#curl 8.18.0 has been released. This release fixes 2 medium and 4 low level vulnerabilities:
- CVE-2025-13034: No QUIC certificate pinning with GnuTLS curl.se/docs/CVE-2025-13034.ht…
- CVE-2025-14017: broken TLS options for threaded LDAPS curl.se/docs/CVE-2025-14017.ht…
- CVE-2025-14524: bearer token leak on cross-protocol redirect curl.se/docs/CVE-2025-14524.ht…
- CVE-2025-14819: OpenSSL partial chain store policy bypass curl.se/docs/CVE-2025-14819.ht…
- CVE-2025-15079: libssh global knownhost override curl.se/docs/CVE-2025-15079.ht…
- CVE-2025-15224: libssh key passphrase bypass without agent set curl.se/docs/CVE-2025-15224.ht…

I discovered the last 2 vulnerabilities.

Download curl 8.18.0 from curl.se/download.html

#vulnerabilityresearch #vulnerability #cybersecurity #infosec

@Tutanota

I was quite surprised that I had to explain what I intend to use my mail address for. Hopefully, you can approve it soon.

Čtvrtá medaile v řadě pro Českou republiku na MSJ. 🔥 Hoši, děkujeme! 👏

#ceskyhokej #narodnitym 🔗↗️
x.com/czehockey/status/2008803…

Nos dice @santoral que hoy está de santo una forma de consumir drogas.

Santoral: Santo principal del día 7 de enero:
- San Raimundo de Peñafort

Otros santos:
- San Alderico
- Beato Ambrosio Fernández
- San Canuto Lavard
- San Ciro
- San Crispino Obispo
- San José Tuân
- San Luciano Mártir
- Beata María Teresa Haze
- Beato Mateo Guimerá
- San Polieuto
- San Tilón
- San Valentín obispo de Retia
- San Valentiniano

#dobréRáno přátelé #fediverse ☀️
Včera první jízda na Zwiftu přes Apple TV. Ať si o Applu myslí kdo chce co chce, ale propojení zařízení mají fakt zvládnuté skvěle.

První zapnutí Apple TV?
Chceš nastavit pomocí iPhonu — prostě ho přiložíš a nic dalšího neřešíš.

Pak už jen nainstalovat Zwift, přihlášení řešené přes iPhone, hesla pohodlně z Bitwardenu, žádné ťukání na dálkovém ovladači.

Apple TV jsem chtěl hlavně kvůli aplikaci Zwift pro chytrý trenažér.
Na Android TV Zwift není. Zrcadlení z Androidu do TV sice jde, ale obraz se seká nebo úplně zamrzne.
Zkoušel jsem i USB-C → HDMI kabel, jenže ten telefon vysaje hned baterku.Fairphone to ještě jakž takž zvládne — dvě hodiny dá.S Pixelem bych byl rád za hodinu.
Výsledek?
Za pět minut od zapnutí jsem seděl na kole. 🚴‍♂️
#zwift

#curl 8.18.0 has been released

daniel.haxx.se/blog/2026/01/07…

curl 8.18.0

Download curl from curl.se! Release presentation On January 7 2026, at 10:00 CET (09:00 UTC), there is a live-streamed release presentation of curl 8.18.0 done on twitch. The YouTube recording will be made available afterwards.

^{daniel.haxx.se}

Periodic reminder to boost the posts you like to keep the Fediverse alive.

WE are the algorithm here

#Mastodon

This is in relation to that warning I received this morning. To make a long story short, it seems that some people have been offended by some of my posts, and rather than just blocking me or unfollowing me and moving on, they reported me. At no time did I personally insult anyone, promote violence or illegal activities, threaten anyone, etc. I respect the administrators for letting me know about this, and said that I wouldn't post such things in the future. They have every right to do what they did, or even to ban me, since it is their instance and I agreed to follow their rules. I must make that very clear.

