Search
Items tagged with: FOSS
Put yourself in Jia Tan's shoes, the malicious contributor to the xz backdoor...
It's been, what, two... three?... years since you started this campaign. You've had the entire support of your team and of your chain of command.
Your coders created a complex and sublime backdoor. A secure! backdoor that only you and your team could connect to. Heck it can even be deleted remotely. This is clean code. A responsible hack that doesn't open up the backdoor for others to hijack.
You spend years on your long con - your social engineering skills are at the top of the game. You've ingratiated yourself painstakingly into multiple teams. Finally it all pays off and you're ready to go!
You succeed multiple times in getting your backdoor inserted in all the major Linux distributions!!! Now its just a matter of weeks before it makes it to production and stable releases!
This is the culmination of years of labor and planning and of a massive team and budget.
You did good.
This will get you promoted. Esteemed by your colleagues and leadership alike. Your spouse and kids will understsnd why you haven't been at home lately and why you've spent all those late nights at the office.
It's finally going to pay off.
But what's this?! Some rando poking around in their box running a pre-release unstable version of linux has found everything?!?! It's all being ripped down?! And on a Friday before a western holiday weekend?!?!
Fuck. Fuck. FUCK!!!
Three years for nothing!!! My wife is going to leave me! I missed my kid's recital for this!!! They'll hate me because I told them it was worth it. Daddy will be able to play with you again once Daddy finishes this last bit of work. But it was all for nothing!!!
Leadership took a big risk on me and my team but I kept assuring them it would pay off!
It would be one thing if another nation state found it and stopped it. But one random dude poking his nose where it shouldn't belong?! Ohhh fuck, I'm going to be fired. We're going to lose our budget. My team is going to be fired. I've let down everyone that ever believed in me and supported me and relied on me!
Oh fuck!!!
#xz #backdoor #xzBackDoor #cve #cve20243094 #infosec #hacking #FOSS
Wishing everyone a great time at Gnome 46 Release Party by Volunteers starting today in Offline in #Berlin, #Germany
https://foss.events/2024/03-30-gnome-46-release-party.html
@gnome
#gnome46 #foss #floss #freesoftware #opensource #events #europe #gnome
I think a LOT of people are missing the fact that we got LUCKY with this malicious backdoor.
The backdoor was created by an Insider Threat - by a developer / maintainer of various linux packages. The backdoor was apparently pushed back on March 8th (I believe) and MADE IT PAST all QA checks.
Let me state that again. Any quality assurance, security checks, etc., failed to catch this.
This was so far upstream, it had already gotten into the major Linux distributions. It made it into Debian pre-release, Fedora rolling, OpenSUSE rolling, Kali rolling, etc.
This is an example of Supply Chain Security that CISOs love to talk and freak out about. This is an example of an Insider Threat that is the boogey man of corporate infosec.
A couple more weeks, and it would have been in many major distributions without any of us knowing about it.
The ONLY reason we know about it is because @AndresFreundTec got curious about login issues and some benchmarking checks that had nothing to do with security and ran the issue down and stumbled upon a nasty mess that was trying to remain hidden.
It was luck.
That's it. We got lucky this time.
So this begs the question. Did the malicious insider backdoor anything else? Are they working with anyone else who might have access to other upstream packages? If the QA checks failed to find this specific backdoor by this specific malicious actor, what other intentional backdoors have they missed?
And before anyone goes and blames Linux (as a platform or as a concept), if this had happened (if it HAS happened!!!) in Windows, Apple, iOS, etc.... we would not (or will not) know about it. It was only because all these systems are open source that Andres was able to go back and look through the code himself.
Massive props and kudos and all the thank yours to Andres, those who helped him, to all the Linux teams jumping on this to fix it, and to all the folks on high alert just before this Easter weekend.
I imagine (hope) that once this gets cleaned up, there will be many fruitful discussions around why this passed all checks and what can be changed to prevent it from happening again.
(I also hope they run down any and all packages this person had the signing key for....)
Results from our survey of LibreOffice localisation tooling and workflows - The Document Foundation Blog
LibreOffice’s localisation community translates the software’s user interface, along with its documentation and websites.Mike Saunders (The Document Foundation)
Am I late for the Xenia bandwagon?
