Ukraine ready to give up lost territories to settle conflict
Ukraine ready to give up lost territories to settle conflict
TEHRAN, Aug. 12 (MNA) – Ukraine may give up the territories it had already lost in order to end the war, a British newspaper wrote.Mehr News Agency
Ukrainian prisoners of war demanded an “honest” exchange from Zelenskyy
Ukrainian prisoners of war demanded an "honest" exchange from Zelenskyy
More than a thousand Ukrainian prisoners of war have appealed to Volodymyr Zelenskyy to establish a systematic exchange.newsmaker newsmaker (English News front)
like this
Uso da Inteligência Artificial na Administração Pública de SC em pauta na ALESC
Está em pauta hoje (13/8), na ALESC – Assembleia Legislativa de Santa Catarina, um Projeto de Lei de autoria do deputado Mário Motta que dispõe sobre “os princípios e diretrizes para o uso da Inteligência Artificial no âmbito da Administração Pública Estadual“, e estabelece outras providências. O texto do PL pode ser acessado aqui (arquivo PDF).
O PL estabelece critérios importantes, como “não discriminação”, “transparência” e “auditabilidade”, mas conta com o seguinte texto no Art. 7°: “O Poder Público facilitará a adoção de sistemas de inteligência artificial na Administração Pública e na prestação de serviços públicos, visando à eficiência e à redução dos custos”. Como seria essa facilitação? Como comentou o amigo e engenheiro de dados Cudo, essa “redução de custos” também é outro ponto que precisa de mais atenção, pois pode até gerar mais custos, além de questões como a necessidade de capacitação dos servidores.
Mas o que mais me chamou a atenção é a necessidade de priorizar (ou até condicionar) o uso de IAs desenvolvidas no Brasil e, de preferência, em código aberto, que é auditável de fato e transparente, já que se trata da utilização de informações estatais. Em tempos de debate sobre a soberania digital, seria um ponto fundamental.
O ideal mesmo seria realizar uma audiência pública com pesquisadores, representantes da academia e organizações do terceiro setor dedicadas ao assunto.
Início - Soberania Digital
Rede para debates, trocas de informações e organização de ações pela Soberania Digital. Sua participação é fundamental para construirmos um futuro digital!Diego (Soberania.digital)
reshared this
I started losing my digital privacy in 1974, aged 11
We already live in a world where pretty much every public act - online or in the real world - leaves a mark in a database somewhere. But how far back does that record extend? I recently learned that record goes back further than I'd seriously imagined.On my recent tour of the United States (making it through immigration checks in record time, thanks to facial recognition), I caught that bug, the same one that brought the world to a halt half a decade ago. But I caught it early, so I knew that I could probably get some treatment.
That led to a quick trip to an 'Urgent Care' - the frontline medical center for most Americans. At the check-in counter, the check-in nurse asked to see some ID, so I handed over my Australian driver's license. The nurse looked at the license and typed some of the info on it into a computer, then they looked up at me and asked: "Are you the same Mark Pesce who lived at...?" and then proceeded to recite an address that I resided at more than half a century ago.
Dumbstruck, I said, "Yes...? And how did you know that? I haven't lived there in nearly 50 years. I've never been in here before - I've barely ever been in this town before. Where did that come from?"
"Oh," they replied. "We share our patient data records with Massachusetts General Hospital. It's probably from them?"
I remembered having a bit of minor surgery as an 11 year old, conducted at that facility. 51 years ago. That's the only time I'd ever been a patient at Massachusetts General Hospital.
Good thing we're paying for all these data centers!
I started losing my digital privacy in 1974, aged 11
Column: An encounter with the healthcare system reveals sickening decisions about dataMark Pesce (The Register)
Can i customize LibreWolf like this?
Here's how LibreWolf currently looks for me. Aside from the sidebar and some stuff removed from the toolbar, it's pretty standard.
And here's how i'd like it to look, with no toolbar and less stuff in the sidebar.
The back/forward/reload buttons are moved to the top of the sidebar. The window controls are moved to the bottom of the sidebar. Settings & history are replaced by bookmark and menu. And keyboard shortcuts exist to access the address bar, like in Links.
This layout saves space for the content of pages and relies more on keyboard shortcuts and less on the mouse.
Is this possible without making my own Firefox fork?
