The owner of Meta wants more "masculine energy"? Well, I'm doing my best to bring my feminine energy to the Fediverse.
Hello! I'm Elena Rossini, an Italian filmmaker, photographer and FOSS advocate based in Paris, France.
Pictured here: at the Louvre museum after a portrait shoot (for a book jacket's author's pic: Monica Parker, The Power of Wonder). I'm proudly wearing around my neck my 3 cameras: a #Canon 5D Mark IV, a #Fujifilm X-T3 and a #Nikon Z fc (which has my favorite lens, a Sigma 30mm f/1.4).
I'm delighted to see Pixelfed growing into such a nice photo community.
Parsing of Links, Email adresses, simple text formatting (markdown subset), user mentions, hashtags and more in DeltaChat messages. - deltachat/message-parser
Don't get locked out of your own data in future! Use open, standardised formats – like the Open Document Format used in LibreOffice. Learn more on Document Freedom Day, March 26: blog.documentfoundation.org/bl… #foss #opensource #freesoftware
Every year, on the last Wednesday of March, advocates of free and open technologies come together to celebrate Document Freedom Day (DFD). In 2025, the Document Freedom Day will happen on March 26, and will be driven by the LibreOffice community.
Two projects we love are currently running a crowdsource campaign. The modular Open Hardware laptop MNT Reform Next is up on Crowdsupply where you can support them by buying a T-shirt or treat yourself to an OH laptop in pre-sale. [1]And the Pixelfed and Loops team is seeking backers to support the development of these federated social networks with no ads, no algorithms and no tracking.
So I had some idle thoughts about Paranoia again lately, which kind of fits into the global zeitgeist.
I mean the roleplaying game of course, although who's to say really?
The game has gone through a few editions over time, and I feel it has risen to thematic relevance again in a way I didn't think possible ten years ago. 1/?
Russia launched over 1,250 bombs, 750 drones at Ukraine during Trump's first week in office -- Ukraine strikes drone storage facility in Russia's Oryol Oblast and destroys 200 Shaheds -- Russia bombs itself with 'smart bomb,' Astra reports -- Hungary bloc
Monday, January 27
Russia’s war against Ukraine
A vehicle of the Ukrainian White Angels police evacuation team rolls down a street in Pokrovsk on Jan. 25 as Russian troops advance close to the city. (Genya Savilov / AFP via Getty Images)
Ukraine strikesdrone storage facilityin Russia's Oryol Oblast and destroys 200 Shaheds, General Staff reports. Ukrainian Air Force units and Defense Forces struck drone storage facilities in Russia's western Oryol Oblast on Jan. 26, the General Staff of the Ukrainian Armed Forces reported on Facebook on Jan. 26.
Russia launched over1,250 bombs, 750 dronesat Ukraine during Trump's first week in office. Russia fired 1,250 aerial bombs, over 750 attack drones, and 20 missiles at Ukraine in the past week, President Volodymyr Zelensky said on Jan 26.
Zelensky appoints Ground Forces Commander as head ofKhortytsia Group. President Volodymyr Zelensky appointed Major General Mykhailo Drapatyi, Commander of the Ground Forces of Ukraine, as the head of the Khortytsia Operational Strategic Group on Jan. 26.
Ukrainian troopsavoid encirclementin Velyka Novosilka, military says. Ukrainian troops successfully withdrew from some areas to avoid being encircled but fighting is ongoing around the village, which lies around 15 kilometers east of the neighboring Dnipropetrovsk Oblast.
Russia bombs itself with 'smart bomb,' Astra reports. The bomb, a UMPB-250, was found in a village in Belgorod Oblast, but there were no casualties or damage.
Explosions reported inKhmelnytskyi, Ivano-Frankivskamid drone attack, apartment building damaged in Dnipro. Several explosions were heard overnight on Jan. 27 in the western Ukrainian cities of Ivano-Frankivsk and Khmelnytskyi as Russia launched a drone attack on Ukraine.
