What the EU’s new software legislation means for developers
What the EU’s new software legislation means for developers - The GitHub Blog
The EU Cyber Resilience Act will introduce new cybersecurity requirements for software released in the EU. Learn what it means for your open source projects and what GitHub is doing to ensure the law will be a net win for open source maintainers.Felix Reda (The GitHub Blog)
like this
Dessalines likes this.
reshared this
Open Source reshared this.
Going to come out swinging for MSFT
github provides it's runners generously for free!
They have not banned me, which is a charm point
Gitlab, on the other hand! Going to whine about that forever
Gitlab deletes your account suddenly without recourse or offers a means to communicate with them to resolve issues civilly.
Listen here Stallman, pedo associate Gates is my hero!
Thank you github for not banning me ... hopefully not maybe ... yet
That big bold Thank you didn't hurt one bit
Try it on for a change!
Oh shiat! You read it?? LOL
Oh man i had to wipe away some tears
Now i need to wash my face
First: IANAL, EU law is complicated. This is my understanding as of now:
TL;DR: The EU Cyber Resilience Act (CRA) aims to enhance cybersecurity standards for products with digital elements. It introduces mandatory requirements for manufacturers and retailers to ensure cybersecurity throughout a product's lifecycle. The CRA excludes open-source software developers unless their software is used commercially as part of a "product with digital elements".
would lemmy be regulated by CRA?
Lemmy, as an open-source project, would likely not be directly regulated by the CRA. The Act specifically excludes open-source developers from its scope unless their software is used commercially.
Whaz about lemmy instances?
Lemmy instances might be regulated by the CRA if they are operated commercially as part of a "product with digital Elements". (Is there a pay for access instance or hosting as a service for lemmy? I am not aware of one.) However, since most instances are run non-commercially or for personal use, they would likely fall outside the CRA's scope.
Is there a difference if there is a fee or a recurrent donations?
Yes:
- A fee is typically a mandatory payment for a service or product, e.g. a feature locked behind a paywall.
- A recurring donation is a voluntary, regular contribution to support an organization or cause, often without receiving goods or services in return.
The key distinction lies in the obligation attached to the payment. Fees come with an expectation of receiving something in return, while donations are given freely without such expectations.
it's free as in go pound sand if you aren't going to fund maintainers
it doesn't force them to do anything until devs refuse to work for any company that doesn't.
i'm with you on agplv3+. The copyright recognition document comes before the resume.
Can you post a link.
Not familar with it, but will read it if you point me in the right direction
Here are some links:-
1. FUTO's Source-First Licence
2. IRL usage of Source-First Licence
3. A criticism of Source-First licence & FUTO
Have fun 
I read all 3.
The critic has been tricked. He is naive nice person. And therein lies the rub. He is dwelling on rebutalling the bullshit not realizing it's purpose is to distract away from real issues.
He's argued twice based on nostalgia rather than on legal merits.
People may have legitimate reasons to want different terms in an open source license. The critic rejects this.
If the critic has nothing to add to the conversation, he should go pound sand. The adults are capable of ripping systems apart and understand how to pieces fit back together and can customizing them without deviating from FOSS and OSD philosophy.
Go with aGPLv3. FUTOs nonsense nonpoints don't help in the least.
Real issues like pay only in Monero to the maintainer without any KYC. Not in encumbered methods requiring our time and risk of not being able to receive the funds. No NPOs. No middlemen that take cut.
Devs needs to unionize or form gangs. Society is currently telling us to get a job rather than maintain the packages world+dog relies upon. That's malicious, suicidal, has real consequences, and thus should be our #1 political issue. And we have to change society's focus by causing a rukcus, not submitting more resumes to create more web sites and smartphone apps or cloud services. Which is just purposefully pushing us towards a job creation program rather than a means to maintain world+dog's tech base.
There should be a systematic way for companies to pay towards those maintaining their tech stack. Lacking this, the companies can just say they are confused on how to go about paying devs. I can see their POV. That infrastructure needs to exist.
