In the late 90s and early 00s, russia has threatened my country with a military intervention in case we continue our negotiations to join #EU and #NATO.
I had nightmares about what is currently happening in #Ukraine, happening in my country. I was afraid, we were afraid. We no longer are.
Vorohiv na nozhi!
Better GitFlow or Why We No Longer Squash (all the) Commits.
Today we are very proud to announce that the United Nations has switched from Google Forms to CryptPad Form for collecting endorsements on the UN Open Source Principles: https://unite.un.org/news/sixteen-organizations-endorse-un-open-source-principles
CryptPad Form is a full-fledged application allowing you to build privacy-preserving questionnaires for your respondents.
Try it for free, without even registering an account, on our CryptPad.fr flagship instance!
#UnitedNations #UN #Privacy #OpenSource #Forms #Studies #FOSS
Interesting Git repos of the week:
Detection:
* https://github.com/tstromberg/ucd - hunt for unauthorised changes
* https://github.com/mnrkbys/fjta - check for anomalies in your FS timeline
Exploitation:
* https://github.com/hardenedlinux/tzram-audit - audit your TrustZone implementatation
Nerd:
* https://gist.github.com/halcy/b4f455ef05c4c36906107e9367b8dd63 the Fediverse in FUSE
We’re all trying to find the collaborators who did this.
Wow, this Pixelfed bug is *nasty*. Allowed users to access private posts of remote users they're not following so long as another user on the same Pixelfed server legitimately followed that account.
If you're running a Pixelfed server, definitely upgrade immediately now that the vulnerability is publicly known.
@arstechnica@mastodon.social 1st, Code Berg, is an alternative to GitHub, but located in Germany.
That is where I have been working on a list of digital service providers, outside Us Jurisdiction. It has not been easy. Often you will find "company 1" is located in "France" (random example), but is owned by another company in "Germany" (random example), which is ultimately owned by a company in the United States.
In making my list, I have learned just how much people "simp" for a corporation. It is that tribe mindset folks have. You point out how their own TOS (terms of services) quote either an address in the United States, or quotes a bunch of laws in the United States, and people still want you to list their company because "reasons" (insert random excuse). I am sure, they're happy with their service provider, but the whole point is to come up with a list of service providers, outside Us Jurisdiction (laws).
Here is my list. It is open source and a community effort. https://codeberg.org/Linux-Is-Best/Outside_Us_Jurisdiction
Stand with people of #Turkey.
Please talk to your friends. Talk to Turkish diaspora, see if you can organise some events to educate yourself and your neighbours about Erdogan's 24 years in power.
I'm disappointed with #TheGuardian for not covering it. Millions of people are protesting.
@TimePencil@infosec.exchange @jonn@social.doma.dev @signalapp@mastodon.world @nixCraft@mastodon.social
I cannot say, how much people should or should not trust Signal, but I can confirm, you should not trust, WhatsApp.
@jonn@social.doma.dev @nixCraft@mastodon.social
I have been making a list of digital service providers outside Us Jurisdiction. Part of that list, includes encrypted messages https://codeberg.org/Linux-Is-Best/Outside_Us_Jurisdiction/src/branch/main/Encrypted_Messages.md
Next.js dropped a CVSS 9.1 authentication bypass vulnerability (CVE-2025-29927) over the weekend. This flaw is trivially exploitable by sending the header `x-middleware-subrequest: true` and causes the request to skip all middleware processing, including any authentication steps.
Shodan reports over 300,000 services with the `X-Powered-By: Next.js` header alone.
You can find links to the advisory and queries for runZero at: https://www.runzero.com/blog/next-js/
Earlier, I reminded people that Dot Com, Net, Org, Info, Us, and Edu are all govern by the United States. I also reminded folks that, word-based domain extensions, for example, Dot Social, are managed by Us Corporations. I suggested, it may be a good idea, if you're looking to start a new website, to not only find an overseas web host, but pick a country level domain.
Someone accused this of "Fearmongering".
I come to the Fediverse to enjoy social media, since I spend 8–12 hours working for Meta (Facebook). The Fedi is a good distraction of the nonsense that I see and encounter at work.
For example, the word "protest" is now being monitoring there. We're actively helping a fascist regime track people. That same fascist regime who is threatening Canada, Greenland, and other such nonsense.
I am not Fearmongering. I am sharing events that are unfolding, along with some valued foresight. Things are changing in our world, and not for the better.
The way I give my devices names is this script: https://github.com/cognivore/fortunehost
Periodic tiny reminder that you do not have to (and actually shouldn't) give your own name to your devices.
Give them their own unique names.
Your privacy will be better for it,
and they'll be happier
@jonn well as you might remember I do have my own style guide (written version extremely out of date, but still) with some specific reasoning behind it, primarily focusing on things being readable at a glance.
So with that mindset if I do manually break an expression into separate lines, it's probably because I believe that is the best level to break it to outline the logic for the next reader.
I might be wrong in a particular instance, but I'm certainly less wrong than "this fits in one line so fuck you it's one line now, except the .into(), that seems important enough to go on the next one".
Victory for Privacy and Security in France
End-to-end encryption will continue to be available in France, as the assembly overwhelmingly voted against (119 votes against, only 24 in favor) an amendment to legislation fighting drug trafficking which required backdoors in encrypted messengers.
That GEOSURGE BEST LLM SEO GEO guy
#lean #rust #typescript #react #nix
In my non-existent free time I design and run #TTRPG
If you use tools made by genocide-apologists, you are a genocide-apologist.
#lemmy users aren't welcome here.