GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Notices by Andrew Nesbitt (andrewnez@mastodon.social)

  1. Embed this notice
    Andrew Nesbitt (andrewnez@mastodon.social)'s status on Saturday, 23-May-2026 02:48:54 JST Andrew Nesbitt Andrew Nesbitt

    Dumb Ways for an Open Source Project to Die: https://nesbitt.io/2026/05/19/dumb-ways-for-an-open-source-project-to-die.html

    In conversation about 3 days ago from mastodon.social permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: nesbitt.io
      Dumb Ways for an Open Source Project to Die
      from Andrew Nesbitt
      How your dependencies became Bernies
  2. Embed this notice
    Andrew Nesbitt (andrewnez@mastodon.social)'s status on Tuesday, 12-May-2026 03:55:12 JST Andrew Nesbitt Andrew Nesbitt

    I don't even know what is real anymore

    In conversation about 14 days ago from mastodon.social permalink

    Attachments


    1. https://files.mastodon.social/media_attachments/files/116/555/654/249/489/423/original/e2820941c0374b2f.png
  3. Embed this notice
    Andrew Nesbitt (andrewnez@mastodon.social)'s status on Thursday, 30-Apr-2026 23:46:55 JST Andrew Nesbitt Andrew Nesbitt

    GitHub Actions have consequences

    In conversation about a month ago from mastodon.social permalink
  4. Embed this notice
    Andrew Nesbitt (andrewnez@mastodon.social)'s status on Saturday, 25-Apr-2026 21:33:42 JST Andrew Nesbitt Andrew Nesbitt

    RE: https://mastodon.social/@andrewnez/116430573551428386

    31 new CVEs on openclaw this morning, I'm going to need to update my slides again: https://days-since-openclaw-cve.com/

    In conversation about a month ago from mastodon.social permalink

    Attachments

    1. No result found on File_thumbnail lookup.
      OpenClaw CVE Tracker — Intruder
      Tracking days since the last OpenClaw CVE, because apparently that's a full-time job.

  5. Embed this notice
    Andrew Nesbitt (andrewnez@mastodon.social)'s status on Friday, 24-Apr-2026 08:48:02 JST Andrew Nesbitt Andrew Nesbitt
    in reply to

    *slaps roof*

    You can fit so many vulnerabilities in this baby!

    In conversation about a month ago from mastodon.social permalink
  6. Embed this notice
    Andrew Nesbitt (andrewnez@mastodon.social)'s status on Friday, 24-Apr-2026 08:48:02 JST Andrew Nesbitt Andrew Nesbitt
    in reply to

    This talk is only 30 minutes, I'm going to speed running this thing too!

    In conversation about a month ago from mastodon.social permalink
  7. Embed this notice
    Andrew Nesbitt (andrewnez@mastodon.social)'s status on Friday, 24-Apr-2026 08:48:02 JST Andrew Nesbitt Andrew Nesbitt

    Researching Clawhub for a conference talk at the moment.

    It’s like they are speed running every package manager security flaw from the past 20 years 😅

    In conversation about a month ago from mastodon.social permalink
  8. Embed this notice
    Andrew Nesbitt (andrewnez@mastodon.social)'s status on Friday, 24-Apr-2026 08:48:01 JST Andrew Nesbitt Andrew Nesbitt
    in reply to

    Another fun one, ClawHub has an auto-hide feature if enough users report a skill as problematic.

    Anyone want to guess how many unique GitHub accounts you would need to completely hide every skill in the registry?

    In conversation about a month ago from mastodon.social permalink
  9. Embed this notice
    Andrew Nesbitt (andrewnez@mastodon.social)'s status on Friday, 24-Apr-2026 08:48:01 JST Andrew Nesbitt Andrew Nesbitt
    in reply to

    Definitely not investigation how worm-able clawhub is right now.

    <this-is-fine.gif>

    In conversation about a month ago from mastodon.social permalink
  10. Embed this notice
    Andrew Nesbitt (andrewnez@mastodon.social)'s status on Friday, 24-Apr-2026 08:48:01 JST Andrew Nesbitt Andrew Nesbitt
    in reply to

    We've got lockfiles! https://github.com/search?q=path%3A.clawhub%2Flock.json&type=code

    (no manifest file to go along with it though)

    In conversation about a month ago from mastodon.social permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: github.githubassets.com
      Build software better, together
      GitHub is where people build software. More than 150 million people use GitHub to discover, fork, and contribute to over 420 million projects.
  11. Embed this notice
    Andrew Nesbitt (andrewnez@mastodon.social)'s status on Friday, 24-Apr-2026 08:48:00 JST Andrew Nesbitt Andrew Nesbitt
    in reply to

    This talk started out with a single slide about ClawHub, at this point there's about 3 vulnerability reports I need to make before I can even give the talk :blobsweats:

    In conversation about a month ago from mastodon.social permalink
  12. Embed this notice
    Andrew Nesbitt (andrewnez@mastodon.social)'s status on Friday, 24-Apr-2026 08:48:00 JST Andrew Nesbitt Andrew Nesbitt
    in reply to

    Note to self: must stop tooting zero days

    In conversation about a month ago from mastodon.social permalink
  13. Embed this notice
    Andrew Nesbitt (andrewnez@mastodon.social)'s status on Friday, 24-Apr-2026 08:48:00 JST Andrew Nesbitt Andrew Nesbitt
    in reply to

    Oh fun, if a user gets banned, all their skills are hard deleted...

