I'm available for consulting from June. Dev work, DevRel, Dev Education, Content Creation, and helping teams make sensible decisions about automation without betraying their users. 17 years exp, Vienna-based, remote across Europe and beyond. Boosts massively appreciated 💜

Quick mitigation: docs.hpc.ut.ee/public/cve-2...

This. The whole point of engineering is to make everyone's life better, not 0.001% of lives better. We need universal basic income funded by taxation.

Been experimenting with did-method-webvh in the atproto-identity crate, and it's got me thinking: we urgently need to extend did-method-plc to support multiple registries. This is critical infrastructure and is long overdue. 🧵

We really really really need a better auth model here. Most apps request this kind of access. Even with the best of intentions, it is scary. How about @ucan.xyz instead (or as well) ?

An IEEE conference has published a plagiarised version of a paper I wrote with @seph.bsky.social. I already reported it to the conference chairs and the IEEE Ethics Reporting Line 3 months ago, and nothing happened. Original: arxiv.org/abs/2409.14252 Plagiarised: ieeexplore.ieee.org/document/113...

re: atproto oauth we should be able to review active permission grants and revoke them. i feel like that's a pretty sane feature and obviously the UI is there but...

Working on zkal, I realised I was tackling a general problem: returning to the benefits of open data for communities, but with modern privacy protection for the individual. Came up with a pattern that might be useful (or flawed!) blog.voboda.com/proof-projec...

This

the weird thing about companies and open source is that it's incredibly easy to make a fucking huge impact and almost no companies do so many companies could just bankroll the IBB as a write off, and yet... we've lost it. there's so many easy wins and instead you're worried about AI SEO instead 🙄

In 2026, manually ssh’ing to a production server and changing its configuration is a clear anti-pattern. Let’s do the same for software changes. Humans don’t change software. Only their agents do. Sounds irresponsible until you examine the ramifications of that constraint.

Links and notes for my talk at #AtmosphereConf about did:plc, how it could break, how we might be able to recover if it did and so forth edochan.com/talks/did/ 5pm today (Sunday), room 2301 Will also mention did:cow if I have time cow.watch

The story isn't over yet.

blog.voboda.com/the-third-fl... A kinda hacker love story for Berlin.

there are still good things in the world

Is it bad form to quote a post you also replied to? 😅

Statisticians, assemble! Does this refer to the mean, median, or mode?

The Jetsons lied to us

Given today's LiteLLM supply chain attack, what are people's preferred development environment sandboxes on MacOS these days? I think it's time I started running my development environments somewhere where rogue code can't steal all my ~/... credential files

I did: a thing! I'm learning more about ATproto, so I prompted a sort of explainer tool into existence: mirceanis.xyz/atproto-trus... It's supposed to walk you through the process of verifying the origin of a post.

Anyone have examples of bsky profiles using `did:web`?

did:cow: Another idea to billionaire-proof ATProto IDs, also "art of using a blockchain without using a blockchain". Blockchain-managed wrapper ID, no tx to create, points to a did:plc/did:web but you can move it if something goes wrong. Got carried away and made a resolver and front-end cow.watch

iroh 🤝 MoQ (media over QUIC) It's really cool when APIs click together like Lego bricks.

“In Open Source, what looks like fairness often is not. Free for everyone sounds equitable, but the cost does not disappear. It is absorbed by those who can least afford it, while the organizations that benefit most often pay the least.”

I made a tool that turns PCB designs into 3D-printable molds. you sandwich copper tape between the parts, sand the ridges, and you have a real working PCB. no etching, no chemicals. I am losing my mind castpixel.itch.io/pcb-forge

Open source is fun The HackMD Sync @obsidian.md plugin was buggy, so I reached out to the author who gave me push access, and I just cut a release with bug fixes and new features. I now use it daily to publish Obsidian notes for collaboration and feedback. obsidian.md/plugins?id=h...

More of this, please!

We’ve got a save the date announcement today for this year’s Local-First Conf @localfirstconf.com - July 11th to 14th in Berlin. We’re supporting the conference & leaning into some “Day 3” content with some malleable software and other topics. Add your email to be notified!

I'm getting ready to graduate to v7.0.0 Let me know if I should change something else that's been bugging you before I do. github.com/decentralize...

This is the way!

If you’ve felt safer sending a message because you sent it on Signal, please support our work. As a nonprofit, Signal exists because of your donations. In the app: Settings > Donate On the web: Signal.org/donate

PSA: Our roadmap for 2026:

Time to say goodbye 😢. Unfortunately I have been the latest victim of layoffs. I have taken some time to process and It has been really hard. This wasn’t just a job. This was my dream. Thanks Microsoft, @playwright.dev, and everyone I have worked with 💔 debbie.codes/blog/laid-of...

postmortem on Shai-Hulud mandates you go read this and internalize as many of the best practices as you can:

Was debugging a nasty ESM issue and ended up optimizing unjs/🖼️IPX from 99 dependencies down to 6 (26 MB → 2 MB). Available in the v4 nightly builds with the same features as before!

Solution… COMPANIES NEED TO STOP TAKING ADVANTAGE OF THE SITUATION AND START SUPPORT OPEN SOURCE SOFTWARE WITH RESOURCES OR RISK GETTING SHAI HULUDED UP THEIR ***

👇

What do we leave unexplored when we box-in cryptographic primitives to their initial use case? voboda.bearblog.dev/playing-with...

Stay vigilant Europe www.patrick-breyer.de/en/chat-cont...

So sad to see what happens to Android recently - let's try to push back! keepandroidopen.org

I did not expect that: Large Language Models are invertible: arxiv.org/abs/2510.15511

📣 Looking for some part-time work if anyone needs help with anything web, distributed tech, cryptography, etc. Currently doing some protocol work for totemgrid.io, but while we wait for funding, I could really use some money. AT Work profile: atwork.place/u/tokono.ma Website: tokono.ma

Thymol tastes and smells like thyme (hence the name). Most people, even if not very interested in gastronomy, can distinguish quite a few herbs and spices by their smell and taste. This could lead to a chewing gum that would diagnose any ENT infection.

FDroid raises the case against the Google developer forced registration once again. For those who don't know: Google will begin to restrict the sideloading of apps from unverified developers on Android devices starting in 2026 f-droid.org/2025/09/29/g...

The EU Parliament has published a new proposal for Chat Control to mass-surveil all digital communication in Europe. The proposal is ineffective, weakens secure communication, and violates basic human privacy. This must be stopped immediately. #ChatControl csa-scientist-open-letter.org/Sep2025

Over 500 cryptographers warn the EU draft “Chat Control” could weaken end‑to‑end encryption. The EU council votes on the Danish text on Sep 12, 2025. https://getnews.me/eu-chat-control-criticized-by-500-cryptographers-over-privacy-risks/ #euchatcontrol #privacy #cryptography

👍🏻👍🏻👍🏻👍🏻

This. Money is, and has always been, trickle up. That means that the only thing that makes sense is to put it in at the bottom. We need a universal basic income. Everywhere it's been tried it worked.