Original post on mastodon.social
Thank to to everyone who is today participating in the German National Reading Day and to everyone reading books to children on other days of the year. π
Especially those who read "Ada & #Zangemann - A Tale of Software , Skateboards πΉ , and Raspberry Ice Cream π¦ " to children and thereby spark [β¦]
21.11.2025 05:21 β π 0 π 3 π¬ 0 π 0
Original post on mastodon.social
As several people contacted the @fsfe about it: we know that some shops have issues at the moment to deliver "Ada & Zangemann - A Tale of Software, Skateboards, and Raspberry Ice Cream" books. My advise is to order them directly from the publishers we list on https://ada.fsfe.org/ .
If you [β¦]
20.11.2025 14:36 β π 0 π 0 π¬ 0 π 0
Original post on mastodon.social
Another lesson why it is so important to work on #FreeSoftware in the perspective of decades rather than years. You might have thought that in current times the #DigitalSovereigntySummit would have resulted in more concrete actions and support for #FreeSoftware for the next months. Here a good [β¦]
20.11.2025 10:53 β π 0 π 1 π¬ 0 π 0
Original post on mastodon.social
Our democratic public sphere needs open networks!
Together with @offene_netzwerke we demand that public money be invested into Free Software and in open, decentralised infrastructures.
Read our demands (en/de/fr), published this week:
https://offene-netzwerke.eu/forderungen/
#FreeSoftware [β¦]
14.11.2025 10:48 β π 7 π 15 π¬ 0 π 0
Mastodon
Wow! Wow! Wow! So @derPUPE organised readings for Ada & #Zangemann and the @C4NRN crew managed to do a Turkish and Russian translation as well. This is so amazing! π₯°
https://mastodon.social/@derPUPE@chaos.social/115561422966794961
17.11.2025 08:20 β π 0 π 0 π¬ 0 π 0
Original post on mastodon.social
CfP for the #FOSDEM #Legal and #Policy devroom is out. The DevRoom invites hackers, developers, contributors,
lawyers, and decision-makers alike to share their knowledge with the community. Deadline is 7 December:
https://lists.fosdem.org/pipermail/fosdem/2025q4/003703.html
(Transparency: I am [β¦]
13.11.2025 07:58 β π 1 π 6 π¬ 0 π 0
School class with pupils sitting and teacher standing holding books in front of their face.
π₯° We already reached over 30,000 children. Experience the joy yourself! π₯° https://k7r.eu/reached-30k-children-experience-the-joy-of-helping-others-yourself/
10.11.2025 09:13 β π 0 π 0 π¬ 0 π 0
Large conference crowd many of them standing up. In the middle one person who received an award, and two traffic cones.
Please join me in a big round of applause for Jean-Baptiste Kempf from @videolan for his contributions to #SoftwareFreedom π
(Together with Raphael Barbieri I had the honour to hand over the European #SFSAward 2025 to him in the name of #Lugbz and @fsfe . ) [β¦]
[Original post on mastodon.social]
07.11.2025 12:05 β π 2 π 18 π¬ 0 π 0
room full of people. on stage person with mic. slide with a heart and text "I have a big heart"
Now @karen 's keynote at #SFScon about device neutrality for medical devices and her professional and personal view of the issues both as a patient and as a cyborg lawyer. Looking forward to the panel with Karen and @webmink about "#ethics and #softwarefreedom ".
07.11.2025 08:48 β π 0 π 1 π¬ 0 π 0
many people in room. one on stage.
The great Patrick Ohnewein opening #SFSCon several hours of great programme and discussions about #FreeSoftware ahead.
07.11.2025 08:16 β π 0 π 0 π¬ 0 π 0
person in front of building with big tower
Start of the #SFScon π
07.11.2025 07:10 β π 0 π 0 π¬ 0 π 0
four people with laptops at table in train.
three people with laptops at table in train.
four people with laptops at table in train.
