Ethan Black @golemwire@librem.one

Can't read my #howtogeek article without making an account. This is new. For as long as I can remember I could just read the articles by clicking on the mail links. Since they turned orange I was going to quit but the articles are really good. I have just reached 300 passwords in my password manager and I don't want anothet account. Anyone else get this? Other links don't ask for logon but won't scroll down.

In 2019, I broke the news that First American Title Insurance Co, the country's second-largest title insurer, had leaked on its public website hundreds of millions of documents related to mortgage deals going back to 2003. The digitized records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images — were available without authentication to anyone with a Web browser.

https://krebsonsecurity.com/2019/05/first-american-financial-corp-leaked-hundreds-of-millions-of-title-insurance-records/

According to a report today from Newsday, First American has agreed to pay New York state $1 million for violating the state's cybersecurity regulation.

Not sure how the regulators reached $1m as an appropriate fine, but it seems small to me.

https://www.newsday.com/business/first-american-title-insurance-settlement-new-york-xh6x1gj0

PC Mag - February 1996
https://books.google.com/books?id=WVbZSlyrT5kC&lpg=PA125&pg=PA125#v=onepage&f=false

Can someone recommend a #pixelfed instance that provides the following?

long captions
no adult content (not just no untagged, but verboten)
open to registration
well-moderated to avoid bad actors

If you're writing open-source software, please do yourself and other software developers a favor and familiarize yourself with how software licensing works. As an Ubuntu Developer, much of my work involves auditing the source code licensing of various applications. Most of these applications have miserably complicated licensing situations, sometimes with licensing violations involved. I also occasionally run into licensing or copyright terms that an author probably didn't intend to specify, but that they did specify unambiguously nonetheless.

For instance, did you know that if you state that a file is "under the GPL license" without specifying what version, that means that the user of your file can use it under *any* version of the GPL they want to? Look at GPLv1 Section 7, GPLv2 Section 9, and GPLv3 Section 14 if you don't believe me. I found a file written in 2017 with these licensing terms. Did the author *mean* to do this? Probably not, they probably wanted to use GPLv3 (or maybe GPLv2). But since they didn't specify a version, I'm within my legal right to use this code under GPLv1's terms if I care to. I'm not going to do that since I have no interest in using this file for anything, but it goes to show you how a slip-up in your licensing specification can cause people to have rights or be free of restrictions you didn't want to give them or let them be free from.

Another (very very common) slip-up is for most of the source code in a repository to have license headers specifying GPLv2 *or later*, but with no repository-wide license specified in an AUTHORS or README file, and with a GPLv2 license in a LICENSE or COPYING file. What you probably *think* this does is license your program under GPLv2 or later, but what it *actually* does is give you a messy mixed-licensing situation with some files licensed GPLv2 only and some files licensed GPLv2 or later. Why? Because the default repository-wide license is GPLv2 as set by the LICENSE or COPYING file, and all of the headers that specify GPLv2 or later are overriding that default license.

You may think, "Why can't someone just infer that because most of the files are GPLv2 or later, that all of them are?" Great question! There's two answers. One, if you unambiguously specify something you didn't mean to specify, whatever you specified is what's legally binding. There's not room for "well that's what I said, but what I meant was..." in licensing. Secondly, many projects *actually use multiple licenses in one project* (for instance you'll have GPL, BSD-2-Clause, BSD-3-Clause, and MIT licenses all in one application). So how does one know if you just "accidentally" specified the wrong license, or if you meant to make a mixed-license application? They can't determine your intent with 100% certainty, so they have to obey what you said, *not* what you meant to say.

I am not a lawyer and this is not legal advice. This is just advice on how to help keep software developers from having headaches and problems reusing code.

#opensource #software #licensing #linux #gpl #bsdlicense #mitlicense #bsd #mit #foss

Fascinating footage of a human white blood cell chasing a bacterium captured through a microscope.

Credit: David Rogers

https://embryology.med.unsw.edu.au/embryology/index.php/Movie_-_Neutrophil_chasing_bacteria

#health #biology #science #phagocytosis

PC/Computing - September 1996
https://archive.org/details/pc-computing-magazine-v9i9/page/n103/mode/2up

I have not historically been one of Hixie’s fans, but his goodbye-to-Google note is clear-eyed, humane, matches up with my own experience there, and sticks the dagger into a few places that seem to deserve it. Recommended: http://ln.hixie.ch/?start=1700627373&count=1

Hey look, Sony is about to ship C2PA on a bunch of cameras: https://petapixel.com/2023/11/21/sonys-in-camera-authentication-technology-passes-aps-tests/

Instagram blocked the #joinPixelfed hashtag not long ago, and Twitter too.

Don't forget that 😉

Talking publicly about any cryptocurrency investments you may have -- let alone bragging about them -- strikes me as a very risky flex. We're starting to see more reports of people outside the cybercrime scene getting robbed at home, and forced at gunpoint to give up their crypto accounts or wallets. There is a LOT of room for growth here, and there are a wealth of targets or "targs" as the thieves call them.

https://cointelegraph.com/news/canadian-police-warn-crypto-investors-home-robberies

These attacks expose a fundamental risk of crypto: At the end of the day, YOU are the bank. For criminals, there is certainly a risk that someone can get hurt or killed in these robberies and home invasions, but the up front investment needed to carry out these muggings is practically nil, while the potential payoff is astronomical.

Am I the only one who finds questions like “what are your favourite [subject]?” impossible to answer?

I just can’t avoid overthinking these types of questions. Same with things like “if you had only one [thing] to watch/read/play on a desert island/for the rest of your life, what would it be?”

Again, I end up thinking of every possibility into the most literal sense possible, and can’t answer.

Because apple has long abandoned this, someone in my town thought this was dead and was going to toss it in the trash.

Luckily, it can be liberated with #linux!

@FediThing @onepict @darnell @digitalstefan If you could only call your doctor using a specific brand of telephone that would be nuts.

The E/V Nautilus team encounter a Flapjack Octopus off the central California coast.

Video credit: E/V Nautilus

Norway Consumer Council sues Nintendo over community tournament guidelines

https://www.pressfire.no/artikkel/forbrukerradet-vil-ta-opp-nintendos-regler-med-europeiske-forbrukerorganisasjoner