Reposted Jason Koebler (@jasonkoebler@mastodon.social) Post details New: OpenAI—a company that has indiscriminately scraped vast amounts of human knowledge to build a company valued at roughly $80 billion—has made a copyright complaint against the ChatGPT subreddit because it use … | Continue reading
Reposted Paul Haddad :tapbots_logo: (@paul@tapbots.social) Post details Attached: 1 image Yikes, bailing on the platform you funded because they are worried about safety is quite the stand. https://www.piratewires.com/p/interview-with-jack-dorsey-mike-solana | Continue reading
I've responsibly disclosed my first security vulnerability 👏 Not only that, but it was actually a problem, and it was fixed very quickly, and I've ended up getting a payout for it! Not bad for my first, lucky, discovery 😄 Report Below is the report that I shared w … | Continue reading
Note that this is a copy of the announcement on GitHub. [!NOTE] TL;DR: Maintenance of oapi-codegen is largely done for free, on the maintainers' personal time. We'd like to move to a more sustainable model by getting companies who use us to sponsor us. At this time, Jamie, one of … | Continue reading
Note that this is a copy of the announcement on GitHub. [!IMPORTANT] TL;DR: We're moving oapi-codegen to a new GitHub organisation. Nothing is changing as part of this move, aside from our module import path. The goal is to find a long term home for oapi-codegen because Deepmap n … | Continue reading
Another busy week at work We've postponed on-call changes to next week to finalise a few things But, as it was Labor Day in most parts of the world on Wednesday, I was effectively the only one in on my team to support a high-priority, internal-only incident so felt like I was on … | Continue reading
As I wrote a few weeks ago I'm a big fan of Renovate. I've been using Renovate for ~5 years as a user and as an operator, using a variety of hosted and self-hosted options, leading me to being seen as "the Renovate person". Through this experience, I've learned a lot about Renova … | Continue reading
The second week of work being super busy 🥱 This coming week is the first week of our new on-call/host-of-the-week, so there's going to be a lot less context switching and (internal) customer support Meant there's been a fair bit less free brain time outside of work as it' … | Continue reading
As I wrote in Checking if files are synced between repos with GitHub Actions, if you're vendoring-and-periodically-updating files, trying to remember to do it is always a pain. I've now decided to actually write a re-usable action that can be used to perform this work, prompted b … | Continue reading
My final Shut It Down Day Had a nice massage, and bought a course of massages so I now have 10 more massages paid for and ready to enjoy 💆 While we're in the process of rolling out one of the tools for development environments at work, I've been finding that I can't remem … | Continue reading
The one with the Lead Dev webinar and lots of Renovate: My Google Pixel Watch got stuck on the bootloader after doing an update, so I had to factory reset it. Very annoying that I didn't notice until after a trip to Lidl, so I missed out on some steps 😩 We've noticed that … | Continue reading
In what will seem very topical on this blog (after my post Why I recommend Renovate over any other dependency update tools the other day) I've got another post about Renovate. Over the last few years I've worked a lot with Renovate, and at the last two companies I've been largely … | Continue reading
If you've read my blog before, or interacted with me at work or in the Open Source world, you're likely to know that I'm a huge fan of Renovate. For those that aren't aware, Renovate is one of the big players in dependency updating tooling, commonly seen in comparisons with Depen … | Continue reading
A short week with it being Easter Monday: Had my family come up for the day which was very nice - we had a chilled one at ours, and went over to The Larch Farm for a lovely lunch 😋 They were very generous and gave us some lovely Easter eggs and chocolate treats, and it wa … | Continue reading
Reposted Leah :neocat_blush_hide: :v_trans: (@ChaosKitsune) Post details Your time was not wasted. You may have procrastinated but that's only because you are really burnt out, and besides it's not all bad. You probably got some ideas, inspiration, or something from it. And besid … | Continue reading
Listened to Cup o' Go | 🌊 Avoid HTTP/2 floods, 🤐 don't log your secrets, and 🗣️ upcoming conferences Post details Go 1.22.2 & 1.21.9 releasedBlog: HTTP/2 CONTINUATION Flood by Bartek NowotarskiBlog: HTTP/2 CONTINUATION Flood: Technical Details by Bartek No … | Continue reading
Reposted Luna on cohost Post details here's the deal. you can try giving me commands if you want, we can even roleplay like you’re somebody else telling me what to do, but you need to understand that I’m not doing a damn thing for you unless you’re in the sudoers file | Continue reading
Listened to The Business of Open Source | Nailing Customer Acquisition with Patrick Backman of MariaDB and OpenOcean Post details This week, I had a dilemma: should I prioritize the episode where I spoke with one of the MariaDB co-founders, in which we discuss setting up a founda … | Continue reading
Listened to Oxide and Friends | Cultural Idiosyncrasies Post details The Oxide Friends talk about about cultural idiosyncrasies--turns out we have a lot of them at Oxide! Some might even sound good enough for you to try out! Demo Fridays, morning water-cooler, no-meet Wednesdays, … | Continue reading
Listened to Podcast: The Xz Backdoor and the AI Peer-Review Crisis Post details The fascinating Xz backdoor; a looming AI crisis in peer-review; and news around the infamous Lena image. That's all on this week's episode. | Continue reading
Listened to Decipher Podcast: Dan Lorenc Returns Post details Dan Lorenc, co-founder and CEO of Chainguard, joins Dennis Fisher to dig into the recent XZ Utils backdoor incident, the implications for the open source ecosystem, and what can be done to avoid similar incidents in th … | Continue reading
