Opensource

Wireshark, the world’s most popular network protocol analyzer, has been updated today to version 4.6.2, the second point release to the Wireshark 4.6 series, addressing various bugs and security issues.

Coming after Wireshark 4.6.1, the Wireshark 4.6.2 release is here to update support for the ATM PW, COSEM, COTP, DECT NR+, DMP, Fc00, GTP, HTTP3, IEEE 802.15.4, ISIS HELLO, ISOBUS, MAC-LTE, MAUSB, MEGACO, MPEG DSM-CC, OsmoTRXD, PTP, RLC, SAPDIAG, and SMTP protocols.

This release also updates support for the Peektagged capture file, fixes a crash with the HTTP3 dissector, addresses an infinite loop issue with the MEGACO dissector, and fixes a regression from Wireshark 4.6.1 that caused Omnipeek files not to work as expected.

Hello everyone!

Journiv is a self-hosted private journaling application that puts you in complete control of your personal reflections. Built with privacy and simplicity at its core, Journiv offers comprehensive journaling capabilities including mood tracking, prompt-based journaling, media uploads, analytics, and advanced search. All while keeping your data on your own infrastructure.

Journiv v0.1.0-beta.9 is out with

• Markdown support
• Inline media (images and video) with viewer.
• Many bug fixes and improvements.

The Journey Ahead

Journiv is in active development, with a fully functional backend, a web frontend, and mobile apps launching soon. It is self-hosted, and designed to be your companion for decades.

Journiv is being built because our memories deserve to be ours, forever.

Learn More

• Spin up Journiv
• Journiv on DB Tech Youtube Channel
• Journiv on noted.lol
• Watch other demo videos

Developer @rockstar1215@lemmy.world

The GStreamer project released GStreamer 1.26.9 today as the ninth maintenance update to the latest GStreamer 1.26 series of this popular and powerful open-source, free, and cross-platform multimedia framework.

The GStreamer 1.26.9 comes about three weeks after GStreamer 1.26.8 and improves support for Blackmagic DeckLink capture cards, AJA playout, macOS video decoder and device monitoring, and Spotify integration by using Spotify’s extended metadata endpoint.

Also improved in this release is the stability of the HLS and DASH adaptive streaming clients, NDI source audio corruption for non-interleaved audio with stride padding, the stability of the playbin3 and decodebin3 elements, as well as Python bindings cross compilation.

Open-source firmware consulting firm 3mdeb published a blog post today outlining their work on bringing their Coreboot-downstream Dasharo to the ASRock Rack SPC741D8/2L2T, a recent server motherboard for supporting Intel Xeon Sapphire Rapids and Emerald Rapids processors.

Thanks to work by student engineers at the Karlsruhe Institute of Technology, upstream Coreboot already has a basic port to the ASRock Rack SPC741D8/2L2T. 3mdeb brought the code over to their Dasharo downstream fork while enabling a variety of features found in their downstream branch. Plus getting it to boot Microsoft Windows 11 and other features.

VLC 3.0.22 is now available for download as the latest stable version of this open-source, cross-platform, and free media player for GNU/Linux, Android, macOS, Windows, and other platforms.

Coming more than a year after VLC 3.0.21, the VLC 3.0.22 release introduces a dav1d-all-layers option for the dav1d AV1 decoder for outputting all spatial layers of a scalable AV1 bitstream. This option could also be set via the dav1d command-line interface by using the --alllayers argument.

VLC 3.0.22 also introduces A_ATRAC/AT1 support in Matroska (MKV), adds support for handling pictures in FLAC containers, adds support for handling the mkv-use-chapter-codec option, adds an option to use a dark palette on the Qt interface, and adds an AMD GPU Frame Rate Doubler (Direct3D11) video filter.

cross-posted from: https://lemmy.today/post/42851505

Slightly more detail in this GitHub issue, however much is still unknown, even after three or so days. The dev hasn't revealed any further details. Some articles on this incident:

• https://www.bleepingcomputer.com/news/security/smarttube-youtube-app-for-android-tv-breached-to-push-malicious-update/
• https://www.aftvnews.com/smarttubes-official-apk-was-compromised-with-malware-what-you-should-do-if-you-use-it/

Note that the articles provide little detail on what's happened, mostly just detail that a malicious library was found and Play Protect started removing the app if affected. It's unclear which versions are specifically affected, how the dev got breached, and what the malware actually does. According to a user (who may or may not be using some sort of LLM, their comment sounds like one at least) in a separate, related issue, the malware may collect device info and send to a command & control server. It could (in theory) receive new instructions at any point if it's a C2 server. Again, it does appear that they had an LLM of some sort generate their comment, so take it with a grain of salt.

