As I wrote in Checking if files are synced between repos with GitHub Actions, if you're vendoring-and-periodically-updating files, trying to remember to do it is always a pain. I've now decided to actually write a re-usable action that can be used to perform this work, prompted b … | Continue reading
My final Shut It Down Day Had a nice massage, and bought a course of massages so I now have 10 more massages paid for and ready to enjoy 💆 While we're in the process of rolling out one of the tools for development environments at work, I've been finding that I can't remem … | Continue reading
The one with the Lead Dev webinar and lots of Renovate: My Google Pixel Watch got stuck on the bootloader after doing an update, so I had to factory reset it. Very annoying that I didn't notice until after a trip to Lidl, so I missed out on some steps 😩 We've noticed that … | Continue reading
In what will seem very topical on this blog (after my post Why I recommend Renovate over any other dependency update tools the other day) I've got another post about Renovate. Over the last few years I've worked a lot with Renovate, and at the last two companies I've been largely … | Continue reading
If you've read my blog before, or interacted with me at work or in the Open Source world, you're likely to know that I'm a huge fan of Renovate. For those that aren't aware, Renovate is one of the big players in dependency updating tooling, commonly seen in comparisons with Depen … | Continue reading
A short week with it being Easter Monday: Had my family come up for the day which was very nice - we had a chilled one at ours, and went over to The Larch Farm for a lovely lunch 😋 They were very generous and gave us some lovely Easter eggs and chocolate treats, and it wa … | Continue reading
Reposted Leah :neocat_blush_hide: :v_trans: (@ChaosKitsune) Post details Your time was not wasted. You may have procrastinated but that's only because you are really burnt out, and besides it's not all bad. You probably got some ideas, inspiration, or something from it. And besid … | Continue reading
Listened to Cup o' Go | 🌊 Avoid HTTP/2 floods, 🤐 don't log your secrets, and 🗣️ upcoming conferences Post details Go 1.22.2 & 1.21.9 releasedBlog: HTTP/2 CONTINUATION Flood by Bartek NowotarskiBlog: HTTP/2 CONTINUATION Flood: Technical Details by Bartek No … | Continue reading
Reposted Luna on cohost Post details here's the deal. you can try giving me commands if you want, we can even roleplay like you’re somebody else telling me what to do, but you need to understand that I’m not doing a damn thing for you unless you’re in the sudoers file | Continue reading
Listened to The Business of Open Source | Nailing Customer Acquisition with Patrick Backman of MariaDB and OpenOcean Post details This week, I had a dilemma: should I prioritize the episode where I spoke with one of the MariaDB co-founders, in which we discuss setting up a founda … | Continue reading
Listened to Oxide and Friends | Cultural Idiosyncrasies Post details The Oxide Friends talk about about cultural idiosyncrasies--turns out we have a lot of them at Oxide! Some might even sound good enough for you to try out! Demo Fridays, morning water-cooler, no-meet Wednesdays, … | Continue reading
Listened to Podcast: The Xz Backdoor and the AI Peer-Review Crisis Post details The fascinating Xz backdoor; a looming AI crisis in peer-review; and news around the infamous Lena image. That's all on this week's episode. | Continue reading
Listened to Decipher Podcast: Dan Lorenc Returns Post details Dan Lorenc, co-founder and CEO of Chainguard, joins Dennis Fisher to dig into the recent XZ Utils backdoor incident, the implications for the open source ecosystem, and what can be done to avoid similar incidents in th … | Continue reading
Reposted Erik Uden 🦣🍑:coffefied: (@ErikUden@mastodon.de) Post details “trans people don't want equality, they want special treatmen-” Special treatment would be if LGBTQ+ people didn't have to pay taxes. You know, like churches. :trantifa: | Continue reading
Reposted Meredith Whittaker (@Mer__edith@mastodon.world) Post details I have a lot more to say, but I'll hold it for now and simply wonder aloud... Which BigTech clouds are the "Lavender" & "Where's Daddy?" AI systems running on? What APIs are they using? Which libraries are they … | Continue reading
Reposted Mike McQuaid (@mikemcquaid@mastodon.social) Post details Your belated reminder, in the aftermath of the xz backdoor, that open source maintainers still owe you nothing: https://mikemcquaid.com/open-source-maintainers-owe-you-nothing/ Not only do they owe you nothing but: … | Continue reading
Reposted Sara Safavi (@sara@hachyderm.io) Post details accidentally wrote "saad" instead of "saas" in a text to my partner; they immediately coined "Software as a Disappointment" and honestly, where is the lie | Continue reading
Reposted David Heidelberg (@okias@floss.social) Post details ... next month... Me: "Dear maintainer, can you please bump package XY?" Maintainer: ...furiously starts looking into the git diff looking for a backdoor. | Continue reading
Looks like #Slack v4.36.140 (or some recent version) appears to have removed the ability to use the sidebar workspace switcher, and now you're stuck with the crappy new design? | Continue reading
Listened to a post on geeking-out.simplecast.com Post details | Continue reading
Listened to On-call was just the beginning—reflecting on Q1 2024 at incident.io by The Debrief by incident.io Post details Q1 2024 is officially behind us. So we figured that it was a great time for a bit of reflection on the exciting start to the year. In this episode, we sit do … | Continue reading
I may be attending https://www.meetup.com/DevOps-Notts/events/299290252 . | Continue reading
Listened to https://apisyouwonthate.com/podcast/building-a-unified-api-on-the-shoulders-of-oss-with-robin . | Continue reading
