• Google says spyware vendors behind most zero-days it discovers
    https://www.bleepingcomputer.com/news/security/google-says-spyware-vendors-behind-most-zero-days-it-discovers

    Intéressant sur le processus de fabrication du capitalisme de la menace (un pas de plus dans le capitalisme de surveillance).
    Mais quand c’est google qui veut s’en prendre aux entreprises qui vendent des logiciels espions, on ne peut s’empêcher de penser qu’ainsi, ce serait Google qui serait le seul à savoir des choses sur ses utilisateurs. De là à en profiter ? Certainement pas, voyons, un monopole comme ça est plus grand qu’un service public, n’est-ce pas ?

    Commercial spyware vendors (CSV) were behind 80% of the zero-day vulnerabilities Google’s Threat Analysis Group (TAG) discovered in 2023 and used to spy on devices worldwide.

    Zero-day vulnerabilities are security flaws the vendors of impacted software do not know about or for which there are no available fixes.

    Google’s TAG has been following the activities of 40 commercial spyware vendors to detect exploitation attempts, protect users of its products, and help safeguard the broader community by reporting key findings to the appropriate parties.

    Based on this monitoring, Google has found that 35 of the 72 known in-the-wild zero-day exploits impacting its products over the last ten years can be attributed to spyware vendors.

    “This is a lower-bounds estimate, as it reflects only known 0-day exploits. The actual number of 0-day exploits developed by CSVs targeting Google products is almost certainly higher after accounting for exploits used by CSVs that have not been detected by researchers, exploits where attribution is unknown, and cases where a vulnerability was patched before researchers discovered indications of exploitation in-the-wild.” - Google

    Those spyware vendors use the zero-day flaws to target journalists, activists, and political figures as directed by their customers, including governments and private organizations.

    Some notable CSVs highlighted in Google’s report are:

    Cy4Gate and RCS Lab: Italian firms known for the “Epeius” and “Hermit” spyware for Android and iOS. The former acquired the latter in 2022, but operate independently.
    Intellexa: Alliance of spyware firms led by Tal Dilian since 2019. It combines technologies like Cytrox’s “Predator” spyware and WiSpear’s WiFi interception tools, offering integrated espionage solutions.
    Negg Group: Italian CSV with international reach established in 2013. It is known for “Skygofree” malware and “VBiss” spyware, targeting mobile devices through exploit chains.
    NSO Group: Israeli firm famous for Pegasus spyware and other sophisticated espionage tools. It continues operations despite sanctions and legal issues.
    Variston: Spanish CSV providing tailored security solutions. It collaborates with other vendors for zero-day exploits and is linked to the Heliconia framework, expanding in the UAE.

    These vendors sell licenses to use their products for millions of dollars, allowing customers to infect Android or iOS devices using undocumented 1-click or zero-click exploits.

    Some of the exploit chains utilize n-days, which are known flaws for which fixes are available, yet patching delays still make them exploitable for malicious purposes, often for extended periods.

    Google says that CSVs have grown very aggressive in their hunt for zero-days, developing at least 33 exploits for unknown vulnerabilities between 2019 and 2023.

    In the appendix of Google’s detailed report, one can find a list of 74 zero-days used by 11 CSVs. Of those, the majority are zero-days impacting Google Chrome (24) and Android (20), followed by Apple iOS (16) and Windows (6).

    When white-hat researchers discover and fix the exploited flaws, CSVs often incur significant operational and financial damage as they struggle to reconstruct a working alternative infection pathway.

    “Each time Google and fellow security researchers discover and disclose new bugs, it causes friction for CSVs and costs them development cycles,” says Google.

    “When we discover and patch vulnerabilities used in exploit chains, it not only protects users, but prevents CSVs from meeting their agreements to customers, preventing them from being paid, and increasing their costs to continue operating.”

    However, this is not enough to stop the proliferation of spyware, as the demand for these tools is strong, and the contracts are too lucrative for CSVs to give up.

    Google calls for more action to be taken against the spyware industry, including higher levels of collaboration among governments, the introduction of strict guidelines that govern the use of surveillance technology, and diplomatic efforts with countries hosting non-compliant vendors.

    Google is proactively countering spyware threats through solutions like Safe Browsing, Gmail security, the Advanced Protection Program (APP), and Google Play Protect, as well as by maintaining transparency and openly sharing threat information with the tech community.

    #Google #Logiciels_espions #Cybersécurité #Zero_days

  • J’ai testé pour vous : les logiciels libres en milieu professionnel

    Cela fait maintenant plus de 15 ans que j’utilise des logiciels libres. J’y suis venue seule, par goût, par curiosité. J’y suis restée par conviction. Si ce n’est pas toujours facile d’en faire la promotion, il est un domaine où je fais face à une résistance très forte à ces outils : le milieu professionnel. https://www.curseurs.be/numeros/numero-1/article/j-ai-teste-pour-vous-les-logiciels-libres-en-milieu-professionnel

    #logiciels_libre #travail #cloud

  • « Faire quelque chose, le partager », sans visée commerciale : le combat du logiciel libre n’est pas mort - Basta !
    https://basta.media/faire-quelque-chose-le-partager-sans-visee-commerciale-le-combat-du-logicie

    Souvent bénévoles, les développeuses et développeurs de #logiciels_libres contribuent largement au monde numérique actuel. Deux libristes trentenaires témoignent d’un secteur en recomposition, sous pression des géants du numériques.

    • Aujourd’hui, s’opposer aux divisions que le capitalisme a créées sur la base de la race, du genre, de l’âge, réunir ce qu’il a séparé dans nos vies et reconstituer un intérêt collectif doivent donc être des priorités politiques pour les féministes et les autres mouvements en faveur de la justice sociale. C’est bien, en dernière analyse, l’enjeu de la politique des communs, qui, sous son expression la plus intéressante, présuppose un partage des richesses, la prise de décision collective et une révolution dans notre rapport à nous-mêmes et aux autres. Car la coopération sociale et la création de savoir que Marx attribuait au travail industriel ne peuvent se construire que par des activités auto-organisées qui « font du commun » ( commoning activities ) – jardinage urbain, banques de temps, code source ouvert ( open sourcing ) –, qui supposent, en même temps qu’elles produisent, de la communauté. En ce sens, dans la mesure où elle vise à reproduire nos vies sous des formes qui renforcent la solidarité et pose des limites à l’accumulation du capital69, la politique des communs traduit pour partie l’idée marxienne du communisme comme abolition de l’état actuel. On pourrait aussi soutenir qu’avec le développement des communs numériques – l’essor des mouvements pour le logiciel libre et la culture libre – nous sommes en train de nous rapprocher de cette universalisation des facultés humaines que Marx avait prévue comme une conséquence du développement des forces productives . Mais la politique des communs est un tournant radical par rapport à ce que le communisme a signifié dans la tradition marxiste et dans une bonne partie de l’œuvre de Marx, à commencer par le Manifeste du Parti communiste. Il y a un certain nombre de différences cruciales entre la politique des communs et le communisme qui ressortent, notamment quand on les considère d’un point de vue féministe et écologiste.

