Kind reposts

Okay. Ai can go bankrupt then. This is not our problem, this sounds like a rich tech billionaire problem.

I migrated a group chat of mostly elderly women to signal and I feel like there’s nothing I can’t do I also firmly believe the stereotype of elderly women not being technical is complete bollocks perpetuated by the patriarchy

It’s not a syndrome if you’re actually an imposter

watching the tech industry burn out all the people i know who actually care about delivering things that aren’t perpetually broken, all at the altar of infinite velocity, is making me utterly utterly furious.

The Great Supply Chain Security Paradox: “every open source lib is getting owned! wait at least a week to patch, let other people find the supply chain breaches before you” “AI is reversing all these …

sorry i'm late, i didn't want to come

It usually only takes 1 project for an open source maintainer to learn they need to set boundaries. Unfortunately, that 1 project often becomes load bearing infrastructure before we've even realized what's happened, putting everyone in quite a predicament. @www.jvt.me.web.brid.gy #opensource

The open source world was designed for a world where there was more friction for doing things. With LLMs a lot of that friction has been removed. Sometimes that means we have to ask a potential contributor "are you a human?". @www.jvt.me.web.brid.gy #opensource #tech #llms

People are worried about AI killing open source, I'm more worried about some companies looking to enclose open source under the premise that AI is making it too risky. https://newsroom.ibm.com/2026-05-28-ibm-and-red-hat-commit-5-billion-to-redefine-the-future-of-open-source-in-the-ai-era

The best time to prune your dependency trees was 3 years ago, second best time is right now.

Heads up maintainers of packages, this is a big deal: https://github.com/orgs/community/discussions/196340

too soon

Open source maintainers at profitable companies: stop asking permission to fix what your employer already depends on. No paperwork. No programme. No manager’s blessing. Just maintain it on the clock.

It’s a sort of meme that engineers aren’t good writers. That includes software ones. And now we’re supposed to believe we can take an entire industry of not-that-good writers and transform them, in a few months, into people who’s primary job is not writing code but writing prose? lolwut

Your regular reminder that shitting on OSS on social media is a selfish thing to do. Good job sapping volunteer maintainers’ motivation in exchange for your “internet points”. Next time: try rolling up your sleeves and contribute a fix to the problem you’ve identified.

Starting with v8.0.0, Astral switched setup-uv to immutable releases with no floating v8 tags. This is good for security. But unfortunately #Dependabot and #Renovate couldn't upgrade from v7 to v8.0.0, and need a manual bump to get back on track. This is not so good for security. I posted about this on the three social networks, someone tagged @www.jvt.me@www.jvt.me and soon after Renovate now supports this! 🎉 Here's his writeup into the world of #GitHubActions tags: https://www.jvt.me/posts/2026/04/24/github-actions-tagging/

What I learnt at day 1 of the @github.com Maintainer Summit. Shower oranges.

If schools have money for AI, I'd rather they use that to pay teachers more

Tired: supply chain attack Wired: supply chain is attack

GitHub appears to have opted anyone using the CLI into sending telemetry they will use to inform product decisions. This is sneaky and should have been an opt-in decision, not opt-out. Disable it with `gh config set telemetry disabled`. cli.github.com/telemetry https://cli.github.com/telemetry

The reddit engineering team wrote a great post about how they're using Renovate for their dependency management - very interesting and some good learnings on how they keep things patched at scale! https://www.reddit.com/r/RedditEng/comments/1s1q879/dependency_hell_aka_how_i_learned_to_stop/ https://www.reddit.com/r/RedditEng/comments/1s1q879/dependency_hell_aka_how_i_learned_to_stop/?solution=4303a76c078f87374303a76c078f8737&js_challenge=1&token=bbbe4bf1c9a2b5160829c4be34da58614381ef3e0636a894f7eeb79613d86dc9&share_id=o3roxspvq4-AJyieVXsHb&utm_medium=android_app&utm_name=androidcss&utm_source=share&utm_term=1

men can’t understand what it’s like for women to see story after story after story of women being victims of sexual violence in a culture where it’s routine; what it’s like to live in a world that is fundamentally hostile to our existence. it’s a wonder we leave the fucking house, let alone thrive.

same, postgres, same

I would really like a week to pass when I don't hear that yet another friend has been laid off. The tech industry is in freefall.

"Age verification" laws are "we want to have all adults and their complete online profile in a database" laws, and that Persona, the company behind LinkedIn, Roblox, Discord ID and age verification is owned by Peter Thiel should be all you need to know.

