💻 Framasoft recrute une nouvelle personne en administration système pour renforcer son équipe technique ! Spécificité à noter : besoin d'expérience forte dans la gestion du mail.

➡️ https://contact.framasoft.org/recrutement

📅 Vous avez jusqu'au 21/06/2026 pour postuler. N'hésitez pas à faire circuler !

#JeRecrute

"Packages that can't be rebuilt byte-for-byte are now blocked from entering Debian's testing branch."

https://itsfoss.com/news/debian-makes-reproducible-builds-mandatory/

Open source maintainers at profitable companies: stop asking permission to fix what your employer already depends on.

No paperwork. No programme. No manager’s blessing. Just maintain it on the clock.

https://ossresistance.com

Well, the new Google ReCaptcha is awful, sheesh

It's a QR code you have to scan with a "proper" device - aka with Google Services installed

Goodbye last 10 years of phishing awareness, time to scan random QRs without a thought while you are purchasing things, woo! Seriously what were they thinking?

And because it's recommended to be put in "high risk" places, people will expect them to be seen there, and so a scam/phishing QR will be so much easier to slip in.

https://cloud.google.com/blog/products/identity-security/introducing-google-cloud-fraud-defense-the-next-evolution-of-recaptcha/

#google #captcha #recaptcha #phishing #infosec #cybersecurity

Donc

1. la vulnérabilité #DirtyFrag affecte toutes les versions de #Liinux
2. il n'y a pas de patch pour le moment.
3. il s'agit d'une élévation de privilèges (il faut avoir un compte local)

Source : https://github.com/V4bel/dirtyfrag

This is *brutal*...

"There are no more juniors. There was a funeral for their passing in 2024. Nobody came. The machine does what they do now, but cheaper. Of course, juniors weren't valuable for what they produced, they were valuable for who they would become: the senior engineer who knows where the bodies are buried. We optimized for output, and abolished apprenticeship. A few years from now, we'll wonder where all the seniors are. We shot them. Nobody will remember."

https://www.stvn.sh/writing/programming-still-sucks-fqffhyp

ETA:
This is by @stevendotjs, who absolutely nails a bunch of things I've been feeling for a while now, but had no idea how to articulate...

RE: https://mastodon.social/@arstechnica/116518027082154811

This technique is commonly used for insider detection. Plant a unique canary in a datasource someone has access to and see which canary shows up and you have the leaker.

Another technique inverted to this purpose to spot manipulation without using obvious hashes or digital signatures is to insert a specific message into a plaintext that may be formatted wrong or not comply with the uniformity then get a HMAC signature out of it. Loop through the data and check if the MAC is created. This is called Chaffing and Winnowing:
https://en.wikipedia.org/wiki/Chaffing_and_winnowing

#cryptography #insiderdetection #espionage #dataintegrity #manipulation

Mercredi je représenterais @Mastodon à l’Assemblée Nationale pour une table ronde autour du logiciel libre, organisée dans le cadre de la Commission d'enquête sur les dépendances structurelles et les vulnérabilités systémiques dans le secteur du numérique et les risques pour l’indépendance de la France dont la rapporteuse est @cyrielle_chatelain

Je me réjouis de voir la représentation nationale de saisir de ces sujets (même tardivement)

https://www.assemblee-nationale.fr/dyn/17/organes/autres-commissions/commissions-enquete/ce-vulnerabilites-numeriques (ça sera streamé)