I'm going to uninstall the app and revoke access on my Google account page. I see little reason to need to reset my password as of right now, since the app uses an API key and not my actual password. In my opinion, it's possibly related to YT viewbotting and commenting, or to add your device to a botnet. It's unclear to me how this botnet would work in practice, since even Android TV sandboxes apps (for the most part).

Update: it appears that this may be related to the Vo1d botnet: DrWeb: Android.Vo1d.14.origin. If this is indeed the case, then the goal was to add devices to the botnet. It's my understanding that previous versions of this botnet typically required cheap, pre-rooted Android TV boxes, in order to install other apps. I'm not sure if that means that you're safe if your device is not rooted. It might be worth checking your installed apps for oddities.

Nearly five months after its July update, PhotoPrism, a widely adopted self-hosted open-source photo management tool, has just released a new version, focused on metadata editing, AI capabilities, and performance improvements across the application.

The update’s most visible change is the new Batch Edit dialog, which lets users modify metadata, labels, and album assignments for multiple photos at once. Entries shared across selected images appear first, with partially assigned items clearly indicated, streamlining bulk corrections and organization.

ONLYOFFICE Docs 9.2, an open-source and self-hosted office suite for documents, spreadsheets, presentations, fillable forms, PDFs, and diagrams, has officially landed. The update centers on AI-powered writing assistance, new personalization tools, more robust PDF editing, and clearer form creation features.

The headline addition is AI-powered spell and grammar checking, now integrated directly through the AI plugin. With this feature enabled, users can run a full-document or selection-based check from the AI tab or by right-clicking in the editor. The system reviews the text, highlights issues, and offers correction suggestions with contextual explanations.

Customization also expands in this release. Users can now define their own keyboard shortcuts to match personal workflows. This option is available under the File tab’s Advanced Settings, allowing editors to fine-tune key combinations for frequently used actions.

Add links to your favorite projects here!

Qualifications

• Prior experience working on one or more of Android/AOSP-based operating systems, the Linux kernel and its hardening, memory allocators, or Android app development
• Strong programming skills in relevant languages (in order from most to least common: Java, Kotlin, C++, C, Rust, JavaScript, TypeScript, arm64 assembly, Bash, Python)
• Need to have enough experience to be comfortable to self direct workloads and submit finished features and fixes ready for review
• Commitment to privacy and security principles
• Ideally prior experience contributing to free and open source projects

Salary and remuneration will be commensurate with experience and aligned with industry standards. You will be employed as an independent contractor

cross-posted from: https://sh.itjust.works/post/50748401

VoidAuth is Single Sign-On for Your Self-Hosted Universe! 🐈‍⬛🔒

This release includes Multi-Factor Authentication (MFA) Support through TOTP Authenticators! There are other features in this release, like a migration from pug to ejs for email notification templates and quality of life improvements like a built-in container healthcheck, navigation between some admin pages, and reducing the character minimum for usernames to just three letters (sorry ted); but MFA is the big one! Users can enable MFA on their accounts to require an Authenticator or Passkey during sign in, and admins can add MFA requirements to groups, OIDC Clients, and ProxyAuth Domains to require users to setup and use MFA in specific scenarios.

Since the last major release functionality has also been added to migrate your database between SQLite and Postgres, check out the docs! Here is the release notes:

Features 🚀

• MFA Support Through TOTP Authenticators and Passkeys
• MFA_REQUIRED Environment Variable and MFA Requirement Option for Groups, Clients, and ProxyAuth Domains
• Email Templates Migrated to EJS, Defaults Templates Are Now Re-Written on Start
• Navigation Between Admin Pages for User and Group

Fixes 🔧

• Change Username and Name Character Requirements (3 Character Minimum)

Chores 🧹

• Added Dockerfile Healthcheck
• Update Dependencies

Docs 📖

• Update OIDC-Guides.md by @Cherryblue in https://github.com/voidauth/voidauth/pull/162

Screenshots

This release includes the first outside contribution to the project as well as the first sponsor! The VoidAuth repository also blew up a bit over the week, going from ~200 to ~600 stars on GitHub. I have no idea why, but seems pretty cool! Thank you to everyone who engages with VoidAuth in any fashion, you are all greatly appreciated 😊

Collabora Productivity has announced the release of the first desktop version of its Collabora Office, bringing the full Collabora Online interface to Linux, Windows, and macOS as a native application.