More tools -> Customize toolbar you can set up that layout AFAIK.
UK Government expands police use of live facial recognition vans
Government expands police use of live facial recognition vans
The Home Office says the technology helps locate suspects but civil liberties groups warn of heightened surveillance.BBC News
geneva_convenience likes this.
[Episode] Turkey! Time to Strike • Turkey! - Episode 6 discussion
Turkey!, episode 6
::: spoiler Alternative Names
ターキー!
:::
::: spoiler Additional Links
- Info - AniList
- Info - Kitsu
- Info - MyAnimeList
- Info - Official Site (Japanese)
- Social - Twitter (Japanese)
- Streaming - Crunchyroll
:::
All discussions
| Episode | Link |
|---|---|
| 1 | Link |
| 2 | Link |
| 3 | Link |
| 4 | Link |
| 5 | Link |
| 6 | Link |
This post was created by a bot. Message the mod team for feedback and comments.
The original source code can be found on GitHub.
Turkey!
At the bowling club of Ikkokukan High School in Nagano Prefecture, Mai, the club captain, prioritizes everyone's enjoyment over winning. However, her passionate junior, Rina, declares, "I want to win.MyAnimeList.net
China bans agencies and individuals from dealing with 2 EU banks
China bans agencies and individuals from dealing with 2 EU banks
The move is seen as countermeasure against financial sanctions imposed on two small Chinese lenders by 27-member bloc.Ji Siqi (South China Morning Post)
LAPD Eyes ‘GeoSpy’, an AI Tool That Can Geolocate Photos in Seconds
LAPD Eyes ‘GeoSpy’, an AI Tool That Can Geolocate Photos in Seconds
📄
This article was primarily reported using public records requests. We are making it available to all readers as a public service. FOIA reporting can be expensive, please consider subscribing to 404 Media to support this work. Or send us a one time donation via our tip jar here.The Los Angeles Police Department (LAPD) has shown interest in using GeoSpy, a powerful AI tool that can pinpoint the location of photos based on features such as the soil, architecture, and other identifying features, according to emails obtained by 404 Media. The news also comes as GeoSpy’s founder shared a video showing how the tool can be used in relation to undocumented immigrants in sanctuary cities, and specifically Los Angeles.
The emails provide the first named case of a law enforcement agency showing clear interest in the tool. GeoSpy can also let law enforcement determine what home or building, down to the specific address, a photo came from, in some cases including photos taken inside with no windows or view of the street.
“Let’s start with one seat/license (me),” an October 2024 email from an LAPD official to Graylark Technologies, the company behind GeoSpy, reads. The LAPD official is from the agency’s Robbery-Homicide division, according to the email. 404 Media obtained the emails through a public records request with the LAPD.
Upgrade to continue reading
Become a paid member to get access to all premium content
UpgradeLAPD Eyes ‘GeoSpy’, an AI Tool That Can Geolocate Photos in Seconds
Emails obtained by 404 Media show the LAPD was interested in GeoSpy, an AI tool that can quickly figure out where a photo was taken.Joseph Cox (404 Media)
What's up with this straight up pro-china and pro-russia stuff on Lemmy lately?
What's up with this straight up pro-china and pro-russia stuff on Lemmy lately?
It's not even praising the people of China and Russia, but rather their gov directly.
Obviously the states have problems, and the EU to a lesser degree, but they at least have some human rights.
Is this some kind of organized disinformation campaign?
like this
Unionized Workers At Arkane, A Microsoft-Owned Studio, Demand That Microsoft Divest From Israel’s ‘Sinister Project For Gaza’ - Aftermath
Unionized Workers At Arkane, A Microsoft-Owned Studio, Demand That Microsoft Divest From Israel’s ‘Sinister Project For Gaza’ - Aftermath
"We think that Microsoft has no place being accomplice of a genocide"aftermath.site
like this
Feddit Un'istanza italiana Lemmy reshared this.