      Sylvia Federici, Le capitalisme patriarcal, Ed. La Fabrique, janvier 2019.

  • Comment dégafamiser une #MJC – un témoignage
    https://framablog.org/2023/06/12/comment-degafamiser-une-mjc-un-temoignage

    Nous ouvrons volontiers nos colonnes aux témoignages de dégooglisation, en particulier quand il s’agit de structures locales tournées vers le public. C’est le cas pour l’interview que nous a donnée Fabrice, qui a entrepris de « dégafamiser » au sein de son … Lire la suite­­

    #Enjeux_du_numérique #Interviews #Témoignages de_« dégooglisation » #alternatives #Dégafamisation #GAFAM #LibreOffice #Linux #Linux_Mint #logiciels_libres #mail #migration #Nextcloud #OVH #poste_de_travail

  • Big brother dans nos poches ?
    Marc Endeweld | 24.05.2023 | Off Investigation

    https://www.off-investigation.fr/big-brother-is-watching-usdupont-moretti-veut-transformer-nos-port

    En catimini, le ministre Éric Dupond-Moretti veut légaliser les logiciels espions pour infecter les téléphones portables de « cibles » et permettre aux policiers d’activer à distance l’écouteur et la caméra de ces derniers, les transformant en de véritables mouchards 24 heures sur 24. Deux ans après le scandale Pegasus, la justice française s’inspire donc des pratiques illégales des services de renseignement du monde entier. Pour l’instant, seuls les avocats ont dénoncé une telle dérive. (...)

    #logiciels_espions

  • Échirolles libérée ! La dégooglisation (3)
    https://framablog.org/2023/03/24/echirolles-liberee-la-degooglisation-3

    Voici déjà le troisième volet du processus de dégooglisation de la ville d’Échirolles (si vous avez manqué le début) tel que Nicolas Vivant nous en rend compte. Nous le re-publions volontiers, en souhaitant bien sûr que cet exemple suscite d’autres … Lire la suite­­

    #Enjeux_du_numérique #Migration #Témoignages de_« dégooglisation » #Applications_métier #clients #cloud #collectivités #communes #coopération #Degooglisons #DSI #Gandi #Linux #logiciels_libres #NGINX #schéma_directeur #Sogo

  • At least one open source vulnerability found in 84% of code bases: Report | CSO Online
    https://www.csoonline.com/article/3688911/at-least-one-open-source-vulnerability-found-in-84-of-code-bases-report.h

    Almost all applications contain at least some open source code, and 48% of all code bases examined by Synopsys researchers contained high-risk vulnerabilities.

    By Apurva Venkat

    Principal Correspondent, CSO | Feb 23, 2023 11:36 am PST

    At a time when almost all software contains open source code, at least one known open source vulnerability was detected in 84% of all commercial and proprietary code bases examined by researchers at application security company Synopsys.

    In addition, 48% of all code bases analyzed by Synopsys researchers contained high-risk vulnerabilities, which are those that have been actively exploited, already have documented proof-of-concept exploits, or are classified as remote code execution vulnerabilities.

    The vulnerability data — along with information on open source license compliance — was included in Synopsys’ 2023 Open Source Security and Risk Analysis (OSSRA) report, put together by the company’s Cybersecurity Research Center (CyRC).
    [ Learn 8 pitfalls that undermine security program success and 12 tips for effectively presenting cybersecurity to the board. | Sign up for CSO newsletters. ]

    The report is based on analysis of audits of code bases involved in merger and acquisition transactions and highlights trends in open source usage across 17 industries. (Synopsys’ Audit Services unit audits code to identify software risks for companies involved in merger and acquisition deals.)

    The audits examined 1,481 code bases for vulnerabilities and open source licensing compliance, and 222 other code basess were analyzed only for compliance.

    Open source vulnerabilities increase

    The OSSRA report is based on code audits done in 2022, in which the number of known open source vulnerabilities rose by 4% from 2021.

    “Open source was in nearly everything we examined this year; it made up the majority of the code bases across industries,” the report said, adding that the code bases contained troublingly high numbers of known vulnerabilities that organizations had failed to patch, leaving them vulnerable to exploits.

    All code bases examined from companies in the aerospace, aviation, automotive, transportation, and logistics sectors contained some open source code, with open source code making up 73% of total code. Sixty-three percent of all code in this sector (open source and proprietary) contained vulnerabilities classified as high risk, those with a CVSS severity score of 7 or higher.

    In the energy and clean tech sector, 78% of the total code was open source and 69% contained high-risk vulnerabilities.

    Though code bases from companies in these sectors had higher percentages of total vulnerabilities than other sectors, “similar findings, to lesser degrees, played out across all industries,” according to the report.

    Open source adoption jumps

    The percentage of open source code has risen in code bases in all industry verticals over the last five years, according to the OSSRA report.

    Between 2018 and 2022, for example, the percentage of open source code within scanned code bases grew by 163% in technology for the education sector; 97% in aerospace, aviation, automotive, transportation, and logistics; and 74% in manufacturing and robotics.

    “We attribute EdTech’s explosive open source growth to the pandemic; with education pushed online and software serving as its critical foundation,” the report said.
    High-risk vulnerabilities rise

    Meanwhile, there has been an increase in high-risk vulnerabilities across all sectors. For instance, aerospace, aviation, automotive, transportation, and logistics companies recorded a 232% increase in high-risk vulnerabilities in the 5-year period.

