In which an unpaid open-source maintainer gets help from companies using the software to attack a particularly complex and ugly bug: blog.hartwork.org/posts/expat-…
Good on Sebastian and on the companies that stepped up!
Also, recursion is often bad.
#oss
I've been involved in the open-source movement in some capacity for almost a quarter century now. In all that time, I've seen a steady stream of assertions about how "open source has failed". We ignored them and we kept building.
Here's the thing: in 2003 it was from large, powerful, mainstream sources: MSNBC, NYT, etc.
Now I only see it from luddites, puritopians, and other do-nothings. Almost everyone else has to take us seriously.
Keep doing the work, my friends.
A few days ago, a client of mine asked me to install an open-source software (which I won’t name for now). The software has only one official installation method: Docker. This is because, as they themselves admit, it has a huge number of dependencies - some quite outdated - that need to be carefully managed and forced into place; otherwise, nothing works.
I tried replicating the same setup on FreeBSD but didn’t succeed, as some dependencies either aren’t compatible or simply refuse to run. I could try finding workarounds, but I can already picture the chaos every time an update is needed.
So, I decided to build it via Docker to get a better sense of what we’re dealing with. The sheer number of dependencies that Node pulls in is impressive, but even more staggering is the number of warnings and errors it spits out: deprecated and unsupported packages, security vulnerabilities, generic warnings- you name it, and there’s plenty of it.
Since my client needs to launch this service but is subject to audits, they want to be fully compliant and ensure security. Given their substantial budget, they offered financial support to the developers (a company, not just a group of hobbyists) to help improve the project either by making it FreeBSD - compatible or, at the very least, by reducing dependencies with critical vulnerabilities. The client was willing to pay a significant sum, and since the improvements would be open-source, everyone would benefit.
The response from the team? A flat-out refusal. They claimed they couldn’t accept any amount of money because many of these dependencies are "necessary and irreplaceable, as parts of the code relying on them were written by people who no longer work on the project, and we can’t rewrite the core of the software.” Then came the part that really got under my skin: they stated they would rather deal directly “with my client, not with me, because in the end, my concerns are just useless and irrational paranoia.”
Translation? Just pay, and you’ll pass compliance checks - never mind the fact that underneath, it’s a tangled mess of outdated and insecure components. And don’t make a fuss about it.
While I can understand some of the challenges the team faces, I might have accepted this response if it had come from a group of volunteers or hobbyists. But if you’re a company whose sole business revolves around a single software product (with no real competition at the moment), this approach is not just short-sighted - it’s outright dangerous for your users’ security and for your own survival as a business.
The result? They lost a paying client who was ready to invest a significant budget into their software. That budget will now go elsewhere. My client is considering hiring developers to build a similar project with better security (they have both the time and the money for it). I’ll do my best to convince them to release it as open-source - at which point, a new “competitor” will emerge in the market.
As I try to focus on #debigtechmylife this year. I setup my email with @Tutanota and now need to focus on getting NextCloud up and running for our home.
Ich habe, bevor @k9mail von @mozilla für @thunderbird übernommen wurde, immer monatlich über GitHub unterstützt. Da ich k9 weiterhin nutze, ging die Spende dieses Jahr an Mozilla. Das ist echt einfach gemacht in der App, schwupps über G-Pay. Ich konnte endlich mal die Gutscheine einlösen.
Unterstützt Open Source - mich würde auch interessieren was für Chromium Derivate die ganzen Google Hasser nutzen, anstatt Gecko. 🤷
I've noticed a concerning trend of "slop security reports" being sent to open source projects. Here are thoughts about what platforms, reporters, and maintainers can do to push back:
sethmlarson.dev/slop-security-…
I'm on the security report triage team for CPython, pip, urllib3, Requests, and a handful of other open source projects. I'm also in a trusted position such that I get "tagged in" to other open sou...sethmlarson.dev
Black Weeks at @Tutanota Save 62% On Our Legend Plan! 💎 tuta.com/blog/black-weeks-at-t…
#Encrypt #privacy #BlackFriday #Email #Calendar #FLOSS #OSS #OpenSource
Not endorsing the #degoogle hashtag here just because a hell of a lot of spackle is needed for a comparable experience, but if you're interested in #cloud email servoces, this is one of the better ones in this space.
Get the deal from November 15 to December 4, 2024.Tuta
Next version of Upscaler will have the option to scale images between 2x and 4x :)
gitlab.gnome.org/World/Upscale…
#GNOME #GTK4 #libadwaita #FOSS #Upscaler #Upscale #OpenSource #OSS #FreeSoftware
fail2ban has one core maintainer github.com/fail2ban/fail2ban and he has only 3 Github sponsors github.com/sebres
WTF
I can't even comprehend how many servers are protected by fail2ban, how many compromises are avoided, how many people who run hobby things all the way up to major sites that get to sleep soundly every night... because of this single project.
