https://www.osmondvanhemert.nl/tags/open-source/Recent content in Open Source on Osmond van HemertHugo -- gohugo.ioen© Osmond van Hemert. All rights reserved.Thu, 09 Apr 2026 00:00:00 +0000https://www.osmondvanhemert.nl/posts/260409-xz-utils-supply-chain-anniversary/Thu, 09 Apr 2026 00:00:00 +0000https://www.osmondvanhemert.nl/posts/260409-xz-utils-supply-chain-anniversary/Nearly two years after the xz Utils backdoor shocked the open source world, the supply chain security landscape has changed — but not enough.https://www.osmondvanhemert.nl/posts/260226-opentofu-infrastructure-as-code/Thu, 26 Feb 2026 00:00:00 +0000https://www.osmondvanhemert.nl/posts/260226-opentofu-infrastructure-as-code/OpenTofu has matured significantly since its fork from Terraform. Here’s where things stand and what it means for teams managing cloud infrastructure.https://www.osmondvanhemert.nl/posts/260122-rust-linux-kernel-progress/Thu, 22 Jan 2026 00:00:00 +0000https://www.osmondvanhemert.nl/posts/260122-rust-linux-kernel-progress/Rust’s integration into the Linux kernel has moved beyond proof of concept into real subsystems, but the cultural and technical challenges remain fascinating.https://www.osmondvanhemert.nl/posts/251218-ultralytics-supply-chain-attack/Thu, 18 Dec 2025 00:00:00 +0000https://www.osmondvanhemert.nl/posts/251218-ultralytics-supply-chain-attack/A supply chain attack on the popular Ultralytics YOLO package highlights the persistent vulnerability of the Python ecosystem’s distribution pipeline.https://www.osmondvanhemert.nl/posts/251204-opentelemetry-logs-ga-three-pillars/Thu, 04 Dec 2025 00:00:00 +0000https://www.osmondvanhemert.nl/posts/251204-opentelemetry-logs-ga-three-pillars/OpenTelemetry’s logging API and SDK reaching general availability completes the observability trifecta. Here’s why this matters more than you might think.https://www.osmondvanhemert.nl/posts/250828-bitnami-docker-deletion/Thu, 28 Aug 2025 00:00:00 +0000https://www.osmondvanhemert.nl/posts/250828-bitnami-docker-deletion/Broadcom’s deletion of Bitnami images from Docker Hub is a wake-up call about depending on container registries you don’t control.https://www.osmondvanhemert.nl/posts/250821-uv-code-formatting-python-tooling/Thu, 21 Aug 2025 00:00:00 +0000https://www.osmondvanhemert.nl/posts/250821-uv-code-formatting-python-tooling/The uv package manager experimentally adds code formatting, continuing its ambitious push to become a single tool for the entire Python development workflow.https://www.osmondvanhemert.nl/posts/250814-gemma3-270m-small-models-big-impact/Thu, 14 Aug 2025 00:00:00 +0000https://www.osmondvanhemert.nl/posts/250814-gemma3-270m-small-models-big-impact/Google releases Gemma 3 at 270M parameters, proving that smaller, more efficient models might matter more than the next big model launch.https://www.osmondvanhemert.nl/posts/250529-opentofu-terraform-fork-maturing/Thu, 29 May 2025 00:00:00 +0000https://www.osmondvanhemert.nl/posts/250529-opentofu-terraform-fork-maturing/A year and a half after forking from Terraform, OpenTofu is proving that community-driven infrastructure tooling can thrive — but challenges remain.https://www.osmondvanhemert.nl/posts/250403-model-context-protocol-adoption/Thu, 03 Apr 2025 00:00:00 +0000https://www.osmondvanhemert.nl/posts/250403-model-context-protocol-adoption/Anthropic’s Model Context Protocol is gaining traction as a universal standard for connecting AI models to tools and data sources, and the implications for the developer ecosystem are worth watching.https://www.osmondvanhemert.nl/posts/250213-go-124-release/Thu, 13 Feb 2025 00:00:00 +0000https://www.osmondvanhemert.nl/posts/250213-go-124-release/Go 1.24 brings generic type aliases, improved