For those who haven’t heard of the app, Collabora Office is an open-source office suite derived from the LibreOffice codebase, offering tools for word processing, spreadsheets, presentations, and vector graphics.

Until now, its most modern user interface—the one used in Collabora Online (COOL)—was available only in the browser. With this release, that interface is now packaged as a local desktop app running entirely offline.

As we informed you early this year, Google was open-sourcing the code for Pebble watches, making about 95% of the software available to the community. The last 5%—the mobile app—remained closed. That’s now changed with the announcement of Eric Migicovsky, the founder of Pebble and the person leading its 2025 relaunch under his new company, Core Devices.

As of this week, the entire software stack behind modern Pebble watches, including PebbleOS, the mobile companion app, developer tools, and the Pebble Appstore backend, is now fully open source.

The new open-source mobile app is central to that change. When the original company shut down, Pebble users faced a significant problem: without a companion app, the watches were effectively unusable.

It's been two months since there were any notable Intel Linux engineering departures to note following various layoffs and voluntary departures this year that have unfortunately impacted their Linux/open-source talent. Sadly this US Thanksgiving is a new departure to note: one of Intel's maintainers for the Xe open-source Linux kernel graphics driver is leaving the company. This is for the modern Xe driver used by default since Lunar Lake and playing a pivotal role for Intel Linux graphics moving forward

Contrary to headlines suggesting the EU has “backed away” from Chat Control, the negotiating mandate endorsed today by EU ambassadors in a close split vote paves the way for a permanent infrastructure of mass surveillance.

While the Council removed the obligation for scanning, the agreed text creates a toxic legal framework that incentivizes US tech giants to scan private communications indiscriminately, introduces mandatory age checks for all internet users, and threatens to exclude teenagers from digital life.

The article is non-paywalled, freely readable on the link --^

Well folks, it’s the beginning of a new era: after nearly three decades of KDE desktop environments running on X11, the future KDE Plasma 6.8 release will be Wayland-exclusive! Support for X11 applications will be fully entrusted to Xwayland, and the Plasma X11 session will no longer be included.

Pinokio is a new software platform that enables users to run their own "personal Internet" locally on Mac, Windows, and Linux computers with a single click[^1]. The platform allows users to run web servers, AI models, and command-line applications directly on their local machines[^3].

Released in version 5.0, Pinokio positions your personal computer as "the Cloud," letting you operate various applications and services on your localhost rather than relying on remote cloud services[^1][^3].

[^1]: Pinokio - The 1-Click Localhost Cloud
[^3]: X.com - Introducing Pinokio 5.0

Github

s&box is now open source under MIT license, you can get it on GitHub and build the engine however you want.

Obviously this isn't the Source 2 code, that's up to Valve to open source if they want. For us Source 2 is providing lower level systems, all our high level systems are C# like the entire editor, networking, scene system, UI, and way more..

What this means is you can view, modify, copy any of our code to help improve s&box with pull requests, or maintain your own fork for your standalone games, or even just take the code for your own engine.

It might seem odd from a business perspective to make an engine and give it away for free with no royalties and to give all the code away under open source. But we're a bunch of nerds that love what we're creating, we want everyone to use it in whatever way they want, we want to provide opportunities.

Open source is great for the game dev ecosystem, engines like Godot are awesome, we should have more of it because everyone wins.

This is based on LibreOffice, but with a new UI.

15 years ago this month, @CiaranG started “an experiment in automated building from source”. And so F-Droid began to automate building all our apps from source. Before this, apps were either built manually or the binary files were fetched from trusted developers like Mozilla. Automating the build process was a key early step that set up F-Droid to lead on trustworthy computing. Since then, we moved to requiring apps to be built from source on our servers. Now we build apps from source as much as possible, and have expanded to Anti-Features, app reviews, privacy checks, reproducible builds, and more.

• Web;
• Google Play Store;
• Apple App Store;
• F-Droid;
• Google Chrome;
• Microsoft Edge;
• Apple Safari;
• Mozilla Firefox.

AliasVault is a privacy-first password and email alias manager. Create unique identities, strong passwords, and random email aliases for every website you use. Fully end-to-end encrypted, with a built-in email server and zero third-party dependencies.

Pebble, the e-ink smartwatch with a tumultuous history, is making a move sure to please the DIY enthusiasts that make up the bulk of its fans: Its entire software stack is now fully open source, and key hardware design files are available too.

Pebble creator Eric Migicovsky announced the move on Monday in a blog post and video detailing the changes his reborn Pebble watchmaking firm has undertaken, and they're considerable.