The GitHub Security Lab’s journey to disclosing 500 CVEs in open source projects
The GitHub Security Lab audits open source projects for security vulnerabilities and helps maintainers fix them. Recently, we passed the milestone of 500 CVEs disclosed. Let’s take a trip down memory lane with a review of some noteworthy CVEs!

The post [The GitHub Security Lab’s journey to disclosing 500 CVEs in open source projects](https://github.blog/2023-09-21-the-github-s … ⌘ Read more

[47°09′18″S, 126°43′35″W] Dosimeter fixed

Miracle Drugs & Quick Fixes with Neil deGrasse Tyson & Nick Tiller ⌘ Read more

[47°09′21″S, 126°43′00″W] Transponder fixed

[47°09′48″S, 126°43′58″W] Transponder fixed

Prosodical Thoughts: Prosody 0.12.4 released
We are pleased to announce a new minor release from our stable branch.

We’re relieved to announce this overdue maintenance release containing a
number of bug fixes and also some improvements from the last few months.

Especially the prosodyctl check tool which gained some new diagnostic
checks as well as handling of configuration option types the same way
Prosody itself does.

A summary of changes in this release:

• core.certmanager: Update Mozilla TLS … ⌘ Read more

[47°09′50″S, 126°43′27″W] Transponder fixed

[47°09′41″S, 126°43′11″W] Transponder fixed

[47°09′04″S, 126°43′18″W] Dosimeter fixed

I’m working on a few things, one of which was to fix up oh.mg and some email stuff

[47°09′39″S, 126°43′04″W] Dosimeter fixed

[47°09′00″S, 126°43′15″W] Dosimeter fixed

[47°09′23″S, 126°43′39″W] Transponder fixed

Snikket: State of Snikket 2023
This is our first blog post for quite a while, and the last few have all been technical updates of various kinds about the Snikket software. In fact it’s been almost two years since the last post that gave a general progress update on the Snikket project itself, so let’s fix that!

You’ll be pleased to hear that Snikket is very much alive, and although there hasn’t been much of a show to see here, a bunch of stuff has been going on backstage.

We plan to catch you up with our progres … ⌘ Read more

[47°09′47″S, 126°43′56″W] Transponder fixed

[47°09′11″S, 126°43′50″W] Dosimeter fixed

Got contacted on instagram from someone who wanted to buy some of my images (NFT), I have been putting the images I liked the most into a collection (and add new ones when I take Images I think is good enough) into the collection. Just letting it sit there to see if I can make a sale one day.
Not sure yet if the person is serious or not - but If I could make a sale - then I’m all for it.
It’s much easier to put things up for sale as NFT then other ways.
I sell them as a 1 item thing. And put a price that I think is fair (Fixed price on all, but based on the amount of time I actually spend getting to all these locations).
One thing I have not liked about NFT is all the crap art stuff that there that takes 0 effort, but I do at least spend time picking out where we go. And each image has a memory attached to it, a trip with my family to that exact place..

[47°09′17″S, 126°43′25″W] Transponder fixed

[47°09′09″S, 126°43′30″W] Dosimeter fixed

[47°09′47″S, 126°43′24″W] Transponder fixed

Speculation, accusation, defamation, and conspiracies will always get more eyeballs then careful balanced well researched reporting. Lying about something now is cheaper and more profitable than sending a reporter out and getting the facts tomorrow. Forget Spotify for news – let’s fix the real problem (2017) | Hacker News

Ignite Realtime Blog: JmxWeb plugin for Openfire 0.9.1 release
The Ignite Realtime community is happy to announce a new release of the JmxWeb plugin for Openfire.

This plugin provides a web based platform for managing and monitoring Openfire via JMX

This release is a maintenance release. It adds translations and fixes one bug. More details are available in the changelog.

Your instance of Openf … ⌘ Read more

[47°09′57″S, 126°43′56″W] Transponder fixed

[47°09′59″S, 126°43′25″W] Transponder fixed

[47°09′35″S, 126°43′55″W] Dosimeter fixed

[47°09′36″S, 126°43′27″W] Dosimeter fixed

[47°09′21″S, 126°43′12″W] Transponder fixed

[47°09′21″S, 126°43′25″W] Dosimeter fixed

[47°09′09″S, 126°43′26″W] Dosimeter fixed

[47°09′32″S, 126°43′48″W] Dosimeter fixed

[47°09′20″S, 126°43′52″W] Transponder fixed

If everybody contemplates the infinite instead of fixing the drains, many of us will die of cholera Helpful context for thinking about AI

