Open source built the internet. It’s still holding it together with duct tape and goodwill.

Let’s treat it — and the people behind it — like the $8.8 trillion miracle it is.

#aislop #opensourcesoftware #security #cybersecurity #touchgrass

* Using OSS personally? Thank a maintainer. Donate. Contribute. Even fixing a typo in the README helps.

* Using OSS in your business? Chances are, you are. Time to give back — with funding, sponsorships, or actual engineering help.

So, what can you do?

* Using AI to vibe-code security bugs? Please stop. Seriously. Shut the laptop. Go touch grass. Maybe talk to a human.

Want a peek into his inbox of doom?
1. HackerOne cURL Hacktivity hackerone.com/curl/hacktiv...
2. Filter by: status = not applicable
3. Feel: 😬 existential dread

This is what happens when people feed vibe-code into an LLM, squint, and hit “submit.”

Enter the AI Slop Era.

Take Daniel Stenberg — creator and lead maintainer of cURL and libcurl — two of the most widely used OSS projects in existence. Instead of sipping margaritas on a beach somewhere (as he should be), he's busy triaging nonsense AI-generated “exploits” reported via HackerOne.

Let that sink in. Open source software is quietly propping up the global economy like a tired BOFH running on coffee and unpaid emotional labor.

And how do we reward open source maintainers, the unsung heroes keeping the digital world upright?

It’s not light reading, but here’s the TL;DR:

* Supply-side value of creating and maintaining popular open source software? About $4.15 billion.

* Demand-side replacement cost if companies had to rebuild that OSS themselves? A casual $8.8 trillion.

The Citizen Lab has an excellent write up here : citizenlab.ca/2025/06/a-pr...

David Fraser has an excellent YouTube play list regarding C-2, and his concerns here : www.youtube.com/playlist?lis...

#canadaday #civilrights #privacy

Let’s not sleepwalk into surveillance. We deserve better.

If you're a Canadian resident, contact your Member of Parliament : www.ourcommons.ca/members/en - remember, it's their elected job to represent you.

I've posted more about C-2 here: bsky.app/profile/omkh...

C-2 is an incredibly violation of civil rights. It must be stopped.

I don’t expect legislators to understand software engineering, that’s why software engineers need to advocate against this.

PPS If you're a Canadian resident, find your Member of Parliament here: www.ourcommons.ca/members/en

PS The Citizen Lab has an excellent write up citizenlab.ca/2025/06/a-pr...

#PrivacyMatters #BillC2 #Canada #DigitalRights #Policy #CivicEngagement

If you're concerned (and you should be), reach out to your Member of Parliament. Let them know you oppose C-2 and support real protections for Canadian privacy and civil rights.

You can read the full bill here:

www.parl.ca/DocumentView...

Let’s not sleepwalk into surveillance. We deserve better.

Free societies are built on the principle that the law protects the innocent—not that we must prove we have nothing to hide.

I keep seeing arguments like, “If you’re not doing anything wrong, you have nothing to worry about.”

Let me be clear: that’s not how rights work.

All accessed more easily under vague “exigent circumstances”

As a person who’s been accosted based on “reasonable suspicion” due to…. existing, I’m concerned that this bill expands surveillance powers and erodes due process protections that Canadians have long relied on.