None of these points, violate open source philosophy one bit.
None of these points require yet another license. It's more about what direction tech community has to take moving forward.
Well, if I understand things correctly, it may address a part of this issue indirectly: corps are responsible of what they use. If a part is open source they also have the opportunity to fix the problem themselves.
Looks very nice to me.
Wait? Are we pretending the corps are actually the FOSS devs?
A Corp dev, aka a FOSS dev forced into societal job creation servitude making throw away smartphone apps, web sites, and now AI models.
Gets paid to not be a productive person. Is essential what a societal job creation program is. Actually accomplishing anything is a random flaw and not the intent of employing devs.
The alternative would be to fund the dev to concentrate on maintenance efforts of their repos which the entire world depends on.
And if you don't believe me, just explain one thing. What's the pip-tools maintainer up to? Cuz it's definitely not focused on pip-tools maintenance
Would definitely be interested to check in daily to watch what he's doing. Can throw parties to watch some of the most influential and important people on the planet do the equivalent of digging ditches, refilling them, then doing it again.
They literally went don't care "Git is good enough" they're literally talentless monkeys
There is efforts to make the issues and PRs forkable as well. There is some folks jumping ship. Haven't researched the new platforms like codeberg
I wasn't talking about Github, I was talking about GIT itself;
Look at these Three:
1. Fossil
2. Pijul
3. Darcs
The last 2 are Patch-Based & 2 is basically a modernized-version of 3, eventhough 3 is still being maintained to this day & 1 is a fully-fledged Github-in-a-box
Oh boy I can't wait for the negative comments about it's obviois flaws, so let's hear it
Have read thru the Fossil web site. Fossil and git are nothing alike. Fossil is not Github in a box. That's misleading.
It's ok to place the key/value pairs merkle tree into an sqllite database AND NOT change the philosophy away from what we are used to with git.
Fossil makes me more sold on git. I want the PRs, i want to be able to rebase. I want to be able to fork projects away from it's parent.
Fossil needs to rewrite if it wants to attract git users. My main thing is portability of PRs and Issues. So when fork a project, the PRs and Issues are also forked. When the original author disappears would be nice to not have to rename the repo, while losing the PRs and Issues.
No. The FOSS dev would turn around and tell the entire world to go pound sand
The devs are under no obligations to do squat. Which includes responding to any EU requests.
If anyone has a problem with a FOSS project, they are welcome to fork the repo and maintain it themselves. And then send love letters back and forth to the EU.
If anyone is sent a request by the EU, i'm here to help. Some ideas to include in a response.
Shouldn't EU be focusing on Ukraine and throwing their males into a meat grinder?
EU does not have free speech. Why take them seriously? Why have any expectations of them?
MSFT please send all that love and support by all the bitcoin you are not buying
thank you
-- package maintainers
I'm so surprised to read a Microsoft article written by a former member of the European Parliament from the Pirate Party, even moreso as the president of the lobbying arm of Microsoft.
I was interested in knowing what are the duties of the software providers under the regulation, more than hiw they don't apply to hobbyists, I keep searching for other articles that explain it.
Vi måste ta till vara på det positiva. Den gångna veckan föll Assads mycket brutala och hårdföra diktatur. Det är en positiv utveckling. Innan dess stoppade folket i Sydkorea en statskupp. Ukraina står emot en mycket starkare angripare dag efter dag, vecka efter vecka, månad efter månad. Det är nåt att glädjas åt.
Perf Support For 2,048 CPU Cores Is Becoming Not Enough - Patches Bump Kernel Limit
Perf Support For 2,048 CPU Cores Is Becoming Not Enough - Patches Bump Kernel Limit
Currently the Linux kernel's 'perf' performance monitoring subsystem has a limit on 2,048 CPU cores for its CPU map that is set by the MAX_NR_CPUS valuewww.phoronix.com
reshared this
Linux reshared this.