Curated Theft | An investigation into the largest museum heist in Europe since World War II
International response
Fiber-optic cable betweenLatvia and Swedensignificantly damaged in Baltic Sea, investigation underway. An underwater fiber optic cable belonging to the Latvian State Radio and Television Broadcasting Center (LVRTC) was significantly damaged on Jan. 26, reportedly due to external impact, according to LVRTC representative Vineta Sprugaine.
Washington orders USAID tosuspend projectsand funding in Ukraine, Suspilne reports. The U.S. Agency for International Development (USAID), one of the largest official aid agencies in the world, has been told to stop projects in Ukraine following a 90-day foreign aid freeze imposed by Secretary of State Marco Rubio, Ukrainian media Suspilne reported, citing sources in the agency.
Read our exclusives
Ukraine war latest: Ukraine strikes drone storage facility in Russia's Oryol Oblast, General Staff reports
Ukrainian Air Force units and Defense Forces struck drone storage facilities in Russia's western Oryol Oblast on Jan. 26, the General Staff of the Ukrainian Armed Forces reported on Facebook on Jan. 26.
Photo: Andrew Roth/ The Washington Post via Getty Images
Potential encirclement in Velyka Novosilka prompts questions about last-ditch withdrawal strategy
Located east of Dnipropetrovsk Oblast, the vital road-junction village was once home to 5,000 people. It’s now facing a similar fate to other Donbas strongholds, where Ukraine's delayed withdrawals resulted in avoidable casualties.
Transfer of Air Force personnel to infantry continues despite scandal
The Ukrainian military command's plan to throw high-skilled Air Force personnel into the infantry was said to be halted when the practice gained nationwide attention, followed by a condemnation from the president.
How the Invictus Games help wounded veterans adapt to life after war
Nearly 400,000 Ukrainian soldiers have been injured and are unable to return to the front line. After coming back from the battlefield or captivity, they are often left to deal with their physical and mental trauma alone.
Lukashenko poised to secure 7th term in Belarus'sham' election. Belarusian dictator Alexander Lukashenko has reportedly secured 86.82% of the vote, according to preliminary results announced by the country’s Central Election Commission.
Belarus releasesAmerican citizenamid controversial election. U.S. Secretary of State Marco Rubio identified the U.S. citizen as Anastassia Nuhfer, who was detained in early December 2024.
Hungary blocks EU statement condemningBelarus electionas undemocratic, RFE/RL reports. Without unanimous support from all 27 EU countries, EU chief diplomat Kaja Kallas issued her own statement, declaring that the January 26 election in Belarus was "neither free nor fair."
This newsletter is open for sponsorship. Boost your brand's visibility by reaching thousands of engaged subscribers. Contact partnerships@kyivindependent.com for more details.
Today’s Ukraine Daily was brought to you by Oleksiy Sorokin, Dominic Culverwell, Sonya Bandouil, and Olena Goncharova.
If you’re enjoying this newsletter, consider joining ourmembership program_**. Start supporting independent journalism today.**_
I am soon going to offer a read-only public Kafka similar to stream.routeviews.org for consumption of RIS BGP Collector data with 48 hours of retention.
Vielen Dank, dass Sie für Thunderbird gespendet haben und es hier auf Mastodon teilen! Diese Art der Unterstützung wird uns hoffentlich noch viele weitere Jahre erhalten bleiben.
Coming to @fosdem this week? So are we! We’ll be in Building K, Level 1, B-7 (fosdem.org/2025/stands/) Meet the team, play with Thunderbird for Android, find out how to get involved, and of course, pick up some Thunderbird stickers! #FOSDEM #OpenSource
This led to them including a self-update system which was openly implemented and documented. F-Droid was unaware they'd shipped it for half a year, and by then WireGuard had essentially escaped from in their words being held hostage by F-Droid.
This was a rare case where an app used developer signing keys via their flawed reproducible builds system. Most don't.
Per https://f-droid.org/en/docs/Inclusion_Policy/ The software must not download additional executable binary files (e.g. addons, auto-updates, etc.) without explicit user consent....
For the vast majority of apps they package, F-Droid downloads and builds whatever developers publish, then sign it with their own keys and release it. They aren't doing any real review as people believe. What they really do is run things through basic scans looking for libraries they've disallowed, primitive antivirus checks for common Android malware as if that's what malicious code in an open source project would be, etc. It took them that long just to realize an app openly took over updates.