    “Much of the software and firmware used in these industries operate within closed systems, which can reduce the likelihood of an exploit and may lead to a lack of urgency in the need to patch it,” Synopsys said.

    High-risk vulnerabilities in IoT-related code bases have jumped 130% since 2018.

    “This is particularly concerning when we think about the utility of IoT devices; we connect many aspects of our lives to these devices and trust in the inherent safety in doing so,” the researchers noted.
    Available patches not applied

    Of the 1,481 code basess examined by the researchers that included risk assessments, 91% contained outdated versions of open-source components, which means an update or patch was available but had not been applied.

    The reason for this could be that devsecops teams might determine that the risk of unintended consequences outweighs whatever benefit would come from applying the newer version. Researchers say that time and resources could also be a reason.

    “With many teams already stretched to the limit building and testing new code, updates to existing software can become a lower priority except for the most critical issues,” the report said.

    In addition, devsecops teams may not know when there is a newer version of an open source component available — if they are aware of the component at all, the report said.
    SBOMs help maintain code quality, compliance

    To avoid vulnerability exploits and keep open source code updated, organizations should use a software bill of materials (SBOM), the report suggests.

    A comprehensive SBOM lists all open source components in applications as well as licenses, versions, and status of patches.

    An SBOM of open source components allows organizations to pinpoint at-risk components quickly and prioritize remediation appropriately, the report added.

    #Logiciels_libres #Sécurité #Maintenance

  • #Logiciels_libres à l’#école : « Il faut mettre la pression sur les États et l’Union européenne », estime l’EPI
    https://www.banquedesterritoires.fr/logiciels-libres-lecole-il-faut-surtout-mettre-la-pression-sur-

    « Il faut que l#'Union_européenne et les gouvernements s’engagent pour une plateforme européenne libre pour la numérisation de l’#éducation », estime l’association l’EPI (Enseignement public et informatique), en réaction à la publication fin 2022 au JO de la réponse du ministère de l’Education nationale demandant de stopper le déploiement des outils de Microsoft et Google dans les écoles françaises

  • Première de l’émission « À l’ère libre »
    https://www.domainepublic.net/Premiere-de-l-emission-A-l-ere-libre.html

    « À L’ÈRE LIBRE ! » c’est une émission de webradio proposé par l’équipe de la mission numérique des CEMÉA pour un numérique libre, éthique et critique. Cette nouvelle émission sera proposée tous les deux mois et abordera toute question qui permet d’envisager et réfléchir à nos usages numériques en termes de choix critiques et éthiques. Cette première émission dédiée au lien entre numérique libre et éducation populaire s’est déroulée le 24 avril 2021, à distance. Elle a fait la part belle aux débats autour du (...) #Logiciels_Libres

  • Mouvement du libre et Gafam, la bataille du futur
    http://www.villes-internet.net/site/mouvement-du-libre-et-gafam-la-bataille-du-futur

    Déclin ou expansion du mouvement du libre, l’enseignement de l’achat de GitHub par Microsoft

    En 2018, Microsoft a fait l’acquisition de la société GitHub pour 7,5 milliards de dollars. Le plus grand référentiel de code open-source sur le web, où plus de 27 millions de développeurs et développeuses partagent leur code et collaborent sur des projets dans le monde entier passait ainsi sous le giron de la multinationale.

    Que dit cette transaction de la santé du mouvement du libre ? Certain·es la voient comme une trahison de GitHub vis-à-vis de ses millions d’utilisateur·trices qui perdent leur indépendance. D’autres considèrent que GitHub est une société privée à but lucratif et qu’il est logique qu’elle réponde aux lois du marché. Cet achat démontre quoi qu’il arrive l’intérêt de Microsoft pour le libre, à la fois en termes d’image, d’évolution de son approche du monde informatique et surtout d’un point de vue financier évidemment, Microsoft n’étant pas une société philanthropique. Dans le cadre d’un procès antitrust intenté contre Microsoft, le département de la justice américaine a un jour qualifié la stratégie de Microsoft par 3 verbes : adopter, étendre et étouffer. C’est une stratégie commerciale : prendre ce qui marche bien, l’open source fonctionne bien donc c’est normal que Microsoft s’y intéresse, puis y ajouter des fonctionnalités fermées et donc lucratives.

    Cet événement nous enseigne donc que le mouvement du logiciel libre se porte bien, mais n’a pas gagné la bataille. Il montre que l’intérêt pour l’open-source est devenu incontournable dans le secteur du développement logiciel, mais que la philosophie de logiciel libre en matière de gouvernance collective reste à défendre.

    De la liberté à la décentralisation, l’enjeu du 21e siècle

    Avec ses 36 millions d’utilisateurs, GitHub est devenu un géant du Web, même avant son rachat par Microsoft. Certes, sa culture était celle du mouvement du logiciel libre, mais on pouvait s’interroger sur les raisons qui poussaient les développeurs et développeuses à toutes et tous mettre leurs codes au même endroit, et penser les conséquences de cette centralisation pour la culture du libre. Ce questionnement a pris tout son sens lorsque Microsoft a acheté GitHub et ses millions d’utilisateurs avec. Bien sûr, ils et elles étaient libres de quitter la plateforme, mais cela est plus facile à dire qu’à faire. GitHub était devenu un vaste réseau social dont beaucoup de développeurs et développeuses ont du mal à se séparer, tout comme il est difficile pour certain·es de s’affranchir des outils des GAFAM qui sont installés dans nos vies. Or, les outils numériques actuels impliquent l’utilisation de services exécutés sur des serveurs distants et non sur notre propre ordinateur : l’enjeu de l’accès au code source tend alors à se déplacer vers ceux de la propriété des infrastructures et de la circulation des données.

    La décentralisation correspond donc à un besoin de gouvernance démocratique et répond en partie aux problématiques de protection des données personnelles.

    #Logiciels_libres #Décentralisation

  • Pourquoi les #logiciels_libres intéressent-ils les #États ?
    https://www.franceculture.fr/emissions/la-question-du-jour/pourquoi-les-logiciels-libres-interessent-ils-les-etats

    Une mission sur les logiciels libres lancée par le gouvernement de Jean Castex. Un directeur de la technologie de la Maison Blanche spécialiste des logiciels libres nommé par Joe Biden. Une commission européenne qui s’intéresse aux logiciels libres… Dans un contexte où la pandémie a renforcé le monopole des #GAFAM, ces géants du numérique que sont Google, Apple, Facebook, Amazon et Microsoft ; plusieurs signaux montrent une ouverture vers ce type de stratégie #numérique. Enjeux politiques, démocratiques, économiques, géopolitiques… pourquoi les logiciels libres peuvent-ils intéresser les États ?