tool management, and Swiss Tables. A look at how Go keeps evolving without losing its identity.https://www.osmondvanhemert.nl/posts/250123-deepseek-r1-open-source-reasoning/Thu, 23 Jan 2025 00:00:00 +0000https://www.osmondvanhemert.nl/posts/250123-deepseek-r1-open-source-reasoning/DeepSeek’s R1 reasoning model, released as fully open-source with an MIT license, demonstrates that frontier AI capabilities aren’t exclusive to US labs anymore.https://www.osmondvanhemert.nl/posts/241017-wordpress-wp-engine-open-source-rift/Thu, 17 Oct 2024 00:00:00 +0000https://www.osmondvanhemert.nl/posts/241017-wordpress-wp-engine-open-source-rift/The WordPress/WP Engine feud has escalated into a full-blown crisis, raising fundamental questions about open source governance and commercial ecosystems.https://www.osmondvanhemert.nl/posts/241003-wordpress-wp-engine-open-source-governance/Thu, 03 Oct 2024 00:00:00 +0000https://www.osmondvanhemert.nl/posts/241003-wordpress-wp-engine-open-source-governance/The escalating conflict between Automattic and WP Engine raises fundamental questions about open source trademarks, governance, and what happens when a project’s founder picks a fight.https://www.osmondvanhemert.nl/posts/240926-cups-vulnerability-linux-printing-security/Thu, 26 Sep 2024 00:00:00 +0000https://www.osmondvanhemert.nl/posts/240926-cups-vulnerability-linux-printing-security/A chain of vulnerabilities in CUPS, the Linux printing system, enables remote code execution — and highlights how forgotten infrastructure becomes a security liability.https://www.osmondvanhemert.nl/posts/240919-linux-kernel-6-11-rust-momentum/Thu, 19 Sep 2024 00:00:00 +0000https://www.osmondvanhemert.nl/posts/240919-linux-kernel-6-11-rust-momentum/Linux kernel 6.11 ships with expanding Rust support, signaling a real shift in systems programming’s most conservative codebase.https://www.osmondvanhemert.nl/posts/240905-rust-1-81-release/Thu, 05 Sep 2024 00:00:00 +0000https://www.osmondvanhemert.nl/posts/240905-rust-1-81-release/Rust 1.81 brings the Error trait into core, stabilizes new lint sorting, and continues the language’s steady march toward broader adoption.https://www.osmondvanhemert.nl/posts/240725-meta-llama-3-1-open-source/Thu, 25 Jul 2024 00:00:00 +0000https://www.osmondvanhemert.nl/posts/240725-meta-llama-3-1-open-source/Meta releases Llama 3.1 with a 405 billion parameter model under a permissive license, making frontier-class AI genuinely open for the first time.https://www.osmondvanhemert.nl/posts/240627-polyfill-io-supply-chain-attack/Thu, 27 Jun 2024 00:00:00 +0000https://www.osmondvanhemert.nl/posts/240627-polyfill-io-supply-chain-attack/The polyfill.io domain was acquired by a Chinese company and began injecting malware into over 100,000 websites, exposing fundamental weaknesses in how we trust third-party CDN dependencies.https://www.osmondvanhemert.nl/posts/240418-meta-llama-3-release/Thu, 18 Apr 2024 00:00:00 +0000https://www.osmondvanhemert.nl/posts/240418-meta-llama-3-release/Meta’s Llama 3 arrives with 8B and 70B parameter models that rival closed-source competitors, reshaping the open-weight AI landscape.https://www.osmondvanhemert.nl/posts/240404-redis-relicensing-valkey-fork/Thu, 04 Apr 2024 00:00:00 +0000https://www.osmondvanhemert.nl/posts/240404-redis-relicensing-valkey-fork/Redis Labs switches from BSD to a dual SSPL/RSALv2 license, and the Linux Foundation responds by backing the Valkey fork.https://www.osmondvanhemert.nl/posts/240328-xz-utils-backdoor-cve-2024-3094/Thu, 28 Mar 2024 00:00:00 +0000https://www.osmondvanhemert.nl/posts/240328-xz-utils-backdoor-cve-2024-3094/A sophisticated supply chain attack via the xz Utils compression library was caught just days before reaching stable