Post @post@qoto.org

#InfoSec FYI: There's a massive #typosquatting campaign targeting PyPI. Someone's clearly reached the automation section of "Black Hat Python" 🙄

This is the same actor as highlighted by Phylum yesterday - currently they're pushing a cryptostealer everywhere they can, but who knows what's next.

Recently, they've started typosquatting the following packages (& showing example typosquat):
* xlsxwriter (ex. xlsxwwriter)
* urllib3 (rllib3)
* simplejson (simplejsn)
* requests-toolbelt (requests-toollbelt)
* discord-webhook (disocrd-webhook)
* discord-py (discod-py)
* websocket-client (weebsocket-client)
* openpyxl (oepnpyxl)
* pillow (pilloow)
* click (clickk)
* pysocks (ysocks)
* psutil (psuil)
* gitpython (gitpythn)
* pycodestyle (pycodestye)
* prompt-toolkit (prompt-toolkiit)
* beautifulsoup (baeutifulsoup)

Reports headed out to PyPI soon.

If your company uses your own PyPI mirror, I'd recommend disallowing new packages released within the past ~week (as a general precaution, tbh).

While refactoring my personal #KnowledgeGraph I asked #ChatGPT what's the relation between #ObjectOrientedProgramming and #FunctionalProgramming.

I was expecting something in the line of opposition and alternative. But it replied "complementary".

Clever!

Cactus Comments - Federated Web Comments

https://cactus.chat

Cactus Comments is a federated comment system for the web, based on the Matrix protocol.

#Disqus #FreeSoftware #Alternative #Matrix

It’s just absolutely wrong. Households are struggling to pay to heat their homes and yet the fossil fuel companies are reporting record profits. I don’t know how the people that work for these companies can sleep at night, disgusting.

The great big Matrix 2.0 main-stage talk from #FOSDEM2023 is now available online! Come see how we're making Matrix go voom 🏎️ with the world first demo of iOS Element X beta; the Waterfall SFU for Element Call; P2P Matrix & scriptable Third Room in WebXR! https://www.youtube.com/watch?v=eUPJ9zFV5IE

I am glad that some of the finer points of protective reciprocal licensing (aka "#copyleft") are still recognized and discussed, even outside the software context.

IMO, the main goal of copyleft is to ensure that the same freedoms given to you are passed on to others, with no additional restrictions.
#FreeSoftware #OpenSource #FOSS #DnD #OGL
https://twitter.com/rsdancey/status/1622488085719285764

I wrote some code to estimate the gender ratio of speakers at #FOSDEM. My code looks at the personal pronouns used in the speaker biographies and if that fails it uses the gender-guesser Python library to guess the gender from the name.

There were 786 speakers, these are my results:

male: 656
female: 82
unknown: 48

If we ignore the unknowns then 12.5% of speakers are female.

#WomenInTech

@rbreich

You say oligarchy, I say plutocracy?

US and the world being buggered by the 1 percent fits.

The richest 1% took home nearly twice as much wealth as the rest of the world put together over the past two years.

Folks, this is what oligarchy looks like.

How does the Mastodon authentification work, and how does StreetPass make use of it?

In this screenshot you see that the link to my website has a green checkmark, showing that it is verified. While you can put any link in there that you want, you only get the green checkmark if you put a short line of code on your website. This line of code contains the link to your Mastodon account. If both sides refer to each other correctly, a green check shows up.

StreetPass for Mastodon takes the same idea, but applies it to the web instead. Every time you visit a website, you can make a connection with the owner of that website, if the website has registered a verification on Mastodon. All websites can now suddenly become potential social connections.

The Twitter API shutdowns show the fragility of social graphs that are siloed and owned by big private companies. A small part of the solution is to move the social graph to the web itself instead.

Been trying #Logseq again. Maturing nicely especially now there's mobile apps.

After the success of the Web and Wikipedia, you'd think people would have concluded that hypertext was a good idea earlier—better late than never.

Lotsa prior art (TiddlyWiki, VoodooPad, Org mode etc.) but we're now going through a Cambrian explosion of interesting hypertexty, wiki-ish tools for thinking, research and writing.

Privacy & lack of enterprisey VC nonsense (cf. Dropbox, Evernote) being the norm is good.

OpenStreetMap is in trouble

#Microsoft #Bing Map Builder “…has entered the ecosystem with parasitic intents … If no improvements at all happen, we should consider cutting off mapbuilder from the API, and we should consider starting a lawsuit over the copyright infringement. This is not a small hobby website which happened to have forgotten the attribution. This is a cancer that is starting to grow. This is designed to kill the community.”

By @pietervdvn #embraceExtendExtinguish #OpenStreetMap

@post @aral

I don’t know a lawyer, but if I understand it correctly, a permissive license means 1) companies like Google can bolt proprietary code onto your product and use it to make millions competing against you without any obligation to share or give back, and 2) you can lose out to a restrictively licensed fork the way Apache-licensed OpenOffice lost against LGPL-licensed LibreOffice, because LO could incorporate new OO features and improvements, but OO couldn’t incorporate new LO code.

@post @aral @Inno_3 is a law company specialized in #opensource, #opendata, #opengovernance and IP. They are highly skilled, efficient and also nice people 🙂

✨ @adamdbradley shows us Qwik City, a polished meta-framework to build modern apps. What makes it unique, is that it is powered by Qwik, which allows for very little, to no JS to be downloaded by users through the magic of resumability 🪄

🟣 https://youtu.be/dSLWJBGWigs

I have a feeling that big tech is going to hire an equivalent or more number of employees in countries with lower wages for all the employees they laid off in the US. Or they might replace permanent employees with contractors.

They will somehow find a way reducing wages or making the employment situation precarious.

@coffe F-Droid automatically picks up new releases and then builds the apps from their source. This is nice because you can be sure to get the same code as published by the developers. But this process takes a while. And once it is done it is not available instantly because the F-Droid index needs to be updated as well which only happens periodically. So it can take up to a few days until a release is available via F-Droid and there is nothing we as devs can do about it.