Hans-Christoph Steiner @eighthave@librem.one
Joined Aug 2019
Hans-Christoph Steiner
boosted
#Mythos finds a #curl vulnerability
yes, as in singular one.
https://daniel.haxx.se/blog/2026/05/11/mythos-finds-a-curl-vulnerability/
@alexandrageese Thanks for flagging this! I'm not up on this particular issue, could you point us to a good summary of what cutting this open source strategy will affect?
@privacyint Sounds interesting but I cannot read it because the link there is 404 Not Found
Hans-Christoph Steiner
boosted
🚨🔔 Job alert: The Tor Project is hiring a Senior Android Engineer to design, build, and ship privacy-preserving features used by people all over the world. Mentor teammates and shape architectural decisions.
If technical depth + real impact is your thing, we'd love to hear from you.
👉 https://www.torproject.org/about/jobs/senior-android-engineer/
Hey #Google, cool you're adding a bit of #BinaryTransparency. Unfortunately, it doesn't mean much without #FreeSoftware #OpenSource and #ReproducibleBuilds. When can we expect you to adopt those practices?
https://blog.google/security/bringing-binary-transparency-to-the-android-ecosystem/
For the record #FDroid has offered binary transparency since 2017 https://gitlab.com/fdroid/fdroidserver/-/merge_requests/226
And we even offer binary transparency for your #Gradle and #AndroidSDK binaries
https://f-droid.org/2021/02/05/apis-for-all-the-things.html#binary-transparency-logs
How about expanding your logging to all your binaries?
Hans-Christoph Steiner
boosted
Announcing the launch of Internet Archive Switzerland 🇨🇭
Thirty years after Brewster Kahle founded Internet Archive with the vision of Universal Access to All Knowledge, that mission is entering a new chapter: expanding a global network of independent archives to protect knowledge and digital history for future generations.
Visit Internet Archive Switzerland ➡️ https://internetarchive.ch
Learn more about this initiative ⤵️
https://blog.archive.org/2026/05/06/internet-archive-switzerland-expanding-a-global-mission-to-preserve-knowledge/
Wow #Google is now really running with it now that they dropped #DontBeEvil. I guess I had low expectations for #Microsoft, #OpenAI, #Amazon, #ElonMusk and #nvidia. Its crystal clear that the #US Defense Department will be using #AI for illegal attacks and wars where many civilians will die.
Some are saying that #Android is not affected by #CopyFail. It seems true that #AOSP's #security policies greatly restrict the possibilities. But there are some parts of Android that do have access to the exploitable part of the #Linux kernel, for example, #dumpstate. Has anyone dug into dumpstate for potential #exploit vectors?
We have #ransomware, #AI driving #phishing and #scams abound, #bitcoin being almost all for illicit use cases, #SocialMedia turned to #addictive drugs, #email turned work communications to an endless deluge, and more. What the public discourse lacks is consideration of working to reduce our uses of #DigitalMedia and #software. I believe in the power of software. Given the current directions, some things just worked better without computers involved. We still have the #power to #change that.
Hans-Christoph Steiner
boosted
Devastating privilege escalation on Linux: https://copy.fail/
Explanation: https://xint.io/blog/copy-fail-linux-distributions
Implementation in Go: https://github.com/badsectorlabs/copyfail-go
... and I learned today that there are AF_ALG socket types, to access cryptographic functions of the kernel.
Hans-Christoph Steiner
boosted
The App Fair Project has posted our thoughts on the Digital Markets Act review:
https://appfair.org/blog/gatekeeper-paradise/
#DMA #keepandroidopen #appfair
Hans-Christoph Steiner
boosted
I'm honoured to have been elected to the Board of Directors of F-Droid, the most well-known #opensource alternative to the Google Play Store. 
Imagine Microsoft deciding from now on what you can install on your laptop. No internet, you can only download things through the MS app store. Apps that MS has approved. Who wouldn't find that suffocating? Yet that is what Google wants to do on our Android phones (and what Apple already has - a closed ecosystem).
1/3
Hans-Christoph Steiner
boosted
I am very happy to join the @fdroidorg Board of Directors for the upcoming two years.
F-Droid is in the heart of the Open Source community, which I see as a very important part of the shift away from the US big tech here in Europe. Success of Open Source on mobile is success we all can share.
F-Droid gives visibility to software developers who want to build experiences without predatory practices.
This is important.
@neil I like it! Anyway to get more resources out there. I know that EFF, ACLU, FSF, FSFE, etc do this to some degree, but they have very few resources to offer.
@indigotime That's a link to the source code for the source.android.com website, specifically the "jb-dev" branch which was last updated in 2012. Nice idea to look at the source code, here you can see the actual commit where they removed the "philosophy" in 2014:
Hans-Christoph Steiner
boosted
“Don’t forget international traffic, […] which is one of the fastest growing markets.” –Michael Peterson of Deutschen Bahn
We, as passengers, know that the demand for more and better cross-border rail is there. Now is the time to back it up with policy and offerings that make it possible.
Apparently, #Google has lost track of their goal for #Android "We wanted to make sure that there was no central point of failure, where one industry player could restrict or control the innovations of any other. " https://web.archive.org/web/20120501080416/http://source.android.com/about/philosophy.html
That page is 404 Not Found now...
On #Google's official download page for the #AndroidSDK they list a column "SHA-256 checksum" but then provide a SHA1 value. WTF?
https://developer.android.com/studio#command-line-tools-only
The last third of that is an interesting discussion about whether it actually pays off to use the latest versions of dependencies based on the data that #Sonatype gathers from #MavenCentral and other repositories
https://opensourcesecuritypodcast.libsyn.com/2026-state-of-the-software-supply-chain-with-brian-fox
The last third of that is an interesting discussion about whether it actually pays off to use the #latest versions of dependencies
Joined Aug 2019
