Ich würde gerne #opensource #AI benutzen um meine medizinischen Daten zu analysieren.
opensource
I submitted a Pull Request to update MacPorts' OpenSSH to 9.9p2 here:
https://github.com/macports/macports-ports/pull/27712
GitHub Continuous Integration checks are running. Hopefully they will be OK (Update 2 out of 3 have completed successfully, which is a good sign).
I tested locally without issues, but I also build against LibreSSL locally, whereas GitHub CI and MacPorts' Build Bots I think default to OpenSSL.
This release is to address some vulnerabilities identified by Qualys and other less critical bugs.
More details from upstream here:
https://www.openssh.com/releasenotes.html#9.9p2
Of particular note:
" Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1
(inclusive) contained a logic error that allowed an on-path
attacker (a.k.a MITM) to impersonate any server when the
VerifyHostKeyDNS option is enabled. This option is off by default.
* Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1
(inclusive) is vulnerable to a memory/CPU denial-of-service related
to the handling of SSH2MSGPING packets. This condition may be
mitigated using the existing PerSourcePenalties feature.
Both vulnerabilities were discovered and demonstrated to be exploitable
by the Qualys Security Advisory team. We thank them for their detailed
review of OpenSSH."
If I read everything correctly, these vulnerabilities primarily only impact the Portable OpenSSH releases (which is what MacPorts uses). However, OpenBSD has also issued the following errata to mitigate one of the issues as it also appears to impact OpenBSD users:
"008: SECURITY FIX: February 18, 2025 All architectures
sshd(8) denial of service relating to SSH2MSGPING handling. ssh(1) server impersonation when VerifyHostKeyDNS enabled.
A source code patch exists which remedies this problem."
Source code patch for OpenBSD here:
https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/008_ssh.patch.sig
Having written as much, it appears as if the main OpenSSH version for OpenBSD is still 9.9, so I am not going to make a submission for undeadly.org Other editors reading this are welcome to though, I just kind of have a lot of other stuff on my plate at present.
As usual, I also have too much going on in my life to want more responsibilities such as commit access within MacPorts, so it's up to someone else to merge it.
Update #2: I also decided to be a good Samaritan and reported the issue to Apple. Not that they have ever acknowledged my efforts for such things nor paid me from their bug bounty program in years of doing similar things. Because, OFC, Apple can't spare a penny to anyone like me. Maybe Qualys already reported it to them anyway (though they would have no obligation to do so, they did find the vulns and reported them upstream as would be expected).
#OpenSSH #MacPorts #SecureShell #InfoSec #Cryptography #Security #CVE #PatchTuesday #OpenSource #OpenBSD #macOS
https://github.com/macports/macports-ports/pull/27712
GitHub Continuous Integration checks are running. Hopefully they will be OK (Update 2 out of 3 have completed successfully, which is a good sign).
I tested locally without issues, but I also build against LibreSSL locally, whereas GitHub CI and MacPorts' Build Bots I think default to OpenSSL.
This release is to address some vulnerabilities identified by Qualys and other less critical bugs.
More details from upstream here:
https://www.openssh.com/releasenotes.html#9.9p2
Of particular note:
" Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1
(inclusive) contained a logic error that allowed an on-path
attacker (a.k.a MITM) to impersonate any server when the
VerifyHostKeyDNS option is enabled. This option is off by default.
* Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1
(inclusive) is vulnerable to a memory/CPU denial-of-service related
to the handling of SSH2MSGPING packets. This condition may be
mitigated using the existing PerSourcePenalties feature.
Both vulnerabilities were discovered and demonstrated to be exploitable
by the Qualys Security Advisory team. We thank them for their detailed
review of OpenSSH."
If I read everything correctly, these vulnerabilities primarily only impact the Portable OpenSSH releases (which is what MacPorts uses). However, OpenBSD has also issued the following errata to mitigate one of the issues as it also appears to impact OpenBSD users:
"008: SECURITY FIX: February 18, 2025 All architectures
sshd(8) denial of service relating to SSH2MSGPING handling. ssh(1) server impersonation when VerifyHostKeyDNS enabled.
A source code patch exists which remedies this problem."
Source code patch for OpenBSD here:
https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/008_ssh.patch.sig
Having written as much, it appears as if the main OpenSSH version for OpenBSD is still 9.9, so I am not going to make a submission for undeadly.org Other editors reading this are welcome to though, I just kind of have a lot of other stuff on my plate at present.
As usual, I also have too much going on in my life to want more responsibilities such as commit access within MacPorts, so it's up to someone else to merge it.
Update #2: I also decided to be a good Samaritan and reported the issue to Apple. Not that they have ever acknowledged my efforts for such things nor paid me from their bug bounty program in years of doing similar things. Because, OFC, Apple can't spare a penny to anyone like me. Maybe Qualys already reported it to them anyway (though they would have no obligation to do so, they did find the vulns and reported them upstream as would be expected).
