Free, Libre, and Open Source Software< Leftovers

posted by Roy Schestowitz on Jan 25, 2025

• Trail of Bits ☛ Celebrating our 2024 open-source contributions

  Some of these changes may seem small in isolation—a more robust parser here, better error handling there—but together, they represent meaningful improvements to security tooling that thousands of engineers depend on. From hardening package signing workflows to enhancing fuzzing capabilities, each contribution helps build a more secure foundation for everyone.

  Let’s dive into some of the key contributions we made in 2024.

• The New Stack ☛ OpenVox: The Community-Driven Fork of Puppet Has Arrived

  The DevOps automation landscape is set for a significant shift as Puppet‘s open-source community launches OpenVox, a fork of the popular Puppet Infrastructure as Code tool.

  This fork sprang from Puppet’s owner, Perforce, moving Puppet’s binaries and packages to a private, hardened, and controlled location. In addition, community contributors would have limited access to the program, and usage beyond 25 nodes will require a commercial license. These changes have been resisted by long-time Puppet users and contributors who started this fork.

• Web Browsers/Web Servers

  • Hackaday ☛ Trap Naughty Web Crawlers In Digestive Juices With Nepenthes

    In the olden days of the WWW you could just put a robots.txt file in the root of your website and crawling bots from search engines and kin would (generally) respect the rules in it. These days, however, we have especially web crawlers from large language model (LLM) companies happily ignoring such signs on the lawn before proceeding to hover up every scrap of content on websites. Naturally this makes a lot of people very angry, but what can you do about it? The answer by [Aaron B] is Nepenthes, described on the project page as a ‘tar pit for catching web crawlers’.

  • Jan Piet Mens ☛ Uploading a message to an IMAP server using curl

    The reason, you see, is that Daniel mentioned curl could upload mail to an IMAP server. Yeah, right.

• Content Management Systems (CMS) / Static Site Generators (SSG)

  • Floh Gro ☛ FlohGro - Say Hello to 11ty 🚀

    So I started the adventure and looked how I could migrate my website to Eleventy - I have to admit I didn't do much of a research of which generator would be the best for me but I don't regret going with 11ty at all. I was amazed that with @11ty/import (GitHub repository) there is a command line tool to convert a WordPress blog to static files just via its URL. This was way too easy in the beginning. I moved on integrating the content into the Eleventy Base Blog to have a basic - ready to use - layout (I need to say that I have no experience with HTML and even less with CSS). A running version was there within a few hours (a lot of dabbling in the documentation and throwing error Messages at ChatGPT helped) and I was really amazed about the performance and about its simple look.

  • ID Root ☛ How To Install Joomla on Linux Mint 22

    Joomla stands out as one of the most popular open-source Content Management Systems (CMS), renowned for its user-friendly interface and robust feature set. Whether building a blog or a corporate website, Joomla’s flexibility and rich extension library make it a great choice for developers and beginners alike.

• Education

  • Adrian Gaudebert: 3 years of intense learning - The Dawnmaker Post-mortem

    It's been 3 years since I started working on Dawnmaker full-time with Alexis. The creation of our first commercial game coincided with the creation of Arpentor Studio, our company. I've shared a lot of insights along the way on this blog, from how we made our first market research (which was incredibly wrong) to how much we made with our game (look at the difference between the two, it's… interesting). I wrote a pretty big piece were I explained how we built Arpentor Studio. I wrote a dozen smaller posts about the development of Dawnmaker. And I shared a bunch of my feelings, mistakes and successes in my yearly State of the Adrian posts (in French only, sorry).

    But today, I want to take a step back and give a good look at these last 3 years. It's time for the Dawnmaker post-mortem, where I'm going to share what I believe we did well, what we did wrong, and what I've learned along the way. Because Dawnmaker and Arpentor Studio are so intertwined, I'm inevitably going to talk about the studio as well, but I think it makes sense. Let's get started!

• Licensing / Legal

  • The New Stack ☛ The Open Source License Rug Pull and More at SOO25

    When it comes to thinking about the state of open source, the relicensing issue is one of a number of frustrations faced by the community, many of which will be aired Feb. 4-5 in London at the third annual State of Open Conference (SOO25).