Andrew Nesbitt

Check out a recent episode of the @sustainoss.bsky.social podcast with @richlitt.bsky.social , featuring Ben and @andrewnez.bsky.social , as they discuss ecosyste.ms, a project using open source metadata to help guide funding across entire ecosystems.

Listen here: podcast.sustainoss.org/270

We should fund the software we use, not just the software we see | Open Source Pledge Ben Nickolls and Andrew Nesbitt tell us about Ecosystem Funds, their one-stop-shop for funding open source dependencies

We asked @andrewnez.bsky.social and Benjamin Nickolls to tell us about Ecosystem Funds, their one-stop shop for helping orgs fund the Open Source software they actually depend on.

Ecosyste.ms with Andrew Nesbitt I recently chatted with Andrew Nesbitt about his project, Ecosyste.ms. Ecosyste.ms catalogs open source projects by tracking packages, dependencies, repositories, and more. With this dataset Andrew is...

This week #OpenSourceSecurity chats with @andrewnez.bsky.social about Ecosyste.ms

Ecosyste.ms is a massive collection of data about open source

It's an amazingly useful collection of data. If you're doing anything that needs information about open source you should check it out

10 Simple Rules for making your code last beyond your current job 10 Simple Rules for making your code last beyond your current job This is a draft: the goal is a preprint on ORCID, and then to submit a version of this to PLoS. All suggestions or comments are welcom...

I've been working on a guide: "10 Simple Rules for making your code last beyond your current job"

1. Get sign off
2. Put it somewhere
3. License it
4. Document it
5. Make it citable
…

What am I missing? What would you add?

docs.google.com/document/d/1...

#academia #research #code

Ecosystem Funds is Generally Available Today Open Source Collective and ecosyste.ms are launching Funds supporting 291 Open Source Ecosystems. Unsurprisingly, we call them Ecosystem Funds.

So far, we’ve distributed 375 payments to 136 projects – over 80% of the funds already in the hands of maintainers. We’re aiming to distribute the rest this month, and we’d love for you to be part of it. Learn more and get involved: blog.ecosyste.ms/2025/04/04/e...

Ecosystem Funds is Generally Available Today Open Source Collective and ecosyste.ms are launching Funds supporting 291 Open Source Ecosystems. Unsurprisingly, we call them Ecosystem Funds.

You sponsor, and we take care of the rest, distributing funds to the right maintainers automatically, transparently, and equitably.

We’re excited to announce Ecosystem Funds (funds.ecosyste.ms ), a partnership between Open Source Collective and ecosyste.ms, now open to the public. This initiative is transforming how we fund the dependencies we all rely on by making it easy to support the open source tech you depend on. 🧵

Ecosystem Funds is Generally Available **Today Open Source Collective and ecosyste.ms are launching Funds supporting 291 Open Source Ecosystems. Unsurprisingly, we call them Ecosystem Funds.** A few, short weeks before the holidays we announced Ecosystem Funds; a collaboration between Open Source Collective and ecosyste.ms that makes it easier to support your critical software dependencies. ### What are Ecosystem Funds? Using billions of data points from ecosyste.ms we’ve packaged millions of the most critical open source components into a few hundred Funds centred on a language, framework, or package, turning a process that can take months into a five minute conversation with your CTO. ### What have we been up to? We launched with a $67,500 commitment from Sentry to the Rust, Python, Django and Javascript Ecosystems. We’ve since distributed over 80% of the funds in 375 individual payments to 136 projects. We’ve sent money to projects on GitHub Sponsors, Patreon, BuyMeACoffee, Ko-fi, and of course Open Collective. We contacted hundreds maintainers, asking them to update their ‘funding.yml’ so anyone could support them, for those who didn’t we paid maintainers directly, again through Open Collective. We’re hoping to distribute the remaining funds this month which is why we’re launching Ecosystem Funds to the general public today. ### How does it work? Once again for those in the back: Sponsor the technology you depend upon, we’ll do the rest. Find an ecosystem using our search and donate a single or recurring sponsorship. We handle everything else. We’ll direct your money (minus a 10% management fee) to maintainers, using the tools they have chosen to manage their finances. We allocate 100% of the donations in every fund with a balance of $1,000 or more, on a monthly basis. Every donation and payment is traceable through both Ecosystem Funds and Open Collective. Donations can be made directly through funds.ecosyste.ms or, if you have an account, on Open Collective. Companies who wish to make a large donation, or start a Fund of their own, can request an Invoice from Open Source Collective — who are already an approved vendor to most large open-source-supporting organisations. ### What’s next? While we’re launching with nearly three hundred Funds we’re certain that we’ll have missed more than a few ecosystems around your favourite framework, tool, or package, and we’re happy to add them. Just get in touch and we’ll do some data wrangling to add it — note that we’re not going to include a Fund for just the projects you work on, that’s what GitHub Sponsors is for. We’re also hugely aware of the limitations of our approach. We’re missing all the standards bodies, documentation projects, and foundations who support open source outside of the dependency graph. We’re also missing domain-specific Funds, there’s no climate, marine, aviation, or space-exploration based Funds to support. To address this we’ll be building ways for communities (and corporations) to package their own Ecosystem Fund, and support it. ### … Just one more thing While building a service to support thousands of the most critical software components might be enough for some, it’s not for us. Over the coming months we’ll be building a tool to track all your open source ‘investments’, to better understand the impact your money is having on the projects you depend on most.