#OpenSSH #MacPorts #SecureShell #InfoSec #Cryptography #Security #CVE #PatchTuesday #OpenSource #OpenBSD #macOS
Edited 228d ago
⏳ D-Day-7!
We're counting down to OW2con'25, the European open source conference — happening June 17-18 at Orange Gardens in Paris-Chatillon!
Join us for two days of engaging talks and collaborative discussions around Open Source and Responsible AI.
💡 AIOps, DevOps team members and IT decision-makers, OW2con'25 is the place to connect with the community shaping the future of open source in Europe and beyond.
🎟️ Register now (it's free!) 👉 https://www.ow2con.org/view/2025/
Linux kernel 6.16 testing needed! Help us test 6.16 from Aug 10-16. The Fedora Quality Team will be available to receive your feedback. :)
Learn how to participate: https://fedoramagazine.org/kernel-6-16-test-week-august-10-16/
My main mini pc Gigabyte, which came with a under dimensioned CPU / GPU cooler has kicked the bucket...
It's never performed well due to overheating.
Thanks for the Enshittification of hardware Gigabyte.
Now I have no computer anymore and no finances to purchase a new one, in the near future.
I need a computer to do my remote work, so the circle is now broken.
I also use the computer to do my Open Source programming, my hardware & software Research. Another broken circle.
Of course I'm calm and I have a <plan van aanpak NL>
#Hardware #failure #Gigabyte #enshittification #programming #OpenSource
Edited 120d ago
Little Bits: Issue #21 for January 2025
Race on over to read the latest instalment of Little Bits issue #21 for January 2025 to explore the largest collection of discovered bits to date.
DeepSeek Open Source FlashMLA – MLA Decoding Kernel for Hopper GPUs — https://github.com/deepseek-ai/FlashMLA
#HackerNews #DeepSeek #Open #Source #FlashMLA #MLA #Decoding #Kernel #for #Hopper #GPUs #GitHub #OpenSource #AI
🗓️ There are 4 days left to contribute to the crowdfunding campaign for the #PeerTube mobile app and help us to reach the next goal!
Every contribution helps us build a world where everyone can use PeerTube from anywhere!
👉 https://support.joinpeertube.org
#crowdfunding #mobile #app #FLOSS #FOSS #FreeSoftware #OpenSource
Little Bits: Issue #25 For May 2025
Enjoy the exploration of the past bits of May and read an motivational message of accountability and condolences of a beautiful precious life.
Nouvel épisode de la série sur les transports 🚐 🚇
Vous utilisez des outils de planification de trajets : savez-vous d’où viennent les données ? Et connaissez-vous le rôle de l’Europe et des états membres dans tout cela ?
👉 https://www.projets-libres.org/transports-donnees-ouvertes-regulation-europeenne
Avec Tu-Tho Tai, nous parlons de données ouvertes de transport, de la règlementation européenne révisée après le COVID et des dispositions prises par les états membres pour la mettre en application.
Nous abordons aussi le rôle de l'association Femmes en mouvement, dont Tu-Tho fait partie et qui met en avant la question de genre dans le milieu des transports 💪
Bonne écoute 🎧
![Projets Libres - saison 3 épisode 14 : [Transports] Données ouvertes et régulation européenne dans les transports publics](/proxy/post_attachment/113287/16bbaa6884.png "Projets Libres - saison 3 épisode 14 : [Transports] Données ouvertes et régulation européenne dans les transports publics")
Edited 116d ago
🎧 New episode in our series on transportation 🚐 🚇
You use trip planning tools — but do you know where the data comes from? And do you know what role the EU and its member states play in all this?
👉 https://www.projets-libres.org/en/transport-public-transport-open-data-and-european-regulation/
With Tu-Tho Tai, we discuss open transport data, the EU regulations revised after COVID, and the measures taken by member states to implement them.
We also talk about the role of the Femmes en mouvement association, of which Tu-Tho is a member, and which highlights gender issues in the transport sector 💪
![Projets Libres! - season 3 episode 14: [Transport] Public transport : open data and European regulation](/proxy/post_attachment/113288/c1780a3270.png "Projets Libres! - season 3 episode 14: [Transport] Public transport : open data and European regulation")
Edited 116d ago
Clarifying Costs of Running the Fediverse with Jerry from Infosec.Exchange
I decided since I don't understand how all of this works, I will just simply ask Jerry personally about all of this data and technical details, so that people will no longer be confused about all of this.
Includes an exclusive interview with Jerry.
I decided since I don't understand how all of this works, I will just simply ask Jerry personally about all of this data and technical details, so that people will no longer be confused about all of this.
Includes an exclusive interview with Jerry.
