Serra @serra@qoto.org

My brain when I hear "Anderson plug"

📬 You've got mail! Germany's national postal service (Deutsche Post/DHL) has switched to OpenStreetMap for their public facing websites, https://deutschepost.de, https://dhl.de. 🎉🥳🎊🎁

#SwitchToOpenStreetMap #OpenStreetMap #OSM

@elly recently live streamed #linux kernel bring-up for the MediaTek MT8186 SOC (used in some Chromebooks supported by #postmarketOS).

The video title suggests there might be a part 2 🤞

https://www.youtube.com/watch?v=BZGmSaOBZY8

Brits ask “A penny for your thoughts?” and Americans respond with “Just my two cents”. At current exchange rates ($1.00 = £0.80) this means Brits are receiving 1.6p of American thoughts for just 1p. In this paper we propose an alternative asset pricing model for the marketplace of ideas, considering—

Then I threw the lines into Photoshop, applied the bucket tool, and ... good enough!

if I have a commit ID in git, does anyone know if there's a single git command that will tell me which tag(s)/branch(es)/remote-tracking branch(es) that commit corresponds to?

it's not:
- git describe
- git branch --contains

the only thing I can find is `git show --no-patch --format='%d' COMMIT_ID` but that's kind of a mouthful, and also it's formatted in kind of a weird way

Hey! Let's talk about #SSH and #security!

If you've ever looked at SSH server logs you know what I'm about to say: Any SSH server connected to the public Internet is getting bombarded by constant attempts to log in. Not just a few of them. A *lot* of them. Sometimes even dozens per second. And this problem is not going away; it is, in fact, getting worse. And attackers' behavior is changing.

The graph attached to this post shows the number of attempted SSH logins per day to one of @cloudlab s clusters over a four-year period. It peaks at about 3.4 million login attempts per day.

This is part of a study we did on our production system, using logs of more than 640 million login attempts, covering more than 1,500 hosts on our side and observing more than 840 thousand incoming IP addresses.

A paper presenting our analysis and a new, highly effective means to block SSH brute force attacks ("Where The Wild Things Are: Brute-Force SSH Attacks In The Wild And How To Stop Them") will be presented next week at #NSDI24 by @sachindhke . The full paper is at https://www.flux.utah.edu/paper/singh-nsdi24

Let's dive in. 🧵

Last year, the @sovtechfund fund invited us, the Sequoia PGP Project, to join their new Bug Resilience Program.

Today, I'm pleased to announce that we are publicly launching our bug bounty program with rewards of up to €10,000 for novel, security-relevant issues in Sequoia applications, libraries, or specifications. #pgp

https://sequoia-pgp.org/blog/2024/04/10/202404-bug-bounty/

Fresh results from another guaranteed basic income pilot. This time from Seattle's King County where 102 people got $500/mo for 10 months.

Employment nearly doubled from 37% to 66%

Average income from jobs went up by $410/mo

Retirement plans nearly tripled

Percent with any savings of those with kids went from 0% to 42%

Percent with any savings of those without kids went from 24% to 35%

Participants also reported gains in health and well-being
https://www.seakingwdc.org/latest-news/gbi-report

At Sovereign Tech Fund, we're following the #xz incident closely and listening to the many voices in the #FOSS maintainer community.

What's clear to us is that the xz incident shows the need for structural change:

https://www.sovereigntechfund.de/news/xz-structural-change

#Redict 7.3.0 is now available

https://redict.io/posts/2024-04-03-redict-7.3.0-released/

Please help spread the word! 🎉

An dieser Stelle sei einmal auf Adriana Groh von Sovereign Tech Fund / Prototype Fund verwiesen, die im Kontext dieser #xz Affäre vorbildhaft wichtige Arbeit leistet.

Wenn Ihr zum Thema schreibt solltet Ihr auch über sie schreiben.

people throwing away half of the actual lessons you should be learning from the xz backdoor and instead going "systemd caused this by having integration with sshd" or "distributions caused this by using the systemd sshd integration" I'm going to fucking scream do you not understand that the open source software supply chain and thus half the tech landscape is always 2 steps from collapsing due to a backdoor like this potentially actually going under the radar for months (years?). if you have a backdoor like this in any fucking library that could maybe have a vector somewhere then god forbid when it's not related to systemd. where's your scapegoat then. grow a spine

a major xz/liblzma backdoor was revealed today: https://www.openwall.com/lists/oss-security/2024/03/29/4

the positive part is that we are not affected (several compile-time preconditions are not met for the backdoor to even get compiled in, such as gcc compiler, gnu linker, ifunc support, linux-gnu triple) and neither is our infrastructure (there are a couple debian servers, still on xz 5.4)

that said, everyone check their systems (whatever they are) and stay safe :)

My article for The Guardian just dropped.

"With no changes to how the industry operates and no watchdogs to check the abuse and greed that have defined it over its now-15 years of existence, we are doomed to see history repeat itself. More Bankman-Frieds will emerge to take his place, drawn by the promise of easy money and the low likelihood of consequences."

https://www.theguardian.com/global/commentisfree/2024/mar/28/sam-bankman-fried-prison-crypto-regulation

Serious question: Which do you consider to be the *least* unethical among very-big-tech companies (let's say top 10 only), and why?

No judgement, just for statistical purposes!

@stacyharper on the WFS forums on their fossbill billing platform:

https://discourse.writefreesoftware.org/t/share-third-party-services-saas-that-we-should-know-about/167/2?u=ddevault

"Jimmy Carr in seinem Netflix-Special. Der fragt am Anfang das Publikum: Fanden Sie auch, dass die Corona-Maßnahmen zu hart waren? Das Publikum raunt zustimmend. Jimmy: "Das finden viele der Überlebenden!""

https://blog.fefe.de/?ts=98ff9892
#Corona