Unionized Workers At Arkane, A Microsoft-Owned Studio, Demand That Microsoft Divest From Israel’s ‘Sinister Project For Gaza’ - Aftermath
Unionized Workers At Arkane, A Microsoft-Owned Studio, Demand That Microsoft Divest From Israel’s ‘Sinister Project For Gaza’ - Aftermath
"We think that Microsoft has no place being accomplice of a genocide"aftermath.site
reshared this
Unionized Workers At Arkane, A Microsoft-Owned Studio, Demand That Microsoft Divest From Israel’s ‘Sinister Project For Gaza’ - Aftermath
Unionized Workers At Arkane, A Microsoft-Owned Studio, Demand That Microsoft Divest From Israel’s ‘Sinister Project For Gaza’ - Aftermath
"We think that Microsoft has no place being accomplice of a genocide"aftermath.site
like this
reshared this
As much as I want this to build into something that causes sought after divestment. The cynic that I am expects that some bean counter is going to report that Genocide is more profitable.
I also fully expect those employees that bravely stood up for this cause will find themselves laid-off in the coming weeks for completely unrelated reasons.
Headaches with signal propagation when piping in a Docker container
Recently at work I've been thrown into running some Python scripts in a Docker container (all previous Docker-experience is limited to pulling images from container registries to host some stuff at home). It's a fairly simple script, but I want to do two things simultaneously that I have so far been unable to accomplish: redirecting some prints to a file while also allowing the script to run a cleanup process when it gets a SIGTERM. I'm posting this here because I think this is mainly signal handling thing in Linux, but maybe it's more Docker specific (or even Docker Swarm)?
I'm not on my work computer now, but the entrypoint in the Dockerfile is basically something like this:
ENTRYPOINT ['/bin/bash', '-c', 'python', 'my_script.py', '|', 'tee', 'some_file.txt']Once I started piping, the signal handling in my script stopped working when the containers were shut down. If I understood it correctly it's because
tee becomes the main process (or at least the main child of the main process which is bash?) and Python is deferred to the background and thus never gets the signal to terminate gracefully. But surely there must be some elegant way to make sure it also gets it?And yes, I understand I can rewrite my script to handle this directly, and that is my plan for work tomorrow, but I want to understand this better to broaden my Linux-knowledge. But my head was spinning after reading up on this (I got lost at trap), and I was hoping someone here had a succinct explanation on what is going on under the hood here?
isn't the argument after bash -c supposed to be one string of the command to be run?
e.g.
bash -c "echo hello"
Archaeologists Uncover Majestic Eastern Baths in Ancient Roman Ilici
Archaeologists Uncover Majestic Eastern Baths in Ancient Roman Ilici
After nearly a decade of meticulous research, the archaeological team from the University of Alicante (UA) hasGuillermo Carvajal (La Brújula Verde)
Russia has withstood sanctions – Maduro
Russia has withstood sanctions – Maduro
Venezuelan leader has denounced Western policies of economic blockade and forced restrictionsRT
Do people in China really think this?
Turn on Fox News, or Left comedy shows. Or major influencers.
The Americans biggest threat is… Americans. Specifically the other side. I haven’t heard mega conservative or mega liberal family, or anyone, even utter the word “China” in a while. Honestly the only place I see it now is finance news, and they are just jawboning to move stocks anyway.
Trump and senators do say it sometimes I guess, but TBH it’s mostly on deaf or bored ears.
Can’t speak for the UK, but I imagine they are starting to look across the pond with worry.
China's green energy boom could spell the end of the fossil fuel age
ABC News
ABC News provides the latest news and headlines in Australia and around the world.Jo Lauder (Australian Broadcasting Corporation)
like this
Technology reshared this.
Oh come on! Cheetolini knows best that fossil fuels are the future. All this woke green energy talk.
~I'm case I have to spell it out, I'm being sarcastic.~
Vanishing Culture: Why Preserve Flash? [Internet Archive Blogs]
Flash flew across the mid-2000s internet sky in a blaze of glory and unbridled creativity. It was the backbone of menus and programs and even critical applications for working with sites. But by 2009, bugs and compatibility issues, the introduction of HTML5 with many of the same features, and a declaration that Flash would no longer be welcome on Apple’s iOS devices, sent Flash into a spiral that it never recovered from.But thanks to the Archive’s emulation, Flash lives again, at least as self-contained creations you can play in your browser.
What emerges, as thousand of these Flash animations and games arrive, is what part it played in the lives of people now in their twenties and thirties and beyond. “Almost like being given a moment to breathe, or to walk into a museum space and see distant memories hung up on walls as classic art,” our patrons wrote in.