No OSPO is an island 🏝️
DINUM is pleased to connect with other OSPOs and #FreeSoftware #OpenSource enthusiasts during the United Nations Open Source Week 2025 🧢
Check out the wonderful program 👉 https://www.un.org/digital-emerging-technologies/content/open-source-week-2025
Please join the event live and engage with us! Our mailbox is open ✉️ floss@numerique.gouv.fr
Join us tomorrow for our Godot Meetup @ c-base!
For the first time we will be meeting at c-base for our new, roughly bi-weekly alternating meetups at two locations. Looking forward to seeing you at the space station underneath Berlin! 🛸
Thursday, 12 Jun 2025, 19:00-21:00
c-base e.V.
Rungestraße 20, Mitte, 10179 Berlin
https://www.meetup.com/godot-user-group-berlin/events/307867313/
#Berlin #GodotEngine #OpenSource #GameDev #Meetup #Hackspace #Makespace #Godot4
Up for helping us out? The Overte e.V. is doing its first donation drive. We are preparing to hire our first long standing contributor, and hope to raise 3000€ toward that goal.
Read more here: https://overte.org/index.html#help-us-hire-a-team-member
Or go straight to our donation page: https://overte.org/donate.html
#foss #vr #OpenSource
Join the Fedizens! Isn't it time to leave legacy social media and start afresh? 👉 @fedizen https://Fedizen.EU
#NoAds, #NoManipulation 🚫 Big Tech shapes opinions through targeted ads and polarizing content: #Opensource #socialmedia empowers #communities with transparent #moderation.
#Better #MentalHealth 🧠 Research shows that algorithm-driven feeds fuel anxiety and addiction: #ActivityPub platforms, like #Mastodon, avoid manipulative engagement tactics. (1/2)
New Open at Intel Podcast! I spoke with Andrew Brown of Exam Pro about his free generative AI bootcamp for developers, #Deepseek, keeping up with AI development and its rapidly moving pace, and a lot more. Check it out!
Episode: https://openatintel.podbean.com/e/mastering-generative-ai/
Clip: https://youtube.com/shorts/ofsiK5cF1u0?feature=share
My latest blog post: Migrating my Mastodon server to Masto.host
https://mikecoats.com/migrating-to-masto-host/
I migrated my Mastodon server from a self-hosted DigitalOcean droplet to an instance provided by Masto.host. The process was straightforward and took less than an hour.
Mastodon is happy to be recognised as a #DigitalPublicGood by @dpgalliance - alongside many other incredible #OpenSource projects. Find out more in our blog post. #UNOpenSourceWeek
Edited 109d ago
a little tool I built to fight linkrot and save our sources from the memory hole → https://sij.law/deepciter
#digitalpreservation #selfhosting #archivebox #opensource #foss #textfragments #waybackmachine #linkrot #memoryhole #legaltech #permalink #deepcite
My latest blog post: Simplify VCD
https://mikecoats.com/simplify-vcd/
Simplify VCD is a tool designed to make working with Value Change Dump (VCD) files more efficient and faster. This tool enables users to clip sections of VCD files, trim irrelevant data, and reduce the resolution to a more manageable timescale, significantly improving processing speed and usability.
#code #electronics #embedded #hardware #openSource #python #software
My latest blog post: VanSpoof – A-Muntzing We Will Go
https://mikecoats.com/van-spoof-muntzing/
With my first few VanSpoof prototypes assembled, I had noticed that the L78L05 was sometimes getting a little hot. Instead of knuckling down and calculating more suitable component values, I turned to the tried and tested method of Muntzing to get my power draw down.
#eBike #electronics #hardware #muntzing #openSource #vanMoof
Little Bits: Issue #22 for February 2025
Exciting times are ahead, a motivational message and loads of new curated bits found in February 2025 while surfing the Internet for you to enjoy.
🚀 Join us for the Fedora Docs Hands-on Workshop!
📅 Date: June 21, 2025 4pm EAT (1pm UTC)
🕒 Learn how to contribute to Fedora Docs, get hands-on experience, and explore beginner-friendly tasks with the community.
🔗 Add to your calendar: https://calendar.app.google/vZUrHzANBjuRBQ2c8
📚 Event details: https://fedoraproject.org/wiki/Fedora_Docs_Hands-on_Workshop_2025
Let’s build docs together!
Hi, if you speak any of the following languages, I could really use your help translating a few words for https://jointhefediverse.net.
فارسی,العربية,Bahasa Indonesia, Български, Català, Čeština, 简体中文, 繁體中文, Deutsch (DE), Español (ES), Esperanto, Euskara, Français, Italiano, Nederlands, Polski, Português (BR), Русский, Slovenčina, Suomi, 臺灣正體中文
- https://github.com/jointhefediverse-net/jointhefediverse.net/issues/118
- https://github.com/jointhefediverse-net/jointhefediverse.net/issues/138
- https://github.com/jointhefediverse-net/jointhefediverse.net/issues/137
#translation #localization #opensource #HelpWanted #fediverse #JoinTheFediverse
Edited 104d ago