#oss
Daemon to ban hosts that cause multiple authentication errors - fail2ban/fail2banGitHub
Do you remember a couple of weeks ago when I complained that a very large #python contribution to #inkscape was poorly formatted and I felt embarrassed about pushing back and asking them to run a linter over it?
Yeah I'm not fucking embarrassed now, I'm furious. 🤬
Update: Apparently they meant a small section of it was, not the whole MR. I'm annoyed, but I'll have to take them at their word.
#llm #oss #foss #mergerequest
Von den meisten kaum bemerkt, wird das Open Source Learning Management System ILIAS laufend in Sachen #Barrierefreiheit verbessert. Aber diejenigen, die dringend darauf angewiesen sind, wird es freuen.
Einen schönen Einblick in die Communityarbeit zur Barrierefreiheit gibt's unter dem folgenden Link der FH Dortmund:
fh.do/nLSktc
#OSS #ILIAS #LMS
mastodon.social/@ilko/11233289…
An der Verbesserung der Barrierefreiheit in ILIAS wird laufend gearbeitet. Wir erklären, wie genau und warum Barrierefreiheit so wichtig ist.ILIAS Kompetenzzentrum (E-Learning Koordinierungsstelle)
"(...) Hardly noticed by most people, the open source learning management system ILIAS is constantly being improved in terms of accessibility . But those who urgently need it will be happy.
A nice insight into the community work on accessibility can be found at the following link from the FH Dortmund:
fh.do/nLSktc
#OSS #ILIAS #LMS
mastodon.social/@ilko/11233289… (...)"
An der Verbesserung der Barrierefreiheit in ILIAS wird laufend gearbeitet. Wir erklären, wie genau und warum Barrierefreiheit so wichtig ist.ILIAS Kompetenzzentrum (E-Learning Koordinierungsstelle)
While the #GenAI news cycle keeps announcing new models, cost and evaluation continue to be crucial for both developers and businesses.
This post showcases #OSS tools that help evaluate models while keeping costs low. We include Prometheus by KAIST AI; @MozillaAI's very own lm-buddy; and llamafile.
Davide Eynard @mala shows how these components can work together to evaluate LLMs on cheap(er) hardware.
blog.mozilla.ai/local-llm-as-j…
In the bustling AI news cycle, where new models are unveiled at every turn, cost and evaluation don’t come up as frequently but are crucial to both developers and businesses in their use of AI systems.Davide Eynard (Mozilla.ai Blog)
Today more companies are announcing their support of the Valkey community (the group that includes committed developers previously working on the OSS version of the core Redis engine): Aiven, Alibaba Cloud, Chainguard, Heroku, Huawei, Percona, and Verizon.
#OSSummit #OpenSource #FreeSoftware #FOSS #OSS #Redis #Valkey #Community #LinuxFoundation
linuxfoundation.org/press/valk…
Valkey community welcomes new partners, including Aiven, Alibaba Cloud, Chainguard, Heroku, Huawei, Percona, and Verizon.The Linux Foundation
Now on stage for the morning #OSSummit keynotes, core team member Madelyn Olson to speak about the new Valkey community effort.
The walk-on music: "We are never ever getting back together" by Taylor Swift. 🤣
Love it!
#OSSummit #OpenSource #FreeSoftware #FOSS #OSS #Redis #Valkey #Community #LinuxFoundation
Have you seen @nextcloud AI Assistant 2.0?
You can now chat about your own documents and data, use GPU acceleration, transcribe audio with Whisper, use your own LLMs, and a ton more integrations and new features.
All #open-source 😀
Boosts appreciated 🙏
nextcloud.com/blog/nextcloud-r…
#AI #mastodon #Linux #Foss #OSS
A major update to the Nextcloud AI Assistant 2.0, plus the news we work with several big hosting providers like IONOS and OVHcloud to bring AI-as-a-Service options to you!Jos Poortvliet (Nextcloud)
Missed @lea@ordinary.cafe and @jaiden@ordinary.cafe's panel at @socallinuxexpo@social.linux.pizza about the future of the Linux desktop?