Linux distributions.https://www.osmondvanhemert.nl/posts/240314-javascript-runtime-wars-bun-deno-node/Thu, 14 Mar 2024 00:00:00 +0000https://www.osmondvanhemert.nl/posts/240314-javascript-runtime-wars-bun-deno-node/With Bun 1.0 maturing, Deno pushing Node compatibility, and Node.js evolving faster than ever, the JavaScript runtime landscape is more interesting than it’s been in years.https://www.osmondvanhemert.nl/posts/240111-opentofu-1-6-terraform-fork-grows-up/Thu, 11 Jan 2024 00:00:00 +0000https://www.osmondvanhemert.nl/posts/240111-opentofu-1-6-terraform-fork-grows-up/OpenTofu hits its first GA release, proving that the open-source fork of Terraform is more than a protest — it’s a viable alternative.https://www.osmondvanhemert.nl/posts/240104-opentofu-open-source-infrastructure/Thu, 04 Jan 2024 00:00:00 +0000https://www.osmondvanhemert.nl/posts/240104-opentofu-open-source-infrastructure/As OpenTofu approaches its first stable release, the HashiCorp license change continues to reshape how we think about open source infrastructure tooling.https://www.osmondvanhemert.nl/posts/231026-opentofu-terraform-fork/Thu, 26 Oct 2023 00:00:00 +0000https://www.osmondvanhemert.nl/posts/231026-opentofu-terraform-fork/OpenTofu, the community fork of Terraform born from HashiCorp’s license change, is rapidly building momentum under the Linux Foundation.https://www.osmondvanhemert.nl/posts/230831-opentofu-terraform-fork-open-source/Thu, 31 Aug 2023 00:00:00 +0000https://www.osmondvanhemert.nl/posts/230831-opentofu-terraform-fork-open-source/HashiCorp’s switch to the Business Source License has triggered a community fork of Terraform called OpenTofu, and the implications for infrastructure-as-code are enormous.https://www.osmondvanhemert.nl/posts/230824-code-llama-open-source-code-generation/Thu, 24 Aug 2023 00:00:00 +0000https://www.osmondvanhemert.nl/posts/230824-code-llama-open-source-code-generation/Meta releases Code Llama, a family of open-source code generation models, and it might just change the dynamics of AI-assisted development.https://www.osmondvanhemert.nl/posts/230810-hashicorp-terraform-bsl-license/Thu, 10 Aug 2023 00:00:00 +0000https://www.osmondvanhemert.nl/posts/230810-hashicorp-terraform-bsl-license/HashiCorp’s decision to relicense Terraform and other products under the Business Source License has sent shockwaves through the infrastructure community.https://www.osmondvanhemert.nl/posts/230720-meta-llama2-open-source-llm/Thu, 20 Jul 2023 00:00:00 +0000https://www.osmondvanhemert.nl/posts/230720-meta-llama2-open-source-llm/Meta’s release of Llama 2 as a commercially-licensed open model changes the game for developers building with large language models.https://www.osmondvanhemert.nl/posts/230622-red-hat-rhel-source-code-controversy/Thu, 22 Jun 2023 00:00:00 +0000https://www.osmondvanhemert.nl/posts/230622-red-hat-rhel-source-code-controversy/Red Hat’s decision to restrict public access to RHEL source code sends shockwaves through the enterprise Linux ecosystem and raises fundamental questions about open source sustainability.https://www.osmondvanhemert.nl/posts/230223-meta-llama-open-source-llm/Thu, 23 Feb 2023 00:00:00 +0000https://www.osmondvanhemert.nl/posts/230223-meta-llama-open-source-llm/Meta’s release of LLaMA, a family of foundation language models available to researchers, could reshape the AI landscape by democratizing access to powerful LLMs.https://www.osmondvanhemert.nl/posts/230216-rust-enterprise-adoption-momentum/Thu, 16 Feb 2023 00:00:00 +0000https://www.osmondvanhemert.nl/posts/230216-rust-enterprise-adoption-momentum/With Rust 1.67 freshly shipped and adoption accelerating across major tech companies, the language is crossing the threshold from