Search results for tag #opensource
![[?]](https://social.gamefan.net/system/accounts/avatars/116/450/677/342/166/464/original/4de7a562f86cf564.png)
iOS 27 Adds Landscape Mode to More Apple Apps Ahead of 'iPhone Ultra'
iOS 27 enables landscape mode in more of Apple's built-in iPhone apps, including Apple Music, Podcasts, Fitness, Health, Reminders, Home, Shortcuts, Apple Watch, Find My, Weather, Voice Memos, Apple TV Remote, and other…
https://www.macrumors.com/2026/06/12/ios-27-landscape-mode-apps/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #MacRumors [MacRumors]
Apple Cut Frequencies in WWDC Keynote to Prevent Siri Activations
Apple appears to have modified the audio of this week's WWDC 2026 keynote video whenever "Siri" was mentioned, apparently in an effort to prevent viewers' nearby devices from waking inadvertently during the presentation…
https://www.macrumors.com/2026/06/12/apple-cut-frequencies-to-prevent-siri-activations/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #MacRumors [MacRumors]
watchOS 27 Improves Apple Watch Performance in Seven Ways
Apple's software updates previewed during WWDC 2026 this week have followed a distinct pattern: introduce a handful of key new features, while maintaining a focus on refining the underlying platform architecture. watchO…
https://www.macrumors.com/2026/06/12/watchos-27-improves-apple-watch-performance/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #MacRumors [MacRumors]
iOS 27: All the New Health and Fitness Features
Apple was rumored to be working on an AI health service, but it was scrapped well before the iOS 27 beta came out. It could resurface in the future, but for now, there are a handful of health and fitness changes in the …
https://www.macrumors.com/guide/ios-27-health-app/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #MacRumors [MacRumors]
Apple's Craig Federighi: Siri Won't Be Your AI Girlfriend
Apple software engineering chief Craig Federighi and marketing chief Greg Joswiak sat down for an interview with Mostly Human after during WWDC, discussing the iOS 27 Siri changes, Apple's take on AI, new child safety p…
https://www.macrumors.com/2026/06/11/apple-siri-ai-interview/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #MacRumors [MacRumors]
Valve just imported 13 tons of VR headsets in one day
On June 10th, the German container ship Posen docked in Los Angeles after a two-week voyage from Shanghai. As Valve watcher Brad Lynch notes, it was almost certainly carrying the first mass production shipments of the S…
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]
What's New in the iOS 27 Photos App
The Photos app is one of a handful of apps that Apple paid extra attention to in iOS 27. It has multiple improvements to performance, and several quality-of-life upgrades. There are also new AI photo editing tools that …
https://www.macrumors.com/guide/ios-27-photos-app/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #MacRumors [MacRumors]
![[?]](https://files.mastodon.social/accounts/avatars/114/626/460/535/570/593/original/5a60224ddf2ccbcb.jpg)
Every code generation LLM model available will at some point suggest insecure code as a part of “code completion”. Should this behavior be considered a vulnerability?
#security #opensource #programming
https://sethmlarson.dev/are-insecure-code-completions-a-vulnerability
Nvidia preps to sell its Vera CPUs into China as its GPU sales stay frozen — customers encouraged to place orders for CPU shipments as early as August
Nvidia has told Chinese clients that its Arm-based Vera server CPUs could be available as soon as August.
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]
Amazon Prime Day
Amazon Prime Day
https://www.tomshardware.com/tag/prime-day
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]
![[?]](https://cdn.masto.host/mastodonart/accounts/avatars/111/676/341/074/924/781/original/6e61463f7538154f.jpg)
A quick opensource update - "minion" - my command line
journal software - now supports MacOS.
Thanks to a fix from the first contributor to the rebooted version on CodeBerg! Thank you!
Watching sports at home? I'd change these 4 soundbar settings for the most optimal audio
Some of your favorite soundbar settings for music and movies aren't compatible with live sports broadcasts.
https://www.zdnet.com/article/soundbar-settings-sports-tips/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #ZDNet [ZDNet]
Radeon RX 9070 XT finally appears in Steam Hardware Survey — RDNA 4 flagship surprisingly lands just behind RTX 5080
AMD’s Radeon RX 9070 XT graphics card has finally penetrated the Steam Survey video card results table, going straight in at position 25.
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]
Nvidia's high-speed AI data center storage servers break cover, touting 2.9 petabytes of storage and extreme PCIe 6.0 performance — Wiwynn shows off SC…
Wiwynn is among the first to demonstrate Nvidia SCADA server that promises to offer AI systems petabytes of ultra-fast storage thanks to GPU-accelerated storage acceleration.
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]
![[?]](https://autistics-life.s3.bhs.io.cloud.ovh.net/accounts/avatars/114/613/151/536/635/497/original/c49d9783b68a9905.jpg)
@autistics
Announcement: #Voxelibre multiplayer casual game tomorrow (Sat) for 4 hours in the late afternoon to evening (North America). That's in about 24 hours from now.
Voxelibre is a free and #OpenSource #Minecraft clone. More details here: https://docs.autis.toque.im/
Damage has been turned off. People with #Autism, #ADHD or #AuDHD are invited.
Republican lawmakers urge federal agency to block imports of infringing TSMC chips as patent ruling nears — five asserted U.S. patents come from United Microelectronics Corporation
Four Republican members of Congress have urged the U.S. ITC to block imports of foreign-made chips found to infringe U.S. patents
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]
Save $300 on Gigabyte's Gaming A16 gaming laptop at Walmart — Budget RTX 5060 -powered 16-inch laptop is now only $1,199
Save $300 on Gigabyte's Gaming A16 gaming laptop at Walmart. Budget RTX 5060 -powered 16-inch laptop is now only $1,199.
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]
![[?]](https://files.layer8.space/accounts/avatars/107/412/903/453/710/006/original/861518e8488066a9.png)
Running my own BizzFed instance - a federated, algorithm-free alternative to LinkedIn built on ActivityPub.
🔧 What I added to my fork:
SMTP relay (no Resend dependency)
Account migration wizard (Move activity)
Fixed language switcher (de/en/fr/es)
Fully translated feed UI
Instance: https://bizzfed.haxxors.com
Code: https://git.buechner.me/nbuechner/bizzfed
Thanks to René Hamdorf for the solid original BizzFed foundation!
Save a massive $751 on this RTX 5070 Ti gaming PC with a 9800X3D right now — liquid-cooled, 4K-ready Skytech rig with 32GB DDR5 and a 2TB SSD is now just $2,249
Save $750 on this Skytech gaming PC for gaming at 1440p and 4K, featuring a 9800X3D, RTX 5070 Ti, 32GB DDR5, and a 2 TB SSD.
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]
![[?]](https://stockage.framapiaf.org/framapiaf/accounts/avatars/000/009/747/original/708c4b20f7138b45.jpg)
Started a big one for @silex today
▶️ leaving GitHub for code hosting and CI/CD
First step: flattening our meta-repo architecture (git submodules) into a single monorepo, so we migrate one repo to Codeberg or @ow2 's gitlab
This work is funded by @nlnet 🇪🇺 and built in public: I'll toot the journey, the good and the ugly
If you are a Silex user, is it clear to you why GitHub is a problem for libre software?
Several police officers arrested for using controversial Flock AI license plate reader system to stalk romantic partners, says report — investig…
Tens of officers have been fired, and some even arrested, for abuse of the Flock license plate reader system used by police departments throughout the US, according to a new report.
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]
![[?]](https://social-heise-de.s3.de.io.cloud.ovh.net/accounts/avatars/112/881/119/160/228/266/original/baf7ad72ec92f728.jpg)
Murena /e/ OS 4.0: Android fork facilitates Google services switch
The French company Murena has released the Google-free Android fork /e/ OS 4.0.
#Android #Datenschutz #Fairphone #Google #IT #Linux #Migration #Mobiles #OpenSource #news
Are Facebook and Instagram down? What to know about the Meta outage
Even Messenger and WhatsApp appear to be impacted on Friday morning.
https://www.zdnet.com/article/is-facebook-instagram-messenger-whatsapp-down/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #ZDNet [ZDNet]
This single router antenna adjustment improved my internet speed more than I expected
Getting the best Wi-Fi performance requires strategic antenna positioning, proper router placement, and a bit of trial and error. Here's my advice.
https://www.zdnet.com/article/adjusting-router-antenna-fix-wi-fi-problems/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #ZDNet [ZDNet]
![[?]](https://media.mementomori.social/accounts/avatars/109/293/050/593/156/468/original/149d4fe6c4f85509.png)
I've received some questions about my algorithm experiments. First off, I'm building this mainly for myself, since I often don't have time to scroll through posts chronologically and just want the best and most important bits from my social media. It's opt-in and currently only an experiment in my fork.
How the "For you" ranked feed on mementomori.social actually works:
First, the ground rules. Again, "For you" is opt-in on our instance. If you never touch the toggle, your home feed stays exactly as it is: chronological, complete, and untouched. Nothing below applies to you. We never turn it on without your consent, and every setting is stored and controlled by you.
Where the posts come from. The feed ranks the newest ~800 posts and boosts from people you follow. If you also enable "Include posts from people you don't follow," trending posts on the instance get mixed in, roughly one in every four slots, and your scrolling can continue through the trending pool once your own feed runs out.
How a post is scored. Every post receives one score made of four parts multiplied together:
1. Engagement: boosts count 3x, replies 2x, favourites 1x.
For posts from other instances, we use counts from their home instance so federation doesn't undercount them.
