Our plan for a more secure npm supply chain
Addressing a surge in package registry attacks, GitHub is strengthening npm’s security with stricter authentication, granular tokens, and enhanced trusted publishing to restore trust in the open source ecosystem.

The post Our plan for a more secure npm supply chain appeared first on The GitHub Blog. ⌘ Read more

Gartner positions GitHub as a Leader in the 2025 Magic Quadrant for AI Code Assistants for the second year in a row
Our commitment is to empower every developer and stay true to our north star by building an open, secure, and AI-powered platform that defines the future of software development.

The post [Gartner positions GitHub as a Leader in the 2025 Magic Quadrant for AI Code Assistants for the second yea … ⌘ Read more

ProcessOne: Why Europe’s ‘Chat Control’ Proposal Will Cripple European Communication Industry While Failing to Protect Children

Image

On October 14th, the European Concil will vote on a regulation that … ⌘ Read more

I bought an iPhone (as my third smartphone)
I never thought I would do this, but I bought an iPhone. It’s a pretty cheap iPhone SE 2. Gen (2020) used from eBay, like the device I got issued from my work. It’s so tiny and it’s really difficult to type even a short text like this. ⌘ Read more

A bike ride to reset
After a tough last weekend, a little cold, and bad weather, I was really exhausted and not in the best mood this week. But I knew the weather would be great on Friday, so I planned a bike tour. A 47-kilometer round trip north where there aren’t many hills. ⌘ Read more

Silent Component Updates & Redesigned Update Experience
Following on from our previous initiative to improve how Docker Desktop delivers updates, we are excited to announce another major improvement to how Docker Desktop keeps your development tools up to date. Starting with Docker Desktop 4.46, we’re introducing automatic component updates and a completely redesigned update experience that puts your productivity first. Why We’re… ⌘ Read more

Beyond Containers: llama.cpp Now Pulls GGUF Models Directly from Docker Hub
The world of local AI is moving at an incredible pace, and at the heart of this revolution is llama.cpp—the powerhouse C++ inference engine that brings Large Language Models (LLMs) to everyday hardware (and it’s also the inference engine that powers Docker Model Runner). Developers love llama.cpp for its performance and simplicity. And we at… ⌘ Read more

It’s autumn. Cloudy, windy, and occasionally rainy. But it’s supposed to warm up again this weekend, so will I go for a bike ride then? ⌘ Read more

Ignite Realtime Blog: Openfire 5.0.2 release!
The IgniteRealtime community is happy to announce a new release of its open source, real-time communications server server Openfire! Version 5.0.2 brings a number of stability improvements and bug fixes.

Notably, it addresses a recently identified security vulnerability, identifies as CVE-2025-59154. The issue allows for potential identity spoofing via unsafe Common Nam … ⌘ Read more

added opengraph to my blog :D https://bubblegum.girlonthemoon.xyz/articles/underground-soundcloud-remixes

JMP: Newsletter: (e)SIM nicknames, Cheogram Android updates, and Cheogram iOS alpha
Hi everyone!

Welcome to the latest edition of your pseudo-monthly JMP update! (it’s been 7 months since the last one 😨)

In case it’s been a while since you checked out JMP, here’s a refresher: JMP lets you send and receive text and picture messages (and calls) through a real phone number right from your computer, tablet, phone, or anything else that has a Jabber client. Among other things, JMP has these features: Y … ⌘ Read more

Erlang Solutions: ElixirConf US 2025: Highlights from My First ElixirConf
Joining conferences is one of the best perks of working as a Developer at Erlang Solutions. Despite having attended multiple Code BEAM conferences in Europe, ElixirConf US 2025 was my first. The conference had 3 tracks, filled with talks from 45+ speakers and 400+ attendees, both in-person and virtual.

ElixirConf is one of the great occasions to connect with other Elixir ent … ⌘ Read more

Is that really necessary? How hard is it to make a 32-bit build? 🤔 Honest question. https://blog.mozilla.org/futurereleases/2025/09/05/firefox-32-bit-linux-support-to-end-in-2026/

ProcessOne: Spotify’s Direct Messaging Gambit

Image

Last week, Spotify quietly launched direct messaging across its platform in selected areas, allowing users to share tracks and playlists through private conversations within the app. The feature was rolled out with mini … ⌘ Read more

Mathieu Pasquet: slixmpp v1.11
This new version includes a few new XEP plugins as well as fixes, notably
for some leftover issues in our rust JID code, as well as one for a bug that
caused issues in Home Assistant.

Thanks to everyone who contributed with code, issues, suggestions, and reviews!