F-Droid has incredibly poor security practices and a strong anti-security attitude held by most of the people involved. They've consistently engaged in coverups of vulnerabilities and targeting multiple security researchers with libel and harassment.
It's a massive single point of failure and not worthy of the trust many people are placing in it. It's adding another trusted party compared to using the apps built and signed by the developers. It is not avoiding trust in the developers of apps.
Regularly not shipping critical Firefox security patches for months is the norm for the main F-Droid repository. Whether or not they sign the apps themselves as they do for the vast majority of apps, updates can be indefinitely delayed based on issues with their outdated infrastructure or their Debian-style downstream patches needing to be updated.
For the small subset signed by the app developers, many kinds of disagreements between F-Droid and developers will mean an end to receiving updates.
You are not the only ones that struggle with f-droid. (There is an ongoing struggle to fix certificate pinning by f-droid by a former maintainer, which has neither been acknowledeg nor accepted).
But the question is: what alternatives are there? As far as i can tell, f-droid is the only large scale-repository of open source apps there is.
@Kulei @newhinton We recommend using Accrescent for the apps which are available through it. It's not specific to either open source apps or privacy focused apps but rather is meant to become a Play Store alternative.
Obtainium + App Verifier for getting apps directly from developers, although we'd prefer a leaner and more security focused approach than Obtainium.
While I appreciate bringing up the security concerns the existence of alternatives to #FDroid I do not think we have those when it comes to pure FOSS apps without the usual big corporate trackers/libs. #Accrescent lists a few apps and fails to provide relevant information about them (such as requested permissions). E.g. #Qlango includes multiple tracking libraries by #Meta / #Facebook and doesn't look like it is FOSS to any degree. Even while the #FDroid repo is not carefully curated I don't run into traps like these. 🤷
There is a need for a curated and maintained FOSS app repo and currently there is nobody but @fdroidorg providing it. #Obtainium, #Accrescent are mostly option for expert users who exactly know who to trust and what they are looking for. @Kulei @newhinton
#Accrescent IMO absolutely needs - better description of app - permissions list - license info of app - download size of apk - website link if available - (minimum Android sdk)
We already have plans to expand app descriptions, provide download size information, and utilize detailed compatibility specifiers including minimum SDK specifications pending some upcoming server changes. It's not yet clear whether or how to incorporate permission lists, license info, or website links (though we do at least plan to distinguish open source apps).
Dnešní den je na #Tenerife čistě procházkový. Takže cíl je jasný #Anaga! První trek byl na výšlap na kousek od Taborno. Bohužel počasí se nám zhoršilo, takže jsme si nemohli pořádně užít vyhledy na oceán. #garmin #beatyesterday #nature #walk #taborno
So how does this work? Even if I gave someone my bank details here in the UK, they could put money in, but not take it out without setting up a direct debit, which I'd be notified about before any money went out anyway. I presume the Canadian system works a little differently cbc.ca/news/canada/british-col…
I suspect that the details she actually filled in were authentication credentials, giving the scammers access to her account at which point they could just set up a new transfer in the other direction. Having said that, I still have many questions about the design of the system and the security of Canadian bank accounts. Designing any banking-related mechanism around links being sent to people seems unwise, as does allowing logins and transfers without a secure second factor.
@jscholes Can't speak for Canada, but the way those work here is that there is a second factor, but people still fall for it.
You enter your credentials on the fake website, the fake website immediately forwards them to your bank and orders a transfer, just with a different amount and recipient. You'll see the new, suspicious data in your app / text message, but most people don't check and just click "approve."
They most likely have a website that lets you pay somebody by online bank transfer. The way these work is that you pick your bank, are redirected to their site, log in there and have the details filled in automatically. This is a lot easier (and often a lot quicker) than the traditional way.
The way this scam works is that you get a website that looks just like the real one, but it never redirects you to your bank, capturing your login credentials instead.
