Christoph

@TheGingerBill @karpathy I use bnd / bndtools in java world which has "dependencies are evil" on its website and aligns well with your critique. bnd was always criticised for being too pedantic and rejection of transitive dependencies, so I'm glad someone else sees it too. bnd.bndtools.org/chapters/250-r…

@karpathy > Classical software engineering would have you believe that dependencies are good... I question this a lot, and I don't even think it's "classic" views, but only contemporary. gingerbill.org/article/2025/0…

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

If your products rely on Eclipse Platform technologies, this matters. 🧭 Eclipse Platform (aka #RCP) components remain widely deployed, but the model sustaining them is under pressure. 👇 Read the full article to understand the risk and what to do 👇 blogs.eclipse.org/post/thomas-fr…

bnd / bndtools 7.2.0 and soon afterwards 7.2.1 has been released 🎉 - github.com/bndtools/bnd/r… - github.com/bndtools/bnd/r… #osgi #java #eclipseide

Bnd / bndtools 7.2.0-RC3 release candidate is close to release soon. If you want to give it another test run go to github.com/bndtools/bnd/i… #osgi #java

The wait is over! 🎉 Get the 2025-06 #EclipseIDE release today, packed with new features: hubs.la/Q03rHwWY0 #opensource #developertools

@dhh The "don't ship when you reached the peak of complexity" talk by Brian Goetz comes to mind: youtu.be/Yiye8lqh0Ig?si…

AI is awesome, but do you know what else is awesome? Not releasing AI-powered features until you've actually built something that's way better than what it was without. Not every feature you build or explore has to ship! (Apple used to know this).

Building bnd / bndtools workspaces with pomless Maven via Eclipse Tycho #osgi #java bndtools.org/2025/02/05/bnd…

@skarsentodd @ruffoloj See many parallels to here in Germany

@ruffoloj 9,611 Businesses folded into Bankruptcy from Oct 2022 - Oct 2024. Fastest rate in over a decade.

Where have all the entrepreneurs in Canada gone? Canada’s prosperity rests on its ability to grow the economic pie for everyone. At the core r entrepreneurs. They r the mavericks & visionaries who choose to build businesses here.Our future national prosperity hangs in the balance

Nice to see the videos of #OSGi Summit 2024 at live. Here one about the new Feature Launcher 🎉 youtube.com/watch?v=fukpqK… #java #OCX24 "The OSGi Feature Launcher provides a simple way to launch an OSGi framework containing the bundles and configurations of a Feature."

🌟 Meet Jürgen Albert, an #opensource enthusiast and a key contributor at the #EclipseFdn since 2015! From OSGi to Eclipse Daanse, his expertise shapes innovation. Explore his journey: hubs.la/Q02ZZ7_80

bnd / bndtools 7.1.0 is released a few days ago 🚀 bndtools.org/2024/11/25/bnd… #bndtools #osgi #java

Bndtools Release Candidate 7.1.0.RC1 is there. It contains lots of improvements and new features which make developing and debugging OSGi bundles easier. Feedback appreciated. bndtools.org/2024/11/14/bnd… #osgi #java

🌟 The OSGi Summit gathered experts to explore the latest in OSGi technology at #OCX24, from OSGi.fx, and the COGNIFOG project, to applications in vehicles and Smart Cities. It provided valuable insights for modular software development. Read more: hubs.la/Q02WN4z40

Want to learn about how to unlock the power of OSGi? Christoph Rüger will be speaking about the latest innovations in Bndtools at the OSGi Summit, taking place in Mainz at #OCX24 on 22 October. #opensource Register today for @ocxconference: hubs.la/Q02MS5Qv0

My talk "Unlocking the Power of OSGi: The Latest Innovations in #Bndtools" will take place on Oct 22 in Mainz at #ocx2024 looking forward seeing people in person 😃 #osgi #java ocxconf.org/event/778b82cc…

🗓️ Don't miss the OSGi Summit taking place in Mainz at #OCX24 on 22 October. Dive into the latest OSGi updates and connect with fellow devs at this premier event #opensource @EclipseFdn @ocxconference Register now! hubs.la/Q02GHx2_0

@vkrajacic Just don't use adjectives in an absolute sense to describe code. Almost always ambiguous... Put it in comparison to something and give a reason. "I find this code is xxxx than this code, because of yyyyy". Example: I find this code is faster than this code because...".

I wholeheartedly disagree with the main take of this article: tobeva.com/articles/clean The author uses the same vague language as Uncle Bob when trying to define what "clean" means. Why can't we just aim for simple and fast? Even in the small school example that Casey used, the OOP version is not just slower, it's less readable. If you found that simple class hierarchy more readable, then I'm sorry to tell you, you've been brainwashed by academia (join the club). When the topic is speed vs readability, people always talk about tradeoffs, as if you can't achieve both. Just write the simplest possible code, and it will run fast and be easy to read. OOP and arbitrary "clean" advices telling you how long functions should be will provide you with neither.

Interesting discussion about #osgi "OSGi inside - why we love it and why you don’t really need to care" experienceleague.adobe.com/de/docs/events…

Submissions are open for the OSGi Summit at OCX 2024! Share your knowledge and experiences with the OSGi community ocxconf.org/event/778b82cc… #OSGi #OCX24 @EclipseFdn @EclipseCon

Pretty cool stuff