Free, Libre, and Open Source Software and Standards

posted by Roy Schestowitz on Jul 23, 2025

• FSF ☛ 4 decades, 4 freedoms, 4 all users

  "4 decades, 4 freedoms, 4 all users" is the slogan of our fortieth anniversary year. Throughout 2025, we're celebrating the fortieth anniversary of the Free Software Foundation (FSF) with several initiatives from LibreLocal month in May to the in-person celebration in October to a free software hackathon in November. All these activities aim to bring the international free software community together, celebrate forty years of activism and all that we've achieved together, and discuss what we can do next to make the world freer. When we look back to 1985, we can see just how many stepping stones on the road to software freedom we've already laid together. We're eager to continue building the road ahead with you. Are you ready?

• TuMFatig ☛ GoToSocial Adventures: run on OpenBSD

  I used to run GoToSocial on OpenBSD but, one day, the port was marked BROKEN and I switched to using Mastodon on Linux. Still, I kept testing running GoToSocial on NetBSD, Illumos, FreeBSD and Linux. Not so long ago, GoToSocial started to compile and work pretty nice again on OpenBSD.

  After using it for about a year on a SearXNG side project , I decided that I would also use it as my primary account on the Fediverse. This post is about installing and running GoToSocial on OpenBSD.

• Omar Polo ☛ gmid

  gmid is a full-featured Gemini server written with security in mind. It can serve static files, has an optional FastCGI and proxying support and a rich configuration syntax.

  gmid also bundles a small gemini client called ‘gg’ (gemini get), a small command-line server for quick testing called ‘gemexp’ and a titan implementation.

• Libre Arts ☛ LibreArts Weekly recap — 20 July 2025

  Week highlights: new Blender, RapidRAW, Gradia, Sigil, and Hydrogen releases; new darktable UI prototypes.

• Top Self-Hosted Alternatives to Popular SaaS Apps

  If you’ve ever wished you could stop paying monthly fees for the apps you rely on, or stop handing over your data to third-party services you don’t fully trust, you’re not alone. More users than ever before are turning to self-hosted apps to replace traditional SaaS tools like Surveillance Giant Google Workspace, Dropbox, Slack, and others.

• Events

  • FSF ☛ FSF Events: Free Software Directory meeting on IRC: Friday, July 25, starting at 12:00 EDT (16:00 UTC)

    Join the FSF and friends on Friday, July 26 from 12:00 to 15:00 EDT (16:00 to 19:00 UTC) to help improve the Free Software Directory.

• Content Management Systems (CMS) / Static Site Generators (SSG)

  • Andrew Stiefel ☛ Building a Personal Monorepo for Writing

    I also prefer to keep my content separate from the website’s design, and I wanted to do that without introducing a CMS or additional tooling. Static site generators like Jekyll are great at converting Markdown into websites, but they usually require you to store content alongside all the other website files.

    After some experimenting, I landed on a better solution: building a personal monorepo for my writing and publishing workflow.

• Education

  • Jeff Geerling ☛ Open Sauce is a confoundingly brilliant Bay Area event

    He told me he's been watching videos on Proxmox and TrueNAS (among other homelab-friendly open source tools), with the goal building out a homelab to handle the 20 TB or so of RAW photos he took with the Nikon cameras on the ISS.

    NASA features many of Matthew's photos, but he told me he's also pushing for more sharing of the RAW image files and not just full-resolution JPEGs, since it would allow people to extract even more data from dramatic photos like those including both the dim stars beyond the Milky Way and the bright surface of the Earth, reflecting our much-closer Sun's light.

  • Computer History ☛ Vintage Computer Festival

    Come and explore an extraordinary showcase of historical computers, from pristine originals to ingenious modern hacks. Computer enthusiasts around the world look forward to the annual Vintage Computer Festival.

    Experience hands-on demos of historical systems from the 1960s through the 1990s, learn preservation tips, and try out brands like Apple, Atari, Commodore, Tandy/Radio Shack, and more.

• Programming/Development

  • [Old] Bjarne Stroustrup ☛ Remember the Vasa! [PDF]

    The foundation begun in C++11 is not yet complete, and C++17 did little to make our foundation more solid, regular, and complete. Instead, it added significant surface complexity and increased the number of features people need to learn. C++ could crumble under the weight of these – mostly not quite fully-baked – proposals. We should not spend most our time creating increasingly complicated facilities for experts, such as ourselves.

    We need a reasonably coherent language that can be used by “ordinary programmers” whose main concern is to ship great applications on time. We now have about 150 cooks; that’s not a good way to get a tasty and balanced meal.

    We are on the path to something that could destroy C++. We must get off that path!

  • Python

    • Philip Zucker ☛ Semi-Automated Assembly Verification in Python using pypcode Semantics

      I’ve worked on binary verification tooling for a while.

      In our projects, we’ve often been working on just binary garbage thrown out of a compiler or being reverse engineered or butchered in some other way. A strange lesson is that it is pretty tough to even know what “good” or “correct” should mean in absence of higher levels of source.

  • Java

    • FreeBSD ☛ From Minecraft to Markets: Java Hiding in Plain Sight

      This brings us to the OpenJDK project. You may not see headlines about it every day, but behind the scenes, it’s the backbone of countless systems around the world. That’s why the FreeBSD Foundation has long supported the ongoing maintenance of OpenJDK on FreeBSD — and why this work is so important.

• Standards/Consortia

  • SIDN ☛ Master’s Thesis Computing Science: Post-Quantum Cryptography for the RPKI. Dirk Doesburg. s1040211 [PDF]

    We show that the RPKI with insecure cryptography can be abused for severe attacks that are even more effective than original BGP attacks. This highlights the importance of migrating to post-quantum cryptography. We also find that the communication between CAs is an attractive target for quantum attackers, and that the RPKI relies on several related protocols that must be secured as well.

    We then evaluate which post-quantum signatures can be a suitable replacement for RSA in the RPKI, primarily by proposing a method to estimate the performance impact of a given post-quantum scheme. A hybrid with Falcon-512 as post-quantum component emerges as a promising candidate, though alternatives can perform similarly.

  • [Old] Akamai ☛ Anatomy of a SYN-ACK Attack

    Transmission Control Protocol/Internet Protocol (TCP/IP) is a linchpin technology for modern computer networking. It is how (a large majority of the time) your computer often requests and receives information across a network and the internet. It comes complete with error-checking, retransmission of missing/corrupt data, and several other important features that quite literally make the internet as we know it reliable and functional. However, to understand how it is being abused, we must first understand how it functions.

    For the sake of brevity, we won't go into the full TCP/IP connection process in this post. We will only focus on the initial TCP three-way handshake process as that is all that is relevant to the subject of this write-up.