Nicoco put in a lot of work in order to get all possible wheels built in CI. We now have manylinux and musl builds of everything doable within codeberg,
published to the codeberg pypi repo, and published on pypi. … ⌘ Read more

As expected: Didn’t last long. They’re coming from different IPs now.

I’ve read enough blog posts by other people to know that this is probably pointless. The bots have so many IPs/networks at their disposal …

This is soooo bloody cool, @movq@www.uninformativ.de! https://www.uninformativ.de/blog/postings/2025-08-30/0/POSTING-en.html

Erlang Solutions: Healthcare Blog Round-Up
Healthcare is moving quickly, and technology is playing a big part in that shift. The way information is collected, the way patients are cared for, and the way hospitals run are all changing.

Over the past year, our team has written about some of the most important trends shaping the future of healthcare. In this round-up, we bring together three of those articles: remote patient monitoring, big data, and generative AI.

Maybe you have been following along, or … ⌘ Read more

I’ve got a prototype of my hardcopy simulator going. I’m typing on the keyboard and the “display” goes to the printer:

https://movq.de/v/56feb53912/s.png

https://movq.de/v/235c1eabac/MVI_8810.MOV.mp4

The biiiiiiiiiig problem is that the print head and plastic cover make it impossible to see what’s currently being printed, because this is not a typewriter. This means: In order to see what I just entered, I have to feed the paper back and forth and back and forth … it’s not ideal.

I got that idea of moving back/forth from Drew DeVault, who – as it turned out – did something similar a few years back. (I tried hard to read as little as possible of his blog post, because figuring things out myself is more fun. But that could mean I missed a great idea here or there.)

But hey, at least this is running on my Pentium 133 on SuSE Linux 6.4, printer connected with a parallel cable. 😍

(Also, yes, you can see the printouts of earlier tests and, yes, I used ed(1) wrong at one point. 🤪 And ls insisted on using colors …)

ProcessOne: 🚀 ejabberd 25.08

Image

Release Highlights:

This release includes the support for Hydra rooms in our Matrix gateway, which fixes high severity protocol vulnerabilities.

• Improvements in Matrix gateway
  
• Fixed ACME in Erlang/OTP 28.0.2
  
• **[New mod_providers to serve XMPP Providers file](https://www.process-one.net/blog/rss/ … ⌘ Read more

Erlang Solutions: MongooseIM 6.4: Simplified and Unified
MongooseIM is a scalable and efficient instant messaging server. With the latest release 6.4.0, it has become more powerful yet easier to use and maintain. Thanks to the internal unification of listeners and connection handling, the configuration is easier and more intuitive, while numerous new options are supported.

New features include support for TLS 1.3 with optional channel binding for improved security, single round-trip authent … ⌘ Read more

Sam Whited: Notes
I’ve recently been using the Mixxx software for DJs. This page includes some
personal notes on my own use cases, what’s good, what’s bad, etc.
It is not really made for general consumption, but is thrown up here anyways.
It will be a bit rambling and/or ranty at times, most likely.

Let’s get my overall impressions of the software out of the way up front: it’s
absolutely great and I recommend it over the commercial alternatives for DJs of
all stripes (except maybe Radio DJs, it’s not really for … ⌘ Read more

XMPP Providers: A Rising Tide Lifts All Boats

In May 2025, we ran a small survey to gather feedback from XMPP server operators.
Our main concerns were XMPP Provider’s service and the project itself.
First of all, we would like to thank almost 60 people who participated in this survey.
While the XMPP Providers project currently lists a little more than 70 providers, this is a good turnout.
At this point we can already tell that the gen … ⌘ Read more

In case you were blissfully unaware: https://utcc.utoronto.ca/~cks/space/blog/unix/XLibreIsExplicitlyPolitical

Erlang Solutions: Supporting the BEAM Community with Free CI/CD Security Audits
At Erlang Solutions, our support for the BEAM community is long-standing and built into everything we do. From contributing to open-source tools and sponsoring events to improving security and shaping ecosystem standards, we’re proud to play an active role in helping the BEAM ecosystem grow and thrive.

One way we’re putting that support into action is by offering free CI/CD-based security … ⌘ Read more

Prosodical Thoughts: Debian repository key change
We have been working on some changes to our Debian/Ubuntu package repository.
If you use our repository to keep up to date with new Prosody packages, you
need to take action before 4th August 2025 to continue receiving updates
smoothly.

The ‘apt’ utility has been moving towards a new format for specifying package
repositories. If you are familiar with putting deb lines in a sources.list
file, [that method is changing](ht … ⌘ Read more

37C3 and New Year’s Eve 2023
Another one from the vaults. The 37C3 conference took place in
December, 2023. This report was mostly written in January, 2024.
Mostly finished it at night in my cottage between 28 and 29th
December, then edited and added some stuff in July, 2025. So… Only
1.5 years late?