2. Your affinity to the author: how often you've favourited, boosted, or replied to that person in the last 30 days.
It's logarithmic, the 5th interaction matters much more than the 50th, so no one can dominate your feed just because you liked them a lot once.
3. Time decay: a post loses half its score every 6 hours. Old posts fade no matter how popular they are.
4. A touch of randomness (±10%) so the order isn't fixed.
Freshness. Every post shown to you goes to the back of the line for 2 days. That's why refreshing gives you new posts instead of showing the same viral hit again and again, and why "Load more" always digs deeper instead of repeating.
Housekeeping rules: boosts show the original post. Your own posts and boosts never appear. Private mentions never appear. Brand-new posts wait 15 minutes before entering so they have a bit of time to gather reactions first.
What it does NOT do: There's no tracking beyond one thing: a list of post IDs already shown to you, which auto-deletes after 2 days. No reading your posts, no content analysis, no machine learning, and no profile built about you.
The weights above are the entire model, and your instance admin can adjust every number. Hopefully, if this project matures, you'll be able to adjust every weight yourself.
Code for the curious:
https://github.com/mementomori-social/mastodon/pull/4
Siri is good now??
You'd be forgiven for thinking this day would never come. Siri has spent a decade and half somewhere between "sort of useful at a few things" and "utterly disastrous, why did I even try, can it honestly not even set a t…
https://www.theverge.com/podcast/949079/siri-ai-good-vergecast
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]
![[?]](https://media.infosec.exchange/infosec.exchange/accounts/avatars/114/614/907/486/620/795/original/f2706694126a7cd8.png)
Everyone says they want to share wearable data with doctors — but almost nobody is doing it
We're all tracking our health data and keeping it completely to ourselves.
https://www.androidauthority.com/wearable-data-not-shared-with-doctors-3677183/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]
![[?]](https://social-heise-de.s3.de.io.cloud.ovh.net/accounts/avatars/109/722/110/464/209/207/original/8c6b0cc3354d3bc1.png)
Proxmox Mail Gateway 9.1 erleichtert Kampf gegen Spam und verschlüsselt Backups
Das neue Proxmox Mail Gateway will mehr Komfort beim Mail-Handling bieten und die Möglichkeit, ihre Backups zu verschlüsseln.
#Datenschutz #EMail #IT #Linux #OpenSource #PostgreSQL #Spam #Verschlüsselung #news
I held the Trump phone
Where's the Trump phone? We're going to keep talking about it every week. We've reached out, as usual, to ask about the Trump phone's whereabouts. We don't have the phones we preordered yet, but this week included an un…
https://www.theverge.com/tech/948464/trump-phone-t1-hands-on
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]
![[?]](https://minio.libranet.de/misskey-de/msky/cebe55ee-cda4-47df-bf34-a4f53dfdc4bd.png)
https://www.ebay.de/itm/117245434230
#ebay #ubuntu_phone #ubuntu #tab #ubuntu_mobile #linux #lenovotab @ubports@mastodon.social
![[?]](https://arint.info/system/accounts/avatars/116/093/043/699/009/736/original/117efb477be63b2c.png)
RT @Kimi_Moonshot: 🌘 Kimi-K2.7-Code, unser neuestes Coding-Modell, ist jetzt veröffentlicht und quelloffen verfügbar!
mehr auf Arint.info
#AIRelease #CodeModel #DeveloperTools #KimiAI #MachineLearning #OpenSource #arint_info
![[?]](https://lsbt.me/system/accounts/avatars/109/279/957/800/373/022/original/2d78270719f9925b.jpg)
FediSuite - Fediverse Management Platform
Open-source platform for social media management and analytics
If you manage several Fediverse accounts, you're constantly juggling browser tabs, losing track of which input field belongs to which platform, and at some point you no longer know what you've already posted. #FediSuite brings everything together in one place.
Connect accounts from 19(+) #Fediverse platforms: #Mastodon, #Pixelfed, #Misskey, #Friendica, #PeerTube, #Loops, #Wordpress, #Vernissage and more. The app detects your instance type automatically, loads the correct character limit and media rules straight from your instance, and sets up the composer accordingly. No manual configuration needed.
The analytics go way beyond plain follower counts: daily engagement charts, follower growth, your best posting times as a heatmap, hashtag performance, and a tips engine that evaluates your actual data and gives you concrete suggestions based on your own numbers.
Schedule posts down to the minute in your own time zone. Background workers handle publishing reliably, with resume handling for rate limits and atomic delivery.
FediSuite is free and #OpenSource under the GPL-3.0. Anyone can host their own FediSuite #instance and get it added to the official list automatically.
If you find a bug, especially in the #SelfHosting setup, feel free to report it. The project is being actively developed, and real-world bug reports are among the most valuable contributions right now. The CONTRIBUTING.md explains how it works.
The project lives on donations. Donations guarantee and make it possible for FediSuite to keep going and keep being developed. To support FediSuite, click the yellow button on the website.
More info: https://www.fedisuite.com
Summer Upgrade Week
The sun is out, the sky is clear. It’s time to get outside and disconnect — from work, at least. This summer, we’re looking at all the ways to upgrade our free time indoors and out, from smart lights for the backyard to…
https://www.theverge.com/tech/942658/summer-upgrade-week-2026
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]
![[?]](https://wiseowl.club/fileserver/01JFFAHP31XQ9DXGWR4M2QXFSP/attachment/original/01KJ14VMTQJVC6C32KE0PRJCQY.jpeg)
@AutisticInnovator I'm sorry to hear about all the difficulties! I hope you succeed despite all those nasty people.
I've had a lot of bots on my websites, and I set up Anubis on most of them. Anubis was a pain to configure (took a lot of tinkering to understand how it all worked)! But I'm grateful that is was #OpenSource
Attack wave on Arch Linux: hundreds of package descriptions with malware in AUR
Arch Linux defends itself against a wave of attacks that have massively contaminated package descriptions in the unofficial Arch User Repository with malware.
![[?]](https://media.infosec.exchange/infosec.exchange/accounts/avatars/114/227/755/996/640/989/original/d6c1c5fbb389d991.png)
Security Advisory: CVE-2025-52290 - NULL Pointer Dereference in FFmpeg H.264 Reorder Frame Handling
Processing a crafted media file with `ffmpeg` can trigger a segmentation fault in `avpriv_h264_has_num_reorder_frames()`, causing a denial of service.
Summary:
FFmpeg can crash while demuxing a malformed MPEG/MP4 input that causes H.264 data to be handled through a mismatched AAC `AVCodecContext`. In the observed crash path, the demuxing code reaches `has_decode_delay_been_guessed()` and calls `avpriv_h264_has_num_reorder_frames()` with an invalid or uninitialized H.264 parameter-set state. The function then dereferences `ps.sps` without sufficient validation and triggers a `SEGV` read in `libavcodec/h264dec.c:64`.
The issue is reproducible with the provided PoC media file and was observed in both a standard build and an AddressSanitizer build.
CWE:
CWE-476 - NULL Pointer Dereference
Affected Component:
```
libavcodec/h264dec.c:64
Function: avpriv_h264_has_num_reorder_frames()
libavformat/demux.c:757
Function: has_decode_delay_been_guessed()
```
Affected Product:
FFmpeg / ffmpeg command-line media processing tool.
Affected Version:
The issue was reproduced on FFmpeg version `N-119856-gbe46370941` and commit:
```
be46370941405fb04402d96373a53e2a1846f3ac
```
The local environment notes also reference a tested FFmpeg commit:
```
52441bd4cd0e85bf007473bd2eada2b2083aacf5
```
Attack Conditions:
An attacker supplies a specially crafted media file to a workflow that invokes FFmpeg on attacker-controlled input. This can be a local batch/transcoding workflow, or a network-facing media-processing service that accepts uploads and processes them with FFmpeg.
The crash can be reproduced with:
```
./ffmpeg -i ./1_poc.mp4 -f null
```
No elevated privileges are required. User interaction depends on the deployment model: interactive use requires a user to process the malicious file, while automated upload/transcoding services may trigger the crash without direct user interaction.
Impact:
The observed impact is denial of service due to abnormal process termination. AddressSanitizer reports a `SEGV` caused by a read memory access in:
```
avpriv_h264_has_num_reorder_frames libavcodec/h264dec.c:64:17
```
The prepared materials at the CVE request also note the potential impact on code execution, however, I have not demonstrated any control flow hacking or an exploit to execute working code.
References
- Issue/(+ primary email-report): https://github.com/sigdevel/pocs/blob/main/res/FFmpeg/ffmpeg/1/1_libavcodec_h264dec.c.64_17.md
- PoC: https://github.com/sigdevel/pocs/blob/main/res/FFmpeg/ffmpeg/1/1_poc.mp4
Credits
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #ffmpeg
Security Advisory: CVE-2025-55648 - Heap Buffer Overflow in GPAC MP4Box Opus Packet Parser
Processing a crafted MP4 file containing corrupted Opus sample-size data with `MP4Box` can trigger a heap buffer overflow in `gf_opus_parse_packet_header()`, causing a crash and potential memory corruption impact.
Summary:
The `gf_opus_parse_packet_header()` function in `media_tools/av_parsers.c` does not sufficiently validate the input buffer length before parsing Opus packet headers. When MP4Box processes a crafted MP4 file with corrupted sample-size (`stsz`) data, the parser reads beyond the bounds of a heap-allocated sample buffer.
