has gone too big, it should become independant from .

That way, instead of we could start saying G-MAFIA. 😄

Matthias Kirschner (from Europe) raised an interesting concern during his talk.

Some people might say: "I want a restrictive to the software I’m writing, to prevent 'bad guys'—e.g. the military, the Mafia—from using it."

Bad idea: if people are killing other people, software licences are probably not something they would really care about.

Better stick with licences that do not impose personal views about who and what purposes. (Copyleft is important, though.)

It is interesting to see how attacks are quickly mutating.

Today, hundreds of "GET /.aws/credentials" requests started popping up.

Show thread

In the past hours, I have seen a large number of requests in my log.

"GET /.env HTTP/2.0" 403 146 "-" "curl/7.58.0"

Hundreds of bots looking for the file, then going away. Most addresses resolve in compute.amazonaws.com

They are very obviously trying to get a config file. Is it still that old Laravel ?

#fosdem is around the corner. I've been attending since 2004. If you do anything computer related try to attend once in your life.

It feels good to live away from Windows machines. This is getting creepier every day.

Installing also installs a side executable that can search the hard drive and remove programs it thinks might interfere with the browser.

Remember: If you behave like malware, then you ARE malware.


I want to help non-technical friends to secure their clients with .

How shall we deal about expiry dates for GPG keys?

1) Teach them how to renew their keys
✅ They become self-supporting
❌ Way too complicated. Error-prone

2) I keep their private keys and do it for them
✅ Easy
❌ Unethical to potentially become a privacy-violator myself

3) Set a key that never expires (or in 10+ years)
✅ No need to worry
❌ What if their phones get stolen or hacked?

Any better idea?

Stand in solidarity with your favorite demonetized YouTuber,

upload NOTHING

December 10th-13th


fans know that "Correct Horse Battery Staple" is a strong .

I inadvertently saw a user applying the 4-word password principle in front of me:
– Teenage Mutant Ninja Turtles

I bet this opens the door to a new type of effective dictionary attacks.

Lesson for all of us: teach your users to be smart and never rely on simplistic rules.

After a lot of combined effort by the F-Droid community and the jitsi team the #Jitsi Meet app is now finally available on F-Droid:


🎉 🎉 🎉

updates are equisitely non-explicit.

—"The security of your device has been improved."
—"New / enhanced features"
—"Further improvements to performance".

No detailed information of any kind.
Maybe they assume we shouldn’t know.

Question for admins:
What is your recommended way to check for a new version of the code? v2.0.0 is coming soon.

I want to know when to upgrade, without having to open the CHANGELOG.md on github every day.

Perhaps I missed an obvious method, e.g. RSS/Atom feed.

So far, doing it with a cron job downloading peertube/releases/latest and parsing the value of tag_name. Alternatively, git fetch --tags.

This looks like patent trolling.

The project is being sued for allegedly infringing this patent in : patents.google.com/patent/US99

What is this patented "Wireless image distribution system and method"?

Basically, connecting your camera to your computer over Wi-Fi. 🙄

OK, this has become common on Mastodon.

You get a strange follower:
* Account on pawoo.net
* Description is in Japanese but the picture is a horny Caucasian girl
* 0 tools. Follows 5.5K people but has <10 followers herself
* Profile says she wants to talk to you through badoo or other dating site.

I bet it’s safe to ignore them.

Without admin rights, we can either mute their whole instance or select Lock account to approve all followers manually.

Any idea of better filter techniques?

(cacert.org) is not going well—they might close down at the end of the year.

They are looking for donations or other contributions (improve their wiki, become a sysadmin, board member, and many other small tasks).

ProTip : if you are good at Linux commands, they can make robust and easy to remember passwords.


A message to non-technical people who must speak in a conference.

Never tap the microphone to test whether it’s on. This will damage both the microphone and the speakers.

Always good to know: youtube-dl can also download any video on a instance.

Show more

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!