    LEFTPAD.md

    https://github.com/openclaw/clawhub/security#bans

    In conversation about a month ago from mastodon.social permalink
  14. Embed this notice
    Andrew Nesbitt (andrewnez@mastodon.social)'s status on Friday, 24-Apr-2026 00:42:46 JST Andrew Nesbitt Andrew Nesbitt

    Semantic Vibing (semvib) is where you version your SKILL.md files with semver (1.2.3) like it makes any difference to the reproducibility or determinism of your prompts.

    In conversation about a month ago from mastodon.social permalink

    Attachments


  15. Embed this notice
    Andrew Nesbitt (andrewnez@mastodon.social)'s status on Friday, 27-Feb-2026 02:27:48 JST Andrew Nesbitt Andrew Nesbitt

    Instead of using git as a database, what if you used database as a git?

    https://nesbitt.io/2026/02/26/git-in-postgres.html

    In conversation about 3 months ago from mastodon.social permalink
  16. Embed this notice
    Andrew Nesbitt (andrewnez@mastodon.social)'s status on Wednesday, 25-Feb-2026 11:18:28 JST Andrew Nesbitt Andrew Nesbitt

    https://nesbitt.io/xkcd-2347/

    In conversation about 3 months ago from mastodon.social permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: nesbitt.io
      xkcd 2347: Dependency
      Someday ImageMagick will finally break for good and we'll have a long period of scrambling as we try to reassemble civilization from the rubble.
  17. Embed this notice
    Andrew Nesbitt (andrewnez@mastodon.social)'s status on Saturday, 21-Feb-2026 22:15:11 JST Andrew Nesbitt Andrew Nesbitt

    What happens when a large open source project dies?

    https://nesbitt.io/2026/02/21/whale-fall.html

    In conversation about 3 months ago from mastodon.social permalink
  18. Embed this notice
    Andrew Nesbitt (andrewnez@mastodon.social)'s status on Sunday, 15-Feb-2026 18:37:10 JST Andrew Nesbitt Andrew Nesbitt

    I'm not as excited about https://github.blog/changelog/2026-02-13-new-repository-settings-for-configuring-pull-request-access/ as many are today.

    1. This should have been a feature in GitHub 10 years ago
    2. Shutting off the community because of a problem that GitHub has heavily pushed onto the oss community seems like closing the barn door after the horse has bolted.

    In conversation about 3 months ago from mastodon.social permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: github.blog
      New repository settings for configuring pull request access · GitHub Changelog
      from Allison
      Maintainers now have more control over how repositories accept contributions. Two new settings let you manage pull requests to better match your project’s needs. Disable pull requests entirely You can…
  19. Embed this notice
    Andrew Nesbitt (andrewnez@mastodon.social)'s status on Tuesday, 30-Dec-2025 02:43:59 JST Andrew Nesbitt Andrew Nesbitt

    Yesterday’s post I forgot to share: https://nesbitt.io/2025/12/27/how-to-ruin-all-of-package-management.html

    In conversation about 5 months ago from mastodon.social permalink

    Attachments

    1. No result found on File_thumbnail lookup.
      How to Ruin All of Package Management
      from Andrew Nesbitt
      Attach financial incentives to open source metrics and watch the spam flood in.
  20. Embed this notice
    Andrew Nesbitt (andrewnez@mastodon.social)'s status on Monday, 27-Oct-2025 09:45:11 JST Andrew Nesbitt Andrew Nesbitt

    Package manager devroom was accepted for FOSDEM 🎉 (Saturday morning)

    CFP coming soon

    In conversation about 7 months ago from mastodon.social permalink
  • Before

User actions

    Andrew Nesbitt

    Andrew Nesbitt

    Package Management Nerd, working on mapping the world of open source software https://ecosyste.ms and blogging about package managers at https://nesbitt.io

    Tags
    • (None)

    Following 0

      Followers 0

        Groups 0

          Statistics

          User ID
          223478
          Member since
          15 Dec 2023
          Notices
          24
          Daily average
          0

          Feeds

          • Atom
          • Help
          • About
          • FAQ
          • TOS
          • Privacy
          • Source
          • Version
          • Contact

          GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

          Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.