And if you work for big org it’s also often “this looks vaguely similar to one of our epics so let’s start using it and demand 24/7 support”
The work of running an open-source project (issue triage, security disclosures, contribution guidelines, CI, release cadence, dependency maintenance) is way higher than the work of solving the original problem. People with the "here's my private workflow tool" mindset increasingly don't publish at all because they can't afford that tax. Meanwhile, anyone seeking brand-building benefits IS willing to take it on, because the brand-building is the point.
So the visible OSS landscape over-represents the brand category not because solution-sharing died, but because solution-sharing acquired a 10x maintenance overhead that most people now opt out of. I see it in my own dotfiles — full of small tools I'd happily share if "share" still meant "drop a gist." It doesn't, anymore.
Or do you mean that the meaning of what it is to “publish” something has shifted?
It still does. Feel free to use https://unmaintained.tech/ on your repo.
Some tools I use, like msmtp[0] just publish tarballs and maybe have git repo browser. I strongly believe that github is a tarpit for opensource work. Especially when a new developer is brainwashed in behaving like they’re a business under contract.
If the code is indeed Open Source, with an OSS license, then you can use it as-is, or just learn from it and write-your-own. You might even fold it as-is into your app. Keep the code, but remove the dependence.
Free Software on the other hand is a different animal. The GPL et al is viral. Doing any of the above with GPL software has consequences. Even learning and rewriting is risky- the rewrite better be more than just variable name changes.
If you're old school, and you want to share on a "do what you like, I'm not turning this into my day job" basis, where you want folk to actually benefit, yhen I recommend an OSS license over a Free license.
On the other hand if your target audience are other Free developers, then a Free license makes complete sense. And if you plan to commercialize your project down the road an aggressive Free license (like say AGPL) is a good choice.
Ultimately your choice of license should match your goals.
i have a project that suffers from that. the version of a library it is built with is old and unsecure, but the newer supported version has a completely different API that would require me to rewrite the code that uses the library.
i had a second such case where i discovered a fork of the old version of the library which was still maintained. otherwise there too a rewrite would have been required.
Linux, MySQL, PostgreSQL, Apache, Python, most web browsers, and large swaths of server code used across the internet have been "open source projects" for years that were more than people sharing their solution as-is. Useful projects have always developed communities.
Some people do try to make open source projects for exposure or resume content, but that's usually orthogonal to the projects that get enough traction to have to worry about maintainers disappearing.
I think you're mixing two different concepts up
For example C was shared, C++ was evangelized. The difference is the effort put into convincing people to adopt your stuff.
Java for instance was mega evangelized, Sun thought it might reverse their fortunes.
Linux was initially “here you go, hope it works for you” but then it attracted many people who decided to create an ecosystem around it.
However, the amount of devs have grown exponentially, and the number of non-niche problems without a solution have dramatically decreased.
Or, Perhaps the invention of the rocket emoji most likely was the cause of this phenomenon.
where do people get this idea? AFAICT it's made up.
In my experience you can pretty much always bet on greed, money, and psychopathy to ruin anything that reaches beyond Dunbar's number.
It's sad when your playground gets overrun by drug lords (metaphorically speaking); I don't really have an answer to that. It's my central trauma.
There are odd corners of the web that still work on RSS, and just have people sharing stuff.
But yeah, the entire of mainstream internet discourse can be safely ignored.
HN, though, I still like it here :)
The economics make sense if you squint: each accepted PR is a permanent backlink on a real OSS repo, and most maintainers don't have time to review carefully. Close one, see five more.
Combined with the Dependabot avalanche (a small repo I check in on has 15+ open dep bumps, half with stale merge conflicts because they touch the same workflow file), the modern maintainer tax isn't writing code — it's triaging bots and growth-hackers who treat your contribution policy as an SEO funnel.
Zero-dep philosophy doesn't fully escape this; the PRs come for your README badges and your transitive scanners regardless.
Since Github has been asked to change this policy since time immemorial and has not responded, another possible response is to host your project somewhere else that doesn't have the same policy and/or doesn't have the same volume of spammers. Of course that means that you don't get the benefits of hosting at Github, but the cost/benefit ratio of hosting there has changed over time.
The opposite is what happened with OpenSSH, Jenkins, and LibreOffice, in which the original project (SSH, Hudson, and OpenOffice) had the hubris but was quickly forgotten when the community moved on.
