A breakdown of what constitutes the software supply chain and how to secure each stage
Software Supply-Chain (SCC) attacks has become so critical that it has been driven by the government. The Biden Administration, in its second year in office, released an executive order on SSC risks. This has created a tailwind that has led to a proliferation of companies aiming to protect the supply chain and enable companies to comply with this legislation.
Bundling software components and dependencies into a deployable format and distributing it for installation on target systems. We discuss Software Bill of Materials (SBOM), code provenance and signatures, and artifact repositories.
tomato is a python script to glitch AVI files
It was designed to operate video frame ordering, substraction and duplication.
This is a port of Simon Tatham’s Portable Puzzle Collection, a collection of 40 single-player logic games. It’s free, with no ads, and is playable offline. All games are generated on demand with adjustable size and difficulty, so you’ll never run out of puzzles.
Universal pencil puzzle editor capable of drawing many different kinds of pencil puzzles. You can also solve problems in the software.
Join us in sending a token of appreciation to your favorite open source developers and projects.
Here’s how:
- Choose a card
- Log in with GitHub
- Choose recipient
- Send your card
permet de modifier de façon subtile et imperceptible une image, de sorte qu'elle ne puisse pas être rattachée à un visage sur une autre photo [...] : il retouche très légèrement les traits principaux du visage afin de tromper la reconnaissance faciale. Le procédé s'appuie sur une base de données contenant des visages de célébrités.
En utilisant des visages de stars ressemblant très peu aux photographies originales, les images s'en trouvent étrangement transformées.
«Les changements apportés à [mes] photos sont visibles à l'œil nu. Sur les images modifiées, j'ai l'air morte, ma fille de 3 ans a du duvet sur le visage et mon mari a l'air d'avoir un œil au beurre noir.»
Githup repo: https://github.com/fawkesrobotics/fawkes
Un outil comme celui-ci est utile pour fournir une version texte d'un fichier média (audio ou vidéo). L'objectif de ce programme est de fournir un outil simple et rapide pour permettre de récupérer un texte et l'utiliser comme version numérique.
Au commencement était le projet de communs numériques "Common Voice" initié par la fondation Mozilla [...] Puis vint le projet du logiciel libre Vosk, à l'initiative d'un collectif de chercheurs (Alpha Cephei) [...] Enfin, vint le projet de transcription de Tykayn, contributeur de l'association "April" [...] Pour finir, vint le projet Scribe, à l'initiative de l'équipe SI des Ceméa qui créa cette interface, simple et fonctionnelle, basique pour proposer aux utilisateur·rices de bénéficier de l'ensemble de ces fonctionnalités sous une forme plus conviviale.
A free and open source web solution to visualize and explore 3D models right in your browser
Sources: https://github.com/kovacsv/Online3DViewer
TL;DR: There are three options to fix an NPM dependency:
- Open a bug ticket on the repository of the maintainer
- Fork & Fix
- Create a patch and fix it
J'avais tendance à privilégier la 2e solution, mais elle a l’inconvénient de créer une dépendance à github.com
au moment du build, ce qui n'est pas toujours pratique dans un contexte d'entreprise... patch-package
peut donc s'avérer bien pratique dans ce cas
Code source de https://www.mobicoop.fr
Made with Symfony
par Mathieu O'Neil, Laure Muselli, Fred Pailler & Stefano Zacchiroli
La communauté du logiciel libre peut-elle se constituer en entité politique qui réfléchit, au-delà du logiciel, sur la société dans son ensemble ? Peut-elle se confronter aux orthodoxies productivistes, au développement infini de la puissance de calcul ? Tout le passé indique le contraire. Son succès, pourtant, en dépend.
Libervia est un outil tout-en-un pour gérer tous vos besoins en communication: messagerie instantanée, (micro)blogage, partage de fichiers, albums photo, événements, forums, gestion de tâches, etc.
Ça me semble être le genre d'outil idéal pour un écolieu / de l'habitat participatif
TL;DR version of lessons from the post:
- Writing open source software can be very rewarding in ways you can’t predict
- Be in it for the long haul
- Ship it and ship regularly
- Have broad, open-ended goals
- If you care enough, you’ll find the time
- No one cares about your unit test coverage
- There’s no shame in marketing
- Clear it with your employer
- Foster community
- Keep it enjoyable
Source: https://www.reddit.com/r/Python/comments/smta85/lessons_learned_from_my_10_year_open_source/
This person should be funded in a level that is appropriate for how critical log4j2 is used in the ecosystem. There is no excuse for this. This person's spare time passion project is responsible for half of the internet working the way it should.
TL;DR: If you want me to make you useful software, pay me. If you use software made by others in their spare time and find it useful, pay them. This should not be a controversial opinion. This should not be a new thing. This should already be the state of the world and it is amazingly horrible for us to have the people that make the things that make our software work at all starve and beg for donations.
