Don’t let computers go to waste and join us in fighting restriction on December 20 for the eighteenth International Day Against Digital Restrictions Management (IDAD).
Automation is one key factor that lets the small F-Droid team provide apps
to millions. The @checkupdates-bot
is a new reworking of an old piece of automation in F-Droid: checkupdates. This goes through all of the existing apps, checks if they
are set up for automatic updates,
and if so, runs the process to automatically generate a new build entry for
that release. That gets added to fdroiddata, which is what the
production buildserver processes in order to build and ship apps.
Since the best security is provided by systems that follow the principal of least
privilege, we
recently reorganized our setup and workflow around that principal so that
the @checkupdates-bot has the least privileges needed to do its job. The checkupdates process now runs in its own isolated project, separate from fdroiddata and any other F-Droid project on gitlab.com. It now only
pushes commits to its own dedicated
project, then makes
a merge
request
per app to fdroiddata. Both our automated CI processes and our trusted
human reviewers now handle all updates using the same process as for new
apps.
At the same time, we removed a key bit of cruft in our code: stats/known_apks.txt. This file was the place that stored the dates when
each app was added to the collection. This file was updated on the buildserver and maintained in fdroiddata. That information is also in
the index file, so we switched to
fetching it from there instead. That meant we could remove the last deploy
key in use in fdroiddata. Our operations no longer require any deploy
keys in fdroiddata.
While we were at it, we added some additional checks via the merge
requests. For example, now any time an image file is added or modified, a
CI job checks
whether the image contains any EXIF metadata, which can be used as an
exploit vector. We also added some additional enforcement to make sure
changes to key files go through human review via merge requests.
Security issue as inspiration
About a month ago, @SomberNight reported a security issue to us
in a confidential issue. We appreciate this detailed report, and also want
to highlight their diligent follow up. In specific situations, the old
setup was leaking the private deploy key which granted access to directly
push commits to fdroiddata. We immediately revoked that key, then removed
all privileges from the @fdroidci user that
was associated with that private key. We also investigated all the leads we
could follow to see if someone had used this key to insert something into
F-Droid. We searched the activity of the @fdroidci user and found no
evidence that unauthorized commits were added.
To be sure, we did some additional investigations. Since checkupdates had
been running as part of the fdroiddata project on gitlab.com, a malicious
app build recipe could have also read the CHECKUPDATES_SSH_DEPLOY_KEY
variable which contained the private key. We checked fdroiddata’s history
for signs of exfiltration and found nothing. We require that apps are built
from source code, and that source code is in a source code management system
like Git. That ensures a local copy with history is retained on our buildserver. We searched our local copy source code and found no evidence
that any app build processes where trying to exfiltrate the checkupdates
private key.
Do you have more ideas for things to search? Please dig in and let us know
if you find anything suspicious. Working in public means everyone is free
to investigate and come to their own conclusions, and contribute to a more
secure free software ecosystem on Android.
I’ve been dropping a lot of hints about my journey to rid myself of Google’s Android on my Pixel 8 Pro lately, a quest which grew in scope until it covered everything from moving to GrapheneOS to dropping Gmail, from moving to open source “stock” Android application replacements to reconsidering my use of Google Photos, from dropping my dependency on Google Keep to setting up Home Assistant, and much, much more. You get the idea: this has turned into a very complex process where I evaluated my every remaining use of big tech, replacing them with alternatives where possible, leaving only a few cases where I’m sticking with what I was using. And yes, this whole process will turn into an article detailing my quest, because I think recent events have made remocing big tech from your life a lot more important than it already was. Anyway, one of the few things I couldn’t find an alternative for was Google Pay’s tap-to-pay functionality in stores. I don’t like using cash – I haven’t held paper money in my hands in like 15 years – and I’d rather keep my bank cards, credit card, and other important documents at home instead of carrying them around and losing them (or worse). As such, I had completely embraced the tap-to-pay lifestyle, with my phone and my Pixel Watch II. Sadly, Google Pay tap-to-pay NFC payments are simply not possible on GrapheneOS (or other de-Googled ROMS, for that matter), because of Google’s stringent certification requirements. Some banks do offer NFC payments through their own applications, but mine does not. I thought this is where the story ended, but as it turns out, there is actually a way to get tap-to-pay NFC payments in stores back: Garmin Pay. Garmin offers this functionality on a number of its watches, and it pretty much works wherever Google Pay or Apple Pay is accepted, too. And best of all: it works just fine on de-Googled Android ROMs. Peope have been asking me to check this out and make it part of my quest, and ever the people-pleaser, I would love to oblige. Sadly, it does require owning a supported Garmin watch, which I don’t have. To guage interest in me testing this, I’ve set up a Ko-Fi goal of €400 you can contribute to. Obviously, this is by no means a must, but if you’re interested in finding out if you can ditch big tech, but keep enjoying the convenience of tap-to-pay NFC payments – this is your chance.