Book Talk: Lucky Day with Chuck Tingle (IN-PERSON)
The Internet Archive is thrilled to host Chuck Tingle and his upcoming novel Lucky Day, for a book talk presented by The Booksmith! We can\'t wait to see you there, […]\nblog.archive.org
Technology reshared this.
Gaming on Linux hasn't been great so far...
tl;dw their performance numbers don't match up to what we've seen in the past. Some pretty significant decreases in performance over Windows. I think there's clearly some sort of configuration error there. They also ran into the old dual-boot problem where Windows overwrites the Linux partition.
In my opinion this is lazy and irresponsible reporting. I don't at all mean to discount his experience, they are legitimate concerns, and it's fine to show the struggles of using Linux, but it's very clear he (admittedly) doesn't know what he's doing, and they need to consult an expert (or even a casual user) to figure out what the problem is before reporting. He said in the last video that Bazzite reached out to him to let them know if he has any problems so they could help but he obviously did not do that. As is, it just makes Linux/Bazzite look bad.
I hope he follows up with another video discussing the solutions.
What do you think?
- YouTube
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.www.youtube.com
like this
they should buy a second ssd if they want to dual boot Linux
It's actually not necessary, I've been dual-booting on the same system drive for years without any issues at all.
The only thing that's strictly necessary in that case is knowing darn well what you're doing.
China's green energy boom could spell the end of the fossil fuel age
ABC News
ABC News provides the latest news and headlines in Australia and around the world.Jo Lauder (Australian Broadcasting Corporation)
like this
Cancer scientist Feng Gensheng leaves US for China as Trump cuts funding
Cancer scientist Feng Gensheng leaves US for China as Trump cuts funding
Feng, whose work focuses on liver cancer and immunotherapy, will lead research institute at Shenzhen Bay Laboratory after 40 years abroad.Shi Huang (South China Morning Post)
like this
Are these two rar files malware? (virustotal results)
Does anyone know if these two files are considered malware?
I see a lot of things in the behavior tab that seem suspicious (but then again, I have no idea, and am relatively new/dumb).
Here are the images of the virustotal results I am referring to:
Also, I did see there was an noticeable slowness to my pc after I extracted the rar files (I was in a VM).
Thank you.
like this
There are some suspicious things going on like the qcloud and counter-strike domains, as well as the 7zip extract being run.
I would probably get rid of it.
Malware or not, remember to update WinRAR
arstechnica.com/security/2025/…
High-severity WinRAR 0-day exploited for weeks by 2 groups
Exploits allow for persistent backdooring when targets open booby-trapped archive.Dan Goodin (Ars Technica)
Kiev downplays Putin-Trump summit
Kiev downplays Putin-Trump summit
The two leaders can’t make any deals on Ukraine without it, Vladimir Zelensky has claimedRT
White House to host UFC fight night on 4 July
White House to host UFC fight night on 4 July
The fight is set to be part of a series of events commemorating the 250th anniversary of the founding of the United States.Christal Hayes and Jake Lapham (BBC News)
OneXPlayer Super X: New AMD Strix Halo gaming handheld teased with convertible design
OneXPlayer Super X: New AMD Strix Halo gaming handheld teased with convertible design
The OneXPlayer Super X has been officially teased. Sticking with a similar design to the other X-series devices, it's a convertible gaming handheld but with the AMD Ryzen AI Max+ 395, which brings the powerful Radeon 8060S iGPU.Abid Ahsan Shanto (Notebookcheck)
Technology reshared this.
Are distros really different or is it more about preference?
I've been working and testing to switch my main PC (used for work like audio recording, music, and general multimedia) and have been playing with Ubuntu Studio on my laptop. Loving it so far but I keep seeing people talk about CachyOS, Bazzite, or the new Debian Trixie.
I'm having trouble finding what's really different about all these distros aside from how they look or slight changes in how they do things (I know Ubuntu Studio has a low latency kernel which seems important for what I need to do). Is there a big difference? Like, if I go with Ubuntu Studio am I gonna end up wiping everything and installing CachyOS or Bazzite or something in a month because it's better? Or are all these distros basically the same thing with a different look and feel and as long as I choose one that gets regular updates, it doesn't matter fundamentally?
