Open Source Icon

Open Source

All things open source.
282 Stories
All Topics

Bhupesh Varshney buttondown.email

One secret tip for first-time OSS contributors 🤫

Bhupesh Varshney:

A lot of folks looking how to get started on open source are given very generic advice on how to approach their first contribution. In this newsletter issue I share one specific actionable item.

His secret tip? Solve static analyzer issues. There, I saved you a click. Unless you’re not sure what he means by that or want his advice on how to actually get that done…

The Changelog The Changelog #482

Securing the open source supply chain

This week we’re joined by the “mad scientist” himself, Feross Aboukhadijeh…and we’re talking about the launch of Socket — the next big thing in the fight to secure and protect the open source supply chain.

While working on the frontlines of open source, Feross and team have witnessed firsthand how supply chain attacks have swept across the software community and have damaged the trust in open source. Socket turns the problem of securing open source software on its head, and asks…“What if we assume all open source may be malicious?” So, they built a system that proactively detects indicators of compromised open source packages and brings awareness to teams in real-time. We cover the whys, the hows, and what’s next for this ambitious and very much needed project.

Simon Willison simonwillison.net

Support open source that you use by paying the maintainers to talk to your team

I love this idea by Simon Willison:

I think I’ve come up with a novel hack for the challenge of getting your company to financially support the open source projects that it uses: reach out to the maintainers and offer them generous speaking fees for remote talks to your engineering team.

It won’t work for every person and situation, but we should add it to our arsenal of ways to return economic value back to the maintainers of our open source infrastructure.

JS Party JS Party #210

What's in your package.json?

Tobie Langel, Open source strategist and Principal at UnlockOpen, joins Chris, Feross, and Amal to discuss recent widespread incidents affecting the JavaScript community (and breaking CI builds) around the globe. Two widely used npm libraries were self-sabotaged by their single maintainer, yet again, highlighting the many gaps in our OSS supply chain security, sustainability and overall practices. We explore all these topics and solution on what our ecosystem needs to be more resilient to these types of attacks in the future.

Awesome Lists github.com

Open source startup alternatives to well-known SaaS products

The criteria for inclusion is as follows:

  1. Its product is strongly based on an open source repo
  2. It has a well-known closed-sourced competitor, solving a similar business problem
  3. It is a private for-profit company, founded in the last 10 years
  4. Its repo has 100+ stars on GitHub

I’m seeing lots of Changelog guests & friends in this awesome list. 😎

The Changelog The Changelog #476

Supabase is all in on Postgres

This week Paul Copplestone, CEO of Supabase joined us to catch us up on the next big thing happening in the world of Postgres. Supabase might be best known as “the open source Firebase alternative,” a tagline they might be reluctant to maintain. But from Adam’s perspective, he’s never been more excited about what they’re bringing to market for Postgres fans. In the last year, Supabase has gone from 0 to more than 80,000 databases on their platform — and they’re still in beta…and it’s open source. Hopefully today’s show sheds some light on why everyone is talking about Supabase.

The Changelog The Changelog #475

Making the ZFS file system

This week Matt Ahrens joins Adam to talk about ZFS. Matt co-founded the ZFS project at Sun Microsystems in 2001. And 20 years later Adam picked up ZFS for use in his home lab and loved it. So, he reached out to Matt and invited him on the show. They cover the origins of the file system, its journey from proprietary to open source, architecture choices like copy-on-write, the ins and outs of creating and managing ZFS, RAID-Z and RAID-Z expansion, and Matt even shares plans for ZFS in the cloud with ZFS object store.

Daniel Stenberg daniel.haxx.se

Enforcing the pyramid of open source

Daniel Stenberg lays out how he thinks we can view the world of software and open source in light of supply chain security, maintainer sustainability, and the like:

Inside the pyramid there is a hierarchy where things using software are build on top of others, in layers. The higher up you go, the more you stand on the shoulders of open source components below you.

