Tag open-source

https://twitter.com/oleg_nenashev/status/1483705093153337346

... but pure altruism isn't scalable, it's difficult to build a big community just on that. There're many advantages of participating pro-bono: learning/mentorship, portfolio, addressing your own needs, exposure, etc. These reasons are totally valid, and they can be win-win

Oleg Nenashev (@oleg_nenashev)Wed, 19 Jan 2022 07:42 GMT

https://twitter.com/oleg_nenashev/status/1483691924452265988

For what it worth, there are many small projects being maintained by solo maintainers. Their time investment is way beyond direct and indirect benefits they get for it. This is where altruism takes place, and it should be appreciated. Kudos to these maintainers🙏

Oleg Nenashev (@oleg_nenashev)Wed, 19 Jan 2022 07:37 GMT

https://twitter.com/IAmJerdog/status/1483494934841901063

Pure altruism of maintainers

Oleg Nenashev (@oleg_nenashev)Wed, 19 Jan 2022 06:44 GMT

"Securing the (open source) software supply chain" naturally focuses attention "upstream" in the supply chain. And there is so much to do _downstream_ in how we assemble and operate software more securely. Improvements downstream don't need to wait on investments upstream.

Matthew S. Wilson (msw) (@_msw_)Sun, 16 Jan 2022 17:18 GMT

Everyone wants to create something new to start a startup But there are so many open source projects that are widely used, but don’t have anyone offering support or custom dev You might not get huge valuations, but there are a thousand million-dollar businesses out there

Daniel Feldman.ehh (@d_feldman)Sat, 15 Jan 2022 06:17 GMT

Looks like the AWS CDK is broken because the dependency on colors.js which has a totally hilarious bug: github.com/aws/aws-cdk/is… It shows "LIBERTY LIBERTY LIBERTY".

Soenke Ruempler (@s0enke)Sun, 09 Jan 2022 18:43 GMT

Thanks to this tip I just found out Datasette gets a mention in this academic paper! "What Else Is New? Open Data Users Need to Know What’s Changed" computer.org/csdl/magazine/…

Post details

Well worth searching your GitHub URL with Google Scholar. E.g. scholar.google.com/scholar?q=gith… Great way to find out if your code has made it into any academic publications.

Terence Eden (@edent)Sun, 09 Jan 2022 15:56 GMT

Simon Willison (@simonw)Mon, 10 Jan 2022 02:07 GMT

People screaming as someone fucked up their OSS code on purpose. If only there was some way AWS could have, you know, pinned a specific version of a package for cdk... Oh wait there was.

Chris McKee (@chrismckee)Sun, 09 Jan 2022 23:49 GMT

How can we even start talking about supply chain security and sustainability if a maintainer publishing a bad npm package version breaks everyone instantly? Stable, deterministic pinning is table stakes. theverge.com/2022/1/9/22874…

Filippo ${jndi:ldap://filippo.io/t} Valsorda (@FiloSottile)Sun, 09 Jan 2022 22:23 GMT

https://twitter.com/odarbelaeze/status/1479284733670567939

I would say that once you start having *other* people contributing and maintaining is not fully *yours* anymore?

Hugo Rodrigues (@hugorodrigues)Fri, 07 Jan 2022 03:32 GMT

https://twitter.com/PhIegethon/status/1479516388100395009

Nope. Absolutely, completely, incorrect. Total nonsense. OSS maintainers don't owe you anything. Says so right on the license. If you can't read, maybe stay off the internet.

Yawar Amin لول (@yawaramin)Sat, 08 Jan 2022 01:01 GMT

https://twitter.com/JoshuaKGoldberg/status/1479235187582148609

Often OSS developers make the world keep the lights on but aren't compensated for their time. Marak was struggling, asked help. Got nothing. In protest, removed his code and github suspended his account for removing something he owned the rights to.

Sam (@metruzanca)Fri, 07 Jan 2022 01:07 GMT

I found a one-digit typo in the docs for Python's typing_extensions. I wanted to be a good community member and fix it. I had no idea how much frustration that one-char PR was about to cause. Brace yourselves as I take you along on this wild ride 🧵 RT for reach appreciated 🙏

Predrag Gruevski (@PredragGruevski)Wed, 05 Jan 2022 17:36 GMT

If one wants to push a long-standing issue along, then don’t comment that, instead (if sensible in context) ask: “What can be done to push this issue forward? Are more details needed? More use cases? Someone doing a PR?” Then it becomes collaborative rather than exploitative 👍

Post details

Random comment on long-standing issue: Any updates on this? Me: would you like to work on it? Them: …

Matteo Collina (@matteocollina)Thu, 06 Jan 2022 17:04 GMT

Pelle Wessman (@voxpelli)Thu, 06 Jan 2022 18:30 GMT

Random comment on long-standing issue: Any updates on this? Me: would you like to work on it? Them: …

Matteo Collina (@matteocollina)Thu, 06 Jan 2022 17:04 GMT

As an engineer, @Neovim is critical infrastructure for my productivity, so I set up a monthly donation a few years ago through GitHub. It's great to be able to support a project that I rely on! ☺️

Post details

here's a recommendable new years resolution: donate in support of the critical open source tools you rely on. We do this at @discourse every year.

Jeff Atwood (@codinghorror)Fri, 31 Dec 2021 00:27 GMT

Alex Gude (@alex_gude)Sat, 01 Jan 2022 15:40 GMT

here's a recommendable new years resolution: donate in support of the critical open source tools you rely on. We do this at @discourse every year.