Open source online whiteboard/sketch tool with hand-drawn look and live collaboration
Get off Big Tech tools. Use these instead.
Below are my recommendations for genuinely good, helpful, non-toxic tools. We need alternatives to Big Tech platforms that continually show a shocking lack of respect for users, communities, even democratic society.
My highlights / quotes:
This creates an obvious congestion. Most people try to address it in the wrong way: using pragmatism. Let’s close the issue after two weeks of no original poster replies, after we ask some question. Close all the issues that are not very well specified. And other “inbox zero” solutions. The reality is that to process community feedbacks very well you have to take the time needed
So what happens? That you start to prioritize more and more what to look at and what not. And you feel you are a piece of shit at ignoring so many things and people, and also the contributor believes you don’t care about what others have to give you. It’s a complex situation.Sometimes I just stop looking at issues and PRs for weeks, because I’m coding or designing: that is the work I really love and enjoy. However this in turn creates ways more pressure on me, psychologically. To do what I love and I can do well I’ve to feel like shit.
the sum of the productivity of me working just when I want is greater than the productivity I’ve when I’m forced to work every day in a steady way.
AVIF is a new image format derived from the keyframes of AV1 video.
Mentions: https://squoosh.app an image compression web app that allows you to dive into the advanced options provided by various image compressors.
Really nice read, that gave me some food for thought and includes a nice summary of the Open Source vs Free Software history.
Some hand-picked quotes:
Fuzzy, contentious, and complex ideas have been stripped of their subversive connotations and replaced by cleaner, shinier, and emptier alternatives; long-running debates about politics, rights, and freedoms have been recast in the seemingly natural language of economics, innovation, and efficiency.
Stallman’s may not have been the best software on offer, but some sacrifice of technological efficiency was a price worth paying for emancipation.
Any move to subject the fruits of developers’ labor to public regulation, even if its goal was to promote a greater uptake of open source software, must be opposed, since it would taint the reputation of open source as technologically and economically superior to proprietary software.
As O’Reilly put it in 2010, “the art of promoting openness is not to make it a moral crusade, but rather to highlight the competitive advantages of openness.”
It seems that anyone who wanted to claim that a revolution was under way in their own field did so simply by invoking the idea of Web 2.0 in their work: Development 2.0, Nursing 2.0, Humanities 2.0, Protest 2.0, Music 2.0, Research 2.0, Library 2.0, Disasters 2.0, Road Safety 2.0, Identity 2.0, Stress Management 2.0, Archeology 2.0, Crime 2.0, Pornography 2.0, Love 2.0, Wittgenstein 2.0. What unites most of these papers is a shared background assumption that, thanks to the coming of Web 2.0, we are living through unique historical circumstances. Except that there was no coming of Web 2.0—it was just a way to sell a technology conference to a public badly burned by the dotcom crash.
Some words—like “law”—are particularly susceptible to crazy talk, as they mean so many different things: from scientific “laws” to moral “laws” to “laws” of the market to administrative “laws,” the same word captures many different social relations. “Open,” “networks,” and “information” function much like “law” in our own Internet discourse today.
O’Reilly admitted that he was the one to edit the Wikipedia page for the book. O’Reilly is perfectly positioned to control our technology discourse: as a publisher, he can churn out whatever books he needs to promote his favorite memes—and, once those have been codified in book form, they can be easily admitted into Wikipedia, where they quickly morph into facts. What’s not to like about “collective intelligence”?
As long as this “open data” was liquid and reusable, others could build on it. Neither the political process that led to the release of the data nor its content was considered relevant to openness. Thus, data about how many gum-chewers Singapore sends to prison would be “open” as long as the Singaporean government shared it in suitable formats. Why it shared such data was irrelevant.
O’Reilly deploys the highly ambiguous concept of openness to confuse “transparency as accountability” (what Obama called for in his directive) with “transparency as innovation” (what O’Reilly himself wants).
If Participation 1.0 was about the use of public reason to push for political reforms, with groups of concerned citizens coalescing around some vague notion of the shared public good, Participation 2.0 is about atomized individuals finding or contributing the right data to solve some problem without creating any disturbances in the system itself.
In 2011, Cameron’s government released a white paper on “Open Public Services” that uses the word “open” in a peculiar way: it argues that, save for national security and the judiciary, all public services must become open to competition from the market.
Raymond writes in The Cathedral and the Bazaa [...] that “one may call [Linux hackers] motivation ‘altruistic’, but this ignores the fact that altruism is itself a form of ego satisfaction for the altruist.” If it sounds like Ayn Rand, that’s because Raymond explicitly draws on her crazy talk.