promising to essential.https://www.osmondvanhemert.nl/posts/221117-mastodon-fediverse-stress-test/Thu, 17 Nov 2022 00:00:00 +0000https://www.osmondvanhemert.nl/posts/221117-mastodon-fediverse-stress-test/As millions flee Twitter for Mastodon, the decentralized social protocol ActivityPub faces its biggest real-world scalability challenge yet.https://www.osmondvanhemert.nl/posts/221027-mastodon-decentralized-social-scaling/Thu, 27 Oct 2022 00:00:00 +0000https://www.osmondvanhemert.nl/posts/221027-mastodon-decentralized-social-scaling/As users flood to Mastodon following the Twitter acquisition, the open-source platform faces its biggest infrastructure test yet.https://www.osmondvanhemert.nl/posts/221020-ubuntu-2210-kinetic-kudu/Thu, 20 Oct 2022 00:00:00 +0000https://www.osmondvanhemert.nl/posts/221020-ubuntu-2210-kinetic-kudu/Ubuntu 22.10 ships with updated toolchains and GNOME 43, but the real story is what it previews for the next LTS cycle.https://www.osmondvanhemert.nl/posts/220929-linux-kernel-6-release/Thu, 29 Sep 2022 00:00:00 +0000https://www.osmondvanhemert.nl/posts/220929-linux-kernel-6-release/Linux 6.0 arrives with Rust language support, performance improvements, and new hardware enablement — but the real story is what the version bump signals about the kernel’s evolution.https://www.osmondvanhemert.nl/posts/220908-stable-diffusion-open-source-ai/Thu, 08 Sep 2022 00:00:00 +0000https://www.osmondvanhemert.nl/posts/220908-stable-diffusion-open-source-ai/Stability AI’s open release of Stable Diffusion marks a watershed moment for generative AI, putting powerful image generation in the hands of every developer.https://www.osmondvanhemert.nl/posts/220825-stable-diffusion-open-source-ai-art/Thu, 25 Aug 2022 00:00:00 +0000https://www.osmondvanhemert.nl/posts/220825-stable-diffusion-open-source-ai-art/Stability AI releases Stable Diffusion as open source, putting state-of-the-art image generation in the hands of anyone with a GPU. The implications are enormous.https://www.osmondvanhemert.nl/posts/220811-rust-163-scoped-threads/Thu, 11 Aug 2022 00:00:00 +0000https://www.osmondvanhemert.nl/posts/220811-rust-163-scoped-threads/Rust 1.63 brings scoped threads to stable, finally making it ergonomic to share stack references across threads without Arc or cloning.https://www.osmondvanhemert.nl/posts/220728-bun-javascript-runtime-shakes-up-ecosystem/Thu, 28 Jul 2022 00:00:00 +0000https://www.osmondvanhemert.nl/posts/220728-bun-javascript-runtime-shakes-up-ecosystem/Bun, a new JavaScript runtime built on JavaScriptCore and written in Zig, is making waves with extraordinary benchmark numbers. Is it the Node.js challenger we’ve been waiting for?https://www.osmondvanhemert.nl/posts/220428-pycon-us-2022-python-momentum/Thu, 28 Apr 2022 00:00:00 +0000https://www.osmondvanhemert.nl/posts/220428-pycon-us-2022-python-momentum/PyCon US 2022 kicks off in Salt Lake City with Python riding high as the world’s most popular programming language.https://www.osmondvanhemert.nl/posts/220317-node-ipc-protestware-supply-chain/Thu, 17 Mar 2022 00:00:00 +0000https://www.osmondvanhemert.nl/posts/220317-node-ipc-protestware-supply-chain/A popular npm package was deliberately sabotaged by its own maintainer, raising urgent questions about supply chain trust in open source.https://www.osmondvanhemert.nl/posts/220310-rust-linux-kernel-progress/Thu, 10 Mar 2022 00:00:00 +0000https://www.osmondvanhemert.nl/posts/220310-rust-linux-kernel-progress/The Rust for Linux project continues gaining momentum with updated patch series and growing support from kernel maintainers. Memory safety in the kernel is getting real.https://www.osmondvanhemert.nl/posts/220217-alpha-omega-open-source-security/Thu, 17 Feb 2022 