    Guillaume Erner reçoit Valérie Peugeot, chercheuse au laboratoire de sciences sociales d’Orange, commissaire à la #CNIL (en charge du secteur santé), directrice pédagogique du Master Humanités numériques à Sciences Po.

  • L’ERG, le choix du libre
    https://www.domainepublic.net/L-ERG-le-choix-du-libre.html

    Peggy Pierrot, enseignante en Théorie des médias et de la communication, et préposée technique et logistique à l’Erg, a répondu à nos questions sur le télétravail, et sur le fonctionnement de l’Erg sous #Logiciels_Libres, et les raisons de ce choix collectif. Au programme : l’Erg, à l’épreuve des deux confinements ; l’autonomie du libre ; la nécessité de la formation ; une critique du mythe de l’immédiateté ; le choix du circuit court ; et enfin, la lutte contre (...) Logiciels Libres

  • « Ces derniers jours, nous voyons de nombreuses personnes, notamment sur les médias sociaux, enjoindre des vidéastes de renom (ou pas) à "passer à PeerTube". Cela ne nous met pas très à l’aise, et il faut que l’on vous explique pourquoi. »

    Un très bon article sur la dégafaïsation, la tension entre actions individuelles et problèmes politiques collectifs, les différentes formules d’hébergement (notamment pour la vidéo). Si vous mettez des vidéos en ligne, c’est un article à lire.

    https://framablog.org/2020/10/29/message-aux-youtubeurs-youtubeuses-et-surtout-a-celles-et-ceux-qui-aiment

    #YouTube #PeerTube #fédération

    • Très intéressant de manière générale quant à l’idée de #militer pour les #logiciels_libres.

      D’abord, Framasoft est une petite association d’éducation populaire aux enjeux du numérique. Nous défendons l’esprit critique et la liberté de choix. Nous pensons que les injonctions au changement induisent de la résistance au changement.

      Dit autrement, nous savons que les vidéastes sont des personnes douées d’intelligence et de capacités de veille. Il est peu probable qu’elles acceptent les contraintes de Youtube en s’en fichant complètement. Il est aussi peu probable qu’une personne ne leur ait pas déjà pointé l’existence d’alternatives (il n’y a pas que PeerTube, d’ailleurs). Bref, il est vraisemblable de penser que beaucoup de vidéastes sont dans un processus de réflexion (« Rester sur Youtube ? Partir ? Comment ? Pour aller où ? Avec quelle énergie ? Et qu’est-ce que je fais de l’existant ? de ma communauté ? », etc).

      Nous respectons pleinement ce processus, et nous vous encourageons à le respecter aussi. Peut-être que votre vidéaste préféré⋅e choisira d’expérimenter des alternatives (bien !), de quitter Youtube (bien !) ou même de rester sur Youtube (bien aussi ! C’est son choix, pas le vôtre, pas le nôtre).

      Par ailleurs, cela donne l’impression que vous êtes des « témoins de Framasoft » 😛 Je vous laisse vous mettre à la place du vidéaste qui reçoit son douzième tweet « Tu devrais essayer PeerTube ! » de la journée. C’est… Saoulant ! Et nous, cela nous place dans une situation un peu compliquée, où des personnes croient qu’on a lâché une armée de fidèles à leurs trousses pour les convertir au libre de gré ou de force par le harcèlement. Du coup, et c’est compréhensible, ces vidéastes ont une mauvaise image du libre avant même d’avoir essayé .

      Et donc #troll aussi.

    • Pour les livres c’est un poil plus compliqué, car ce n’est pas l’auteur (ni même l’éditeur) qui en décide, cf. https://www.actualitte.com/article/tribunes/bye-bye-amazon-il-en-va-de-la-responsabilite-de-chaque-editeur/103699

      ne pas vendre de livre sur Amazon. De prime abord ce choix paraît compliqué, car la majorité des éditeurs (dont nous faisons partie) n’a pas de lien direct avec la plateforme : ce sont en effet les diffuseurs-distributeurs qui négocient les conditions de vente avec leurs revendeurs, dont la majorité est constituée de librairies physiques, mais aussi d’Amazon, de Fnac.com, etc. (…)
      Il y a pourtant une solution assez simple qui permet de pallier cette situation et d’éviter que le diffuseur-distributeur ne soit confronté à un problème juridique de « refus de vente » dans le cas où un éditeur voudrait se passer de tel ou tel espace de ventes : le code-barre du livre. Comme l’a relevé avec sagacité notre confrère belge des éditions Vies parallèles, le fait de ne pas mettre le code-barre à l’extérieur du livre le rend inexploitable par (les robots d’) Amazon. Zones sensibles a donc décidé de placer ce code-barre en deuxième de couverture

    • PeerTube

      Vi parliamo un po’ oggi di questo interessante progetto open source 1, si chiama PeerTube e vuole essere l’alternativa decentralizzata a YouTube. Ne abbiamo infatti già parlato all’interno dell’articolo su YouTube e abbiamo tempo fa anche aperto un nostro canale sull’istanza gestita dal collettivo Devol sul dominio peertube.uno. Di recente abbiamo pubblicato anche qualche video-recensione e PeerTube è il nostro punto fermo di riferimento per tutto quello che riguarda la parte video del nostro sito.

      Prima di tutto: cos’è una istanza? Il nostro dizionario Nerd – Italiano è qui per voi, ma vi trascriviamo volentieri il significato di istanza: “In base al tipo di licenza il software libero può essere eseguito da più persone su server differenti. Significa che chiunque può tirare su un server e far girare questo software su qualsiasi indirizzo.“

      Come dicevamo PeerTube è un’alternativa decentralizzata e federata a YouTube. Utilizza inoltre la tecnologia P2P per ridurre il carico sui singoli server. Non spaventatevi per le parole complesse, come al solito vi spiegheremo tutto cercando di essere semplici e chiari.