It was a little ironic, and a little sad, that I was finishing the
37C3 report during 38C3. I didn’t manage to get any tickets for me and
#3 for 38C3 and had to make do with watching the stream.

The links to the talks go to [C … ⌘ Read more

@movq@www.uninformativ.de According to this screenshot, KDE still shows good old application icons: https://upload.wikimedia.org/wikipedia/commons/9/94/KDE_Plasma_5.21_Breeze_Twilight_screenshot.png

And GNOME used to have them, too: https://upload.wikimedia.org/wikipedia/commons/9/9f/Gnome-2-22_%284%29.png

I like the looks of your window manager. That’s using Wayland, right? The only thing on this screenshot to critique is all that wasted space of the windows not making use of the full screen!!!1 At least the file browser. 8-)

This drives me nuts when my workmates share their screens. I really don’t get it how people can work like that. You can’t even read the whole line in the IDE or log viewer with all the expanded side bars. And then there’s 200 pixels on the left and another 300 pixels on the right where the desktop wallpaper shows. Gnaa! There’s the other extreme end when somebody shares their ultra wide screen and I just have a “regularish” 16:10 monitor and don’t see shit, because it’s resized way too tiny to fit my width. Good times. :-D

Sorry for going off on a tangent here. :-) Back to your WM: It has the right mix of being subtle and still similar to motif. Probably close to the older Windowses. My memory doesn’t serve me well, but I think they actually got it fairly good in my opinion. Your purple active window title looks killer. It just fits so well. This brown one (https://www.uninformativ.de/blog/postings/2025-07-22/0/leafpads.png) gives me also classic vibes. Awww. We ran some similar brownish color scheme (don’t recall its name) on Win95 or Win98 for some time on the family computer. I remember other people visting us not liking these colors. :-D

ProcessOne: XMPP: When a 25-Year-Old Protocol Becomes Strategic Again
After twenty-five years, XMPP (Extensible Messaging and Presence Protocol) is still here. Mature, proven, modular, and standardized, it may well be the most solid foundation available today to build the future of messaging.

And now, XMPP is more relevant than ever: its resurgence is driven by European digital sovereignty efforts, renewed focus on interoperabil … ⌘ Read more

gomdn: Yet another Static Site Generator
Yet another Static Site Generator (SSG), but this one is mine.

It’s a stupidly simple Go program ( wc says 229 lines), more like a
hack, really, but I don’t need something like Hugo. Most of the real
work is done by the goldmark package, of course. This is mostly just a
wrapper, deciding if something needs to be rebuilt.

I’ve been using a Perl script together with cmark (originally
Markdown.pl) since forever. And before that the old [txt2tags](htt … ⌘ Read more

@movq@www.uninformativ.de I fully agree with you on https://www.uninformativ.de/blog/postings/2025-07-22/0/POSTING-en.html!

Although, in the first screenshot, the window title background is much darker in the new version than the old one!1!1 :-P Kidding aside, the contrast in the old one is still better.

Also, note the missing underlines for the Alt hotkeys now. I just think that the underline in the old one is too thick.

Status 2025-07-21
Morning, computer! Spending my days off trying to figure things out.
Some of them will occur in this post. I think best when I’m writing,
after all.

I’m back from a short vacation since a couple of weeks. I’m still
going to take a few days off every week for a while. I need the break.
It’s been way too many 12-16 hour workdays. I’m nominally working 80%
(~6 hour days), so I figure I’ve been working a lot for free.

Yeah, well, I like the TKey project to succeed. The ideas behind it
have implicatio … ⌘ Read more

HTTP referrers are quite broken, aren’t they?

Because of that recent storm on my blog, I had a peek at them. There’s a lot of garbage in there. For example, https://docs.freebsd.org/en/books/handbook/disks-virtual.html is supposed to refer to one of my blog posts …

What’s going on here?

Erlang Solutions: What is Remote Patient Monitoring?
Remote Patient Monitoring (RPM) is changing how care is delivered. By tracking health data through connected devices outside traditional settings, it helps clinicians act sooner, reduce readmissions, and focus resources where they’re most needed. With rising NHS pressures and growing demand for digital care, RPM is becoming central to how both public and private providers support long-term conditions, recovery, and hospital-at-home mod … ⌘ Read more

TKey: The Next Generation
Not speaking for my employer, just as an interested developer in an
interesting open source project.