I'm trying to grasp the Linux concept but being a Windows user my whole life I'm struggling to 'get it'. Instead of trying to understand in the contex of Windows or Mac, is a better comparison Apple/Android? Like iPhones would be similar to both Mac and Windows (you don't get to choose much) and Android would be Linux (I know it's built on it haha) and it's really just a bunch of different options to do the same thing?
like this
Really they all work the same as long as they're based on the same OS. I've done a lot of distro hopping and the only real difference I've seen is the desktop environment, package managers(sometimes), and pre-installed applications.
Even then, all of these can be changed. I would suggest picking a distro that best suits your needs by default and then add what you need from there.
I personally have been really happy with Linux Mint.
Debian +openbox is Mighty
This is not a tutorial. This is a way.
Debian +OpenBox is (a) the way. My system is a lenovo p53s laptop; nvidia remains unused because I only play Nexuiz, if I do. Yesterday I had a couple minutes so I downloaded a new trixie netinstaller iso and burn'd it to a usb stick, to which I booted into immediately, for the installing.
You can simply hold the enter key down and proceed through the installer and be magically booted into debian, if you like. Don't do that, though, that's crazy, and, I'm lying. Change these: networking, partitions, software. Networking is no big deal to mess with, or not, I use ethernet, so, I use a static local IP, therefore I don't allow the installer to auto-negotiate anything. Only occasionally do I use wifi, I act accordingly when I need it. Let it auto if you like, it's cool.
Root is allowed, absolutely.
I have a separate /home partition and I like it that way - do the same, smile later when it hits you. I have an nvme drive and I use ext4, with discard and noatime, for the root partition and xfs for /home, with noatime. ANd when the installer gets to (tasksel) the software part of the show, I uncheck everything other than typical system stuff, near the bottom. Do the same.
Installing debian is simple, clean, and fast. Upon rebooting there is nothing but a prompt if you do it this way, which, is the correct way. Let's build-up the sexy real quick.
I log in as root and install sudo and aptitude, which I have not added to kevin, for reasons. Then, still as root, I: visudo, and add my user beneath the existing root user down the file:
me ALL=(ALL:ALL) NOPASSWD:ALL
Then I log out of root and in as me to run the kevin bash script which installs the stuff I need to maintain penultimate level boredom. I run it like: sudo kevin.sh - Here's the guts to kevin, probably with some redundancy:
#!/bin/bash
# check root
[ "$(id -u)" -ne 0 ] && { echo "Must run as root" 1>&2; exit 1; }
# Install packages
echo -e "\e[1mInstalling packages...\e[0m"
[ "$(find /var/cache/apt/pkgcache.bin -mtime 0 2>/dev/null)" ] || apt-get update
apt-get -y install xorg openbox lxpanel thunar thunar-archive-plugin intel-microcode claws-mail polkitd xinit intel-media-va-driver-non-free va-driver-all
apt-get -y install curl feh bat lsd diodon nvtop unclutter numlockx wget whois mesa-utils mesa-va-drivers mpg123 alsa-utils ffmpeg bc jq libnotify-bin mc lshw lsof ncal ncdu inxi psmisc s-tui sed cpufetch dfc sysstat tar unzip zip x11-xserver-utils htop apt-utils at upower pwgen usbutils vnstat xpdf oxygencursors gpicview jpegoptim libimage-exiftool-perl
apt-get -y install tango-icon-theme keepassxc dbus-x11 lxappearance obsession scrot gvfs-backends arandr menu menu-xdg pnmixer bogofilter bleachbit gifsicle
apt-get -y install geany geany-plugins claws-mail-bogofilter lynx alacritty claws-mail-fancy-plugin claws-mail-pgpmime claws-mail-tools claws-mail-pgpinline claws-mail-vcalendar-plugin
apt-get -y install rsync fastfetch cpufetch cbatticon xscreensaver gpicview xscreensaver-gl xscreensaver-gl-extra fd-find libxml2-utils starship pulseaudio
apt-get -y install meld mintstick ips seahorse tldr mpv net-tools neverputt gnome-characters gparted pkexec xclip gsimplecal
apt-get -y install hwinfo iftop imagemagick acpi lm-sensors python3-pexpect pwgen s-tui sensible-utils catfish iotop pithos
apt-get -y install xdg-user-dirs-gtk xdg-utils xdotool unzip usbutils util-linux vym yelp zenity zip silversearcher-ag galternatives
apt-get -y install planner libreoffice libreoffice-gtk3 xfce4-screenshooter smartmontools gimp obsidian-icon-theme orage gmrun synaptic yad zim bashtop grc duf
I have a smoke as kevin does its thing. I arrive back at the prompt, system installed.
