Tag open-source
Post details
... but pure altruism isn't scalable, it's difficult to build a big community just on that. There're many advantages of participating pro-bono: learning/mentorship, portfolio, addressing your own needs, exposure, etc. These reasons are totally valid, and they can be win-win
Oleg Nenashev (@oleg_nenashev)Wed, 19 Jan 2022 07:42 GMT
Post details
For what it worth, there are many small projects being maintained by solo maintainers. Their time investment is way beyond direct and indirect benefits they get for it. This is where altruism takes place, and it should be appreciated. Kudos to these maintainersš
Oleg Nenashev (@oleg_nenashev)Wed, 19 Jan 2022 07:37 GMT
Post details
Pure altruism of maintainers
Oleg Nenashev (@oleg_nenashev)Wed, 19 Jan 2022 06:44 GMT
Post details
"Securing the (open source) software supply chain" naturally focuses attention "upstream" in the supply chain. And there is so much to do _downstream_ in how we assemble and operate software more securely. Improvements downstream don't need to wait on investments upstream.Matthew S. Wilson (msw) (@_msw_)Sun, 16 Jan 2022 17:18 GMT
Post details
Everyone wants to create something new to start a startup But there are so many open source projects that are widely used, but donāt have anyone offering support or custom dev You might not get huge valuations, but there are a thousand million-dollar businesses out thereDaniel Feldman.ehh (@d_feldman)Sat, 15 Jan 2022 06:17 GMT
Post details
Imagine how much worse this could have been (and how long it would have gone undetected) if the change was siphoning AWS credentials instead of graffiti in the terminal.
Post details
Looks like the AWS CDK is broken because the dependency on colors.js which has a totally hilarious bug: github.com/aws/aws-cdk/is⦠It shows "LIBERTY LIBERTY LIBERTY".Soenke Ruempler (@s0enke)Sun, 09 Jan 2022 18:43 GMT
Aidan W Steele (@__steele)Sun, 09 Jan 2022 23:22 GMT
Post details
Looks like the AWS CDK is broken because the dependency on colors.js which has a totally hilarious bug: github.com/aws/aws-cdk/is⦠It shows "LIBERTY LIBERTY LIBERTY".Soenke Ruempler (@s0enke)Sun, 09 Jan 2022 18:43 GMT
Post details
Thanks to this tip I just found out Datasette gets a mention in this academic paper! "What Else Is New? Open Data Users Need to Know Whatās Changed" computer.org/csdl/magazine/ā¦Post details
Well worth searching your GitHub URL with Google Scholar. E.g. scholar.google.com/scholar?q=gith⦠Great way to find out if your code has made it into any academic publications.Terence Eden (@edent)Sun, 09 Jan 2022 15:56 GMT
Simon Willison (@simonw)Mon, 10 Jan 2022 02:07 GMT
Nice, I've found one of my own projects in this which is pretty cool š¤
Post details
Well worth searching your GitHub URL with Google Scholar. E.g. scholar.google.com/scholar?q=gith⦠Great way to find out if your code has made it into any academic publications.Terence Eden (@edent)Sun, 09 Jan 2022 15:56 GMT
Post details
People screaming as someone fucked up their OSS code on purpose. If only there was some way AWS could have, you know, pinned a specific version of a package for cdk... Oh wait there was.Chris McKee (@chrismckee)Sun, 09 Jan 2022 23:49 GMT
Post details
How can we even start talking about supply chain security and sustainability if a maintainer publishing a bad npm package version breaks everyone instantly? Stable, deterministic pinning is table stakes. theverge.com/2022/1/9/22874ā¦Filippo ${jndi:ldap://filippo.io/t} Valsorda (@FiloSottile)Sun, 09 Jan 2022 22:23 GMT
Post details
I would say that once you start having *other* people contributing and maintaining is not fully *yours* anymore?
Hugo Rodrigues (@hugorodrigues)Fri, 07 Jan 2022 03:32 GMT
Post details
Nope. Absolutely, completely, incorrect. Total nonsense. OSS maintainers don't owe you anything. Says so right on the license. If you can't read, maybe stay off the internet.
Yawar Amin ŁŁŁ (@yawaramin)Sat, 08 Jan 2022 01:01 GMT
Post details
Often OSS developers make the world keep the lights on but aren't compensated for their time. Marak was struggling, asked help. Got nothing. In protest, removed his code and github suspended his account for removing something he owned the rights to.Sam (@metruzanca)Fri, 07 Jan 2022 01:07 GMT
Post details
I found a one-digit typo in the docs for Python's typing_extensions. I wanted to be a good community member and fix it. I had no idea how much frustration that one-char PR was about to cause. Brace yourselves as I take you along on this wild ride š§µ RT for reach appreciated šPredrag Gruevski (@PredragGruevski)Wed, 05 Jan 2022 17:36 GMT
Post details
If one wants to push a long-standing issue along, then donāt comment that, instead (if sensible in context) ask: āWhat can be done to push this issue forward? Are more details needed? More use cases? Someone doing a PR?ā Then it becomes collaborative rather than exploitative šPost details
Random comment on long-standing issue: Any updates on this? Me: would you like to work on it? Them: ā¦Matteo Collina (@matteocollina)Thu, 06 Jan 2022 17:04 GMT
Pelle Wessman (@voxpelli)Thu, 06 Jan 2022 18:30 GMT
Post details
Random comment on long-standing issue: Any updates on this? Me: would you like to work on it? Them: ā¦Matteo Collina (@matteocollina)Thu, 06 Jan 2022 17:04 GMT
Post details
As an engineer, @Neovim is critical infrastructure for my productivity, so I set up a monthly donation a few years ago through GitHub. It's great to be able to support a project that I rely on! āŗļøPost details
here's a recommendable new years resolution: donate in support of the critical open source tools you rely on. We do this at @discourse every year.Jeff Atwood (@codinghorror)Fri, 31 Dec 2021 00:27 GMT
Alex Gude (@alex_gude)Sat, 01 Jan 2022 15:40 GMT
Post details
here's a recommendable new years resolution: donate in support of the critical open source tools you rely on. We do this at @discourse every year.Jeff Atwood (@codinghorror)Fri, 31 Dec 2021 00:27 GMT
Post details
šš» For folks looking for concrete and impactful steps they can take that arenāt personal: divest from using Facebook tech in your projects. Vote with your tech stack. twitter.com/quinnypig/statā¦Post details
Let me be clear: I think the company is molten garbage, but that's a very different thing than dunking on the humans who work there. I don't want to be remembered for a lack of empathy towards other people.Corey Quinn (@QuinnyPig)Thu, 30 Dec 2021 02:17 GMT
Zach Leatherman (@zachleat)Thu, 30 Dec 2021 17:55 GMT
Post details
āThe customer has nuclear weaponsā is an unusual argument when inquiring whether a bug has been fixed yet, in an open source project. gcc.gnu.org/bugzilla/show_ā¦FX Coudert (@fxcoudert)Wed, 29 Dec 2021 14:53 GMT
Post details
did...did this person threaten an open source project with nukes when they asked to be paid?