As you might have noticed, the platform repo of the Tillitis TKey has
some alpha tags for the next generation, Castor:

https://github.com/tillitis/tillitis-key1/tags

An alpha tag means that all planned features for the platform are in
place, but there’s not yet a complete audit and a lot of testing … ⌘ Read more

ProcessOne: ejabberd 25.07

Image

Release Highlights:

This release focus on integration in a wider federated network, with support for spam fighting features, better compliance with Matrix network and native support for PubSub Server Information to have your server count as part of the wider XMPP network (for example, you can register your server on XMPP Network Graph).

• **Spam filter … ⌘ Read more

How to Mount a Balcony Awning
Hi Kris,

I’ve been reading your website for quite a while. It’s one of my favourite blogs. Thank you for what you are doing!

We are currently experiencing a heat wave in Germany, so I drew inspiration from Low-tech Magazine’s article “ How to Dress and Undress your Home” and built an awning on my balcony. I documented the process so that other readers can install one themselves.

The ov … ⌘ Read more

@prologic@twtxt.net Hm, I wouldn’t say that. Go code could fall into that category as well.

Maybe this topic could use a blog post / article, that explains what it’s about. I’m finding it hard to really define what “suckless-like software” is. 🤔 (Their own philosophy focuses too much on elitism, if you ask me.)

@prologic@twtxt.net Ah, I’m referring to software that’s similar to that of suckless.org: Small, minimal codebases, small tools, but still useful. dmenu is probably the best example and also farbfeld.

Here’s the author of Anubis talking about some of their experiences:

https://xeiaso.net/blog/why-i-use-suckless-tools-2020-06-05/

(You can skip the long config and keybinds part.)

Ignite Realtime Blog: Empowering Digital Sovereignty with Openfire: A Secure and Customizable Communication Platform
In today’s interconnected world, digital sovereignty has become increasingly important for individuals and organizations seeking to maintain control over their data, infrastructure, and technologies. Openfire, an open-source, real-time collaboration (RTC) server that uses the XMPP (Extensible Messaging and Presence … ⌘ Read more

A good blog post that makes some good points: Can I ethically use LLMs?

Okay, now this is a very interesting Rust feature:

https://blog.rust-lang.org/2025/07/03/stabilizing-naked-functions/

This (and inline assembly) makes Rust really interesting for very low-level stuff. 🥳

** Om nom nom LLMs, in which I respond to Simon Willison’s analogy **
I am hesitant to wade into the tumultuous waters that are the discourse around generative AI and LLMs, but this morning I came across a thing that so thoroughly melted my brain I feel uncontrollably compelled to respond.

This morning, at evidently 4:10 AM (no mention of timezone), Simon Willison shared the following blog post, quoted here in full:

Quitting programming as … ⌘ Read more

@mckinley@mckinley.cc’s blog appears to have gone stale, hm.

I did a “lecture”/“workshop” about this at work today. 16-bit DOS, real mode. 💾 Pretty cool and the audience (devs and sysadmins) seemed quite interested. 🥳

• People used the Intel docs to figure out the instruction encodings.
  
• Then they wrote a little DOS program that exits with a return code and they used uhex in DOSBox to do that. Yes, we wrote a COM file manually, no Assembler involved. (Many of them had never used DOS before.)
  
• DEBUG from FreeDOS was used to single-step through the program, showing what it does.
  
• This gets tedious rather quickly, so we switched to SVED from SvarDOS for writing the rest of the program in Assembly language. nasm worked great for us.
  
• At the end, we switched to BIOS calls instead of DOS syscalls to demonstrate that the same binary COM file works on another OS. Also a good opportunity to talk about bootloaders a little bit.
  
• (I think they even understood the basics of segmentation in the end.)
  

The 8086 / 16-bit real-mode DOS is a great platform to explain a lot of the fundamentals without having to deal with OS semantics or executable file formats.

Now that was a lot of fun. 🥳 It’s very rare that we do something like this, sadly. I love doing this kind of low-level stuff.

@lyse@lyse.isobeef.org Multi-Threading. Is. Hard. 🤯 And yes, that blog is great. 👌

On my blog: Short Fiction — Transgender Athlete Bans https://john.colagioia.net/blog/2025/06/22/title-ix-hope.html #fiction #freeculture #lgbtpridemonth #politics

https://www.teotimepacreau.fr/blog/bonnes-pratiques-pour-generer-un-flux-rss/

On my blog: Free Culture Book Club — First Woman — Dream to Reality https://john.colagioia.net/blog/2025/06/21/first-woman-1.html #freeculture #bookclub

On my blog: Toots 🦣 from 06/16 to 06/20 https://john.colagioia.net/blog/2025/06/20/week.html #linkdump #socialmedia #quotes #week