Post details
Always include a complete example on how to reproduce your problem. signed, all your OSS maintainersMatteo Collina (@matteocollina)Tue, 10 May 2022 16:04 +0000
Always include a complete example on how to reproduce your problem. signed, all your OSS maintainersMatteo Collina (@matteocollina)Tue, 10 May 2022 16:04 +0000
Hey, students and professors: Making fake commits against real OSS projects is not a valid class assignment. It wastes people's time, irritates them, and gives the student a bad reputation on Github and OSS. Don't do it.Berkubernetus (@fuzzychef)Fri, 08 Apr 2022 21:00 +0000
You can't just pick some repo on github and demand the maintainer teach you how to participate in an Open Source project. That's not how any of this works.
Joe Cooper 🌻🇺🇦🌻 (@swelljoe)Sun, 10 Apr 2022 09:34 +0000
Recommended read: Open source ‘protestware’ harms Open Source https://opensource.org/open-source-protestware-harms-open-source
So here's why I bought a receipt printer: Every time one of my GitHub repos gets a new issue, I now get a physical ticket printed out on my desk 🪄Andrew Schmelyun (@aschmelyun)Thu, 24 Mar 2022 11:44 GMT
I have noticed what seems like an almost generational divide in people who contribute to open source. Those who did open source before 2015, and those who think GitHub = OpenSource. 🙃Aeva ✈ ShmooCon! ✨ (@aevavoom)Wed, 23 Mar 2022 14:58 GMT
People who say "open source isn't a place for politics" might be unfamiliar with the decades-long social movement. It's always been political.msw (@_msw_)Fri, 18 Mar 2022 15:11 GMT
I talked about this yesterday wrt pinning your dependencies, but these sorts of actions, even if the rationale comes from a good place, are NOT OK. twitter.com/techmeme/statu…Post details
Maintainer of the popular open source networking tool node-ipc appears to have sabotaged the tool's code to wipe data on computers based in Russia and Belarus (@josephfcox / VICE) vice.com/en/article/dyp… techmeme.com/220318/p9#a220…Techmeme (@Techmeme)Fri, 18 Mar 2022 16:51 GMT
Christina Warren (@film_girl)Fri, 18 Mar 2022 19:29 GMT
At some point, we're going to have to have a brutally honest conversation about the cult of personality in open source.
julia ferraioli (@juliaferraioli)Thu, 03 Mar 2022 18:21 GMT
I don't say stuff like this often, but if you think that #OpenSource is about one person, you are doing it wrong.julia ferraioli (@juliaferraioli)Thu, 03 Mar 2022 18:20 GMT
Happy to see @nodejs be fully free at last. When considering @deno_land and other venture backed similar projects, remember to take the governance model of those projects into account. It can have quite the impact over time.Post details
Exciting news today! Joyent has transferred ownership of the Node.js trademarks to the OpenJS Foundation to help protect the work of the Node.js collaborators. We’ve worked hard to make OpenJS a stable, neutral home for the JavaScript community. openjsf.org/blog/2022/02/1…OpenJS Foundation (@openjsf)Mon, 14 Feb 2022 17:03 GMT
Pelle Wessman (@voxpelli)Mon, 14 Feb 2022 17:59 GMT
💝 Still shopping for Valentine's day? Here's the perfect way to show that special somebody you love them.* *If they are an open source contributor you appreciate. Others might prefer some flowers. We ❤️ open source. Share your love too. oss.loveNetlify (@Netlify)Sun, 13 Feb 2022 09:59 GMT
Since #Log4j you've heard how OSS vulns impact most orgs, how OSS is underfunded & we need to do more to help, but did you know OSS security has improved drastically in the last 4 years? In 2017, 35% of OSS libs used had a known flaw. In 2022 it's < 10% veracode.com/state-of-softw…Chris Wysopal (@WeldPond)Wed, 09 Feb 2022 19:36 GMT
Successful open source is doing enough work to make people like your project, but doing it just poorly enough they feel compelled to help.
Post details
every open source project is like "we're a community project!" and then you look at contributions and it's like 1 person doing 70k commits a day and a long tail of 5 people doing readme fixes
kat.rs (@zkat__)Tue, 08 Feb 2022 06:35 GMT
Phil Nash 💉💉💉 (@philnash)Tue, 08 Feb 2022 12:35 GMT
My Open Source contributions stopped right after I joined Google. 😅
Nicolas A Perez (@anicolaspp)Sat, 05 Feb 2022 17:42 GMT
We need to stop thinking about open source sustainability as “raise enough money to work full-time.” Not every maintainer wants that. Sustainability might be better achieved by four people working ten hours a week instead of one person working 40 hours a week.Nicholas C. Zakas (@slicknet)Thu, 03 Feb 2022 16:30 GMT
I wish we as an industry would stop underfunding and abandoning open source 🙃 relatedly i'm spending the rest of my week fixing stuff _again_ because of lack of lack of investment and support over the last several yearsdanielle 🏳️🌈 (@endocrimes)Tue, 01 Feb 2022 19:32 GMT
Now on the other hand if a company uses open source to profit from, then yes companies should likely have a duty to treat that project as a supplier and act accordingly.