AddressSanitizer reports a `heap-buffer-overflow` at `media_tools/av_parsers.c:11297`, with a `READ of size 1` 1242 bytes past a 32-byte heap region allocated by `Media_GetSample()`.
CWE:
CWE-122 - Heap-based Buffer Overflow
Affected Component:
```
media_tools/av_parsers.c:11297
Function: gf_opus_parse_packet_header()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
61bbfd2e89553373ba3449b8ec05b5f098d732a5
```
Attack Conditions:
An attacker supplies a crafted MP4 file containing corrupted Opus sample-size (`stsz`) data. The issue can be reproduced locally with:
```
./MP4Box 12_poc.mp4 -dxml
```
No elevated privileges are required. The CVE text describes the attack as network/context-dependent because attacker-controlled media may be processed by MP4Box in automated workflows; manual processing also triggers the issue.
Impact:
The immediate observed impact is Denial of Service due to process termination. Because the bug reads beyond a heap allocation, information disclosure may be possible. The local MITRE data also notes potential arbitrary code execution risk, though the observed ASAN trace is an out-of-bounds read.
Fix / mitigation status:
The local CVE/MITRE data references GPAC fix commit:
```
cea49f684dbc4d53ecd6c76a9623838802a68d88
```
Users should update to a GPAC build containing this commit or later. The affected Opus parser should validate sample buffer length and `stsz`-derived packet sizes before reading packet header fields.
References:
- Issue: https://github.com/gpac/gpac/issues/3190
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/12/12_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/cea49f684dbc4d53ecd6c76a9623838802a68d88
Credit:
@sigdevel (Alexander A. Shvedov)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
Security Advisory: CVE-2025-55642 - Divide by Zero in GPAC MP4Box AVI Demuxer
Processing a crafted AVI-like media file with `MP4Box` can trigger a division by zero in `avidmx_process()`, causing a floating-point exception and Denial of Service.
Summary:
The `avidmx_process()` function in `filters/dmx_avi.c` does not sufficiently validate frame-count metadata before using it as a divisor during bitrate computation. When MP4Box processes a specially crafted input with invalid AVI frame metadata, such as a `0/256` frame declaration, the DASH processing path attempts to compute bitrate from the bitstream and divides by zero.
AddressSanitizer reports an `FPE` at `filters/dmx_avi.c:639`.
CWE:
CWE-369 - Divide by Zero
Affected Component:
```
filters/dmx_avi.c:639
Function: avidmx_process()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
GPAC MP4Box v2.4 is affected according to the CVE request data. The issue was reproduced on a GPAC build at commit:
```
f87b30611380e4dcd03cd4dd9ac553c0ec336826
```
Builds before the fix commit `cea49f684dbc4d53ecd6c76a9623838802a68d88` should be considered affected if they contain the vulnerable AVI demuxer bitrate computation path.
Attack Conditions:
An attacker supplies a crafted AVI-like media file with invalid frame metadata. The issue is triggered while processing the file through MP4Box DASH segmentation, for example with a `-dash` command using `14_poc.mp4`.
No elevated privileges are required. User interaction is required when the victim manually processes the malicious media file, or an automated workflow invokes MP4Box on attacker-controlled input.
Impact:
The immediate observed impact is Denial of Service due to an uncaught floating-point exception and process termination. No evidence of arbitrary code execution was observed.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
cea49f684dbc4d53ecd6c76a9623838802a68d88
```
Users should update to a GPAC build containing this commit or later. The affected code should validate `num_frames` and related AVI metadata before using frame counts in bitrate calculations.
References:
- Issue: https://github.com/gpac/gpac/issues/3196
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/14/14_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/cea49f684dbc4d53ecd6c76a9623838802a68d88
Credit:
@sigdevel (Alexander A. Shvedov)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
Security Advisory: CVE-2025-55644 - Use-After-Free in GPAC MP4Box
Processing a crafted MP4 file with invalid BIFS GlobalQuantizer commands causes gf_node_get_tag() to access a freed 192-byte QuantizationParameter node at scenegraph/base_scenegraph.c:1263, resulting in a heap use-after-free and crash.
Summary:
During MPEG-4 BIFS scene decoding, BM_ParseGlobalQuantizer() in bifs/memory_decoder.c first calls gf_node_unregister() at line 176 to release a QuantizationParameter node, freeing the 192-byte heap region. Without clearing the stale pointer, the function then calls gf_node_get_tag() on the same address at line 181, performing a READ of 8 bytes at offset 0 into the freed region. A crafted MP4 containing invalid GlobalQuantizer BIFS commands, corrupted ODF descriptors, and malformed box types (PEC1808, fre) reliably triggers this free-then-use sequence through the -svg dump path.
CWE:
CWE-416 - Use After Free
Affected Component:
```
scenegraph/base_scenegraph.c:1263
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
MP4Box 2.4 and earlier; tested at commit f5b7cdc63a7f3269040778c5431a8f6c310bc9f3
Attack Conditions:
An attacker supplies a locally accessible crafted MP4 file embedding invalid BIFS scene data. The victim runs MP4Box -svg on the file to trigger BIFS scene parsing. No elevated privileges are required.
Impact:
The use-after-free causes a fatal crash (Denial of Service). Use-after-free vulnerabilities can allow attackers to control freed heap memory contents and potentially redirect execution flow; code execution cannot be excluded.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
63eccc33d4a2b731ebb31581ff5673a2c0b13ad4
```
Users should update to a GPAC build containing this commit or later.
References:
- Issue: https://github.com/gpac/gpac/issues/3246
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/20/20_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/63eccc33d4a2b731ebb31581ff5673a2c0b13ad4
Credit:
@sigdevel (Alexander A. Shvedov)
#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
Security Advisory: CVE-2025-55652 - Heap Buffer Overflow in GPAC MP4Box VP Configuration Handling
Processing a crafted MP4 file with malformed VP codec configuration data can trigger a heap buffer overflow in `gf_isom_vp_config_new()`, causing a crash and potential memory corruption.
Summary:
The `gf_isom_vp_config_new()` function in `isomedia/avc_ext.c` does not sufficiently validate buffer boundaries when creating VP codec configuration boxes. A crafted MP4 file with malformed VP codec data, including unknown box types such as `D0ncv` in `stsd`, can cause MP4Box to allocate an undersized box structure and then write VP/NALU configuration data beyond the allocation.
CWE:
CWE-122 - Heap-based Buffer Overflow
Affected Component:
```
isomedia/avc_ext.c:1962
Function: gf_isom_vp_config_new()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
74fecde32cd477ab097f3e6db55a32b259f3313d
```
Builds before the fix commit `ad3b541b4f38c8f0ef67544509598f8207ea1207` should be considered affected if they contain the vulnerable VP configuration allocation/write path.
Attack Conditions:
An attacker supplies a crafted MP4 file containing malformed VP codec configuration data. The issue can be reproduced locally with:
```
./MP4Box -dash 10000 ./18_poc.mp4
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious MP4 file, or an automated media workflow invokes MP4Box on attacker-controlled input.
Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is an out-of-bounds heap write, memory corruption and potential arbitrary code execution cannot be ruled out.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
ad3b541b4f38c8f0ef67544509598f8207ea1207
```
References:
- CVE: https://www.cve.org/CVERecord?id=CVE-2025-55652
- Issue: https://github.com/gpac/gpac/issues/3242
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/18/18_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/ad3b541b4f38c8f0ef67544509598f8207ea1207
Credit:
@sigdevel (Alexander A. Shvedov)
#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
Security Advisory: CVE-2025-55643 - NULL Pointer Dereference in GPAC MP4Box TrackWriter Handling
Processing a crafted MP4 file during DASH segmentation can trigger a NULL pointer dereference in MP4Box TrackWriter handling, causing a Denial of Service.
Summary:
The DASH fragmentation path in `filters/mux_isom.c` does not sufficiently validate a `TrackWriter` pointer before accessing its members. A crafted MP4 file with malformed metadata boxes can cause the PID-to-track setup to fail, leaving the `TrackWriter` pointer NULL. The muxer then performs member access through the NULL pointer.
CWE:
CWE-476 - NULL Pointer Dereference
Affected Component:
```
filters/mux_isom.c:6621
Function/path: TrackWriter handling during fragmented MP4 muxing
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE data. The issue was reproduced on a GPAC build at commit:
```
74fecde32cd477ab097f3e6db55a32b259f3313d
```
Builds before the fix commit `ad3b541b4f38c8f0ef67544509598f8207ea1207` should be considered affected if they contain the vulnerable TrackWriter handling path.
Attack Conditions:
An attacker supplies a crafted MP4 file containing malformed metadata boxes, including malformed `mvcC` / `stsz` data. The issue can be reproduced locally with:
```
./MP4Box -dash 10000 ./17_poc.mp4
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious MP4 file, or an automated media workflow invokes MP4Box on attacker-controlled input.
Impact:
The immediate observed impact is Denial of Service due to process termination. No evidence of arbitrary code execution was observed.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
ad3b541b4f38c8f0ef67544509598f8207ea1207
```
Users should update to a GPAC build containing this commit or later. The affected muxing path should validate `TrackWriter` before member access and fail cleanly when track initialization fails.
