elrido reshared this.

mastodon - Link to source
The media in this post is not displayed to visitors. To view it, please go to the original post.

9,000 pre-orders. Time to celebrate. πŸŽ‰

This is not just a number. It is 9,000 people who chose privacy, independence, and a different kind of phone. People who decided that their data is theirs. People who believe something better is possible.

Secure your Jolla Phone at the special batch price before February ends. If you have been considering it, this is the moment.

Let's make it together. ❀️

jolla.com/phone

#Jolla #SailfishOS #DigitalSovereignty #European #PrivacyFirst #Linux #CommunityPowered

Jolla Phone Pre-order Voucher

The independent European Do It Together (DIT) Linux phone, shaped by the people who use it.
Jolla Shop
#linux #Jolla #SailfishOS #digitalsovereignty #European #privacyfirst #communitypowered

reshared this

elrido reshared this.

mastodon - Link to source
39C3: Turnhallen – die preisgΓΌnstige Übernachtungsalternative
events.ccc.de/2025/12/19/39c3-…

39C3: Turnhallen – die preisgΓΌnstige Übernachtungsalternative

Gute Neuigkeiten: Wir konnten auch in diesem Jahr umliegende Schulen dazu gewinnen, uns ihre Turnhallen wΓ€hrend des Congresszeit als SchlafplΓ€tze zu ΓΆffnen. Die Tickets kosten 5 € pro Nacht.
CCC Event Blog

reshared this

elrido reshared this.

mastodon - Link to source
this fall I worked with the core Git folks on writing an official data model for Git and it just got merged! I learned a few new things from writing it. github.com/git/git/blob/master…

git/Documentation/gitdatamodel.adoc at master Β· git/git

Git Source Code Mirror - This is a publish-only repository but pull requests can be turned into patches to the mailing list via GitGitGadget (https://gitgitgadget.github.io/). Please follow Documen...
GitHub

reshared this

elrido reshared this.

mastodon - Link to source
The media in this post is not displayed to visitors. To view it, please go to the original post.

Remember this fun URL from three years ago?

daniel.haxx.se/blog/2022/09/08…

@?#

The other day I sent out this tweet As it took off, got an amazing attention and I received many different comments and replies, I felt a need to elaborate a little. To add some meat to this.
daniel.haxx.se

reshared this

elrido reshared this.

mastodon - Link to source
This entry was edited (6 months ago)

reshared this

in reply to Aral Balkan

mastodon - Link to source

Rune

I didn't read the 🦷 from Jeff. I fully understand the no tracking and I'm glad I live in the eu and privacy is taken seriously. But I also understand the need for cookies , at least for analytics and I think the cookie consent ux is awful. I get cookie consent blind and click allow all ... Usually the default.. to get to the content. It could be super nice if the cookie-banners could steered by request accept headers as standard. In that way I would only need to set the browser settings
in reply to PΔ“teris Caune

mastodon - Link to source

PΔ“teris Caune

@mathew @mkj @praerien
I made a script that tracks Latvian websites that have the "load cookies first then ask for permission" problem: https://sΔ«kdatnes.lv

For problematic sites, I send an informal email explaining the problem and asking to fix it. In case of no action, I send a formal, signed complaint. And then in case of no action, I report them to our country's DPA.

In quite a few cases the informal email is enough, and the issue gets acknowledged and fixed.

@mathew @mkj @Rune
This entry was edited (6 months ago)
elrido reshared this.

mastodon - Link to source
Talks by Brian Kernighan are mostly entertaining, but rare. The most recent one I'm aware of was at this years VCF East (April 2025). It's about the history of UNIX and his time at Bell Labs. Enjoy: youtube.com/watch?v=WEb_YL1K1Q… #vintagecomputing #retrocomputing #oralhistory #technistory #unix

UNIX: A History and a Memoir by Brian Kernighan

Brian Kernighan talks about the history of UNIX and promotes his 2019 book.
YouTube
#retrocomputing #Unix #vintagecomputing #oralhistory #technistory

elrido reshared this.

elrido reshared this.

mastodon - Link to source

"Nobody is fired for chosing Microsoft," lautet ein geflΓΌgeltes Wort.

Das impliziert aber auch, dass Leute gefeuert werden, die sich gegen die EinfΓΌhrung von #Microsoft-LΓΆsungen stellen. Genau das scheint im Kanton #Luzern dem IT-Sicherheitschef passiert zu sein, wie eine Reportage von @adfichter in der #Republik zeigt. (Der Kanton dementiert.)
republik.ch/2025/06/16/microso…

Es knallt in den Kantonen

Der Luzerner Regierungsrat stellt den kantonalen IT-Sicherheitschef frei – aufgrund dessen Kritik an der EinfΓΌhrung der Microsoft-Cloud.
Adrienne Fichter (Republik)
#Microsoft #luzern #republik @Adfichter
This entry was edited (9 months ago)

reshared this

elrido reshared this.

mastodon - Link to source
The media in this post is not displayed to visitors. To view it, please go to the original post.

