27 entries for March 2026

How n8n Handles Vulnerability Disclosure - and Why We Do It This Way

[Closed-source security updates are hidden from attackers, which means the time they need to reverse-engineer a patch is a window for users to safely apply the update. Open-sources security patches are immediately visible and become a roadmap for attackers to target those who haven't updated yet.]

[We currently publish patches and advisories on the same day to minimize the exploitable window. We also develop fixes in private and merge into public only when it's announced.]

BidWix

BidWix is not a marketplace. It does not handle payments. It does not write contracts. It does not take a cut. It does one thing only: it helps two people land on a price, quickly, without stress, and with a result that feels balanced.

Instead of negotiating out loud, both parties enter a private limit price, once.

[Buyers enter their maximum offer, sellers enter their minimum ask. The numbers stay secret. There is no 'counter offer' or back-and-forth: it's one shot.]

[If a freelancer wouldn't accept less than 100 for a small task and a client could stretch to 900 if they had to, BidWix would suggest the geometric mean of 300, which is three times higher than the freelancer’s minimum, and three times lower than the client’s maximum. Both sides win by the same factor.]

Beyond Horseless Carriages: Building Communities for the Decentralized Era

[Fediverse: communities of 50–100 people, "a slightly bigger group chat". Bluesky: planet-scale network. What could go in between? Blacksky is 'Reddit-sized' or like a large forum at around 100–200k people.]

[Moderation can also be a form of "community care" that people actually enjoy and appreciate, rather than just a task to be done.]

[Contradictory when almost nobody in the community does moderation or understands the primitives, yet most seem to think it's decentralized. If the main provider goes away tomorrow, will you know how to keep the infrastructure running?]

[People are busy and have kids: they don't need to know what a PDS is.]

[Build what helps people find joy and feel good about themselves.You can't scare them into using decentralized tech "for their own good".]

Sustainable Open Source

newcomer’s contributions aren’t as complete or far-reaching than those of experienced contributors, so it is doubly important for you care about the people and their enthusiasm about your project more than that typo-fix they put on the website. We’ve turned someone who fixed a single typo on the website to a steady contributor and well respected community member that now helps out all over the project

How I Learned to Stop Caring and Love Open Source

For early stage projects, care is the only thing you can give them. But once you’ve shipped version 1.0.0 or even 2.0.0, once you wrote all the documentation, once people start using the project in production with success, once you’ve talked the 100th person through getting started on IRC or Slack, your priorities have to change.

iCloud's unpredictable sync means the engine is "trust Apple magic somehow"

"non-technical users" → "jargon-free people"