Elastic's security team has released Supply Chain Monitor, an internal tool that monitors top npm and PyPI packages for supply chain compromises, a tool that also caught the recent Axios incident

https://www.elastic.co/security-labs/how-we-caught-the-axios-supply-chain-attack

https://github.com/elastic/supply-chain-monitor

CISA’s budget is being cut $707m for the next year, it also had a budget cut last year.

The CVE contract is due for renewal btw, it was on a one year deal after last years farce where nobody had the budget to renew it - it was since added as a protected line in CISA’s budget but it’s unclear now if that will survive.

Heavy drama in the open-source world of...

...Office Document Software.

Nextcloud, originally a fork of ownCloud, has launched Euro-Office, a fork of OnlyOffice (pissing off OnlyOffice). Collabora is weighing in and issuing comments against both OnlyOffice and Euro-Office while, itself, forking Collabora Office Desktop from the Document Foundation's LibreOffice. Document Foundation has now resumed LibreOffice Online which competes against Euro-Office and OnlyOffice.

(I think I've got all that right 😅 Correct me if I haven't! 😂)

❤️‍🔥❤️‍🔥❤️‍🔥 I unironically love this!!!! ❤️‍🔥❤️‍🔥❤️‍🔥

Document software may appear boring on its face, but Microsoft Office is a big reason why folks still stay with Microsoft OS and don't (can't...) move to Linux. MS Office 365 is often used as a bridge to allow folks to move to Linux while still using Microsoft products in the browser but that solution still keeps them tied to closed source solutions.

Development of Free and Open Sourced Software (FOSS) office products, both desktop apps and online web apps, is a core and key element to allowing FOSS solutions to thrive - both for individuals and organizations.

This level of drama and fighting is indicative of a lot of effort and attention being thrown into this arena. I'm confident over time it'll settle and different projects will merge back together or at the very least borrow and build upon each's efforts.

Read and get your fill of the drama here: https://www.theregister.com/2026/04/02/eurooffice_forks_onlyoffice/

#FOSS #digitalSovereignty #installParty #Linux #diDay

Good representation of the inside of my brain

Edit - the drummer - https://mastodon.art/@liebach/116340007790020165

🥳 We’re excited to announce the release of /e/OS 3.6—now available for all supported devices, including both Official and Community builds!

⭐️ This is the first /e/OS release based on AOSP 16.

It includes the improvements and bug fixes which have been developed for AOSP 15.

Read the full release notes and update your phone to the latest version 👉 https://gitlab.e.foundation/e/os/releases/-/releases

Du willst weg von den großen Technikkonzernen? Wir treffen uns am 1. Sonntag im Monat und suchen gemeinsam nach Alternativen. Beim nächsten Mal geht es um Web Browser (Firefox, Tor Browser und Co.), Fragen zu anderen Themen sind auch willkommen.

Wann? 5. April um 15:00
Wo? Rathausstraße 6, 1010 Wien

Mehr Info: https://metalab.at/wiki/Weg_von_BigTech

Notizen zu E-Mail Alternativen: https://pads.c3w.at/code/#/2/code/view/k8H+P8IsaIXC3cdwCZQxMmfitD7kf-dvFuuFFRYPiFY/present/

RE: https://graphics.social/@metin/116335353888270814

TL;DR: LinkedIn tries to fetch content from over 6000 known Chrome extensions. If an attempt to fetch ‘chrome-extension://extension-id-asdf/known-path.png’ succeeds, obviously the user has extension asdf installed. It also uses other methods, but they’re sniffing for Chrome extensions.