Learn about the top articles published at OpenSource.net in 2024. This site is dedicated to fostering knowledge sharing about Open Source software, hardware, open culture, and open knowledge.
Dans le plus grand des secrets, Apple organise tous les ans une cérémonie pour récompenser les meilleurs logiciels et jeux des 12 derniers mois. L’édition 2024 des App Store Awards met à l’honneur 17 développeurs venus du monde entier, que Numerama a eu l’occasion de rencontrer pour discuter de l’avenir de leurs applications. 45 finalistes, 17 gagnants. Tous les ans, Apple organise les Oscars des applications. La cérémonie des « App Store Awards », qui a eu lieu le 10 décembre 2024 à New York, a vu 17 développeurs recevoir un petit trophée bleu beaucoup plus lourd qu’il n’en a l’air. La marque, dans une ode au secret digne de sa réputation, n’avait pas annoncé aux lauréats la raison de leur venue. Eux pensaient s’être déplacés pour une séance photo en tant que finalistes, mais Apple leur a dévoilé qu’ils avaient gagné quand ils se sont assis devant la caméra.
Depuis le début d’année, les équipes de l’App Store essayent quotidiennement des applications et des jeux afin de préparer ce bilan annuel, qui pourrait bien changer la vie des développeurs sélectionnés. Apple a choisi début décembre 45 finalistes, puis a désigné une application par catégorie. Numerama vous présente les 11 applications qui ont gagné les App Store Awards 2024 (en plus des 6 autres désignés comme choix culturels).
Descubra as histórias emocionantes por trás dos holofotes, incluindo o fim do namoro de Senna com Xuxa e os desafios enfrentados pelos Beatles e pela princesa Diana.
Harvest Moon: The Winds of Anthos ist der aktuellste Teil der von Publisher Natsume herausgegebenen Reihe. Hier farmt ihr im friedlichen Land Anthos, das von einem Vulkanausbruch erschüttert wurde. Durch das Unglück wurden die vielen kleinen Orte der Welt von einander isoliert. Eure Aufgabe ist es, den Kontakt zwischen den Menschen wieder herzustellen. Damit das gelinkt, zieht ihr mit eurer mobilen Farm umher, betreibt Landwirtschaft, führt romantische Beziehungen und helft den Menschen der Region.
Die Spiele basieren auf dem originalen Harvest Moon von Entwickler Marvelous, der heute für die Reihe Story of Seasons bekannt ist.
Harvest Moon: The Winds of Anthos gibt es für PS4, PS5, Xbox One, Xbox Series, Nintendo Switch und PC.
As part of the implementation of the second phase of movement strategy in Africa Great Lakes region, supported by Wikimedia DRC, Wikimedia Rwanda and Wikimedia…
We are half way through our Advent Calendar, and we open with some exciting news. The first Drupal CMS Release Candidate is now available. We have been busy trying it out, but managed to take some time out to prepare today’s Advent Calendar, with some help from Matthew Tift. Over to you, Matthew.
The first page a user encounters after logging into a Drupal site is pivotal. It sets the tone for their entire experience, often defining how they will interact with the system.
The current Drupal user page
But with the introduction of the Dashboard initiative, that first page is about to change.
The final version 1.0.0 of the Ruby Version Manager for Windows (rvm-windows) has been released.
It is inspired by the rvm.io project for Unix systems and provides a similar user experience for Windows users by providing a compatible command line interface.
The Ruby Version Manager for Windows is a command line tool that allows you to easily install, manage, and work with multiple Ruby environments from interpreters to sets of gems.
It even works with the classic Windows command line aside from Powershell and is based on the x64 binaries provided by the RubyInstaller project.
Its goal is not to 100% reimplement all features of rvm.io, but the most important and common ones by preserving most of the same command line interface. Some special Windows related stuff is added as well.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
