Hans-Christoph Steiner @eighthave@librem.one

Devastating privilege escalation on Linux: https://copy.fail/

Explanation: https://xint.io/blog/copy-fail-linux-distributions

Implementation in Go: https://github.com/badsectorlabs/copyfail-go

... and I learned today that there are AF_ALG socket types, to access cryptographic functions of the kernel.

#Linux #CVE-2026-31431 #crypto #AF_ALG

The App Fair Project has posted our thoughts on the Digital Markets Act review:
https://appfair.org/blog/gatekeeper-paradise/
#DMA #keepandroidopen #appfair

I'm honoured to have been elected to the Board of Directors of F-Droid, the most well-known #opensource alternative to the Google Play Store.

Imagine Microsoft deciding from now on what you can install on your laptop. No internet, you can only download things through the MS app store. Apps that MS has approved. Who wouldn't find that suffocating? Yet that is what Google wants to do on our Android phones (and what Apple already has - a closed ecosystem).

1/3

I am very happy to join the @fdroidorg Board of Directors for the upcoming two years.

F-Droid is in the heart of the Open Source community, which I see as a very important part of the shift away from the US big tech here in Europe. Success of Open Source on mobile is success we all can share.

F-Droid gives visibility to software developers who want to build experiences without predatory practices.

This is important.

https://f-droid.org/2026/04/28/board-appointments-2026.html

Thinking about FOSS, legal advice, and pro bono legal support.

What if there was a fund - be that from a funding body, or donations, or whatever - which paid (at reasonable rates, not Big Law Firm Prices) some lawyers to support FOSS projects.

So that it was free at point of use for those projects, but did not rely on lawyers working for free.

All outputs (subject to sorting issues to do with privilege) would be licensed under suitably open terms, with a goal of maximising re-use.

#FOSS #lawfedi

“Don’t forget international traffic, […] which is one of the fastest growing markets.” –Michael Peterson of Deutschen Bahn

We, as passengers, know that the demand for more and better cross-border rail is there. Now is the time to back it up with policy and offerings that make it possible.

https://www.berliner-zeitung.de/article/chef-des-fernverkehrs-der-bahn-im-interview-acht-stunden-im-zug-das-macht-vielen-nichts-aus-10030579 (€)

Google Play Integrity: what if Google dictated what software ran on your computer.

Open source implementations of attestation: what if a bunch of other people dictated what software ran on your computer.

Look, these handcuffs are permissively licensed!

No, thank you.

On a train to #Dagstuhl, I finally got to read the nice write-up about on-device local-web-to-app tracking: https://localmess.github.io/assets/bridges-to-self-localmess-usenix-security-26.pdf

TL;DR summary: You might want to uninstall (or deactivate if pre-loaded) all #Facebook and #Yandex apps from your phone. That kind of behavior is pretty clearly malicious - not even just ethically wrong, but seems actually illegal (at least in the EU, though IANAL).

It appears one or more impersonators have already registered some of the #Android applications that I maintained, including @appmanager. I've reported this to #Google, but not sure what's going to happen. The Android developer verification is still in beta, and it doesn't have a lot of features now to deal with this kind of problems.