#furry #furryart #anthro #anthroart #linux #xenialinux #transrights #foss
Joint release of LibreOffice 24.2.2 Community and LibreOffice 7.6.6 Community - The Document Foundation Blog
Berlin, 28 March 2024 – Today the Document Foundation releases LibreOffice 24.2.2 Community [1] and LibreOffice 7.6.Italo Vignoli (The Document Foundation)
There is a good discount on the #FOSS conference in #Zagreb in May - why don't you combine your thrust for knowledge with a nice trip.
https://www.dorscluc.org/2024/03/hop-into-dors-cluc-2024-with-our-exclusive-easter-discount/
I most probably will be there speaking about #heavymetal #thunderbird and maybe #osm.
Hop into DORS/CLUC 2024 with Our Exclusive Easter Discount! - DORS/CLUC
As the spring season unfolds, bringing with it a sense of renewal and growth, we at DORS/CLUC 2024 are excited to share some exhilarating news with our esteemed community.andrei (DORS/CLUC)
💡 The last Wednesday of March can only mean one thing...
Today we celebrate open standards: The ability for everyone to work and communicate using free software.
If you're using paid software that confines you see if any of the alternatives on my list of #opensource software can make life easier for you:
https://ethicalrevolution.co.uk/opt-open-source/
Includes (but not limited to) @cryptpad @thegoodcloud @piefedadmin @libreoffice @thunderbird @Tutanota @protonprivacy @plausible @GIMP @inkscape @session @signalapp @delta @efoundation @MattermostFR @element
Any I've missed, let me know!
@dff
#FOSS #DFF #DFD #decentralize
Opt Open-Source - Ethical Revolution
Join me in taking step O, “Opt Opensource”, in the A-Z of steps to a better world: transparency, quality, reliability, flexibility +low cost.Sam (Ethical Revolution)
Czech translation of LibreOffice Writer Guide 24.2 - The Document Foundation Blog
Zdeněk Crhonek (aka “raal”) from the Czech LibreOffice community writes: The Czech team has finished translating the LibrePffice Writer Guide 24.2. As usual it was a team effort, with translations by Petr Kuběj, Radomír Strnad and Zdeněk Crhonek.Mike Saunders (The Document Foundation)
In an attempt to be a less silent majority, I would like more of us to speak up and appreciate the hard work that goes into #foss maintenance. Thanks for a wonderful tool that a BILLION people use, that's remarkable!
a periodic reminder that open source and free software licences enabled the unpaid mass transfer of skills and labour to corporations and societal elites to an extent unparalleled since the abolition of serfdom and slavery.
they effectively seized the means of production, then packaged them all up and delivered them to the worst people imaginable, wrapped with a bow and a little card that said “exploit me!”
and people are still out here cheerleading for them.
How it started: "This change has zero effect on the Redis core license, which is and will always be licensed under the 3-Clause-BSD."
How it's going: "Beginning today, all future versions of Redis will be released with source-available licenses. Starting with Redis 7.4, Redis will be dual-licensed under the Redis Source Available License (RSALv2) and Server Side Public License (SSPLv1)."
#FreeSoftware #OpenSource #OSS #FOSS #Redis
Missed @lea@ordinary.cafe and @jaiden@ordinary.cafe's panel at @socallinuxexpo@social.linux.pizza about the future of the Linux desktop?
Here’s a recording to satisfy your curiosity :3
https://www.youtube.com/watch?v=hNDJDyef_UQ
Featuring:
- @lea@ordinary.cafe, Fyra Labs
- @jaiden@ordinary.cafe, Fyra Labs (Moderator)
- @zana@sfba.social, @gnome@floss.social Foundation
- @technobaboo@tech.lgbt, @stardustxr@fosstodon.org
- @communiteatime@fosstodon.org, @thunderbird@mastodon.online- @mattdm@hachyderm.io, @fedora@fosstodon.org & Red Hat
- @druonysus@mstdn.io, @kde@floss.social & @opensuse@fosstodon.org
#tech #linux #foss #oss #scale21x
Where Does the Linux Desktop Go from Here?
It's no lie that the Linux desktop has been changing greatly. Through technological and social shifts, the desktop and community we know today is a far cry f...YouTube
🗺️ 𝘖𝘱𝘦𝘯𝘚𝘵𝘳𝘦𝘦𝘵𝘔𝘢𝘱 3𝘋 🧊
Zoom in to street level to see the 3D features.
#map #maps #OpenStreetMap #3D #topography #world #WorldMap #cities #landscape #environment #data #tools #OpenSource #FOSS
F4map Demo - Interactive 3D map
F4 Map is a WebGL 3D Map Viewer based on OpenStreetMap dataF4map Demo - Interactive 3D map
Can you #help me?