References:
- Issue: https://github.com/gpac/gpac/issues/3240
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/17/17_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/ad3b541b4f38c8f0ef67544509598f8207ea1207
Credit
@sigdevel (Alexander A. Shvedov)
#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
![[?]](https://social-heise-de.s3.de.io.cloud.ovh.net/accounts/avatars/109/722/135/333/484/268/original/4c7e67433f6e2701.png)
Angriffswelle auf Arch Linux: Hunderte Paketbeschreibungen mit Malware im AUR
Arch Linux wehrt sich gegen eine Angriffswelle, die massenweise Paketbeschreibungen im inoffiziellen Arch User Repository mit Malware verseucht hat.
Security Advisory: CVE-2025-55641 - NULL Pointer Dereference in GPAC MP4Box Sample Info Copy
Processing a crafted MP4 file with corrupted Sample Auxiliary Information metadata can trigger a NULL pointer dereference in `gf_isom_copy_sample_info()`, causing a Denial of Service and potential memory corruption impact.
Summary:
The `gf_isom_copy_sample_info()` function in `isomedia/isom_write.c` does not sufficiently validate pointers after handling invalid Sample Auxiliary Information (SAI) metadata. A crafted MP4 file can provide corrupted SAI values, such as an invalid `sai_samples` count, causing memory allocation or merge handling to fail. The import path later attempts to copy sample information from a NULL pointer.
AddressSanitizer reports a `SEGV` caused by a `READ` memory access at address `0x000000000000`, with the crash occurring at `isomedia/isom_write.c:8164`.
CWE:
CWE-476 - NULL Pointer Dereference
Affected Component:
```
isomedia/isom_write.c:8164
Function: gf_isom_copy_sample_info()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
f87b30611380e4dcd03cd4dd9ac553c0ec336826
```
Attack Conditions:
An attacker supplies a crafted MP4 file containing corrupted SAI metadata. The issue can be reproduced locally with:
```
./MP4Box -add 13_poc.mp4 -new /dev/null -split-size 500
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious MP4 file, or an automated media workflow invokes MP4Box on attacker-controlled input.
Impact:
The immediate observed impact is Denial of Service due to process termination. The local CVE/MITRE data also marks potential code execution impact; the observed ASAN trace is a NULL pointer read.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
e38d24b7e3cbdc24e70f0437bf390ac3f2080b52
```
Users should update to a GPAC build containing this commit or later. The affected code should validate SAI metadata, allocation results, and sample-info pointers before copying sample information.
References:
- CVE: https://www.cve.org/CVERecord?id=CVE-2025-55641
- Issue: https://github.com/gpac/gpac/issues/3195
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/13/13_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/e38d24b7e3cbdc24e70f0437bf390ac3f2080b52
Credit:
@sigdevel (Alexander A. Shvedov)
#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
Security Advisory: CVE-2025-55649 - NULL Pointer Dereference in GPAC MP4Box ESD Mapping
Processing a crafted MP4 file with corrupted Elementary Stream Descriptor data can trigger a NULL pointer dereference in `gf_media_map_esd()`, causing a Denial of Service.
Summary:
The `gf_media_map_esd()` function in `media_tools/isom_tools.c` does not verify that `esd->URLString` is non-NULL before passing it to `strlen()`. When MP4Box processes a crafted MP4 file containing corrupted ESD data during fragmentation setup, `URLString` can be NULL and the process crashes while reading from address `0x000000000000`.
AddressSanitizer reports a `SEGV` in `strlen()`, with the GPAC call site at `media_tools/isom_tools.c:1359`.
CWE:
CWE-476 - NULL Pointer Dereference
Affected Component:
```
media_tools/isom_tools.c:1359
Function: gf_media_map_esd()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
09e7063ed0a13b4cee9a180a56dcc21e9f9ade07
```
Attack Conditions:
An attacker supplies a crafted MP4 file containing corrupted ESD data. The issue can be reproduced locally with:
```
./MP4Box -frag 1500 11_poc.mp4
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious MP4 file, or an automated workflow invokes MP4Box on attacker-controlled media.
Impact:
The immediate observed impact is Denial of Service due to process termination. The crash is a NULL pointer dereference on the zero page; no evidence of arbitrary code execution was observed.
Fix / mitigation status:
The local CVE/MITRE data references GPAC fix commit:
```
10c16d54659b1b82dd49573dfeacfa9a5627a115
```
Users should update to a GPAC build containing this commit or later. The affected code should validate `esd`, `esd->URLString`, and related ESD fields before string operations.
References:
- Issue: https://github.com/gpac/gpac/issues/3183
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/11/11_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/10c16d54659b1b82dd49573dfeacfa9a5627a115
Credit:
@sigdevel (Alexander A. Shvedov)
#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
You can now beat ChatGPT Codex rate limits, if you have friends
OpenAI launches a new (temporary) referral system that rewards you and a friend with bankable rate limit resets.
https://www.androidauthority.com/openai-chatgpt-codex-rate-limit-resets-referral-program-3677035/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]
Homebrew 6.0 sichert Paketquellen ab
Homebrew 6.0 ist da: Externe Paketquellen müssen sich künftig als vertrauenswürdig erweisen. Dazu gibt es eine Linux-Sandbox und eine schnellere Standard-API.
#IT #Linux #macOS #OpenSource #Security #Softwareentwicklung #news
![[?]](https://pxscdn.com/cache/avatars/1917/avatar_ia7xkd6.jpg){kind=avatar}
Mein Desktop unter Fedora 44 Gnome 50.2 die Nutzung von Linux und Open Source Software mit entsprechenden Messengern und Mail Anwendungen und ohne Google / Microsoft / Apple und mit KI dann wenn ich sie haben möchte ist und bleibt einfach eine bessere und auch Nachhaltigerer und vor allem Selbst bestimmender Umgang mit Informationstechnologie.
Bild Bearbeitung ist mit den zur Verfügung stehen Tools unter Linux gar kein Problem funzt viel schneller als unter Windows
#darktable #gimp #shotwell
#DailyDesktop
#ShareYourDesktop
#UnixPorn
#mywork
#duisburg
#fedora44 #gnulinux #Linux #mydesktop #opensource #fedora #libreoffice #fairphone4 #murenacloud #evolution #digitaleselbstbestimmung #onlyoffice #digitaleselbstverteidigung #digitalenachhaltigkeit #signal #telegram #Verschlüsselung #openpgp #rkhunter #lynis #firewall
Alt...
Zu sehen ist mein Fedora Linux Desktop mit einem von mir in Düssseldorf Angermund Aufgenommen Bild von Kornblumen und Magarieten am wegesrand vor einem Kornfeld was noch grün ist.
![[?]](https://social-heise-de.s3.de.io.cloud.ovh.net/accounts/avatars/109/720/732/052/060/290/original/663188955d7f0401.png)
Murena /e/ OS 4.0: Android-Fork soll Umstieg von Google-Diensten erleichtern
Das französische Unternehmen Murena hat den Google-freien Android-Fork /e/ OS 4.0 veröffentlicht.
#Android #Datenschutz #Fairphone #Google #IT #Linux #Migration #Mobiles #OpenSource #news
Spotify’s hated disco ball icon is finally gone for good
Spotify's latest iOS update quietly ended a month of disco-themed misery.
https://www.androidauthority.com/spotify-disco-ball-icon-gone-3677022/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]
![[?]](https://files.mastodon.social/accounts/avatars/111/685/046/419/146/552/original/3b74d5830c326914.png)
Aus dem Linux-Magazin 07/2026 (geschrieben von @veit und mir):
Wie LLM-Agenten Open-Source-Projekte gefährden
https://www.linux-magazin.de/ausgaben/2026/07/gefahr-durch-llms/
Danke an das Murena Team auch e/os auf dem Fairphone sieht in Version 4.0 ganz Schick aus.
#linux #opensource #murena #digitaleselbstbestimmung #nobigtech
AAPL Stock Slides Following WWDC, But Analysts Broadly Raise Targets
Apple shares have lost roughly $25 per share this week following the company's WWDC 2026 keynote, though a wave of upward analyst price target revisions suggests Wall Street's longer-term view of Apple remains construct…
https://www.macrumors.com/2026/06/11/aapl-stock-slides-following-wwdc/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #MacRumors [MacRumors]
Apple Agrees to Let Jon Prosser Formally Contest iOS 26 Leak Lawsuit
Apple and leaker Jon Prosser have jointly asked a federal court to set aside the default judgment entered against him last October, with Prosser agreeing to hand over documents he had thus far failed to fully produce. A…
https://www.macrumors.com/2026/06/11/apple-agrees-to-let-jon-prosser-contest-lawsuit/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #MacRumors [MacRumors]
Siri won’t be your AI girlfriend
‘Listen, that's not what I'm here for, right?' | Image: Apple Our early testing has already shown that Siri AI knows when to shut up, and that's very much by design. In an interview with Mostly Human, Craig Federighi sa…
https://www.theverge.com/tech/948890/siri-wont-be-your-ai-girlfriend
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]
Telegram’s Wear OS app makes a comeback, now with full chats, voice notes, and more
Telegram finally fits on your wrist properly.
https://www.androidauthority.com/telegram-wear-os-return-3677006/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]
Touchscreen MacBook '100% Confirmed,' Says Reputable Leaker
Apple's first touchscreen MacBook is now "100% confirmed," according to the prolific Chinese leaker known as Instant Digital, who appears to have insider information from sources in the supply chain. The leaker made the…
https://www.macrumors.com/2026/06/11/touchscreen-macbook-confirmed-leaker/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #MacRumors [MacRumors]
![[?]](https://media.infosec.exchange/infosec.exchange/accounts/avatars/116/392/396/162/876/923/original/118cd3a17bd3317e.png)
The End of uBlock Origin in Chrome: What's Really Changing and What to Do About It
In early June 2026, it was confirmed that Chrome was also losing its last technical capabilities that had kept…
Asahi Linux warns against upgrading to macOS 27 “Golden Gate”
Users of Asahi Linux should not update to the beta version of macOS 27 “Golden Gate,” the project currently warns.