      Decentralizzato e federato significa che chiunque può tirare su un server su qualunque dominio e far girare questo software. Ogni istanza avrà come al solito le sue funzionalità e le sue regole. In sostanza: su PeerTube.uno ci saranno determinate regole, su video.linux.it altre, su midi-les-animes.moe altre ancora. Tutti questi siti sono però interoperabili tra di loro: per iscrivervi a un canale o per commentare su uno di questi siti vi basterà un qualunque account del Fediverso, come ad esempio un account Mastodon.
      Video: cos’è PeerTube?

      https://peertube.uno/w/qDFZHUUHViLSPs59GQX36U?start=0s

      Utilizzare la tecnologia peer-to-peer, invece, vuol dire permettere agli utenti collegati alla piattaforma di inviare pezzi di video ad altri utenti utilizzando la propria banda. Proprio come funzionano i più famosi programmi di file sharing.

      Oltre a questo fa parte del Fediverso, è dunque compatibile con altri servizi come Mastodon, PixelFed, Funkwhale e tutti gli altri.

      PeerTube 3.0 e lo streaming

      Nella versione 3.0 di PeerTube, rilasciata agli inizi del 2021 2, è stato finalmente rilasciato anche lo streaming live. È stata una release molto importante perché lo streaming può aiutare PeerTube a tenere il passo con i colossi del web, come ad esempio Twich o lo stesso YouTube.

      Se siete curiosi di provarlo, una delle istanze già aggiornate alle versione 3.0 con attivo già lo streaming è questa qui.

      Su PeerTube ad oggi non si possono (per fortuna) inserire annunci pubblicitari prima o durante i video, c’è però la possibilità di inserire sul proprio canale e all’interno di ogni video, il tastino “supporta l’autore” dove saranno presenti tutti i metodi per supportare l’autore ad esempio con donazioni oppure acquistando dal suo negozio.
      Cerca i video con Sepia Search

      Esiste anche un motore di ricerca chiamato Sepia Search che permette di ricercare video all’interno di tutte le istanze di PeerTube. Lo potete utilizzare andando su sepiasearch.org. In alternativa potete provare ad utilizzare anche SimpleerTube, un progetto open source 3 che permette di cercare all’interno di tutte le istanze PeerTube e che permette anche di vedere qualunque video senza mai abilitare JavaScript. Sepia Search è decentralizzato e chiunque può crearne un’istanza. Questa ad esempio è quella italiana dei Devol.

      Ultima nota: grazie all’applicazione NewPipe, che già abbiamo conosciuto per poter vedere YouTube privatamente, è possibile cercare e guardare video di PeerTube su Android attraverso proprio il motore di ricerca SepiaSearch!
      Video: come cercare su PeerTube con NewPipe

      https://peertube.uno/w/9dTsafkZRZ8TswAX64Hxf4?start=0s

      Insomma a noi piace molto, è un’idea affascinante e funziona per ora davvero molto bene. L’unico difetto è che non si trovano molti video ma ovviamente questo non è colpa della piattaforma in sé ma del suo utilizzo. Più siamo, più carichiamo e più verrà utilizzato e più potrà essere considerata una vera alternativa a YouTube. A noi ogni tanto è capitato di chiedere a qualche influencer più o meno famoso di YouTube di portare i suoi video anche su PeerTube. Per ora non abbiamo mai ricevuto risposta, ma prima o poi qualcuno di curioso e interessato a questa nuova tecnologia siamo sicuri di incontrarlo!
      PeerTube su smartphone

      È anche possibile utilizzare PeerTube su smartphone. Lo si può fare usando direttamente i siti delle varie istanze tramite browser ad esempio. In alternativa esistono anche le applicazioni per Android. Potete provare ad esempio l’ottima TubeLab disponibile sia su F-Droid che su Google Play, creata dagli stessi autori di Fedilab.

      Esiste anche Thorium, anche questa disponibile sia su F-Droid che su Google Play (in beta).
      Peerchat

      Aggiungiamo infine che da qualche tempo esiste anche una chat open source 4 per i video di PeerTube. Si chiama Peerchat e potete cliccare qui per provarne un’istanza.

      https://www.lealternative.net/2021/05/26/peertube

  • Linux Creator Linus Torvalds Disavows the ZFS Filesystem - The New Stack
    https://thenewstack.io/linux-creator-linus-torvalds-disavows-the-zfs-filesystem

    Linux creator and principal developer Linus Torvalds has come out against the ZFS filesystem. The timing of this cannot be ignored, as only recently ZFS has found its first official implementation within a major distribution release. Said release was Ubuntu 19.10, wherein the ZFS filesystem was touted as one of the main features of the latest iteration of Canonical’s take on Linux.

    In a forum posting, Torvalds wrote, “If somebody adds a kernel module like ZFS, they are on their own. I can’t maintain it, and I can not be bound by other people’s kernel changes.”

    If one only considers Torvalds’ post, it would be easy to conclude his issue with ZFS stems from potential licensing issues. “There is no way I can merge any of the ZFS efforts until I get an official letter from Oracle that is signed by their main legal counsel or preferably by Larry Ellison himself that says that yes, it’s ok to do so and treat the end result as GPL’d,” he wrote.

    The issue of licensing goes deeper. Consider that the ZFS on Linux port depends on two deprecated kernel functions, __kernel_fpu_begin() and __kernel_fpu_end(). The functions that replaced __kernel_fpu_begin() and __kernel_fpu_end() were deliberately released as GPL-only.

    So if Oracle has yet to sign off on ZFS being GPL’d, and two deprecated functions ZFS depends upon have been replaced by GPL-only functions, there’s a problem (even if it’s only of an ideological nature for the time being).

    But this isn’t all about the GPL. What started this issue was a complaint that the Linux kernel recently broke the out-of-tree ZFS module. To that, Torvalds said, “Note that ‘we don’t break users’ is literally about user-space applications, and about the kernel I maintain.” Torvalds then, once again, brings it back to a licensing issue by stating, “But considering Oracle’s litigious nature, and the questions over licensing, there’s no way I can feel safe in ever doing so.”

    There are other issues with ZFS. The biggest is that it breaks the OSI 7-layer model. To be specific, ZFS circumvents trust of the lower layers of the Open Systems Interconnection (OSI) model by using error correction of its own. Remember, the goal of the OSI 7-layer model is the interoperability of diverse communication systems with standard communication protocols. So you have an entire file system that shuns a model that Linux depends upon.