Die CoSin Eintrittsbadges sind bereit und warten auf euch! Kommt zahlreich! 😺
Es gibt genug Badges, mehr als auf dem Bild.

Bitte bringt aber eure eigenen BΓ€ndel / Lanyards mit! (Beispielsweise von der letzten CoSin.) Wir haben nur eine sehr begrenzte Anzahl zur Ausgabe.

#cosin2025

#cosin2025

reshared this

elrido reshared this.

mastodon - Link to source
The media in this post is not displayed to visitors. To view it, please go to the original post.

Wer schon am Donnerstag den "I Love Free Software Day" mit uns feiern mΓΆchte und in der NΓ€he von ZΓΌrich ist, ist willkommen. /Ralf

gnulinux.ch/zum-wochenende-i-l…

Zum Wochenende: I Love Free Software Day

Alle Jahre wieder feiern wir den "I love free software day". Viele Organisationen und Personen sagen Danke! So auch die FSFE in der Schweiz.
GNU/Linux.ch

elrido reshared this.

friendica (DFRN) - Link to source

#PrivateBin v1.7.6 released - Several quality-of-life frontend improvements & some backend code cleanup

I think we could now consider switching from the bootstrap 3 to the bootstrap 5 template as the default in the next release. Still need to migrate the templates of the info and directory websites to use bootstrap 5, though, so it all looks the same.

Is changing the look-and-feel of the default template, while keeping all of it's functionality the same, considered a major number change in terms of semantic versioning? We would not remove the old template, so if the old one is configured it would keep looking the same. See for example our template screenshots for a comparison of the two.

#privatebin
elrido reshared this.

mastodon - Link to source

@lwn has published a review of sq. From the article:

"The first 1.0 release of a project is sometimes a bit rough, but in Sequoia's case that does not appear to be the case. The tool supports all of the basic operations of an OpenPGP implementation, integrates well with existing software, and has a discoverable interface that makes it easy to come up to speed in a short time."

lwn.net/SubscriberLink/1003243…

#pgp

A look at the Sequoia command-line interface [LWN.net]

lwn.net
#pgp

reshared this

elrido reshared this.

mastodon - Link to source

CoSin 2024 live streams:

πŸ‘‰ streaming.media.ccc.de/cosin20…

#cosin2024

Live-Streams – Chaos Singularity 2024 Streaming

Die Chaos Singularity ist eine Mischung aus technisch-gesellschaftlichem Kongress, kreativem Beisammensein und Hacker-Familientreffen.
streaming.media.ccc.de
#cosin2024

reshared this

elrido reshared this.

mastodon - Link to source

#BerndFix an der #CoSin2024 mit #WikiLeaks-Vortrag - zu #FreeAssange und (jetzt) #AssangeFree.

Es wird eine GesamtΓΌbersicht seit den ersten Kontakten mit #JulianAssange 2008 (am CCC-Kongress) angekΓΌndigt; Bernd rekapituliert die Geschichte seither.

Punkto Spendeneinnahmen ist gleich einmal interessant:

Nach der Publikation der US-Depeschen nahm das Spendenaufkommen via #PayPal massiv zu: ca. EUR 100k / d wurden eingenommen - bis zum Punkt, wo PayPal das Konto der Stiftung @wauland sperrte.

#julianassange #wikileaks #paypal #FreeAssange #cosin2024 #berndfix #assangefree @wauland
This entry was edited (1 year ago)

elrido reshared this.

in reply to HernΓ’ni Marques

mastodon - Link to source

HernΓ’ni Marques

Beim Besuch der Botschaft ferner zu beachten: die spanische Firma #UCGlobal war von der ecuadorischen Regierung beauftragt, fΓΌr die Sicherheit (gerne hier: #TotalΓΌberwachung) der Besuche / Besucher zu sorgen.

Wie spΓ€ter nΓ€mlich publik wurde, sind auch GerΓ€te geΓΆffnet und verwanzt, Daten abgesaugt worden usw.

Dies ist auch Gegenstand eines laufenden juristischen Verfahrens.

