Let's do this.
www.youtube.com/watch?v=KtQ9...
30.01.2026 17:27
👍 10787
🔁 3539
💬 671
📌 726
today’s one-sentence horror:
sudo has been largely maintained by a single person for ~30+ years
+10000 the safety rules to manage this new ecosystem isn’t here yet and is critical. We’ll need safe ways to share these new artifacts (skills, plugins, MCP …)
From curl | bash off the internet…
…to docker run some random image…
…to /plugin install in coding agents.
Same vibes, bigger blast radius. Supply chain management for plugins, anyone? :)
This is an insightful but deeply upsetting article about why everyone in the US feels poor, and why the current political situation emerges as a direct result.
www.yesigiveafig.com/p/part-1-my-...
The recording is available and, as expected, it is exceptionally good! It will genuinely ignite (or re-ignite) your enthusiasm for being an engineer! Thank you, @bcantrill.bsky.social
www.youtube.com/watch?v=Cum5...
Single most desirable feature from Supply Chain Security PoV
I had a great time chatting with @josh.bressers.name! Go check out what’s happening on the security front at the Eclipse Foundation (@eclipse.org)
And it gets even worse when the metrics are averages rather than percentiles!
I can’t wait for the video of this one, the deck is already so bonkers! Love it! Also, no mention of LLM ;)
🎙 Just wrapped a fantastic conversation with @josh.bressers.name. We dive deep into enhancing open source security and how we do it at the @eclipse.org
Can't wait for you to hear the full episode, coming soon!
To implement robust mitigations across Geomys, I did a survey of open source project compromises in 2024/2025.
Three root causes dominate: phishing, control handoff, and unsafe GitHub Actions triggers. All three can be systematically avoided.
words.filippo.io/compromise-s...
🏷️ Reason #3.7.2 why it's critical to clearly and publicly define your #OpenSource project #Governance, for code, distributions, trademarks, and domain names.
And, of course, not breaking norms and cosplaying a public charity while bowing to a sole sponsor over the community. 😢
The future of digital innovation depends on sustainable #opensource infrastructure.
Learn how businesses can help ensure long-term sustainability in #EclipseFdn Executive Director Mike Milinkovich’s latest blog: hubs.la/Q03Kz6D50 #PreserveOpenSource #SoftwareSupplyChain #OpenSourceResponsibility
#OCX26 is where the future of open source takes shape. Do you want to be part of it?
As an #OCX26 sponsor, you get to align your brand with the communities shaping tomorrow’s tech all in one place.
👉 Get the prospectus or get in touch with our team directly: www.ocxconf.org/event/2026/b...
The Register wrote a story about a single maintainer open source project, I think it's shameful and upsetting
So I wrote a blog post about it
An absolutely ridiculous amount of open source is one person projects. I have the data to prove it
opensourcesecurity.io/2025/08-oss-...
Reminds me of 😁
What’s a technology that you think is overhyped? I’m going to give a sideways answer to this, which is that the venture capital business model needs to be understood as requiring hype. You can go back to the Netscape IPO, and that was the proof point that made venture capital the financial lifeblood of the tech industry. Venture capital looks at valuations and growth, not necessarily at profit or revenue. So you don’t actually have to invest in technology that works, or that even makes a profit, you simply have to have a narrative that is compelling enough to float those valuations. So you see this repetitive and exhausting hype cycle as a feature in this industry. A couple of years ago, you would have been asking me about the metaverse, then last year, you would have asked me about Web3 and crypto, and for each of these inflection points there’s an Andreessen Horowitz manifesto. It’s not simply that one piece of technology is overhyped, it’s that hype is a necessary ingredient of the current business ecosystem of the tech industry. We should examine how often the financial incentive for hype is rewarded without any real social returns, without any meaningful progress in technology, without these tools and services and worlds ever actually manifesting. That’s key to understanding the growing chasm between the narrative of techno-optimists and the reality of our tech-encumbered world.
Stand by this: www.politico.com/newsletters/...
He has refused his Assent to Laws, the most wholesome and necessary for the public good. He has endeavoured to prevent the population of these States; for that purpose obstructing the Laws for Naturalization of Foreigners. He has obstructed the Administration of Justice, by refusing his Assent to Laws for establishing Judiciary powers. He has made Judges dependent on his Will alone. He has erected a multitude of New Offices, and sent hither swarms of Officers to harass our people, and eat out their substance. He has affected to render the Military independent of and superior to the Civil power. For cutting off our Trade with all parts of the world For depriving us in many cases, of the benefits of Trial by Jury In every stage of these Oppressions We have Petitioned for Redress in the most humble terms: Our repeated Petitions have been answered only by repeated injury. A Prince, whose character is thus marked by every act which may define a Tyrant, is unfit to be the ruler of a free people.
🇺🇸Happy Fourth of July🇺🇸 This year, I'm wearing my 𝐑𝐞𝐬𝐢𝐬𝐭 shirt to show my patriotism. I'm reading the declaration of independence as I always do on this occasion. Several of King George's offenses against the colonies resonate this year. Here they are, verbatim:
Iwata Satoru was an unconventional CEO. In all the best ways that could imply!
I used this procedure, and it works very well https://www.wikihow.com/Import-Twitter-to-Bluesky
I will be damned if I allow a bunch of Confederate-waving January 6th apologists give the American people a lecture on flag waving.
There is ZERO reason to enter an argument about patriotism with people who still worship traitors to America 150+ years later.
They. Are. Breaking. The. Law.
🗓 On 4 June, the ORC community was represented by some of its members in the CRA Expert Group meeting hosted by @ec.europa.eu
We’re grateful to @ec.europa.eu for facilitating this discussion and to everyone involved.
@j-rico.bsky.social @tobie.bsky.social @mikael.barbero.tech @apache.org
📢 Calling developers, users, and committers! The Eclipse Foundation Security team is offering a new security training focused on vulnerability management and related subjects.
Register for Day 2 (June 10 on 4PM CEST): eclipse.zoom.us/meeting/regi...
➡️ blogs.eclipse.org/post/marta-r...
On June 3rd and 10th with my colleagues from the Eclipse Foundation we will be running a free security training on vulnerability management and related subject.
More details and registration links on blogs.eclipse.org/post/marta-r...
🔒 Master vulnerability management! Our security training on 3 June and 10 June covers CVE reporting, embargoes, dependency evaluation, and SBOMs.
📅 Day 1: eclipse.zoom.us/meeting/regi...
📅 Day 2: eclipse.zoom.us/meeting/regi...
Rubio publicly criticizing an ally for cracking down on right-wing extremism. And Germany hitting back. We are in a new world
