otter

I got a copy of the text from the email, and added it below, with personal information and link trackers removed.

Hello [receiver's name],

I’ve long dreamed about working for Mozilla. I learned how to send encrypted e-mail using Mozilla Thunderbird, and I’ve been a Firefox user since almost as long as I can remember. In more recent years, I’ve been an avid follower of Mozilla’s advocacy work, and was lucky enough to partner with Mozilla on investigative journalism in my last job.

In many ways, Mozilla was the dream – and now, as the leader of the Foundation, my job is to make my dreams for Mozilla come true. What that means, though, is making your dreams come true – for a trustworthy and open future of technology; for tech that is a tool for liberation, not limitation; and for tech that values people over profit.

So I’m reaching out to technologists, activists, researchers, engineers, policy experts, and, most importantly, to you – the people who make up the Mozilla community – to ask a simple question.

[receiver's name]. What is your dream for Mozilla? I invite you to take a moment to share your thoughts by completing this brief survey.

Let’s start with this question:

Question 1: What is most important to you right now about technology and the internet?

• Protecting my privacy online
• Avoiding scams
• Choosing products, apps, technology, and services that I can trust
• Keeping children safe online
• Responsible use of AI
• Keeping the internet is open and free
• Knowing how to spot misinformation
• Other (please specify)

Take the survey now →

With your help, together we can imagine and create the Internet we want. Thank you for being a part of this.

Always yours,

Nabiha Syed Executive Director Mozilla Foundation

I recently got a small keychain device for free as a cheap promotional item. It looks like one of these: https://powerstick.com/powertag/

It asks that you install this app: Spot 2.0 Bluetooth Finder

Some concerns right away:

• It requires an account
• It said that my password was too long
• It seems that these apps will need 24/7 access to location in order to work properly, so I'm not comfortable making an account on some app I've never heard of

So my questions:

Q1: If someone is given a similar device, is there a FOSS app that they can use it with? So far I've found:

• BLE Radar (FDroid, GitHub). It looks promising and I haven't played with all the custom profiles yet. While I was able to connect the device and see it on a map, I don't see an option to ring the device from the app. Since it's a key ring, I imagine most people would use it to find their keys in their home, for which the speaker would be helpful.

• iTracing2 (FDroid, GitHub). This one is very minimalistic, and while I could get it connected, it seems to only work in the device > phone direction, where you can press a button on the keychain to initiate an action on the phone (ex. ring the phone)

Q2: If someone wanted to get a good quality version of this, which brands do you recommend? Ideally it would be accurate and be compatible with some FOSS app(s).

I remember seeing Chipolo mentioned in some other thread here, but I don't know if they meet those requirements

As Synology explains in security advisories published two days after the flaws were demoed at Pwn2Own Ireland 2024 to hijack a Synology BeeStation BST150-4T device, the security flaws enable remote attackers to gain remote code execution as root on vulnerable NAS appliances exposed online.

"The vulnerability was initially discovered, within just a few hours, as a replacement for another Pwn2Own submission. The issue was disclosed to Synology immediately after demonstration, and within 48 hours a patch was made available which resolves the vulnerability," Midnight Blue said.

From a different source:

Synology proactively sponsors and works with security researchers as part of product security initiatives. At this year's Pwn2Own Ireland 2024 event, which took place in late October, we successfully discovered and resolved multiple security vulnerabilities.

While these vulnerabilities are not being exploited, we recommend all Synology device administrators immediately take action to secure their systems by updating due to the scope and severity of specific issues.

This release has fixed some CVE Reports reported by a third party security auditor and we recommend everybody to update to the latest version as soon as possible. The contents of these reports will be disclosed publicly in the future.

cross-posted from: https://lemmy.eco.br/post/8758930

If you're using Vaultwarden, you should update because of security fixes.

cross-posted from: https://lemmy.ml/post/22332949

JD Vance said that ‘American power comes with certain strings attached’

Archive link

I saw this post and I was curious what was out there.

https://neuromatch.social/@jonny/113444325077647843

Id like to put my lab servers to work archiving US federal data thats likely to get pulled - climate and biomed data seems mostly likely. The most obvious strategy to me seems like setting up mirror torrents on academictorrents. Anyone compiling a list of at-risk data yet?

cross-posted from: https://lemmy.ca/post/31947651

definition: https://opensource.org/ai/open-source-ai-definition

endorsements: https://opensource.org/ai/endorsements

In particular, which tools meet the requirements and which ones don't:

As part of our validation and testing of the OSAID, the volunteers checked whether the Definition could be used to evaluate if AI systems provided the freedoms expected.

• The list of models that passed the Validation phase are: Pythia (Eleuther AI), OLMo (AI2), Amber and CrystalCoder (LLM360) and T5 (Google).
• There are a couple of others that were analyzed and would probably pass if they changed their licenses/legal terms: BLOOM (BigScience), Starcoder2 (BigCode), Falcon (TII).
• Those that have been analyzed and don't pass because they lack required components and/or their legal agreements are incompatible with the Open Source principles: Llama2 (Meta), Grok (X/Twitter), Phi-2 (Microsoft), Mixtral (Mistral).

These results should be seen as part of the definitional process, a learning moment, they're not certifications of any kind. OSI will continue to validate only legal documents, and will not validate or review individual AI systems, just as it does not validate or review software projects.

Privacy advocates got access to Locate X, a phone tracking tool which multiple U.S. agencies have bought access to, and showed me and other journalists exactly what it was capable of. Tracking a phone from one state to another to an abortion clinic. Multiple places of worship. A school. Following a likely juror to a residence. And all of this tracking is possible without a warrant, and instead just a few clicks of a mouse.

cross-posted from: https://lemmy.world/post/21065826

The code that runs Redbox DVD rental machines has been dumped online, and, in the wake of the company’s bankruptcy, a community of tinkerers and reverse engineers are probing the operating system to learn how it works. Naturally, one of the first things people did was make one of the machines run Doom.

As has been detailed in several great articles elsewhere, the end of Redbox has been a clusterfuck, with pharmacies, grocery stores, and other retailers stuck with very large, heavy, abandoned DVD rental kiosks. To many people’s surprise, many of the kiosks remain operational even with the bankruptcy of Redbox’s parent company, which has led some people to “liberate” DVDs from the abandoned kiosks. Reddit is full of posts by people who say they have taken dozens of DVDs from kiosks all over the country.

In a Discord community called “Redbox Tinkering,” a FAQ states “just ask the store manager if you can have it. They will most likely tell you to just take it, but don’t just take it without asking.”

“Use heavy or appliance hand-trucks/dolly to wheel it onto your trailer or out to your truck,” the FAQ says. “It is heavy, so be prepared. I pull it right onto the trailer and strap it down standing up. You can lay them down, but know that most of the discs will be in disarray when you open it. Take everything having to do with Redbox, don’t leave a mess.” The FAQ also contains information about how to disconnect the Redbox from its power supply and how to cut through the bolts that secure the kiosk to concrete with a grinder. It also has information about how to open and disassemble the device at home.

“Unlike most tinkerer's my main goal isn't to reverse engineer the Official Software more than I have to. I am mainly interested in carousel movement, movie retrieving/returning, etc. I am using the machine to make my own version of the App to effectively do the same thing the original software does, but with my own spin on it. I mainly want to use it to create a massive DVD/Blu-Ray storage machine with ease of use for retrieving the movies.”

“I work in IT and have a decent sized Homelab and I've always been interested in making things work again once they break,” they added.