Show more

Totally impressed by the level of this blog post on de-obfuscation of an advanced packer

blog.quarkslab.com/dji-the-art

I hadn't ever seen the trick about "stealing bytecode" from methods from the ART class verification stage.

#Android #packer #secneo

@roptat From what I've seen, it is quite common for one translator to be very active in their language. So many languages in many projects are translated basically by a single person. So complete translations can often just mean a very dedicated single volunteer rather than lots of users interested in the language. This is the volunteer-driven model. I imagine that paid translations would follow user demand a lot more.

There will be more interesting data coming soon, we'll announce it soon.

"To restore Earth’s forests and mitigate climate change, states should devolve management rights to the communities in these land parcels and grant them secure tenure."

#rewilding #restoration #forests #climatechange

rewildingmag.com/the-best-way-

@easterhegg2024 @Kurt easterhegg klingt interessant, aber ich habe dann keine Zeit zum Reisen.

@blue_led you're welcome! I'm happy to hear that all of our work has helped push free software on Android forward.

Big thanks to Kai-Chung Yan, Komal Sukhani (couldn't find them in the Fediverse), @eighthave and everyone else involved for packaging the open source parts of the Android SDK for Debian! 💙
With this I managed to revive an old Android app of mine that stopped working several years ago due to server-side changes.
#AndroidSDK #OpenSource #AndroidApp

git fsck makes it much harder to attack a git repo, but it seems that the normal git workflow does not enable it by default. In it is enabled for all fetches in our config:
f-droid.org/docs/FAQ_-_App_Dev

But I still can't find a clear answer about what checks does by default. Anyone know?

I got the opportunity to go to and of course I had my "hat" on. I wrote up some quick impressions of my trip, including what I learned about the 's and

There really are a lot of important projects represented there:
f-droid.org/2024/02/06/at-fosd

@roptat how so? You mean like level of completion versus how popular a language is?

Based on @maarten 's post blog.nlnetlabs.nl/what-i-learn I think the only people listed in my example that would be at all regulated by the would be the last one: "contracted contributors". It sounds like they might be considered "open source software stewards" with obligations under Article 17a depending on whether the considers F-Droid as "intended for commercial activities"
cyberresilienceact.eu/the-cybe

My guess is /#Ubuntu would be considered commercial while /#Debian would not

Show thread

Last weekend I co-organised a "EU policy devroom" at #FOSDEM, marking the end of a wild 17 month ride in EU policy land working on the #CyberResilienceAct.
A blog I just published provides an overview of CRA #FOSDEM content, including my personal story starting #FOSS policy engagement in Brussels.
I hope it will contribute to a shared understanding of how the #CRA will most likely affect developers of #opensource software. Feedback welcome.

blog.nlnetlabs.nl/what-i-learn

Later this week, Let's Encrypt will stop including the cross-sign from Identrust's Root CA in our API by default. That cross-sign will expire later this year, so this is the first step in preparation for that.

This means devices which haven't gotten an updated root CAs that added Let's Encrypt may get errors. This mostly affects a small number of old Android devices (Version 7.0 and before), as most other operating systems update root CAs by default.

For most people, no action is necessary. To continue supporting old clients, or to control your rollout of this change, your ACME client can be configured to explicitly choose a chain to serve until June at which point we'll stop serving the cross-signed chain.

You can read all the details on our blog post at letsencrypt.org/2023/07/10/cro

If you have any questions, happy to answer them over on our Community forum: community.letsencrypt.org/t/qu

@roptat thanks for your nice visualization of in apps in
i18n.lepiller.eu/i18n.html it is interesting to see which languages are the most active. If you're interested in more data sources, there are a lot of public data sources:
f-droid.org/docs/All_our_APIs/

For example, you might enjoy looking at the most popular search queries with the included language and country data:
fdroid.gitlab.io/metrics/searc

A week ago someone around here mentioned the #Android app StreetComplete, an app made to help people add data points that are missing on #OpenStreetMap ("Wikipedia for geographical information").

The app is super smooth and I fell down the rabbit hole hard - there's so much information missing for #Calgary #yyc! You walk around, you pay more attention to urban features, do it for a few days and you somehow end up in the worldwide top 50 this week 😯

Do it! It's fun!
#opensource #FOSS #OSM

Think tank funded by Big Tech argues #AI’s climate impact is nothing to worry about - theregister.com/2024/02/07/ai_ it's the "cryptocurrencies don't use much energy" argument all over again...

As part of 's work towards memory-safe infrastructure for the internet, @cpu has opened a merge request that implements TLS ECH support on the client side:
github.com/rustls/rustls/pull/

We agree that "the ECH spec is very challenging to implement and required a lot of trial/error" and we are working with to help implementers. Please reach out if that is you:
defo.ie/#contact

@vitriolix Mozilla is also offering a scrubbing service for a fee. I hope that takes off, that seems like a great business model for Mozilla: getting paid by users to decrease personal tracking.

engadget.com/mozilla-monitor-s

@drwhax It is a symbol to start with, let's hope that something real comes of it. I hope it makes developers who work at such firms feel much less comfortable working at those kinds of companies. This interview with an employee talks about how it was fun to work there, and had a nice family atmosphere. So many shady companies provide lovely workplaces to keep employees in a cozy bubble so they don't ask too many questions.
yewtu.be/watch?v=A4ylyhqZAaI

The White House just announced visa restrictions on those involved in spyware misuse. Are you a family member of someone misusing or facilitating spyware? You can be sanctioned as well! Great step to further delegitimise the highly invasive surveillance industry!

state.gov/announcement-of-a-vi

Show more
image/svg+xml Librem Chat image/svg+xml