#totalΓΌberwachung #ucglobal
This entry was edited (1 year ago)
in reply to HernΓ’ni Marques

mastodon - Link to source

HernΓ’ni Marques

Mit dem #Machtwechsel in #Ecuador von Correa zu Moreno wurde der Druck auf den nunmehr "unerwΓΌnschten Gast" #JulianAssange erhΓΆht. Im Zuge dessen wurde ihm der via Correa in der Amtszeit zuvor ausgestellte ecuadorianische Pass entzogen und organisiert sowie medial inszeniert, dass er aus der Botschaft rausgeworfen wurde - in die HΓ€nde der britischen Polizei, so dass er schliesslich nach #Belmarsh (besser: #Hellmarsh) kam.

#ChaosSingularity #CoSin #CoSin2024 #FreeAssange #AssangeFree #WikiLeaks

#julianassange #wikileaks #FreeAssange #Cosin #ecuador #belmarsh #cosin2024 #chaossingularity #assangefree #machtwechsel #hellmarsh
This entry was edited (1 year ago)
in reply to HernΓ’ni Marques

mastodon - Link to source

HernΓ’ni Marques

Fast-Forward zur Gegenwart nun - zum Rahmen des #PleaDeal|s, der in #Saipan inmitten des Pazifiks von einer US-amerikanischen Richterin besiegelt wurde, gilt fΓΌr Julian auch eine #Generalamnestie gegenΓΌber den US-BehΓΆrden fΓΌr die gesamte betroffene Zeit, bis und mit zum #AssangeFree-Tag.
#assangefree #pleadeal #saipan #generalamnestie
This entry was edited (1 year ago)
in reply to HernΓ’ni Marques

mastodon - Link to source

HernΓ’ni Marques

Zum Finanziellen des Ganzen - von #FreeAssange zu #AssangeFree:

FΓΌr die AnwΓ€lte wurden fΓΌr zehn Teams in acht LΓ€ndern EUR 12 Mio. ausgegeben.

Das Geld fΓΌr die immensen juristischen Ausgaben kam von der "Einkaufsgesellschaft" #AssangeDAO, die ein #NFT vom KΓΌnstler pak gekauft hat.

pak hat in dem Rahmen 16'593 #ETH (#Ethereum) eingenommen, was (damals) umgerechnet ca. EUR 52 Mio. waren. Das Geld hat er im Februar 2022 an die #WHS-Stiftung gegeben, wo KryptowΓ€hrungen auf einem Hoch waren.

#FreeAssange #Ethereum #nft #eth #AssangeDAO #assangefree #whs
This entry was edited (1 year ago)
in reply to HernΓ’ni Marques

mastodon - Link to source

HernΓ’ni Marques

Total hat die #WHS ca. 11'000 #ETH getauscht - immer nach Bedarf. In Fiat-WΓ€hrung umgerechnet waren das ΓΌber die rund zwei Jahre tatsΓ€chlich ca. EUR 17 Mio., weil der #Ethereum-Kurs in den diesen Jahren auch (lΓ€nger) weiter unten war.

Dies bedeutet folglich, dass noch ca. 5'000 #ETH da sind, wo jetzt geschaut werden muss, was damit zu machen ist; gegeben die Tatsache, dass der Spenderwille (vom KΓΌnstler pak) im Wesentlichen erfΓΌllt ist.

#Ethereum #eth #whs
This entry was edited (1 year ago)
in reply to HernΓ’ni Marques

mastodon - Link to source

HernΓ’ni Marques

Ich stelle die Frage, was mit Leuten wie #OlaBini und anderen vom #WikiLeaks-Umfeld ist.

Dazu sagt Bernd, dass nicht ausgeschlossen werden kann, dass die US-Regierung gegen das (erweiterte) Umfeld von WikiLeaks noch einmal eine Keule auspackt. Es mΓΌsse dann geschaut werden, wie vorgehen.

Das #NFT-Geld kann dafΓΌr zumal nicht genutzt werden, weil das nicht dem expliziten pak-Wunsch entsprΓ€che. Juristisch betrachtet sei dies klar an ihm gebunden.