Meta recently rolled out a Live AI feature for its Ray-Ban Meta smart glasses. Unfortunately, it’s hard to know when you should use it — and why you’d want to.
Absolutely zero surprise here. One of the biggest reasons we need real OSS (including data, as much as possible) to win in AI is because the alternatives are extremely grim from not just a speech perspective, but from a simple “whose facts” perspective. mastodon.xyz/@johl/11390104008…
It’s flawed as hell, but I do think there’s correlation between inculcation in the traditional skills around small-d democratic, Western, classical liberal civic values, and participation in FOSS. A software industry that centers those values [definitely not our current industry, nor China’s] is good for all of humanity, in the long run.
Anyone here witnessed/seen hour+ unskippable ads on #YouTube? Yes, you read that right. Supposedly, Google is only showing this to some users it suspects of using an adblocker.
We all know how #Google has become increasingly hostile towards adblocking technologies in the last couple years… but if this is true - and not some sort of bug - geez… doesn’t help they neither confirm or deny it in the news sources I’ve seen.
Ahora que los AI-bros de Silicon Valley están panicando con la salida de #Deepseek y sus capacidades a la par de las de #OpenAI aunque a una fracción del precio, además de ser en buena parte open source, una crítica habitual al modelo es que es chino y, entre otras cosas, te censura cualquier mención a los sucesos de la Plaza de Tiananmén en 1989.
Pues vamos a ponernos empíricos y hacerle la pregunta en local para ver qué hay de verdad. Nos bajamos la versión 14b del modelo y le pedimos un resumen de esos hechos.
Oh, sorpresa. Habla de represión, de censura y de una auténtica masacre.
El modelo no será perfecto y tendrá sus sesgos como todos. Pero criticarlo por ser chino no se sostiene.
After 4 years at AWS, I've left the Rust Platform team.
It's been a privilege working with so many great coworkers, doing everything they can to improve Rust in every way possible. I can't wait to see the results of their projects.
I am proud of my work to improve Rust's developer experience, and I plan to continue doing that.
@Adorable_Sergal Hi there. Tuta's servers remain secured and protected in our data centers. They will remain protected regardless of political changes. At Tuta giving our users the best privacy and security is our goal, and when such forces try to change this, for example Chat Control we actively fight to stop it.
I had not realized just how bad the news of the DeepSeek chatbot had been for Nvidia's stock price. I suppose that placing all your bets on a bullshit technology that nobody wants has its downsides.
FYI Nvidia's stock is still falling. Down 15% now. Considering they're the only company that actually made money from the AI bubble this is very bad news for the entire sector. And good news for humanity.
That being said let's hope that Nvidia is not the Lehman Brothers of 2025 because the last thing we need at this point is another 2008-style financial meltdown.
Hey friends! It’s nearly time for #FOSDEM, the annual free and open source event in Brussels. This weekend, the Mastodon team will be based in building H.
We’ll be raising funds for the project with some of our merch - beautiful limited edition winter mugs, pins, and t-shirts. We’ll also have fun stickers to share for free, so you can show your support for Mastodon everywhere!
(just so you know: we’re a bit short on larger t-shirt sizes, so come early if you want to buy one of those)
Just finished listening to the flourish systems change podcast episode with Dan Hill. Much of the discussion was on #DarkMatter in urban design. Happy that he mentioned the work of @darkmatterlabs.org.
Scariest cable I have that I actually use. It's a USB-C to Thinkpad "adapter" that I bought to power a thinkpad that shipped with a giant 135W brick-of-a-power-supply. This cable does work, but has the tendency to "overload" many USB chargers, causing them to reset. Fun times, but good for traveling so I don't have to lug the brick around with me as well.
@bagder some thinkpad require 135w or even 200w power bricks. I’m not sure about the 135, but the 200w I have predates (2021 model) the usb-c of standard that would allow that amount of power.
With my new PR, you can write "curl --url @file" and curl will download all the URLs in the provided file as if -O was used for each one of them. It can also get the list from stdin if you do "--url @-" in style with how other curl options work.
