Matthias Mair

@matmair
30 Followers
89 Following
418 Posts
Open Source, DevOps and civil engineering.
GHhttps://github.com/matmair
Backuphttps://codeberg.org/matmair
Websitehttps://mjmair.com
Matthias Mair3d ago
InvenTree3d ago

InvenTree 1.2.6 contains fixes for new security advisories

Updating to 1.2.6 is strongly advised. See GHSA-rhc5-7c3r-c769 and GHSA-m8j2-vfmq-p6qg for details.
Every admin should be aware of the assumed trust in our threat model. If you followed it you are not vulnerable see https://docs.inventree.org/en/latest/concepts/threat_model/

many thanks to patelhettt (x2) and alonaki for their research and responsible disclosure

#inventree #inventreedb #opensourcesecurity

Threat Model - InvenTree Documentation

InvenTree - Open Source Inventory Management

Matthias Mair5d ago
IT_Fettchen5d ago

„leider muss ich den Termin absagen, da die Thematik außerhalb meines definierten Zuständigkeitsbereiches liegt.“

Leider war das die einzige Person, die sich kümmerte und kompetente Antworten gab.

Willkommen im agilen Konzern.

Matthias MairMar 13
Hynek SchlawackMar 13
As someone who’s been maintaining FOSS projects of various levels of popularity for more than a decade, I need y’all to understand one thing: LLMs didn’t change the median PR quality. (1/6)
Matthias MairMar 11
Tom SchafferMar 11

Das Zitat ist nicht weniger als ein Rücktrittsgrund. Abgesehen von der Abstrahierung (mehr Risikoexperimente ohne Safeguards, weniger Datenschutz), die Wahnsinn genug ist (vom Staatssekreatär für Digitalisierung!).

Wo bitte kommen wir hin, wenn ein Regierungspolitiker einen Bürger und Bürgerrechtsaktivisten wie Max Schrems persönlich für verzichtbar erklärt?

Q: https://www.diepresse.com/20662631?giftcode=5fe619472b55cac4290e30a2561b20869ee5bf1d

Matthias MairMar 9
Kenneth FinneganDec 11, 2022
One of my nice friends at Hurricane Electric gave me a dead 100G-LR4 optic to tear apart for your entertainment, so for the sake of your entertainment, lets dig into it! 🧵
Matthias MairFeb 27
Seth LarsonFeb 27

Deprecate confusing APIs like “os.path.commonprefix()”. After fixing a vulnerability in #pip, I started digging into the confusing API and found more than I expected.

👉 https://sethmlarson.dev/deprecate-confusing-apis-like-os-path-commonprefix

#python #oss #opensource #security

Deprecate confusing APIs like “os.path.commonprefix()”

The os.path.commonprefix() function has been an API in the Python standard library for at least 35 years (since February 1991) and in that time has been confusing users and creating security issues...

sethmlarson.dev
Matthias MairFeb 25

GitHub: here are immutable releases. Let's make things safer![1]
GH: here we documented recommended usage [2]; use drafts
Also GH: No we don't provide a way in our CI product to trigger for published drafts; yes we will ignore feedback on this [3]

This also landed this unfinished in GHES. The pretty expensive enterprise offering

#github #supplychain #opensourcesecurity

links:
1: https://github.blog/changelog/2025-10-28-immutable-releases-are-now-generally-available/
2: https://docs.github.com/en/code-security/concepts/supply-chain-security/immutable-releases#best-practices-for-publishing-immutable-releases
3: https://github.com/orgs/community/discussions/7118

Immutable releases are now generally available - GitHub Changelog

GitHub releases now support immutability, adding a new layer of supply chain security. With immutable releases, assets and tags are protected from tampering after publication, so the software you publish—and…

The GitHub Blog
Matthias MairFeb 23
scyFeb 23

Kumpel von mir löst seine Werkstatt auf und hat ne Menge Zeug, das spätestens im März in neue Hände muss – oder den Container.

Plasmaschneider, Schweißgerät, Formatkreissäge ca. 180×180, Elektro(nik)geraffel, diverses Zeug.

Am liebsten würde er alles komplett abgeben, also eher nicht einzeln rauspicken. Hackspaces, offene Werkstätten evtl.?

Standort ist bei #Hennef (Sieg) aufm Dorf, Preis VHB aber günstig.

Fotos:
https://cloud.scy.name/s/H92FcYWeqFgXemE

Kontakt über mich, schreibt mir ne DM. Gerne Boosts.

Matthias MairFeb 20
Jeff TriplettFeb 20

RE: https://fosstodon.org/@paulox/116102884603308581

A++ content. I was in a call with @mkennedy and @pythonbynight this week, where this topic came up again.

We looked, and I thought Django's package size was 200M bigger than it actually is. Django is only 10.9 MB compressed, which is within ~1 MB of SQLAlchemy, which is kind of impressive to think about.

So running the Django ORM doesn't quite have the same mental tax as I have assumed all of these years.

#Django #Python

Matthias MairFeb 16

That moment when you make a pre-release announce 20 days before and seemingly no one tests but after release you get 30+ user complaining about an issue in 24hrs that one person with this seemingly somewhat common setup quirk doing a short test could have solved for.

Sigh, #opensource is sometimes just thankless.