akkoma - Link to source

Quote of the day (from the Fedora devel list):

We have no mechanism to flag when J. Random Packager adds "Supplements: glibc" to their random leaf node package. As a reminder, *we are a project that allows 1,601 minimally-vetted people to deliver arbitrary code executed as root on hundreds of thousands of systems*, and this mechanism allows any one of those people to cause the package they have complete control over to be automatically pulled in as a dependency on virtually every single one of those systems.


Adam Williamson

Re: Three steps we could take to make supply chain attacks a bit harder [LWN.net]

lwn.net
This entry was edited (1 year ago)

mastodon - Link to source
Lots happening in the #LibreOffice project! In March, we had updates to the software, new user guides, Document Freedom Day, reports from meetups and more: blog.documentfoundation.org/bl… #foss #opensource
Young lady at Nepalese LibreOffice event, using Impress

LibreOffice project and community recap: March 2024 - The Document Foundation Blog

Here’s our summary of updates, events and activities in the LibreOffice project in the last four weeks – click the links to learn more… We started March by announcing the new Board of Directors at The Document Foundation, the non-profit entity behind…
Mike Saunders (The Document Foundation)
#foss #opensource #libreoffice

LibreOffice reshared this.

mastodon - Link to source

❗Prosím znovu o podpis a sdílení této petice. Nejen těmi co kočky mají, ale i těmi, co jim osud koček a celková problematika není lhostejná⬇️🙏 děkuji.

petice.com/za_zmenu_zakonu_pro…


Za změnu „ZÁKONŮ PRO KOČKU“

PETICE Za změnu „ZÁKONŮ PRO KOČKU“ ze dne 31. 10. 2023 dle čl. 18 Listiny základních práv a svobod a zákona č. 85/1990 Sb.
Petice.com

mastodon - Link to source

Well, I finally have data to back my model of the software world out there. And the data is relatively solid and shows what I keep saying.

You are all on our turf now. Please accept that you have no idea what you are talking about. Sit down. Listen. Ask questions.

But respect our work. We are trying to keep the world running, 1h per month.

softwaremaxims.com/blog/open-s…

You Are All On The Hobbyists Maintainers’ Turf Now

For quite some time, I have felt some unease at the public discourse around OpenSource. In the past few years, we have seen a growing discourse around the sustainability and security of the large body of OpenSource software.
Thomas Depierre

mastodon - Link to source
"You are not buying from a supplier, you are a raccoon digging through dumpsters for free code." is a fire quote softwaremaxims.com/blog/not-a-…

I am not a supplier

For the past few years, we have seen a lot of discussions around the concept of the Software Supply Chain. These discussions started around the time of LeftPad and escalated with multiple incidents in the past few years.
Thomas Depierre

mastodon - Link to source

Here's a fun AI story: a security researcher noticed that large companies' AI-authored source-code repeatedly referenced a nonexistent library (an AI "hallucination"), so he created a (defanged) malicious library with that name and uploaded it, and thousands of developers automatically downloaded and incorporated it as they compiled the code:

theregister.com/2024/03/28/ai_…

1/

Children playing on a climber. The colors of the climber and the foliage behind them has been oversaturated and shifted, making it surreal. The kids' heads have been replaced with the red eye of HAL 9000 from Kubrick's '2001: A Space Odyssey.' Standing in the foreground at rigid attention is a man in short-sleeved military garb, wearing aviator shades. Image: Cryteria (modified) https://commons.wikimedia.org/wiki/File:HAL9000.svg CC BY 3.0 https://creativecommons.org/licenses/by/3.0/deed.en -- Jorge Royan (modified) https://commons.wikimedia.org/wiki/File:Munich_-_Two_boys_playing_in_a_park_-_7328.jpg CC BY-SA 3.0 https://creativecommons.org/licenses/by-sa/3.0/deed.en -- Noah Wulf (modified) https://commons.m.wikimedia.org/wiki/File:Thunderbirds_at_Attention_Next_to_Thunderbird_1_-_Aviation_Nation_2019.jpg CC BY-SA 4.0 https://creativecommons.org/licenses/by-sa/4.0/deed.en

AI hallucinates software packages and devs download them – even if potentially poisoned with malware

Simply look out for libraries imagined by ML and make them real, with actual malicious code. No wait, don't do that
Thomas Claburn (The Register)
This entry was edited (1 year ago)
in reply to David Goldfield

mastodon - Link to source

Brian Hartgen

Hi David, I know you are only the messenger and just pass these things along, but I have to provide the following warning.

