otter

I got a copy of the text from the email, and added it below, with personal information and link trackers removed.

Hello [receiver's name],

I’ve long dreamed about working for Mozilla. I learned how to send encrypted e-mail using Mozilla Thunderbird, and I’ve been a Firefox user since almost as long as I can remember. In more recent years, I’ve been an avid follower of Mozilla’s advocacy work, and was lucky enough to partner with Mozilla on investigative journalism in my last job.

In many ways, Mozilla was the dream – and now, as the leader of the Foundation, my job is to make my dreams for Mozilla come true. What that means, though, is making your dreams come true – for a trustworthy and open future of technology; for tech that is a tool for liberation, not limitation; and for tech that values people over profit.

So I’m reaching out to technologists, activists, researchers, engineers, policy experts, and, most importantly, to you – the people who make up the Mozilla community – to ask a simple question.

[receiver's name]. What is your dream for Mozilla? I invite you to take a moment to share your thoughts by completing this brief survey.

Let’s start with this question:

Question 1: What is most important to you right now about technology and the internet?

• Protecting my privacy online
• Avoiding scams
• Choosing products, apps, technology, and services that I can trust
• Keeping children safe online
• Responsible use of AI
• Keeping the internet is open and free
• Knowing how to spot misinformation
• Other (please specify)

Take the survey now →

With your help, together we can imagine and create the Internet we want. Thank you for being a part of this.

Always yours,

Nabiha Syed Executive Director Mozilla Foundation

I recently got a small keychain device for free as a cheap promotional item. It looks like one of these: https://powerstick.com/powertag/

It asks that you install this app: Spot 2.0 Bluetooth Finder

Some concerns right away:

• It requires an account
• It said that my password was too long
• It seems that these apps will need 24/7 access to location in order to work properly, so I'm not comfortable making an account on some app I've never heard of

So my questions:

Q1: If someone is given a similar device, is there a FOSS app that they can use it with? So far I've found:

• BLE Radar (FDroid, GitHub). It looks promising and I haven't played with all the custom profiles yet. While I was able to connect the device and see it on a map, I don't see an option to ring the device from the app. Since it's a key ring, I imagine most people would use it to find their keys in their home, for which the speaker would be helpful.

• iTracing2 (FDroid, GitHub). This one is very minimalistic, and while I could get it connected, it seems to only work in the device > phone direction, where you can press a button on the keychain to initiate an action on the phone (ex. ring the phone)

Q2: If someone wanted to get a good quality version of this, which brands do you recommend? Ideally it would be accurate and be compatible with some FOSS app(s).

I remember seeing Chipolo mentioned in some other thread here, but I don't know if they meet those requirements

As Synology explains in security advisories published two days after the flaws were demoed at Pwn2Own Ireland 2024 to hijack a Synology BeeStation BST150-4T device, the security flaws enable remote attackers to gain remote code execution as root on vulnerable NAS appliances exposed online.

"The vulnerability was initially discovered, within just a few hours, as a replacement for another Pwn2Own submission. The issue was disclosed to Synology immediately after demonstration, and within 48 hours a patch was made available which resolves the vulnerability," Midnight Blue said.

From a different source:

Synology proactively sponsors and works with security researchers as part of product security initiatives. At this year's Pwn2Own Ireland 2024 event, which took place in late October, we successfully discovered and resolved multiple security vulnerabilities.

While these vulnerabilities are not being exploited, we recommend all Synology device administrators immediately take action to secure their systems by updating due to the scope and severity of specific issues.

There are downsides with downloading their app just to input bad data, but it's a fun thought.

edit: While we're at it we might as well offer an alternative app to people.