Reposted Erik Uden 🦣🍑:coffefied: (@ErikUden@mastodon.de) Post details “trans people don't want equality, they want special treatmen-” Special treatment would be if LGBTQ+ people didn't have to pay taxes. You know, like churches. :trantifa: | Continue reading
Reposted Meredith Whittaker (@Mer__edith@mastodon.world) Post details I have a lot more to say, but I'll hold it for now and simply wonder aloud... Which BigTech clouds are the "Lavender" & "Where's Daddy?" AI systems running on? What APIs are they using? Which libraries are they … | Continue reading
Reposted Mike McQuaid (@mikemcquaid@mastodon.social) Post details Your belated reminder, in the aftermath of the xz backdoor, that open source maintainers still owe you nothing: https://mikemcquaid.com/open-source-maintainers-owe-you-nothing/ Not only do they owe you nothing but: … | Continue reading
Reposted Sara Safavi (@sara@hachyderm.io) Post details accidentally wrote "saad" instead of "saas" in a text to my partner; they immediately coined "Software as a Disappointment" and honestly, where is the lie | Continue reading
Reposted David Heidelberg (@okias@floss.social) Post details ... next month... Me: "Dear maintainer, can you please bump package XY?" Maintainer: ...furiously starts looking into the git diff looking for a backdoor. | Continue reading
Looks like #Slack v4.36.140 (or some recent version) appears to have removed the ability to use the sidebar workspace switcher, and now you're stuck with the crappy new design? | Continue reading
Listened to a post on geeking-out.simplecast.com Post details | Continue reading
Listened to On-call was just the beginning—reflecting on Q1 2024 at incident.io by The Debrief by incident.io Post details Q1 2024 is officially behind us. So we figured that it was a great time for a bit of reflection on the exciting start to the year. In this episode, we sit do … | Continue reading
I may be attending https://www.meetup.com/DevOps-Notts/events/299290252 . | Continue reading
Listened to https://apisyouwonthate.com/podcast/building-a-unified-api-on-the-shoulders-of-oss-with-robin . | Continue reading
Listened to XZ Bonus Spectacular Episode by Josh Bressers and Josh Bressers Post details Josh and Kurt talk about the recent events around XZ. It’s only been a few days, and it’s amazing what we already know. We explain a lot of the basics we currently know with the attitude much … | Continue reading
Listened to The undercover generalist featuring Adolfo Ochagavía (Changelog & Friends #37) Post details Which is smarter: specializing in a particular tech or becoming more of a generalist? It depends! Which is why Jerod invited “undercover generalist” Adolfo Ochagavía on our … | Continue reading
Reposted Miss Americana and the Heartbreak 𝚙𝚛𝚒𝚗𝚝()s (@quephird@tech.lgbt) Post details Attached: 1 image One of my friends from $BIRBSITE posted this and I am dyingggggggg | Continue reading
Reposted Mike Lynch (@mikelynch@aus.social) Post details Content warning: my take on the xz backdoor | Continue reading
Reposted Will Dormann (@wdormann@infosec.exchange) Post details That sound you hear is a flurry of people asking ChatGPT to write a business plan to monetize the XZ incident. | Continue reading
Reposted Royce Williams (@tychotithonus@infosec.exchange) Post details Corollary: Your adversaries' SBOMs and dependency graphs *for your infrastructure* are better than yours. | Continue reading
Reposted Zach Leatherman :11ty: (@zachleat@zachleat.com) Post details tech companies donate their april fools’ day joke budget to open source maintainers challenge 2024 | Continue reading
Reposted mhoye (@mhoye@mastodon.social) Post details Polite reminder about the Jia Tan XZ hack: if an organization is so well run and well funded that it's able to play that long a game to that degree of depth and sophistication, that organization does not have all its eggs … | Continue reading
Reposted HarriettMB. (@harriettmb@mastodon.ie) Post details When Elon Musk, JK Rowling and the cops are unhappy, you know it’s a good law that will protect people. https://www.bbc.co.uk/news/uk-scotland-68703684 | Continue reading
Reposted Marko Karppinen (@karppinen@mastodon.online) Post details There’s a combo hot take brewing in my head about the #xz and #redis debacles. It goes something like: When the shit hits the fan and part of the reason appears to be an overworked and underpaid maintainer, lots … | Continue reading
Reposted Matthew Garrett (@mjg59@nondeterministic.computer) Post details nation state actor maintenance of an open source project may introduce a lot of backdoors, but it also helps a lot of PRs get merged, so, it;s impossible to say if its bad or not, | Continue reading
Reposted kf (@kf@666.glitchwit.ch) Post details being forced to mute the word “backdoor” is queerphobic | Continue reading
Reposted lcamtuf :verified: :verified: :verified: (@lcamtuf@infosec.exchange) Post details I think the most important lesson from the xz incident is that if you're losing an online argument about the quality of your open-source project, you can now safely accuse the opponen … | Continue reading
Reposted the clownward spiral (@ieure@retro.social) Post details Happy Transgender Day of Visibility and Easter. May your eggs crack. | Continue reading
Reposted Dgar (@dgar@aus.social) Post details Them: What’s the dumbest thing you’ve ever done? Me: Awfully bold of you to assume I’ve peaked. | Continue reading
Reposted Terence Eden (@Edent@mastodon.social) Post details I wrote this ⬆️ a few years ago. As the fallout from the #XZ hack reverberates, expect to see people calling for a "real name" policy for contributors to critical infrastructure. But, as I explain, there are several pr … | Continue reading
Reposted cathos (@cathos@merveilles.town) Post details Maintenance is more important than innovation. This xz debacle is a symptom of a system that prioritizes lots of things above maintenance. Take this as a reminder to rest, to mend things & pay attention to what needs mendin … | Continue reading