On the train with @fsfe @gnome and @fdroidorg folks to #SFSCon π€
06.11.2025 16:31 β π 0 π 0 π¬ 0 π 0
Original post on mastodon.social
π₯ New Legal Corner article!βοΈ
Appleβs βnotarisationβ: blocking software freedom of developers and users!
The #DMA is supposed to shake up the power of tech giants by giving developers and users more choice.
Appleβs βnotarisationβ of mobile apps contradicts these objectives. A civil-society [β¦]
05.11.2025 10:12 β π 3 π 10 π¬ 0 π 0
Challenges of #NGO work, including those working for #FreeSoftware: "How NGOs die β Europe's playbook for dismantling democracy" https://euobserver.com/eu-political/ar1c67c9a3 (via @llas )
04.11.2025 09:02 β π 0 π 2 π¬ 0 π 0
Three Halloween pumpkins: One traditional, one with serrated mouth, and one with pacman two dots and a monster glowing in the dark.
Here the #Pacman version in action with other more traditional versions of #Halloween pumpkins.
31.10.2025 18:28 β π 0 π 0 π¬ 0 π 0
Pumpkin with a Pacman carved out, two dots in the middle, and a pacman monster. The pumpkin is on the floor.
Didn't do a #Halloween pumpkin for many many years. Today, spontaneously, I decided for the first time to try a #Pacman pumpkin.π¬
Will take a few more times until I will be satisfied with the result... and I might do some web search for inspiration next time [β¦]
[Original post on mastodon.social]
31.10.2025 15:01 β π 0 π 0 π¬ 1 π 0
Person with mic, another person in front of a window. on the right side a screen with logos of the mentioned software.
@fsfe Mario, one of the winners of #YH4F thanking the people who created the software he used in his scroll wheel project ( https://github.com/Mallo321123/Scroll-Wheel ):
@FreeCAD + @kicad + @kubuntu +
@vscode + #platformio
Also from my side thank you to [β¦]
[Original post on mastodon.social]
27.10.2025 10:16 β π 0 π 1 π¬ 0 π 0
bus with "toot bus" written on it
The #mastodon toot bus just passed us in Brussels. π
26.10.2025 16:03 β π 1 π 2 π¬ 0 π 0
8 young people with awards in front of a banner.
The was an amazing day. Winners of this year #YH4F award are a the developers of a language learning platform, a custom ROM page, a scroll wheel, a smart watering robot, a hyperbolic rendering engine, and a version control system.
Was so great to spend the [β¦]
[Original post on mastodon.social]
25.10.2025 21:34 β π 0 π 0 π¬ 1 π 0
One of the winners presenting his project
Two winners submitted a project as a team. Here then are presenting it
More winners, also a team of two, presenting their project
We are really enjoying the evening, but as you are waiting for our news let's find out the rest of our 2025 #YH4F winners π:
β¨ Awesome Hacker Award: Mario with Scroll Wheel
π₯ Elite Hacker Award: Pingu & Tuxilio with custom rom list
π₯ Ultimate Hacker Award [β¦]
[Original post on mastodon.social]
25.10.2025 18:39 β π 2 π 2 π¬ 0 π 0
two people sitting at a table with two laptops, cables, and phones hacking together.
What do Youth Hacking 4 Freedom participants do about an hour before the award ceremony for the winners? They sit in the hotel's lobby and try to get the #FreeSoftware operating system @postmarketOS running on a @Fairphone version 2. π€ #YH4F
25.10.2025 15:20 β π 0 π 5 π¬ 1 π 0
Great to meet all the winners of the @fsfe's Youth Hacking 4 Freedom 2025 in Brussels this weekend. Awesome group!! Currently some tinkering is going on π€ #YH4F
25.10.2025 11:14 β π 1 π 0 π¬ 0 π 0
XKCD comic from https://xkcd.com/3155/
Similarly, not only for #physics... (CC-BY-NC #XKCD) https://xkcd.com/3155/
23.10.2025 08:17 β π 1 π 1 π¬ 0 π 0
Matthew Garrett: Where are we on X Chat security?
