Mastodawn

David Chisnall (*Now with 50% more sarcasm!*)22h ago

Almost 25 years ago, I wrote a blog post with the title ‘jumping ship slowly’ about leaving Windows (XP was awful, it was mind boggling to me that Vista managed to make people nostalgic for XP). My advice remains the same:

Don’t try switching OS first. The OS is the most easily replaceable bit in the stack. Switch applications first. Most ‘Linux’ apps are cross platform. They’ll run on Windows, and the few that don’t will run in WSL2. You can switch out apps one at a time, and take the time to get comfortable with the alternatives.

Once you’re comfortable not using any Windows-only apps, changing the OS but using all of the same applications is very easy to do. Changing OS and application stack at the same time is an enormous obstacle.

I believe this is also why a lot of corporate and government Linux migrations fail: they try to change everything at the same time and that’s too steep a learning curve.

secana 1d ago

I improved the Kellnr #helm chart. It contains breaking changes. If you use it, have a look: https://kellnr.io/blog/helm-chart-v6

#rustlang #rust

Kellnr: The private Rust Crate Registry

Kellnr is a private Crate registry for Rust written in Rust to self-host or run in the cloud.

secana 6d ago

🎉 kellnr just crossed 1,000 ⭐ on GitHub!

A little perspective:
🦀 993 days from first public commit to 1k stars
👥 40 contributors, 2,212 commits
📦 66 releases (now v6.3.0)
🔀 939 merged PRs

Check it out: https://kellnr.io

#rustlang #rust #oss

Kellnr: The private Rust Crate Registry

Kellnr is a private Crate registry for Rust written in Rust to self-host or run in the cloud.

Show thread

secana May 26

Btw. Forji is licensed under GPLv3, which is not an issue in the App Store, even if the opposite is stated a lot online.

secana May 26

Forji, my #iOS app for #forgejo reached its first 1000 downloads. When I wrote the app a few weeks ago, I was unsure if there is any need at all, besides for myself. Happy to see it provide real value for the #oss ecosystem.

secana May 25

Show thread

Se'eS May 25

@jonah why use github when there is #forgejo

https://forgejo.org/

Forgejo – Beyond coding. We forge.

Forgejo is a self-hosted lightweight software forge. Easy to install and low maintenance, it just does the job.

secana May 25

Xavier «X» Santolaria

May 25

🕵🏻‍♂️ [InfoSec MASHUP] 21/2026 - The Supply Chain Didn't Break. It Was Walked.

This week's issue reads like a case study in cascade failure. A malicious VS Code extension on one #GitHub employee's device leads to 3,800 internal repositories exfiltrated — by #TeamPCP, the same group that poisoned 170 npm and #PyPI packages last week. #Grafana gets breached via a token nobody rotated after the TanStack attack, itself a TeamPCP operation. A GitHub Action used by thousands of projects gets compromised and starts exfiltrating CI/CD credentials. And somewhere in a public GitHub spreadsheet, CISA contractor credentials — including #AWS GovCloud keys — sat waiting to be found.

These aren't four separate incidents. They're one incident with four manifestations. The supply chain isn't a vector anymore; it's the terrain. Developer tooling, CI/CD pipelines, third-party actions, tokens issued and forgotten — all of it is now actively mapped and exploited with a persistence that makes the traditional "patch and move on" response look quaint. The Verizon DBIR dropped this week noting that third-party compromise is surging. The week's news was already illustrating the point before the report landed.

→ Week #21/2026 also covers: fast16 predated #Stuxnet and corrupted nuclear simulations quietly, #Pwn2Own Berlin paid $1.3M for 47 bugs, and #Bluesky got hijacked for Russian propaganda.

Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-21-2026-the-supply-chain-didn-t-break-it-was-walked

If you find it useful, subscribe to get it in your inbox every weekend 📨 #infosecMASHUP #cybersecurity #infosec #threatintel #AI

🕵🏻‍♂️ [InfoSec MASHUP] 21/2026 - The Supply Chain Didn't Break. It Was Walked.

Plus: fast16 predated Stuxnet and corrupted nuclear simulations quietly, Pwn2Own Berlin paid $1.3M for 47 bugs, and Bluesky got hijacked for Russian propaganda

X’s InfoSec Newsletter

secana May 25

Lobsters May 25

Nix's Substituter List Is Not a Routing Table

https://notashelf.dev/posts/nix-cache-proxy

#Nix #Tech #Programming

Nix's Substituter List Is Not a Routing Table | Blog

Optimizing Nix's Binary Cache Model

NotAShelf

secana May 10

I created a script to consolidate all downloads of my #oss across various package repositories. I hit over 55 million downloads for my packages. It’s incredible to consider that I began with zero downloads somewhere in the past.

secana May 10

I need a new #macos build server. Thought I would just buy a Mac mini, but AI made these things more expensive than I'm willing to invest. As an #oss dev that pays everything out of my own pocket, software development gets more expensive every day. Paying hundreds or even thousands of euros per year to provide other folks with free software is not maintainable. Domains, hosting, infra... No even talking about the thousands of ours of free work.

kellnr	https://kellnr.io
github	https://github.com/secana
codeberg	https://codeberg.org/secana
linkedin	https://www.linkedin.com/in/stefan-hausotte-aa7906ba/