jackc (@jackc@kompost.cz)
"BitLocker lze během pár sekund prolomit s pouhým USB diskem. Lze toho docílit pomocí exploitu YellowKey. Na flashku se nahraje složka, následně se nabootuje počítač v recovery módu a drží se klávesa CTRL. Poté se zpřístupní zašifrovaný disk. Problém se týká Windows 11 a Window Serveru 2022 a 2025. Podle autora, který problém objevil, jde o zadní vrátka, nikoliv chybu."
Doporučení: Používejte #opensource, kde je mnohem složitější schovat backdoory. Veracrypt nebo LUKS.
Show Original Post
techwire (@techwire@social.gamefan.net)
$1,260 off a Sandisk 8TB external SSD is a deal you can't ignore at 11 cents per gigabyte — pro storage at blistering 1GB/s speeds for $739
The Sandisk Desk Drive 8TB normally retails for $1,999.99, but you can have it today for just $739.99, saving $1,260.
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]
Show Original Post
libreoffice (@libreoffice@fosstodon.org)
New feature coming in #LibreOffice 26.8, in August: keyboard shortcuts can be configured for individual documents (and saved in them). This feature was added by Neil Roberts, who recently joined the TDF team: https://wiki.documentfoundation.org/ReleaseNotes/26.8#Core_/_General #foss #openSource #freesoftware
Show Original Post
hisolutions (@hisolutions@infosec.exchange)
Ein Konfigurationsfehler legt die komplette .de-Zone lahm. Drei Linux-Kernel-Exploits zielen auf dasselbe Angriffsmuster. Und Daniel Stenberg beschreibt, wie KI-generierte Bug-Reports curl gleichzeitig besser und anstrengender machen.
Unser aktueller Security Digest ordnet ein, was die letzten Wochen wirklich relevant war:
🔐 Copy Fail, Dirty Frag, Dirty Pipe: Local Privilege Escalation bleibt eine der häufigsten Schwachstellenklassen im Linux-Kernel. Unser Take: SELinux ist kein Nice-to-have, sondern die wirksamste Gegenmaßnahme. Nicht-privilegierte Accounts sollten nicht unter unconfined_u laufen. Punkt.
🌐 DNSSEC-Ausfall der .de-Zone: Ein Signierfehler bei der DENIC hat am 05.05. gezeigt, wie fragil zentralisierte DNS-Infrastruktur sein kann.
🤖 KI und Open Source: curl erlebt nach der AI-Slop-Welle jetzt hochwertige Meldungen. Gleichzeitig steigt die Last für Maintainerinnen und Maintainer massiv.
📱 Android Intrusion Logging: Google liefert mit dem Advanced Protection Mode endlich eine echte Datenquelle für mobile Forensik. Wir empfehlen die Aktivierung für exponierte Personen und Organisationen mit erhöhtem Schutzbedarf.
Das Security-Modell aus dem Mobilbereich wird zunehmend zum Vorbild für Desktop und Server. Wer heute noch ohne Mandatory Access Control arbeitet, liefert eine Angriffsfläche, die sich mit wenigen Konfigurationsschritten deutlich reduzieren ließe. Den vollständigen Digest mit allen Quellen und unserer Einordnung finden Sie hier: https://research.hisolutions.com/2026/05/
Wie gehen Sie in Ihrer Organisation mit SELinux um? Und nutzt jemand von Ihnen bereits Android Intrusion Logging in der Vorfallsbehandlung?
#Cybersecurity #SELinux #DNSSEC #AndroidSecurity #OpenSource @brahms @jrt
Show Original Post
AdvisoryICS (@AdvisoryICS@infosec.exchange)
ICS[AP] updated CISA ICS Advisories Master File for 5/14/26 & the following year's CSVs:
CISA_ICS_ADV_2026_5_14.csv
Available @ ICS[AP] GitHub:
https://github.com/icsadvprj/ICS-Advisory-Project/tree/main
#opensource
#vulnerabilitymanagement
#icssecurity
Show Original Post
radwebhosting (@radwebhosting@mastodon.social)
🚀 How to Deploy #LDAP Server and Client on Rocky Linux #VPS (389 Directory Server Guide)
Below is a comprehensive, step-by-step guide demonstrating how to deploy LDAP server and client on Rocky Linux VPS using the 389 Directory Server on Rocky Linux VPS instances, and configuring a separate Rocky Linux machine as an LDAP client.
It covers ...
Continued 👉 https://blog.radwebhosting.com/deploy-ldap-server-and-client-on-rocky-linux-vps-389-directory-server-guide/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social #security #rockylinux #directoryserver #selfhosted #opensource #letsencrypt #identitymanagement #selfhosting
Show Original Post
sayzard (@sayzard@mastodon.sayzard.org)
I owe my career to open-source. I'm not sure newcomers can say the same
작성자는 오픈소스 커뮤니티가 자신의 커리어 형성에 결정적 역할을 했다고 회고한다. 그러나 AI 생성 콘텐츠가 급증하면서 커뮤니티 내에서 저품질 게시물이 넘쳐나고, 이에 대응해 엄격한 규제와 금지 조치가 늘어나고 있다. 이로 인해 신입 개발자들이 오픈소스에 진입하고 성장할 기회가 줄어들고 있으며, 커뮤니티의 순수성과 품질 유지가 도전받고 있다. 작성자는 이러한 변화 속에서도 적응과 균형을 기대하지만, 신입들에게는 더 어려운 환경이 될 것이라 우려한다.