Post details
āThe customer has nuclear weaponsā is an unusual argument when inquiring whether a bug has been fixed yet, in an open source project. gcc.gnu.org/bugzilla/show_ā¦FX Coudert (@fxcoudert)Wed, 29 Dec 2021 14:53 GMT
Manish (@ManishEarth)Wed, 29 Dec 2021 14:57 GMT
Post details
the most important thing about the log4j incident is that itās clear and incontrovertible evidence in support of whatever beliefs i already have about software development
henry š (@hdevalence)Mon, 13 Dec 2021 17:29 GMT
Post details
Just use an npm package.
Den Delimarsky (@DennisCode)Sun, 26 Dec 2021 05:17 GMT
Post details
there's something to be said for making some software to do something, calling it done, and then not updating it except maybe to fix things that break "move fast and break things" startup culture has leaked HARD into open source personal software; no commits this year = ""dead""artemis (@artemiseverfree)Mon, 27 Dec 2021 01:49 GMT
Post details
This is why I started charging for open source work thatās not to my schedule.
Post details
āOpen source maintainers are effectively unpaid outsourcing teams for giant corporations.ā dev.to/yawaramin/the-ā¦Ceej "Cat-Warmed" Silverio (@ceejbot)Sat, 25 Dec 2021 17:45 GMT
Jan Lehnardt (@janl)Sat, 25 Dec 2021 18:22 GMT
Post details
āOpen source maintainers are effectively unpaid outsourcing teams for giant corporations.ā dev.to/yawaramin/the-ā¦Ceej "Cat-Warmed" Silverio (@ceejbot)Sat, 25 Dec 2021 17:45 GMT
Post details
imagining a timeline where the log4j maintainers replied to the vuln disclosure with "ok, feel free to raise a PR"
Post details
this is *well* worth the read dev.to/yawaramin/the-ā¦cje (@caseyjohnellis)Thu, 23 Dec 2021 09:06 GMT
Matt "jira delenda est" Olson (@arachnocapital2)Sat, 25 Dec 2021 01:39 GMT
Post details
A precondition of employment (if any) is probably going to be "If I am working with a language using an open source toolchain and find a bug or enhancement for our code that can be addressed by pushing a patch upstream, I am allowed to open the PR without asking Legal."
futureš¦¹jubilee (@workingjubilee)Wed, 22 Dec 2021 20:30 GMT
Post details
Good news: Log4j is the only library you use thatās been trivially vulnerable for about a decade.haroon meer (@haroonmeer)Mon, 20 Dec 2021 11:12 GMT
Post details
If funding devs more could fix the bugs before it reaches users, Windows and Mac OS would be bug free.
Nicolas Dorier (@NicolasDorier)Sun, 19 Dec 2021 14:42 GMT
Post details
If the past week has taught us anything it's that people would rather depend on software they don't pay for, while complaining about it and it's maintainers (who are also not getting paid!)
Marit van Dijk (@MaritvanDijk77)Fri, 17 Dec 2021 06:03 GMT
Post details
the log4j ādecember to rememberā event this year features 0% financing on tech debt š®
Patrick Cable (@patcable)Fri, 17 Dec 2021 15:40 GMT
Post details
seems like the entire internet is built on either small open source projects run by a couple folkx for free, and the gigantic cloud infrastructure run by a couple of companies. when either one is borked, the world goes poof
Selena (@selenalarson)Wed, 15 Dec 2021 16:14 GMT
Post details
open source maintainers to developers with jobs:
I Am Devloper (@iamdevloper)Wed, 15 Dec 2021 15:55 GMT
Post details
this high-profile vulnerability in an open source project is really reinforcing my belief that, to a dominant portion of users, the primary important thing about free software is that it is gratis, rather than libre
cron mom (@sophaskins)Sun, 12 Dec 2021 23:58 GMT
Post details
but its not the log4j's responsibility to fix this in a timely fashion they didnt make any promises to any big corps about SLAs or any shit like that, and if there are **consequences** for those corps, that is FINE it might suck, but that's not the dev's responsibilityBeka Valentine (@beka_valentine)Sun, 12 Dec 2021 20:55 GMT
Post details
My team could spend an entire year reviewing the code from one ānpm installā. I donāt think itās really feasible to do code review across all OSS components. But funding? Absolutely.
April King š (@CubicleApril)Mon, 13 Dec 2021 15:11 GMT