At the very bottom of the pyramid are the foundational components. Operating systems and libraries. The stuff virtually everything runs or depends upon. The components you really don’t want to have serious security vulnerabilities.

Enforcing the pyramid of open source

JavaScript fakerjs.dev

Faker.js is now a community maintained project

Eight people have stepped up to take over maintenance of the suddenly abandoned JS library that generates fake data. These transitions are tricky to make smoothly. Props to the new team on being very careful and thoughtful each step along the way, especially when it comes to funding the project. Here’s a nice note from the new team:

We’re excited to give new life to this idea and project.

This project can have a fresh start and it will become even cooler.

We felt we needed to do a public announcement because of all of the attention the project received in the media and from the community.

We believe that we have acted in the way that is best for the community.

YouTube Icon YouTube

What really happened to Faker.js?

Fireship with a brief (3:48) rundown of the most recent instance of a popular open source library maintainer removing their code from public repositories in response to corporate (ab)use of their free labor:

Yesterday, a popular open-source package, Faker.js, was abruptly taken down from GitHub. Its readme simply said “What really happened to Aaron Swartz?”. Let’s take a look at why Open Source Software can be a bad deal for many independent developers.

Kailash Nadh nadh.in

"Open source" is not broken

A rebuttal by Kailash Nadh to the aforelinked post.

large for-profit corporations started their widespread consumption of FOSS, ever since countless “unicorns” raised infinite amounts of funding on valuations built pretty much entirely on FOSS, ever since FOSS got co-opted into corporatisation and capitalisation. And yet, countless maintainers of critical and widely used FOSS struggle to make a living.

Whose fault is this? I do not believe that this is FOSS’ fault as a conceptual framework or a system. If FOSS was broken, the internet as we know it today wouldn’t exist; the countless marvels of technology that we take for granted and techno-economies that thrive on them wouldn’t exist; millions of software developers (like me) who learnt to write code with FOSS and learnt to make a living with that knowledge wouldn’t exist.

Xe christine.website

"Open source" is broken

The post-log4j-zero-day thinkpieces started rolling in over the weekend. I’m happy about that. We need to discuss this stuff. Here’s what Christine Dodrill’s TL;DR:

If you want me to make you useful software, pay me. If you use software made by others in their spare time and find it useful, pay them. This should not be a controversial opinion. This should not be a new thing. This should already be the state of the world and it is amazingly horrible for us to have the people that make the things that make our software work at all starve and beg for donations.

The entire article is worth considering.

The Changelog The Changelog #471

Deeply human stories

Today we’re bringing our appearance on DevDiscuss right here to The Changelog. Jerod and I guested their launch episode for Season 7 to talk about deeply human stories we’ve covered over the years on this podcast. For long-time listners this will be a trip down memory lane and for recent subscibers this will be a guided tour on some of our most impactful episodes. Special thanks to Ben Halpern and Christina Gorton for hosting us. Check out their show at dev.to/devdiscuss

The Changelog The Changelog #470

Returning to GitHub to lead Sponsors

Today we’re joined by Jessica Lord, talking about the origins of Electron and her boomerang back to GitHub to lead GitHub Sponsors. We cover the early days of Electron before Electron was Electron, how she advocated to turn it into a product and make it a framework, how it’s used today, why she boomeranged back to GitHub to lead Sponsors, what’s next in funding open source creators, and we attempt to answer the question “what happens to open source once it’s funded?”

Go Time Go Time #207

Maintenance in the open

Open Source and other source available projects have been a huge driver of progress in our industry, but building and maintaining an open source project is about a lot more than just writing the initial code and putting together a good README. On this episode of the maintenance mini-series, we’ll be discussing open source and the maintenance required to keep it going.

The Changelog The Changelog #469

Shopify's vision for the future of commerce

Today we’re joined by Ilya Grigorik to talk about Shopify’s developer preview release of Hydrogen and the preview release of Oxygen which is in early access preview with select merchants on Shopify. Hydrogen is their React framework for dynamic, contextual, and personalized e-commerce. And Oxygen is Shopify’s hosted V8 JavaScript worker runtime that leverages all of their platform with the hope of scaling millions of storefronts. We cover what developers can expect from the Hydrogen framework, Shopify’s big bet on React Server Components, the future of Shopify at scale with Hydrogen powered by Oxygen, and a world where merchants never have to think about the complexities of scaling infrastructure.

