This Week in OSS #3 (TwOSS)

A weekly roundup of what's going on in the Open Source Community. You can subscribe and get this post in your inbox every week here.


How does GitHub help sustain OSS development? Some of the problems the team has identified: communication, analytics, and governance. Help them by filling out the survey at the end of the post. I think "analytics" is the most important: How do you collect important data from open-source software in a responsible way? Link

The entire editorial board of an Elsevier-owned journal resigned and are starting a fully open-access journal. They are starting a competing journal with financial support from MIT Libraries. While not open-source software, I think there are many parallels between the dynamics of open-access journals and open-source software. Link


"There is a highly effective technique for discovering vulnerabilities. It beats everything else by a long shot, and can be used only by the bad guys who want to break stuff, not the good guys who fix it. It’s… searching the bug tracker." A post about vulnerabilities in the Rust Standard Library. Link

Stratechery's take on AWS, MongoDB, and the Economic Realities of OSS. As Ben correctly points out, Azure did this with CosmosDB years ago without any fanfare. An interesting analogy to the music industry and a discussion of Open Source licenses follows. Link

More than you really wanted to know about Unix patch utility. Link

How to Write an OS in Rust: Blog posts and tutorials on writing an OS from scratch in Rust. GitHub repository included. Link

Why does APT not use HTTPS? Lots of excuses but I think it boils down to a few things: APT is quite old, reducing the burden on downstream hosts to serve over HTTPS. There's no doubt that if it were built today, it would use HTTPS. Link


Apple open-sources FoundationDB Record Layer. FoundationDB reportedly stores almost all iMessages and Contacts. Link

Rust 1.32 explicitly make "print debugging" much easier. Every programmer does it. Link

ScyllaDB 3.0. To download the binary, you have to go through email registration. 🤔Again, metrics in OSS will be an important topic soon, if not already. Link

Elixer v1.8 Link


There was a 35-year-old vulnerability found in the scp client. Link

You can view last week's news in OSS here. You can find all TwOSS newsletters here.