Michel Salim @michel_slm@floss.social

@vortex_egg We need to stop venerating tech.

You can organise events and groups on the Fediverse using @mobilizon, a free open source federated events platform from the makers of PeerTube. More info on the official website at:

https://joinmobilizon.org

There's also a list of recommended instances to sign up on at:

https://mobilizon.org

If you just want to try it out, there's a test site at https://demo.mobilizon.org which is reset every 24 hours.

You can follow Mobilizon accounts from Mastodon etc. For example, @radio27 is a Mobilizon account that recommends psychedelic rock concerts in Berlin.

Alternatively, Mobilizon accounts can also be followed through RSS/Atom or ICS/WebCal if preferred.

#Mobilizon #FediTips #Fediverse #Fedi #Events #Groups #Calendar #Activists #Activism #ActivityPub

Did you miss Molly de Blanc presenting "Predictive Modeling and Privacy"? You can watch it any time at https://seagl.org/archive/2021/predictive-modeling-and-privacy

#seagl #flossconf

https://www.nytimes.com/2022/01/21/technology/twitter-security-team.html

> Peiter Zatko, the head of security who is better known within the security community as “Mudge,” is no longer at the company, Twitter confirmed. Rinki Sethi, the chief information security officer, will depart in the coming weeks.

I can imagine several scenarios for how that might've gone down, and none of them reflect well on Twitter.

Per reporting at https://www.lemagit.fr/actualites/252512231/La-Croix-Rouge-attaquee-via-une-vulnerabilite-Zoho-ManageEngine-ADSelfService-Plus the vulnerability exploited to access #ICRC #RedCross data was CVE-2021-40539 for Zoho's ManageEngine server, which despite fixes being available since September, remained unpatched as of 12 January.

#privacy #infosec

Testing this TUI notes app like any mature adult would.

Oh dear... the Qt Company sure does seem to be going downhill... they're adding tools for advertising with Qt applications: https://www.qt.io/blog/monetizing-cross-platform-use-cases-faster-and-easier-with-qt-digital-advertising-platform

💻 I did a presentation today on the topic of "Funding Free Software projects in a transparent way"

🔗 The presentation is available here https://github.com/nicksellen/funding-transparency-presentation

🧵 I'll make a little thread here as a "fedi edition" of the presentation.

1/

How about no

Wine 7.0 Released with Support for New GPUs, Multiple Displays, and WoW64 https://9to5linux.com/wine-7-0-released-with-support-for-new-gpus-multiple-displays-and-wow64

Re-upping this:

I made a curated list of Rust command-line utilities. I only use a handful, but all of the ones I listed look interesting to me.

https://gist.github.com/sts10/daadbc2f403bdffad1b6d33aff016c0a

#rust

There's an iOS/iPadOS point release; a security fix for HomeKit, doesn't seem to apply to the other Darwin-derived OSs.

Little Bobby tables strikes again...!

"Impact: Processing a maliciously crafted HomeKit accessory name may cause a denial of service

Description: A resource exhaustion issue was addressed with improved input validation."

https://support.apple.com/en-us/HT213043

Most people in the UK seem to rely at least somewhat on facebook platforms. Most of those people have no idea what "ned to end encryption" means and some of them may be uncomfortable that advertisers, facebook and others are snooping on their private messages, most also imagine that they are either "uninteresting" personally or somehow immune to propaganda.

The Tory attack on facebook privacy is strategic for two reasons:
1. The people who really care about privacy are not using facebook messenger. Tories are not trying to ban Signal (yet), but are just making privacy inaccessible for most people. This is a similar strategy to how huge numbers of people in the US have lost access to abortion rights.

2. Tories are specifically invested in facebook because it is a social network and has worked extremely well in the past at manipulating people. They specifically want third parties, like advertisers or their PR campaigns, to be able to scan personal messages. This makes proaganda deployment more effective and will provide a basis as they build and expand upon privatised surveillance and manipulation.

"Smart contracts without Blockchains" by Paul Frazee

This is the kind of work I want to see more of. Take some of the interesting parts of "crypto" and make them, you know, not suck so much.

https://paulfrazee.medium.com/smart-contracts-without-blockchains-fc54603df754

@rysiek While hosted on a co.uk domain, please remember that the creator of wordle comes from the country of simplified English ;)

For multimedia content on Wikipedia (videos, 3d models, panoramic images) large third-party JS libraries get loaded up in main page context, increasing our security surface area significantly. Potential security review could hold up a new format's deployment easily.

If we can isolate the renderers into sandboxed iframes, though, a vuln or supply-chain attack on a library won't endanger the main Wikipedia site context. I think this'd be a big plus.