The Security Developer-in-Residence role at the Python Software Foundation is funded by Alpha-Omega. Thanks to Alpha-Omega for sponsoring security in the Python ecosystem.
I'm on the...
After two weeks of writing, revising, and trying to make everything as digestible as possible, I finally published "GNOME Calendar: A New Era of Accessibility Achieved in 90 Days", where I explain in detail the steps we took to turn GNOME Calendar from an app that was literally unusable with a keyboard and screen reader to an app that is (finally) accessible to keyboard and screen reader users as of GNOME 49!
There is no calendaring app that I love more than GNOME Calendar. The design is slick, it works extremely well, it is touchpad friendly, and best of all, the community around it is just full of wonderful developers, designers, and contributors worth …
EU’s Cyber Resilience Act isn’t fully in effect yet, but #OSS maintainers are already bracing for compliance requests. cURL creator @bagder is among the first to receive one (from a Fortune 500 company using a 2 year old version.)
What happens when companies treat volunteers like vendors?
I gave this keynote at OpenSSF Community Day NA 2025 in Denver, Colorado.
There will be a YouTube video recording available at a later date.
This talk was given as the Security-Developer-in-...
About the Open Source Accessibility Summit The Open Source Accessibility Summit will be a one-day in-person event that brings together members of the disability, accessibility, and open source communities to define a roadmap for improving the accessi…
Wir sind nächsten Freitag in Sachen Aufklärung über Open-Source-Software-Alternativen auf der Digitalen Woche Kiel unterwegs - von Office-Anwendungen über Clouddienste (Nextcloud) bis zum Betriebssystem (Linux).
Wir freuen uns über alle, die sich aufschlauen möchten oder noch weitere Tipps für #OSS-Tools in der Tasche haben. 👉🏼digitalhub.sh/de/termindetails…
The latest proprietary #VSCode extension that no longer works in non-Microsoft builds of the MIT licensed VS Code source code appears to be C and C++ support.
Your regular reminder: every day more of VSCode functionality is proprietary, and increasingly #FOSS hostile.
As of the latest update of Microsoft's C/C++ extension (v1.24.5, released April 3, 2025), use on non-Microsoft products appears to have been blocked. Upon initializing the extension, I get the foll...
In which an unpaid open-source maintainer gets help from companies using the software to attack a particularly complex and ugly bug: blog.hartwork.org/posts/expat-…
Good on Sebastian and on the companies that stepped up!
Ich habe, bevor @k9mail von @mozilla für @thunderbird übernommen wurde, immer monatlich über GitHub unterstützt. Da ich k9 weiterhin nutze, ging die Spende dieses Jahr an Mozilla. Das ist echt einfach gemacht in der App, schwupps über G-Pay. Ich konnte endlich mal die Gutscheine einlösen.
Unterstützt Open Source - mich würde auch interessieren was für Chromium Derivate die ganzen Google Hasser nutzen, anstatt Gecko. 🤷
I've noticed a concerning trend of "slop security reports" being sent to open source projects. Here are thoughts about what platforms, reporters, and maintainers can do to push back:
I'm on the security report triage team for CPython, pip, urllib3, Requests, and a handful of other open source projects.
I'm also in a trusted position such that I get "tagged in" to other open sou...
Not endorsing the #degoogle hashtag here just because a hell of a lot of spackle is needed for a comparable experience, but if you're interested in #cloud email servoces, this is one of the better ones in this space.
@jakob it fits the road #GitHub has taken since it was taken over by #Microsoft. The original promise was to be #OSS friendly. Now that they are the goto place for Open Source they change the rules step by step. This also affects paying users. The SaaS price list exploded a couple of months ago. You now even pay extra for git LFS. I guess, this is the enshittification process @pluralistic is talking about.
I can't even comprehend how many servers are protected by fail2ban, how many compromises are avoided, how many people who run hobby things all the way up to major sites that get to sleep soundly every night... because of this single project.
Do you remember a couple of weeks ago when I complained that a very large #python contribution to #inkscape was poorly formatted and I felt embarrassed about pushing back and asking them to run a linter over it?
Yeah I'm not fucking embarrassed now, I'm furious. 🤬
Update: Apparently they meant a small section of it was, not the whole MR. I'm annoyed, but I'll have to take them at their word.
Von den meisten kaum bemerkt, wird das Open Source Learning Management System ILIAS laufend in Sachen #Barrierefreiheit verbessert. Aber diejenigen, die dringend darauf angewiesen sind, wird es freuen. Einen schönen Einblick in die Communityarbeit zur Barrierefreiheit gibt's unter dem folgenden Link der FH Dortmund: fh.do/nLSktc
"(...) Hardly noticed by most people, the open source learning management system ILIAS is constantly being improved in terms of accessibility . But those who urgently need it will be happy.
