Emacs conference is on!

Watch it on youtube, peertube, or using a streaming player like mpv

mpv https://live0.emacsconf.org/gen.webm
mpv https://live0.emacsconf.org/dev.webm

cross-posted from: https://lemmy.today/post/42851505

Slightly more detail in this GitHub issue, however much is still unknown, even after three or so days. The dev hasn't revealed any further details. Some articles on this incident:

• https://www.bleepingcomputer.com/news/security/smarttube-youtube-app-for-android-tv-breached-to-push-malicious-update/
• https://www.aftvnews.com/smarttubes-official-apk-was-compromised-with-malware-what-you-should-do-if-you-use-it/

Note that the articles provide little detail on what's happened, mostly just detail that a malicious library was found and Play Protect started removing the app if affected. It's unclear which versions are specifically affected, how the dev got breached, and what the malware actually does. According to a user (who may or may not be using some sort of LLM, their comment sounds like one at least) in a separate, related issue, the malware may collect device info and send to a command & control server. It could (in theory) receive new instructions at any point if it's a C2 server. Again, it does appear that they had an LLM of some sort generate their comment, so take it with a grain of salt.

I'm going to uninstall the app and revoke access on my Google account page. I see little reason to need to reset my password as of right now, since the app uses an API key and not my actual password. In my opinion, it's possibly related to YT viewbotting and commenting, or to add your device to a botnet. It's unclear to me how this botnet would work in practice, since even Android TV sandboxes apps (for the most part).

Update: it appears that this may be related to the Vo1d botnet: DrWeb: Android.Vo1d.14.origin. If this is indeed the case, then the goal was to add devices to the botnet. It's my understanding that previous versions of this botnet typically required cheap, pre-rooted Android TV boxes, in order to install other apps. I'm not sure if that means that you're safe if your device is not rooted. It might be worth checking your installed apps for oddities.

Slightly more detail in this GitHub issue, however much is still unknown, even after three or so days. The dev hasn't revealed any further details. Some articles on this incident:

• https://www.bleepingcomputer.com/news/security/smarttube-youtube-app-for-android-tv-breached-to-push-malicious-update/
• https://www.aftvnews.com/smarttubes-official-apk-was-compromised-with-malware-what-you-should-do-if-you-use-it/

Note that the articles provide little detail on what's happened, mostly just detail that a malicious library was found and Play Protect started removing the app if affected. It's unclear which versions are specifically affected, how the dev got breached, and what the malware actually does. According to a user (who may or may not be using some sort of LLM, their comment sounds like one at least) in a separate, related issue, the malware may collect device info and send to a command & control server. It could (in theory) receive new instructions at any point if it's a C2 server. Again, it does appear that they had an LLM of some sort generate their comment, so take it with a grain of salt.

I'm going to uninstall the app and revoke access on my Google account page. I see little reason to need to reset my password as of right now, since the app uses an API key and not my actual password. In my opinion, it's possibly related to YT viewbotting and commenting, or to add your device to a botnet. It's unclear to me how this botnet would work in practice, since even Android TV sandboxes apps (for the most part).

I (unfortunately) have to use PDFs a lot for my work. I'm on Windows 11 (for now) and I'm really sick of Xodo PDF: it has some features locked behind a paywall, and this week it keeps crashing for some reason. I would love to replace it but I haven't found a fully-featured FOSS app for reading/editing PDFs.

What do I mean by "fully-featured?"

• Signing PDFs with my saved signature
• Editing page order / combining multiple PDF documents into one. (On MacOS, the Preview app does this BEAUTIFULLY)
• Annotating
• Highlighting
• Search

Is there a FOSS Windows app that can do all these things?

Thanks Lemmy!

I think this is a very common story in the foss world and we lose a lot of good devs and good projects to it.

Which software should I choose? I'm switching from Windows and would like to know which one to use and recommand.

This is Bridge - a privacy focused, Firefox AI disabled, Fediverse integrated browser. It has vim navigation via Tridactyl, Bitwarden integration, as well as Ublock integration.

It has an old Firefox RSS feature where you can scan a site for RSS feeds and it will add them to the RSS feed reader.

But the highlight of this is the Mastodon and Lemmy integration. you can have your Mastodon feed displayed in the sidebar on the browser which will give you access to your home, local, and fediverse feeds. you can post, reply, boost, and favourite posts.

The Lemmy extension allows you to see and link directly to lemmy discussions on whatever instance you like (multiple even) if you’re on a site/news article/blog post/whatever. If the extension sees that this has been posted on Lemmy, it will provide you with a direct link to whatever discussions it finds based on the current URL you’re on.