Systemd v257 released
- The --purge switch of systemd-tmpfiles (which was added in v256) has been reworked: it will now only apply to tmpfiles.d/ lines marked with the new "$" flag. This is an incompatible change, and means any tmpfiles.d/ files which shall be used together with --purge need to be updated accordingly. This change has been made to make it harder to accidentally delete too many files when using --purge incorrectly.
- The systemd-creds 'cat' verb now expects base64-encoded encrypted credentials as input, for consistency with the 'decrypt' verb and the LoadCredentialEncrypted= service setting. Previously it could only read raw, unencoded binary data.
- Support for automatic flushing of the nscd user/group database caches has been dropped.
- The FileDescriptorName= setting for socket units is now honored by Accept=yes sockets too, where it was previously silently ignored and "connection" was used unconditionally.
- systemd-logind now always obeys block inhibitor locks, where previously it ignored locks taken by the caller or when the caller was root. A privileged caller can always close the other sessions, remove the inhibitor locks, or use --force or --check-inhibitors=no to ignore the inhibitors. This change thus doesn't affect security, since everything that was possible before at a given privilege level is still possible, but it should make the inhibitor logic easier to use and understand, and also help avoiding accidental reboots and shutdowns. New 'block-weak' inhibitor modes were added, if taken they will make the inhibitor lock work as in the previous versions. Inhibitor locks can also be taken by remote users (subject to polkit policy).
- systemd-nspawn will now mount the unified cgroup hierarchy into a container if no systemd installation is found in a container's root filesystem. $SYSTEMD_NSPAWN_UNIFIED_HIERARCHY=0 can be used to override this behavior.
- /dev/disk/by-id/nvme-* block device symlinks without an NVMe namespace identifier are now fixed to namespace 1 of the device. If no namespace 1 exists for a device no such symlink is created. Previously, these symlinks would point to an unspecified namespace, and thus not be strictly stable references to multi-namespace NVMe devices. These un-namespaced symlinks are mostly obsolete, users and applications should always use the ones with encoded namespace information instead. This change should not affect too many systems, because most NVMe devices only know a namespace 1 by default.
- Support for cgroup v1 ('legacy' and 'hybrid' hierarchies) is now considered obsolete and systemd by default will ignore configuration that enables them. To forcibly reenable cgroup v1 support, SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1 must additionally be set on the kernel command line.
reshared this
Linux reshared this.
I'd just like to interject for a moment. What you're refering to as systemd, is in fact, systemd/Linux, or as I've recently taken to calling it, systemd plus Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning systemd system made useful by the systemd services, journald and vital system components comprising a full OS as defined by Poettering.
Many computer users run a modified version of systemd every day, without realizing it. Through a peculiar turn of events, the version of systemd which is widely used today is often called Linux, and many of its users are not aware that it is basically the systemd init service, developed by Lennart Poettering.
There really is a Linux, and these people are using it, but it is just a part of the system they use. Linux is the kernel: the program in the system that allocates the machine's resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete init system. Linux is normally used in combination with systemd: the whole system is basically systemd with Linux added, or systemd/Linux. All the so-called Linux distributions are really distributions of systemd/Linux!
All the so-called Linux distributions are really distributions of systemd/Linux!
but are they really? how about distros without systemd what would you call those OpenRC/Linux? systemd is indeed a giant intricate project,which is why some people don't like it or are against it,but all its components are working alongside the Linux kernel, without which there wouldn't be a need for systemd. I would say it's rather Linux with systemd,as systemd is optional.
edit: useless autocorrect
PhotonCamera: Android Camera that uses Enhanced image processing
PhotonCamera uses advanced algorithms for capturing and processing raw images which give unmatched HDR outputs. PhotonCamera is currently in beta stage and is having rapid development.
Features:
HDRX - This functionality enables advanced stacking of many underexposed images and creates beautiful outputs.