The io.js fork from node back in 2014 or 2015 springs to mind. IIRC there were a bunch of changes/improvements that needed to be made to move node forward and Joyent were dragging their heels (a V8 upgrade might have been one of them but it's been so long I can't remember for sure). Some of the core devs were getting fed up with how long all of this was taking.
So a group of them forked off io.js from node, did the upgrade and a bunch of other improvements, and eventually all of that was folded back into core node, and everyone was happy with the final result.
But I think we could have found ourselves in a world where we'd all be using io.js rather than node had it turned out slightly differently.
A focused tool that does one thing well starts getting PRs and issues for tangential features. The maintainer, wanting to be responsive, merges them. Six months later the project is a Swiss army knife that's hard to maintain, hard to onboard new contributors to, and the original use case is buried under complexity.
The antidote is a clear CONTRIBUTING.md that says "here's what this project IS and ISN'T" and being comfortable closing issues with "out of scope, but would make a great separate project."
Easier said than done when you're a solo maintainer and every closed issue feels like you're letting someone down.
It's not a bad idea but it ends with just a huge mess of crap.
AI has just made this so much worse.
In the past we had software stacks where once code is written it's just done, it will keep working years and even decades later.
E.g. https://sapaclisp.common-lisp.dev/ you can download code written in 1993 and just load it in latest SBCL.
Framework authors have their own incentives (relevance, employment, hiring funnel) and aren't optimizing for your project's longevity. The only way to write 20-year code today is either (a) work in an ecosystem that genuinely values stability (Lisp, C, parts of Erlang/OTP, Postgres) or (b) accept the tax of a modern stack and budget for it explicitly.
Most teams do neither, which is when projects rot fastest.
While reading this, I was literally working on patching my open source go app [1] because this is what came out of the stdlib in the last few months: CVE-2025-30204, CVE-2026-33487, CVE-2026-25679, CVE-2026-27137, CVE-2026-32280, CVE-2026-32281, CVE-2026-32283, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39820, CVE-2026-39836, CVE-2026-42499
The fact that basically none of these multi-million dollar companies are vendoring their entire dependency tree.
At most companies, even ones worth millions of dollars, it would be impossible for them to rebuild their software if someone ripped a package off of npm’s registry or whatever.
If a clojars package hasn’t been updated in 6 years, I don’t even think about it!!
Main reason I avoid buying anything that requires an app. Because one day that app won't be maintained anymore and it just wont work, bricking the hardware in the process.
The fact is because they themselves are not capable of producing perfectly reliable software, they assume that everyone else is the same. With this narrow-minded worldview, you would expect software to require constant updates as the maintainer is essentially playing a never-ending game of whac-a-mole.
Not all technologies change. Often, low-level engine APIs are very stable and essentially never change... So why should the software built on top change?
According to OP, the kind of reliable software that we need in the AI slop era would fall in the category of 'dead project'. So they are doomed to create AI slop on top of other AI slop. Good luck to them.
We had a recipe for a much stabler stack decades ago: separate runtime (might need to be patched regularly) from a high-level business logic (never needs to be patched if done properly).
E.g. old way of developing web front-end was like that: you code directly in JS. It never needs to be patched, only browser needs to be patched.
Same thing with Excel/VBA, etc.
But new devs don't know any of that, they just want to use latest "framework" which pre-installs whole bunch of vulns. And if there's a patch you need to rebuild. Constant churn just to satisfy the trend
Forking is always suggested as a solution, but some projects treat forks as hostile attempts to steal their project. I've hit fork deadlock before where a maintainer didn't want to merge important requests, but also became exceedingly hostile to anyone who tried to fork the project. If a maintainer treats the project and its users as their little empire, the situation is bound to get sad.
They can be as hostile as they want; that seems nearly irrelevant to the fork decision. If the mainline won’t take a patch or wants to go in a different direction, forking seems perfectly valid and they can keep their empire. That seems fine; they didn’t want to go east, the fork going east means that those users who also want to go east can be served.
This isn’t necessary. Maybe not even common. Forks can start as a testing ground or an experimental feature fork and grow from there.
We see headlines about the angry forks, but usually it’s just friendly differences.
The problems arise when one person wants to control the project, deny contributions, but also gets angry when someone forks the project to implement those things. They put the open source license on the repo but didn’t expect other people to actually do open source things with it.
These seem like the normal ways that an open-source project fades and dies.
There are also several routes by which a project can be revived and reinvigorated. One of my favorites, because it's so obscure and also because I started the Wikipedia article on it, is https://en.wikipedia.org/wiki/Slirp#User-space_networking_an...
