Hi folks,

This week’s lead story looks at Google’s plan to slow the pace of Android source code drops to AOSP, and what that shift means for developers who depend on timely visibility into platform changes.

Elsewhere, there’s a tough illustration of open source sustainability pressures as Tailwind CSS cuts staff after an AI-driven traffic drop, plus a related note on the Open Source Pledge and the flow of funding commitments that followed. There’s also a security warning about VS Code forks, Microsoft open-sourcing its XAML Studio visual design tool, and more.

As usual, feel free to reach out to me with any questions, tips, corrections, or suggestions: forkable[at]pm.me.

Paul

Open issue

A new cadence for Android development

For some two decades, Google has published source code to the Android Open Source Project (AOSP) for every major and minor Android version, making each platform release available to the wider ecosystem. That approach gave developers, custom ROM builders, device manufacturers, and security researchers regular access to Android’s underlying changes, allowing them to sync repositories, build forks, and test updates as new versions arrived.

Starting in 2026, however, Google is reducing the frequency of those public AOSP source drops, moving from a roughly quarterly cadence to just two releases per year: once in Q2 and once in Q4.

Google says the shift aims to align with its internal “trunk stable” development model and improve platform stability for the broader ecosystem. Translated, this means simplifying Android’s internal development by working from a single codebase and releasing source code only at carefully controlled points.

First reported this week by Android Authority, the change is now visible on the official Android source site, where a new banner explains the policy and recommends developers build from the android-latest-release branch instead of the old aosp-main workflow.

For everyday Android users, this shift won’t affect how quickly security patches arrive on their devices, with Google confirming that monthly security fixes and security-branch updates will remain unchanged. But for communities that depend on consistently timely source access, the impact is more tangible.

Independent developers and projects such as custom ROM teams have already felt the effects of slower or delayed source availability. Last year, the source code for Android 16’s first quarterly platform update was notably late to land on AOSP, frustrating some in the community, though the following update arrived more predictably.

Android’s permissive Apache-licensed code has been one of the pillars enabling forks, alternative builds, and transparent platform development since the project’s early days. Reducing the cadence of public source drops doesn’t negate all of that, but it does change how and when developers gain visibility into Android’s changes, highlighting a familiar tension in vendor-led open source projects between control and transparency.

Read more: Android Authority

Patch notes

Tailwind CSS cuts staff after AI hits developer traffic

Tailwind CSS, a popular open source CSS framework that lets developers style websites using ready-made utility classes directly in HTML, has laid off 75% of its engineering team (from 4 to 1) after a reported 40% drop in website traffic. Project creator Adam Wathan attributed the decline largely to developers turning to AI tools instead of Tailwind help documentation, which had been a key driver for commercial signups.

The episode highlights how even widely used open source projects struggle to generate sufficient revenue for development, with AI worsening the crisis. Which leads us nicely to the next Patch notes story…

Read more: Search Engine Roundtable & GitHub

A strong tailwind for open source funding?

The issue of open source funding is a perennial challenge, but there are active efforts to address this. This includes the Open Source Pledge, an initiative launched by Sentry back in 2024 that commits companies to contributing a portion of their revenue to the open source projects they rely on — including another $750,000 annual allocation in 2025.

In the wake of the Tailwind news, the folks at Sentry, via its Syntax media brand, became a premium Tailwind sponsor to the tune of $5,000 / month. As did others from both the Open Source Pledge and elsewhere, including Google’s AI Studio team, as per this post from product lead Logan Kilpatrick.

Logan Kilpatrick@OfficialLoganK

I am happy to share that we (the @GoogleAIStudio team) are now a sponsor of the @tailwindcss project! Honored to support and find ways to do more together to help the ecosystem of builders.

6:59 PM · Jan 8, 2026 · 361K Views

---

367 Replies · 596 Reposts · 10.7K Likes

The community stepping up to provide support is heartening, but it doesn’t change the reality that many open source projects remain financially fragile and reliant on goodwill, sponsorships, and other indirect revenue streams.