Utilize each camera lens, by the main, wide, macro, telephoto or even IR, a functionality not available in other open source apps.
Manual Control - Easy to use knobs to control Focus, Shutter Speed and ISO on the go.
Configurable Settings :
Number of frames(maximum)
Sharpness
Saturation
Shadow Strength
Interactive viewfinder
Enabling the grid
Enabling viewfinder rounding
Advanced mode settings
Save separate settings for each camera lens
Wide range of supported devices.
GitHub - eszdman/PhotonCamera: Android Camera that uses Enhanced image processing
Android Camera that uses Enhanced image processing - eszdman/PhotonCameraGitHub
reshared this
Open Source reshared this.
Opening the app for the first time on my Fairphone 5 (listed as unsupported) actually crashed the OS, but after that it seems to be working ok.
Closing out of the in-app gallery causes the app to crash. But that can easily be worked around by using some other gallery app.
I'll be testing it for a bit to see how it fares against other HDR methods...
Same experience on my Fairphone 5, first crashed the OS when I tried accessing the gallery.
Now it is working but the pictures have like dead pixels on them.
Their russian telegram channel has some opinions.
Besides a chemtrail conspiracy - reference there is a whoule channel for the ru-ukr war. I am unsure if it is in support of the war or not and translating it does not really clarify it (sentiment gets lost easily I guess).
Considering that, some clarification would be nice. Because I don't think I would trust a software made by russian "patriots" (quote from the channel) in the current geopolitical landscape.
An Android camera having a Russian telegram channel basically puts this on the no list for me, dog.
Like, I barely care to even hear their reasons.
It's Russian AND Telegram? Does it come with hepatitis too?
Uhm. It is important to remember that people are not the extension of the government they live under.
If it was closed source I would agree but you can check for yourself if the code is good. Even if they are crazy.
Telegram is involved with the shadier end of the crypto market, and for a market that's shady enough as it is without needing a shadier part, it's pretty damn dark in there.
Also
blog.cryptographyengineering.c…
It isn't even viable for their uses. They should consider ~~moving~~ upgrading to Matrix or Signal.
If it was closed source I would agree but you can check for yourself if the code is good. Even if they are crazy.
No I can not. I am not an android-dev, I am not the best dev out there and I don't have time to thouroughly go through a big codebase.
It would defenetly be possible to hide mallicious code from me, even if I have access to the source-code.
For really big projects it is safe to assume other, more knowlegable people have allready audited the code, but for small ones I have to be able to trust the devs.
Tried it on an older Pixel with GrapheneOS.
Can't zoom, can't switch to wide-angle lens. Camera does not balance brightness by the focus point. Otherwise pictures look pretty much the same.
I suppose this was made for specific devices in mind?
Hello.
Hopefully, feedback is appreciated.
Searched on Google Play with no results, same on F Droid.
Thanks.
Bankruptcy judge rejects The Onion’s bid to buy Alex Jones’ Infowars
Bankruptcy judge rejects The Onion’s bid to buy Alex Jones’ Infowars
A bankruptcy judge on Tuesday rejected a bid by The Onion’s parent company to buy Alex Jones’ far-right media empire, including the website Infowars, ruling that the auction process was unfair.David Ingram (NBC News)
Bankruptcy judge rejects The Onion’s bid to buy Alex Jones’ Infowars
Bankruptcy judge rejects The Onion’s bid to buy Alex Jones’ Infowars
A bankruptcy judge on Tuesday rejected a bid by The Onion’s parent company to buy Alex Jones’ far-right media empire, including the website Infowars, ruling that the auction process was unfair.David Ingram (NBC News)
Lilbits: New software can breathe new life into discontinued hardware
Google announced two years ago that it was killing its short-lived Stadia game streaming service. and while the company was refunding customers who’d purchased games and hardware, folks who’d purchased the Stadia Controller weren’t thrilled that Google’s original plans would have led to the device becoming useless once the servers shut down.
