Open Source Psychopomping.

I have become a psychopomp, or at least I act as one for open source projects.

Psychopomps are personifications created by people to help them come to terms with a difficult truth. Death: the Grim Reaper, Charon the ferryman, Yama, 黑白無常, Guede Nibo, Xolotl are examples.

Religions and/or folk tales use these characters to tackle the uncomfortable question “What happens after?” Complete with their own rituals and beliefs, psychopomps play a role to help people cope and understand this universal truth, that an end comes for us all.

Open source projects have their ends too, but lack the coping mechanisms. I suspect some developers may see open source as a way for a part of themselves to live on forever. But, I must share a non-judgmental fact…

Open source projects can meet an end. Popular projects know this and announce how long each release will be supported by the developers. They use terms like end-of-support and end-of-life. Smaller projects though, regularly forgo announcing their project’s lifespan. Eventually, lacking sufficient support from their users, the developers move on regaining their time for better activities. This is how open source projects die, but their spirits linger. Free open source repositories still provide them, a minefield of zombie projects hiding within them.

Open source has unique qualities though, someone can always come along and breath life back into a project, if only for one last patch.

That is what I do. I write security bug patches for abandoned open source projects. Playing the role of psychopomp for these projects, providing patches to protect the users and letting them know it is time to move on. In some instances, the fate of an end is avoided. Follow me as I share with you my stories from the field.

Why?

My intentions come from the depths of a heart that wishes to reduce suffering and accepts the reality of fate. Leaving websites running open source application vulnerable to getting hacked is not helping. Like the psychopomps of lore, I do not pass judgement. I am here to help, by being a guide. Doing what I can to help protect those who relied the departed and being a reminder that all things come to an end, even software support.

What gets patched?

I am currently patching WordPress plugins and themes thanks to my work as Patchstack’s Security Advocate. These projects have publicly disclosed security bugs which may leave sites vulnerable.

I can expand to other web applications written in PHP, Python or Ruby as well, but will start with WordPress.

What will be published?

I will share technical write ups on the Patchstack blog and commentary on my efforts here on my personal site.

I hope that public displays of gentle kindness are still appreciated, if not infectious. If you are interested in supporting these efforts, know a project that needs a patch, or have written last patches of your own: Please get in contact with me.

• Patching add-comments
  Never assume, always confirm. The most prevalent security bug in web […]
• Patching webmaster-tools-verification
  APIs are one of the best features of web applications. I […]
• Patching wsm-downloader
  Remember never to trust user inputs. It’s a common mistake, when […]
• Patching thecartpress
  This was the first plugin I unsolicited wrote a patch for. […]
• Open Source Psychopomping.
  I have become a psychopomp, or at least I act as […]