Asahi Linux warnt vor Upgrade auf macOS 27 „Golden Gate“
Nutzer von Asahi Linux sollen nicht auf die Beta-Version macOS 27 „Golden Gate“ aktualisieren, warnt das Projekt aktuell.
The Galaxy Z Fold 7 is finally getting the S26’s Galaxy AI features
Samsung's foldable phones are now getting S26-exclusive Galaxy AI features.
https://www.androidauthority.com/galaxy-z-fold-7-one-ui-update-ai-features-3676999/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]
WWDC 2026 Keynote Marked a Major Departure From Previous Years
Apple's WWDC 2026 keynote broke from a longstanding format tradition, abandoning the platform-by-platform structure that has defined the annual developer conference for years in favor of a theme-driven presentation. Pre…
https://www.macrumors.com/2026/06/11/wwdc-2026-keynote-major-departure/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #MacRumors [MacRumors]
Apple Maps to Get These 10 New Features in iOS 27
Apple Maps is getting a range of new features in iOS 27, headlined by an upgraded Flyover experience that uses AI to improve the realism and detail of its aerial imagery. Flyover is a longstanding feature of Apple Maps…
https://www.macrumors.com/2026/06/11/apple-maps-to-get-these-10-new-features-in-ios-27/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #MacRumors [MacRumors]
OpenAI bans China-linked ChatGPT accounts that amplified US data center electricity price backlash — used AI-generated cartoons to st…
OpenAI says it has banned two clusters of ChatGPT accounts it believes are operating from China, and that used its models for covert influence campaigns targeting U.S. tech and policy debates.
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]
@delta Thanks for making a consistent client experience on all platforms. The #iPadOs client is great, and this despite the #Apple ecosystem being quite an awkward fit to #OpenSource projects.
Memory famine compels GPU vendors to re-release 2020 graphics cards — GeForce RTX 3060 and GeForce RTX 3050 return to Asian market
Graphics card manufacturer Manli adds new GeForce RTX 3060 and GeForce RTX 3050 SKUs to its portfolio.
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]
RT @RyanLeeMiniMax: Hallo zusammen — unsere Hochleistungs-MSA-Kernbibliothek ist jetzt Open-Source. Die M3-Gewichte werden voraussichtlich diesen Freitag veröffentlicht. Vielen Dank für eure Geduld! Github: https://github.com/MiniMax-AI/MSA Paper: https://github.com/MiniMax-AI/MSA/blob/main/docs/MiniMaxSparseAttention.pdf
mehr auf Arint.info
#AI #DeepLearning #MachineLearning #MiniMax #MSA #OpenSource #arint_info
After spat with Chinese gov't, Meta cuts AI Manus off from its internal systems and is 'sunsetting' platform, report claims — Beijing-ordered breakup of $2 billion AI deal begins
Meta has finished separating its operations from Manus, the Chinese-founded agentic AI startup it acquired for roughly $2 billion in December.
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]
Watching the World Cup online is easier with these VPN deals — deals for watching the FIFA World Cup 2026
A choice of VPN subscriptions to cover you over the FIFA World Cup 2026 and beyond. Stay safe online for less.
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]
Massive 8TB SD cards are set to ship 'shortly' after a two-year delay — mind-blowing storage at possibly bank-breaking prices
Notebookcheck reports that 8TB SD cards will soon hit the retail market, although an exact launch date and pricing remain a mystery.
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]
Louis Rossmann is suing Samsung after firm offers $330 refund for defective SSD while selling the drives on Amazon for $949 — spat over 4TB 990 Pro SSD is headed to court
Right to Repair activist Louis Rossman threatens to sue Samsung after the SSD maker failed to replace his dead 990 Pro 4TB SSD under warranty.
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]
Deezer Launches AI Music Detector for Apple Music, Spotify, and More
French music platform Deezer has launched a free online tool that can detect AI-generated tracks in Apple Music playlists, as well as playlists created on other streaming platforms. "No other company has followed our le…
https://www.macrumors.com/2026/06/11/deezer-launches-ai-music-detector/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #MacRumors [MacRumors]
10 useful smart home gadgets that make life so much easier (and are affordable)
After testing hundreds of smart home devices, I rounded up the best options to get started with your smart home without breaking the bank.
https://www.zdnet.com/article/smart-home-on-a-budget-2026/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #ZDNet [ZDNet]
![[?]](https://cdn.fosstodon.org/accounts/avatars/000/110/088/original/4da529e121b6a01d.png)
Episode 1 in a series by Swissinfo.
"Switzerland wants digital sovereignty, but can it really distance itself from Big Tech? Two Swissinfo journalists tried cutting ties with US tech giants. Here’s what happened."
CVE-2025-55650 - Heap Use-After-Free in GPAC MP4Box SVG Node Handling
Summary
Processing a crafted MP4 file with `MP4Box -svg` can trigger a heap use-after-free in `gf_svg_node_del()`, causing a crash and possible memory corruption.
The `gf_svg_node_del()` function in `scenegraph/svg_types.c` does not ensure that freed SVG node memory is not accessed again during scene graph cleanup. When MP4Box parses a crafted MP4 file through the MPEG-4 LASeR/SVG scene dump path, an SVG node is freed and then dereferenced again.
AddressSanitizer reports a heap-use-after-free at `scenegraph/svg_types.c:107`, with a `READ of size 8` from a 24-byte heap region that was previously freed in `gf_svg_node_del()` at `scenegraph/svg_types.c:126` and allocated by `gf_svg_create_node()` at `scenegraph/svg_types.c:65`.
Affected Component
`scenegraph/svg_types.c:107`
Function: `gf_svg_node_del()`
Affected Product
MP4Box (GPAC Multimedia Open Source Project)
Affected Version
GPAC MP4Box v2.4.
The issue was reproduced on a GPAC build at commit `46be5f928660530d5332cd2f1d177208737558ef`.
Attack Conditions
An attacker supplies a crafted MP4 file that reaches the SVG/LASeR scene parsing path. The issue can be reproduced with:
```
./MP4Box -svg 10_poc.mp4
```
No elevated privileges are required. User interaction is required when a victim manually processes the malicious MP4 file; automated workflows that invoke MP4Box on attacker-controlled media may also trigger the issue.
Impact
The observed impact is denial of service due to process termination. Because the vulnerability is a heap use-after-free, memory corruption and potential arbitrary code execution cannot be ruled out.
CWE
CWE-416 - Use After Free
Fix
The issue was fixed in GPAC commit `6be6f62e2a079ebccf3a9e57c27787fd16e645de`.
Users should update to a GPAC build containing this commit or later. The affected scene graph cleanup code should prevent use of freed SVG nodes and ensure node lifetime and registration state are handled consistently during scene reset and deletion.
References
- Issue: https://github.com/gpac/gpac/issues/3162
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/10/10_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/6be6f62e2a079ebccf3a9e57c27787fd16e645de
Credits
@sigdevel (Alexander A. Shvedov)
#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
CVE-2025-55661 - Heap Buffer Overflow in GPAC MP4Box Opus Header Parser
Summary:
Processing a crafted MP4 file containing malformed Opus audio packets with MP4Box can trigger a heap buffer overflow in `gf_opus_parse_packet_header()`, causing a crash and possible information disclosure from an out-of-bounds heap read.
The `gf_opus_parse_packet_header()` function in `media_tools/av_parsers.c` does not sufficiently validate the input buffer size before reading Opus packet header fields. When MP4Box parses crafted Opus audio packet data, the parser reads one byte beyond the end of a heap-allocated sample buffer.
AddressSanitizer reports a heap-buffer-overflow at `media_tools/av_parsers.c:11326`, with a `READ of size 1` immediately after a 3-byte heap region allocated by `Media_GetSample()`.
Affected Component:
`media_tools/av_parsers.c:11326`
Function: `gf_opus_parse_packet_header()`
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
GPAC MP4Box v2.4
The issue was reproduced on a GPAC build at commit `ff8249a407685d00ceb5f4d2a798b9cad195140e`.
Attack Conditions:
An attacker supplies a crafted MP4 file containing malformed Opus audio packet data, such as an invalid TOC code 3 length. The issue can be reproduced with:
```
./MP4Box 9_poc.mp4 -dxml -out /dev/null
```
No elevated privileges are required. The attack is context-dependent because attacker-controlled media may be processed by MP4Box in automated workflows; manual processing also triggers the issue.
Impact:
The observed impact is denial of service due to process termination. Because the bug reads beyond a heap allocation, adjacent heap memory disclosure may also be possible.
CWE:
CWE-122 - Heap-based Buffer Overflow
Fix:
The issue was fixed in GPAC commit `d523e7190ccdcf2c13a698080f4f30dc933bd34c`.
Users should update to a GPAC build containing this commit or later. The affected Opus parser should validate the sample buffer length before reading TOC and packet header fields.
References:
- Issue: https://github.com/gpac/gpac/issues/3160
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/9/9_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/d523e7190ccdcf2c13a698080f4f30dc933bd34c
Credits:
@sigdevel (Alexander A. Shvedov)
#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
Security Advisory: CVE-2025-55663 - NULL Pointer Dereference in GPAC MP4Box Track Descriptor Handling
Summary:
Processing a crafted MP4 file containing an unsupported box type with `MP4Box` can trigger a NULL or invalid pointer dereference in `Track_SetStreamDescriptor()`, causing a Denial of Service.
