious to know why the HN title is using `FOSS` but only mention of `FOSS` is on the site’s /faq page. For free software zealots, the sites tag line “... maintaining popular open source projects...” may not spur action as OSS is missing that required RMS approved F.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact