Hasty Briefsbeta

All tags

#opensource

265 stories total

Bilingual

Curl: We still have not seen a single valid security report done with AI help
a year ago
- Daniel Stenberg, the curl CEO, is implementing strict measures against AI-generated security reports on HackerOne for curl.
- Reporters must now declare if they used AI to find or generate their submission, with follow-up questions if they did.
- Instant bans will be issued for reporters submitting what is deemed 'AI slop', as these reports are overwhelming the system.
- The idea of requiring a small deposit from researchers, refundable only if the report is valid, is being considered to reduce noise.
- There's a discussion on whether public bug bounty programs are still viable in the age of AI-generated attacks.
- Suggestions include HackerOne implementing identity verification and a point system to penalize repeat offenders of low-quality submissions.
- The issue reflects broader concerns about the sustainability of handling AI-generated content and attacks in tech security.
App v1 is out
a year ago
- PeerTube mobile app v1 released by Framasoft, developed by Wicklow.
- New features include logging into multiple PeerTube accounts, managing subscriptions, and commenting on videos.
- Playlist management allows adding, editing, and deleting playlists directly from the app.
- Additional features: thumbs up/down, two-factor authentication, and viewing recently watched videos.
- Future updates may include background video play, recommendations, and TV broadcasting.
- Development funded by NGI0 Entrust program (European Commission) via NLnet.
- Community support is crucial for further improvements and features.
Unity’s Open-Source Double Standard: the ban of VLC
a year ago
- VLC for Unity integration was banned from the Unity Store in 2023 despite being open-source.
- Unity uses LGPL dependencies itself but enforces bans inconsistently on others.
- Videolabs launched its own store to distribute VLC for Unity binaries.
- Videolabs offers consulting packages for LibVLC and FFmpeg support.
- New products like Kyber and Unreal engine integrations are upcoming.
Yggdrasil Linux/GNU/X
a year ago
- Yggdrasil Linux/GNU/X (LGX) was an early Linux distribution developed by Yggdrasil Computing, Inc.
- It was the first company to create a live CD Linux distribution, released on December 8, 1992.
- The distribution was known for its 'Plug-and-Play' feature, automatically configuring hardware.
- Yggdrasil's name was inspired by Norse mythology, symbolizing the assembly of disparate software into a complete product.
- The alpha release required a 386 computer with 8 MB RAM and 100 MB hard disk, featuring Linux kernel 0.98.1 and X Window System v11r5.
- A beta release followed in February 1993, priced at US$60, with Linux kernel 0.99.5.
- The production release was priced at US$99 but was free for developers whose software was included.
- Yggdrasil Computing, Inc. was founded by Adam J. Richter and contributed significantly to early Linux development.
- The company remained active until at least 2000, with its last corporate filing in January 2004.
- Yggdrasil also published early Linux compilation books and offered volume discounts and donations to CSRG.
Because of security vulnerabilities: LibreOffice advises against OpenOffice
a year ago
- LibreOffice advises against using OpenOffice due to unresolved security vulnerabilities.
- OpenOffice has known security issues for years, with some dating back to at least November 2023.
- LibreOffice accuses Apache Software Foundation (ASF) of not actively developing OpenOffice, harming the open-source community.
- OpenOffice's recent updates are minor, focusing on bug fixes and dictionary updates, with no new features since 2014.
- LibreOffice and OpenOffice share a common origin, stemming from StarOffice, but diverged in 2010 due to Oracle's acquisition of Sun Microsystems.
- OpenOffice played a key role in establishing the Open Document Format (ODF) as a standard for office applications.
Loko Scheme, an optimizing, bare-metal Scheme compiler
a year ago
- Loko Scheme is an optimizing Scheme compiler available via git clone from https://scheme.fail/git/loko.git/.
- It is also available through package repositories like Guix and Docker.
- A bootable hard drive image is provided for machines with ≥1GB RAM.
- Licensed under EUPL-1.2-or-later, a copyleft license with a SaaS clause.
- Includes limited hardware support and works on real hardware, though it requires a legacy PIC.
- Bug reports should be sent via email, and questions can be directed to comp.lang.scheme or #loko on irc.libera.chat.
We Fixed 2k+ Security Issues (2023)
a year ago
- Dgraph Labs Inc. implemented Continuous Security Audits to detect and remediate security issues in their OpenSource offerings.
- Integrated toolsets with GitHub Actions for improved visibility and faster resolution of security issues.
- Addressed over 2k+ security issues in ~3 months, enhancing SOC2 compliance.
- Security audits focus on three layers: Code, Binary Artifacts, and Docker Images.
- Code layer audits include dependency package checks (CVEs) and static analysis (Linters).
- Binary Artifacts layer ensures secure environment and SHA validation for integrity.
- Docker Images layer focuses on updated Linux packages to prevent vulnerabilities.
- CVEs (Common Vulnerabilities and Exposures) are identifiers for tracking software vulnerabilities.
- Linters are automated tools for detecting code issues, improving quality and security.
- Continuous Security Audits involve Code & Build Phase (Aqua Trivy Scans) and Post Release Phase (Snyk Scans).
- GitHub Security tab used for visualizing, triaging, and resolving security issues.
- DependaBot enabled for auto-remediation of security issues.
- Tracked fixes via GitHub, showing a decrease in reported issues over time.
- Achieved significant results: resolved 2k+ security issues and 1k+ CVEs across projects.
- Future focus includes exploring AI-driven security tools and auto-remediation solutions.
AnduinOS – Windows-like, Ubuntu-based Linux distro made by a Microsoft engineer
a year ago
- AnduinOS is a custom Ubuntu-based Linux distribution designed to ease the transition for developers moving from Windows to Linux.
- The project relies on user donations for support.
- Requires AMD64 architecture for building.
- Build parameters can be edited in the ./src/args.sh file.
- To build the OS, navigate to ./src and run ./build.sh, resulting in an ISO file in ./src/dist.
- The ISO can be mounted on a virtual machine for installation.
- Licensed under GNU GENERAL PUBLIC LICENSE; see LICENSE file for details.
- Includes open-source software provided without any warranty.
- Community support available via AnduinOS Discussions.
- Bug reports and feature requests should be submitted through the Issues page.
Factors steadily fueling Linux's desktop rise
a year ago
- Linux's desktop rise is supported by Android and Chromebooks, making up 25.1% of users, surpassing MacOS and Windows versions.
- US government data shows Linux desktop usage at 5.4% in 2025, with mobile and desktop OS usage nearly equal.
- Windows is no longer Microsoft's priority, leading users to alternatives like Linux Mint for outdated PCs.
- Linux gaming has become viable thanks to Steam, increasing its share in the PC gaming market.
- Linux is now user-friendly with easy software installation via Flatpak, Snap, and AppImage, and is safer than Windows.
How to Build a Smartwatch: Picking a Chip
a year ago
- Selected chip for Core Time 2 is SF32LB52J from SiFli, featuring an open-source SDK.
- Smartwatch components: watch hardware, software (firmware/OS), and mobile companion app.
- Designing a smartwatch involves constraint maximization to meet target experience goals.
- Watch hardware includes microcontroller, display, sensors, electronic components, and battery.
- Choosing a microcontroller and display are the most challenging decisions in smartwatch design.
- Pebble's history with STM32F2 microcontrollers and the importance of software compatibility.
- Nordic’s nRF52840 was used for Core 2 Duo, but Core Time 2 needed more RAM and power.
- SiFli's SF32LB52J offers 512K SRAM, 16M PSRAM, low power (~50uA with BLE), and costs <$2.
- SiFli's SDK is open-source, and they offered to help port PebbleOS to their chips.
Microsoft lays off faster CPython team
a year ago
- Microsoft canceled support for the Faster CPython project, leading to layoffs.
- The Python Language Summit proceeded despite the news, showcasing open-source resilience.
- Offers of support and job opportunities were extended to affected team members.
- Mike hinted at alternative open-source projects for speeding up Python.