The `Track_SetStreamDescriptor()` function in `isomedia/track.c` mishandles sample entry pointers when importing malformed MP4 files containing an unknown `svcC` box inside an `av01` parent box. The unsupported box path can leave the relevant sample entry pointer uninitialized or invalid, and the import/update path later dereferences it.
AddressSanitizer reports a `SEGV` caused by a `READ` memory access at `isomedia/track.c:1677`.
CWE:
CWE-476 - NULL Pointer Dereference
Affected Component:
```
isomedia/track.c:1677
Function: Track_SetStreamDescriptor()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
15a4ac2dff38cdbb8b43e7c84fb1595ee80d81ac
```
Attack Conditions:
An attacker supplies a crafted MP4 file containing an unsupported `svcC` box inside an `av01` parent box. The issue can be reproduced locally with:
```
./MP4Box -add 8_poc.mp4 -new /dev/null -ab 1024
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious MP4 file, or an automated workflow invokes MP4Box on attacker-controlled media.
Impact:
The immediate observed impact is Denial of Service due to process termination. The local MITRE data notes potential code execution risk; the observed trace shows an invalid read and segmentation fault.
Fix:
The issue was fixed in GPAC commit:
```
78c2c9be29a41b38eca2c53d280442088a71dab9
```
Users should update to a GPAC build containing this commit or later. The affected code should validate sample entry pointers and unsupported box handling before changing stream descriptors or importing media configuration.
References
- Issue: https://github.com/gpac/gpac/issues/3143
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/8/8_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/78c2c9be29a41b38eca2c53d280442088a71dab9
Credits
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
Security Advisory: CVE-2025-55660 - Stack-based Buffer Overflow in GPAC MP4Box Opus Parser
Summary:
Processing a crafted MP4 file containing malformed Opus audio packets with `MP4Box` can trigger a stack-based buffer overflow in `gf_opus_read_length()`, causing a crash and potential memory corruption.
The `gf_opus_read_length()` function in `media_tools/av_parsers.c` does not sufficiently validate Opus packet sizes before writing packet length information. When MP4Box parses a crafted MP4 file containing malformed non-self-delimited Opus packet data, the parser can write two bytes beyond the bounds of a stack object used by the Opus inspection path.
AddressSanitizer reports a `stack-buffer-overflow` at `media_tools/av_parsers.c:11140`, with a `WRITE of size 2` overflowing the `pckh` stack object in `gf_inspect_dump_opus_internal()`.
CWE:
CWE-121 - Stack-based Buffer Overflow
Affected Component:
```
media_tools/av_parsers.c:11140
Function: gf_opus_read_length()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
ff8249a407685d00ceb5f4d2a798b9cad195140e
```
Attack Conditions:
An attacker supplies a crafted MP4 file containing malformed Opus audio packets, such as a non-self-delimited Opus packet with an invalid odd length. The issue can be reproduced locally with:
```
./MP4Box -add 7_poc.mp4 -dxml -out /dev/null
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious MP4 file, or an automated workflow invokes MP4Box on attacker-controlled media.
Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is a stack-based buffer overflow with attacker-controlled media input, memory corruption and potential arbitrary code execution cannot be ruled out.
Fix:
The issue was fixed in GPAC commit:
```
d523e7190ccdcf2c13a698080f4f30dc933bd34c
```
Users should update to a GPAC build containing this commit or later. The affected Opus parsing code should validate packet sizes and frame-length constraints before writing length fields into packet header structures.
References:
- Issue: https://github.com/gpac/gpac/issues/3161
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/7/7_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/d523e7190ccdcf2c13a698080f4f30dc933bd34c
Credits:
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
Euro-Office 1.0 arrives to open-source infighting: 'Compatibility is not sovereignty'
The new cloud-based, open-source alternative to Microsoft 365 and Google Workspace is here, as LibreOffice backers lambast its reliance on Microsoft document formats.
https://www.zdnet.com/article/euro-office-is-here-libreoffice-supporters-arent-happy/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #ZDNet [ZDNet]
Amazon’s Echo Hub gets a customizable new look and Ring’s AI features
Amazon's rolling out a free software update for Echo Hub devices that gives the home screen a much-needed update to the interface it launched with in 2024. It had already added Alex Plus AI support, but the new interfac…
https://www.theverge.com/tech/948814/amazon-echo-hub-homescreen-redesign
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]
Security Advisory: CVE-2025-70102 - NULL Pointer Dereference in dhcpcd parse_option
Summary
A crafted dhcpcd configuration input can trigger undefined behavior in the configuration parser by causing `parse_option()` to access a member through a NULL `struct dhcp_opt` pointer.
The issue is located in `src/if-options.c` in `parse_option()`. During parsing of malformed or unexpected option data, the lookup/parsing path can leave the local DHCP option pointer unset. The affected code then assumes the option pointer is valid and accesses embedded option metadata through it, which results in a NULL pointer member access at `src/if-options.c:1886`.
CWE:
CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
Affected Component:
```
src/if-options.c:1886
Function: parse_option()
```
Affected Product:
dhcpcd
Affected Version:
The issue was reproduced against dhcpcd commit:
```
2de751b3691642151a4fdc49e444d6b4dc364e98
```
Attack Conditions:
An attacker must cause dhcpcd to process a crafted configuration input that reaches the vulnerable option parsing path. The issue was reproduced in an instrumented fuzzing build of the dhcpcd configuration reader.
Impact:
The vulnerability causes undefined behavior and process termination under the sanitizer build, resulting in Denial of Service. No evidence of arbitrary code execution was observed in the local crash data.
Fix:
The issue was fixed in dhcpcd commit:
```
117742d755b591764036dd4218f314f748a3d2b7
```
The fix ensures that the pointed-to local DHCP option entry is non-NULL before it is dereferenced. Users should update to a dhcpcd build containing this commit or later.
References
- Issue: https://github.com/NetworkConfiguration/dhcpcd/issues/567
- Fix: https://github.com/NetworkConfiguration/dhcpcd/commit/117742d755b591764036dd4218f314f748a3d2b7
- PoC: https://github.com/sigdevel/pocs/blob/main/res/dhcpcd/1/if-options_c_1886/if-options_c_1886
Credits
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #dhcp #net #dhcpcd
Security Advisory: CVE-2025-55657 - NULL Pointer Dereference in GPAC MP4Box VVC Configuration Writer
Processing a crafted MP4 file containing malformed or unsupported VVC configuration data with `MP4Box` can trigger a NULL pointer dereference in `gf_odf_vvc_cfg_write_bs()`, causing a Denial of Service.
Summary:
The `gf_odf_vvc_cfg_write_bs()` function in `odf/descriptors.c` does not validate that the pointer to VVC configuration NAL unit data is non-NULL before using it. When MP4Box processes a crafted MP4 file containing an unsupported `vvc16` box inside the `stsd` parent box, the VVC configuration write path can receive a NULL configuration pointer and dereference it.
AddressSanitizer reports a `SEGV` caused by a `READ` memory access at address `0x000000000000`, with the crash occurring at `odf/descriptors.c:1267`.
CWE:
CWE-476 - NULL Pointer Dereference
Affected Component:
```
odf/descriptors.c:1267
Function: gf_odf_vvc_cfg_write_bs()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
ff8249a407685d00ceb5f4d2a798b9cad195140e
```
Builds before the fix commit `34495b9db132be2adb6edd2ab7a28e5f8d5cd2e5` should be considered affected if they contain the vulnerable VVC configuration write path.
Attack Conditions:
An attacker supplies a crafted MP4 file containing malformed VVC configuration data, including an unsupported `vvc16` sample description box. The issue can be reproduced locally with:
```
./MP4Box -add 6_poc.mp4 -new ./test -split-size 500
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious MP4 file, or an automated workflow invokes MP4Box on attacker-controlled media.
Impact:
The immediate observed impact is Denial of Service due to process termination. The crash is a NULL pointer dereference on the zero page; no evidence of arbitrary code execution was observed.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
34495b9db132be2adb6edd2ab7a28e5f8d5cd2e5
```
Users should update to a GPAC build containing this commit or later. The affected code should validate VVC configuration pointers and reject malformed or unsupported VVC sample description data before writing VVC configuration records.
References:
- Issue: https://github.com/gpac/gpac/issues/3157
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/6/6_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/34495b9db132be2adb6edd2ab7a28e5f8d5cd2e5
Credit
@sigdevel
#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
![[?]](https://cdn.fosstodon.org/accounts/avatars/108/241/177/240/046/462/original/55de486719b3da80.png)
Everyone who uses Linux today had a moment where something clicked after way too long.
What's one thing you wish someone had told you when you were starting out?
Drop it in the comments! Someone reading this probably needs exactly what you're about to share.
#RockyLinux #Linux #OpenSource #LearnLinux #SysAdmin #Community
Buying a school laptop? 4 things I'd consider first (and my top 10 picks)
Your laptop can make or break or time in college, so you want to make sure you get the right one. Here's what to consider.
https://www.zdnet.com/article/how-to-pick-a-laptop-for-college/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #ZDNet [ZDNet]
We just shipped some new features of our own to mementomori.social! 🎉
New:
- "For you" feed (experimental). Open your home column settings and switch on "Ranked order" to try an algorithmic feed: posts ranked by engagement and by who you interact with, fresh content on every refresh, and you'll rarely see the same post twice. Flip on "Include posts from people you don't follow" to discover new accounts beyond your follows. See someone interesting there? Tap the + on their avatar to follow them.