00:00:00 +0000https://www.osmondvanhemert.nl/posts/220217-alpha-omega-open-source-security/The Linux Foundation’s new Alpha-Omega Project, backed by Google and Microsoft, aims to systematically improve the security of critical open source software.https://www.osmondvanhemert.nl/posts/220113-white-house-open-source-security-summit/Thu, 13 Jan 2022 00:00:00 +0000https://www.osmondvanhemert.nl/posts/220113-white-house-open-source-security-summit/The White House convened tech leaders to address open source security after Log4Shell. Here’s what was discussed and what it means for developers.https://www.osmondvanhemert.nl/posts/220106-faker-colors-open-source-sabotage/Thu, 06 Jan 2022 00:00:00 +0000https://www.osmondvanhemert.nl/posts/220106-faker-colors-open-source-sabotage/A single developer deliberately corrupted two widely-used npm packages, exposing the fragility of the open source supply chain.https://www.osmondvanhemert.nl/posts/211209-log4shell-zero-day/Thu, 09 Dec 2021 00:00:00 +0000https://www.osmondvanhemert.nl/posts/211209-log4shell-zero-day/A critical remote code execution vulnerability in Apache Log4j has sent the entire industry scrambling. Here’s what you need to know and do right now.https://www.osmondvanhemert.nl/posts/211118-centos-stream-9-enterprise-linux-shift/Thu, 18 Nov 2021 00:00:00 +0000https://www.osmondvanhemert.nl/posts/211118-centos-stream-9-enterprise-linux-shift/CentOS Stream 9 has arrived as the successor to both CentOS 8 and the traditional CentOS model — and the enterprise Linux community is still adapting.https://www.osmondvanhemert.nl/posts/211111-npm-coa-rc-supply-chain-attacks/Thu, 11 Nov 2021 00:00:00 +0000https://www.osmondvanhemert.nl/posts/211111-npm-coa-rc-supply-chain-attacks/Popular npm packages coa and rc were hijacked to distribute malware, impacting thousands of projects and raising urgent questions about supply chain security.https://www.osmondvanhemert.nl/posts/211021-ua-parser-js-npm-supply-chain-attack/Thu, 21 Oct 2021 00:00:00 +0000https://www.osmondvanhemert.nl/posts/211021-ua-parser-js-npm-supply-chain-attack/The popular ua-parser-js npm package was hijacked to deliver cryptominers and credential stealers, affecting millions of weekly downloads.https://www.osmondvanhemert.nl/posts/211014-gitlab-ipo-open-source-business/Thu, 14 Oct 2021 00:00:00 +0000https://www.osmondvanhemert.nl/posts/211014-gitlab-ipo-open-source-business/GitLab’s successful IPO this week validates the open-core model and raises important questions about the future of open-source developer tooling.https://www.osmondvanhemert.nl/posts/210812-github-copilot-open-source-debate/Thu, 12 Aug 2021 00:00:00 +0000https://www.osmondvanhemert.nl/posts/210812-github-copilot-open-source-debate/GitHub Copilot’s AI-powered code suggestions have sparked a fierce debate about open source licensing, training data consent, and the future of code ownership.https://www.osmondvanhemert.nl/posts/210722-alphafold-protein-database-ai-science/Thu, 22 Jul 2021 00:00:00 +0000https://www.osmondvanhemert.nl/posts/210722-alphafold-protein-database-ai-science/DeepMind releases 350,000 protein structure predictions as an open database — a rare moment where AI genuinely accelerates scientific progress.https://www.osmondvanhemert.nl/posts/210603-gitops-argocd-cncf-incubation/Thu, 03 Jun 2021 00:00:00 +0000https://www.osmondvanhemert.nl/posts/210603-gitops-argocd-cncf-incubation/With ArgoCD accepted into CNCF incubation and Flux reaching its own milestones, GitOps is transitioning from buzzword to standard practice for Kubernetes deployments.https://www.osmondvanhemert.nl/posts/210401-php-git-server-compromise/Thu, 01 Apr 2021 00:00:00 +0000https://www.osmondvanhemert.nl/posts/210401-php-git-server-compromise/Attackers