Fortunately Google later released a tool that would let users convert the Stadia Controller into a Bluetooth game controller that could be used with other devices. And while the tool was only supposed to be around for a year, Google later extended its lifespan… and now the company has quietly done it again. So if you’ve got a Stadia Controller lying around, or find one in a garage sale, you’ve got at least until the end of 2025 to turn it into a Bluetooth controller.
Meanwhile Spotify is taking a very different approach with its short-lived Car Thing accessory that was designed as a wireless display and controller for streaming music in an automobile. After announcing earlier this year that it would discontinue all support for the Car Thing, the company has indeed begun to shut down its servers, and users are seeing messages letting them know that their devices will no longer work.
There is an active community of hardware hackers that have found ways to repurpose the CarThing for use as a DeskThing or for other purposes. But there’s no particularly easy way to get it to serve its original purpose… at least not yet.
Stadia Controller Bluetooth mode [@Wario64]
Google has quietly extended the deadline for turning the discontinued Stadia Controller into a Bluetooth game controller that can be used with a wider range of devices. The utility will now be available until at least Dec 31, 2025.
Car thing is officially dead [/r/CarThing]
Spotify is killing off support for the Car Thing today. It appears to be a phased rollout, but many users are now seeing a message saying their devices are no longer operational. Hackers have found new uses for the hardware… but not in cars, for the most part. via /r/CarThing (reddit) and Thing Lab (Discord)
What’s next for Surface in 2025, including a possible 11-inch mini Surface Laptop? [Windows Central]
Report: Microsoft could launch new Surface Pro and Surface Laptop models in 2025 with Intel Lunar Lake chips, as well as a new Surface Laptop Studio (might be Intel or AMD) and maybe a new 11 inch Surface device with Snapdragon X.
Compact RISC-V Linux Development Device with USB Form Factor Powered by Rockchip RV1103 [LinuxGizmos]
The Luckfox Pico WebBee RV1103 looks like a USB flash drive, but it’s a tiny computer with a RV1103 processor with a 1.2 GHz ARM Cortex-A7 CPU and a RISC-V microcontroller, 64MB of DDR2 memory, a128MB of SLC NAND flash storage, and a microSD card reader and 10/100 Ethernet port. It sells for $14.
Keep up on the latest headlines by following Liliputing on Bluesky or @bradlinder@fosstodon.org on Mastodon. You can also follow Liliputing on Threads, Facebook, and X.
#carthing #google #leaks #lilbits #luckfox #luckfoxPicoWebbeeRv1103 #repurposingHardware #rumors #rv1103 #spotify #spotifycarthing #stadiaController #surfaceLaptop #surfaceLaptopMini #surfacePro
Walgreens Shares Spike Off 28-Year Lows On Private-Equity Interest; Report
Walgreens Shares Spike Off 28-Year Lows On Private-Equity Interest; Report
ZeroHedge - On a long enough timeline, the survival rate for everyone drops to zeroTyler Durden (www.zerohedge.com)
Syria's Assad is in Russia, Putin's deputy foreign minister confirms to NBC News
Syria's Assad is in Russia, Putin's deputy foreign minister confirms to NBC News
Russia is providing sanctuary to Bashar al-Assad, after the swift collapse of the Syrian leader's regime, Russia’s deputy foreign minister told NBC News.Keir Simmons (NBC News)
Daniel Penny’s Innocence—and the Shame of Alvin Bragg
Daniel Penny’s Innocence—and the Shame of Alvin Bragg
A just verdict for Daniel Penny does not erase the unwarranted prosecution—nor the Manhattan district attorney's petty lawfare against Donald Trump.The Editors (The Free Press)
Time Magazine names Caitlin Clark ‘Athlete of the Year’
Time Magazine names Caitlin Clark 'Athlete of the Year'
Caitlin Clark was honored by Time Magazine as their 'Athlete of the Year' after an incredible year in college basketball and the WNBA.Matt Yoder (Awful Announcing)
Time Magazine names Caitlin Clark ‘Athlete of the Year’
Time Magazine names Caitlin Clark 'Athlete of the Year'
Caitlin Clark was honored by Time Magazine as their 'Athlete of the Year' after an incredible year in college basketball and the WNBA.Matt Yoder (Awful Announcing)
Sidekicks introduces collective and anarchist posting
Theory
A new decentralized social media paradigma, in which data of posts is used to gain some addional features (opt-in).
