mastouille.fr est l'un des nombreux serveurs Mastodon indépendants que vous pouvez utiliser pour participer au fédiverse.
Mastouille est une instance Mastodon durable, ouverte, et hébergée en France.

Administré par :

Statistiques du serveur :

597
comptes actifs

#heartbleed

0 message0 participant0 message aujourd’hui
Herzmut<p>Warum noch mal war unsere kritische Infrastruktur im Netz, wie <a href="https://23.social/tags/letsencrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>letsencrypt</span></a> oder <a href="https://23.social/tags/OpenVPN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenVPN</span></a>, von der US-Regierung abhängig? </p><p>Irgendwann braucht man nach <a href="https://23.social/tags/Heartbleed" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Heartbleed</span></a> und <a href="https://23.social/tags/GnuPG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GnuPG</span></a>-Krise auch nicht mehr Snowden zitieren, wenn die einzige Konsequenz, die man da nicht gezogen hat, die ist, dass Open Source-Entwicklung auch Geld kostet. </p><p>Und dass man das am besten auch nicht allein einer alle vier Jahre wechselnden Regierung überlässt.</p><p><a href="https://23.social/tags/KRITIS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KRITIS</span></a> <a href="https://23.social/tags/Privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Privacy</span></a> <a href="https://23.social/tags/Tor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tor</span></a></p>
Xnet<p>Este parasitismo provoca precariedad, agotamiento y hartazgo en desarrolladores y lleva a problemas de seguridad global como <a href="https://mastodon.social/tags/Heartbleed" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Heartbleed</span></a></p><p>Por eso nuestras autoridades se plantean obligar a las BigTech a contribuir… ¡NO! Se plantean obligar a voluntarios a darles mantenimiento 🤯</p>
Christina Warren<p>Thinking a lot about the <a href="https://mastodon.social/tags/xz" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>xz</span></a> backdoor this week. Almost exactly 10 years ago, I wrote this about the <a href="https://mastodon.social/tags/Heartbleed" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Heartbleed</span></a> attack and how we should do more to support <a href="https://mastodon.social/tags/OSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OSS</span></a>, especially for important libraries. Sadly, almost all of what I wrote then is still relevant. <a href="https://web.archive.org/web/20140420132336/https://mashable.com/2014/04/14/heartbleed-open-source/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">web.archive.org/web/2014042013</span><span class="invisible">2336/https://mashable.com/2014/04/14/heartbleed-open-source/</span></a></p>
John Shaft<p>À quelques jours près, la découverte du code malicieux de <a href="https://piaille.fr/tags/xz" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>xz</span></a> coïncide avec la découverte de <a href="https://piaille.fr/tags/HeartBleed" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HeartBleed</span></a> avec 10 ans d'écart. 🥳</p><p>(J'ai l'impression que les choses n'ont pas tellement évoluée depuis 😓)</p>
Okki<p><span class="h-card" translate="no"><a href="https://mastodon.xyz/@Bibobu" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Bibobu</span></a></span> </p><p>Le pire, c'est que le débat autour des petits projets extrêmement utilisés et pourtant complètement sous-financés avait déjà eu lieu plusieurs fois ces dernières années, à la suite de failles mémorables telles que <a href="https://mamot.fr/tags/Heartbleed" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Heartbleed</span></a>.</p><p>Sauf que ça s'agite un peu sur le moment, ça créé divers fonds pour financer le libre, mais une fois la tempête passée, on en entend plus parler et rien ne change ☹️</p><p><a href="https://next.ink/4883/cybersecurite-et-open-source-lelectrochoc-heartbleed-na-pas-change-grand-chose/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">next.ink/4883/cybersecurite-et</span><span class="invisible">-open-source-lelectrochoc-heartbleed-na-pas-change-grand-chose/</span></a></p><p><a href="https://mamot.fr/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://mamot.fr/tags/logiciellibre" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>logiciellibre</span></a> <a href="https://mamot.fr/tags/FOSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FOSS</span></a> <a href="https://mamot.fr/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
Cory Doctorow<p>But as open source projects have learned the hard way, the fact that anyone *can* audit your widely used, high-stakes code doesn't mean that anyone *will*.</p><p>The <a href="https://mamot.fr/tags/Heartbleed" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Heartbleed</span></a> vulnerability in <a href="https://mamot.fr/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSSL</span></a> was a wake-up call for the open source movement - a bug that endangered every secure webserver connection in the world, which had hidden in plain sight for years. </p><p>36/</p>
heise online (inoffiziell)Firmen sollten sich nicht auf ihren Spenden an Open-Source-Communities ausruhen, fordert Josep Prat: Sie wissen oft gar nicht, wie abhängig sie von ihnen sind. <br><a href="https://www.heise.de/news/Drei-Fragen-und-Antworten-Bei-Open-Source-mit-anpacken-nicht-nur-spenden-7351394.html" rel="nofollow noopener noreferrer" target="_blank">Drei Fragen und Antworten: Bei Open Source mit anpacken, nicht nur spenden</a><br>
