• 1 Post
  • 36 Comments
Joined 2 years ago
Cake day: July 14th, 2023
  • smpl@discuss.tchncs.detoDeGoogle Yourself@lemmy.mlA practical guide for de-googling and canceling data from the InternetEnglish
    4·
    1 month ago

    I’ve now finished reading and it wasn’t about the xz code as I thought. The article was about the F-Droid developer Hans-Christoph Steiner telling a story about someone attempting to put pressure on F-Droid to merge code that was vulnerable in response to what happened with the xz project. So F-Droid never had the vulnerable code in it.

    Tuesday, Hans-Christoph Steiner, a longtime developer of F-Droid, explained that a very similar situation nearly led F-Droid to push an update that would have introduced a security vulnerability into the product three years ago: “Three years ago, F-Droid had a similar kind of attempt as the Xz backdoor,” he posted on Mastodon. “A new contributor submitted a merge request to improve the search, which was oft requested but the maintainers hadn’t found time to work on. There was also pressure from other random accounts to merge it. In the end, it became clear that it added a SQL injection vulnerability. In this case, we managed to catch it before it was merged. Since similar tactics were used, I think it’s relevant now.”

  • smpl@discuss.tchncs.detoOpen Source@lemmy.mlWhich FOSS projects have enough funding that we should donate elsewhere?English
    14·
    3 months ago

    I’d recommend you donate money to those who host open infrastructure. That stuff is expensive and critical to the free and open internet.

    As for free software projects I suggest donating your time with contributions. That’s what they need the most. Helping with bug reports and writing documentation are easy starters and worth much more than money. That’s hard to sell as a gift though… One gift card for confirming and investigating a bug in free software of choice. Merry Christmas Uncle Bob!

    Going from being a cool hacker who does things for fun and share it with his peers to being a poor cyberbeggar does no good to a persons selfworth. Help out by contributing and let Mr. Cool Hacker have time for his day job on the side. We get better software and fewer burnouts.

  • smpl@discuss.tchncs.detoSelf Hosted - Self-hosting your services.@lemmy.mlWay to get around ISP blocking port 80
    51·
    3 months ago

    First thing I would ask the ISP to open the port. I’ve done that without problems before.

    If that’s for some reason not a solution, I would, because I’m personally not very attracted to the idea of routing my selfhosting traffic though thirdparties, setup a simple static page with <meta http-equiv="refresh" content="0;url=https://web.domain.tld:8080/" />, somewhere and point the bare domain and www subdomain to that page and have it redirect to, like in this example, a web subdomain with the port number.

    As a last remark, I personally would not find it problematic for a different port number to be part of the host scheme and also note that most web traffic now goes to 443 and not 80 because it’s https.

    Happy selfhosting!

  • smpl@discuss.tchncs.detoSelfhosted@lemmy.worldWhat would tools/services would you recommend for hosting without self hosting?English
    4·
    5 months ago

    It’s easy to overlook with the omnipresent internet, but self-hosting doesn’t require internet. You could host for your fellow students on the local network. If that’s also against the Wifi rules you can either ignore that stupid rule or set up your own god damn wifi with hostapd on your machine and let students connect directly to it. It’s probably best to use a machine dedicated to the task for security reasons as you wouldn’t want curious students to accidentally erase your homework. I wouldn’t use containers or VMs for any of this, I’d just use bare metal like in the good ol’ days. You could also, without having to worry, give people shell accounts because it’s a closed network. The options are endless without all the worries of hosting on the internet.