The Eclipse Foundation has studied the Cyber Resilience Act and is very worried about the implications for open source foundations.
The DEA issued me a glomar answer in response to my FOIA request on whether they acquired phone hacking tech Graphite from Paragon.
Even though the NYTimes reported the DEA acquired the phone hacking tech.
Spent half a day on 6 lines of code. Why is web-development always a major pita? Anyway when this gets deployed it might finally become possible to share links to apps on #FDroid here, without #mastodon getting all confused and rendering wrong previews.
#FDroid in an #EU "Pilot project — De-monopolized access to EU applications"... "The focus of the pilot project includes EU institutions releasing their apps on existing alternative app stores, including f-droid that aims at promoting apps released under open source licenses"
Bits from the release team: #bookworm freeze started https://lists.debian.org/debian-devel-announce/2023/01/msg00004.html
2726. Methodology Trial
title text: If you think THAT'S unethical, you should see the stuff we approved via our Placebo IRB.
Those who follow me on The Bad Place have heard me repeat this a thousand times, But once more won't hurt.
Election security is incredibly complex, full of seemingly impossible tradeoffs. But disinformation about supposed "rigged" elections is perhaps the most serious threat to election integrity today,
The best defense is to learn how elections actualy work! Becoming a poll worker is a great way to do that
Also, this National Academies study is a terrific resource:
@fdroidorg To be a little more specific. Non-free (aka proprietary, aka the opposite of free and open source) software is not allowed on the official f-droid.org reposiory. Most trackers are non-free. That's why they violate our policies and have to be removed, or they would prevent and app from being published. FOSS trackers are allowed, but will be tagged with the tracking anti-feature warning. However, those seem to be rather rare.
Recommendation engines based on tracking individual users' behavior will always be dangerous. They are fatally flawed and not beneficial to humanity, even if they are free software and publicly audited. They inevitably result in someone invisibly controlling many others as they are in the process of thinking. That said, they will always be with us, so we must push for regulation of how they are used. The standard #Mastodon experience does not use such algorithms, but they are coming soon.
This level of vigilance is hard, so we have added another layer of defense in the upcoming #FDroid client v1.16 release, currently in beta. We've moved the database to be based on #Room and its built-in #security measures, then had that new code audited https://f-droid.org/2022/12/22/third-audit-results.html 2/2
If you want to see a real world attempt at adding a #SQL #injection #vulnerability to an #Android app via merge request, take a look at https://gitlab.com/fdroid/fdroidclient/-/merge_requests/889#note_506478642 1/2
I just remembered a wonderful feature in #Android that has been broken by #security features: it used to be possible to do a parallel install of GNU/Linux on Android devices. #SecureBoot features are of course important, but they do come at a cost. Android's #VerifiedBoot does have some nice properties that make the devices pretty resilient. It is equally important to recognize that security is not the goal, but part of the process. A brick will always be more secure than any computing device.
#DRM isn't just an annoyance -- it's a violation of your right to use the items you own as you see fit. Learn more about our Defective by Design campaign at http://defectivebydesign.org, and follow our campaign account at @endDRM
The release of subfolders for iOS is experiencing a short delay. Apparently, Apple doesn't take kindly to referencing other "mobile devices" in the What's New section of an update.
To be clear, we included no mention of Android in this submission.
This type of overly restrictive behavior is unacceptable and is a clear example of why open source software is important. A single company should not have this kind of market control.
#BillGates biggest legacy will perhaps be that he built a #monopoly that delivered crappy #software for so long, that a bunch of idealists, volunteers,and kids were able to create the #FreeSoftware movement which the vast majority of companies have now signed on to. Using #OpenSource is the default now in software development, there is almost no major software that is purely proprietary. Converting open source to free software is the next struggle, freedom is an essential aspect for the future
#Debian and #FDroid require signature verification, and #FDroid is built on top of #Android's APK signing. This improves things a lot but does not mean they are immune. Debian and F-Droid repos can still override packages lower priority repos. It could make sense to have a "no overrides allowed" setting, but that would restrict useful features. Maybe F-Droid could implement "no new signing keys when overriding" rule by default, I wonder how much that would break what people are doing now? 2/2
#Decentralized #software repository systems like #npm #maven #rubygems #pypi etc have key issues that make them hard to decentralize properly: solid verification is optional, one repo can override packages from another, and the tooling makes it hard to see which repo was actually used. #MavenCentral has additional measures which make it more trustworthy, but if devs add repos, those can still override it. #Gradle verification helps a lot when using Maven repos but does not solve everything 1/2
Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.
Stay safe. Please abide by our code of conduct.