Where is this pool of maintainers ready to take on any project that I can hand over my projects to?
(Then they seem to also have added their own kind of dependency management thing to update components, which seems to me to kind of defeat the purpose..)
You also run into trouble if your language has side effects (ie, almost all of them). A leftPad that launches a fiber to mine cryptocurrency or sends an http call that fires nuclear missiles can still pass tests. It's hard to guarantee hygiene via tests alone.
These are problems that are hairy enough that I don't want to write my own solution, yet tractable enough that there ought to be a solution that never needs to be touched again. Maybe someone finds a better way of doing it, but the way they're currently doing it will never be wrong.
Like leftpad?
Where it can get slightly hairy is that to do it well, you need to have a LOT of seams between layers.
> but the idea of providing tests and types without implementation is a pretty interesting one.
I feel like in my head, you need to have -some- baseline/example implementation; e.x. Akka/Pekko/Akka.NET have Plugin specs for Persistence but there's still a Memory-only implementation of Persistence as a reference/baseline; after all you need to make sure the spec is possible at all.
FTFY, e.g nvim-treesitter:
https://github.com/nvim-treesitter/nvim-treesitter/discussio...
Phun Phact of the Day: Adobe Photoshop was sort of Tom Knoll's thesis orphan, but he didn't exactly abandon it.
I have a bunch of repos that I have no intention of updating. I make it a point to always archive them; usually with a note in the README.
Open source is altruistic, remember. You explicitly tell the world that you are happy for anyone to only take from the code what they want for their own needs and never contribute back. If you don't want to help users or develop your software alone, an alternative is to sell the software and support service to users and use the money to hire developers.
People make a fairly-complex open source thing. Due to the complexity for certain environments/cases, the author(s) have a commercial support option.
Consumers from bigorg use it, and wind up opening issues wanting free help for their niche use case, no they don't want to get a support contract, but this subset of the user base causes a lot of churn dealing with communication, politely closing such issues (after all, you want to just be polite about support options, not drive them away!)...
And sometimes, it becomes easier to just flip the license.
In the .NET ecosystem, it's come up frequently. There's the cases where I get it; PDF is hell (iTextSharp), Imaging is hell (ImageSharp), Auth is hell (IdentityServer).
But then there's the cases where I just shrug my shoulders (MediatR has plenty of alternatives) or get happy it gives me permission to gleefully get rid of a poorly used lib (AutoMapper).
I created and maintain example Docker Compose starter projects for Flask[0], Rails[1], Django[2] and Node[3]. I've had these going for 6-7 years and I maintain them at least once a week to keep everything up to date.
I used to also support Phoenix but I stopped after ~5 years because it was the least popular project but also took up more time to upgrade than all of the other example projects combined because Live View has changed in drastic ways so many times. Plus it became no longer enjoyable to work on it since I stopped using Phoenix in my day to day as well. That combined with it being the least popular example app between the 5 projects made it easy to decide to sunset it.
I put together a 6 month plan to archive the repo in https://github.com/nickjj/docker-phoenix-example/issues/16, received zero feedback and then archived it at the start of 2026.
[0]: https://github.com/nickjj/docker-flask-example
[1]: https://github.com/nickjj/docker-rails-example
The entirety of the license is four words: "Do As You Like". There's no expectations and no promises. Here it is. The author jumped off their boat. The code's future is up to you.
so, just be safe about it, i guess.
I wondered if it was a reference to Dumb Ways to Die, but thought that was a bit obscure for a reference. Turns out, apparantly not.
I think if I had have gone to all that work to write this list I would have given each one a dumbness score to communicate that circumstances are not equal.
one of the most viral videos from 2012 is obscure?
I try to rage against the dying of the light, with limited success.
When my daughter went into a classroom (middle school I believe is the US term) that was not her own, a surprised teacher asked "Who are you?" She immediately responded with "I'm the new number two, you are number six"
The teacher did not get the reference, but I won parenting that day.
If you are really motivated, leave instructions on how someone else can pick up were you left off even if it is just an email address others can reach out to.
Joke aside, these do represent surface of attack.
I didn't sign up as maintainer for life just by simply throwing something on git -- i'm not using git as a resume builder, I use it as a code repository.
The problem is that people (and the whole fucked up industry and convention-system itself) seem to conflate github with linkedin.