This has been a hobby project of mine for a bit now, It’s very slow development as I have a job and can’t dedicate all the time in the world to this. I wanted to originally build a browser from scratch but realized that would probably take me years so I settled with a fork of firefox.

Currently I believe it only works on Linux and is in a very early alpha. It hasn’t crashed on me yet but visually is a bit rough around the edges.

I just wanted to share this little hobby project I’ve been working on. Thanks!

https://codeberg.org/rozodru/Bridge

cross-posted from: https://lemmy.world/post/33915876

This is a California state court case that could drastically change the landscape for Free and Open Source Software moving forward. And particularly that FOSS that is covered by Copylefted licenses like the GPL family of licenses.

The premise of the case is that by selling smart TVs with only the compiled version of GPL'd (and likely forked) code projects such as the Linux kernel, BusyBox, selinux, ffmpeg, etc, Vizio is blatantly violating the "Source Code Provision" of the GPL which requires that they provide along with this compiled code, also the source code or failing that a written offer of source code to any recipients of these compiled versions of these GPL'd applications and libraries.

(Now, of course, anyone can get the source code of the Linux kernel or BusyBox or any of the other applications at issue. But in the process, Vizio and their manufacturers have written kernel drivers for the hardware specifically on the TVs (which are derivative works of the Linux Kernel and therefore covered by the GPL), and probably made modifications to several of the other codebases in order to make them do novel things specifically for the smart TVs in question. Beyond that, the GPL requires Vizio to provide any programs/scripts/signing-keys/etc to compile and install the source code (or a, say, consumer-modified version of the source code) onto the TVs. It's the Vizio-specific/chip-manufacturer-specific modifications/derivative works and compiling/installing code that's most important.)

The "Software Freedom Conservancy v. Vizio Inc." case is seeking to force Vizio to comply with the GPL. Assuming the SFC is successful and the courts rule in their favor, the eventual result is expected to be a fully FOSS OS "distribution" (of, basically, GNU/Linux) that end users can install on their Vizio TVs in place of the factory-installed OS. This FOSS OS distribution, of course, would allow users to remove ads and other antifeatures from the TVs in question. And over time, it's highly probable that this FOSS OS smart TV distribution would expand to other models and brands of TVs. Roughly speaking, the goal of this lawsuit is to be able to create an "OpenWRT but for smart TVs."

But this case could definitely affect the industry not just for smart TVs. Smart phones, game consoles, automobiles, robot vacuum cleaners, sex toys. So many consumer electronics devices run on, for instance, the Linux or Android kernel (both of which are covered by the GPL). And a lot of these devices also include many other programs and libraries covered by the GPL. There's potential for lots of different "OpenWRT but for " sort of distributions. And if SFC v. Vizio succeeds, it could greatly increase the likelihood of all of these coming to fruition.

Vizio has been stalling for strategic reasons. But there's a court date set for 2025-09-22. My understanding is that there will be options to watch a live stream of it via Zoom for Business. (Yes, it's proprietary, unfortunately.) You can even apply for a grant to travel to California to attend the hearing in person (though I think that's kinda mostly for bloggers and journalists and such). Also, a lot of court documents about the case are linked on the page I linked in this post.

Ok. Time for a bit of legal nerd stuff. (IANAL, not legal advice, etc.) Previous GPL enforcement cases have been copyright cases brought by the copyright holders. This case is novel in that it's a contract case. There's a legal concept of a "third-party beneficiary" to a contract. If Alice and Bob make a contract that requires Alice to pay Charlie $100, then Charlie is a third-party beneficiary and thus can bring a suit for enforcement against Alice. In this case, copyright holders of GPL'd code made a contract (the GPL) with Vizio that requires Vizio to make sure anyone they distribute compiled GPL'd code to can get the source code (and compiling/installing scripts etc), so anyone Vizio sells a TV to is a third-party beneficiary and therefore can bring a suit against Vizio to get the court to force Vizio to hold up their obligations under the GPL. At least that's the legal theory under which SFC is bringing the suit.

If you want more info about this, this YouTube video is a panel of SFC folks doing a Q&A specifically about the Vizio case. It'll have some interesting tidbits of info.

I'm hopeful, and the courts have been sympathetic to the SFC's arguments so far. I'm crossing my fingers for sure.

LibreLingo's mission is to create a modern language-learning platform that is owned by the community of its users. All software is licensed under AGPLv3, which guarantees the freedom to run, study, share, and modify the software. Course authors are encouraged to release their courses with free licenses.

