Pinned toot

In the late 90s and early 00s, russia has threatened my country with a military intervention in case we continue our negotiations to join and .

I had nightmares about what is currently happening in , happening in my country. I was afraid, we were afraid. We no longer are.

Vorohiv na nozhi!

Pinned toot

Today we are very proud to announce that the United Nations has switched from Google Forms to CryptPad Form for collecting endorsements on the UN Open Source Principles: unite.un.org/news/sixteen-orga

CryptPad Form is a full-fledged application allowing you to build privacy-preserving questionnaires for your respondents.

Try it for free, without even registering an account, on our CryptPad.fr flagship instance!

#UnitedNations #UN #Privacy #OpenSource #Forms #Studies #FOSS

Um ok so, I met like half a dozen wholesome rich people recently. It doesn't make oligarchy ok, but like... Seems like one can get rich while having morals? Idk, I'm trying to get rich myself, will report back from the other side hopefully.

I always supported two state solution. I still do, except now I would like to see East Palestine and West Palestine as the two states.

Interesting Git repos of the week:

Detection:

* github.com/tstromberg/ucd - hunt for unauthorised changes
* github.com/mnrkbys/fjta - check for anomalies in your FS timeline

Exploitation:

* github.com/hardenedlinux/tzram - audit your TrustZone implementatation

Nerd:

* gist.github.com/halcy/b4f455ef the Fediverse in FUSE

#security, #research, #code

Wow, this Pixelfed bug is *nasty*. Allowed users to access private posts of remote users they're not following so long as another user on the same Pixelfed server legitimately followed that account.

If you're running a Pixelfed server, definitely upgrade immediately now that the vulnerability is publicly known.

fokus.cool/2025/03/25/pixelfed

Our mastodon instances are archives of history.

@arstechnica@mastodon.social 1st, Code Berg, is an alternative to GitHub, but located in Germany.

That is where I have been working on a list of digital service providers, outside Us Jurisdiction. It has not been easy. Often you will find "company 1" is located in "France" (random example), but is owned by another company in "Germany" (random example), which is ultimately owned by a company in the United States.

In making my list, I have learned just how much people "simp" for a corporation. It is that tribe mindset folks have. You point out how their own TOS (terms of services) quote either an address in the United States, or quotes a bunch of laws in the United States, and people still want you to list their company because "reasons" (insert random excuse). I am sure, they're happy with their service provider, but the whole point is to come up with a list of service providers, outside Us Jurisdiction (laws).

Here is my list. It is open source and a community effort.
https://codeberg.org/Linux-Is-Best/Outside_Us_Jurisdiction

Stand with people of .

Please talk to your friends. Talk to Turkish diaspora, see if you can organise some events to educate yourself and your neighbours about Erdogan's 24 years in power.

I'm disappointed with for not covering it. Millions of people are protesting.

@TimePencil@infosec.exchange @jonn@social.doma.dev @signalapp@mastodon.world @nixCraft@mastodon.social

I cannot say, how much people should or should not trust Signal, but I can confirm, you should not trust, WhatsApp.

@jonn@social.doma.dev @nixCraft@mastodon.social

I have been making a list of digital service providers outside Us Jurisdiction. Part of that list, includes encrypted messages
https://codeberg.org/Linux-Is-Best/Outside_Us_Jurisdiction/src/branch/main/Encrypted_Messages.md

Next.js dropped a CVSS 9.1 authentication bypass vulnerability (CVE-2025-29927) over the weekend. This flaw is trivially exploitable by sending the header `x-middleware-subrequest: true` and causes the request to skip all middleware processing, including any authentication steps.

Shodan reports over 300,000 services with the `X-Powered-By: Next.js` header alone.

You can find links to the advisory and queries for runZero at: runzero.com/blog/next-js/

How rich people avoid paying tax

(Originally by Instgram user @newmoney.blog)

Earlier, I reminded people that Dot Com, Net, Org, Info, Us, and Edu are all govern by the United States. I also reminded folks that, word-based domain extensions, for example, Dot Social, are managed by Us Corporations. I suggested, it may be a good idea, if you're looking to start a new website, to not only find an overseas web host, but pick a country level domain.

Someone accused this of "Fearmongering".

I come to the Fediverse to enjoy social media, since I spend 8–12 hours working for Meta (Facebook). The Fedi is a good distraction of the nonsense that I see and encounter at work.

For example, the word "protest" is now being monitoring there. We're actively helping a fascist regime track people. That same fascist regime who is threatening Canada, Greenland, and other such nonsense.

I am not Fearmongering. I am sharing events that are unfolding, along with some valued foresight. Things are changing in our world, and not for the better.

Periodic tiny reminder that you do not have to (and actually shouldn't) give your own name to your devices.

Give them their own unique names.

Your privacy will be better for it,
and they'll be happier :neocat_laptop: ✨

#Privacy

@jonn well as you might remember I do have my own style guide (written version extremely out of date, but still) with some specific reasoning behind it, primarily focusing on things being readable at a glance.

So with that mindset if I do manually break an expression into separate lines, it's probably because I believe that is the best level to break it to outline the logic for the next reader.

I might be wrong in a particular instance, but I'm certainly less wrong than "this fits in one line so fuck you it's one line now, except the .into(), that seems important enough to go on the next one".

🔐✌️ Victory for Privacy and Security in France 🇫🇷

End-to-end encryption will continue to be available in France, as the assembly overwhelmingly voted against (119 votes against, only 24 in favor) an amendment to legislation fighting drug trafficking which required backdoors in encrypted messengers.

lemonde.fr/societe/article/202

Climate change nightmare, tech edition: workflow using on to fine-tune a implementation of a -enabled .

Thanks for inspiration, @faassen!

Show more
Doma Social

Mastodon server of https://doma.dev.