This is not dead. Open source projects don't have to be developed out in the open.
https://m.youtube.com/watch?v=IJNR2EpS0jw
https://m.youtube.com/watch?v=eq-GYfRjxhM
https://m.youtube.com/watch?v=yhJJws3kgzY
Edit: Yes.
"The Melbourne Metro safety campaign this post is named after closes with “be safe around trains,” which is more actionable than anything I’ve got."
If one project is dead, what makes another one alive? Recent updates? It's working as intended and no updates needed or worth the effort. Even if "working as intended" only means it works on some old platform and no current one. Other users? Why do I or you or anyone care about that?
Other users only matters for commercial software where you are selling copies or expertise or your resume or something tied to it.
If someone writes something and publishes it, and not a single other person ever uses it, and the author never adds another update, that is still not "dead". It's just software that exists.
It's some kind of focus on a weird goal. If your purpose in writing open source was for it to be popular, then buy advertising until you force it to happen.
> Apple is the classic example of an employer that simply doesn’t let most staff do outside open source
I have been encountering this a lot recently, and I don’t know why. Last one a couple months ago, a company wanted to hire me for some work and while all verbal promises were good, when the contract was sent, it has some shady terms but workable nonetheless, except one, the company prevent you from working in any open source work, including personal ones without a written permission, and everything you do will be the company property on or off duty! Obviously I challenged that and they got offended to even dare to challenge it, no deal! Other companies too but that was the craziest one so far.
For me, this is a red/green flag on management. The clause is legal boilerplate, inserted because it's standard and they can. They don't actually care that much about anything you might build outside of work. If they won't (or can't) remove it then the organisation is inflexible and the people who are hiring me have no power within it. Or the people who are hiring me don't understand my point of view. This is a bad sign either way.
I have had one "win" with it; I worked for a company run by a trio of absolute arseholes. One of them called a meeting and tried to bully me into handing over one of my projects because of this clause. I explained that my contract didn't have that clause because they removed it before I signed it. He got angry. But couldn't actually do anything about it.
Bingo. That’s my assessment as well, usually this stage is where any company tries to show their best behavior, good way to filter out the bad ones. But surprisingly it’s getting very common, contracts used to be before a one pager stating the salary and some other benefits, right now it’s a submission contract, and setting up the power dynamics before you even do anything. Another contract I turned down was also full of questionable clauses (like you should work more than 48h a week when needed, overriding the common law with maximum 48hrs, and up to interpretation: “needed”), and none of the benefits discussed were written there, not even a reference to XYZ internal policy or similar, meanwhile, they had so much written against you not just while doing the work but even after you leave, that they could ruin your future career if they chose to. I believe there should be a federal centralized system govern these contracts and ensure each contract is in compliance, easy to implement by having a contract builder that add clauses to it while giving margin to each party to customize other clauses to their liking. Otherwise, a lot of people will get exploited, that contract I had with that company they refused to change anything justified by it being a “template”.. it doesn’t feel like a contract anymore since contracts are made to be negotiated, it feels like signing up for a SaaS service where if you don’t agree to the entirety of it, you are out, except for jobs you’re not the customer.
PSA: If you're in California, these kinds of employment contract terms are (mostly) illegal and unenforceable.
Labor Code 2870 outright invalidates any employment contract provision which attempts to claim ownership of IP rights to anything “that the employee developed entirely on his or her own time without using the employer’s equipment, supplies, facilities, or trade secret information” unless it relates to the employer's business or results from other work performed for the employer.
Labor Code 96(k) prohibits employers for disciplining or firing an employee who engages in “lawful conduct occurring during nonworking hours away from the employer’s premises,” with an exception for contracts that prohibit conduct by the employee that is in direct conflict with the employer’s “essential enterprise-related interests.”
So blanket prohibitions are out. If you're doing something that closely relates to your employer's products/business or could be construed as a conflict of interest, that's when you should consider written permission, but a company can't say “no” unless it actually relates to the company's business.
California is relatively unique in these worker protections, and they're a big reason why Silicon Valley became what it is.
This is missing the "someone claimed they wrote all the code from the original repository and is now doing everything they can so that the author will vanish or have their reputation destroyed so theirs won't." Tactics can include claiming authorship within the gated walls of Big Tech and using their power to oppress the author. It's actually them that's stealing work, not them. Other's can include gang stalking the author.
The LLM-author is also apparently unaware of the #1 reason why open-source projects die: they don't generate enough interest / use. I created a number of OSS projects that some people liked in theory, but that weren't taking off and weren't worth getting chained to for life.