Tane Piper (@tanepiper)Sat, 29 Jan 2022 09:18 GMT
I've been writing open source software for over 20 years and I'd say it's absolutely no one's duty to contribute to anything - that's conferring a moral or legal obligation on people. It should only ever be a choice from a persontwitter.com/parik36/status…Tane Piper (@tanepiper)Sat, 29 Jan 2022 09:18 GMT
Being an open source maintainer: build something popular and you either die a hero or live long enough to be told, “you’re what’s wrong with open source. “ 🤷♂️
Nicholas C. Zakas (@slicknet)Fri, 28 Jan 2022 01:58 GMT
If you don't have a paying day job you will likely die of malnutrition while the corporations sponge off your #OpenSource work.Post details
Being an open source maintainer: build something popular and you either die a hero or live long enough to be told, “you’re what’s wrong with open source. “ 🤷♂️
Nicholas C. Zakas (@slicknet)Fri, 28 Jan 2022 01:58 GMT
Justin Johansson (@IndieScripter)Fri, 28 Jan 2022 09:33 GMT
I started a sketch of my thoughts on the funding of open source and so far my conclusions are so bleak I hesitate to publish.
Laurie Voss (@seldo)Mon, 24 Jan 2022 02:28 GMT
If you are a multi billion dollar company and are concerned about log4j, why not just email OSS authors you never paid anything and demand a response for free within 24 hours with lots of info? (company name redacted for *my* peace of mind)
Daniel 🥌 Stenberg (@bagder)Fri, 21 Jan 2022 23:43 GMT
Recommended read: Here’s how Stack Overflow users responded to Log4Shell, the Log4j vulnerability affecting almost everyone https://stackoverflow.blog/2022/01/19/heres-how-stack-overflow-users-responded-to-log4shell-the-log4j-vulnerability-affecting-almost-everyone/
... but pure altruism isn't scalable, it's difficult to build a big community just on that. There're many advantages of participating pro-bono: learning/mentorship, portfolio, addressing your own needs, exposure, etc. These reasons are totally valid, and they can be win-win
Oleg Nenashev (@oleg_nenashev)Wed, 19 Jan 2022 07:42 GMT
For what it worth, there are many small projects being maintained by solo maintainers. Their time investment is way beyond direct and indirect benefits they get for it. This is where altruism takes place, and it should be appreciated. Kudos to these maintainers🙏
Oleg Nenashev (@oleg_nenashev)Wed, 19 Jan 2022 07:37 GMT
Pure altruism of maintainers
Oleg Nenashev (@oleg_nenashev)Wed, 19 Jan 2022 06:44 GMT
"Securing the (open source) software supply chain" naturally focuses attention "upstream" in the supply chain. And there is so much to do _downstream_ in how we assemble and operate software more securely. Improvements downstream don't need to wait on investments upstream.Matthew S. Wilson (msw) (@_msw_)Sun, 16 Jan 2022 17:18 GMT
Everyone wants to create something new to start a startup But there are so many open source projects that are widely used, but don’t have anyone offering support or custom dev You might not get huge valuations, but there are a thousand million-dollar businesses out thereDaniel Feldman.ehh (@d_feldman)Sat, 15 Jan 2022 06:17 GMT
Recommended read: The Gift of It's Your Problem Now https://apenwarr.ca/log/20211229
Recommended read: The burden of an Open Source maintainer https://www.jeffgeerling.com/blog/2022/burden-open-source-maintainer
Recommended read: Making Open Source economy more viable with dual license collectives https://dpc.pw/making-open-source-economy-more-viable-with-dual-license-collectives
Imagine how much worse this could have been (and how long it would have gone undetected) if the change was siphoning AWS credentials instead of graffiti in the terminal.
