I made a list of all known #deltachat client projects:

support.delta.chat/t/list-of-a…

List of all know Client Projects

Official These are the officially endorsed clients. These clients are the most “complete” in terms of functionality. Except for deltatouch all of them are maintained and published by merlinux.

^Delta.Chat

Mini Blue Team Diaries Story:

Was responsible for SecOps at a SaaS platform that managed lots of things for companies, including travel bookings.

We had a bunch of customers in the higher education space who used SSO to login to our app. Unfortunately, MFA within the SSO configuration was not common back then, so a compromised university account would lead to much access, including to our platform.

Suddenly, a thing we saw a lot of, was higher-ed customers reporting that they were being charged for trips that just didn't make sense. These were bookings for same day travel, usually between two African cities.

After some digging around and investigation, we figured out that a threat actor would phish or purchase the users university credentials, then, using the SSO into our environment, they'd make bookings using the travel booking feature - those bookings were made on behalf of the threat actors customers, who actually thought they were dealing with a legit, well-connected travel agent.

We were able to advise our customers on how to stop this type of thing happening, with approval rules for bookings, and ya know, MFA, and also managed to build in some detective controls so our team could detect and shut down such bookings as soon as they came in.

What made this particularly interesting though, through some OSINT, we were able to determine the true identity of the actor responsible - and we connected with them on Facebook, mainly because we wanted to ask them about their methods now that we'd all but shut down their scheme.

We chatted for a bit, and got some useful intel. At the end, the actor congratulated the team on our new controls, and said they'd moved on to using another service they'd found to make his bookings.

For more, slightly less mini, Blue Team Diaries stories like this, check out infosecdiaries.com

#infosec #DFIR #BlueTeam #infosecreads #cybersecurity

Infosec Diaries

Learn Pen Testing, Blue Teaming and Digital Forensics

^{Infosec Diaries}

Many software engineers see security as something to handle "later on, but good design can eliminate entire categories of problems. Threat modeling is a collection of techniques to help you do this before you've written a line of new code.

dev.to/owasp/threat-modeling-f…

Very happy and proud of this collaboration between @codethink @gnome and @sovtechfund

codethink.co.uk/articles/2024/…

Our goal is to make GNOME OS a daily driver for QA and finalize the migration, but this work will be fundamental to the future of all secure image based / immutable Linux distributions.

#Linux #GNOME #systemd

GNOME OS + systemd-sysupdate

Did you know there’s a simple way to try the most cutting-edge GNOME software?

^{www.codethink.co.uk}

you give what you give

#technomage #unix_surrealism #comic

Sensitive content Reveal/hide

Do you know why I love Balkan #music? Not only because it's beautiful, but because you have this.
In the verse it's one bar of 9/8, then one bar of 13/8 (or, if you are nitpicky enough, it's 9, then 4, then 9 again; or, even more nitpicky way, it's 4, 5, 4, 4, 5).
This particular song has no refrain, so between the verses you have an instrumental… thing, let's call it a bridge. In the bridge you have one bar of 6/8, then one bar of 7/8, then one bar of 5/8.
And all of that doesn't sound like a mess, it's still beautiful and harmonious.
youtube.com/watch?v=33FoVdKpVx…

Od kako sam ja devojce - Kulin ban

Maja Ivanović - glas,Dalibor Mladenović - kaval,Nebojša Jaćimović - klavijature, harmonika,Stefče Stojkovski - tambura,Vladimir Savić - saz,Trajče Ristov - t...

^YouTube

Aus gegebenem Anlass:

#AfDverbieten

Jedes Wort! Wenn doch nur alle beim ÖRR so stabile Ansagen machen würden, wie Martin Schmidt vom SWR in den heutigen #Tagesthemen:

#AfDVerbotsverfahren #Münster #AfDrausausdenParlamenten

When Big Tech says something is #free, it means that you're the product. 🤢

The internet should be a place of #freedom not a platform for data collection. 💃

Start taking your #privacy back by supporting open source alternatives to Big Tech! 💪

👉 tuta.com/blog/google-facebook-…

When it comes to AI art (or "art"), it's hard to find a nuanced position that respects creative workers' labor rights, free expression, copyright law's vital exceptions and limitations, and aesthetics.

--

If you'd like an essay-formatted version of this thread to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

pluralistic.net/2024/05/13/spo…

1/

Noch nicht mitbekommen: #ASUS reduziert Qualitätskomponenten und Qualitätssicherung und setzt auf verbraucherfeindliche Praktiken, die Gaming-Community wendet sich ab.

youtu.be/11pK-Tx3LrU #ROG

Was passiert gerade mit Asus?

Mein Schreibtisch von FlexiSpot - https://bit.ly/3UFdlAu FlexiSpot Brand Day Sale bis zu 50% Rabatt - https://bit.ly/3y9dza0 Die Gaming Community hat sich da...

^YouTube

«IT-Sicherheitsexperte Manuel Atug @HonkHase sieht die Sicherheitsbehörden und die Politik so in dem "ewigen Konflikt" gefangen, immer mehr Befugnisse zum Jagen von Tätern zu fordern, statt Deutschland und IT-Systeme wirklich defensiv abzusichern und Schwachstellen konsequent schließen zu lassen.»
— Lieber dem Problem hinterherlaufen als es zu lösen. Irgendwie typisch Deutschland.