Tech News Worldwide<p>OpenSSL 3 patch, once Heartbleed-level “critical,” arrives as a lesser “high” <br> <br> <a href="https://arstechnica.com/?p=1894214" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="">arstechnica.com/?p=1894214</span><span class="invisible"></span></a> <br> <br> <a href="https://aspiechattr.me/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a> <a href="https://aspiechattr.me/tags/heartbleed" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>heartbleed</span></a> <a href="https://aspiechattr.me/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://aspiechattr.me/tags/openssl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openssl</span></a> <a href="https://aspiechattr.me/tags/Biz" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Biz</span></a>&amp;IT <a href="https://aspiechattr.me/tags/patch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>patch</span></a> <a href="https://aspiechattr.me/tags/Tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tech</span></a> <a href="https://aspiechattr.me/tags/ssl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ssl</span></a></p>
Michael Downey 🧢<p>⚠️ ICYMI, be ready to patch your systems for today's soon-to-be-announced <a href="https://floss.social/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSSL</span></a> vulnerability, said to be a <a href="https://floss.social/tags/Heartbleed" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Heartbleed</span></a> style memory leak related to <a href="https://floss.social/tags/SHA3" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SHA3</span></a> operations.</p><p><a href="https://floss.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://floss.social/tags/devops" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>devops</span></a> <a href="https://floss.social/tags/sysadmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sysadmin</span></a> </p><p><a href="https://www.zdnet.com/article/openssl-warns-of-critical-security-vulnerability-with-upcoming-patch/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">zdnet.com/article/openssl-warn</span><span class="invisible">s-of-critical-security-vulnerability-with-upcoming-patch/</span></a></p>
Senfcall 💛<p><a href="https://chaos.social/tags/SpenSenfMastodon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SpenSenfMastodon</span></a> Tag 4: Nicht erst seit <a href="https://chaos.social/tags/log4j" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>log4j</span></a> oder <a href="https://chaos.social/tags/heartbleed" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>heartbleed</span></a> wissen wir, dass manche wichtige <a href="https://chaos.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a> Software unbekannt ist. Zwar sind <a href="https://chaos.social/tags/Jamaica" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Jamaica</span></a> und <a href="https://chaos.social/tags/JVerein" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JVerein</span></a> kein zentraler Bestandteil der digitalen Infrastruktur, sehr wohl aber ein lebenswichtiges Tool für die <a href="https://chaos.social/tags/Finanzbuchhaltung" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Finanzbuchhaltung</span></a> vieler Vereine, so auch für unseren Trägerverein <span class="h-card"><a href="https://chaos.social/@computerwerk" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>computerwerk</span></a></span>. Damit wir weiter als <a href="https://chaos.social/tags/Verein" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Verein</span></a> unsere Arbeit machen können: spendet heute an <a href="https://doku.jverein.de/allgemeine-funktionen/spende" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">doku.jverein.de/allgemeine-fun</span><span class="invisible">ktionen/spende</span></a> statt <a href="https://chaos.social/tags/Senfcall" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Senfcall</span></a>!</p><p><a href="https://chaos.social/tags/FreieSoftware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FreieSoftware</span></a></p>
Vagrant Cascadian<p><span class="h-card"><a href="https://tooot.im/@tzafrir" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>tzafrir</span></a></span> <span class="h-card"><a href="https://social.coop/@eloquence" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>eloquence</span></a></span> <span class="h-card"><a href="https://toot.cat/@ehashman" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>ehashman</span></a></span> </p><p>The Core Infrastructure Initiative dramatically scaled back as soon as the initial funding dried up ~3 years in. Just about enough time to forget about the importance of maintenance...</p><p>There is a newer project that is not quite up and running yet... that might be able to do some of what CII was intended for:</p><p><a href="https://openssf.org" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="">openssf.org</span><span class="invisible"></span></a></p><p>All we need is a continual <a href="https://floss.social/tags/spectre" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>spectre</span></a> of a <a href="https://floss.social/tags/meltdown" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>meltdown</span></a> to keep our <a href="https://floss.social/tags/heartbleed" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>heartbleed</span></a> burning down the <a href="https://floss.social/tags/log4j" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>log4j</span></a> cabins. Vigilance!</p>
Matthias Kneiss<p>So lange kommerzielle Nutzer*innen OpenSource mit Freeware gleichsetzen, werden wir wieder und wieder essentielle Sicherheitslücken wie <a href="https://chaos.social/tags/Heartbleed" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Heartbleed</span></a> oder <a href="https://chaos.social/tags/Log4Shell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Log4Shell</span></a> erleben.</p><p>Wenn selbst Großkonzerne ihre Produktsicherheit von Projekten abhängig machen die engagierte Ehrenamtler*innen ohne Gegenleistung in ihrer Freizeit betreuen, dann kommen wir da nicht von weg, dass uns die Infrastruktur regelmäßig um die Ohren fliegt.</p>