In a few minutes, STF co-founder Adriana Groh and ZenDiS' Andreas Reckert-Lodde will be giving their keynote at the United Nations #OSPOSforGood conference. Watch the livestream at https://webtv.un.org/en

Few things piss me off more than a huge, multi-billion IT corporation that suddenly sends me an email regarding an open-source project I’ve been running since 1990’s that I’ve recently shut down due to absolute lack of interest from its users… which happened to be telcos and large IT companies. Here’s what I replied:

Thank you for your email. As it’s often the case with open-source projects, their value to organisations is only noticed and appreciated when they go offline. I have maintained pam_tacplus for the last years and it had the call for sponsorship prominently displayed for most of the time specifically because it’s a legacy project that is difficult to maintain. None of the commercial companies that clearly do rely on it ever demonstrated any interest in even nominal donations, so it was archived. While it’s notable someone finally noticed it, I’m not the person to discuss any future development any more.

I did work in large companies and I do understand the sick logic that drives them, when it’s easier to get approval for annual spending of $50k for some office decorations than $100 for a mission-critical project which happens to be open-source and can be used for free for some time.

But it’s possible. If you’re working in such roles, please make every effort to get this $100 because otherwise it will become your responsibility to develop and maintain code that you always got for free.

https://www.youtube.com/watch?v=v8HWt9g4L0k
Dianna is Live streaming a day in her life as someone suffering from long COVID and ME/CFS.

The purpose of the Livestream is to raise money and awareness for those suffering from the disease. All funds will be going to the Open Medicine Foundation (OMF), a non-profit research organization dedicated to finding effective treatments for ME/CFS. (https://www.omf.ngo/)

Von der Leyen komplett defekt und korrupt, WTF? 😳

EU-Kommission verklagt Datenschutzbeauftragten

"Die EU-Kommission verklagt den EU-Datenschutzbeauftragten, weil sie weiterhin Produkte von Microsoft nutzen will."
#TeamDatenschutz #AllesAnzünden 🔥🔥🔥
https://tarnkappe.info/artikel/it-sicherheit/datenschutz/eu-kommission-verklagt-datenschutzbeauftragten-298192.html

In der Debatte über meinen Tätigkeitsbericht hat eine Vertreterin von CDU/CSU folgendes gesagt: „Da ich vorhin schon einmal von den polizeilichen Er-
mittlungsbehörden gesprochen habe, darf ich auch noch
das Bundespolizeigesetz ansprechen. Hier bemängelt der
Datenschutzbeauftragte die Frage der Erforderlichkeit im
Einzelnen, die immer noch genauer dargelegt werden
muss. Ich sage Ihnen eines: Erforderlich ist alles, was
die Menschen schützt; so einfach ist diese Regelung zu
treffen.“ [1/2]

Danke an die Verantwortlichen der #Grugahalle, für den tollen Fahnenschmuck zum AfD-Parteitag.

@katjaberlin: „Früher musste man noch Karl Marx lesen, um als links zu gelten. Heute reicht es schon, auf einem Fahrrad zu sitzen und nicht überfahren werden zu wollen.“

„An der Universität gibt es jetzt Dienstfahrräder?“ „Trittmittelförderung.“

„AfD-Abgeordnete gehen gezielt gegen gemeinnützige Vereine vor:
Ziel ist Aberkennung der Gemeinnützigkeit“
#gemeinnützig #AfD #Verbotspartei #schwarwel

Ok, jetzt wirds lustig. Alle OpenR@athaus Instanzen, also die egovernment Services aus 300 Kommunen sind jetzt einfach mal offline. Danke
@bsi !

Und ich dachte, meine Dunstabzugshaube mit App-Steuerung ist das bescheuertste was es gibt...

“I could rewrite #curl”

Here's my collection of some less cheerful quotes to keep me firmly grounded. Blogged three years ago today:

https://daniel.haxx.se/blog/2021/05/20/i-could-rewrite-curl/

I wish more people who are worried about FOSS supply side attacks would realize that universal basic income and free healthcare would result in an almost infinite stream of excellent software from people who care more about quality than profit.

Intelligent Cat Humor

#catsofmastodon

This xz backdoor thing reminds me of a story I heard from friends that worked at a tech company that made cell phones. They had a great coder that worked on the project, he had put in work as a contractor for a few months, and due to the quality of his work he was hired in full time. After two months he simply stopped showing up to the office.

An investigation turned up the following interesting items. His account had accessed all files including source code to *all* cellular projects - in that he had apparently downloaded a copy of everything. He had committed a large amount of contributions to the project he was assigned to. None of his paychecks were ever cashed. A wellness check to the house he had rented was performed and the house was completely empty. Per the landlord he'd paid for 6 months rent in advance in cash. Apparently he never physically moved in. No record for him nor his social security number seemed to check out. The guy was a ghost.

I was asked about recommendations on future prevention by friends who worked there - no idea how far they got in their investigation, if backdoors were ever found or even existed, or if the Feds were ever involved. The punch line? This was probably a couple of decades ago.

This shit is real, and it has been going on for a long time.

#infosec

@mirabilos @cloud_manul oh krass:
https://ga.de/bonn/stadt-bonn/bonn-stadt-fuehrt-wirtschaftsparkplaetze-ein-an-welchen-strassen_aid-109659409

I've heard about the interview process at Cannonical, but sweet XML Jesus on a Segway, it's even worse.

https://hachyderm.io/@sara/112117125241735836

Docusign just admitted that they use customer data (i.e., all those contracts, affidavits, and other confidential documents we send them) to train AI:

https://support.docusign.com/s/document-item?language=en_US&bundleId=fzd1707173174972&topicId=uss1707173279973.html

They state that customers "contractually consent" to such use, but good luck finding it in their Terms of Service. There also doesn't appear to be a way to withdraw consent, but I may have missed that.

Zero Trust Environments

Voices of Open Source: The European regulators listened to the Open Source communities! https://blog.opensource.org/the-european-regulators-listened-to-the-open-source-communities/
Open Source Entwickler doch nicht für Sicherheitslücken (etc) in ihrer Software haftbar wie kommerzielle Entwickler. Das war auch *extrem* weltfremd.