Bundeslagebild #Cybercrime: Die Lunte brennt – angezündet wird oft ganz woanders | Security heise.de/news/Bundeslagebild-C…

Bundeslagebild Cybercrime: Die Lunte brennt – angezündet wird oft ganz woanders

Phishing, Ransomware und DDoS bleiben die größten Geißeln von Cyberkriminellen, sagt das BKA. Das BSI vergleicht das mit vielen Lagerhäusern voll mit Dynamit.

^{Stefan Krempl (heise online)}

Oh look, it's people discovering why we were yelling about DRM all those years ago and got ignored and now corporations just delete all the movies and TV you 'bought'.

theguardian.com/media/article/…

‘My whole library is wiped out’: what it means to own movies and TV in the age of streaming services

Ownership rights are buried in the fine print and downloading or buying physical copies may be the only ways to keep your favourites

^{Josh Taylor (The Guardian)}

Übrigens...

das ist das Ergebnis einiger Monate Vorarbeit in der #Kirchengemeinde des @kirchspiel_probstzella@kirche.social zu #950Unterloquitz mit ganz, gaanz wenigen Gemeindegliedern, dafür aber mit mehr Engagierten von außerhalb als gedacht...und noch größerer Resonanz über unser Dorf hinaus als erwartet.

fediwall.social/?servers=kirch…
Eine sehr schöne Woche!

Bin allerdings zwiegespalten: Denn die Timeline täuscht darüber hinweg, dass das normale Gemeindeleben möglicherweise vor dem Kollaps steht... aber wer weiß?

"Meine Gedanken sind nicht eure Gedanken / und eure Wege sind nicht meine Wege"

#digitaleKirche#FediKirche

I'm very excited to share that the State of HTML 2023 survey results are now live!

2023.stateofhtml.com/

State of HTML 2023

The 2023 edition of the annual survey about the latest trends in the HTML ecosystem.

^{2023.stateofhtml.com}

Der Messenger #Telegram ist für eine sichere Kommunikation nicht geeignet - standardmäßig sind die Nachrichten nicht einmal Ende-zu-Ende verschlüsselt. Besser geeignet sind #Signal oder #Threema. Übrigens: Elon Musk ist das Paradebeispiel eines Trolls. Einfach ignorieren. 😉

Wer eine Entscheidungshilfe für einen Messenger sucht: messenger-matrix.de/messenger-…

#sicherheit #security #schwachstelle #e2ee #vulnerabilty #musk #durow

This cool website converts LaTeX into Unicode so you can paste it anywhere. It's very fast too!

unicodeit.net/

- Sprit günstiger als vergangenes Jahr
- Gas günstiger,
- Strom günstiger,
- die Inflation wesentlich geringer,
- Rekordzahl der Menschen in Arbeit,
- der Dax bricht einen Rekord nach dem anderen,
- Kohleverstromung so gering wie zuletzt 1959
- EE bricht ebenfalls Rekorde.
- Keine Blackouts & kein heißer Herbst, wie uns Union & Extremisten weismachen wollten.

Kann man ja auch mal erwähnen. Die 🚦 macht einen guten Job. Mit Optimierungspotenzial.

von Michael Brückner
#positivevibes

One of the downsides of easily managed color mixing using SASS in gtk was that none of it was accessible to app developers. Only a few @colors were avail. Few apps that needed to do some color customizations actually shipped the whole of adwaita SASS theme and regenerated their bits.

Such awful hacks are no longer necessary. I'm glad to see @alice ' amazing work on custom CSS properties landing. Thank you for the continuous care from the perspective of app developers!

gnome.pages.gitlab.gnome.org/l…

Sh*tf*ck 😳🔥😔

#ChatGPT consumes 25 times more #energy than #Google

"Energy consumption by Artificial Intelligence (#AI) is rising rapidly: AI is predicted to consume twice as much energy as the whole of France by 2030, according to some calculations."
brusselstimes.com/world-all-ne…

ChatGPT consumes 25 times more energy than Google

"The negative impact of AI needs to be mitigated. Business leaders should be aware of the growing environmental impact of AI and take action."

^{www.brusselstimes.com}

Please consider donating a few minutes of your time and answer the #curl user survey 2024:

daniel.haxx.se/blog/2024/05/14…

With everything going on in the world, I take joy from the small things. Today, that happens to be controlling GNOME podcasts on pmOS with my PineTime. Amazing work devs!

Seriously though, is there such a thing as a Linux developer appreciation day?

#pmOS #gnomepodcasts #pinetime

Sensitive content Reveal/hide

NVDA 2024.2 beta 1 is now available for testing from: nvaccess.org/post/nvda-2024-2b…

For anyone who is interested in trying out what NVDA has to offer before release, we welcome your feedback.

Highlights
- Sound Split
- New Synth Settings ring & quick navigation commands
- New braille features & fixes, including "Display speech output".
- Updated eSpeak, adding new language Tigrinya.

There are many minor bug fixes for applications

#NVDA #NVDAsr #ScreenReader #Beta #News #Accessibility #A11y #FOSS