[47°09′32″S, 126°43′56″W] Dosimeter fixed

[47°09′38″S, 126°43′14″W] Transponder fixed

[47°09′11″S, 126°43′39″W] Transponder fixed

[47°09′04″S, 126°43′22″W] Dosimeter fixed

[47°09′21″S, 126°43′05″W] Dosimeter fixed

Gajim: Gajim 1.8.0
Gajim 1.8.0 comes with integrated OMEMO encryption! Integrating the OMEMO plugin brings tighter integration and better user experience. We also rearranged the chat menu and added some quick buttons for convenience. Both Gajim’s message search and conversation view received some important changes and fixes. Thank you for all your contributions!

In the past, we moved the most popular plugins into Gajim’s core: image preview, plugin installer, HTTP file upload, syntax highligh … ⌘ Read more

[47°09′24″S, 126°43′43″W] Transponder fixed

Also - the last thing I needed is sorted, how to get vs code to pick up the default.nix shell environment, there is a really nice addon for vs code that picks up what is in that file, and then set up the environment based on that, meaning I can now open the source, configure, compile and debug with vscode, this was the last piece that was missing. I will write a blog post on my website that explain what I learned, and how I fixed all these things, maybe it’ll help someone else to try NixOS for some development.

I was able to fix this now, by making a ‘default.nix’ file, and then you can open a shell that has all the stuff needed by simply typing ‘nix-shell’ in the root git directory. Pretty nice, I’m starting to enjoy this OS more and more.

Heh, I do not regret it anymore, I was able to create a flake.nix file that builds the desktop client on NixOS.
But I now found a bug with keyring access that I need to fix. but the client compiles and starts.
It does not open the keyring - so it hangs and waits and you need to kill it. On my previous machine the keyring got opened at login by another application.

Ignite Realtime Blog: CVE-2023-32315: Openfire Administration Console authentication bypass
We’ve had an important security issue reported that affects all recent versions of Openfire. We’ve fixed it in the newly published 4.6.8 and 4.7.5 releases. We recommend people upgrade as soon as possible. More info, including mitigati … ⌘ Read more

[47°09′58″S, 126°43′16″W] Dosimeter fixed

[47°09′00″S, 126°43′51″W] Transponder fixed

[47°09′07″S, 126°43′05″W] Dosimeter fixed

Isode: Messaging Products Update – 19.0 Capabilities
The below is a list of the new capabilities brought to our Messaging products for the 19.0 release. 19.0 adds a lot of extra functionality across the board for our messaging products, along with a complete rewrite of the codebase so that future releases and bug fixes can be developed more quickly. For the full release notes please check the individual product updates, available from the customer portal and evaluation sections of ou … ⌘ Read more

Isode: Directory Products Update – 19.0 Capabilities
The below is a list of the new capabilities brought to our Directory products for the 19.0 release. 19.0 adds a lot of extra functionality across the board for our messaging products, along with a complete rewrite of the codebase so that future releases and bug fixes can be developed more quickly. For the full release notes please check the individual product updates, available from the customer portal and evaluation sections of ou … ⌘ Read more

Siphon
⌘ Read more

productivity under anxiety is a repulsive fixed point (you might even feel worse the closer you get to what you should be doing)

[47°09′32″S, 126°43′54″W] Dosimeter fixed

How to fix a ReDoS
Code scanning detects ReDoS vulnerabilities automatically, but fixing them isn’t always easy. This blog post describes a 4-step strategy for fixing ReDoS bugs. ⌘ Read more

the next thing to fix is thread view, and the reply to.. feature (showing the text preview of the post the reply goes to).

[47°09′32″S, 126°43′04″W] Transponder fixed

[47°09′10″S, 126°43′48″W] Dosimeter fixed

The Lunduke Big Tech Show - Apr 30, 2023
Listen now (79 min) | Special Edition: Fixing all the problems in computing in a single show (or at least trying) ⌘ Read more

Viewing PDFs in Firefox works again
A few months ago I complained about Firefox not being able to open PDFs without downloading them. Recently, I also wanted to start developing a custom Firefox addon to fix this behavior. ⌘ Read more

**RT by @mind_booster: 🧰 5 changes to fix the EC’s #RightToRepair proposal 🛠️

1️⃣ No contractual overrides
2️⃣ No digital locks
3️⃣ Go beyond just fixing things
4️⃣ Don’t limit who can repair
5️⃣ Broaden the scope of what can be repaired