- Various companies expressed interest in hiring the laid-off engineers.
Rust Turns 10
a year ago
- Rust celebrates its 10th anniversary since the 1.0 release.
- Amazon extensively uses Rust in AWS services and PrimeVideo.
- Rust is being adopted in surprising places, like Netherlands election software.
- Graydon Hoare, Rust's founder, set the vision and culture for the language.
- Rust's Code of Conduct emphasizes inclusivity, kindness, and recognizing trade-offs.
- Open-source collaboration has been crucial to Rust's evolution.
- The ACM SIGPLAN Software Award highlighted Rust's community-driven success.
- Rust's ability to evolve while maintaining stability is a key strength.
- Engaging with users reminds the team of Rust's impact and potential.
- Rust aims to empower developers to build foundational software without fear.
LLM-D: Kubernetes-Native Distributed Inference at Scale
a year ago
- CoreWeave, Google, IBM Research, NVIDIA, and Red Hat launched the llm-d community.
- llm-d is a Kubernetes-native distributed inference serving stack for large language models.
- Features include vLLM-Optimized Inference Scheduler, Disaggregated Serving with vLLM, Disaggregated Prefix Caching with vLLM, and Variant Autoscaling.
- llm-d adopts a layered architecture on top of vLLM, Kubernetes, and Inference Gateway.
- The project is community-driven, Apache-2 licensed, and has an open development model.
- Installation options include a full solution via Helm chart or individual components.
- Weekly standups, Slack discussions, and Google Groups are used for collaboration.
- Project is licensed under Apache License 2.0.
Rocky Linux 10 Will Support RISC-V
a year ago
- Rocky Linux 10 will officially support RISC-V architecture.
- Supported platforms include StarFive VisionFive 2, QEMU, and SiFive HiFive Premier P550.
- RISC-V builds will be considered an Alternative Architecture, not blocking other architectures.
- Community-driven initiative with collaboration from Fedora RISC-V and other organizations.
- Rapid iteration and growth expected with community feedback and involvement.
- Rocky Linux 10 aims for a truly open, cross-architecture ecosystem.
NixOS 25.05 Released
a year ago
- NixOS 25.05 “Warbler” is now publicly available.
- NixOS is a Linux distribution, and its package repository Nixpkgs can also be used on other Linux systems and macOS.
- This release will receive updates until 2025-12-31, while the previous release 24.11 “Vicuña” is deprecated and will stop receiving updates after 2025-06-30.
- 2857 contributors made this release possible with 57054 commits since the last release.
- Nixpkgs added 7840 new packages, updated 28054 existing ones, and removed 1694 outdated packages.
- NixOS added 137 new modules and 1930 configuration options while removing 10 outdated modules and 215 options.
- GNOME 48 “Bengaluru” introduces new features like notification stacking, a new music player, and HDR support.
- The default Linux kernel has been updated from 6.6 to 6.12.
- LLVM updated to version 19 and GCC to version 14.
- Special thanks were given to contributors, editors, the infrastructure team, and the Nixpkgs staging team.
- The release managers expressed gratitude and excitement for the community's efforts and look forward to the next release, NixOS 25.11 “Xantusia”.
Mathpad: A mathematical keypad for students and professionals
a year ago
- Mathpad is a keypad designed for typing equations and mathematical symbols, targeting STEM professionals and students.
- It supports 112 symbols from algebra, calculus, set theory, logic, and the full Greek alphabet.
- Connects via USB-C and works alongside a regular keyboard on Windows, macOS, and Unix systems.
- Supports multiple output modes including Plaintext, LaTeX, Microsoft Office, and LibreOffice equation editors.
- Compatible with various Latin keyboard layouts like US ANSI, UK, French AZERTY, and DVORAK.
- Open-source hardware with design files available for replication, modification, and distribution under specified licenses.
- Certified by the Open Source Hardware Association with OSHWA certification ID UK000074.
- Logos and certification are properties of Summacogni OÜ and cannot be replicated.
WavePhoenix – open-source implementation of the Nintendo WaveBird protocol
a year ago
- The WaveBird controller is highly regarded for its wireless capability, long battery life, and comfort.
