Are you busy on the #FOSDEM Sunday afternoon? The closing talk is mine. 17:00 - 17:50

Open Source Security in spite of AI

How Museums Quietly Shape What We See and Believe

Museum walls shape viewers’ perception through the art of display, building context and prioritizing certain artworks over others.

thecollector.com/art-display-m…

#museums #art

Elon Musk and X are once again proving why institutions should never rely on corporate-owned, centrally-controlled social media platforms to reach their people.

bbc.com/news/articles/c0589g0d…

Elon Musk's X bans European Commission from making ads after €120m fine

The EU regulator had fined the social media platform over its "deceptive" blue tick badges.

^{Laura Cress (BBC News)}

⭐ ⭐ ⭐ ⭐ ⭐

The #curl repo on GitHub surpassed 40K stars: github.com/curl/curl

⭐ ⭐ ⭐ ⭐ ⭐

GitHub - curl/curl: A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, T

A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP...

^GitHub

I would like to propose SOSS: Sponsored Open Source Software.

If your company uses OSS, you sponsor the project $100/year.

Not per seat, or per team, just $100/year, all in.

- 30 developers using Ghostty? $100
- 300,000 engineers using tmux? $100, total

You audit the OSS you use (OSS tools for this would quickly emerge, $100, thank you). You set up a bunch of annual $100 sponsorships. Everyone wins.

This guarantees the longevity of that tiny piece of code propping up your bank.

#SOSS

It's so depressing how orgs like #Mozilla squander volunteer goodwill for nothing. They'll never recover from this self-inflicted damage:

«Mozilla’s translation bot on Support Mozilla (that is currently overwriting user contributions is based on the closed source, copyright infringing LLM, Google Gemini. This is in spite of Mozilla claiming that they are at the forefront of open source AI, and belies their exhortations to choose to build open source AI and data sets»

quippd.com/writing/2025/12/08/…

Mozilla’s Betrayal of Open Source: Google’s Gemini AI is Overwriting Volunteer Work on Support Mozilla

TL;DR: Mozilla’s translation bot on Support Mozilla (that is currently overwriting user contributions is based on the closed source, copyright infringing LLM, Google Gemini.

^{Youssuff Quips}

RE: mathstodon.xyz/@antoinechamber…

Is the age of arXiv over? They've been making hostile-to-scientists changes for a while now, let me list a few:

+ (Here) Enforcing English submissions, when science is international and many cultures have traditions of serious work in their own language. By allowing auto-translation, they are advocating for *slop* over carefully written non-English work.

+ Moving to an enshittified cloud architecture and ending arXiv mirroring (something that many institutions were happy to contribute to).

+ Subjecting scientific papers to a buggy and mostly non-working LaTeX->HTML conversion process that leads readers to click the HTML version, which is in nearly all cases of mathematical papers totally broken and full of errors. (It seems that they are now doing a better job of skipping this for papers where there is no hope, to be fair.) Let me be clear: translating LaTeX to HTML will always be a non-starter, even if you have a billion-LOC Perl program that claims to do it. You cannot translate a programming language to a markup language, period.

+ Subjecting established academics (e.g. associate professors) to outrageous submission-holds, requiring us to get endorsed by our own students, etc...

The only thing missing is “arXiv AI” — which I am sure is coming soon, as it seems the “AI Transformation” comes for all public goods...

Combine this with the shaky funding situation in the US, I am thinking it would be good to imagine a future without arXiv. And I am not talking about an arXiv replacement...

Because age verification is really just there to:

- suppress queer information
- restrict abortion access
- gatekeep sexual education
- slurp up more personal data for marketing

"But think of the children!"

Maybe we should think about the corporations that prey on their attention-spans and self-esteem instead.

Sign stuff here:
stoponlineidchecks.org

Info on how to help here:
docs.fightforthefuture.org/s/6…

#CallToAction #Activism #InternetSafety

ONLINE ID CHECKS WILL RUIN THE INTERNET

^{Fight for the Future}

Today in Email Hegemony.

Here are the 2025 top ten domains from orders placed on the @dnalounge store. Remember this the next time someone uses email as an example of a federation success story.