Blog 👉 https://www.knowledgerights21.org/news-story/still-time-to-repair-the-commission-proposal-on-the-right-to-repair/
Response 👉 https://kr21.info/r2r**
🧰 5 changes to fix the EC’s #RightToRepair proposal 🛠️

1️⃣ No contractual ov … ⌘ Read more

[47°09′26″S, 126°43′59″W] Transponder fixed

[47°09′51″S, 126°43′27″W] Dosimeter fixed

Working on showing attached images in the desktop client, it worked on first try.
Now I need to fix the scale and alignment - but cool that it works already!

Image

[47°09′56″S, 126°43′48″W] Dosimeter fixed

[47°09′17″S, 126°43′07″W] Transponder fixed

ProcessOne: ejabberd 22.10
This ejabberd 22.10 release includes six months of work, over 140 commits, including relevant improvements in MIX, MUC, SQL, and installers, and bug fixes as usual.

Image

This version brings support for latest MIX protocol version, and significantly improves detection and recovery of SQL connection issues.

There are no breaking changes in SQL schem … ⌘ Read more

Private vulnerability reporting now generally available
Open source maintainers and security researchers embrace a new best practice to report and fix vulnerabilities. ⌘ Read more

ProcessOne: ejabberd 23.04
This new ejabberd 23.04 release includes many improvements and bug fixes, as well as some new features.

Image

• Many SQL database improvements
  
• mod_mam support for XEP-0425: Message Moderation
  
• Newmod_muc_rtbl, Real-Time Block List for MUC rooms
  
• Binaries useErlang/OTP 25.3, and changes in containers
  

A more detailed explanatio … ⌘ Read more

[47°09′21″S, 126°43′50″W] Dosimeter fixed

ProcessOne: ejabberd 23.04
This new ejabberd 23.04 release includes many improvements and bug fixes, as well as some new features.

Image

• Many SQL database improvements
  
• mod_mam support for XEP-0425: Message Moderation
  
• Newmod_muc_rtbl, Real-Time Block List for MUC rooms
  
• Binaries useErlang/OTP 25.3, and changes in containers
  

A more detailed explanatio … ⌘ Read more

@funbreaker@twtxt.net no need to feel dumb. This is why testing is nice! That being said - ill make a fix for that too :) this is why I appreciate you taking the time to test, because we have now found many things to improve already 😀

@funbreaker@twtxt.net I tested now against twtxt with a account I created -it segfaulted if you had a / at the end of the server url.. My bad.. works if you remove the slash. I will fix it in the client so that it removes the slash if it’s in the server url.

[47°09′00″S, 126°43′15″W] Transponder fixed

@funbreaker@twtxt.net Also, did you compile rapidjson from source? Or install the package with your OS? I built the latest version and installed that - if the problem continues now after I fixed the error on my end - then that might be the cause.

@funbreaker@twtxt.net I have pushed a fix now to git, I now got rid of the error when I use it on my end. I will create a test account on twtxt later tonight (after dinner and all that) if needed. If you test the latest on your end before that - let me know :) And thanks for your patience.

@funbreaker@twtxt.net Ok, I saw that error here now as well - but it does not crash. I have put it in the issue tracker, I will fix it and let you know once I’ve tracked it down.

I’m not super a fan of using json. I feel we could still use text as the medium. Maybe a modified version to fix any weakness.

What if instead of signing each twt individually we generated a merkle tree using the twt hashes? Then a signature of the root hash. This would ensure the full stream of twts are intact with a minimal overhead. With the added bonus of helping clients identify missing twts when syncing/gossiping.

Have two endpoints. One as the webfinger to link profile details and avatar like you posted. And the signature for the merkleroot twt. And the other a pageable stream of twts. Or individual twts/merkle branch to incrementally access twt feeds.

I’m not super a fan of using json. I feel we could still use text as the medium. Maybe a modified version to fix any weakness.

What if instead of signing each twt individually we generated a merkle tree using the twt hashes? Then a signature of the root hash. This would ensure the full stream of twts are intact with a minimal overhead. With the added bonus of helping clients identify missing twts when syncing/gossiping.

Have two endpoints. One as the webfinger to link profile details and avatar like you posted. And the signature for the merkleroot twt. And the other a pageable stream of twts. Or individual twts/merkle branch to incrementally access twt feeds.

