Fine Uploader is shutting down

&gt; I&#x27;ve grown tired of continuously defending my inactivity and decisions against trolls on Twitter, the issue tracker, and elsewhere. It&#x27;s draining and I don&#x27;t have the patience or energy to deal with it any longer. These same people expect to impose their short-sighted and non-generalized values and goals on a project for which they have contributed nothing and are not willing to maintain. The sense of entitlement from a small but vocal minority that do not understand FOSS and refuse to understand it is very much a concern, and I&#x27;m simply not interested in shrugging that off anymore.<p>In the last three days, I&#x27;ve been accused of my code not being open source and that I should remove all mentions of open source from everything I owned, because I simply haven&#x27;t pushed to Github in a month or two.<p>This was joined by another user who claimed that open source license legally forces me to make the &#x27;secret&#x27; code I&#x27;ve been holding off public, which, again, does not exist, because the code on the repo was effectively current.<p>I&#x27;ve been working full time for the last 8 months, on my own savings, to provide a peer-to-peer mass communication tool, and I&#x27;m releasing it for free.<p>To say that this made me feel <i>horrible</i> for the past few days would be an understatement.

&gt; I lack the free time at this point in my life to continue to maintain and develop a project of this scale, and the codebase has languished for a little while already.<p>&gt; I&#x27;ve grown tired of continuously defending my inactivity and decisions against trolls on Twitter, the issue tracker, and elsewhere. It&#x27;s draining and I don&#x27;t have the patience or energy to deal with it any longer. These same people expect to impose their short-sighted and non-generalized values and goals on a project for which they have contributed nothing and are not willing to maintain.<p>&gt; The sense of entitlement from a small but vocal minority that do not understand FOSS and refuse to understand it is very much a concern, and I&#x27;m simply not interested in shrugging that off anymore.<p>Not familiar with this project but would like to thank the author as well as all the other amazing open source contributors in the world for doing something that made&#x2F;makes the world a better place.<p>I dream of a day when we have a solution to these problems. Where an engineer can get paid as much as they would at a job to fix those issues people raise. A platform that also allowed creators to block people who are clueless and unkind.<p>Some day we as a community will figure it out.

I think the correct way to view this is as a courtesy notice that &quot;Hey, that thing you might have used for free is being discontinued.&quot; That&#x27;s it.<p>There is zero reason to expect FOSS developers to be schooled in good PR or something. He may think that spelling out his logic for his decision is useful information to other people. He may even be right about such an assumption.<p>I would not infer that he is intentionally being petty, kvetching per se, etc. It might be accurate, but who cares? He published a courtesy notice. He could have shut it down with zero announcement.<p>I am reminded of this comment I made 3 months ago:<p><a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=17824166" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=17824166</a>

Disclosure: I work on a ‘competing’ file uploader.<p>I’d like to thank Richard for the relentless efforts in pioneering this robust uploader. As a member of the Uppy team I have had the pleasure of a few encounters with him where he adviced us on e.g. saving directly to s3. I regard him more as a bright peer than a competitor, the ecosystem is large enough that we can afford that luxury. And I guess being in open source helps. Like, I’d dont suppose there’s a cutthroat mentality between Linux and FreeBSD contributors for instance :)<p>I can relate to the gh-issue fatigue becoming unbearable if you yourself no longer have a need, or a way to make it into a sustainable career. Worse: others are building businesses with your free product and make wild demands. Our team is fortunate enough that our own business can benefit from Uppy and so that we can allocate paid-for-time; but if all that effort has to come from your spare time, that could also have been spent on your family or making money to feed them.. the weight really adds up and wears you down.<p>So: Much respect for keeping it up for so many years, breaking new grounds, and being a big inspiration to us.

The sense of entitlement people have of open-source projects is ridiculous, ESPECIALLY if they haven’t contributed to it.