Post details
Looks like the AWS CDK is broken because the dependency on colors.js which has a totally hilarious bug: github.com/aws/aws-cdk/is… It shows "LIBERTY LIBERTY LIBERTY".Soenke Ruempler (@s0enke)Sun, 09 Jan 2022 18:43 GMT
Aidan W Steele (@__steele)Sun, 09 Jan 2022 23:22 GMT
Looks like the AWS CDK is broken because the dependency on colors.js which has a totally hilarious bug: github.com/aws/aws-cdk/is… It shows "LIBERTY LIBERTY LIBERTY".Soenke Ruempler (@s0enke)Sun, 09 Jan 2022 18:43 GMT
Recommended read: The right to delete: how faker.js exposed the fragile nature of open source culture, again https://www.thegingerviking.com/the-right-to-delete-fakerjs-fragile-nature-open-source/
Thanks to this tip I just found out Datasette gets a mention in this academic paper! "What Else Is New? Open Data Users Need to Know What’s Changed" computer.org/csdl/magazine/…Post details
Well worth searching your GitHub URL with Google Scholar. E.g. scholar.google.com/scholar?q=gith… Great way to find out if your code has made it into any academic publications.Terence Eden (@edent)Sun, 09 Jan 2022 15:56 GMT
Simon Willison (@simonw)Mon, 10 Jan 2022 02:07 GMT
Nice, I've found one of my own projects in this which is pretty cool 🤓
Well worth searching your GitHub URL with Google Scholar. E.g. scholar.google.com/scholar?q=gith… Great way to find out if your code has made it into any academic publications.Terence Eden (@edent)Sun, 09 Jan 2022 15:56 GMT
People screaming as someone fucked up their OSS code on purpose. If only there was some way AWS could have, you know, pinned a specific version of a package for cdk... Oh wait there was.Chris McKee (@chrismckee)Sun, 09 Jan 2022 23:49 GMT
Recommended read: Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/
How can we even start talking about supply chain security and sustainability if a maintainer publishing a bad npm package version breaks everyone instantly? Stable, deterministic pinning is table stakes. theverge.com/2022/1/9/22874…Filippo ${jndi:ldap://filippo.io/t} Valsorda (@FiloSottile)Sun, 09 Jan 2022 22:23 GMT
Recommended read: Open source developer corrupts widely-used libraries, affecting tons of projects - The Verge https://www.theverge.com/2022/1/9/22874949/developer-corrupts-open-source-libraries-projects-affected
I would say that once you start having *other* people contributing and maintaining is not fully *yours* anymore?
Hugo Rodrigues (@hugorodrigues)Fri, 07 Jan 2022 03:32 GMT
Nope. Absolutely, completely, incorrect. Total nonsense. OSS maintainers don't owe you anything. Says so right on the license. If you can't read, maybe stay off the internet.
Yawar Amin لول (@yawaramin)Sat, 08 Jan 2022 01:01 GMT
Recommended read: In the aftermath of Log4Shell, three lessons that organisations must learn | Jetstack Blog https://www.jetstack.io/blog/log4shell-lessons-to-learn/
Often OSS developers make the world keep the lights on but aren't compensated for their time. Marak was struggling, asked help. Got nothing. In protest, removed his code and github suspended his account for removing something he owned the rights to.Sam (@metruzanca)Fri, 07 Jan 2022 01:07 GMT
I found a one-digit typo in the docs for Python's typing_extensions. I wanted to be a good community member and fix it. I had no idea how much frustration that one-char PR was about to cause. Brace yourselves as I take you along on this wild ride 🧵 RT for reach appreciated 🙏Predrag Gruevski (@PredragGruevski)Wed, 05 Jan 2022 17:36 GMT
If one wants to push a long-standing issue along, then don’t comment that, instead (if sensible in context) ask: “What can be done to push this issue forward? Are more details needed? More use cases? Someone doing a PR?” Then it becomes collaborative rather than exploitative 👍Post details
Random comment on long-standing issue: Any updates on this? Me: would you like to work on it? Them: …Matteo Collina (@matteocollina)Thu, 06 Jan 2022 17:04 GMT
Pelle Wessman (@voxpelli)Thu, 06 Jan 2022 18:30 GMT
Random comment on long-standing issue: Any updates on this? Me: would you like to work on it? Them: …Matteo Collina (@matteocollina)Thu, 06 Jan 2022 17:04 GMT
Recommended read: Top 3 harmful incidents in open-source in 2021 https://www.brainfart.dev/blog/topbad3oss2021
As an engineer, @Neovim is critical infrastructure for my productivity, so I set up a monthly donation a few years ago through GitHub. It's great to be able to support a project that I rely on! ☺️Post details
here's a recommendable new years resolution: donate in support of the critical open source tools you rely on. We do this at @discourse every year.Jeff Atwood (@codinghorror)Fri, 31 Dec 2021 00:27 GMT
Alex Gude (@alex_gude)Sat, 01 Jan 2022 15:40 GMT
You're currently viewing page 1 of 4, of 184 posts.