I elaborate on some ways to protect the digital supply chain while borrowing metaphors from the food industry in this post: https://puri.sm/posts/protecting-the-digital-supply-chain/
This is why projects like Reproducible Builds are so important. Basing all of your security on a company's signature on proprietary code is too risky.
A animal with a history of abuse will often flinch when a well-meaning new owner tries to pet it. It takes a lot of time and effort to rebuild trust and security.
The emotional damage in the #FOSS community from decades of abuse by exploitative companies isn't acknowledged nearly enough, and is hard to overcome.
Baby Shark is *just* different enough from Y'all Ready For This that it's technically a different riff. #dodododododo
"Most people want to opt-in to what they want to follow, be that a news feed, a celebrity, a friend, or family. Most people do not want to be force-fed a constant stream of manipulated content to catch and keep their attention." #LibremOne
https://puri.sm/posts/opt-in-no-ads-and-no-tracking-solve-a-lot-of-problems-in-society/
@phessler We hear you, and we are addressing your concerns.
@downey As a general rule we only run stable released upstream versions of things. This was a special case because we needed specific functionality.
We've published a blog post with all of the details of this morning's security bug in Librem Chat and our response. https://puri.sm/posts/underscoring-our-transparency-first-librem-one-bug-report/
@rae As an update, we've fixed the bug and chat is back up. I am writing up a full report and will publish it after the development team is able to distribute a security patch of their own. Thank you for your responsible disclosure!
We have some exciting news! The team at Purism are thrilled to announce the launch of Librem One https://librem.one Private and secure email, chat, social and VPN. No ads! No tracking! No data sharing! Just the best end-to-end encrypted communication and social. Join the revolution today and take back control of your data and life #LibremOne
OK, so that's creepy: "The online tool allows everyday supporters to contribute to the campaign’s voter database by logging names and background information of anyone from a family member to a stranger met at a bus stop." #privacy
https://www.nbcnews.com/politics/2020-election/bernie-sanders-2020-campaign-unveils-app-increase-its-voter-database-n999206
A Complete PureBoot Demo and More Progress!
https://puri.sm/posts/complete-pureboot-demo-and-more-progress/
This is arguably even more impactful than NIST's upgraded password policy recommendations, because far too many in IT ignore modern #infosec thought on password policy (among other things) and just apply the Microsoft recs. #defaultsmatter https://arstechnica.com/gadgets/2019/04/password1-password2-password-3-no-more-microsoft-drops-password-expiration-rec/
Apple marketing: We take privacy very seriously.
Apple stores: We install facial recognition and file a court summons based on computer matches.
https://www.cnet.com/news/teen-hits-apple-with-1b-lawsuit-over-facial-recognition-arrest/
Technical author, FOSS advocate, public speaker, Linux security & infrastructure geek, author of The Best of Hack and /: Linux Admin Crash Course, Linux Hardening in Hostile Networks and many other books, ex-Linux Journal columnist.