Listened to XZ Bonus Spectacular Episode by Josh Bressers and Josh Bressers Post details Josh and Kurt talk about the recent events around XZ. It’s only been a few days, and it’s amazing what we already know. We explain a lot of the basics we currently know with the attitude much … | Continue reading
Listened to The undercover generalist featuring Adolfo Ochagavía (Changelog & Friends #37) Post details Which is smarter: specializing in a particular tech or becoming more of a generalist? It depends! Which is why Jerod invited “undercover generalist” Adolfo Ochagavía on our … | Continue reading
Reposted Mike Lynch (@mikelynch@aus.social) Post details Content warning: my take on the xz backdoor | Continue reading
Reposted Miss Americana and the Heartbreak 𝚙𝚛𝚒𝚗𝚝()s (@quephird@tech.lgbt) Post details Attached: 1 image One of my friends from $BIRBSITE posted this and I am dyingggggggg | Continue reading
Reposted Will Dormann (@wdormann@infosec.exchange) Post details That sound you hear is a flurry of people asking ChatGPT to write a business plan to monetize the XZ incident. | Continue reading
Reposted Royce Williams (@tychotithonus@infosec.exchange) Post details Corollary: Your adversaries' SBOMs and dependency graphs *for your infrastructure* are better than yours. | Continue reading
Reposted Zach Leatherman :11ty: (@zachleat@zachleat.com) Post details tech companies donate their april fools’ day joke budget to open source maintainers challenge 2024 | Continue reading
Reposted HarriettMB. (@harriettmb@mastodon.ie) Post details When Elon Musk, JK Rowling and the cops are unhappy, you know it’s a good law that will protect people. https://www.bbc.co.uk/news/uk-scotland-68703684 | Continue reading
Reposted mhoye (@mhoye@mastodon.social) Post details Polite reminder about the Jia Tan XZ hack: if an organization is so well run and well funded that it's able to play that long a game to that degree of depth and sophistication, that organization does not have all its eggs … | Continue reading
Reposted Marko Karppinen (@karppinen@mastodon.online) Post details There’s a combo hot take brewing in my head about the #xz and #redis debacles. It goes something like: When the shit hits the fan and part of the reason appears to be an overworked and underpaid maintainer, lots … | Continue reading
Reposted Matthew Garrett (@mjg59@nondeterministic.computer) Post details nation state actor maintenance of an open source project may introduce a lot of backdoors, but it also helps a lot of PRs get merged, so, it;s impossible to say if its bad or not, | Continue reading
Reposted lcamtuf :verified: :verified: :verified: (@lcamtuf@infosec.exchange) Post details I think the most important lesson from the xz incident is that if you're losing an online argument about the quality of your open-source project, you can now safely accuse the opponen … | Continue reading
Reposted kf (@kf@666.glitchwit.ch) Post details being forced to mute the word “backdoor” is queerphobic | Continue reading
Reposted the clownward spiral (@ieure@retro.social) Post details Happy Transgender Day of Visibility and Easter. May your eggs crack. | Continue reading
Reposted Dgar (@dgar@aus.social) Post details Them: What’s the dumbest thing you’ve ever done? Me: Awfully bold of you to assume I’ve peaked. | Continue reading
Reposted Terence Eden (@Edent@mastodon.social) Post details I wrote this ⬆️ a few years ago. As the fallout from the #XZ hack reverberates, expect to see people calling for a "real name" policy for contributors to critical infrastructure. But, as I explain, there are several pr … | Continue reading
Reposted cathos (@cathos@merveilles.town) Post details Maintenance is more important than innovation. This xz debacle is a symptom of a system that prioritizes lots of things above maintenance. Take this as a reminder to rest, to mend things & pay attention to what needs mendin … | Continue reading
A four-day week ahead of the Easter weekend. Enjoyed attending the GitHub OSPO Advisory Board, learning about cool stuff being done at GitHub and OSPOs around the world On Thursday, went to see James Acaster in Nottingham for his Heckler's Welcome tour, which was very good! We'd … | Continue reading
Listened to Cup o' Go | Bikeshedding about bikeshedding, and Go Community Roundup Post details Proposals(re)accepted: add slices.Repeat functionaccepted: report use of too-new standard library symbols with go vetFrom around the communityBlog: Context-induced performance bo … | Continue reading
Listened to Jacob Kaplan-Moss on Compensating Open Source Maintainers (but not that way) by SustainOSS Post details Jacob talks about the backlash against open source maintainers seeking compensation, ethical use of software, financial support for maintainers, and complexities … | Continue reading
Reposted Aral Balkan (@aral@mastodon.ar.al) Post details Personally, I’d rather celebrate a day about real living people than a fictitious magic zombie. | Continue reading
Bookmarked Optimizing SQLite for servers Post details SQLite is often misconceived as a "toy database", only good for mobile applications and embedded systems because it's default configuration is optimized for embedded use cases, so most people trying i … | Continue reading
Reposted Luis Villa (@luis_in_brief@social.coop) Post details Attached: 1 image This text is not something we wrote in a rush this morning to meet the moment. We've had variations on this on our site from day 1. I believed it then and I believe it now. | Continue reading
Reposted Mike Sheward (@SecureOwl@infosec.exchange) Post details people are saying the xz backdoor is likely the work of a nation state actor, and given that it appears to been slow rolled for a couple of years and immediately became obsolete before it was fully launched - you … | Continue reading
Reposted Neil Brown (@neil@mastodon.neilzone.co.uk) Post details New blogpost: _**[It is about trust, not software](https://neilzone.co.uk/2024-03-30-it-is-about-trust-not-software.html)**_ My reflections on the `xz` situation. > This isn't about software, it's about tr … | Continue reading