Accidental Spending: A Case For An Open Source Tax?
- Armin Ronacher tl;dr: “What if platforms like AWS or GitHub started splitting the check? By adding a line-item to the invoices of their customers to support Open Source finding. It would turn giving to Open Source into more of a tax like thing. That might leverage the general willingness to just pile up on things to do good things. If we all pay 3% on top of our Cloud or SaaS bills to give to Open Source this would quickly add up.”featured in #551
How Discord Uses Open-Source Tools For Scalable Data Orchestration & Transformation
- Zach Bluhm tl;dr: “Until recently, we’ve been using an in-house orchestration system that’s provided the foundation for Discord’s data analytics over the last five years. As our data organization grew, it became apparent that both self-service and top-notch observability would be key for our ability to effectively scale as a team. The team embraced an ambitious project: to overhaul our data orchestration infrastructure using modern, open-source tools sharing the candid lessons learned along the way, and how our new system is powering over 2000 dbt tables today.”featured in #532
Deep Dive into XZ Utils Backdoor
- Denzel Farmer tl;dr: “This lecture will explore implementation details of the XZ Utils backdoor and describe the novel multi-year effort to put it in place–along with its consequences for the larger world of open source software development.”featured in #514
How I Got Robbed Of My First Kernel Contribution
- Ariel Miculas tl;dr: “I spent a lot of time and effort doing root cause analysis, fixing the bug, testing and validating the fix, getting feedback from other engineers at my company, adapting the fix to the latest kernel version, and sending two different patches to the maintainer… Instead of accepting my patch or guiding me towards a better solution, he went ahead and implemented his own fix, giving me credit only for reporting the issue.”featured in #452
How Much Are GitHub Stars Worth To You?
- Yassin Eldeeb Aleksandra Sikora tl;dr: The authors show us how stars have become a commodity and how to evaluate an open source project. “The best and most obvious way to judge an open-source project is to look at the code but this can be kind of tedious… so an alternative that we have all naturally developed on our own or have been advised to, is to see how many people have starred a project, and then pick the one with the most stars.”featured in #420
There Is No Secure Software Supply-Chain
- John McBride tl;dr: "The security of open source software is under threat and we’re running out of people to reliably maintain those projects. And as our stacks get deeper, our dependencies become more interlinked, leading to terrifying compromises in the secure software supply-chain. For a perfect example of what’s happening in the open source world right now, we don’t need to look much further than the extremely popular Gorilla toolkit for Go."featured in #378
featured in #366
This Program Is Illegally Packaged In 14 Distributions
- Artemis Everfree tl;dr: "We’ve got distributions of a Go package that includes entirely unlicensed code. We’ve got a host of Go packages that may not be complying with the terms of the license, when the distributions can even agree what the license is. And it’s apparently not limited to just go. Is this normal? Is this legal? I don’t really know."featured in #346
Commit 1 To 1000 And Beyond: Two Years Of Maintaining An Open-Source Project
- Sayan Nandan tl;dr: "I started writing what is now known as Skytable, a NoSQL database project. Ever since, I have been maintaining Skytable, mostly in my free time and have recently been spending a lot of time on it. Here’s a little story on my two years of experience in maintaining an open-source project: what it’s like, the highs and lows and the future."featured in #329
Don't Be That Open-Source User, Don't Be Me
tl;dr: I would discover a bug or something would break my workflow with a new release and I would head to GitHub to report it... What I didn’t consider was that my interactions were taking time & attention from the project. User support is a cost. If you take anything away from this post I hope it is that these costs need to be paid by someone, the maintainer."featured in #326