73.0% gmail.com
8.5% yahoo.com
7.1% icloud.com
2.6% hotmail.com
0.7% outlook.com
0.6% aol.com
0.5% comcast.net
0.5% me.com
0.4% sbcglobal.net
0.3% live.com
5.8% everything else

jwz.org/b/yk0O

»Jürgen Resch, Bundesgeschäftsführer der DUH, verlangt mehr konsequente Kontrollen, Bußgelder und sofortiges Abschleppen der Falschparker: „Solange die Städte ihrer Aufgabe nicht nachkommen, rufen wir alle Bürgerinnen und Bürger auf, Verstöße zu dokumentieren und zur Anzeige zu bringen.“«

Quelle: rnd.de/wirtschaft/illegales-ge…

Illegales Gehweg-Parken bleibt Problem: VCD fordert Kommunen zum Handeln auf

Der Verkehrsclub VCD hat deutschlandweit dazu aufgerufen, zugeparkte Gehwege zu melden. Das Ergebnis zeigt: Vier von fünf Autos parken dort illegal.

^{Andrea Barthélémy (RedaktionsNetzwerk Deutschland)}

Addressing Linux’s Missing PKI Infrastructure

"we’re starting the development of upki: a universal PKI tool. This project initially aims to close the revocation gap through the combination of a new system utility and eventual library support for common TLS/SSL libraries such as OpenSSL, GnuTLS and rustls"

discourse.ubuntu.com/t/address…

Addressing Linux's Missing PKI Infrastructure

Earlier this year, LWN featured an excellent article titled “Linux’s missing CRL infrastructure”. The article highlighted a number of key issues surrounding traditional Public Key Infrastructure (PKI), but critically noted how even the available meas…

^{Ubuntu Community Hub}

Thanks to the work of Rodrigo Smarzaro and his students, MapComplete is now fully translated into Brazilian Portugese!

Thank you very much for the effort!

Today's Web Design Update: groups.google.com/a/d.umn.edu/…

Featuring @michaelharshbarger, @aardrian, @SteveFaulkner, @deconspray, @mgifford , @sarajw, @matuzo, @j9t, @mehm8128, @Jayhoffmann, @Meyerweb, @bkardell, @adactio, @slightlyoff, and more.

Subscribe info: d.umn.edu/itss/training/online…

#Accessibility #A11y #WebDesign

Dec 7 had the earliest sunset of the year, even though the shortest day is on Dec 21.

This is because solar noon does not occur at clock time 12:00 p.m. Because of orbital eccentricity and axis inclination, it occurs earlier or later according to the Equation of Time.

E.g., for Philadelphia –
Dec 7: Sunrise 7:09 – Sunset 4:35 (9:26h), Solar noon 11:52
Dec 21: 7:18 – 4:38 (9:20h), 6m shorter, Solar noon 11:58, shifted by 6m
Sunset Dec 21 = 4:38 = 4:35 – 0:03 + 0:06
🌅
en.wikipedia.org/wiki/Equation…

Remember the AIxCC competition? After lots of research and triaging, the conclusion has landed: not a single *real* problem was found in #curl.

My previous write-up on the rather lame injected problems they found:

daniel.haxx.se/blog/2025/10/22…

AIxCC curl details

At the AIxCC competition at DEF CON 33 earlier this year, teams competed against each other to find vulnerabilities in provided Open Source projects by using (their own) AI powered tools.

^{daniel.haxx.se}

Will you be there? #bruxconference2026 #fosdem #fosdem26

Brux Conference 2026 - Rebuilding Europe's Sovereignty

bruxconference2026.com/?

Je o mně známo, že bytostně nesnáším lháře, křiváky, komunisty, StBáky a vůbec jakékoliv šmejdy.
A dnes se podruhé v mém dosavadním životě stává premiérem tohoto státu jedna z nejodpornějších postav podnikání a politiky. Spolu s dalšími přisluhovači a mafiány povede také jednu z nejhorších polistopadových vlád.
Když jsem se koncem roku 1989 na chvíli jako mladý "revolucionář" zapojil do demokratizačního procesu v naší okresní vesnici, neměl jsem tenkrát samozřejmě tušení, že za plus třicet let se do různých pozic politiky opět dostanou lidé bez morálky.

Inu, skutečná demokracie jest křehká květina. Pečovat o ni se musí v pravdě a lásce. Doufejme tedy, že těch pár let strádání přežije a v mezičase vyrostou nové mladé výhonky, které do politiky vrátí slušnost, poctivost a řád.

Deutsche Bahn zwingt mich, mein Login-Passwort zu ändern: Es hat 24 Zeichen, ist zufällig, beinhaltet Groß-/Kleinbuchstaben und Zahlen und hat eine Entropie über 110 Bit. Aber weil kein Sonderzeichen drin ist, gilt es als unsicher. Sicherheitsrichtlinien von 2005 lassen grüßen. 🙄

/kuk

#bahn #db #security #sicherheit #passwort #fail