- An open-source implementation of the Nintendo WaveBird protocol was developed using Silicon Labs Wireless Gecko SoCs.
- The project includes firmware components like libwavebird (WaveBird protocol), libsi (SI protocol), receiver firmware, and a bootloader.
- Hardware design focuses on affordability and ease of building, featuring a PCB with an RF-BM-BG22C3 module and a 3D printable case.
- The WaveBird protocol uses DSSS (Direct Sequence Spread Spectrum) with 15 chips per bit for robust communication.
- Silicon Labs Wireless Gecko EFR32FG1 SoCs were chosen for their hardware support of the required modulation.
- The project overcame challenges in packet decoding and radio configuration to achieve near-original performance.
- Features include channel selection, virtual pairing, and support for multiple controllers on the same channel.
- Potential future enhancements include transmitter firmware, N64 WaveBird receiver, and USB HID dongle support.
- The project acknowledges contributions from the community and is licensed under MIT for firmware and Solderpad Hardware License v2.1 for hardware.
Show HN: Open Source PDF Viewer Using Chrome’s PDF Engine (MIT, WebAssembly)
a year ago
- EmbedPDF is a lightweight, customizable PDF viewer for any JavaScript project.
- It is open-source, MIT licensed, with no paywalls or limits.
- Offers extensive API for themes, annotations, search, and more.
- Compatible with JavaScript or TypeScript projects, including React, Vue, Svelte, or vanilla.
- Quick integration with just two lines of code.
- Example provided for easy setup in HTML.
- Testimonials highlight time savings and improved document handling.
- Encourages developers to join and simplify PDF integration.
Radeon Software for Linux Dropping AMD's Proprietary OpenGL/Vulkan Drivers
a year ago
- AMD is dropping proprietary OpenGL and Vulkan drivers from Radeon Software for Linux.
- Future releases will rely on Mesa drivers, including RADV for Vulkan.
- RADV, developed by Red Hat, Google, Valve, and others, will be officially supported.
- AMD AMF will also be removed, with users encouraged to use VA-API in Mesa.
- This change aligns with AMD's commitment to open-source software.
- The proprietary drivers were less popular due to strong upstream open-source support.
- The shift is seen as a positive, long-overdue move for AMD's Linux support.
Kan.bn – An open-source alterative to Trello
a year ago
- Board Visibility: Control who can view and edit your boards
- Workspace Members: Invite members and collaborate with your team
- Trello Imports: Easily import your Trello boards
- Labels & Filters: Organise and find cards quickly
- Comments: Discuss and collaborate with your team
- Activity Log: Track all card changes with detailed activity history
- Templates (coming soon): Save time with reusable board templates
- Integrations (coming soon): Connect your favourite tools
- Clone the repository (or fork)
- Install dependencies
- Copy .env.example to .env and configure your environment variables
- Start the development server
- We welcome contributions! Please read our contribution guidelines before submitting a pull request.
- Kan is licensed under the AGPLv3 license.
- For support or to get in touch, please email [email protected] or join our Discord server.

first prev1next

About|Login

#opensource

Curl: We still have not seen a single valid security report done with AI help

App v1 is out

Unity’s Open-Source Double Standard: the ban of VLC

Yggdrasil Linux/GNU/X

Because of security vulnerabilities: LibreOffice advises against OpenOffice

Loko Scheme, an optimizing, bare-metal Scheme compiler

We Fixed 2k+ Security Issues (2023)

AnduinOS – Windows-like, Ubuntu-based Linux distro made by a Microsoft engineer

Factors steadily fueling Linux's desktop rise

How to Build a Smartwatch: Picking a Chip

Microsoft lays off faster CPython team

Rust Turns 10

LLM-D: Kubernetes-Native Distributed Inference at Scale

Rocky Linux 10 Will Support RISC-V

NixOS 25.05 Released

Mathpad: A mathematical keypad for students and professionals

WavePhoenix – open-source implementation of the Nintendo WaveBird protocol

Show HN: Open Source PDF Viewer Using Chrome’s PDF Engine (MIT, WebAssembly)

Radeon Software for Linux Dropping AMD's Proprietary OpenGL/Vulkan Drivers

Kan.bn – An open-source alterative to Trello