Open Source

This blog post lets you edit your preferred color scheme of the whole site. The article not only talks about the some of the benefits of Rails, Hotwire, and CSS variables but shows you as well with a “colorful” live demo.

There is a DoS vulnerability in REXML gem. This vulnerability has been assigned the CVE identifier CVE-2024-39908. We strongly recommend upgrading the REXML gem.

Details

When it parses an XML that has many specific characters such as <, 0 and %>. REXML gem may take long time.

Please update REXML gem to version 3.3.2 or later.

Affected versions

• REXML gem 3.3.2 or prior

Credits

Thanks to mprogrammer for discovering this issue.

History

• Originally published at 2024-07-16 03:00:00 (UTC)

Posted by watson1978 on 16 Jul 2024

Save 40% on all training and certifications. Learn more at LF Training

The post Delivering Prime Training Deals – 2 DAYS ONLY appeared first on Linux.com.

On the occasion of the Point Zero Forum’s Innovation Tour, Berna Alp has interviewed Christian Blättler who implemented a system for using GNU Taler for unlikable discounts and subscriptions.

The Open Source Initiative (OSI) is pleased to share that we are joining the founding team of Open Forum for AI (OFAI), an initiative designed by Carnegie Mellon University (CMU)…

I’ve long been warning about the dangers of relying on just one browser as the bullwark against the onslaught of Chrome, Chrome skins, and Safari. With Firefox’ user numbers rapidly declining, now stuck at a mere 2% or so – and even less on mobile – and regulatory pressure possibly ending the Google-Mozilla deal with makes up roughly 80% of Mozilla’s income, I’ve been warning that Mozilla will most likely have to start making Firefox worse to gain more temporary revenue. As the situation possibly grows even more dire, Firefox for Linux would be the first on the chopping block. I’ve received quite a bit of backlash over expressing these worries, but over the course of the last year or so we’ve been seeing my fears slowly become reality before our very eyes, culminating in Mozilla recently acquiring an online advertising analytics company. Over the last few days, things have become even worse: with the release of Firefox 128, the enshitification of Firefox has now well and truly begun. Less than a month after acquiring the AdTech company Anonym, Mozilla has added special software co-authored by Meta and built for the advertising industry directly to the latest release of Firefox, in an experimental trial you have to opt out of manually. This “Privacy-Preserving Attribution” (PPA) API adds another tool to the arsenal of tracking features that advertisers can use, which is thwarted by traditional content blocking extensions. ↫ Jonah Aragon If you have already upgraded to Firefox 128, you have automatically been opted into using this new API, and for now, you can still opt-out by going to Settings > Privacy & Security > Website Advertising Preferences, and remove the checkmark “Allow websites to perform privacy-preserving ad measurement”. You were opted in without your consent, without any widespread announcement, and if it wasn’t for so many Firefox users being on edge about Mozilla’s recent behaviour, it might not have been snuffed out this quickly. Over on GitHub, there’s a more in-depth description of this new API, and the first few words are something you never want to hear from an organisation that claims to fight tracking and protect your privacy: “Mozilla is working with Meta”. I’m not surprised by this at all – like I, perhaps gleefully, pointed out, I’ve been warning about this eventuality for a long time – but I’ve noted that on the wider internet, a lot of people were very much unpleasently surprised, feeling almost betrayed by this, the latest in a series of dubious moves by Mozilla. It’s not even just the fact they’re “working with Meta”, which is entirely disqualifying in and of itself, but also the fact there’s zero transparency or accountability about this new API towards Firefox’ users. Sure, we’re all technologically inclined and follow technology news closely, but the vast majority of people don’t, and there’s bound to be countless people who perhaps only recently moved to Firefox from Chrome for privacy reasons, only to be stabbed in the back by Mozilla partnering up with Facebook, of all companies, if they even find out about this at all. It’s right out of Facebook’s playbook to secretly experiment on users. This is what I wrote a year ago: I’m genuinely worried about the state of browsers on Linux, and the future of Firefox on Linux in particular. I think it’s highly irresponsible of the various prominent players in the desktop Linux community, from GNOME to KDE, from Ubuntu to Fedora, to seemingly have absolutely zero contingency plans for when Firefox enshittifies or dies, despite everything we know about the current state of the browser market, the state of Mozilla’s finances, and the future prospects of both. Desktop Linux has a Firefox problem, but nobody seems willing to acknowledge it. ↫ Thom Holwerda It seems my warnings are turning into reality one by one, and if, at this point, you’re still not worried about where you’re going to go after Firefox starts integrating even more Facebook technologies or Firefox for Linux gets ever more resources pulled away from it until it eventually gets cancelled, you’re blind.