@lyse@lyse.isobeef.org valid points and noted. 😀
It will improve shortly. I had not thought about quotes in password, so that was a nice catch that needs to be fixed.

💭 While some people like to jump between blogging software all the time, or go back to Hugo from a custom one, I don’t really miss Hugo after switching to GoBlog in 2020, but enjoy having my own system quite a bit. Not that Hugo, WordPress, etc. are bad blogging systems, but I really enjoy being able to quickly code a fix without having to research docs, StackOverflow, or the source on GitHub. And when I have an idea for a new feature, it would often not be easy to implement in the existing systems. ⌘ Read more

The code for the desktop client is now public here: https://github.com/stig-atle/YarnDesktopClient , I will create tickets for the known things I need to fix and such later today.

@prologic@twtxt.net hehe, yeah! That’s the way to get things done - use it daily, fix everything that needs to be fixed :)

[47°09′01″S, 126°43′00″W] Dosimeter fixed

@lyse@lyse.isobeef.org Thank you! Yeah I fixed that now, short statuses got shifted, but that has been fixed. :)

One thing I need to also fix - is the way a reply is done, I need it to add the mentions as well, so that you can reply to a person more easily, instead of just the thread.

Moving my source to git today, I have just developed on a local copy until today.
I needed to move it before going too crazy with it. Starting the work on the timeline that I’ve mentioned.
Yesterday I ran out of time, but today I have some free time to work on things. Very pleased with the software already, I know I’ll use it all the time. So today I will work on refreshing the timeline, and then fix so that it’s a bit smarter then now, the class that holds the statuses will also contain the GUI elements for each status, that way I can more easily append new statuses into the timeline - instead of grabbing the whole timeline and rebuild all it’s gui each time it refreshes. I know what to do - so I do not expect it to take too long to fix.

Going out for a hike with the dog. Then I’ll code a bit later today.
Want to fix the timeline refresh, and then create one timeline for each timeline, and buttons to switch between them.

[47°09′55″S, 126°43′00″W] Dosimeter fixed

Got the gui to scale properly with the window now, was easy to fix… Looks much better already!

Image

@funbreaker@yn.vern.cc Hi! I have attached the current screenshot, as you see it’s not done yet, I need to add some things, but a lot of work is already done.
I will fix the remaining things and try to make it usable enough this week so that I can upload the source.
Need to add the remaining reply button, image loading and width of the text etc first.
I had that in the FLTK client, so I just need to add it to this new GTK gui.

Image

Here is what I had with FLTK
https://yarn.stigatle.no/twt/4nuoc7q

I did not have time to work on those things today, ran out of time. But I’ll resume tomorrow.

[47°09′52″S, 126°43′52″W] Transponder fixed

Time to get back at it, I want to fix so that when you hit ‘reply’ it will also add any mentioned user in the reply.

Ignite Realtime Blog: Spark 3.0.2 Released
The Ignite Realtime community is happy to announce the availability of Spark version 3.0.2

The release contains bug fixes and updates two plugins Translator and Roar.

Many Spark translations are incomplete. Please help us translate Spark

Full list of changes can be found in the changelog.

We encourage users and developers to get invo … ⌘ Read more

[47°09′23″S, 126°43′57″W] Dosimeter fixed

Timeline is cleaned up, so now I think I have that part sorted.
Next is to refactor a bit and then fix so that the timeline refreshes properly.
Once that is done I think I’ll clean it up and upload the source somewhere and create tickets for outstanding known issues. Most likely upload it to github and continue the work there.

Image

Also- refresh of the timeline needs to be fixed.

Okay, so back at it today. I want to start and fix the text where nick and url is included, strip that away from the text being shown, makes the statuses much more cleaner. Also need to get started on clickable url’s somehow.

Build a secure code mindset with the GitHub Secure Code Game
Writing secure code is as much of an art as writing functional code, and it is the only way to write quality code. Learn how our Secure Code Game can provide you with hands-on training to spot and fix security issues in your code so that you can build a secure code mindset. ⌘ Read more

[47°09′24″S, 126°43′44″W] Dosimeter fixed

[47°09′20″S, 126°43′52″W] Dosimeter fixed

Weekend is here :)
I want to create a frontpage for my website - https://stigatle.no , fix cmake script for the desktop client and compile it on debian. Other then that I’ll walk the dog as usual and spend quality time with my family. Going to be a great one :)

[47°09′10″S, 126°43′22″W] Dosimeter fixed