Here’s a recording to satisfy your curiosity :3
youtube.com/watch?v=hNDJDyef_U…
Featuring:
- @lea@ordinary.cafe, Fyra Labs
- @jaiden@ordinary.cafe, Fyra Labs (Moderator)
- @zana@sfba.social, @gnome@floss.social Foundation
- @technobaboo@tech.lgbt, @stardustxr@fosstodon.org
- @communiteatime@fosstodon.org, @thunderbird@mastodon.online- @mattdm@hachyderm.io, @fedora@fosstodon.org & Red Hat
- @druonysus@mstdn.io, @kde@floss.social & @opensuse@fosstodon.org
#tech #linux #foss #oss #scale21x
It's no lie that the Linux desktop has been changing greatly. Through technological and social shifts, the desktop and community we know today is a far cry f...YouTube
It is really terrific to hear about the great work on #OpenSource being done by the U.S. Department of Homeland Security. It was terrific to learn about the work of @jakerella work & about the adoption of #OSS in #DigitalGovernment.
Great to see government agencies setting up Open Source Program Office #OSPO & beginning to change the culture around buying, building and sharing code. All this helps broader goals towards government transparency and #OpenGovernment.
medium.com/@DigitalServicesCoa…
Adopting open source policies, initiatives, and laws is more than a technological shift — it’s a commitment to transparency, security, and collaboration. As the Digital Service Coalition (DSC), we…Digital Services Coalition (Medium)
Keep the momentum going for free open source projects in this week's Follow Friday by giving your support with contributions, boosts and follows.
adamsdesk.com/posts/discover-f…
- LÖVR @lovr
A framework for rapidly building immersive 3D experiences.
- NV Access @NVAccess
A screen reader.
- BiznisBox @biznisbox
A web app for managing invoices, clients, & payments.
- BookStack @bookstack
Documentation system.
#FollowFriday #fediverse #FreeSoftware #OpenSource #ff #oss #foss #floss
Find the momentum in your challenging life and in your community of free open source projects with these highlights in fediverse.Adam Douglas
Nach SR-Berichten über Chaos beim Datenschutz für den Schul-Messenger OSS hat das Bildungsministerium Fehler eingeräumt.SR.de
Holy shit.
That is a masterclass in how to _not_ handle accessibility request in #OSS.
Prusa needs to do better. Frankly, probably all #3dPrinting tools need to be better, but how this was handled is egregious.
The one positive takeaway was the reference to See3D in the issue thread. Glad I found out about that as it seems like a good organization.
Hey Fedi! We're hosting a panel at SCALE 21x with some of the major players in the Linux desktop ecosystem to discuss where we go from here, any big ideas you want us to discuss?
Here's our list as of now: outline.fyralabs.com/s/8f1ce88…
And the abstract: socallinuxexpo.org/scale/21x/p…
Post your ideas in the replies!
#foss #linux #oss #opensource #gnome #kde #stardustxr #stardust #vanillaos #xdg #scale21x
Most of the questions in the document will not be covered. The questions are meant to serve as discussion starters for each topic to be used as the conversation permits.outline.fyralabs.com
The #EuropeanCommission is finally considering whether "#OpenSource software (#OSS)…can be used as a foundation for developing the new #publishing platform" for EC-funded #OpenAccess research.
op.europa.eu/en/publication-de…
Unfortunately, the new software would merely "underpin" #OpenResearchEurope (#ORE), not replace it. ORE is proprietary software owned by #TaylorAndFrancis. When the EC called for bids on ORE, it did not require open code despite many calls to do so.
Open Research Europe (ORE) is the peer-reviewed open-access publishing platform of the European Commission. It follows the post-publication peer review model to promote scientific transparency and reuse.Publications Office of the EU
By helping to translate and market LibreOffice around the world, native language projects bring enthusiasm and passion to the global community.Mike Saunders (The Document Foundation)
At the start of May, we began a new Month of LibreOffice, celebrating community contributions all across the project.Mike Saunders (The Document Foundation)
100% agreed that the CVSS scoring system and "assume the worst" guidance makes for scores that do not accurately reflect importance. Especially for very broad-use things.
My take on this is that. like it or not, more open source projects of note need to become "CNA" (certificate numbering authorities) of their own which I understand can given them some control over the content of CVEs filed against their project. cve.org/ProgramOrganization/CN…
Hello Fediverse 😀
We are starting this account for Qt Project related communication, events, and many more things.
Did you know that there is a simple page that gives you the instructions to contribute to Qt? and also you can get some nice plots to see the activity on all the repositories!
OSI to contribute to Digital Public Goods Alliance’s mission to address world’s most pressing economic challenges by furthering adoption of Open Source software.OSI Staff (Voices of Open Source)
Help support The Document Foundation (@tdforg), the #opensource home of @libreoffice, on this #givingtuesday by donating at libreoffice.org/donate/
#LibreOffice #MSOffice #OSS #word #office365 #office
Donate, donation, donations, funding, help, support, LibreOfficewww.libreoffice.org