Requested post by @sethmlarson: Package Managers Need to Cool Down https://nesbitt.io/2026/03/04/package-managers-need-to-cool-down.html

The #Renovate maintainers would like to get some speciifc feedback on a few areas - we'd love to hear from you: https://github.com/renovatebot/renovate/discussions/41414

Instead of an AI-generated hit piece, try sending your fave OSS maintainer a fun little card 💕 oss.cards https://oss.cards

me at 17: a secret conspiracy of billionaires shapes global events me at 35: class interest creates emergent outcomes and aligned behavior, but there’s no smoky room where plutocrats plot to shape global events me at 41: a secret conspiracy of billionaire perverts shapes global events [contains quote post or other embedded content]

something you learn about open source when you work on a sufficiently large project is that you *shouldn't* welcome all PRs

https://en.wikipedia.org/wiki/Prominent_individuals_mentioned_in_the_Epstein_files [contains quote post or other embedded content]

If these CAPTCHAs get any harder I'm not sure I'm going to be able to pass them 😅

Reminder that #Renovate 43 came out yesterday! We landed a few breaking changes, so check out the release notes: https://github.com/renovatebot/renovate/releases/tag/43.0.0

I'm legit unfollowing people who never use alt text. You're literally typing on a text based app. So why are you making Canva images with little pithy quips and no alt text. I honestly don't understand it.

The two hardest problems in Computer Science are 1. Human communication 2. Getting people in tech to believe that human communication is important

Did someone post something? It's on mastodon.social. It's literally on booping.synth.download. It's maybe in wetdry.world. It's literally on gts.apicrim.es. You can probably find it on app.wafrn.net. Dude it's on shrimp.starlightnet.work. It's a infosec.exchange original. Check out mas.to for it. You'll find it on hachyderm.io. It's definitely on oomfie.city. Look for it on tech.lgbt. It's over on yeen.town. You can see it on waf.moe. It's been shared on akko.wtf. Go peek at fuzzies.wtf. It's trending on transfem.social. You can catch it on eepy.moe. Browse over to lethallava.land. It's on $INSTANCE$host$. You can read it on $INSTANCE$host$. You can go to $INSTANCE$host$ and like it. Log onto $INSTANCE$host$ right now. Go to $INSTANCE$host$. Dive into $INSTANCE$host$. You can $INSTANCE$host$ it. It's on $INSTANCE$host$. $INSTANCE$host$ has it for you. $INSTANCE$host$ has it for you.

I'm sorry for what I said when I was overstimulated.

If you funded a maintainer before they created their most successful package, you have a claim on it. The Law of Surprise is underutilized in open source.

Everybody thinks 'https://' stands for 'hypertext transfer protocol secure' but it actually stands for 'head to this place, sucka' followed by a colon and two laser sounds

We've announced 6 Moderate Security Advisories, which allow for possible remote code execution, when an attacker has access to a repository's default branch More info: https://github.com/renovatebot/renovate/discussions/40403

i love the beginning of the year because everyone starts blogging. and if you (yes you) were thinking about starting, this is your sign

This week on #OpenSourceSecurity I chat with Jamie Tanna about updating open source dependencies. It's usually not as simple as "just update" and Jamie has a ton of real world experience in this working on Renovate https://opensourcesecurity.io/2025/2025-12-renovate-jamie/

it's truly amazing what LLMs can achieve. we now know it's possible to produce an html5 parsing library with nothing but the full source code of an existing html5 parsing library, all the source code of all other open source libraries ever, a meticulously maintained and extremely comprehensive test suite written by somebody else, 5 different models, a megawatt-hour of energy, a swimming pool full of water, and a month of spare time of an extremely senior engineer

Jan 1: this is the year of new Me Jan 12: [eating shredded cheese directly from the bag] new years resolutions are a bourgeois construct for disciplining bodies into productive units for capital

Please don’t go to enormous indoor events when you’re incredibly ill with a flu-like thing. Not even in a mask. Fuck sake.

day one in mamdani’s new york

Fuck you people. Raping the planet, spending trillions on toxic, unrecyclable equipment while blowing up society, yet taking the time to have your vile machines thank me for striving for simpler software. Just fuck you. Fuck you all. I can't remember the last time I was this angry.

We spent thirty years building tools to keep humans from falling into dependency hell, only to build a machine that jumps into the pit voluntarily.

It's December 23rd! Have a Merry Christmas Adam everybody! (Always comes before Christmas Eve and is generally unsatisfying.)

Saw an advert for a Trainline AI assistant thing, with a disclaimer at the bottom saying it’s AI, so might not actually be right. Why is it okay for AI to be unreliable? Why are we collectively so accepting of the idea?