#open-source-software — Public Fediverse posts

🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!

⚠️ Update NOW or disable GitHub Actions immediately!

https://blog.packagist.com/composer-2-9-8-and-2-2-28-fix-github-actions-token-disclosure-in-error-messages/

#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate

Editorial Opportunity at the Journal of Open Source Software

The Journal of Open Source Software – known to its friends as JOSS – is is a developer friendly, diamond open access journal for research software packages which has been running since 2016 and is enormously successful, publishing Open Source software across many fields of science. Its UR, joss.theoj.org, is a giveaway that it is a stablemate of astro.theoj.org, aka the Open Journal of Astrophysics.

The driving force behind JOSS, responsible for getting it off the ground at the very beginning, is Arfon Smith whom I’ve known since Nottingham days and it iis fair to say that without his considerable help, OJAp would never have started. Both journals started off as speculative ventures, and OJAp has taken a considerable time to establish itself, but JOSS took off very quickly indeed and has now published over 3,500 papers. There are numerous differences between the two journals but, like OJAp, all publications in JOSS are free to authors and readers.

Arfon has held the role of Editor-in-Chief at JOSS since 2016 but in a recent blog post he explains that he is stepping down from his role as Editor-in-Chief, although he will remain at JOSS. The call for a replacement is here. It’s an opportunity that will appeal to anyone interested in open-source research software and open-access publishing so if that’s you then please consider applying. It will be a substantial investment of time, probably about a day a week. I quote:

Candidates should have the capacity to commit the time this role requires. For those in institutional positions, we ask for a brief letter or statement from your employer or supervisor confirming support for this commitment. Independent researchers, consultants, or others without a traditional institutional affiliation should include a brief statement describing how they plan to allocate the time.

P.S. Today OJAp published its 100th paper of 2026 so far…

P.P.S. I’ll be stepping down as Editor-in-Chief at OJAp in a couple of years, when I retire, and we’ll be doing a similar search nearer the date.

Mee-thos? Meye-thos? Mi-thos?

A month in, I still couldn't tell you.

The loudest opinions on AI vulnerability research almost never come from the people actually using it or contributing to making the world more secure.

Since Anthropic shipped Mythos and OpenAI Codex Cyber, my feed has been wall-to-wall thought leadership. Sage wisdom. Whitepapers. Panels. Frameworks for "AI-augmented vulnerability discovery." Panels about the frameworks. And one framework about panels

Meanwhile, the engineers I know, the ones helping secure the internet, have gone quiet. There's usually a reason for that.

The actual work is unglamorous. You read code. You read more code. You look upstream at the open source the whole world depends on. You find things. You report them carefully. You wait. And hopefully you've made the world a little more secure.

That's what our team at LinkedIn has been doing, inside our own stack and across the dependencies we all share. I'll share more when I can.

One thing I won't wait to say:

To the open source maintainers who've fielded our reports, triaged with patience, and shipped fixes through what has genuinely been an unprecedented stretch, thank you. I owe you many coffees/beers/waters. Much love.

Wu-Tang said it in '93: protect ya neck. You've been doing it for the rest of us ever since. No royalties, no panels, no merch.

Just the work.

Back to research and helping fix upstream.

#opensourcesoftware #cybersecurity

So what's new in the world of digital ham radio? This could be a big deal and might knock proprietary protocols and waveforms on the head. #Mercury #Hermes #opensourcesoftware #vara #packetradio

Good news for Linux ops too!
https://www.ardc.net/wp-content/uploads/Mercury-Press-Release-07-MAY-2026.pdf

Vor oder während großen Umbrüchen sagen Leute gerne furchtbar dumme Sachen.
Deswegen traue ich mich auch mit ein paar Tagen Abstand zur Veröffentlichung von #Mythos nicht eine Prognose über #AI und die Zukunft von #CyberSecurity abzugeben. Was ich mich aber sagen traue sind drei Dinge.

