Matthias Mair

@matmair
31 Followers
90 Following
425 Posts
Open Source, DevOps and civil engineering.
GHhttps://github.com/matmair
Backuphttps://codeberg.org/matmair
Websitehttps://mjmair.com
Matthias Mair3d ago

New blog entry: Open Source Tools for Open Source Hardware
https://mjmair.com/blog/2026/open-source-tools-for-open-source-hardware

Ready about my new-ish project (about 2 months old now). Direct link to the project https://beta.mid-size.org/

#openhardware #opensource #inventree #awesomelists

Matthias J Mair - Open Source Tools for Open Source Hardware

Matthias Mair3d ago
WeiterGebenOrg : Möbel spenden3d ago

Bitte an Interessenten im Raum Tirol weiterleiten

Spende: 13x TischeDetails:
- Menge: 13
- sehr gut erhaltenen Stühle für die Volksschule.
- Farbe: Buche_und_grün
- Hersteller: Mayr Möbel
- Gebrauchsspuren: leicht
- Zustand: funktionsfähig
- Kategorie: SchuleSpenden-Nr. #Möbelspende #Pfaffenhofen #Sachspende #Schule #Tirol #Tische

https://weitergeben.org/moebelspenden/tische-spende-in-pfaffenhofen/

Matthias MairMar 26

If you want to test out software that recommends to not expose it to the internet:
- do not expose it to the internet without need
- put some rate limiting in front
- disable self-registration
- do not forget to update for 4 years

Unrelated: I just rescanned my known list of public, unsecured instances of a software that is dear to my heart
Unrelated: loosing my mind over here

Matthias MairMar 26
InvenTreeMar 26

Attention all sysadmins / selfhosters of #inventree instances:
We will publish a critical security vulnerability and patched version on 2026-04-08 21:00 UTC

Read https://inventree.org/blog/2026/03/25/security-release for more details - there are several recommended steps to keep your instance safe in the meantime.

Please prepare to update as soon as we release. #inventreedb #opensource

Action required - Upcoming Security Release

The InvenTree core development team has received a report of a critical security vulnerability affecting a large range of releases since 2024. We will release a disclosure and a fixed release for the 1.2.x release series on 2026-04-08 21:00 UTC. The vulnerability allows for lateral movement and privilege escalation within an InvenTree instance. It has a low attack complexity.

InvenTree
Matthias MairMar 21
InvenTreeMar 21

InvenTree 1.2.6 contains fixes for new security advisories

Updating to 1.2.6 is strongly advised. See GHSA-rhc5-7c3r-c769 and GHSA-m8j2-vfmq-p6qg for details.
Every admin should be aware of the assumed trust in our threat model. If you followed it you are not vulnerable see https://docs.inventree.org/en/latest/concepts/threat_model/

many thanks to patelhettt (x2) and alonaki for their research and responsible disclosure

#inventree #inventreedb #opensourcesecurity

Threat Model - InvenTree Documentation

InvenTree - Open Source Inventory Management

Matthias MairMar 19
IT_FettchenMar 19

„leider muss ich den Termin absagen, da die Thematik außerhalb meines definierten Zuständigkeitsbereiches liegt.“

Leider war das die einzige Person, die sich kümmerte und kompetente Antworten gab.

Willkommen im agilen Konzern.

Matthias MairMar 13
Hynek SchlawackMar 13
As someone who’s been maintaining FOSS projects of various levels of popularity for more than a decade, I need y’all to understand one thing: LLMs didn’t change the median PR quality. (1/6)
Matthias MairMar 11
Tom SchafferMar 11

Das Zitat ist nicht weniger als ein Rücktrittsgrund. Abgesehen von der Abstrahierung (mehr Risikoexperimente ohne Safeguards, weniger Datenschutz), die Wahnsinn genug ist (vom Staatssekreatär für Digitalisierung!).

Wo bitte kommen wir hin, wenn ein Regierungspolitiker einen Bürger und Bürgerrechtsaktivisten wie Max Schrems persönlich für verzichtbar erklärt?

Q: https://www.diepresse.com/20662631?giftcode=5fe619472b55cac4290e30a2561b20869ee5bf1d

Matthias MairMar 9
Kenneth FinneganDec 11, 2022
One of my nice friends at Hurricane Electric gave me a dead 100G-LR4 optic to tear apart for your entertainment, so for the sake of your entertainment, lets dig into it! 🧵
Matthias MairFeb 27
Seth LarsonFeb 27

Deprecate confusing APIs like “os.path.commonprefix()”. After fixing a vulnerability in #pip, I started digging into the confusing API and found more than I expected.

👉 https://sethmlarson.dev/deprecate-confusing-apis-like-os-path-commonprefix

#python #oss #opensource #security

Deprecate confusing APIs like “os.path.commonprefix()”

The os.path.commonprefix() function has been an API in the Python standard library for at least 35 years (since February 1991) and in that time has been confusing users and creating security issues...

sethmlarson.dev