#wikileaks #nft #olabini
This entry was edited (1 year ago)
in reply to HernΓ’ni Marques

mastodon - Link to source

HernΓ’ni Marques

Fun-Fact noch dazu: wegen dem erwΓ€hnten Prozess gegen #UCGlobal, wo Andy MΓΌller-Maguhn und Bernd im #Strafprozess als NebenklΓ€ger auftreten (juristischer Kostenpunkt: EUR 7'500; dies im Kontext ehrenamtlicher Stiftungsratsarbeit, ohne also Lohn zu beziehen), hat das Finanzamt #Hamburg im Februar 2024 abermals die #Steuerbefreiung entzogen; erneut wurde eine Darstellung erprobt, die StiftungsrΓ€te profitierten von dem Geld. Dabei kam von den involvierten AnwΓ€lten gar nie eine Rechnung...
#hamburg #strafprozess #steuerbefreiung #ucglobal
This entry was edited (1 year ago)
in reply to HernΓ’ni Marques

mastodon - Link to source

HernΓ’ni Marques

... d. h.: die EUR 7'500 wurden nicht überwiesen, weder an AnwÀlte noch sonst irgendwohin. Das wurde dem Finanzamt auch mitgeilt. Nach viermonatiger "Arbyte" hat das Finanzamt vor zwei Tagen festgestellt, dass es wieder wilde Theorien über den Korruptionsgrad der StiftungsrÀte aufgestellt hat; entsprechend ist die #Steuerbefreiung von @wauland wieder hergestellt. - just vor zwei Tagen, also am 27.6.2024! 🍾 ✊

(Da hat sicher das jΓΌngste mediale Licht #FreeAssange -> #AssangeFree geholfen. πŸ˜‰)

#FreeAssange #assangefree #steuerbefreiung @wauland
This entry was edited (1 year ago)
in reply to elrido

friendica (DFRN) - Link to source

elrido

Group picture from the first day.

Took a lot of notes, my highlights so far were:

  • Massimilianos' RP2040-based, Rust-driven robot racer
  • options to improve handling of bitfields in packed structs
  • typestate pattern for use in state machines, think objects that mutate into different types as the states progress, so only methods relevant to the current state are available and enforced at compile time, ex. rustls::ConfigBuilder
  • Milica shared her teams' experience switching from C++ to Rust
  • Simon Brummers' text-2-morse-code character device driver, an excellent example project to get started with Rust-based Linux-kernel-module development

Grandmaster Bash reshared this.

friendica (DFRN) - Link to source
It fills a lot of gaps and backstory of Immortan Joe and the citadel and the other wasteland towns and of course, Furiosa. It ends just before Fury Road hits off and even has short scenes from Fury Road as reminders of how that story went during the end c

Did go see Furiosa tonight, can highly recommend, if you enjoy George Miller's Mad Max series. I'd call this the Rogue One of the series. 🀩

It fills a lot of gaps and backstory of Immortan Joe and the citadel and the other wasteland towns and of course, Furiosa. It ends just before Fury Road hits off and even has short scenes from Fury Road as reminders of how that story went during the end credits. It would be perfect to watch the two back to back as a double feature.

Arguably, Max does briefly show up in this one, but it is only a vague reference via the iconic car and a brief shot of a man standing next to it with his back towards the audience. Bit like in the early Fury Road trailer.

Edit: Removed the CW reg. mild spoilers. Doesn't seem to translate properly to Mastodon, messed up the order of the content and didn't hide anything. Sorry.

elrido reshared this.

mastodon - Link to source

Note on all the #xz drama, there are some technical solutions for such #supplychainattack that can make such an attack way harder, at least to hide the code in tarballs etc.

slsa.dev/ e.g. is a solution. Combined with reproducible builds, it ensures that a software artifact is built exactly from the source given in a source repository, with the possibility to prove that and no way for any maintainer to tamper with (in the highest level).

#slsa #infosec #security #linux #backdoor

Supply-chain Levels for Software Artifacts

SLSA is a security framework. It is a check-list of standards and controls to prevent tampering, improve integrity, and secure packages and infrastructure in your projects, businesses or enterprises.
SLSA
#linux #security #infosec #Backdoor #supplychainattack #xz #SLSA

elrido reshared this.

in reply to rugk

mastodon - Link to source

rugk

Furthermore produced software artifacts proofs are written into a database similar to #certificateTransparency.

We have recently implemented this in #PrivateBin and it works great: github.com/PrivateBin/PrivateB…

Of course practically, people (especially software consumers) needed to verify it, to be worth the work.

Obviously, it's no magic bullet. It just raises the burden for an attacker. Obviously, the source code repo could be made to contain bad code, but you cannot anymore tamper at built-time.

Getting SLSA ("Supply-chain Levels for Software Artifacts") compliance Β· Issue #1169 Β· PrivateBin/PrivateBin

The problem Any software can introduce vulnerabilities into a supply chain. As a system gets more complex, it’s critical to already have checks and best practices in place to guarantee artifact int...
GitHub
#privatebin #certificatetransparency
in reply to rugk

mastodon - Link to source

rugk

The way this works, is, essentially, quite easy: the whole build process is documented in the same repository, builds are automated via CI/CD and all that is, to reach best support, done in an environment that prevents tampering and (crucially) is *out of your control*.

