Listened to Podcast: The Xz Backdoor and the AI Peer-Review Crisis Post details The fascinating Xz backdoor; a looming AI crisis in peer-review; and news around the infamous Lena image. That's all on this week's episode. | Continue reading
Listened to Decipher Podcast: Dan Lorenc Returns Post details Dan Lorenc, co-founder and CEO of Chainguard, joins Dennis Fisher to dig into the recent XZ Utils backdoor incident, the implications for the open source ecosystem, and what can be done to avoid similar incidents in th … | Continue reading
Reposted Erik Uden 🦣🍑:coffefied: (@ErikUden@mastodon.de) Post details “trans people don't want equality, they want special treatmen-” Special treatment would be if LGBTQ+ people didn't have to pay taxes. You know, like churches. :trantifa: | Continue reading
Reposted Meredith Whittaker (@Mer__edith@mastodon.world) Post details I have a lot more to say, but I'll hold it for now and simply wonder aloud... Which BigTech clouds are the "Lavender" & "Where's Daddy?" AI systems running on? What APIs are they using? Which libraries are they … | Continue reading
Reposted Mike McQuaid (@mikemcquaid@mastodon.social) Post details Your belated reminder, in the aftermath of the xz backdoor, that open source maintainers still owe you nothing: https://mikemcquaid.com/open-source-maintainers-owe-you-nothing/ Not only do they owe you nothing but: … | Continue reading
Reposted Sara Safavi (@sara@hachyderm.io) Post details accidentally wrote "saad" instead of "saas" in a text to my partner; they immediately coined "Software as a Disappointment" and honestly, where is the lie | Continue reading
Reposted David Heidelberg (@okias@floss.social) Post details ... next month... Me: "Dear maintainer, can you please bump package XY?" Maintainer: ...furiously starts looking into the git diff looking for a backdoor. | Continue reading
Looks like #Slack v4.36.140 (or some recent version) appears to have removed the ability to use the sidebar workspace switcher, and now you're stuck with the crappy new design? | Continue reading
Listened to a post on geeking-out.simplecast.com Post details | Continue reading
Listened to On-call was just the beginning—reflecting on Q1 2024 at incident.io by The Debrief by incident.io Post details Q1 2024 is officially behind us. So we figured that it was a great time for a bit of reflection on the exciting start to the year. In this episode, we sit do … | Continue reading
I may be attending https://www.meetup.com/DevOps-Notts/events/299290252 . | Continue reading
Listened to https://apisyouwonthate.com/podcast/building-a-unified-api-on-the-shoulders-of-oss-with-robin . | Continue reading
Listened to XZ Bonus Spectacular Episode by Josh Bressers and Josh Bressers Post details Josh and Kurt talk about the recent events around XZ. It’s only been a few days, and it’s amazing what we already know. We explain a lot of the basics we currently know with the attitude much … | Continue reading
Listened to The undercover generalist featuring Adolfo Ochagavía (Changelog & Friends #37) Post details Which is smarter: specializing in a particular tech or becoming more of a generalist? It depends! Which is why Jerod invited “undercover generalist” Adolfo Ochagavía on our … | Continue reading
Reposted Mike Lynch (@mikelynch@aus.social) Post details Content warning: my take on the xz backdoor | Continue reading
Reposted Miss Americana and the Heartbreak 𝚙𝚛𝚒𝚗𝚝()s (@quephird@tech.lgbt) Post details Attached: 1 image One of my friends from $BIRBSITE posted this and I am dyingggggggg | Continue reading
Reposted Will Dormann (@wdormann@infosec.exchange) Post details That sound you hear is a flurry of people asking ChatGPT to write a business plan to monetize the XZ incident. | Continue reading
Reposted Royce Williams (@tychotithonus@infosec.exchange) Post details Corollary: Your adversaries' SBOMs and dependency graphs *for your infrastructure* are better than yours. | Continue reading
Reposted Zach Leatherman :11ty: (@zachleat@zachleat.com) Post details tech companies donate their april fools’ day joke budget to open source maintainers challenge 2024 | Continue reading
Reposted HarriettMB. (@harriettmb@mastodon.ie) Post details When Elon Musk, JK Rowling and the cops are unhappy, you know it’s a good law that will protect people. https://www.bbc.co.uk/news/uk-scotland-68703684 | Continue reading
Reposted mhoye (@mhoye@mastodon.social) Post details Polite reminder about the Jia Tan XZ hack: if an organization is so well run and well funded that it's able to play that long a game to that degree of depth and sophistication, that organization does not have all its eggs … | Continue reading
Reposted Marko Karppinen (@karppinen@mastodon.online) Post details There’s a combo hot take brewing in my head about the #xz and #redis debacles. It goes something like: When the shit hits the fan and part of the reason appears to be an overworked and underpaid maintainer, lots … | Continue reading
Reposted Matthew Garrett (@mjg59@nondeterministic.computer) Post details nation state actor maintenance of an open source project may introduce a lot of backdoors, but it also helps a lot of PRs get merged, so, it;s impossible to say if its bad or not, | Continue reading
Reposted lcamtuf :verified: :verified: :verified: (@lcamtuf@infosec.exchange) Post details I think the most important lesson from the xz incident is that if you're losing an online argument about the quality of your open-source project, you can now safely accuse the opponen … | Continue reading
Reposted kf (@kf@666.glitchwit.ch) Post details being forced to mute the word “backdoor” is queerphobic | Continue reading