Chris Manson chris.manson.ie

It's all gravy

This is a short post by long-time open source maintainer Chris Manson about commitment to tasks in the open source world and how life always takes priority over dev.

We always need to keep in mind that most open source contributions are given from people that are opting to give up their spare time (usually for free) and the level of expectation can never come anywhere close to the sort of relationship that an employer might have with an employee or contractor.

Pairs well with Every commit is a gift. 🍷

Founders Talk Founders Talk #82

Journey to CEO, again

Today Adam is joined by Evan Kaplan, CEO of InfluxData. Evan’s journey to become the CEO was not by way of founder, in this company. Evan has founded several companies in the past, and he’s been in a CEO position for more than 22 years. But InfluxData was founded by Paul Dix, and Paul knew years ago that his role (best role?) was to lead the technical and product direction of the company, which lead him to Evan. Today we share that story as well as a glimpse into operating the business that built the defacto platform for building time series applications with deep roots in open source.

The New Stack Icon The New Stack

How to find a mentor and get started in open source

The New Stack’s Jennifer Riggins covering Kubecon+CloudNativeCon 2021:

The Cloud Native Computing Foundation has more than 138,000 contributors making over 7 million contributions to more than 100 open source projects. It’s reasonable that getting started in open source would feel overwhelming — to say the least. So how do you get started as a contributor to cloud native projects? How do you find a mentor or guide to help you along?

She draws many solid takeaways from a panel that discussed this exact topic at the event. This quote from Grafana’s Uchechukwu Obasi is spectacular:

“I think open source really changed my life,” Obasi said. “I’m African, I live in Africa, but having the opportunity to work on software that impacts millions of lives, it’s an opportunity that I never take for granted. If open source can change my life, it can change yours too.”

Nix blog.replit.com

Betting on Nix

Replit is donating $25k to the NixOS Foundation. Here’s why:

Replit has a history of betting on nascent technologies. The first version of Replit used WebAssembly long before WebAssembly found widespread adoption. We’re betting that the Nix project will improve performance across the board, sidestep a whole slew of bugs for our community, and let any Replit user build and publish programming environments.

For a primer convo on Nix, (re)visit our conversation with Domen Kozar on The Changelog.

The Changelog The Changelog #465

Oh my! Zsh.

Robby Russell is back on The Changelog after more than 10 years to catch us up on all things Oh My Zsh — a delightful, open source, community-driven framework for managing your Zshell configuration. It comes bundled with plugins, themes, and can be easily customized and contributed to, because hey, that’s how open source works. In this episode Robby gives us a glimpse into the passion and the struggle of being an open source software maintainer.

Python lukasz.langa.pl

Where does all the effort go? Looking at Python core developer activity

Łukasz Langa was tasked by the PSF to look at the state of CPython as an active software development project.

What are people working on? Which standard libraries require most work? Who are the active experts behind which libraries? Those were just some of the questions asked by the Foundation. In this post I’m looking into our Git repository history and our Github PR data to find answers.

Follow along as Łukasz explains how they gathered the data, analyzed it, and got answers to the questions above.

Zach Leatherman zachleat.com

Who pays for web frameworks?

Zach Leatherman has been considering sustainability models for Eleventy, so he surveyed the field to see what everyone else in the web framework ecosystem are doing. Check out his post for the raw data and his analysis. Here’s where he stands as of today:

I don’t have the answers. I definitely wouldn’t agree that Eleventy has figured out our sustainable monetization strategy but I do really admire the success that Vue has had solving this exact problem. I do know that I have no interest in Trend 2 (raise investment money) but I’ll continue to keep a keen eye on what other indie-framework folks are doing.

0:00 / 0:00