Course templates are fairly easy to make it seems. There are a handful more not listed in the linked URL (though I think you need to install a local copy for them to work; links here are hosted by an old version of LibreLingo).

Edit: I have twice now changed the link, as I keep linking either the old or broken web interface. apologies, that's on me.

I was using Wanderlog and they randomly delete things. It's really annoying. I like to create a map for friends that are visiting so they can pick and choose what sounds interesting. If it all gets randomly deleted, what's the use?

Nevermind: Found this- https://wiki.openstreetmap.org/wiki/Android

After two years of development, Twenty is ready for productive use. The open source CRM has already won many advance praises.

cross-posted from: https://lemmy.world/post/31788491

Please see the cross-post as it is updated.

How a student fought to do their degree without submitting to proprietary (Microsoft, Google, Oracle etc) software and services that lecturers & admins demanded, and only use free software instead (like Jami, Jitsi Meet, PostgreSQL etc).

cross-posted from: https://lemmy.world/post/26434564

Lots of feedback to respond to in regards to self-hosting, a good amount sent by Lemmy users and fediverse types. Hope you all enjoy!

(00:40) Linuxfest Northwest 4/25 - 4/27

(01:30) Forum now available for full show notes and project discussion. Also accessible from Matrix.

• https://flarum.org/

(02:39) Simple feedback form now available for sending your feedback and suggestions. Or, you can always email podcast@james.network

(03:45) ameriDroid now sponsors the podcast.

• use LINUXPREPPER coupon code to support the show.

(04:50) If you like the show please do share it! Spread the word. This is a small show, which most people don't know about. Thank you so much.

• You can also donate to me on paypal.
  • Allowing recurring donations with a fancier system is in-the-works.

(05:50) Librewolf browser, community fork of Firefox.

(06:35) Works on My Machine badge by CodingHorror of Discourse

(07:30) Kickstarter for PixelFed and Loops by dansup

• PixelFed is a federated, FOSS alternative to Instagram
• Loops is a federated, FOSS alternative to TikTok
• Dansup website

(08:45) @linuxprepper@podcast.james.network

• This podcast is also available on the fediverse at the above address. Use Mastodon of whatever client you prefer.

Audience Feedback with HB

(10:00)

• HB is on github

Hungry Bogart interview on Linux Prepper origins and background on Medium.

Full show notes within the podcast or at https://discuss.james.network/public/d/25-shownotes-for-episode-4-audience-feedback-on-selfhosting

A new version of Roundcube Photos has been released. New in 1.5.6 is the feature to share images with Mastodon, including multiple images. The manual generation of tokens has been removed, as the plugin now logs on to a Mastodon or Pixelfed instance as an autonomous app. The Timeline view and various internal improvements and bug fixes are also new. You can find the new version, as usual, on https://codeberg.org/Offerel/Roundcube_Pictures

📙 FuzPad: Minimalistic Note Management

Hey everyone,

Check out FuzPad, a minimalistic note management solution powered by ⚡junegunn/fzf⚡.

Features:

• Create, open, search, and delete notes.
• Automatic version control for notes.

Installation:

Homebrew:

brew install JianZcar/packages/fuzpad

curl:

curl -s https://gist.githubusercontent.com/JianZcar/df050e108b462e469f413f0eec229143/raw | bash

Feel free to contribute, and happy noting!

FileOptimizer is an advanced file optimizer featuring a lossless (no quality loss) file size reduction

Came in handy when I needed to compress a PDF locally, as I was reluctant to upload my PDF to an online tool. Looks like it does a lot more as well, though I haven't explored it much. Default is lossless compression, but lossy compression is an option as well.

cross-posted from: https://feddit.it/post/11985244

Declaration

We, the undersigned members of the Open Source community, assert that Open Source is defined solely by the Open Source Definition (OSD) version 1.9.

Any amendments or new definitions shall only be recognized if declared by clear community consensus through a transparent process to be determined.

Hi,

I found this awesome app the other day. Stream live internet radio from all over the world with no ads or in-app purchases. It has a search function, lets you create and arrange a favorites list, shows the bitrate of each stream, displays current song and artist, etc. It's crazy all the things you can find, even local stations.

Happy listening~

Github: https://github.com/segler-alex/RadioDroid/releases

Google Play: https://play.google.com/store/apps/details?id=net.programmierecke.radiodroid2&hl=en_US

Is there a reason why? Less funding? Web devs don't make the pages Firefox friendly? Since the user base is smaller, they just don't care?

opinion? 🥶