Emmanuel Macron l’a affirmé dès son élection : il veut faire de la France une “startup nation”. Il démontre régulièrement son soutien à la “FrenchTech”, censée représenter la quintessence de l’innovation et de l’entreprenariat. Mais derrière cette ambition, la réalité est bien différente. La France peine à se dégager de l’emprise des GAFAM, comme l’ont cruellement rappelé les déboires de Qwant, le moteur de recherche qui devait supplanter Google. Et l’échec patent de l’application StopCovid en est une énième illustration. Pourquoi la France peine-t-elle à innover et à recouvrir son indépendance numérique ? Comment résister face aux plateformes, sans pour autant exploiter une main d’oeuvre uberisée, et en respectant la vie privée des utilisateurs ?
Pour en parler, nous avons reçu Jean-Baptiste Kempf, l’éditeur du logiciel français le plus utilisé au monde. Il s’agit du lecteur de vidéos VLC, le fameux logiciel au cône de chantier . Open-source, maintenu par la communauté, il est porté par une structure associative. On est bien loin des “jeunes qui veulent devenir milliardaires” dont rêve le Président Macron. Pourtant, le logiciel, né d’un projet étudiant, a dépassé les 3 milliards de téléchargements.
Jean-Baptiste Kempf juge sévèrement, mais non sans humour, l’incompétence des politiques dès lors qu’il s’agit d’innovation. Personnage atypique, on peine à la mettre dans une case. Mais ce qui est certain, c’est que son expérience remet en cause le récit du capitalisme comme moteur de l’innovation.
The source code for these demos is freely available at http://github.com/jamis/csmazes
Source: https://sebsauvage.net/links/?Wgr4pg
Interesting overview of French policy, initiatives & organizations fostering the usage of free/libre/open-source software :
Adullact, CNLL, Etalab, Mutualisation Interministérielle, Direction Interministérielle de la Transformation Publique, Socle Interministériel de Logiciels Libres...
The CNIL seems to be missing in this landscape though.
Source: https://joinup.ec.europa.eu/collection/open-source-observatory-osor/knowledge-centre
Bonjour !
Je rassemble ici des liens vers des sites web que j'apprécie et souhaite partager : articles, documentaires, jeux, sites de référence...
Shaarli est un logiciel libre & open-source qui peut servir d'alternative décentralisée à Facebook / Twitter.
Il me sert aussi à retrouver facilement des liens à partir de tags thématiques.
Songez à laisser un commentaire pour échanger sur des sujets qui vous intéressent !
-Lucas - (blog ludochaordic)
Hi !
Here I collect links to websites I like and want to share : articles, documentaries, games, reference websites...
Shaarli is a free & open-source software that can serve as a decentralized alternative to Facebook / Twitter.
It also helps me to easily retrieve links based on tags.
Think about leaving a comment on links you would like to exchange about !
-Lucas - (blog ludochaordic)
FreeBoardGames.org is a free and open-source board game platform. Enjoy free high-quality games on any device that can access the web. Study how the games are made, change them, and contribute back to the community!
...and many more
Codroïd-19 est un jeu pédagogique familial pour comprendre les mécanismes de la propagation du Covid-19 et tenter de le bloquer. Tout juste mis en ligne, il est totalement gratuit.
Disclaimer : j'ai donné un coup de main au projet sur la partie web 😉
A curated list of free/open source repositories to help with COVID19
So far:
The Software may not be used in applications and services that are used for or aid in the exploration, extraction, refinement, processing, or transportation of fossil fuels. The Software may not be used by companies that rely on fossil fuel extraction as their primary means of revenue. This includes but is not limited to the companies listed at https://climatestrike.software/blacklist
FROM: http://taint.org/2020/01/28/235803a.html
It made me think about Tobie Langel idea to forbid the use of software for activities against human rights:
https://chezsoi.org/lucas/blog/minutes-of-the-fosdem-2020-conference.html#sunday-1255-bringing-back-ethics-to-open-source---tobie-langel
So with that, I want to humbly challenge all of the programmers and members of the open source community to expand your thinking around inclusion and diversity. I proudly stand before you today as the representative of a demographic that most people don’t think about—formerly incarcerated people. But we exist, and we are eager to prove our value, and, above all else, we are looking to be accepted.
The video is on Youtube and is really a must-see.
Moving and fascinating:
The library was one of the most secure places at the prison.
The Open Source movement has always been focused on code. The result is a system that sadly neglects people. Many maintainers find themselves in a curious place. On one hand, we have people who regret seeing their code used for unethical purposes, but, because of the Open Source values they previously embraced, are unable to do anything except watch their code become weaponized. Others, perhaps not grasping that the gift economy has been usurped by more powerful forces, struggle to figure out how to make ends meet even as their labor creates immense value for others. We find ourselves in this position because the key Open Source values exacerbate an existing injustice: Because the OSI definition of Open Sources values the consumers of code over creators, Open Source helps concentrate power in the hands of already powerful actors at the expense of maintainers. I feel that not only could we do better, we have a moral imperative to find better development models.