Somewhat related : are there any guides&#x2F;tutorials about how to do secure file uploads in webapps and how to avoid obvious security pitfalls?<p>Reading the Django docs <a href="https:&#x2F;&#x2F;docs.djangoproject.com&#x2F;en&#x2F;2.1&#x2F;topics&#x2F;security&#x2F;#user-uploaded-content-security" rel="nofollow">https:&#x2F;&#x2F;docs.djangoproject.com&#x2F;en&#x2F;2.1&#x2F;topics&#x2F;security&#x2F;#user-...</a> , specifically,<p>&gt;Django’s media upload handling poses some vulnerabilities when that media is served in ways that do not follow security best practices. Specifically, an HTML file can be uploaded as an image if that file contains a valid PNG header followed by malicious HTML. This file will pass verification of the library that Django uses for ImageField image processing (Pillow). When this file is subsequently displayed to a user, it may be displayed as HTML depending on the type and configuration of your web server.<p>is a little concerning. They recommend serving images from a different domain and whitelist file types. Is that enough? Anything else needs to be done to improve security? Does handling uploads alone give attackers an RCE oppurtunity or is it safe to handle files in the server and then upload to aws s3?

Thank you for Fine Uploader. It&#x27;s been really helpful.<p>A my-fault anecdote: I submitted a PR for a minor new Fine Uploader feature, and when a few followup questions were asked about documenting the new feature, I never got around to completing the tasks.<p>So, at least in my case, I intended to contribute and did &quot;most&quot; of the work, but failed to make the time to bring my PR over the finish line. Perhaps there were a bunch of well-intentioned-but-ultimately-not-usable contributions like mine, and maybe they also contributed to the frustration.<p>I try (but sometimes fail) to remember that so, so much of the stuff I use every day to maintain my livelihood was created by others, for the free use of others. But it&#x27;s such an embarrassment of riches that sometimes one forgets to be thankful and that&#x27;s when the feeling of open-source entitlement sets in (at least that&#x27;s how I see it).<p>In the past I maintained a bunch of little plugins that got a decent amount of use, but it was a long time ago (1990&#x27;s) and I think the culture was different. There was some criticism, but most people were very appreciative and if there was something they wanted added etc, they would just solve it on their end without any complaints or drama. There was no PR type workflow, arguments over licensing, or expectation of awesome docs&#x2F;support for a free thing. I&#x27;m not saying I want to go back to that per se, but when I think about maintaining that type of project now, it sounds fatiguing instead of exciting.<p>Not sure what my point is... I guess just to say thanks and that I can totally understand why you&#x27;d want to stop supporting the code. But it is used and appreciated, and the fact that you nurtured it for so long is an achievement on its own. Cheers!

Has anybody written a guide on how to survive having a successful open source project?<p>I happened to have something [1] get a little usage recently and it took effort not to get sucked in. There were people with questions and needs! And I like helping people! But I also have a life to lead, so I set myself some clear boundaries and worked to consciously accepted that the project wouldn&#x27;t operate at the standards I&#x27;d have for myself if it were my job.<p>It occurred to me that when I got started in the industry I didn&#x27;t have the boundary-setting skills I do now, and that I easily could have worked to hard and too long, burning myself out, especially if my project were as popular as this was. It&#x27;d be nice to have a guide from OS project leads on ways to keep the project sustainable over the long term.<p>[1] <a href="https:&#x2F;&#x2F;github.com&#x2F;wpietri&#x2F;sucks" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;wpietri&#x2F;sucks</a>

Does anyone know of an alternative to this library?

At the risk of sounding uncaring or such...<p>Ok?<p>I mean I don&#x27;t get why the owner didn&#x27;t try to find someone else to graciously take the reins without a fork (maybe they tried and couldn&#x27;t find anyone?), but I don&#x27;t get the dramatic post and very &quot;taking my ball and going home&quot; tone I&#x27;m getting.<p>Again, maybe it&#x27;s just me looking to wrongly but when 4 out of 6 reasons are referring to yourself and not the project...<p>The bit about having to defend yourself on Twitter, I guess I don&#x27;t know this person and how bad they have it, but I find it hard to imagine someone just <i>inundated</i> with Twitter noise over a library to the point they need to walk away in such an abrupt manner, like taking the slightest amount of time to transition would be life ending (<i>definitely get not wanting to deal with noise over free work, but this is a known problem and they could have started a conversation about that</i>), and I <i>definitely</i> don&#x27;t see how this will <i>reduce</i> the amount of attention they get...