I would additionally differentiate between central and decentralized bots.
Collective posting means posting to a bot (centralized or not), which then determines which posts go out and how, based on data collected by the bot through earlier iterations of this process, determined by some agreed upon guidelines.
Anarachist posting means posting to the Fediverse, while at the same time collecting all of these messages via a bot (centralized or not), which sends the data back to the client, who can use it again for some calculation based on chosen processes.
Examples
Let's see what that means if I want to post my cooking plan for the week.
Anarchist Posting
I post my fridge-content and what I want to cook. This information with all the other participants is saved by the bot and later provided to me as suggestions for my next cooking plan based on a process that I picked.
Centralized bot
The bot posts global suggestions what each participant can do better (for example to eat healthier), based on their chosen settings.
Decentralized bot
Its all done in my bot, which displays suggestions individually to me.
Collective Posting
I post my fridge-content and what I would like to cook. The bot takes this message in with what all the others want to cook and have and then decides what I get to cook and post it based on a distribution-algorithm that I have agreed to.
Centralized bot
One centralized bot calculates the perfect meal for everyone; or every participant but the message is posted globally.
Decentralized bot
Perfect meals are calculated decentrally based on the agreed upon guidelines.
In Sidekick
Anarchist posting: When posting through the Dolphin-bot, all posts are collected and then used on the client-side to provide suggestions to Dolphin-users.
Collective posting: With the Buzz Lightsting-bot, all posts done via Buzz are not sent immediatly, but collected at the central Lightsting-bot, shuffled and then sent randomly over the participating profiles at specified times.
(This is just an outlook, its theoretically implemented, but the client currently only supports being used by a single person ... it would also be nice to attach this functionality to hashtags ... its all a bit work in progress ;))
The readme describes it better:
Bot-centered Fediverse app. Users post ONLY through bots. On sign-up, every user chooses a bot (or Sidekick) and can then customize user experience and execute commands with it by posting to the bot. The post prompt is made customizable and elevated in this sense (fedi-app with custom-prompts).
I understood it all to mean, you get a layer of automation and triggers that can be used when you post to interact with data both within and beyond the scope of the actual social platform.
I’m not 100% sure this is accurate, but that’s what I got.
2) what does anarchist posting have to do with anarchism?
3) was this post generated by one of your sidekicks? Because I think he might have schizophrenia
All posts are filtered, organized and sometimes made by AI, or non AI programs, which will decide which users get shown which posts?
Interesting
like this
Aatube likes this.
like this
Aatube likes this.
Unfortunately, no, but you can get kind of close for Debian distros with LURE.
EDIT: Apparently LURE is supposed to be distro-agnostic, so it'd probably work for EL too.
Aatube likes this.
apt-get upgrade (or however, I always messed it up!) was annoying to me, and I switched to an arch distro (Endeavour) and I'm super happy with it. It's my only machine and it is awesome
Israel strikes and advances into Syrian territory after Assad's overthrow, fueling alarm
Israel strikes and advances into Syrian territory after Assad's overthrow, fueling alarm
While Syria celebrates overthrowing its longtime dictator, it is also being subjected to a new ground incursion and a wave of airstrikes from its neighbor Israel that drew growing international condemnation and concern Tuesday.Freddie Clayton (NBC News)
InnerScientist
in reply to petsoi • • •Upronn
in reply to petsoi • • •Excited for Venus providing vulkan on guests.
Does anyone know how long it will take to reach mainstream distros like Ubuntu?