Marble Marcher is entirely ray-traced in real time and is played on the surface of evolving fractals. The goal is to get your marble to the goal as quickly as possible. There are 15 unique levels to master.
This game is the result of a fractal physics engine I developed that allows fast collisions with fractals and other procedurally rendered objects. As far as I'm aware, it is the first game to ever use this technique.
itch.io & GitHub pages in video description
It is not an abstract resource that can be depleted when overused. It is not magically maintained if left alone. It is based on the work of people, and we should not erase those people.
FOSS IS FREE AS IN TOILET
Nobody believes that a free toilet will be magically cleaned up and maintained, somebody has to do it, and that person would better get paid for it. Sharing a toilet means that you flush, clean up after yourself, and always leave some paper, it’s basic manners. And yet, like toilets, as FOSS gets used by more and more people, it gets more likely that you will see obnoxious people that shit all over your commons and then complain about it. And nobody will want to take care of it.
Logiciel open source de sondages, comme solution SaaS ou comme Community Edition auto-hébergée.
A noter qu'il y a des efforts en cours de la communauté pour améliorer l'accessibilité:
I really don’t care about your personal carbon footprint. I mean, please do try to lower it, because that’s a good thing to do, but fussing and guilt-tripping over one’s individual contribution to climate change is neither an intellectually nor a morally serious response to a global systemic crisis.
When Michael Young, a British sociologist, coined the term meritocracy in 1958, it was in a dystopian satire. [...] Today, however, we’ve almost finished installing such a system, and we have embraced the idea of a meritocracy with few reservations, even treating it as virtuous. That can’t be right. Smart people should feel entitled to make the most of their gift. But they should not be permitted to reshape society so as to instate giftedness as a universal yardstick of human worth.
Trying to fix a profoundly anchored cultural way of thinking and acting with yet another manifesto (cache) restricted to tech and open source is being blind to what is happening at a larger scale.
I used to think Open Source was amazing. I've since come to realize just how awful it is.
My code is free — my time is not.
This page contains a collection of small computer programs which implement one-player puzzle games. All of them run natively on Unix (GTK), on Windows, and on Mac OS X. They can also be played on the web, as Java or Javascript applets.
It is all distributed under the MIT licence.
My improved fork: https://github.com/Lucas-C/wordfind
Alt in JS: http://jswordsearch.sourceforge.net
Alt in Ruby: https://github.com/jamis/wordsearch
Plateforme de sondage libre:
Docs: http://doc.pollen.cl
Source code: https://gitlab.nuiton.org/chorem/pollen
Awesome work, the editor + solver is fantastic to build you own puzzle !
My fork with minor improvements: https://github.com/Lucas-C/Nonogram/
Un site que je trouve bien pratique
Source code: https://github.com/timdream/wordcloud2.js
Alt:
This whole story is really sad, and a blow to the open source community.
The whole thing was brought to court in Texas : https://dockets.justia.com/docket/texas/txndce/4:2016cv00110/269823
Steven Jungels last words on this project : https://github.com/transcode-open/apt-cyg/blob/master/status.md
Interestingly, it was never even mentioned on the Cygwin mailing list:
https://sourceware.org/cgi-bin/search.cgi?cmd=Search!&fmt=long&form=extended&GroupBySite=no&m=all&ps=10&q=%22apt-cyg%22&sp=1&su=title&sy=1&type=&ul=/ml/%25&wf=2221&wm=wrd&s=DRP
Btw, I did not know that Cygwin was now founded by Red Hat.
There is a little bit of interesting history of the project on Wikipedia: https://en.wikipedia.org/wiki/Cygwin
Commits are still regularly made on the project:
https://cygwin.com/git/gitweb.cgi?p=newlib-cygwin.git
vendor-neutral open source library for metric collection and tracing. OpenCensus is built to add minimal overhead and be deployed fleet wide, especially for microservice-based architectures.
OpenCensus currently supports Prometheus, SignalFX, Stackdriver, Zipkin, Datadog, and Azure App Insights.
A single set of libraries for many languages, including Java, C++, Go, .Net, Python, PHP, Node.js, Erlang, and Ruby.
Si l’on reprend la description officielle : « La FLOSSCon ( Free/Libre/OpenSource Software Conference ) est un événement libre et non commercial organisé par l’association FLOSSITA ( FLOSS in the Alps ) pour des communautés et des utilisateurs de solutions logicielles libres et Open Source et ceux qui veulent les découvrir.