#Metal music has anger, love, DEI, truth-telling, and more. So why don't we use it to solve everyday problems, such as having fun at work, lacking identity, or standing for our rights? Metal artists put a lot of effort into crafting their art, and we can find the best use of it just by listening.
I want to interview key players in the metal world and do a #Foss #cc documentary to encourage even more people to help themselves!
Please DM me if you know some metal gods!
Apache Pekko has left the incubator phase and is now a top-level project.
https://lists.apache.org/thread/grl5h0l79oywnjtmfv0mdg3w108vsh6o
That's great news! Pekko was created as a Fork of Akka 2.6, right after Lightbend chose to pull a bait-and-switch by relicensing Akka to a non-FOSS license.
I have already switched to Pekko a few months ago, it went very smooth, and I am grateful to everybody involved in making this happen.
#opensource #pekko #akka #scala #java #licensing #apache #foss
We’re seeking input from #FOSS maintainers as we design a fellowship program pilot. We want to test a support mechanism that addresses structural issues in the FOSS ecosystem, and support maintainers who work on open digital infrastructure in the public interest.
If you maintain open source projects, we would be very grateful if you could take ten minutes to respond to the survey:
https://survey.sovereigntechfund.de/968766
Please also repost and share with FOSS maintainers you know. Thanks!
Community Member Monday: Dione Maddern, LibreOffice docs team - The Document Foundation Blog
Today we’re talking to Dione Maddern, who helps out in LibreOffice’s documentation team… Tell us a bit about yourself! I’m 44. Originally from Brisbane, Australia but I currently live in Baltimore, on the East Coast of the USA.Mike Saunders (The Document Foundation)
Are you a #ScreenReader and/or #Braille user on #Matrix?
Should we be adding messages as captions until #AltText is supported?
#A11Y #Accessibility #BRLTTY #FOSS #OpenSource #Element #GNOME #KDE #elementaryOS #XFCE
- Yes, always. (66%, 4 votes)
- A quick summary is fine, I'll ask if I need more (16%, 1 vote)
- As long as you do it if I ask. (16%, 1 vote)
Whoa! TIL just how widespread Matrix is at universities in Germany.
This, on top of adoption by their national healthcare system and other corners of their public sector.
Source: https://doc.matrix.tu-dresden.de/why/
#Matrix #OpenSource #OpenStandards #DigitalSovereignty #FOSS
LibreOffice 24.2 Shines Again! Writer 24.2 and Calc 24.2 Guides Published - The Document Foundation Blog
The LibreOffice Community Documentation Team is happy to announce the immediate release of the latest Writer and Calc guides for the new LibreOffice 24.2 office suite. The two books are updates of the respective LibreOffice 7.Olivier Hallot (The Document Foundation)
NV Access are pleased to share the release of NVDA 2024.1 Beta 13.
Changes introduced in Beta 13:
- Bug fix for interacting with some NVDA controls such as the synth selection dialog and selectable checklist items
- Updates to translations
Read the full information and download at: https://www.nvaccess.org/post/nvda-2024-1beta13/
#NVDA #NVDAsr #Release #Software #FOSS #Beta
NVDA 2024.1beta13 available for testing
Beta13 of NVDA 2024.1 is now available for download and testing. For anyone who is interested in trying out what the next version of NVDA has to offer before it is officially released, we welcome y…NV Access
So @gnome is removing the x11 session, leaving just the Wayland one.
If this goes out before Orca, the GNOME screen reader, is fixed to work on Wayland, it will mean that people who rely on screen readers will have no way to use one on GNOME. And thus on the major Linux distributions.
So I’m hoping the plan is that this change will not land until GNOME has a working screen reader.
#accessibility #a11y #gnome #linux #openSource #foss #wayland #x11 #orca https://peoplemaking.games/@ailepet/112077559713299711
ailepet (@ailepet@peoplemaking.games)
@noracodes@tenforward.social @aral@mastodon.ar.al @zeorin@indieweb.social For now: https://gitlab.gnome.org/GNOME/gnome-session/-/merge_requests/99People Making Games
If you see the AGPL licenses on my free and open source work and you think “damn you, I can’t use this to enrich myself or my corporation without sharing back what I’ve built on top of what you’ve freely shared and thus contribute to cultivating a healthy commons where others might enjoy the same benefits from my work that I want to obtain from yours” (a) you really have long-winded thoughts and (b) well, you already see the flaw in your reasoning.
Keep the momentum going for free open source projects in this week's Follow Friday by giving your support with contributions, boosts and follows.
https://www.adamsdesk.com/posts/discover-fediverse-keep-momentum/
- LÖVR @lovr
A framework for rapidly building immersive 3D experiences.