Reposted the clownward spiral (@ieure@retro.social) Post details Happy Transgender Day of Visibility and Easter. May your eggs crack. | Continue reading
Reposted Dgar (@dgar@aus.social) Post details Them: What’s the dumbest thing you’ve ever done? Me: Awfully bold of you to assume I’ve peaked. | Continue reading
Reposted Terence Eden (@Edent@mastodon.social) Post details I wrote this ⬆️ a few years ago. As the fallout from the #XZ hack reverberates, expect to see people calling for a "real name" policy for contributors to critical infrastructure. But, as I explain, there are several pr … | Continue reading
Reposted cathos (@cathos@merveilles.town) Post details Maintenance is more important than innovation. This xz debacle is a symptom of a system that prioritizes lots of things above maintenance. Take this as a reminder to rest, to mend things & pay attention to what needs mendin … | Continue reading
A four-day week ahead of the Easter weekend. Enjoyed attending the GitHub OSPO Advisory Board, learning about cool stuff being done at GitHub and OSPOs around the world On Thursday, went to see James Acaster in Nottingham for his Heckler's Welcome tour, which was very good! We'd … | Continue reading
Listened to Cup o' Go | Bikeshedding about bikeshedding, and Go Community Roundup Post details Proposals(re)accepted: add slices.Repeat functionaccepted: report use of too-new standard library symbols with go vetFrom around the communityBlog: Context-induced performance bo … | Continue reading
Listened to Jacob Kaplan-Moss on Compensating Open Source Maintainers (but not that way) by SustainOSS Post details Jacob talks about the backlash against open source maintainers seeking compensation, ethical use of software, financial support for maintainers, and complexities … | Continue reading
Reposted Aral Balkan (@aral@mastodon.ar.al) Post details Personally, I’d rather celebrate a day about real living people than a fictitious magic zombie. | Continue reading
Bookmarked Optimizing SQLite for servers Post details SQLite is often misconceived as a "toy database", only good for mobile applications and embedded systems because it's default configuration is optimized for embedded use cases, so most people trying i … | Continue reading
Reposted Luis Villa (@luis_in_brief@social.coop) Post details Attached: 1 image This text is not something we wrote in a rush this morning to meet the moment. We've had variations on this on our site from day 1. I believed it then and I believe it now. | Continue reading
Reposted Mike Sheward (@SecureOwl@infosec.exchange) Post details people are saying the xz backdoor is likely the work of a nation state actor, and given that it appears to been slow rolled for a couple of years and immediately became obsolete before it was fully launched - you … | Continue reading
Reposted Neil Brown (@neil@mastodon.neilzone.co.uk) Post details New blogpost: _**[It is about trust, not software](https://neilzone.co.uk/2024-03-30-it-is-about-trust-not-software.html)**_ My reflections on the `xz` situation. > This isn't about software, it's about tr … | Continue reading
Reposted Aaron Patterson ✅ (@tenderlove@mastodon.social) Post details "open source needs more funding!" *nation state pays for backdoor* "not like that!" | Continue reading
Listened to SoCal Linux Expo with SCaLE attendees (Ship It! #97) Post details Justin & Autumn take you with them to the 2024 SoCal Linux Expo where they asked six fellow attendees about their favorite open source projects and their least favorite commands. | Continue reading
CVE-2024-3094 This evening, it was announced by Andres Freund that there is backdoored code in xz and liblzma: I accidentally found a security issue while benchmarking postgres changes. If you run debian testing, unstable or some other more "bleeding edge" distribution, I strongl … | Continue reading
Reposted The Seven Voyages Of Steve (@sinbad@mastodon.gamedev.place) Post details I feel like subscriptions have generally made software quality worse. There was an argument that having to make paid upgrades to generate revenue to pay salaries put pressure on companies to change … | Continue reading
Reposted Eloy (@eloy@hsnl.social) Post details @noracodes@tenforward.social IMHO you should pay for open source if you are making a profit on it. Lots of companies are reselling proprietary software and are paying for licenses without having specific feature wishes for the softwa … | Continue reading
Reposted Forrest Brazeal (@forrestbrazeal@hachyderm.io) Post details "Vendor lock-in"? They wish. All these vendors are locked in here with ME. | Continue reading
Listened to Questions from a new Go developer (Go Time #308) Post details In this episode we answer any/all questions from a new Go developer. Features, best practices, quirks of the language… it’s all on the table for discussion. | Continue reading
Listened to Cup o' Go | 🚫 Computer says "No" 🧝 Plus one shell to rule them all with xiaq Post details 🇮🇹 GoLab 2024 coming up Nov 11-13 in Florence ItallyCFP open through May 1Proposals🚫 Declined: time.Parse: letter-based formats🚫 D … | Continue reading
A last day in Rome, travel home, and then back to work. On Monday, Anna had booked a pasta + tiramisu making course with my parents, which was a lot of fun, and a lot of work 😅 Was interesting to see just how much work a single portion of fresh pasta (ravioli and fettucci … | Continue reading
A lovely first week in Florence and Rome - ahead of my 30th birthday on Sunday: A very early flight (waking up at 0400 😵 - and glad we had a good buffer as the roads + satnav were a little confusing - but glad to have arrived in Rome in good time, and able to take the tra … | Continue reading