Tried out the new and popular “Deepseek” LLM with my standard “tell me facts about the author of PCalc” query. At least half were misleading or straight up hallucinations. LLMs are not a suitable technology for looking up facts, and anybody who tells you otherwise is… probably trying to sell you a LLM.
alright I forgot to comment on this, because it was around 2weeks ago, but i'm gonna go ahead and now comment on it. it was thanks to a certain post that I remembered to talk about it. so i'm gonna be doing a interview with humanware in some point in the future. and my tvi (teacher of the visually impaired for more context) basically said, hey don't talk about security. are you kidding me dood? don't talk about security? right, let's ignore the fact that the braille note is like 8fucking versions out of fucking date!!!!! let's also ignoe the fucking fact that this thing could be easy to hack if it gets into the wrong fucking hands. o, right, and let's also ignore the fact that there is literally a critical fucking vulnerability within android8 that the august update fails to fucking patch!!!!!!! forbes.com/sites/daveywinder/2… what's the excuse for not talking to humanware about security. "o it's fine, you've locked down your braille note enough". I get it, i'm basically a security guy, I have Google advanced protection, I have a duress password, I have an antivirus sitting on the braille note, I have keysofts software set to i'm fucking paranoid mode. but really? simpl don't talk about security? you're joking! if you really needed extra features humnware, just make your own OS based on Android, what is it, 16? you're just trying to be cheap so you can get your money from states and organizations around the world...
Google has confirmed a critical security threat for millions of Android 8, 9 and 10 users that could permanently kibosh your smartphone with a single malicious message
@fireborn Yeah you really need to go into the interview knowing what type of questions they will ask you. I suspect its not due to any technical knowledge you may have on security.
As some people already mentioned here or here, Copilot purposely stops working on code that contains hardcoded banned words from Github, such as gender or sex. I am labelling this as a bug because ...
Interestingly, one person captured by big tech found that Microsoft was perfectly in their rights to POST to you "since we could have no proof a user wasn't behind initiating that POST". Another reader wanted Microsoft to be prosecuted for hacking. Others chimed in how this explained their subscribe/unsubscribe links being weird lately: berthub.eu/articles/posts/shif…
tl;dr: Microsoft and other email security scanners will visit the links in email you transmit, and run the JavaScript in those links, including calls that lead to POSTs going out. This used to be unacceptable, since POSTs have side effects.
As the #BambuLab users are slowly waking up to what blog.bambulab.com/firmware-upd… means, it's a good time to remind everyone that the writing has been on the wall from day one.
It's not a "told you so", mind. It's a "this will continue and get worse". #Bambu will continue to tighten the ratchet.
#Prusa is far from perfect, but they deliver reliable #3dprinting based on open source software at an acceptable cost.
And if you missed it: they allow you to maintain warranty with custom firmware again.
As expected, #BambuLab released the standard corporate press release
1. All those things we just invented as the criticism we didn't do 2. Sure, you can use "developer mode" and lose our support 3. We tried to work with others, and it's their fault they didn't do it fast enough and by our rules 4. Everyone else is at fault for this misunderstanding though we might have contributed in the slightest of ways 5. "I am sorry that you are upset"
Someone on #Reddit complained about #BambuLab changing their warranty after they bought something and refusing service based on the new "terms". They used @internetarchive to prove that the change was made.
Das ist ein neuer alternativer Android-App-Store, der von sich behauptet, auf Privacy und Security fokussiert zu sein. Er wird auch über den @GrapheneOS Appstore angeboten.
Bei genauerem Hinsehen finden sich allerdings Apps, die Werbe- und Analysetracking enthalten, wie ich nach kurzer Prüfung feststellte.
hey, on the topic of the curl mailing list: is it available via a public-inbox archive somewhere? I had a quick peek but didn't immediately see a link anywhere.
edit: just to be clear, this is only an inquiry, not a feature request
Newswire: Tek Talk meets 1/27/25 at 8pm Eastern and welcomes Jeff Bishop to discuss new Outlook and its replacement of Windows Mail groups.io/g/tech-vi/message/85…
with the #nom parser combinator library.
✍️ #MorpurgoMedia.nl
in reply to LibreOffice • • •gaber
in reply to LibreOffice • • •