Ecosystem Funds is Generally Available https://blog.ecosyste.ms/2025/04/04/ecosystem-funds-ga.html

👀

do you still need one?

Distributed CI and Git with Lars Wirzenius I got to chat with Lars about a new CI/CD system he’s been working on called Ambient. It sounds really cool and does some very clever things today, with even more things planned in the future. We also...

I spoke with Lars Wirzenius on #OpenSourceSecurity about two really cool projects he's working on

Ambient is a distributed CI/CD system written in Rust

Radicle is a distributed Git Forge

It's a really fun chat and I learned a lot

opensourcesecurity.io/2025/2025-03...

What if it was this easy to stay up to date with all the developer communities you care about?

screenshot of a diagram showing the number of new "keys" (basically apis or components of apis) added to the web per year from 1996 thru 2025, showing a generally upward trend, and with a pointer to 2017 being a banner year for new apis added.

visualizing the surface-area growth rate of the web platform

based on Browser Compat Data (BCD) data set from @openwebdocs.org.

not be 100% correct yet, but the gist is right.

need to clean it up then will post the source generator + data.

Ruby Central's OSS Changelog: February 2025 Hello! Welcome to the February newsletter—now known as Ruby Central’s OSS Changelog. As mentioned in our previous newsletter, we will now be sending out separate updates for the Open Source Program…

Read the latest issue of Ruby Central's OSS Changelog! 🛠️

In the OSS Changelog, we're highlighting updates from our Open Source Program, RubyGems, Bundler, and more... https://buff.ly/3Qnu4oS

To me a CLA on an open source project is a very big red flag as a user or contributor

“AGPL is bad for business” yeah that’s kinda the idea

AGPL is definitely anti-corporate, that’s why I use it to stop companies free riding on my projects, they are very welcome to use my projects if they play by the same rules but they don’t want to play by the same rules, they want to add their own moats

Patching EOL Open Source with Aaron Frost When I started Open Source Security HeroDevs reached out and asked if I wanted to have a chat. I was pretty interested in this discussion because the work HeroDevs does today is very similar to the wo...

This episode #OpenSourceSecurity spoke with Aaron Frost from @hero.dev about patching EOL #OpenSource (nobody is going to do this for free)

This one has a special place in my heart as I did this at Red Hat long ago. It was a fun chat

opensourcesecurity.io/2025/2025-02...

YouTube video by OpenUK Evolving Corporate Reciprocity : Chad Whitacre, Head of Open Source, Sentry

And here's my talk at State of Open looking at Open Source as a gift economy.

www.youtube.com/watch?v=TE8u...

Why do we keep ignoring CI security with François Proulx When I started Open Source Security I knew one of those topics that could use more attention was the security of CI/CD systems. All the talk about securing the supply chain seems to almost exclusively...

This episode of #OpenSourceSecurity we talk to François Proulx about CI/CD security. Even though many successful supply chain attacks have originated in CI, we keep obsessing over dev and release. Why do we keep ignoring the middle? (TL;DR it's hard)

opensourcesecurity.io/2025/2025-02...

I’d like to subscribe to your newsletter!

Looking forward to catching up with you at FOSDEM

CVEs for End of Life? Very recently the Node.js project filed a few CVE IDs for end of life products. For vulnerability nerds this is exciting because historically EOL things didn’t get CVE IDs just for being EOL. And as o...

The Node.js project just issued CVE IDs for 3 EOL versions

Is this a good idea or a bad idea? It depends who you ask

It's a weird discussion to follow, so I broke it down in a way that should offend all the involved parties

opensourcesecurity.io/2025/01-cve-...

I’m available for hire.

I’m an experienced Ruby, TypeScript and CSS engineer looking for a new full-time position.

I can help you with performance, concurrency, testing, architecture and API design problems on tooling or product teams.

I’d really appreciate any personal introductions. DMs open. 🙏

Based on your list, I think you’ll really like it

I can’t see Animal Well on that list

www.ruby-lang.org/en/news/2024...

Gold Banner on Red Background: Stop Forcing A.I. into Fucking EVERYTHING! Nobody Asked For It; Everyone Hates It

Stop Forcing A.I. into Fucking EVERYTHING!

GitHub - carbonplan/cmip6-downscaling: Climate downscaling using CMIP6 data Climate downscaling using CMIP6 data. Contribute to carbonplan/cmip6-downscaling development by creating an account on GitHub.

Our very first donation via OpenClimate.fund goes to @carbonplan.org for the creation of github.com/carbonplan/c.... Do you know of another #opensource project relevant to #climate, #sustainability or #biodiversity? Add it to OpenSustain.tech and we will donate another 100€ to every listed project!