that kernel release (which most distros have still not shipped yet) fixes only one of the two vulnerabilities (CVE-2026-43284); afaik even upstream still doesn’t have a patch for the second one (CVE-2026-43500) at this time.

(for people relying on Linux privilege separation, here are mitigation instructions.)

I was surprised to find that dbzer0 has 290 communities.

I guess they have 290 communities which are federated to the instance where you’re collecting these stats; according to dbzer0’s front page they actually have 332 communities. (Also your screenshot shows 1337 communities on lemmy.ml but we actually have 4.74K, and 3919 for .world which actually has 13.1K.)

unfortunately, like its predecessor (Nokia’s Maemo/Meego), Jolla’s SailfishOS has never been (and has never had plans to be) fully free/libre open source software.

many components of it are freely licensed, but not nearly enough to constitute an actual mobile operating system you can use.

Activity lights are useful

in even more ways than one might think.

(see also this and this later work from the same author…)

based on the other comments here i had to double check if this thread was in !shittyasklemmy@lemmy.ml smh my head

You’re correct on both points (🤦‍♂️ indeed).

I’ve now edited this post to link to their advisory text file instead of their advertising-heavy blog post about it which I had initially linked when the above comment was posted. Thanks.

FYI, the day after you published this blog post, a spam blog posted… their AI reimplementation of it 🤦

Nice post. Relatedly, see also malus.sh and this talk by the people that made it (both of which I posted in this lemmy community here).

A couple of minor corrections to your text:

Blanchard’s account is that he never looked at the existing source code directly.

Blanchard doesn’t say that he never looked at the existing code; on the contrary, he has been the maintainer (and primary contributor) to it for over a decade so he is probably the person who is most familiar with the pre-Claude version’s implementation details. Rather, he says that he didn’t prompt Claude with the source code while reimplementing it. iirc he does not acknowledge that it is extremely likely that multiple prior versions of it were included in Claude’s training corpus (which is non-public, so this can only be conclusively verified easily by Anthropic).

The GPL’s conditions are triggered only by distribution. If you distribute modified code, or offer it as a networked service, you must make the source available under the same terms.

The GPL does not require you to offer GPL-licensed source code when using the program to provide a network service; because it is solely a copyright license, the GPL’s obligations are only triggered by distribution. (It’s the AGPL which goes beyond copyright and imposes these obligations on people running a program as a network service…)

Nice, thanks.

It would certainly be nice to be able to pre-download language pair models without selecting to and from and then actually initiating a translation using the model i don’t have yet.

re: getting uBlock externally, i also see the attraction of that approach but unfortunately Debian’s package was last updated in October (from 1.62 to 1.67) while AMO has a release from January (1.69) :/

imo it would be better to bundle UBO and ship its updates along with browser updates.

are there plans to distribute Konform via flathub?

Full-page machine translations are disabled

Firefox translations are done offline (after downloading the model for a langauge pair).

Does anybody know why Konform decided to disable this very useful feature?

could Red Hat eventually take control of the project

Fedora started in 2002 and merged with “Red Hat Linux” in 2003.

Red Hat, Inc has had full control of it ever since then.

It is a “community project” inasmuch as there are Fedora developers who are volunteers (and some who are paid by companies other than Red Hat), and the Fedora Council includes people who are not employed by Red Hat - but the Project Leader is always a Red Hat employee, and if the Council ever has an irreconcilable difference with Red Hat then Red Hat can simply ignore and/or dismiss them.

Red Hat owns all Fedora-related trademarks, and the Fedora Project is not an independent legal entity: it is a part of Red Hat.

If Fedora developers don’t like Red Hat’s decisions regarding the project, they can fork it but they’d need to change the name and find some other sources funding.

Also, icymi, Red Hat became a subsidiary of IBM in 2019.

maybe it would be better to say that it is stochastically accurate?

also btw icymi, this is a post about LLMs

Zionism is, and has always been since the modern movement started in the 19th century, intrinsically antisemitic.

i think i get Candand (what some Barnes & Noble spam once rendered C++ as?) but, what is borsuk language?

Reputable news source “GLOBAL FACTZ”

😂

Fwiw, before reposting this meme, I actually checked to make sure that the underlying “weird news” story here was not solely reported by random clickbait fake news sites but was also covered by an actual news organization.

So in summary. You’re right. Sealed sender is not a great solution. But

Thanks :)

But, I still maintain it is entirely useless - its only actual use is to give users the false impression that the server is unable to learn the social graph. It is 100% snake oil.

it is a mitigation for the period where those messages are being accepted.

It sounds like you’re assuming that, prior to sealed sender, they were actually storing the server-visible sender information rather than immediately discarding it after using it to authenticate the sender? They’ve always said that they weren’t doing that, but, if they were, they could have simply stopped storing that information rather than inventing their “sealed sender” cryptographic construction.

To recap: Sealed sender ostensibly exists specifically to allow the server to verify the sender’s permission to send without needing to know the sender identity. It isn’t about what is being stored (as they could simply not store the sender information), it is about what is being sent. As far as I can tell it only makes any sense if one imagines that a malicious server somehow would not simply infer the senders’ identities from their (obviously already identified) receiver connections from the same IPs.

Sure. If a state serves a subpoena to gather logs for metadata analysis, sealed sender will prevent associating senders to receivers, making this task very difficult.

Pre sealed-sender they already claimed not to keep metadata logs, so, complying with such a subpoena^[1] should already have required them to change the behavior of their server software.

If a state wanted to order them to add metadata logging in a non-sealed-sender world, wouldn’t they also probably ask them to log IPs for all client-server interactions (which would enable breaking sealed-sender through a trivial correlation)?

Note that defeating sealed sender doesn’t require any kind of high-resolution timing or costly analysis; with an adversary-controlled server (eg, one where a state adversary has compelled the operator to alter the server’s behavior via a National Security Letter or something) it is easy to simply record the IP which sent each “sealed” message and also record which account(s) are checked from which IPs at all times.