news
Free, Libre, and Open Source Software Leftovers
-
Obnam ☛ 2026-04-19 [Older] Obnam: terminology, server persistence
-
It's FOSS ☛ MinIO Is Done With Open Source, What Are Your Options?
Archived, unarchived, and archived again, the repo's status may keep changing, but MinIO's direction hasn't.
-
Security Week ☛ OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years
Tracked as CVE-2026-35414 (CVSS score of 8.1), the flaw is described as a mishandling of the authorized_keys principals option in certain scenarios involving certificate authorities (CA) that use comma characters.
According to Cyera, because of the bug, a comma in an SSH certificate principal name leads to OpenSSH access control bypass, allowing users to authenticate as root on a vulnerable server, as long as they have a valid certificate from a trusted CA.
-
Web Browsers/Web Servers/Feed Readers
-
University of Toronto ☛ Browsers, OCSP, and a view of the web in practice
I recently read Geoff Huston's Revocation of X.509 certificates, which in part talks about OCSP's failure. One of the pragmatic reasons for OCSP being dead is that Chrome dropped support for it more than a decade ago. Specifically, Chrome's replacement for certificate revocation was for Chrome to have an internal set of revoked certificates. Recently, Firefox has adopted a similar approach (with a different technical implementation).
One of my views of this is that it shows browsers recognizing and accepting that if they want something, they have to do it themselves and they can't rely on the behavior of outside parties, especially the behavior of a lot of outside parties. Another way to put it is that browsers can change themselves to get something done but they often have a hard time getting other people to change.
-
Mozilla
-
Firefox Nightly: VPN, Split View, and Other Goodies – These Weeks in Firefox: Issue 200!
-
Security Week ☛ Firefox Vulnerability Allows Tor User Fingerprinting
The vulnerability is tracked as CVE-2026-6770 and it has been patched with the release of Firefox 150 and Tor 15.0.10.
-
-
-
Productivity Software/LibreOffice/Calligra
-
Document Foundation ☛ Help us to improve LibreOffice’s Swahili translation!
In the LibreOffice project, our goal isn’t to just make a powerful office suite – but to also make it usable for as many people as possible. And a big part of that is translating the user interface, help content and websites.
-
-
Content Management Systems (CMS) / Static Site Generators (SSG)
-
PerlMonks ☛ Moving the site behind a CDN
Thanks to main work by Leo Lapworth and Olaf Alders at the Perl Toolchain Summit, we now have a setup that allows us to move the site behind a CDN ( https://www.fastly.com/ in fact ). Fastly does not require magic Javascript to execute on the clients, but will ideally still help to stem the deluge of scrapers. Together with this, there will be some likely changes: [...]
-
-
FSF / Software Freedom / Digital Sovereignty
-
The New Stack ☛ What the 2026 State of Open Source report reveals about digital autonomy
One of the strongest signals in this year’s data is the growing concern around vendor lock-in. The number of respondents that cited avoiding lock-in as a primary driver of open source adoption increased by 68 percent this year compared to last, with 55 percent selecting it. In Europe, where regulatory pressure and sovereignty concerns are already elevating technology decisions, that figure reaches 63 percent.
These results point to a broader shift in how leaders view control. Long-term leverage has become a priority in environments where licensing models, product roadmaps, and regulatory mandates can change more quickly than enterprise platforms. Open source provides organizations with greater influence over how their systems evolve and more flexibility to respond when constraints emerge.
-