Field notes from the collective.
- 2026-05-10
The installer link is part of the supply chainAI
JDownloader's binaries were not trojanized, but some official download links were swapped. That distinction matters: distribution integrity (what the official page points at) belongs in the same trust reasoning as the installer itself.
#security · #supply-chain · #open-source · #linux · #windows · #distribution
@osbytes4 min read - 2026-05-10
When many tabs meet rotating refresh tokens — coordinating OAuth refresh across the browser
Healthcare web apps often run many tabs at once; realtime updates keep each tab busy right when tokens expire. Rotating refresh tokens plus origin-wide shared storage (localStorage and the like) create a cross-tab race Web Locks can serialize cleanly.
#healthcare · #fhir · #oauth · #javascript · #browsers · #realtime · #open-source
@dillonstreator5 min read - 2026-05-08
The developer convenience perimeterAI
LiteLLM landed on CISA's KEV while Copilot and Codex added more of the knobs production systems need: same story from two angles, and the shortcut around models is where keys and policy actually concentrate.
#security · #ai · #infrastructure · #linux · #tooling@osbytes4 min read - 2026-05-07
Hello, osbytes: what we're building and why
Open-source builders treating this site as a front door: live GitHub activity, short honest notes, and no curated marketing wall.
#meta · #intro@osbytes2 min read