    To complicate matters, ZFS offers features found in few production-ready Linux file systems. The only file system that comes close is Btrfs, which has been often maligned as not being stable enough for production systems.

    In the end, Torvolds says, “Don’t use ZFS. It’s that simple. It was always more of a buzzword than anything else, I feel, and the licensing issues just make it a non-starter for me.” He adds a bit of specificity to his pronouncement by saying, “The benchmarks I’ve seen do not make ZFS look all that great. And as far as I can tell, it has no real maintenance behind it either anymore, so from a long-term stability standpoint, why would you ever want to use it in the first place?”

    As for Canonical’s take on this development? “In light of recent ZFS discussions, our customers and users tell us they want ZFS in Ubuntu since it has many desirable features that protect against data corruption, supports high storage capacities, offers efficient data compression, snapshots and copy-on-write clones to name just a few,” wrote Martin Wimpress, Canonical Engineering Director at Canonical, via email. “We will continue to work with our friends in the OpenZFS project to improve the ZFS story on Ubuntu.”

    One can only wonder what’s in store for the ZFS file system. Might Oracle re-license the code such that is becomes “friendly” with the mainline kernel? If not, chances are the standoff between Torvalds and ZFS will continue.

    #Linux #Logiciels_libres #Fight #GPL #Oracle

  • Gaël Duval, l’adepte de Linux qui veut libérer les smartphones
    https://www.lemonde.fr/pixels/article/2019/12/02/gael-duval-l-adepte-de-linux-qui-veut-liberer-les-smartphones_6021357_440899

    Ça fait toujours plaisir de voir un de ses anciens étudiants obtenir un portrait dans Le Monde. Ce que l’article ne dit pas, c’est que Gaël n’a pas découvert Linux dans sa chambre, mais bien à la fac de Caen, où l’OS avait été introduit par Jacques Madelaine et Jean Saquet.
    Mais Gaël a très vite maîtrisé les chose mieux que ses enseignants, en tout cas, largement mieux que moi, même si j’étais censé « encadrer » son mémoire. Un super travail dès l’époque pour délester les réseaux IP encombrés aux moments de pointe d’un prestataire (micro FAI) en utilisant le RNIS en roue de secours. Du load balancing de réseau ;-). C’est aussi un privilège d’enseignant de voir ses étudiants bien meilleurs que soi, mais pour autant d’arriver à échanger sur les fondamentaux de la liberté sur internet. Comme je n’étais pas vraiment très bon en informatique (je ne le suis d’ailleurs toujours pas), c’est un privilège que j’ai eu souvent, avec des tas d’étudiants qui m’intimidaient par leurs connaissances informatiques, mais avec qui je pouvais avoir des relations sur les enjeux de l’internet. La « culture numérique » avant l’heure.

    Portrait Face au duopole de Google et d’Apple sur les systèmes d’exploitation mobiles, ce Normand développe « /e/ », un système d’exploitation affranchi des Gafam.

    Pour rencontrer Gaël Duval, aucune adresse n’est spécifiée, aucun bureau, aucun espace de coworking. De son propre aveu, son lieu de travail, « c’est Internet ». Depuis son entrée à la fac dans les années 1990, toute la carrière de ce Normand de naissance s’est structurée autour de l’informatique. De ses premiers émois numériques, il a gardé des valeurs chères à de nombreux acteurs des débuts du Web : l’échange, l’accessibilité au plus grand nombre, la transparence.

    Des idéaux que l’on retrouve dans son dernier projet en date, « /e/ » (à prononcer « i »), un système d’exploitation (OS) pour mobile conçu pour garantir le respect de la vie privée de ses utilisateurs. Le but : proposer une solution de rechange solide aux deux systèmes d’exploitation pour mobile les plus utilisés au monde, Android (Google) et iOS (Apple), à l’heure où la défiance envers les grands empires du numérique ne cesse de gonfler.

    #Gael_Duval #Linux #Mandrake #/e/ #Logiciels_libres

  • Seenthis cité dans cet article : "Mastodon, Diaspora, PeerTube... : des alternatives « libres » face aux géants du Net et à leur monde orwellien"

    Réseau social original, Seenthis (« Vu ça » en français) a été lancé en France en 2011. Il s’apparente par certains aspects à Twitter, mais propose bien d’autres fonctionnalités. L’utilisateur peut y tenir un blog personnel constitué de billets courts, dans lesquels il recommande à ceux qui le suivent la lecture d’articles (comme ceux de Bastamag, par exemple).

    https://www.bastamag.net/Mastodon-Diaspora-PeerTube-Qwant-framasoft-logiciels-libres-open-street-ma

    #LogicielsLibres #Logiciels_Libres #MondeDuLibre #SeenThis

  • An Open Source License That Requires Users to Do No Harm | WIRED
    https://www.wired.com/story/open-source-license-requires-users-do-no-harm

    China uses facial recognition technology to track Uyghur Muslims. The US military uses drones to kill suspected terrorists—any nearby civilians. US Immigration and Customs Enforcement—which has locked children in cages near the Mexican border—relies on software for communications and coordination, like all modern organizations.

    Someone had to write the code that makes all of that possible. Increasingly, some developers are calling on their employers and the government to stop using their work in ways they believe are unethical. Google employees convinced the company to stop its drone footage analysis work and cancel plans to bid on a cloud computing contract with the Pentagon. Microsoft employees have protested the company’s work for ICE and the military, though with little success thus far.

    But it’s hard to stop a company or government from using software that it already has, especially if that software is open source. Last month, for example, programmer Seth Vargo deleted some of his open source code from online repositories to protest its potential use by ICE. But because open source code can be freely copied and distributed, his code was soon back online elsewhere.

    Coraline Ada Ehmke wants to give her fellow developers more control over how their software is used. Software released under her new “Hippocratic License” can be shared and modified for almost any purpose, with one big exception: "Individuals, corporations, governments, or other groups for systems or activities that actively and knowingly endanger, harm, or otherwise threaten the physical, mental, economic, or general well-being of individuals or groups in violation of the United Nations Universal Declaration of Human Rights.”

