news
Free, Libre, and Open Source Software, Browsers, Coding, and Standards
-
Coalition for Networked Information ☛ Theory and Practice of Digital Libraries (TPDL) Conference 2025
CNI is once again a cooperating organization for The International Conference on Theory and Practice of Digital Libraries (TPDL), taking place in Tampere, Finland, September 23–26, 2025. Full details and the registration link are available on the conference website: https://tpdl2025.github.io/ParticipantInformation/registration.html
-
Web Browsers/Web Servers
-
Cyble Inc ☛ Apache InLong CVE-2025-27522 Exposes RCE Attacks
This particular vulnerability stems from insecure handling of serialized data in InLong’s JDBC component. When data is received during JDBC verification, Apache InLong fails to adequately sanitize or validate the contents before deserializing them. Malicious actors could exploit this gap to send specially crafted payloads, which, when deserialized, could trigger unauthorized behavior such as file manipulation or arbitrary code execution.
-
Chromium
-
Unmitigated Risk ☛ Déjà Vu in the WebPKI
Browsers don’t take these actions lightly, their role as guardians of user trust necessitates them. They delegate significant trust to CAs, and when that trust gets undermined, the browser’s own credibility suffers. As Chrome’s policy states, and today’s announcement reinforces, CAs must “provide value to Chrome end users that exceeds the risk of their continued inclusion.” This isn’t just boilerplate; it’s the yardstick.
Incident reports and ongoing monitoring provide what little visibility exists into the operational realities of the numerous CAs our ecosystem relies upon. When that visibility reveals “patterns of concerning behavior,” the calculus of trust shifts. Root program managers scrutinize incident reports to assess CAs’ compliance, security practices, and, crucially, their commitment to actual improvement.
-
-
-
Programming/Development
-
Rlang ☛ April 2025 Top 40 New CRAN Packages
ananke v0.1.0: Implements tools for calibration of radiocarbon ages and modern carbon fraction values using multiple calibration curves.
-
Perl / Raku
-
Perl ☛ The Perl Toolchain Summit 2025: Security, Testing, and Community Collaboration
From May 1–4, 2025, the invite-only Perl Toolchain Summit (PTS) brought together in Leipzig, Germany, 33 of the ecosystem’s most active maintainers — and welcomed 6 first-timers — for four days of uninterrupted deep-dive collaboration in pair-programming sessions, consensus discussions, and critical infrastructure work. Attendees tackled security tooling and infrastructure, modernization and redesign proposals, several CI and test harness improvements, Perl core optimizations, and metadata/spec updates.
-
-
-
Standards/Consortia
-
Document Foundation ☛ ODF and proprietary formats: a comparison
When we create or share a document – whether a simple text, complex spreadsheet or professional presentation – we make a choice that goes far beyond the file extension. This is because the format gives us, or takes away, control over the content.
-
Dan Abramov ☛ One Roundtrip Per Navigation
In traditional “HTML apps”, aka websites, getting the data always takes a single roundtrip. The user clicks a link, the server returns the HTML, and all the data necessary to display the next page is already embedded within that HTML. The HTML itself is the data. It doesn’t need further processing—it’s ready for display: [...]
-
Howard Oakley ☛ Can you trust times shown in the log?
Dates and times given in log extracts invariably match those of the Mac’s system clock, the only catch here being adjustments for time zone and DST. The latter can become confusing if you look at the log when DST is changed, or from a different time zone. To cope with that you can use the --timezone local option in log show to express all times with uniform adjustment. Ulbow doesn’t use that, but LogUI does now synchronise all time and date stamps to the current time zone and DST.
-