- PageUp and PageDown scroll the page normally again (thanks @anotherdream for the feedback on this one!)
- The navigation is a bit tidier: Collections and Followed hashtags now live under "More".
The For you feed is fully opt-in. Your home feed stays exactly as it was unless you turn it on. Feedback very welcome!
Fork source and PR drafts available: https://github.com/mementomori-social/mastodon/tree/mementomods-2026-06-07
Full feature list: https://help.mementomori.social/mementomori.social/instance-features
Holy shit, my "For You" feed experiment is working in production!
Draft: https://github.com/mementomori-social/mastodon/pull/4
#MementoMoriSocial #Mastodon #OpenSource #BuildInPublic
Alt...
A screenshot of "For you" feed
Roborock’s Q10 S5 Plus robovac is over half off, matching its best price to date
Roborock’s Q10 S5 Plus comes with a self-emptying dock and is under $300. | Image: Roborock Even at full price, the Roborock Q10 S5 Plus offers impressive value, boasting features typically reserved for pricier robovac …
https://www.theverge.com/gadgets/948529/roborock-q10-s5-plus-robot-vacuum-mop-deal-sale
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]
Price hikes are coming for another big Android brand
Huawei's feeling the memory crunch.
https://www.androidauthority.com/huawei-price-hikes-3676860/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]
Amazon’s data centers used 2.5 billion gallons of water last year
Just after Seattle enacted a one-year data center moratorium that some of Amazon's own employees pushed for, Amazon shared how much water its data centers use, reportedly for the first time. With concerns about water co…
https://www.theverge.com/tech/948534/amazon-data-centers-water-use
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]
![[?]](https://media.infosec.exchange/infosec.exchange/accounts/avatars/110/560/511/618/170/134/original/4f33ba36608d1311.png)
New.
Check Point: From SQLi to RCE – Exploiting LangGraph’s Checkpointer https://research.checkpoint.com/2026/from-sqli-to-rce-exploiting-langgraphs-checkpointer/ #opensource #vulnerability #infosec #threatresearch
Is Apple TV the new HBO?
This is Lowpass by Janko Roettgers, a newsletter on the ever-evolving intersection of tech and entertainment, syndicated just for The Verge subscribers once a week. Severance. Pachinko. Silo. Ted Lasso. Over the past co…
https://www.theverge.com/column/948295/apple-tv-new-hbo
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]
![[?]](https://cdn.masto.host/mikecoatssocial/accounts/avatars/000/000/001/original/aef7f57093858ba9.jpg)
My latest blog post: Peter de Jong Attractors
https://mikecoats.com/peter-de-jong/
Last week I published a new web toy, a Peter de Jong attractor visualiser. Written in plain JavaScript and rendering to a canvas, it comes with a small amount of interactivity to alter the coefficients and see the visualisation change.
![[?]](https://cdn.masto.host/swisssocial/accounts/avatars/109/378/013/627/122/911/original/2fc6bb0a3c477e8e.jpg)
Die #OSADL GV ist soeben gestartet.
Kann ich allen Firmen empfehlen, welche Hilfe bzgl. FOSS (Compliance, rechtliche Fragen, uvm.) benötigen. Alleine die rechtlichen Auskünfte, die FAQ und die Lizenzkompatibilitätsmatrix sind Gold wert - auf jeden Fall aber die (min) 8000 €.
#OpenSource #Linux #CRA #Genossenschaft
After the latest NotebookLM update, I’m rethinking how much I trust AI
My trust issues caught me trusting AI.
https://www.androidauthority.com/notebooklm-may-2026-update-hands-on-ai-trust-3674146/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]
![[?]](https://files.social.openrightsgroup.org/system/accounts/avatars/109/382/359/215/932/523/original/ea34e4d5bb2b649c.png)
How to fix Ripped Off Britain?
🔴 BOOT: Palantir and Big Tech grifters.
🟢 TOOT: Digital Sovereignty and open source.
Tell your MP to stop forking out to a handful of US companies that over-charge and under-deliver. Invest in open source and put the UK in charge instead.
Act now to back an amendment in the Cybersecurity Bill ➡️ https://action.openrightsgroup.org/tell-your-mp-end-big-tech-rip/?mtm_campaign=big-tech-rip-off&mtm_source=mastodon
#digitalsovereignty #techsovereignty #bigtech #opensource #palantir #ukpolitics #ukpol
Alt...
Text: End the Big Tech Rip-Off. Write to your MP.
Image: Monochrome photo of Peter Thiel, co-founder of Palantir, with Kier Starmer peeking over his shoulder on top of a pink, blue and yellow patterned background in vertical panels.
Europa hat jetzt sein eigenes Office – und das ist auch noch Open Source! 🚀
Zum Artikel: https://heise.de/-11320254?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon
#eurooffice #opensource #nextcloud #weboffice #digitalesouveränität
Alt...
Auf dem Bild ist das Logo von Euro-Office zu sehen. Im Bild steht: "Open-Source-Office aus Europa:
Erste stabile Version von Euro-Office ist verfügbar" darunter steht: "Die quelloffene Office-Suite von Nextcloud, Ionos und Partnern bietet kollaboratives Arbeiten ohne Abhängigkeit von US-amerikanischen Tech-Konzernen."
![[?]](https://mast.hpc.social/system/accounts/avatars/114/188/676/857/915/078/original/77b52083bbe5abb8.png)
Slurm-web v7.0.0 is out 🚀
Slurm-web is the open source web interface for Slurm, helping HPC users and admins monitor jobs, nodes, partitions and cluster activity from the browser.
This major release brings SSO with OpenID Connect, Docker/Podman containers, Kubernetes and Slinky-ready deployments, UI branding, job history, filtering, user visibility controls, and Slurm 26.05 support.
![[?]](https://hub.tschlotfeldt.de/photo/profile/l/4?rev=1732256052)
Location: Kiel
![[?]](https://cdn.masto.host/swisssocial/accounts/avatars/109/332/814/857/881/510/original/3827b835df52bf34.jpeg)
SoftMaker Office 2026 ist in der öffentlichen Beta. Für Linux gibts echte Fortschritte: nativer Dateidialog auch ohne GNOME, dynamische Arrays in PlanMaker, Markdown in TextMaker. Was weiterhin fehlt: die automatische Dark-Mode-Erkennung, trotz freedesktop.org-Standard seit 2021.
Den ganzen Artikel liest du hier:
![[?]](https://s3.eu-central-2.wasabisys.com/mastodonworld/accounts/avatars/113/472/242/607/539/655/original/ce987f5c2a1ad75d.png)
Valve updated Proton Experimental on June 10th to bring more bug fixes for running Windows games on Linux / SteamOS systems.
https://www.gamingonlinux.com/2026/06/proton-experimental-gets-fixes-for-path-of-exile-1-2-guild-wars-2-call-of-duty-2003-exanima-and-more/
![[?]](https://gyptazy.com/fedi/gyptazy/s/avatar-1aa83a84ee47c864bc90216a89d0efcf.png){kind=avatar}
Many people still believe that Proxmox Backup Server is only meant for Proxmox VE environments and can only be used to back up virtual machines and containers. The reality is that the Proxmox Backup Client has been available for quite some time, allowing dedicated servers and desktop systems to benefit from the same centralized backup infrastructure.
The challenge? The client is powerful, but not necessarily the most user friendly tool for everyone.
That is where OneSystems GmbH (https://www.onesystems.ch) steps in with their #opensource project BackupPilot. It provides a modern and intuitive graphical interface that makes connecting Linux desktop systems to #ProxmoxBackupServer simple and accessible for everyone.
In my latest blog post, I take a closer look at BackupPilot and how it helps bring centralized backups to the desktop. If it fits from a time perspective, I'll also show a small live demo next to my other PBS and S3 talk at @credativde@mastodon.social's next virtualization gathering. Entry is free, feel free to join!
Blogpost: https://gyptazy.com/blog/backuppilot-a-gui-client-for-proxmox-backup-server/
Git/Source: https://git.onesystems.ch/backuppilot/app
Feedback: https://forum.proxmox.com/threads/erste-testuser-für-backuppilot-gesucht.183740/
Virtualization Gathering: https://www.credativ.de/event/open-source-virtualization-gathering-moenchengladbach/
Alt...
BackupPilot as a GUI Client for Proxmox Backup Server
![[?]](https://files.mastodon.social/accounts/avatars/116/568/539/501/424/386/original/d9bdd7c0b4b20c7f.png)
KWI LIAN & Kyber
Die KI unterstützt.
Der Mensch entscheidet.
Die Infrastruktur dokumentiert.
KWI LIAN verbindet lokale KI-Unterstützung, LibreOffice-Workflows und nachvollziehbare Governance-Daten in einer kontrollierbaren Arbeitsumgebung.
Lokal statt Cloud-Zwang.
Dokumentzustand prüfen und nachweisen.
Serverseitige Shadow-Akte mit Hash, Snapshot und Commit.
#DigitaleSouveränität #OpenSource #LibreOffice #Linux #KI #AIGovernance #GovTech #EUAIAct
Alt...
KWI LIAN & Kyber — lokale KI-Infrastruktur für nachvollziehbare Dokumenten-Workflows.
Viele KI-Systeme konzentrieren sich auf die Ausgabe.