Then you get #SLSA v3: slsa.dev/get-started#slsa-3 (quite easy with GitHub Actions)

Get started

If you’re looking to jump straight in and try SLSA, here’s a quick start guide for the steps to take to reach the different SLSA levels.
SLSA
#SLSA
in reply to rugk

mastodon - Link to source

rugk

Now, you say, you have to trust GitHub? Sure, you do, to achieve this. But threat models: What is more likely compromised: a maintainer/account in your project, or the whole GitHub build infra?

Personally, I was also not quite convinced, given you loose "control" over your build and GitHub could theoretically now inject #malware.

However, as the project itself states, this is not a big deal, if you combine it with the older security feature aka #reproduciblebuilds.

slsa.dev/spec/v1.0/faq#q-what-…

Frequently asked questions

Answers to questions frequently asked about SLSA.
SLSA
#malware #reproducibleBuilds
This entry was edited (1 year ago)
in reply to rugk

mastodon - Link to source

rugk

To explain, we have #SLSA signatures that verify the build was done automatically by #GitHub as instructed, *and* we have traditional #gpg signatures with private keys only known to maintainer(s) that verify a maintainer actually triggered the built and locally reproduced it…
Given they both validate, you automatically achieve reproducible builds _and_ #SLSA validity.

One caveat: This was only easy, because our build process is essentially one command (git archive).

github.com/PrivateBin/PrivateB…

PrivateBin/doc/Release.md at master Β· PrivateBin/PrivateBin

A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES. - PrivateBin/PrivateBin
GitHub
#gpg #GitHub #SLSA
in reply to rugk

mastodon - Link to source

β›ˆοΈ rain

Wow, je mehr ich über die ganze #xz Saga lese, desto beeindruckter bin ich, was für ein unglaublicher Zufall es war, dass das so schnell gefunden wurde 😳

boehs.org/node/everything-i-kn… ist ein lesenswerter Überblick.

bugs.debian.org/cgi-bin/bugrep… gibt einen guten Eindruck, wie vor 5-6 Tagen angefangen wurde, Druck aufzubauen, die kompromittierte Version in Debian hochzuladen. Und wie viel Energie da rein gesteckt wurde.

#infosec #security

Everything I know about the XZ backdoor

Please note: This is being updated in real time. The intent is to make sense of lots of simultaneous discoveries
boehs.org
#security #infosec #xz

friendica (DFRN) - Link to source
Gerade @Malte 's exzellente EinfΓΌhrung in SSRF (server side request forgery) genossen am #Winterkongress und fleissig Notizen gemacht. Habe da noch ein paar Punkte am PrivateBin directory nachzubessern. Gopher-URLs via (lib)curl zu nutzen um ganz andere Protokolle zu sprechen (das gezeigte Beispiel war SMTP) ist echt kreativ, aber wenigstens recht einfach zu unterbinden.
#winterkongress @Malte

friendica (DFRN) - Link to source

A classic bug for a leap day: At work, colleagues discovered and fixed a bug in a lesser used tool that only occurs on February 29th. It did trip up the tests, so no one got to merge until it got identified and resolved.

The source file in question hadn't been touched in over 4 years. Last leap year, the 29th was on a Saturday, so likely no one noticed.

What was annoying is that the logic had been clearly written with the intent of handling leap years. A leap year check condition was present, validated only on a February > 28th, but had to get inverted.

You may wonder why we wouldn't have used the languages' standard library date functions to validate the date - unfortunately the language in question doesn't have such a sophisticated standard library (language omitted to protect the innocent).

elrido reshared this.

mastodon - Link to source

Niklaus Wirth, the inventor of the Pascal programming language, author of "Algorithms + Data Structures = Programs", and more, passed away on January 1.

Wirth's law, named after him, is an adage which states that software gets slower more rapidly than hardware gets faster.

#programming #computerscience

#programming #computerscience
This entry was edited (2 years ago)

reshared this

friendica (DFRN) - Link to source
#37c3

friendica (DFRN) - Link to source

Congratulations to Sergio Benitez on releasing rocket.rs 0.5.0! Thank you for this great framework. πŸ‘

I got to follow rocket's journey to async and stable #rust with the PrivateBin directory service. Coming from Python flask apps, it is really easy to pick up and get going with your webservice, offering static & templated content, easy to create web forms and JSON APIs.

Thanks to rust's strict type system I could focus on the logic and didn't have to waste time double checking and casting data received by clients. If my API accepts an integer in a certain parameter, Rocket will ensure I only receive valid requests in my logic.

#rust

reshared this

⇧