Lar Van Der Jagt

@[email protected]
48 Followers
458 Following
297 Posts
Lar Van Der JagtOct 16
Ana HevesiOct 15

A lot of why working in tech feels the way it does is because our industry runs on insufficient evidence.

We've got an honest-to-goodness scientist out here working to help us make use of our lived experience.

Throw down for a paid subscription, if you can.
https://www.fightforthehuman.com/
https://mastodon.social/@grimalkina/115380195615296782

Fight for the Human

A compass for rehumanizing tech

Fight for the Human
Lar Van Der JagtOct 6, 2025
Marc Kalmes Oct 3, 2025

> Mistakes in information technology will repeat themselves without an environment that enables change for the better.

@bkastl at #osco25

So. True. đź‘Ź

Lar Van Der JagtOct 6, 2025
André ArkoOct 6, 2025
announcing a new community-focused gem server from the team previously behind rubygems: https://gem.coop. join us and start using it today!
gem.coop

We’re excited to introduce gem.coop – a new server for gems in the Ruby ecosystem. We aim for fast, simple hosting, that is compatible with Bundler but optimized for the next generation. It’s built for the community by the former maintainers and operators of RubyGems.org.

gem.coop
Lar Van Der JagtOct 4, 2025
dorianOct 4, 2025

mkay folks, newsletter is away; something i have been thinking about how to articulate for a while, and current events have given me the opportunity:

https://buttondown.com/dorian/archive/supply-chain-risks-in-late-2025/

Supply Chain Risks in Late 2025

What do you do when a piece of your stack goes bad?

The Making of Making Sense
Lar Van Der JagtSep 27, 2025
Jared NormanSep 26, 2025
There's a lot to be excited about in the world of Ruby, even if the three-letter guy has some truly shit opinions and won't stop sharing them. Let's show some love to the folks that are making this community better and get behind those efforts. https://skillissue.jardo.dev/archive/fragmented/
Fragmented

I already said this elsewhere, but writing this week's Skill Issue is exceptionally difficult. I have some very particular feelings about what's happening...

Skill Issue
Lar Van Der JagtSep 26, 2025
Zeph!Sep 26, 2025

The majority of NPM attacks utilise post-install scripts to run arbitrary code when the infected package is installed. In response to the Shai-Hulud worm I disabled post-install scripts using this yarn config line: enableScripts: false. I also added an allowlist in the package.json dependenciesMeta section.

It's been a week and across a team of about 20 people we've had no issues with dependencies, so I recommend everyone take this measure to only allow postinstall script selectively.

It adds a little friction but controls a huge amount of supply chain risk.

Lar Van Der JagtSep 25, 2025
André ArkoSep 25, 2025
Bundler belongs to the Ruby community andre.arko.net/2025/09/25/b...

Bundler belongs to the Ruby co...
Bundler belongs to the Ruby community

I’ve spent 15 years of my life working on Bundler. When I introduce myself, people say “oh, the Bundler guy?”, and I am forced to agree. I didn’t come up with the original idea for Bundler (that was Yehuda). I also didn’t work on the first six months worth of prototypes. That was all Carl and Yehuda together, back when “Carlhuda” was a super-prolific author of Ruby libraries, including most of the work to modularize Rails for version 3.

André.Arko.net
Lar Van Der JagtSep 23, 2025
packagistSep 23, 2025

Together with PyPI, Maven Central, crates.io and other major package registries we signed a statement on sustainable open source infrastructure.

3B+ installs/month and evolving #composerphp and packagist.org requires sharing the costs.

Our Blog: https://blog.packagist.com/a-call-for-sustainable-open-source-infrastructure/
Open Letter: https://openssf.org/blog/2025/09/23/open-infrastructure-is-not-free-a-joint-statement-on-sustainable-stewardship/

#phpc #php #supplychainsecurity #opensourcesustainability

A Call for Sustainable Open Source Infrastructure

Today, we joined other major package registries in signing an important joint statement on sustainable stewardship of open source infrastructure. Together with Maven Central, PyPI, crates.io, Open VSX, OpenJS Foundation, OpenSSF and Alpha-Omega, we're addressing a critical challenge: the growing gap between infrastructure usage and support. The Reality We

Private Packagist
Lar Van Der JagtSep 22, 2025
Elizabeth AyerSep 14, 2025

Talking to friends in software orgs recently, I've been struck by commonalities across countries and sectors:

Executives are driving "efficiency," by which they mean maximizing time spent on direct value-creation activities.

BUT there's a tacit, industry-wide assumption that writing code is the only value-creating activity and that all coding generates value.

It's like everyone has prioritized instantaneous boat speed and abandoned navigation and maintenance.

Such a reckoning coming...

Lar Van Der JagtMay 30, 2025
Show threadcateMay 29, 2025
Cat's law! @grimalkina is not pulling punches.