Creating a (hacky) solution to retrieve the dependency graph from Renovate for a set of repositories.
Does the tech industry thrive on free work? (6 mins read).
Thinking about how there are subtle expectations to work on your career outside of tech, and how it's not necessarily great.
How we (at Deliveroo) are using GitHub Advanced Security's dependency scanning functionality to determine what our most popular dependencies are, and whether we can find any Open Source contributions for the month of Hacktoberfest.
There have been discussions in the aftermath of the log4j vulnerability about whether or not open source is broken or sustainable, what we can do to improve the sustainability of the open source ecosystem moving forwards, and the entitlement of users and companies in expecting maintainers to fix their problems.
Recommended read: Entitlement in Open Source https://mikemcquaid.com/entitlement-in-open-source/
What do Docker, GitLab, and Red Hat have in common? Aside from various levels of participation in open source, they’ve all been punching bags over the past few years for non-paying users angr…
"Running a successful open source project is just Good Will Hunting in reverse, where you start out as a respected genius and end up being a janitor who gets into fights." Quote attributed to @cra, and I don't think I've ever seen anything more true posted.
Jens Axboe (@axboe)Fri, 12 Aug 2022 17:16 +0000
For many open source consumers the "logical units" being depended on are libraries. However, the libraries themselves are only a product of what consumers are actually depending on: people. Y...
Recommended read: People in your software supply chain https://sethmlarson.dev/blog/people-in-your-software-supply-chain
Idea for Open Source/Startup: monetising the supply chain (2 mins read).
An idea I've had for how to better distribute support to Open Source libraries in the supply chain for your software.
Hey, students and professors: Making fake commits against real OSS projects is not a valid class assignment. It wastes people's time, irritates them, and gives the student a bad reputation on Github and OSS. Don't do it.
Berkubernetus (@fuzzychef)Fri, 08 Apr 2022 21:00 +0000
Recommended read: Open source ‘protestware’ harms Open Source https://opensource.org/open-source-protestware-harms-open-source
I talked about this yesterday wrt pinning your dependencies, but these sorts of actions, even if the rationale comes from a good place, are NOT OK. twitter.com/techmeme/statu…
Christina Warren (@film_girl)Fri, 18 Mar 2022 19:29 GMT
OpenJS Foundation (@openjsf)Mon, 14 Feb 2022 17:03 GMT
Pelle Wessman (@voxpelli)Mon, 14 Feb 2022 17:59 GMT
💝 Still shopping for Valentine's day? Here's the perfect way to show that special somebody you love them.* *If they are an open source contributor you appreciate. Others might prefer some flowers. We ❤️ open source. Share your love too. oss.love
Netlify (@Netlify)Sun, 13 Feb 2022 09:59 GMT
Chris Wysopal (@WeldPond)Wed, 09 Feb 2022 19:36 GMT
Successful open source is doing enough work to make people like your project, but doing it just poorly enough they feel compelled to help.
every open source project is like "we're a community project!" and then you look at contributions and it's like 1 person doing 70k commits a day and a long tail of 5 people doing readme fixes
kat.rs (@zkat__)Tue, 08 Feb 2022 06:35 GMT
Phil Nash 💉💉💉 (@philnash)Tue, 08 Feb 2022 12:35 GMT
We need to stop thinking about open source sustainability as “raise enough money to work full-time.” Not every maintainer wants that. Sustainability might be better achieved by four people working ten hours a week instead of one person working 40 hours a week.
Nicholas C. Zakas (@slicknet)Thu, 03 Feb 2022 16:30 GMT
I wish we as an industry would stop underfunding and abandoning open source 🙃 relatedly i'm spending the rest of my week fixing stuff _again_ because of lack of lack of investment and support over the last several years
danielle 🏳️🌈 (@endocrimes)Tue, 01 Feb 2022 19:32 GMT
I've been writing open source software for over 20 years and I'd say it's absolutely no one's duty to contribute to anything - that's conferring a moral or legal obligation on people. It should only ever be a choice from a persontwitter.com/parik36/status…
Tane Piper (@tanepiper)Sat, 29 Jan 2022 09:18 GMT
If you don't have a paying day job you will likely die of malnutrition while the corporations sponge off your #OpenSource work.
Being an open source maintainer: build something popular and you either die a hero or live long enough to be told, “you’re what’s wrong with open source. “ 🤷♂️
Nicholas C. Zakas (@slicknet)Fri, 28 Jan 2022 01:58 GMT
Justin Johansson (@IndieScripter)Fri, 28 Jan 2022 09:33 GMT
If you are a multi billion dollar company and are concerned about log4j, why not just email OSS authors you never paid anything and demand a response for free within 24 hours with lots of info? (company name redacted for *my* peace of mind)
Daniel 🥌 Stenberg (@bagder)Fri, 21 Jan 2022 23:43 GMT
Recommended read: Here’s how Stack Overflow users responded to Log4Shell, the Log4j vulnerability affecting almost everyone https://stackoverflow.blog/2022/01/19/heres-how-stack-overflow-users-responded-to-log4shell-the-log4j-vulnerability-affecting-almost-everyone/
... but pure altruism isn't scalable, it's difficult to build a big community just on that. There're many advantages of participating pro-bono: learning/mentorship, portfolio, addressing your own needs, exposure, etc. These reasons are totally valid, and they can be win-win
Oleg Nenashev (@oleg_nenashev)Wed, 19 Jan 2022 07:42 GMT
For what it worth, there are many small projects being maintained by solo maintainers. Their time investment is way beyond direct and indirect benefits they get for it. This is where altruism takes place, and it should be appreciated. Kudos to these maintainers🙏
Oleg Nenashev (@oleg_nenashev)Wed, 19 Jan 2022 07:37 GMT
"Securing the (open source) software supply chain" naturally focuses attention "upstream" in the supply chain. And there is so much to do _downstream_ in how we assemble and operate software more securely. Improvements downstream don't need to wait on investments upstream.
Matthew S. Wilson (msw) (@_msw_)Sun, 16 Jan 2022 17:18 GMT
Everyone wants to create something new to start a startup But there are so many open source projects that are widely used, but don’t have anyone offering support or custom dev You might not get huge valuations, but there are a thousand million-dollar businesses out there
Daniel Feldman.ehh (@d_feldman)Sat, 15 Jan 2022 06:17 GMT
Recommended read: The burden of an Open Source maintainer https://www.jeffgeerling.com/blog/2022/burden-open-source-maintainer
Recommended read: Making Open Source economy more viable with dual license collectives https://dpc.pw/making-open-source-economy-more-viable-with-dual-license-collectives
Imagine how much worse this could have been (and how long it would have gone undetected) if the change was siphoning AWS credentials instead of graffiti in the terminal.
Aidan W Steele (@__steele)Sun, 09 Jan 2022 23:22 GMT
Recommended read: The right to delete: how faker.js exposed the fragile nature of open source culture, again https://www.thegingerviking.com/the-right-to-delete-fakerjs-fragile-nature-open-source/
Thanks to this tip I just found out Datasette gets a mention in this academic paper! "What Else Is New? Open Data Users Need to Know What’s Changed" computer.org/csdl/magazine/…
Simon Willison (@simonw)Mon, 10 Jan 2022 02:07 GMT
You're currently viewing page 1 of 4, of 198 posts.