I do more:
sudo update-alternatives --install /usr/bin/x-file-manager x-file-manager /usr/bin/thunar 210
sudo update-alternatives --install /usr/bin/x-text-editor x-text-editor /usr/bin/subl 210
sudo update-alternatives --install /usr/bin/x-terminal-emulator x-terminal-emulator /usr/bin/alacritty 210
I might use kitty instead, which is usual
sudo dpkg-reconfigure tzdata
I have saved stuff:
sudo cp -R .local/share/fonts/* /usr/share/fonts/
sudo cp -R .local/share/themes/* /usr/share/themes/
sudo cp -R .local/share/icons/Dracula/ /usr/share/icons/
curl -s 'https://liquorix.net/install-liquorix.sh' | sudo bash
echo "vm.dirty_background_ratio=20" | sudo tee -a /etc/sysctl.conf
echo "vm.dirty_ratio=60" | sudo tee -a /etc/sysctl.conf
I might change swappiness, too
put the following in /etc/fstab:
tmpfs /tmp tmpfs defaults,noatime,mode=1777 0 0
tmpfs /var/spool tmpfs defaults,noatime,mode=1777 0 0
tmpfs /var/tmp tmpfs defaults,noatime,mode=1777 0 0
tmpfs /var/log tmpfs defaults,noatime,mode=1777 0 0
I like the following 3 proggys so:
sublime text:
wget -qO - https://download.sublimetext.com/sublimehq-pub.gpg | sudo tee /etc/apt/keyrings/sublimehq-pub.asc > /dev/null
echo -e 'Types: deb\nURIs: https://download.sublimetext.com//nSuites: apt/stable/\nSigned-By: /etc/apt/keyrings/sublimehq-pub.asc' | sudo tee /etc/apt/sources.list.d/sublime-text.sources
Then, update and install sublime.
firefox:
wget -q https://packages.mozilla.org/apt/repo-signing-key.gpg -O- | sudo tee /etc/apt/keyrings/packages.mozilla.org.asc > /dev/null
echo "deb [signed-by=/etc/apt/keyrings/packages.mozilla.org.asc] https://packages.mozilla.org/apt mozilla main" | sudo tee -a /etc/apt/sources.list.d/mozilla.list > /dev/null
update, install firefox
phoenix:
echo 'deb https://download.opensuse.org/repositories/home:/celenity/Debian_12/ /' | sudo tee /etc/apt/sources.list.d/home:celenity.list
wget -O- https://download.opensuse.org/repositories/home:celenity/Debian_12/Release.key 2>/dev/null | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_celenity.gpg > /dev/null
update, install phoenix
I add:
eval "$(starship init bash)"
to root .bashrc, for the pretty.
I install loginfetch from marcov's script, sans physlock:
script is here, unmodified.
I remove the following after installing the sexy: exim*, xdg-desktop-portal, and xdg-desktop-portal-gtk
I modify /etc/default/grub thusly:
GRUB_CMDLINE_LINUX_DEFAULT="quiet mitigations=off"
You may want to leave grub alone.
randomly, when I log into a gui, I: sudo lxappearance and choose to make root apps comply.
I have a wicked: ~/.bashrc and also: ~/.bash_aliases, ~/.bash_functions. My: ~/.config/openbox rc.xml and menu.xml are fully tweaked and wicked, my ~/bin dir is full of handy scripts; I want for nothing. Firefox opens in ~ a second with win+b, which is the slowest app to open. I maintain: starship, kitty, et al. config files. I back stuff up to a usb stick with a handy rsync alias.