I have not tested these scripts, but for anyone thinking of doing so, I strongly urge you not to follow the directions given for installation.
Modifying the default scripts in the way described can be extremely problematic. Not only will it stop the JAWS Check for Updates feature from working correctly, but more importantly, any future modifications Vispero make to the default script files for your JAWS version will not function.
So if you want to break your JAWS, go ahead!
If JAWS updates are released, and some aspects of those updates are not functioning and you call Vispero Tech Support, they will probably ask you to remove your settings, and that would be the correct thing for them to do. They would have no other option other than to say that.

Anyone on my currently running JAWS scripting training course will never do this because they know I would come down on them like a tonne of bricks.
They know that the proper place to make such adjustments would be the file My Extensions.JSS. That is why Vispero placed it there so that such modifications could be made.
So if anyone is thinking of using these, that is the place to make such adjustments.
This is what is written at the head of My Extensions.

;Additional use statements for your custom files go here:
;This will allow you to benefit from automatic updates to Default,
;without having to reinstall your script add-ons.

Which is exactly what I said.

David Goldfield reshared this.

mastodon - Link to source
This New Service Can Help You Find Medical Equipment to Borrow for Free verywellhealth.com/durable-med…

This New Service Can Help You Find Medical Equipment to Borrow for Free

Local lending programs can help people borrow durable medical equipment for free. But there hasn't been a way to comprehensively search for or compare lending programs—until now.
Fran Kritz (Verywell Health)

mastodon - Link to source
We're back baby! Thanks so much to Mike Buckley from @bemyeyes for helping us to relaunch the podcast. This may be the most real thing we've done on April 1, well, mostly. Transcript now posted as well. blindbargains.com/b/22622
Also shout out to @Ranger1138 @BorrisInABox @ricky_enger, someone named Gigi, and a cat.

BBQ Be My AI 225: Placeholder Title Needs Update - Blind Bargains

Things like grammar and sentence structure are hard
www.blindbargains.com
@Borris @Joe Steinkamp @Ricky Enger @Be My Eyes

mastodon - Link to source

Announcing Legacy Data Abstraction Library (LDAL)

It’s happened to us all - tucked away in the dusty corners of our attics or closets is that box with a serial port Zip drive and a dozen disks. Curiosity usually gets the better of us and, after a few downloads and a couple of kernel recompiles, we have that drive working and begin to pore over whatever those disks contain.

blog.geomusings.com/2024/04/01…


Announcing Legacy Data Abstraction Library (LDAL)

It’s happened to us all – tucked away in the dusty corners of our attics or closets is that box with a serial port Zip drive and a dozen disks. Curiosity usually gets the better of us and, af…
geoMusings

mastodon - Link to source
Jewish mourning customs

Sensitive content

mastodon - Link to source

Stuff I already wrote that other people might be open to reading this week, because of the #xz incident:

harihareswara.net/posts/2021/s… Four Non-Dev Ways To Support Your Upstreams (Pass this along to executives who are asking "how can we prevent this in our dependencies?")

harihareswara.net/posts/2023/u… Potential cross-project #opensource tools and practices that you/we can implement to help lighten the load on each other

1/n

Sidestepping the PR Bottleneck: Four Non-Dev Ways To Support Your Upstreams

This is the textual version of my June 7 2021 online talk at Upstream Live: "Sidestepping the PR Bottleneck: Four Non-Dev Ways To Support Your Upstreams", 23 minutes. Video is now up.
Cogito, Ergo Sumana
#opensource #xz