https://dhruvahuja.me/posts/ai-impact-on-oss/
#opensource #aigeneratedcontent #communitymoderation #developerexperience #llm
Show Original Post
sayzard (@sayzard@mastodon.sayzard.org)
A new data layer for robot learning
Rerun이 로봇 학습을 위한 통합 데이터 레이어를 오픈소스로 대규모 확장하여 0.32 SDK를 공개했다. 이 데이터 레이어는 멀티모달, 멀티레이트 물리적 데이터를 효율적으로 처리하는 .rrd 파일 포맷과 컬럼 청크 저장 방식을 기반으로 하며, PyTorch 데이터로더와 ROS 2 메시지 지원 등 로봇 학습 전체 워크플로우를 지원한다. 또한, 대규모 데이터 관리를 위한 상용 Rerun Hub도 프라이빗 프리뷰로 공개되어 팀 단위 로봇 데이터 운영에 적합하다. 물리적 AI의 발전을 위해 로봇 데이터 특성에 맞춘 전용 인프라가 필요하다는 점을 강조한다.
https://rerun.io/blog/data-layer-for-robot-learning
#robotics #datalayer #multimodaldata #rerun #opensource
Show Original Post
Edent (@Edent@mastodon.social)
🆕 blog! “UK Government Kicks Out Palantir”
The UK Government, for all its faults, is pretty good at publishing contracts it has awarded. That's why I get depressed when I see rage-bait nonsense about how companies have been award "Top Secret" deals.
Right now you can go to https://www.contractsfinder.service.gov.uk and search for whichever bête noire has you riled up. You …
👀 Read more: https://shkspr.mobi/blog/2026/05/uk-government-kicks-out-palantir/
⸻
#government #OpenSource
Show Original Post
blog (@blog@shkspr.mobi)
UK Government Kicks Out Palantir
https://shkspr.mobi/blog/2026/05/uk-government-kicks-out-palantir/The UK Government, for all its faults, is pretty good at publishing contracts it has awarded. That's why I get depressed when I see rage-bait nonsense about how companies have been award "Top Secret" deals.
Right now you can go to https://www.contractsfinder.service.gov.uk and search for whichever bête noire has you riled up. You might want to argue that the company is corrupt, incompetent, or overpriced - but you can't argue that its contract is secret. There's no conspiracy. There's no secrecy. There's not even "beware of the leopard" shenanigans. It's all out in the open0.
The Government says who it paying money to.
But, of course, there are some things the Government can't say. It's rare for them to publicly disagree with a supplier, or call out how crappy they were. They need to maintain cordial relations with people1. They don't want to scare off new suppliers who can't risk being publicly humiliated. When contracts are cancelled or ended, it is usually done quietly.
So you need to learn to read between the lines.
Let's take this excellent blog post from the Ministry of Housing Communities and Local Government2
"From emergency to sustainability: creating Share Homes for Ukraine data".
It's exactly the sort of blog post that some Civil Servants excel at writing. It clearly sets out how an ambitious and technically challenging project was delivered, why it is important, and who it benefits.
The blog post describes how the team…
exited our contract with our supplier.
And that:
Moving to this in-house model is already saving MHCLG millions of pounds a year in running costs.
They show user feedback for their new system saying:
It’s easier to navigate than the previous system
Of course, what they don't say is who supplied the previous system which was so costly and hard to use.
It was, of course, Palantir.
The original contract (CPD4124104) wasn't secret - although it was mired in some controvery as an urgent exemption to normal procurement rules3.
In 2023, the National Audit Office reported on the scheme - including Palanitr's software. They said:
The initial arrangement was put in place to help get the scheme up and running quickly. Consequently, the system did not undergo the usual research and testing that would be involved for the roll-out of a new digital system. There were initial issues such as the way it presented duplicated application data received from Home Office systems, and confusion from local authorities as to how to engage with the main data system.
How bad was Palantir's software? I've sent in a Freedom of Information request to find out. But we can tell that it was bad enough to convince MHCLG to rewrite it themselves.
A lean Civil Service may not have the in-house capability to rapidly create a new service. But, as their blog post shows, when given suitable resources Civil Servants can often outperform the private sector. More importantly, the new software is under the Ministry's direct control. This open source code is a triumph for sovereign technology.
MHCLG have shown the door to Palantir. They've built something better, easier to use, and cheaper.
I don't want to oversell this as the first victory in the war against this abominable company - but I hope where MHCLG leads, others will follow.
You can read more about this story on BBC News.
Yes, there occasionally delays and some things are redacted either for privacy, security, or confidentiality. But, in the main, if the Government has spent money on it, it'll be published somewhere. ↩︎
Yes, I know it would cathartic to have a YouTube Shocked Face "Government SLAMS woeful supplier!!" but the long-term consequences make it unlikely. ↩︎
MHCLG is literally the worst acronym in a sea of unpronounceable alphabetti spaghetti. At least MOJ can be pronounced "Modge"! ↩︎
My boring centrist dad position is that sometimes it makes sense to buy off-the-shelf in an emergency. If you find yourself abandoned after a night out, you order a taxi - you don't take up driving lessons. ↩︎
Show Original Post
techwire (@techwire@social.gamefan.net)
Microsoft BitLocker-protected drives can now be opened with just some files on a USB stick — YellowKey zero-day exploit demonstrates an apparent backdoor
Microsoft Bitlocker-protected drives can be opened with just some files on a stick
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]
Show Original Post
Pulrepo (@Pulrepo@mastodon.social)
🚀 Fastest-growing AI projects today
1. One standout area of interest the exploration of language anchoring techniques that ens...
2. The repository "fkyah3/opencode-yg" demonstrates Language Anchoring by making LLMs thin...
3. With a growth score of 14.11 and 37 stars, it stands out due to its innovative approach...
Full report → https://pullrepo.com/report/todays-ai-research-fastest-growing-projects-may-15-2026
#AI #OpenSource #GitHub #Tech #AIResearch
Show Original Post