1. AI verschärft die sozioökonomische Schieflage von #OpenSourceSoftware. Während #LLM s auf OpenSource Quellen trainiert werden fließt der wirtschaftliche Nutzen zu großen Tech-Unternehmen und die Maintainer bleiben unterfinanziert zurück.
2. Am #ProjectGlaswing zeigt sich, dass die Tech- und Security Community noch immer keinen gesellschaftlich verantwortlichen Weg gefunden hat Wissen und Ressourcen zum Finden und Beheben von Schwachstellen zu verteilen
3. Zukünftig gilt noch mehr als jetzt die Grundpfeiler von guter CyberSecurity einzuhalten um die Aufwände für (AI gestützte) Angriffe unwirtschaftlich zu machen.

Mein Appell: Unterstützt die OpenSource Projekte die ihr nutzt - angemessen. Investiert in die Effizienz und Stabilisierung eurer Vulnerability- und Patchmanagement Prozesse.

Calibre 9.8 update adds local AI support and practical fixes

https://fed.brid.gy/r/https://nerds.xyz/2026/05/calibre-9-8-update/

📖 Interesting read: "💎 redis-objects 2.0: 17 years, 2k stars, and 16M downloads later"

https://nateware.com/2026/04/23/redis-objects-2-0-17-years-2k-stars-and-16m-downloads-later/
#ruby #opensourcesoftware

📰 COSS Weekly — Week of April 20, 2026

Cal.com Goes Closed Source, Mistral Borrows $830M for Data Centers, OpenAI Acquires Promptfoo, and more

This week: Mistral raised $830M, OpenAI acquired Promptfoo, Cal.com went closed source, and more. Plus new companies in Cossmology: @[email protected], @reviewboard, @cachix, @flox, and more.

Read the full issue: https://dub.sh/coss-weekly-2026-04-20

#COSS #OpenSource #OpenSourceSoftware

#Freedom and #Transparency ♻️ #Opensourcesoftware (#OSS) makes it possible to view, change and share code.

#Collaborative #Development 🤝 OSS thrives on #collaboration: #developers around the world contribute to improving #software, fixing bugs and ensuring ongoing #innovation.

#Costefficient and #Flexible 📈 Unlike commercial software, OSS is often #free to use and broadly #customisable, making it a super #costeffective solution.

👉 https://StrategyConsulting.IT
👉 @gerrit #eicker #consulting

Leaked Code for Anthropic’s Claude Code Tests Copyright Challenges in A.I. Era

https://web.brid.gy/r/https://www.nytimes.com/2026/04/22/technology/anthropic-code-leak-copyright.html

#OpenSource: Free for You, Profitable for Them.

OpenSource means: #software where the #sourcecode is freely available and often costs nothing. Sounds great, but there is a catch.

#Companies like #Microsoft, #Google and #Amazon fund large #OpenSource #projects not out of #idealism, but because they build profitable #cloudservices on top of them and pocket the money.

Small #developers who charge for their work barely stand a chance against "free". Yet thousands of hours go into these projects. The #maintainers, the people who keep these projects alive, often work unpaid until they hit #burnout.

#Free does not automatically mean ethical. It is often just convenient.

#FOSS #FreeSoftware #BigTech #Digitalization #Privacy #Linux #Community #Tech #OpenSourceSoftware

📺 LIVE NOW @firesidefedi ! 📺
Watch here: https://stream.firesidefedi.live/

#FederatedInternet #DecentralizedSystems #PublicDomain #OpenSourceSoftware #owncast #livestream #stream #selfhosted

I #didit Ich befreie mich von Amazon-Online-Büchern! Kein #Kindle mehr. Stattdessen ein kopierschutzfreies Buch im #epub Format von z.B. https://buecher.de

Als #epubreader für mein Noch-Google-Android verwende ich die #opensourcesoftware #mupdfmini. Kleiner feiner Reader - auch für #PDF - aus dem freien #fdroid Store. Und das Buch sichere ich in meiner #Nextcloud.

War zwar nicht der erste Sonntag im Monat, aber für mich ein guter #di_day https://di.day

#Foss #floss

Sync-in 2.2 is out: PDF OCR search, Markdown indexing, new admin tools, and a powerful event system for dynamic updates!

👉️ https://sync-in.com/news/sync-in-2-2

#release #documentmanagement #document #filesharing #opensource #foss #selfhosting #selfhosted #security #linux #privacy #digitalsovereignty #datasovereignty #logicielslibres #libre #collaboration #freesoftware #softwaredevelopement #softwareengineering #security #cloud #productivity #fediverse #opensourcesoftware #selfhst #synchronization