pushed malicious commits to PHP’s official Git repository, exposing the fragile trust model behind open-source supply chains.https://www.osmondvanhemert.nl/posts/210325-aws-opensearch-elasticsearch-fork/Thu, 25 Mar 2021 00:00:00 +0000https://www.osmondvanhemert.nl/posts/210325-aws-opensearch-elasticsearch-fork/Amazon announces OpenSearch, a fork of Elasticsearch, escalating the most consequential open source licensing battle in years.https://www.osmondvanhemert.nl/posts/210204-rust-foundation-systems-programming/Thu, 04 Feb 2021 00:00:00 +0000https://www.osmondvanhemert.nl/posts/210204-rust-foundation-systems-programming/The newly formed Rust Foundation, backed by AWS, Google, Huawei, Microsoft, and Mozilla, gives Rust the institutional stability it needs for the next phase of growth.https://www.osmondvanhemert.nl/posts/210121-signal-surge-whatsapp-privacy/Thu, 21 Jan 2021 00:00:00 +0000https://www.osmondvanhemert.nl/posts/210121-signal-surge-whatsapp-privacy/WhatsApp’s updated privacy policy drives millions to Signal, highlighting the growing demand for privacy-respecting open-source alternatives.https://www.osmondvanhemert.nl/posts/210114-elasticsearch-license-change/Thu, 14 Jan 2021 00:00:00 +0000https://www.osmondvanhemert.nl/posts/210114-elasticsearch-license-change/Elastic’s decision to move Elasticsearch and Kibana from Apache 2.0 to dual SSPL/Elastic License reignites the debate about open source sustainability in the cloud era.https://www.osmondvanhemert.nl/posts/201224-centos-stream-shift/Thu, 24 Dec 2020 00:00:00 +0000https://www.osmondvanhemert.nl/posts/201224-centos-stream-shift/Red Hat’s decision to shift CentOS from a stable downstream rebuild to a rolling upstream preview has sent shockwaves through the server community.https://www.osmondvanhemert.nl/posts/200924-vuejs-3-one-piece-rewrite/Thu, 24 Sep 2020 00:00:00 +0000https://www.osmondvanhemert.nl/posts/200924-vuejs-3-one-piece-rewrite/Vue.js 3.0 ships after two years of development with a TypeScript rewrite, Composition API, and significant performance improvements.https://www.osmondvanhemert.nl/posts/200806-linux-kernel-5-8-release/Thu, 06 Aug 2020 00:00:00 +0000https://www.osmondvanhemert.nl/posts/200806-linux-kernel-5-8-release/Linux 5.8 lands with a massive changeset. Linus Torvalds himself says it’s one of the biggest releases of all time — here’s what developers should care about.https://www.osmondvanhemert.nl/posts/200604-linux-kernel-57-release/Thu, 04 Jun 2020 00:00:00 +0000https://www.osmondvanhemert.nl/posts/200604-linux-kernel-57-release/Linux 5.7 ships with split-lock detection, the new ExFAT driver, userfaultfd improvements, and a thermal management overhaul — a release that matters more than its headlines suggest.https://www.osmondvanhemert.nl/posts/200416-github-free-for-teams/Thu, 16 Apr 2020 00:00:00 +0000https://www.osmondvanhemert.nl/posts/200416-github-free-for-teams/GitHub drops pricing barriers for teams, making unlimited private repos and essential collaboration features free for everyone.https://www.osmondvanhemert.nl/posts/200319-github-acquires-npm/Thu, 19 Mar 2020 00:00:00 +0000https://www.osmondvanhemert.nl/posts/200319-github-acquires-npm/GitHub’s acquisition of npm consolidates the JavaScript ecosystem’s most critical infrastructure under one roof. Here’s why that matters — and what could go wrong.https://www.osmondvanhemert.nl/posts/200312-open-source-pandemic-response/Thu, 12 Mar 2020 00:00:00 +0000https://www.osmondvanhemert.nl/posts/200312-open-source-pandemic-response/As the WHO declares a pandemic, open source developers worldwide are mobilizing with tracking dashboards, distributed computing, and collaborative tools at unprecedented speed.