This has been my desktop for ~ 20 years - completely reliable and functional top'd with kill-me-now boring.
debian-openbox/script_loginfetch/install.sh at master · leomarcov/debian-openbox
Script to install a full Openbox environment on Debian - leomarcov/debian-openboxGitHub
like this
EnteAuth (and a bunch of other FOSS) take Microsoft's "free" money
cross-posted from: lemmy.dbzer0.com/post/51040952
I'm moving away from using products by big tech and I recently started using EnteAuth for 2FA. Today I got an email from them saying that they received money as part of GitHub's secure open source fund. Maybe I'm just being paranoid but I do not like this at all. Microsoft is not altruistic I don't care what anyone says. There has to be an ulterior motive for this. With even the recent news that github won't be so independent anymore and they're getting folded into the Microsoft umbrella this has me worried. But let's be real github was never independent just look at copilot being forced down everyone's throat. That's why I personally stopped using it.
According to the fund
Throughout this program, each project receives $10,000 USD via GitHub Sponsors (which breaks down to $6,000 USD during the sprint and $2,000 USD at 6- and 12-month security check-ins). Projects are also invited to a new security focused community, and office hours with the GitHub Security Lab, that they can take advantage of during the full 12 months. They also receive security resources to immediately implement in their project and Azure credits for cloud infrastructure.
Those sponsors include
Alfred P. Sloan Foundation, American Express, Chainguard, Datadog, Herodevs, Kraken, Mayfield, Microsoft, Shopify, Stripe, Superbloom, Vercel, Zerodha, 1Password
Projects that are part of this even include nodejs, nvm, log4j, JUnit, and Matplotlib. Taking cybersecurity seriously is great but this just seems like a way to sucker them into their ecosystem to get them dependent on their products. Like I said maybe I'm being paranoid but I wouldn't be surprise when Microsoft suddenly buys these projects and we lose what made them so great.
Securing the supply chain at scale: Starting with 71 important open source projects - The GitHub Blog
Learn how the GitHub Secure Open Source Fund helped 71 open source projects significantly improve their security posture.Kevin Crosby (The GitHub Blog)
Technology reshared this.
You may as well just stop using computers all together, bud 🤣
I don't mean to ruin your world view, but there are no ways to run anything you want to run by focusing on "altruistic companies", however you may subjectively define that.
Look, you're focusing on the wrong thing here. Maybe you didn't know this, but the massive majority of FOSS projects get funded by companies - either for consulting, feature bounties, IC development - and is a main driving force for the ecosystem.
Many in this ecosystem would even tell you that every single project is massively UNDERfunded by said companies, and they should kick in more to help keep these projects secure and in good standing. They make billions and billions of dollars off people's work, and it surely seems they should kick some of that back to the projects.
Whatever Microsoft's involvement is here, it's not going to be changing the direction of any of the projects mentioned. If for some reason something untoward starts happening with any project: boom, fork and new community. It's that simple.
In short, these people getting funding for their work is a good thing. If you take issue with who is providing that money, you're going to be digging a deep, deep hole in your research, and if you're running down the dep chain, you'll find out that all of the things you use have some funding by companies like Microsoft, Apple, Google, Facebook, IBM, Red Hat, Amazon, Alibaba, Halliburton, Qualcomm...I could keep going on and on.
but there are no ways to run anything you want to run by focusing on "altruistic companies", however you may subjectively define that.
I think you misunderstood OP. their complaint is not that these projects should search an altruistic donor... but that Microsoft is suspicious in doing this, because arguably they rarely have good intentions.
Whatever Microsoft's involvement is here, it's not going to be changing the direction of any of the projects mentioned.
let's hope so
If for some reason something untoward starts happening with any project: boom, fork and new community. It's that simple.
easier said than done.
In short, these people getting funding for their work is a good thing.
I think OP (and me too) is worried about the terms. like, can these projects abandon github without repercussions? can they start using another code forge in parallel?
Uhhh, repercussions like what?
sudden closure of donated azure services without prior notification and time to move off.
having to pay back some of the money.
the project planning with the promised donations as a given (they don't get all of it upfront, but as they get the most of it it's actually fair) and microsoft either using it as leverage or just carelessly terminating the contract to save money.
in extreme case banning the project from microsoft owned services, including github.
any of that in decreasing order of probability if implementation is different from expected (like not baking in specific security tools to the project) and the parties cannot agree on a solution.