    #Logiciels_libres #Licence #Hippocratic_licence #Coraline_Ada_Ehmke

  • Statement on Gab’s fork of Mastodon - Official Mastodon Blog
    https://blog.joinmastodon.org/2019/07/statement-on-gabs-fork-of-mastodon

    Mastodon is completely opposed to Gab’s project and philosophy, which seeks to monetize and platform racist content while hiding behind the banner of free speech. Mastodon remains committed to standing up against hate speech; for example, our new server covenant means we only list servers on joinmastodon.org that are committed to active moderation against racism, sexism and transphobia. The Mastodon community does not approve of their attempt to hijack our infrastructure and has already taken steps to isolate Gab and keep hate speech off the fediverse.

    Mastodon champions a free API ecosystem and as such all Mastodon apps are created and maintained by independent developers. However, Tusky (Android) and Toot! (iOS) have blacklisted Gab’s domains from their login screens. Gab users will not be able to use these apps to access or post from Gab. We do not currently know if any other apps are doing the same. Mastodon itself allows instance owners to decide which domains to block. Most servers in the fediverse are already blocking the Gab domains and we have done the same at mastodon.social.

    In addition to the isolation Gab can expect from the fediverse, it is clear that their design choices offer users no incentive to choose their platform. By paywalling basic features that are freely available on Mastodon, Gab puts itself at a disadvantage compared to any Mastodon instance. Mastodon remains non commercially structured and all features are available to users freely from the start.

    #Modération #Mastodon #Détournement #Logiciels_libres

  • The Internet Relies on People Working for Free - OneZero
    https://onezero.medium.com/the-internet-relies-on-people-working-for-free-a79104a68bcc
    https://miro.medium.com/focal/1200/632/52/50/0*93mCYPVf551dbAQY

    But when software used by millions of people is maintained by a community of people, or a single person, all on a volunteer basis, sometimes things can go horribly wrong. The catastrophic Heartbleed bug of 2014, which compromised the security of hundreds of millions of sites, was caused by a problem in an open-source library called OpenSSL, which relied on a single full-time developer not making a mistake as they updated and changed that code, used by millions. Other times, developers grow bored and abandon their projects, which can be breached while they aren’t paying attention.

    It’s hard to demand that programmers who are working for free troubleshoot problems or continue to maintain software that they’ve lost interest in for whatever reason — though some companies certainly try. Not adequately maintaining these projects, on the other hand, makes the entire tech ecosystem weaker. So some open-source programmers are asking companies to pay, not for their code, but for their support services.

    Daniel Stenberg is one of those programmers. He created cURL, one of the world’s most popular open-source projects.

    #Logiciels_libres #cURL #Maintenance

  • Python’s creator thinks it has a diversity problem — Quartz
    https://qz.com/1624252/pythons-creator-thinks-it-has-a-diversity-problem

    In a rare interview with the programmer in October last year, which was recently published on YouTube, he was asked about the lack of diversity among the people working on open-source programming languages. He noted that it was an issue, and said that those who ignore it, because open-source projects are available for anyone to contribute, are not seeing the full picture.

    “It’s not just joining a project that’s the problem, it’s staying in the project, which means you have to feel comfortable exchanging emails and code reviews… with people that you don’t know personally but you communicate frequently with online,” he said. Van Rossum thinks that these exchanges can be difficult for women because of unconscious bias and male-driven cultural norms within open-source communities.

    “It’s not just about writing the code, but you have stand up for your code and defend your code, and there is a certain male attitude that is endemic in many projects where a woman would just not feel comfortable claiming that she is right,” he explained. “A guy who knows less than that woman might honestly believe [he is right], so they present a much more confident image.” In his experience, van Rossum sees incompetent men’s ideas gaining acceptance more often than merited because they are more forceful in how they present them.

    Van Rossum believes that the different attitudes of women and men in programming communities is due to wider societal problems that we need to fix from the bottom up. “I’ve always felt that feminism was right and we need to change the whole society,” he said. In the meantime, he feels a responsibility to act in the places he has influence, like in the Python community.

    He believes the key to making open-source communities more inclusive is establishing (and enforcing) codes of conduct and mentoring. Van Rossum says that he now mentors women and underrepresented minority programmers. “But white guys can forget it,” he said. “They are not the ones who need it most.” (In typical programmer speak, he calls mentoring a “completely distributed, democratic approach.”)

    Rather, he thinks it’s important that men are educated about their biases. “[There are] some guys who are super defensive when you tell about this shit, but the majority of guys just don’t know any better,” he said. “The first time I heard the term unconscious bias was maybe five years ago and it was an eye opener.” It’s changed him, and he thinks it could change others.

    #Python #Logiciels_libres #Genre #Féminisme #Programmation

  • À LA TÉLÉ - Le logiciel libre, un enjeu philosophique autant qu’un choix de société
    https://reporterre.net/A-LA-TELE-Le-logiciel-libre-un-enjeu-philosophique-autant-qu-un-choix-de

    Depuis la généralisation d’#Internet dans tous les domaines de la #société, la problématique des #logiciels_propriétaires, opposés aux #logiciels_libres, est devenue cruciale, quoique encore ignorée par la grande majorité des utilisateurs. Par définition, le logiciel libre peut être exploité, amélioré et distribué par tous. Or, la plupart des logiciels auxquels nous recourons quotidiennement sont dit « propriétaires » : leur code source appartient à de grandes entreprises, qui en tirent des bénéfices importants. Les #résistants de l’open source y voient ainsi un #enjeu_philosophique autant qu’un #choix_de_société : les nouvelles technologies devraient être contrôlées par leurs #utilisateurs, plutôt que de limiter leur #liberté à leur trouver des alternatives.

  • The Linux desktop is in trouble | ZDNet
    https://www.zdnet.com/article/the-linux-desktop-is-in-trouble

    Jason Hicks, Muffin maintainer and member of the Linux Mint team, observed on Reddit, as reported by Brian Fagioli:

    I also have a life outside open-source work, too. It’s not mentally sound to put the hours I’ve put into the compositor. I was only able to do what I could because I was unemployed in January. Now I’m working a job full time, and trying to keep up with bug fixes. I’ve been spending every night and weekend, basically every spare moment of my free time trying to fix things.