Jeff Atwood (@codinghorror)Fri, 31 Dec 2021 00:27 GMT

👍🏻 For folks looking for concrete and impactful steps they can take that aren’t personal: divest from using Facebook tech in your projects. Vote with your tech stack. twitter.com/quinnypig/stat…

Post details

https://twitter.com/QuinnyPig/status/1476372236776849408

Let me be clear: I think the company is molten garbage, but that's a very different thing than dunking on the humans who work there. I don't want to be remembered for a lack of empathy towards other people.

Corey Quinn (@QuinnyPig)Thu, 30 Dec 2021 02:17 GMT

Zach Leatherman (@zachleat)Thu, 30 Dec 2021 17:55 GMT

“The customer has nuclear weapons” is an unusual argument when inquiring whether a bug has been fixed yet, in an open source project. gcc.gnu.org/bugzilla/show_…

FX Coudert (@fxcoudert)Wed, 29 Dec 2021 14:53 GMT

did...did this person threaten an open source project with nukes when they asked to be paid?

Post details

“The customer has nuclear weapons” is an unusual argument when inquiring whether a bug has been fixed yet, in an open source project. gcc.gnu.org/bugzilla/show_…

FX Coudert (@fxcoudert)Wed, 29 Dec 2021 14:53 GMT

Manish (@ManishEarth)Wed, 29 Dec 2021 14:57 GMT

the most important thing about the log4j incident is that it’s clear and incontrovertible evidence in support of whatever beliefs i already have about software development

henry 🌘 (@hdevalence)Mon, 13 Dec 2021 17:29 GMT

Just use an npm package.

Den Delimarsky (@DennisCode)Sun, 26 Dec 2021 05:17 GMT

there's something to be said for making some software to do something, calling it done, and then not updating it except maybe to fix things that break "move fast and break things" startup culture has leaked HARD into open source personal software; no commits this year = ""dead""

artemis (@artemiseverfree)Mon, 27 Dec 2021 01:49 GMT

This is why I started charging for open source work that’s not to my schedule.

Post details

“Open source maintainers are effectively unpaid outsourcing teams for giant corporations.” dev.to/yawaramin/the-…

Ceej "Cat-Warmed" Silverio (@ceejbot)Sat, 25 Dec 2021 17:45 GMT

Jan Lehnardt (@janl)Sat, 25 Dec 2021 18:22 GMT

“Open source maintainers are effectively unpaid outsourcing teams for giant corporations.” dev.to/yawaramin/the-…

Ceej "Cat-Warmed" Silverio (@ceejbot)Sat, 25 Dec 2021 17:45 GMT

imagining a timeline where the log4j maintainers replied to the vuln disclosure with "ok, feel free to raise a PR"

Post details

this is *well* worth the read dev.to/yawaramin/the-…

cje (@caseyjohnellis)Thu, 23 Dec 2021 09:06 GMT

Matt "jira delenda est" Olson (@arachnocapital2)Sat, 25 Dec 2021 01:39 GMT

A precondition of employment (if any) is probably going to be "If I am working with a language using an open source toolchain and find a bug or enhancement for our code that can be addressed by pushing a patch upstream, I am allowed to open the PR without asking Legal."

future🦹jubilee (@workingjubilee)Wed, 22 Dec 2021 20:30 GMT

Good news: Log4j is the only library you use that’s been trivially vulnerable for about a decade.

haroon meer (@haroonmeer)Mon, 20 Dec 2021 11:12 GMT

https://twitter.com/Narodism/status/1472541647909146629

If funding devs more could fix the bugs before it reaches users, Windows and Mac OS would be bug free.

Nicolas Dorier (@NicolasDorier)Sun, 19 Dec 2021 14:42 GMT

https://twitter.com/starbuxman/status/1471635197292466177

If the past week has taught us anything it's that people would rather depend on software they don't pay for, while complaining about it and it's maintainers (who are also not getting paid!)

Marit van Dijk (@MaritvanDijk77)Fri, 17 Dec 2021 06:03 GMT

the log4j “december to remember” event this year features 0% financing on tech debt 😮

Patrick Cable (@patcable)Fri, 17 Dec 2021 15:40 GMT

seems like the entire internet is built on either small open source projects run by a couple folkx for free, and the gigantic cloud infrastructure run by a couple of companies. when either one is borked, the world goes poof

Selena (@selenalarson)Wed, 15 Dec 2021 16:14 GMT

open source maintainers to developers with jobs:

I Am Devloper (@iamdevloper)Wed, 15 Dec 2021 15:55 GMT

this high-profile vulnerability in an open source project is really reinforcing my belief that, to a dominant portion of users, the primary important thing about free software is that it is gratis, rather than libre

cron mom (@sophaskins)Sun, 12 Dec 2021 23:58 GMT

https://twitter.com/beka_valentine/status/1470134831262564353

but its not the log4j's responsibility to fix this in a timely fashion they didnt make any promises to any big corps about SLAs or any shit like that, and if there are **consequences** for those corps, that is FINE it might suck, but that's not the dev's responsibility

Beka Valentine (@beka_valentine)Sun, 12 Dec 2021 20:55 GMT

https://twitter.com/bagder/status/1470409522229428225

My team could spend an entire year reviewing the code from one “npm install”. I don’t think it’s really feasible to do code review across all OSS components. But funding? Absolutely.

April King 🌀 (@CubicleApril)Mon, 13 Dec 2021 15:11 GMT