KWI LIAN konzentriert sich auf den Arbeitszustand dahinter:
Wer hat etwas bearbeitet?
Auf welchem Gerät?
In welchem Vorgang?
Welcher Dokumentzustand wurde geprüft?
Welche Version wurde freigegeben?
Ist der finale Stand später noch nachweisbar?
Kyber bringt die KI-Unterstützung direkt in LibreOffice Writer und Calc.
LIAN prüft und markiert Zustände.
KWI dokumentiert serverseitig Nachweise, Hashes, Snapshots und Commit-Informationen.
Das Ziel ist nicht autonome KI.
Das Ziel ist kontrollierbare KI-Unterstützung in realen Arbeitsumgebungen.
Die KI unterstützt.
Der Mensch entscheidet.
Die Infrastruktur dokumentiert.
Samsung Heavy Industries recruits Greek shipowner and Supermicro to bring 50MW floating AI data centers to market — can be powered by solid oxide fuel cells running on liquefied natural gas
Besides Samsung Heavy, Japan’s MOL is also building a 73 MW floating data center with Karpowership for a 2027 deployment.
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]
iX-Workshop: Linux-Server absichern – effektiv und umfassend
Linux-Server und Netzwerkdienste effektiv und umfassend vor Angriffen schützen – von physischer Sicherheit über Verschlüsselung und 2FA bis hin zu SELinux.
#IdentityManagement #IT #iXWorkshops #OpenSource #Verschlüsselung #news
![[?]](https://climatejustice.social/system/accounts/avatars/115/775/949/234/220/445/original/149b45df4eb28db2.png)
The parallel between Proton's sponsorship of Vincent Lapierre and Framework's DHH/Omarchy sponsorship is striking.
What separates them is the response: Proton terminated the deal and acknowledged the misstep. Framework doubled down on "software first" neutrality while critics raised legitimate concerns about who they were financially backing.
Different outcomes, same underlying issue, companies claiming ethical stances need to vet partnerships consistently, not just reactively.
Overenthusiastic GTA 6 fan claims to be monitoring oxygen levels, acoustic noise from the bushes at Rockstar North HQ — promises trailer 3 launch is imminent based on heightened acti…
Either a dedicated jokester or a deranged fan has been posting advanced surveillance on Reddit in an attempt to predict the next GTA 6 trailer.
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TomsHardware [Tom's Hardware]
YouTube expands its direct messaging feature to more countries, including the US
You can finally share your favorite YouTube videos and Shorts more conveniently.
https://www.androidauthority.com/youtube-direct-messaging-expand-us-3676612/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]
Ring’s two-camera outdoor security bundle falls 50% in Amazon’s early sale
This Ring bundle pairs floodlight and spotlight cameras for half the price.
https://www.androidauthority.com/ring-floodlight-cam-plus-bundle-deal-3675992/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]
This 5-camera Blink Outdoor 4 bundle just crashed 65% to a record-low price
Five outdoor cameras, one very low price.
https://www.androidauthority.com/blink-outdoor-4-bundle-deal-3675690/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]
3 signs someone is stealing your Wi-Fi - and how to kick them off
If you suspect someone may be on your Wi-Fi network without your permission, here's how to find out - and what to do about it.
https://www.zdnet.com/article/signs-someone-is-using-your-wi-fi-how-to-kick-them-off/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #ZDNet [ZDNet]
I found a free Android app that makes deleting photos as easy as swiping left
Looking for the most efficient way to clear out photos and videos from your Android phone? It's just a swipe away with an easy-to-use app called Sponge.
https://www.zdnet.com/article/free-android-app-makes-deleting-photos-easy/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #ZDNet [ZDNet]
Framework delays its first Laptop 13 Pro shipments by a month
The Framework Laptop 13 Pro is delayed. The new 13-inch Framework flagship was set to launch in June, but shipments from the first batch are now expected in July - and there's still a chance some shipments could slip to…
https://www.theverge.com/gadgets/948044/framework-laptop-13-pro-delay-shipment-july-august
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]
Nearly a million passports and photo IDs were left unprotected on the public internet
Typing a few letters and numbers into my web browser, I find myself gaping at the identity documents of complete strangers. The passport of a young woman from Germany. The passport of a man from Spain with glasses resti…
https://www.theverge.com/tech/947157/passports-data-breach-cannabis-club-systems-nefos-puffpal
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]
Experimenting with an opt-in ranked home timeline ("For you" feed) for Mastodon, just for myself and in my own fork.
Draft: https://github.com/mementomori-social/mastodon/pull/4
#MastoAdmin #Mastodon #MementoMoriSocial #BuildInPublic #OpenSource
![[?]](https://cdn.fosstodon.org/accounts/avatars/109/305/912/345/101/703/original/a86f8f5aab49cc48.jpg)
It's a bit scary talking to some people these days, who's first (and sometimes only) significant computing experience is a smartphone or closed-ecosystem PC, and not a general purpose PC.
Real Stockholm syndrome stuff: "I'm so impressed by Apple, my 2019 macbook still gets updates! most android phones only get 3-4 years"
Well a general purpose PC gets practically unlimited updates if you install the right thing on it.
Kalshi adds required employment verification for some prediction market bets
The CFTC is considering its first regulation for prediction markets, as arrests over "insider trading" on everything from military operations to Google Search data continue to stack up. As CoinDesk reports, a notice of …
https://www.theverge.com/business/948083/kalshi-prediction-markets-insider-trading
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]
![[?]](https://media.mas.to/accounts/avatars/109/289/036/241/267/289/original/f3b1191b82e090e9.png)
God damn. Gnome's "activities" overview remains absolutely genius design. You tap *one* button, and you have access to 95% of what you use on a regular basis. It's sad that other desktop environments don't have this.
#FOSS #FLOSS #OpenSource #Linux #Debian #Gnome
Alt...
A Gnome desktop with "activities" revealed. There is a desktop window slightly shrunken, in the centre of the screen, a series of desktop thumbnails across the top, and a "dash" with frequently used programmes along the bottom. One button reveals your whole computer.
I've tested so many desktop AI tools, but Hermes with Ollama is my new favorite - here's why
Local AI is the way to go, and Hermes with open-source Ollama is my preferred setup right now.
https://www.zdnet.com/article/hermes-ollama-hands-on-desktop-ai-tool/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #ZDNet [ZDNet]
The best early Prime Day robot vacuum deals I'd buy now, after testing dozens of them
Amazon Prime Day is right around the corner, and I found the best robot vacuum deals that are actually a great deal.
https://www.zdnet.com/article/best-early-amazon-prime-day-robot-vacuum-deals-2026/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #ZDNet [ZDNet]
![[?]](https://files.mastodon.online/accounts/avatars/108/194/476/340/205/814/original/cee5b1ace4b18980.png)
We never did a proper #introduction, did we? 😲
Hi Fediverse, we're Thunderbird, an #opensource #email client available for free on Linux, Windows, MacOS and now on Android!
You can use Thunderbird for managing an unlimited number of mail accounts, calendars, newsgroup accounts, and RSS feeds. You can also chat using your @matrix account.
💙 LIKES: Open standards, privacy, freedom, customization.
🚫 DISLIKES: Proprietary code.
Nice to meet you 📩
You can just tell the Instagram algorithm what you want now
Instagram is going to let you tweak what its algorithm shows you on your main feed. With the Your Algorithm feature, "you can now see the topics we think you're interested in, and change them, across all the major parts…
https://www.theverge.com/tech/947898/meta-instagram-your-algorithm-main-feed-tell
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]
Android 17 QPR1 Beta 4 is ready to share its latest bug fixes
Hopefully these new builds are almost done sorting out glitches.
https://www.androidauthority.com/android-17-qpr1-beta-4-3676575/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]
![[?]](https://fietkau.social/system/accounts/avatars/109/281/407/032/870/910/original/7a71c7a621c8b090.png)
Re-sharing a small open source project I just finished polishing: PoseViz, my browser-based pose recording data visualizer/player.
https://fietkau.software/poseviz
When I left my previous employer, we discussed what would remain there and what I would take with me. PoseViz is one of our bespoke research tools now in my private custody. I put a bit of effort into making it presentable and fun to play with. Try opening some of the different demo recordings! 🙂
#OpenSource #PoseTracking #threejs
Alt...
A stick figure in a simple 3D environment, with a stylized camera shown in the background of the scene. There is a video player interface at the bottom with a play button, a progress bar, and playback time information.
Having trouble with Strava? Here’s what’s going on
You're not the only one getting errors.
https://www.androidauthority.com/strava-experiencing-outage-3676560/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]
Court actually holds Google responsible for everything AI Overviews get wrong
Google's AI Overviews landed it in legal trouble over "scam" claims.
https://www.androidauthority.com/ai-overviews-liability-3676496/
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #AndroidAuthority [Android Authority]
Microsoft restricts Claude Fable for employees over data retention concerns
Anthropic released Claude Fable, its first Mythos-class AI model, yesterday and it's already causing concerns inside Microsoft. Sources tell me that Microsoft is limiting the use of Claude Fable 5 for employees because …
https://www.theverge.com/report/947575/microsoft-claude-fable-5-restricted-internally
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]
Google will save your Lens photos, Search Live recordings, and Translate audio for AI training
Google is making some changes to how it saves your interactions with Search. In an email sent to users, Google says it will save the images, files, audio, and video you use to search under a new "Search Services History…
https://www.theverge.com/tech/947836/google-search-privacy-settings-images-audio
#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]