Piotr P. Karwasz

@pkarwasz
11 Followers
65 Following
9 Posts
githubhttps://github.com/ppkarwasz
Piotr P. KarwaszAug 7, 2025
Open Source EconomyAug 7, 2025

The next ๐—Ÿ๐—ผ๐—ด๐Ÿฐ๐—ฆ๐—ต๐—ฒ๐—น๐—น is not a matter of ๐˜ช๐˜ง, but ๐˜ธ๐˜ฉ๐˜ฆ๐˜ฏ. The critical Java libraries we use daily are built mainly by volunteers

๐—ช๐—ฒ ๐—ฐ๐—ฎ๐—ป'๐˜ ๐˜„๐—ฎ๐—ถ๐˜ ๐—ณ๐—ผ๐—ฟ ๐—ฎ๐—ป๐—ผ๐˜๐—ต๐—ฒ๐—ฟ ๐—ฑ๐—ถ๐˜€๐—ฎ๐˜€๐˜๐—ฒ๐—ฟ!

That's why we're building a new solution: a nonprofit partnership between ๐˜๐—ต๐—ฒ ๐—ฐ๐—ผ๐—บ๐—ฝ๐—ฎ๐—ป๐—ถ๐—ฒ๐˜€ ๐˜‚๐˜€๐—ถ๐—ป๐—ด ๐—ฐ๐—ฟ๐—ถ๐˜๐—ถ๐—ฐ๐—ฎ๐—น ๐—๐—ฎ๐˜ƒ๐—ฎ ๐—น๐—ถ๐—ฏ๐—ฟ๐—ฎ๐—ฟ๐—ถ๐—ฒ๐˜€ and ๐˜๐—ต๐—ฒ ๐—บ๐—ฎ๐—ถ๐—ป๐˜๐—ฎ๐—ถ๐—ป๐—ฒ๐—ฟ๐˜€ (like @pkarwasz of Apache Log4j) who support them.

To build a model that works, we need your input.

๐Ÿ‘‰https://forms.gle/ARYtRvDKewxAC4Ct6

#Java #OpenSource #Log4Shell #Cybersecurity #OpenSSF

Piotr P. KarwaszApr 28, 2025

I just released version `0.2.0` of SBOM Enforcer Maven Plugin.

This plugin does for (CycloneDX) SBOMs what the Maven Enforcer Plugin does for POM files.
Although the current number of built-in rules is small, the plugin is extensible and other built-in rules are on their way!

https://github.com/sbom-enforcer/sbom-enforcer/releases/tag/rel%2F0.2.0

Release 0.2.0 ยท sbom-enforcer/sbom-enforcer

What's Changed fix: possible NPEs in handling Maven and CycloneDX models by @ppkarwasz in #42 fix: handle modules with packaging pom by @ppkarwasz in #43 fix: set global workflow permissions to em...

GitHub
Piotr P. KarwaszApr 16, 2025

Let us analyze the exploitability of vulnerabilities in OSS together.

In collaboration with OpenRefactory, we developed a prototype to analyze the exploitability of CVEs all along the dependency chain and submit that data to the OSS projects themselves.

More info soon at:

https://github.com/copernik-eu/vexation/

https://www.youtube.com/watch?v=cuqhScxAISQ

GitHub - copernik-eu/vexation: An example of distributed vulnerability handling

An example of distributed vulnerability handling. Contribute to copernik-eu/vexation development by creating an account on GitHub.

GitHub
Piotr P. KarwaszJan 26, 2025
Jarek PotiukJan 26, 2025

Outlier AI. You are doing it wrong.

Hiring people to post completely nonsenese or copy&pasted issues in reputable open-source repositories - and make maintainers train your AI on it ? not good.

There are 50 such issues in last few days in @airflow repo [1] and counting. More details in [2]

[1] https://github.com/apache/airflow/issues?q=is%3Aissue%20state%3Aclosed%20label%3A%22AI%20Spam%22

[2] https://www.linkedin.com/posts/jarekpotiuk_outlier-you-are-doing-it-wrong-please-activity-7289278690213990400-MOuC

Piotr P. KarwaszJan 19, 2025
Kees van der LeunJan 19, 2025
Tiktok, by Nick Anderson.
Piotr P. KarwaszJan 8, 2025
OpenForum EuropeJan 8, 2025

Capital Series is heading to Warsaw on June 11th! ๐Ÿ‡ต๐Ÿ‡ฑ ๐Ÿ‡ช๐Ÿ‡บ

Join us to explore how #OpenSource can drive Poland's digitalization & security goals during its EU Presidency. ๐Ÿค

In partnership with Red Hat Poland, APELL, PIIT, LPI & Apache Software Foundation.

Registrations will be opening soon!

Follow our newsletter to stay updated:
๐Ÿ‘‰ https://lnkd.in/e8SeArqb

#Poland25eu #CapitalSeries

LinkedIn

This link will take you to a page thatโ€™s not on LinkedIn

Piotr P. KarwaszJan 1, 2025
Sindarina, Edge Case DetectiveJun 24, 2023

Since I keep seeing developers use โ€˜prettyโ€™ IP addresses like โ€™1.2.3.4โ€™ in example configurations; a reminder that you MUST NOT use publicly routable addresses that you do not control in your code.

Instead, use one of the available 'TEST-NET' IPv4 or IPv6 ranges documented in RFC 6890;

192.0.2.0/24
198.51.100.0/24
203.0.113.0/24

โŒ 1.2.3.4
โœ… 192.0.2.4

and for IPv6;

โœ… 2001:db8::/32

Pass it on to all of your fellow developers, documentation writers, and so forth.

Full RFC for special purpose addresses;

https://datatracker.ietf.org/doc/rfc6890/

Reserved for documentation, IPv4 and IPv6;

https://datatracker.ietf.org/doc/rfc5737/
https://datatracker.ietf.org/doc/rfc3849/

1/ ๐Ÿงต

RFC 6890: Special-Purpose IP Address Registries

This memo reiterates the assignment of an IPv4 address block (192.0.0.0/24) to IANA. It also instructs IANA to restructure its IPv4 and IPv6 Special-Purpose Address Registries. Upon restructuring, the aforementioned registries will record all special-purpose address blocks, maintaining a common set of information regarding each address block.

IETF Datatracker
Piotr P. KarwaszDec 9, 2024
daniel:// stenberg://Dec 9, 2024

The #curl CVE we will publish on Wednesday addresses an issue that has existed in source code for almost twenty-five years.

severity low though, so the sky might not fall this week either