I posted in !opensource@programming.dev to collect recommendations for better apps

The post: https://lemmy.ca/post/32877620

Leading Recommendation from the comments

The leading recommendation seems to be Drip (bloodyhealth.gitlab.io)

Summarizing what people shared:

• accessible: it is on F-droid, Google Play, & iOS App Store
• does not allow any third-party tracking
• the project got support from "PrototypeFund & Germany's Federal Ministry of Education and Research, the Superrr Lab and Mozilla"
• Listed features:
  • "Your data, your choice: Everything you enter stays on your device"
  • "Not another cute, pink app: drip is designed with gender inclusivity in mind."
  • "Your body is not a black box: drip is transparent in its calculations and encourages you to think for yourself."
  • "Track what you like: Just your period, or detect your fertility using the symptothermal method."

Their Mastodon: https://mastodon.social/@dripapp

A friend was asking, and it would be nice to have one or two to recommend.

Bonus if it's on Google Play in addition to Fdroid, but not necessary.

Some recommendations in these threads:

• https://lemmy.ca/comment/12756204
• https://lemmy.ca/post/32878118

Some discussion on apps (including non-FOSS) here:

• https://foundation.mozilla.org/en/privacynotincluded/categories/reproductive-health/

Leading Recommendation from the comments

The leading recommendation seems to be Drip (bloodyhealth.gitlab.io)

Summarizing what people shared:

• accessible: it is on F-droid, Google Play, & iOS App Store
• does not allow any third-party tracking
• the project got support from "PrototypeFund & Germany's Federal Ministry of Education and Research, the Superrr Lab and Mozilla"
• Listed features:
  • "Your data, your choice: Everything you enter stays on your device"
  • "Not another cute, pink app: drip is designed with gender inclusivity in mind."
  • "Your body is not a black box: drip is transparent in its calculations and encourages you to think for yourself."
  • "Track what you like: Just your period, or detect your fertility using the symptothermal method."

Their Mastodon: https://mastodon.social/@dripapp

This release has fixed some CVE Reports reported by a third party security auditor and we recommend everybody to update to the latest version as soon as possible. The contents of these reports will be disclosed publicly in the future.

cross-posted from: https://lemmy.eco.br/post/8758930

If you're using Vaultwarden, you should update because of security fixes.

There is a table of examples in the link. Some I saw include:

Desert

• desert Latin dēserō ("to abandon") << ultimately PIE **seh₁- ("to sow")
• Ancient Egyptian: Deshret (refers to the land not flooded by the Nile)  from dšr (red)

Shark

• shark Middle English shark from uncertain origin
• Chinese 鲨 (shā)  Named as its crude skin similar to sand (沙 (shā))

Kayak

• Inuktitut ᖃᔭᖅ (kayak) Proto-Eskimo *qyaq
• Turkish kayık ('small boat')[17] Old Turkic kayguk << Proto-Turkic kay- ("to slide, to turn")

A lot of these could be TIL posts of their own.

I also wonder if some of these are actually false cognates, or if there is a much earlier common origin with false associations that came afterwards

cross-posted from: https://lemmy.ml/post/22332949

JD Vance said that ‘American power comes with certain strings attached’

Archive link

I saw this post and I was curious what was out there.

https://neuromatch.social/@jonny/113444325077647843

Id like to put my lab servers to work archiving US federal data thats likely to get pulled - climate and biomed data seems mostly likely. The most obvious strategy to me seems like setting up mirror torrents on academictorrents. Anyone compiling a list of at-risk data yet?

cross-posted from: https://lemmy.world/post/21666337

Bitwarden isn't going proprietary after all. The company has changed its license terms once again – but this time, it has switched the license of its software development kit from its own homegrown one to version three of the GPL instead.

The move comes just weeks after we reported that it wasn't strictly FOSS any more. At the time, the company claimed that this was just a mistake in how it packaged up its software, saying on Twitter:

It seems like a packaging bug was misunderstood as something more, and the team plans to resolve it. Bitwarden remains committed to the open source licensing model in place for years, along with retaining a fully featured free version for individual users.

Now it's followed through on this. A GitHub commit entitled "Improve licensing language" changes the licensing on the company's SDK from its own license to the unmodified GPL3.

Previously, if you removed the internal SDK, it was no longer possible to build the publicly available source code without errors. Now the publicly available SDK is GPL3 and you can get and build the whole thing.