    There’s also been tension because we’re 1-2 months from a release. We’ve had contentious debate about input latency, effects of certain patches, and ways to measure all of this. Other team members are going through their own equally hard circumstances, and it’s an unfortunate amount of stress to occur all at once at the wrong times. We’re human at the end of the day. I wish these aspects didn’t leak into the blog post so much, so just wanted to vent and provide some context. If you take away anything from it, please try the PPA and report bugs. We need people looking for things that might get stuck in cinnamon 4.2.

    I’ve heard this before. There have been a lot of Linux desktop distros over the years. They tend to last for five or six years and then real life gets in the way of what’s almost always a volunteer effort. The programmers walk away, and the distro then all too often declines to be replaced by another.

    It is not easy building and supporting a Linux desktop. It comes with a lot of wear and tear on its developers with far too little reward. Mint is really a winner and I hope to see it around for many more years to come. But I worry over it.

    Looking ahead, I’d love to see a foundation bring together the Linux desktop community and have them hammer out out a common desktop for everyone. Yes, I know, I know. Many hardcore Linux users love have a variety of choices. The world is not made up of desktop Linux users. For the million or so of us, there are hundreds of millions who want an easy-to-use desktop that’s not Windows, doesn’t require buying a Mac, and comes with broad software and hardware support. Are you listening Linux Foundation?

    #Logiciels_libres #Linux #GUI #Economie

  • SPIP : Mise à jour CRITIQUE de sécurité
    https://www.domainepublic.net/SPIP-Mise-a-jour-CRITIQUE-de-securite.html

    Une faille CRITIQUE a été découverte récemment sous SPIP, permettant l’exécution de code arbitraire par les visiteurs identifiés. Elle touche les versions SPIP 3.1 ( inférieure à la 3.1.10) et les versions SPIP 3.2 ( inférieure à la 3.2.4) , et impacte tous les sites utilisant ces versions. Les versions SPIP 3.0 et antérieures ne sont pas concernées par ce problème. Il est impératif de mettre à jour votre site SPIP dès que possible. L’équipe remercie Guillaume Fahrner pour l’identification et le (...)

    #Logiciels_Libres

  • KEI letter to US DOJ, opposing IBM acquisition of Red Hat | Knowledge Ecology International
    https://www.keionline.org/30093

    Très intéressant sur les relations Logiciels libres et grandes entreprises. Utiliser le LL comme cheval de Troie pour renforcer des services spécifiques... brisant la confiance et la neutralité du libre. L’inverse de ce que décrit « Des routes et des ponts » sur les partenariats communs-privés.

    The following was sent to US DOJ today, to express KEI’s opposition to the IBM acquisition of Red Hat.

    13 March 2019

    Bindi R. Bhagat
    U.S. Department of Justice
    Antitrust Division
    Technology and Financial Services Section

    Dear Ms. Bhagat,

    Thank you for taking our call today, regarding the International Business Machines Corporation (IBM) effort to buy Red Hat, Inc. As discussed, Knowledge Ecology International (KEI) is opposed to IBM acquiring Red Hat.

    At present, Red Hat controls the most important Linux distribution for Internet and cloud servers.

    The important metrics in this area include, but are not limited to, the share of Internet traffic supported by Red Hat server installations, as well as the revenue that Red Hat realizes for maintaining and customizing Linux server software, compared to other Linux server distribution companies or organizations.

    Red Hat is an important contributor to the Linux kernel and to the code that is used in many elements in the broader GNU/Linux platform of free software programs that are used by server platforms, including the many non-Red Hat Linux distributions.

    IBM is proposing to pay a large premium for Red Hat. Prior to the acquisition offer, Red Hat was valued at approximately $20.5 billion. IBM is proposing to buy Red Hat for $34 billion, a premium of about 67 percent of the previous value.

    IBM could have invested in Red Hat stock at a much lower price, if the objective was simply to share in the expected profits of Red Hat, continuing its current business offerings. What IBM gains from its acquisition of Red Hat is control, and the ability to shape the direction of its software development efforts, to favor IBM’s own cloud services.

    Today Red Hat is considered a neutral partner for many companies offering or developing cloud services. If IBM acquires Red Hat, the trust in Red Hat will be eroded, and IBM will have powerful incentives to influence Red Hat’s software development efforts towards providing special functionality and benefits to IBM and the IBM cloud services, and even to degrade the functionality of services to companies that compete directly with IBM, or fail to buy services from IBM.

    The Department of Justice (DOJ) should consider the impact of the merger on the incentives that Red Hat will have, post merger, to undermine competition and degrade the benefits of a more level playing field, for this critical Internet resource and platform.

    Our concerns are shaped to some degree by the detrimental decision made by the DOJ in approving the Oracle acquisition of Sun Computer’s open source assets, including the MySQL database program. At the time, DOJ viewed the MySQL software as unimportant, because the revenues were small, relative to other database programs. Most users of MySQL did not pay any fees to use the software. Our organization, KEI, used MySQL to support our Joomla, Drupal and WordPress content management systems, and did not pay fees to Sun Computer, along with countless other businesses, non-profit organizations and individuals who also used the free version. We were concerned, at the time, that Oracle would degrade and slow the development of the capacities of MySQL, in order to protect Oracle’s very expensive proprietary database services. We believe that our concerns about Oracle have unfortunately been borne out, by the blunting of the rate of innovation and ambition for MySQL, the fact that Open Office (another program gained in the acquisition of Sun Computers) is no longer an important free software client for office productivity, and Oracle’s aggressive litigation over copyright and patent claims related to Java.

    The DOJ might consider conditions on the merger that would provide greater assurances that Red Hat will not be used to create an unlevel playing field that favors IBM’s own cloud services. We are willing to suggest such conditions, relating to governance, licensing and other issues. For example, the DOJ could require IBM to show how it will ensure the continued policy of ensuring that Red Hat’s patents are only used for defensive purposes. Conditions on this issue should be durable, and avoid predictable loopholes.

    IBM’s competitors and existing customers of Red Hat will have more informed suggestions as to specific conditions that would protect IBM’s competitors. But overall, the best decision would be to reject the merger, on the grounds that is is fundamentally designed to create an unlevel playing field.

    Red Hat is not just another technology company. It is one of the main reasons the Internet functions as well as it does.

    Sincerely,

    James Love
    Knowledge Ecology International (KEI)
    1621 Connecticut Avenue, Suite 500
    Washington, DC 20009
    https://keionline.org

    #Communs #Logiciels_libres #Red_Hat #IBM