Uhhh, repercussions like what?
sudden closure of donated azure services without prior notification and time to move off.
having to pay back some of the money.
the project planning with the promised donations as a given (they don't get all of it upfront, but as they get the most of it it's actually fair) and microsoft either using it as leverage or just carelessly terminating the contract to save money.
in extreme case banning the project from microsoft owned services, including github.
any of that in decreasing order of probability if implementation is different from expected (like not baking in specific security tools to the project) and the parties cannot agree on a solution.
oh and I must also live in texas, right?
I wouldn't even recognize their voice or face.
In terms of the open source community Microsoft has been significantly less sketchy than usual for about a decade now. For those of us that are old enough to remember the halloween files it's hard to let go of that paranoia, particularly with the sketchy shit MS has been doing with their proprietary stuff lately, but near as I can tell they've been above board on their open source stuff.
I wouldn't go so far as to say blindly trust them at this point, but I wouldn't just assume with no evidence at all that there has to be something nefarious going on either.
Whether it's good or bad is not determined by the fact that it's corporate money, but how that money impacts development, the devil's in the details, not just in a company donating lots of money.
Open source in general is very dependent on corporate sponsors. The linux kernel wouldn't exist had companies not invested in it.
I'm not knowledgeable enough to assess the potential pitfalls here, so I will be cautious but not paranoid, and continue to pay attention to discussions on how FOSS projects are run 🤷♂️
New Zealand woman and six-year-old son detained for three weeks by Ice in US enduring ‘terrifying’ ordeal
A New Zealand woman who is being held at a US immigration centre with her six-year-old son after they were detained crossing the Canada-US border, is being wrongly “treated like a criminal”, according to her friend and advocate.
Sarah Shaw, 33, a New Zealander who has lived in Washington state for just over three years, dropped her two eldest children to Vancouver airport on 24 July, so they could take a direct flight back to New Zealand for a holiday with their grandparents.
When Shaw attempted to re-enter the US, Immigration and Customs Enforcement (Ice) detained her and her youngest son, in what was a “terrifying” ordeal, said Victoria Besancon, Shaw’s friend who is helping to raise money for her legal fight.
“Sarah thought she was being kidnapped,” she said. “They didn’t really explain anything to her at first, they just kind of quietly took her and her son and immediately put them in like an unmarked white van.”
New Zealand woman and six-year-old son detained for three weeks by Ice in US enduring ‘terrifying’ ordeal
Sarah Shaw, who has a US visa and lives in Washington state, was detained after attempting to re-enter US from CanadaEva Corlett (The Guardian)
copymyjalopy likes this.
New Zealand woman and six-year-old son detained for three weeks by Ice in US enduring ‘terrifying’ ordeal
A New Zealand woman who is being held at a US immigration centre with her six-year-old son after they were detained crossing the Canada-US border, is being wrongly “treated like a criminal”, according to her friend and advocate.
Sarah Shaw, 33, a New Zealander who has lived in Washington state for just over three years, dropped her two eldest children to Vancouver airport on 24 July, so they could take a direct flight back to New Zealand for a holiday with their grandparents.
When Shaw attempted to re-enter the US, Immigration and Customs Enforcement (Ice) detained her and her youngest son, in what was a “terrifying” ordeal, said Victoria Besancon, Shaw’s friend who is helping to raise money for her legal fight.
“Sarah thought she was being kidnapped,” she said. “They didn’t really explain anything to her at first, they just kind of quietly took her and her son and immediately put them in like an unmarked white van.”
New Zealand woman and six-year-old son detained for three weeks by Ice in US enduring ‘terrifying’ ordeal
Sarah Shaw, who has a US visa and lives in Washington state, was detained after attempting to re-enter US from CanadaEva Corlett (The Guardian)
copymyjalopy likes this.
Surrey police pose as joggers to catch men harassing women out exercising
Eighteen people have been arrested after a police force sent out female undercover officers posing as joggers to catch men harassing women while they are out exercising.
A pilot operation from Surrey police deployed female officers in running gear during rush hour to expose how often women are harassed. The pilot has resulted in 18 arrests for offences such as harassment, sexual assault and theft.
Surrey police pose as joggers to catch men harassing women out exercising
Undercover female officers deployed in pilot scheme to tackle catcalling, resulting in 18 arrestsRachel Hall (The Guardian)
Grandwolf319
in reply to geneva_convenience • • •geneva_convenience
in reply to Grandwolf319 • • •