Read more: Sentry & Open Source Pledge & Adam Wathan (X)

VS Code forks expose users to malicious extension recommendations

Several forks of Microsoft’s open-source VS Code editor were found to be at risk of recommending malicious add-ons, after security researchers uncovered a flaw in how extension suggestions were handled.

According to security firm Koi, popular AI-focused VS Code forks such as Cursor, Windsurf, Google Antigravity, and Trae reused Microsoft’s built-in extension recommendation lists without fully adapting them to their own extension stores. As a result, these editors sometimes suggested extensions that didn’t actually exist in their marketplaces.

This opened the door for attackers to potentially upload malicious extensions using those names and have them appear as trusted recommendations inside the editor. Koi said it stepped in and claimed the unused extension names first to prevent abuse, and notified the affected projects.

While there’s no evidence that real attacks occurred, the issue highlights a broader risk in open source software: when projects copy shared components without also copying the security checks behind them, users can be exposed to unexpected threats.

Read more: Bleeping Computer & Koi

Microsoft ushers XAML Studio into the open

Microsoft open-sourced XAML Studio, a visual design tool used to build and preview XAML-based user interfaces for Windows apps. By releasing the project’s code publicly under the MIT license, Microsoft says it hopes to make the tool easier to extend, maintain, and adapt as Windows UI frameworks evolve.

Read more: Microsoft

Percona puts the ‘open’ in Everest

Database company Percona is set to rename its Kubernetes database platform Everest as OpenEverest, with plans afoot to move the project toward independent governance.

The company said the goal is to donate OpenEverest to the Cloud Native Computing Foundation (CNCF), while a newly formed company will take on commercial support and development responsibilities. The shift is meant to clarify Everest’s status as an open source project, reduce vendor control concerns, and give users clearer assurances about its long-term neutrality.

Read more: Percona

Bose has ‘sound’ open principles

As Bose prepares to wind down official support for its SoundTouch smart speaker platform, the company revealed it would make the platform’s technical specifications and APIs publicly available.

The move gives owners and developers the ability to maintain, replace, or extend the software used to control and integrate SoundTouch-enabled home theater and speaker systems after Bose ends updates. While the device firmware itself remains closed, the decision allows the community to preserve functionality and build alternatives to Bose’s official apps — a rare example of a consumer electronics company giving a second thought to users once a proprietary platform reaches end-of-life.

Read more: Ars Technica & Bose

Ghostty terminal gains nonprofit fiscal sponsor

Ghostty has secured nonprofit fiscal sponsorship, giving the project a formal legal and financial structure without becoming a company. The arrangement allows the open source terminal emulator to accept donations, manage funds, and pay for infrastructure while remaining community-focused and independent.

Read more: OMG! Ubuntu

Open Source Founders Summit returns for 2026

Ticket sales have opened for the 2026 edition of the Open Source Founders Summit, a two-day event aimed at leaders running companies built around open source software (read my feature interview with the summit’s creators from earlier this year). The summit focuses on the practical opportunities and risks that come with building commercial organisations on open source foundations, from funding and governance to growth and sustainability.

The 2026 event is set to take place in Paris on May 18–19.

Read more: Open Source Founders Summit & Tickets

And finally…

Scientists have a whale of a time

Researchers working with Project CETI (the Cetacean Translation Initiative) have published details of a new underwater system designed to record, analyse, and cautiously respond to sperm whale communication. Described in a recent peer-reviewed paper, the system focuses on distinctive click patterns — known as codas — that whales use for social interaction. Rather than attempting direct translation, the researchers analyse structure and repetition in these sounds and observe how whales respond when specific signals are played back.

What makes the work notable is its commitment to open source science. The team has openly released both the hardware and software used to capture, process, and analyse whale vocalisations, along with detailed designs and fabrication notes. This allows other researchers to reproduce the system, validate the results, or build on the work — turning what could have been a bespoke research tool into a shared scientific resource.

Read more: PLOS One & Earth.com