Citation du jour, de ma pomme, pour une collègue :
"Windows ce n'est pas un truc de Winners..."
...de rien !
c'est sous licence WTFPL : https://fr.wikipedia.org/wiki/WTFPL
Wir sind dieses Wochenende nur durch unglaubliches Glück und extrem knapp an wohl einer der grössten Katastrophen rund um die globale IT-Sicherheit vorbeigeschrammt.
Phuh! Doch — was ist eigentlich passiert? Wie konnte das überhaupt geschehen? Und was können (und müssen) wir tun, um dies zukünftig zu vermeiden?
Durch Good-Cop/Bad-Cop-Taktiken wurden Softwareentwickler dazu gedrängt, subtil versteckte Sicherheitslücken einzubauen. Wie können wir das zukünftig vermeiden?
.
1️⃣ Vereinfachung/Reduzierung von Programmen und Abhängigkeiten
2️⃣ Mehr Wertschätzung und Unterstützung für die Open-Source-Entwickler
3️⃣ Bessere Kontrolle, aber ohne Belastung für die Entwickler
4️⃣ Angewandtere Ausbildung
Was sind eure Ideen dazu? Freue mich auf Feedback!
The compression utility, known as xz Utils, introduced the malicious code in versions 5.6.0 and 5.6.1, according to Andres Freund, the developer who discovered it. There are no known reports of those versions being incorporated into any production releases for major Linux distributions, but both Red Hat and Debian reported that recently published beta releases used at least one of the backdoored versions—specifically, in Fedora Rawhide and Debian testing, unstable and experimental distributions. A stable release of Arch Linux is also affected. That distribution, however, isn't used in production systems.
Because the backdoor was discovered before the malicious versions of xz Utils were added to production versions of Linux, “it's not really affecting anyone in the real world,” Will Dormann, a senior vulnerability analyst at security firm Analygence, said in an online interview. “BUT that's only because it was discovered early due to bad actor sloppiness. Had it not been discovered, it would have been catastrophic to the world.”
So now that we all understand that thanklessly relying on free work of overworked maintainers is a problem, how about we put our money where our mouth is?
I think @AndresFreundTec needs a fat bonus check for saving our asses.
And Lasse Collin needs a lot of support, and probably a nice vacation.
I pledge $100, for starters.
Now how can we make sure to send the funds to the correct people?
All my litmus tests are fallible, but a focus on community & sustainability is my guideline now.
It's frustrating and ironic that the most polished community projects are probably the ones suffering internally from the most fucked up incentives. The capitalist screws are being tightened, I imagine news of projects failing their communities will become even more commonplace before we make necessary corrections.
Went all black with the case. New screen and battery and a 64GB CF card for storage. Dumped my #Bandcamp collection as FLACs on there to run through #Rockbox
#Mastodon grew up, there are much more people here now. Time to resurrect #LibreMonday hashtag! Share your favourite #libre, free and/or #opensource softwares, games or works next Monday! I hope we'll have plenty of great stuff here :blobcheerbounce: #freesoftware#FLOSS
#AI#GenerativeAI#LLMs#OpenSource#FLOSS: "It’s important to understand why companies setting themselves up as open-source champions are reluctant to hand over training data. Access to high-quality training data is a major bottleneck for AI research and a competitive advantage for bigger firms that they’re eager to maintain, says Warso.
At the same time, open source carries a host of benefits that these companies would like to see translated to AI. At a superficial level, the term “open source” carries positive connotations for a lot of people, so engaging in so-called “open washing” can be an easy PR win, says Warso.
It can also have a significant impact on their bottom line. Economists at Harvard Business School recently found that open-source software has saved companies almost $9 trillion in development costs by allowing them to build their products on top of high-quality free software rather than writing it themselves." https://www.technologyreview.com/2024/03/25/1090111/tech-industry-open-source-ai-definition-problem/
Just one week left to apply for a talk at Drupal Iberia by Spanish Drupal Association and Portuguese Drupal Association on 10-11 May 2024 in #PACT - Parque do Alentejo de Ciência e Tecnologia in #Évora, #Portugal
Interested in #FOSS but haven't taken the time to explore it? Or familiar but wanting to dive deeper? Have no idea what that is, but are interested in decreasing your reliance on evil corporations?
If any of the above, check out the #30DayFOSSChallenge. In April I will be posting all about it, and encouraging others to join me. Hope you come along for the journey.
Mal was anderes: Welchen Video-Editor könnt Ihr unter Linux (Ubuntu) aktuell wirklich empfehlen? Also einigermaßen ergonomisch nutzbar, keine spontanen Abstürze.. (weder beim Start, noch erst ab einer fortgeschrittenen Projektgröße , und auch nicht erst beim exportieren !!!)
Unsere letzte Folge ist zwar schon etwas her, aber wer sie noch nicht gehört hat: Wir sprachen u.a. über #KiCad 8.0 – #Electronics#Design#Automation mit vielen
New on // foss.events: Drupal Iberia by Spanish Drupal Association and Portuguese Drupal Association on 10-11 May 2024 in #PACT - Parque do Alentejo de Ciência e Tecnologia in #Évora, #Portugal