- NV Access @NVAccess
A screen reader.
- BiznisBox @biznisbox
A web app for managing invoices, clients, & payments.
- BookStack @bookstack
Documentation system.
#FollowFriday #fediverse #FreeSoftware #OpenSource #ff #oss #foss #floss
Discover The Fediverse: Keep The Momentum Going
Find the momentum in your challenging life and in your community of free open source projects with these highlights in fediverse.Adam Douglas
The #GUADEC2024 call for abstracts for those looking to be *sponsored* has passed (due to visa reqs & travel lead time), BUT the call for both in-person (if you don’t need sponsorship) and remote talks IS STILL OPEN!
https://events.gnome.org/event/209/abstracts/
If you’ve been working on something interesting in GNOME or GNOME-adjacent spaces and can present remotely or get yourself to Denver in July, you still have just over two weeks to propose a talk!
Nepali Community celebrates LibreOffice 24.2 Release Party with CS50x Nepal students - The Document Foundation Blog
Suraj Bhattarai, our Nepalese LibreOffice Community Liaison, writes: We shared some positive words around the LibreOffice project, among students of IOE Purwanchal Campus enrolled in CS50x Nepal.Mike Saunders (The Document Foundation)
LibreOffice 24.2 Community available for all operating systems - The Document Foundation Blog
Berlin, 31 January 2024 – LibreOffice 24.2 Community, the new major release of the free, volunteer-supported office suite and the first to use the new calendar-based numbering scheme (YY.M), is now available at https://www.libreoffice.Italo Vignoli (The Document Foundation)
LibreOffice 24.2 Community available for all operating systems - The Document Foundation Blog
Berlin, 31 January 2024 – LibreOffice 24.2 Community, the new major release of the free, volunteer-supported office suite and the first to use the new calendar-based numbering scheme (YY.M), is now available at https://www.libreoffice.Italo Vignoli (The Document Foundation)
Spectral Compressor. It's incredible that FOSS audio production tools are at a level where top EDM producers make videos about them. Props to au5 for acknowledging that it's not just free, but also open-source.
https://youtu.be/jo_ayanaKo4?si=evvqcOYMVwfcMzAp
#MusicProduction #FOSS #SoundDesign #EDM #music
This Plugin Shouldn't Be Free, But Is
School Of Bass: https://bit.ly/SOBassSpectral Compressor: https://github.com/robbert-vdh/nih-plug/tree/master/plugins/spectral_compressorDisable Gatekeeper (...YouTube
Get started writing that #app in your favourite programming language!
https://developer.gnome.org/documentation/introduction/languages.html
Then start working on those features, with tutorials for #Blueprint, #JavaScript, #Python, #Rust and #Vala 🚀
https://apps.gnome.org/Workbench/
#GNOME #Workbench #Opensource #FOSS
Workbench – Apps for GNOME
Learn and prototype with GNOME technologies – Workbench lets you experiment with GNOME technologies, no matter if tinkering for the first time or building and testing a GTK user interface. Among other things, Workbench comes with Live GTK/CSS pre...apps.gnome.org
LibreOffice 24.2 Community available for all operating systems - The Document Foundation Blog
Berlin, 31 January 2024 – LibreOffice 24.2 Community, the new major release of the free, volunteer-supported office suite and the first to use the new calendar-based numbering scheme (YY.M), is now available at https://www.libreoffice.Italo Vignoli (The Document Foundation)
If you're a fan of the free open source e-mail software Thunderbird, you might want to follow their official PeerTube account:
(You can also follow their Mastodon account at @thunderbird@mastodon.online)
If you just want to browse their PeerTube videos without following them, you can watch them all at https://tilvids.com/a/thunderbird/videos
#Thunderbird #Mozilla #MozillaThunderbird #FOSS #EMail #Libre #PeerTube
Thunderbird
The Thunderbird Project is a family of free & open-source email software and productivity solutions for managing your personal and professional communications. Available on Linux, macOS and Windows. Coming soon to Android.TILvids
LibreOffice 24.2 Community available for all operating systems - The Document Foundation Blog
Berlin, 31 January 2024 – LibreOffice 24.2 Community, the new major release of the free, volunteer-supported office suite and the first to use the new calendar-based numbering scheme (YY.M), is now available at https://www.libreoffice.Italo Vignoli (The Document Foundation)
February was #ILoveFreeSoftwareDay ❤️
| ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄|
| We Love Free Software |
|____________|
\ (•◡•) /
\ /
——
| |
|_ |_