A nice insight into the community work on accessibility can be found at the following link from the FH Dortmund: fh.do/nLSktc
While the #GenAI news cycle keeps announcing new models, cost and evaluation continue to be crucial for both developers and businesses.
This post showcases #OSS tools that help evaluate models while keeping costs low. We include Prometheus by KAIST AI; @MozillaAI's very own lm-buddy; and llamafile.
Davide Eynard @mala shows how these components can work together to evaluate LLMs on cheap(er) hardware.
In the bustling AI news cycle, where new models are unveiled at every turn, cost and evaluation don’t come up as frequently but are crucial to both developers and businesses in their use of AI systems.
Today more companies are announcing their support of the Valkey community (the group that includes committed developers previously working on the OSS version of the core Redis engine): Aiven, Alibaba Cloud, Chainguard, Heroku, Huawei, Percona, and Verizon.
You can now chat about your own documents and data, use GPU acceleration, transcribe audio with Whisper, use your own LLMs, and a ton more integrations and new features.
A major update to the Nextcloud AI Assistant 2.0, plus the news we work with several big hosting providers like IONOS and OVHcloud to bring AI-as-a-Service options to you!
It's no lie that the Linux desktop has been changing greatly. Through technological and social shifts, the desktop and community we know today is a far cry f...
It is really terrific to hear about the great work on #OpenSource being done by the U.S. Department of Homeland Security. It was terrific to learn about the work of @jakerella work & about the adoption of #OSS in #DigitalGovernment.
Great to see government agencies setting up Open Source Program Office #OSPO & beginning to change the culture around buying, building and sharing code. All this helps broader goals towards government transparency and #OpenGovernment.
Adopting open source policies, initiatives, and laws is more than a technological shift — it’s a commitment to transparency, security, and collaboration. As the Digital Service Coalition (DSC), we…
- LÖVR @lovr A framework for rapidly building immersive 3D experiences. - NV Access @NVAccess A screen reader. - BiznisBox @biznisbox A web app for managing invoices, clients, & payments. - BookStack @bookstack Documentation system.
Nach #SR-Berichten über Chaos beim Datenschutz für den Schul-Messenger #OSS im Saarland hat das Bildungsministerium Fehler eingeräumt: sr.de/sr/home/nachrichten/poli…. Es ist gut, dass die gemachten Fehler eingeräumt werden aber es ist mir nach wie vor vollkommen schleierhaft wieso hier überhaupt auf eine Eigenentwicklung gesetzt wurde. Warum nicht von Anfang an freie Software? Mit @matrix existiert doch schon seit Jahren eine entsprechende Lösung. Was soll(te) dieser Alleingang? #PublicMoneyPublicCode
Hey Fedi! We're hosting a panel at SCALE 21x with some of the major players in the Linux desktop ecosystem to discuss where we go from here, any big ideas you want us to discuss?
Most of the questions in the document will not be covered. The questions are meant to serve as discussion starters for each topic to be used as the conversation permits.
Unfortunately, the new software would merely "underpin" #OpenResearchEurope (#ORE), not replace it. ORE is proprietary software owned by #TaylorAndFrancis. When the EC called for bids on ORE, it did not require open code despite many calls to do so.
Open Research Europe (ORE) is the peer-reviewed open-access publishing platform of the European Commission. It follows the post-publication peer review model to promote scientific transparency and reuse.
100% agreed that the CVSS scoring system and "assume the worst" guidance makes for scores that do not accurately reflect importance. Especially for very broad-use things.
My take on this is that. like it or not, more open source projects of note need to become "CNA" (certificate numbering authorities) of their own which I understand can given them some control over the content of CVEs filed against their project. cve.org/ProgramOrganization/CN…
Hello Fediverse 😀 We are starting this account for Qt Project related communication, events, and many more things.
Did you know that there is a simple page that gives you the instructions to contribute to Qt? and also you can get some nice plots to see the activity on all the repositories!
Very excited to have shared this morning at @fosdem that @osi has joined the Digital Public Goods Alliance ! and is supporting this important initiative's mission of creating a more equitable world through OSIs activities of education, advocacy, and sustained care of the OSD. #oss is treated as digital public goods and is recognized in it's registry. Fantastic way for OSI to kick off its 25 year anniversary! blog.opensource.org/osi-joins-…
OSI to contribute to Digital Public Goods Alliance’s mission to address world’s most pressing economic challenges by furthering adoption of Open Source software.