However, I am seeking a less restrictive environment. I honestly didn't think I needed one, since most of my posts are about animals, science, technology, etc. But if I can't share an opinion, even a strongly-worded one, without receiving a warning just because some people were offended, this is probably not a great match for me. It's worth noting that I constantly see posts (from other instances) full of obscenities, negative opinions about politicians, the rich, corporations and their heads, users of various operating systems, etc.

Anyway, I would prefer to stay on Mastodon because it's fully accessible, and I would like an instance with a large number of characters (this one is 16,000). If it helps, I am not a gamer, programmer, activist, don't follow politics, etc. I certainly don't want to join a place full of hate, but I do want to join one where I am free to be myself. For now, enjoy the completely wholesome posts with no more personal opinions about anything except opera, though I'll probably limit those too, in case I don't like a given singer.

Buenos días desde la Administración Pública.

Vuelta a la jornada. Primer día laboral del año. A ver como sale.

> leave Twitter to get away from the unaccountable content moderation team

> Mastodon wants you to not see posts without content moderators checking first

We did it everyone we finally achieved feature parity with the best microblogging platform, and this time people volunteer to make it worse instead!
RT: mastodon.social/users/staff/st…

Monal 6.4.17 (Build 1072, PR #1541) released.

- Removed christmas special again
- Added Estonian and Telugu translations
- Fixed random black video feed on video calls
- Make it harder for spammers to mention everybody: ignore mentions if more than 5 participants are mentioned per message
- Properly display Visitor role in Channels
- Add "Request Voice" button to contact details of moderated Channels

#Monal #ios #macos #xmpp #im #chat #messaging

After my assembly #39c3 talk on the topic, here’s a more in-depth analysis on the #security of data and metadata in #XMPP : blog.mathieui.net/xmpp-and-met…

I’m sure I missed a lot of things, but since the only reference on the topic is the - now defunct - infosec handbook website with the "admin in the middle" article, I guess that could be useful to somebody.

If anyone's looking for a fun illustration project or an opportunity to get into the GNOME artwork style: Crosswords needs some illustrations for the "How to Play" instructions :)

gitlab.gnome.org/jrb/crossword…

Example from Sudoku:

#gnome #icons #illustrations

"The chances of finding out what really is going on are so absurdly remote that the only thing to do is to say hang the sense of it and keep yourself occupied ... Look at me: I design coastlines. I got an award for Norway."

#HitchhikersGuide #DouglasAdams #quotes #quote #bot

On the topic of bad takes against Flatpak, my personal favorite is "Flatpak is bad because it works badly with my NVIDIA GPU's drivers"

Consider the following: NVIDIA GPU's (proprietary) drivers work badly on Linux

Under no circumstances should volunteers in the FOSS community ever be placed in a position that forces them to bend over large corporations, even if it hurts the user experience. Besides, the ones who are actually hurting users is the corporations by making it hard for everyone.

This is also true with Fedora's hostility towards proprietary drivers. This kind of hostility should be encouraged. As a community, we should collectively shame entities that push proprietary garbage as a dependency on Linux, so long it doesn't harm security.
vt.social/users/trafotin/statu…

Trafotin

2025-12-31 17:26:11

"I will never use Flatpaks because I have to type `flatpak run com.example.Application`. It's insane Flatpak developers don't change it!"

Except you can add `/var/lib/flatpak/exports/bin` to your $PATH. This way, you can type `com.example.Application` in your terminal, dmenu, everywhere. Also if you aren't using completions and insist on doing everything in the terminal, you have bigger problems.

Shout out to the Evil Skeleton (@TheEvilSkeleton) , who blogged about this 3 years ago. tesk.page/2022/09/28/what-not-…

What Not to Recommend to Flatpak Users

Whenever I browse through the web, I find many “tips and tricks” from various blog writers, YouTubers and others who recommend users to take steps that either they aren’t supposed to, or have better alternatives.

^{TheEvilSkeleton}

I was just trying to type the word "bridges". What came out was "gesrib". How did I get it so wrong with all the right letters?

Perhaps it's boat time... uh... bed time, that is.