AWS had an outage today and Signal was unavailable for some users for a while. This has confused some people, including Elon Musk, who are concerned that having a dependency on AWS means that Signal could somehow be compromised by anyone with sufficient influence over AWS (it can't). Which means we're back to the richest man in the world recommending his own "X Chat", saying "The messages are fully encrypted with no advertising hooks or strange βAWS dependenciesβ such that I canβt read your messages even if someone put a gun to my head".
Elon is either uninformed about his own product, lying, or both.
As I wrote back in June, X Chat genuinely end-to-end encrypted, but ownership of the keys is complicated. The encryption key is stored using the Juicebox protocol, sharded between multiple backends. Two of these are asserted to be HSM backed - a discussion of the commissioning ceremony was recently posted here. I have not watched the almost 7 hours of video to verify that this was performed correctly, and I also haven't been able to verify that the public keys included in the post were the keys generated during the ceremony, although that may be down to me just not finding the appropriate point in the video (sorry, Twitter's video hosting doesn't appear to have any skip feature and would frequently just sit spinning if I tried to seek to far and I should probably just download them and figure it out but I'm not doing that now). With enough effort it would probably also have been possible to fake the entire thing - I have no reason to believe that this has happened, but it's not externally verifiable.
But let's assume these published public keys are legitimately the ones used in the HSM Juicebox realms[1] and that everything was done correctly. Does that prevent Elon from obtaining your key and decrypting your messages? No.
On startup, the X Chat client makes an API call called GetPublicKeysResult, and the public keys of the realms are returned. Right now when I make that call I get the public keys listed above, so there's at least some indication that I'm going to be communicating with actual HSMs. But what if that API call returned different keys? Could Elon stick a proxy in front of the HSMs and grab a cleartext portion of the key shards? Yes, he absolutely could, and then he'd be able to decrypt your messages.
(I will accept that there is a plausible argument that Elon is telling the truth in that even if you held a gun to his head he's not smart enough to be able to do this himself, but that'd be true even if there were no security whatsoever, so it still says nothing about the security of his product)
The solution to this is remote attestation - a process where the device you're speaking to proves its identity to you. In theory the endpoint could attest that it's an HSM running this specific code, and we could look at the Juicebox repo and verify that it's that code and hasn't been tampered with, and then we'd know that our communication channel was secure. Elon hasn't done that, despite it being table stakes for this sort of thing (Signal uses remote attestation to verify the enclave code used for private contact discovery, for instance, which ensures that the client will refuse to hand over any data until it's verified the identity and state of the enclave). There's no excuse whatsoever to build a new end-to-end encrypted messenger which relies on a network service for security without providing a trustworthy mechanism to verify you're speaking to the real service.
We know how to do this properly. We have done for years. Launching without it is unforgivable.
[1] There are three Juicebox realms overall, one of which doesn't appear to use HSMs, but you need at least two in order to obtain the key so at least part of the key will always be held in HSMs
comments
If you need to counter people talking about encrypted messages on #Twitter (currently called #X): https://mjg59.dreamwidth.org/73625.html (by @mjg59 )
23.10.2025 08:07 β π 0 π 2 π¬ 0 π 0
Lucas Lasota and Dr. Martin Husovec
That's a wrap up for today! Thank you for following along π
This kind of legal work is extremely resource demanding for an organisation like the FSFE.
Every donation to :fsfe: FSFE strengthens our independence and our ability to fight for #SoftwareFreedom.
π Donate today https://fsfe.org/donate/
21.10.2025 16:09 β π 0 π 3 π¬ 0 π 0
Original post on mastodon.social
The @fsfe 's lawyer Dr Martin Husovec in front of the European Court of Justice about #Apple:
"If someone says that building a highway expropriates their property, we will not seriously discuss it if they were not able to show us the exact plot of land that is being encroached upon. Apple is [β¦]
21.10.2025 15:46 β π 1 π 4 π¬ 0 π 0
