Jons Mostovojs @jonn@social.doma.dev

Holy shit.

Just wow, wow, holy shit:

Completely rewriting a multi-million line COBOL codebase that has life-or-death consequences for real people in the space of a few months, using gen AI?

I’ve been writing software for 40-some years, and I have to say: this may be, without exaggeration, the stupidest software-related idea I’ve ever heard from leadership.

https://www.wired.com/story/doge-rebuild-social-security-administration-cobol-benefits/

Don't know what to do or were to start in resisting the MAGA authoritarian takeover? Need to start small? Check out this link:

Thirty lonely but beautiful actions you can take right now which probably won't magically catalyze a mass movement against Trump but that are still wildly important.

https://thewhitepages.net/p/thirty-lonely-but-beautiful-actions

#Resistance

HT: @garrettbucks

@samlitzinger Just remembered what happened when Silvio 'Bunga Bunga' Berlusconi, Italy's Trump (or, to be more precise, Trump is America's Berlusconi) died: his heirs called specialists to appraise his art collection, which occupied a WAREHOUSE, and the recommendation of those exquisite Italian experts was "burn it all"

https://www.bbc.com/news/world-europe-67162602

Today we are very proud to announce that the United Nations has switched from Google Forms to CryptPad Form for collecting endorsements on the UN Open Source Principles: https://unite.un.org/news/sixteen-organizations-endorse-un-open-source-principles

CryptPad Form is a full-fledged application allowing you to build privacy-preserving questionnaires for your respondents.

Try it for free, without even registering an account, on our CryptPad.fr flagship instance!

#UnitedNations #UN #Privacy #OpenSource #Forms #Studies #FOSS

Interesting Git repos of the week:

Detection:

* https://github.com/tstromberg/ucd - hunt for unauthorised changes
* https://github.com/mnrkbys/fjta - check for anomalies in your FS timeline

Exploitation:

* https://github.com/hardenedlinux/tzram-audit - audit your TrustZone implementatation

Nerd:

* https://gist.github.com/halcy/b4f455ef05c4c36906107e9367b8dd63 the Fediverse in FUSE

#security, #research, #code

We’re all trying to find the collaborators who did this.

https://mastodon.social/@hanse_mina/114226655742304795

Wow, this Pixelfed bug is *nasty*. Allowed users to access private posts of remote users they're not following so long as another user on the same Pixelfed server legitimately followed that account.

If you're running a Pixelfed server, definitely upgrade immediately now that the vulnerability is publicly known.

https://fokus.cool/2025/03/25/pixelfed-vulnerability.html

@arstechnica@mastodon.social 1st, Code Berg, is an alternative to GitHub, but located in Germany.

That is where I have been working on a list of digital service providers, outside Us Jurisdiction. It has not been easy. Often you will find "company 1" is located in "France" (random example), but is owned by another company in "Germany" (random example), which is ultimately owned by a company in the United States.

In making my list, I have learned just how much people "simp" for a corporation. It is that tribe mindset folks have. You point out how their own TOS (terms of services) quote either an address in the United States, or quotes a bunch of laws in the United States, and people still want you to list their company because "reasons" (insert random excuse). I am sure, they're happy with their service provider, but the whole point is to come up with a list of service providers, outside Us Jurisdiction (laws).

Here is my list. It is open source and a community effort. https://codeberg.org/Linux-Is-Best/Outside_Us_Jurisdiction

@TimePencil@infosec.exchange @jonn@social.doma.dev @signalapp@mastodon.world @nixCraft@mastodon.social

I cannot say, how much people should or should not trust Signal, but I can confirm, you should not trust, WhatsApp.

@jonn@social.doma.dev @nixCraft@mastodon.social

I have been making a list of digital service providers outside Us Jurisdiction. Part of that list, includes encrypted messages https://codeberg.org/Linux-Is-Best/Outside_Us_Jurisdiction/src/branch/main/Encrypted_Messages.md

@DemocracyMattersALot HAHAHAHAHAHA!!!! They only made it like 3 days!

Next.js dropped a CVSS 9.1 authentication bypass vulnerability (CVE-2025-29927) over the weekend. This flaw is trivially exploitable by sending the header `x-middleware-subrequest: true` and causes the request to skip all middleware processing, including any authentication steps.

Shodan reports over 300,000 services with the `X-Powered-By: Next.js` header alone.

You can find links to the advisory and queries for runZero at: https://www.runzero.com/blog/next-js/

How rich people avoid paying tax

(Originally by Instgram user @newmoney.blog)

Earlier, I reminded people that Dot Com, Net, Org, Info, Us, and Edu are all govern by the United States. I also reminded folks that, word-based domain extensions, for example, Dot Social, are managed by Us Corporations. I suggested, it may be a good idea, if you're looking to start a new website, to not only find an overseas web host, but pick a country level domain.

Someone accused this of "Fearmongering".

I come to the Fediverse to enjoy social media, since I spend 8–12 hours working for Meta (Facebook). The Fedi is a good distraction of the nonsense that I see and encounter at work.

For example, the word "protest" is now being monitoring there. We're actively helping a fascist regime track people. That same fascist regime who is threatening Canada, Greenland, and other such nonsense.

I am not Fearmongering. I am sharing events that are unfolding, along with some valued foresight. Things are changing in our world, and not for the better.