SShortSingh.
Back to feed

Software Engineer Sets Goal to Make First Open Source Contribution This Month

0
·2 views

A software engineer with years of web development experience has publicly committed to submitting their first open source pull request before the end of the month. Despite being comfortable writing code professionally, the developer describes open source contribution as feeling like an unfamiliar world with its own etiquette and unwritten rules. Their planned approach includes finding a project they already use, studying its issues and commit history, and starting with beginner-friendly tasks such as documentation improvements. The engineer acknowledges that a first contribution does not need to be significant, emphasizing that learning from the review process matters more than perfection. They have invited experienced open source contributors to share advice and plan to report back on the outcome regardless of success or failure.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Log in to join the discussion and vote.

Log in

Related stories

0
ProgrammingDEV Community ·

Mistral AI Launches Robostral Navigate, Its First Robot Navigation Model

Mistral AI has introduced Robostral Navigate, an 8-billion-parameter model built for autonomous robot navigation in real-world indoor environments. The model operates using only a single standard RGB camera and natural-language instructions, eliminating the need for expensive sensors like LiDAR or depth cameras. Trained entirely in simulation on roughly 400,000 navigation trajectories, it achieved a 76.6% success rate on the R2R-CE benchmark, outperforming other single-camera approaches. The hardware-agnostic model supports wheeled, legged, and flying robots, potentially lowering the cost barrier for deploying autonomous systems. Mistral has not announced pricing or a commercial release date, but is actively expanding its robotics team, signaling a long-term commitment to physical AI.

0
ProgrammingDEV Community ·

AsyncAPI npm Packages Poisoned in CI/CD Supply Chain Attack Delivering Miasma RAT

On July 14, 2026, security researchers discovered a supply chain attack targeting the AsyncAPI open-source project, in which four widely used npm packages were compromised. Attackers gained unauthorized write access to official AsyncAPI GitHub repositories and pushed malicious commits to a development branch, hijacking the project's automated CI/CD pipeline to publish poisoned package versions. Because the build process was exploited rather than npm credentials stolen, the malicious packages carried valid provenance attestations, making them appear legitimate. The embedded malware acted as a dropper that executed when the library was loaded by an application, ultimately installing Miasma RAT — a cross-platform Remote Access Trojan capable of data exfiltration, persistence, and lateral movement. The incident underscores a critical blind spot in software supply chain security: publisher identity verification alone cannot guarantee the integrity of code if the underlying build infrastructure is compromised.

0
ProgrammingDEV Community ·

OpenRegistry Offers Live SSM KYB Checks to Cut Stale Data Lag in Onboarding

OpenRegistry has launched a direct connection to Malaysia's SSM e-Info company register via MCP, enabling real-time Know Your Business checks without relying on third-party data aggregators. The tool addresses a recurring compliance problem where commercial databases carry outdated company details — such as old registered addresses — weeks after the official register has already been updated. The integration returns raw SSM data fields including company status, officer records, and filing history without reformatting, which helps audit teams cite original register language in evidence packs. However, the service covers only register data and does not include sanctions screening, PEP information, or beneficial ownership analysis, which must be sourced separately. The developers also note that document availability can be inconsistent and that Malaysia does not provide unrestricted public UBO access, reflecting a broader global narrowing of such disclosures following rulings like CJEU C-601/20.

0
ProgrammingDEV Community ·

Developer fixes silent Gemini TTS batch hang by adding per-request timeouts

A developer building a text-to-speech batch pipeline using Google's Gemini TTS discovered that stalled network connections never threw errors, causing the entire job to freeze indefinitely without triggering any retry logic. Because the socket remained open without failing, the exponential backoff mechanism was never activated, leaving the process alive but doing no work. The root cause was that awaited network calls had no upper time limit, meaning a hung connection could hold the pipeline hostage forever. The fix was a single architectural change: wrapping every network call in a race against a 180-second timeout, so a stall is converted into a catchable error that triggers normal retry-and-backoff recovery. After the change, previously indefinite freezes resolved automatically, and the batch pipeline became self-healing without manual intervention.