Hello from Hanoi!

I’m here this week for the FOSSASIA Summit 2024. It is one of my favorite conferences of the year, and I have a lot of fun. Over the weekend, I caught up with my friends over some small sightseeing and big bowls of pho.

Coincidentally, I learned the other day that Vietnam and other Southeast and East Asian countries have a very non-confrontational work culture and, to compensate, have a very vibrant after-work drinking culture. I guess the alcohol makes it easy to have those tough conversations!

Anyway, the conference is hosting a hangout at a local watering hole, and you know I’m all about embracing different cultures!

What’s Happening?

Last time, we discussed Redis switching its license and anticipated a new fork.

Well, the fork is here and backed by the Linux Foundation. I had the opportunity to briefly talk to someone involved in the fork from AWS, but I have to talk more to understand its cause and implications.

But the most important news in open source is the social engineering attack on XZ Utils which was quickly exposed by a Microsoft engineer.

The gist of it is that the sole maintainer of XZ Utils, a widely used compression tool, was guilted into handing over the project’s maintenance to someone who turned out to have malicious intent, resulting in the latter attempting to introduce a backdoor into the project.

There are other articles that dive more into the technical specifics of the attack, but primarily, it was a social engineering attack that went back more than three years.

This isn’t a one-off incident. It was just an incident that was uncovered and hints at a wider problem of open source sustainability.

Funding open source maintainers and projects is the solution. There shouldn’t be any question about it. However, looking at the discourse on Twitter following the incident, we have reasons to believe that this might not be so obvious to everyone.

I might have missed a few links this week with all the travels but I assure what I have for you is top notch:

Hot off the Press

I wrote two new articles this week.

The first is about Pingora, a Rust library for building network interfaces. Cloudflare originally built it to replace Nginx, but there are other Nginx alternatives that might be better suited for many, if not most, users.

Read here: “Pingora is not an Nginx Replacement

I also wrote a mini essay on AI regulation, focusing on the upcoming elections worldwide and the unquestioned impact AI will have on them. Also, mini essays are a thing now.

Read here: “An Even Playing Field