Webassembly build.

If I decide to self-publish a book what happens to the copyright? Is there a way to prevent others from claiming copyrights for a book published autonomously? Are there OS licenses specifically tuned for books?

"Create P2P tunnels instantly that bypass any network, firewall, NAT restrictions and expose your local network to the internet securely, no Dynamic DNS required."

I want to showcase the project I have been working on for the last weeks. GitHub and Gitea/Forgejo allow you to upload files and directories created during a continuous integration run (Artifacts). These can be downloaded as zip files. However there is no simple way to view individual files of an artifact.

That's why I developed a small web application that allows you to view the artifacts of any CI run in your web browser. This allows you to quickly look at test reports or preview your web projects.

I am hosting a public instance with support for GitHub and Codeberg under https://av.thetadev.de/.

Features

• 📦 Quickly view CI artifacts in your browser without messing with zip files
• 📂 File listing for directories without index page
• 🏠 Every artifact has a unique subdomain to support pages with absolute paths
• 🌎 Full SPA support with 200.html and 404.html fallback pages
• 👁️ Viewer for Markdown, syntax-highlighted code and JUnit test reports
• 🐵 Greasemonkey userscript to automatically add a "View artifact" button to GitHub/Gitea/Forgejo
• 🦀 Fast and efficient, only extracts files from zip archive if the client does not support gzip
• 🔗 Automatically creates pull request comments with links to all build artifacts

Examples

Here are some artifacts to try:

SveltePress documentation site: https://cb--thetadev--artifactview--28-2.av.thetadev.de/

A bunch of test files: https://cb--thetadev--artifactview--28-1.av.thetadev.de/

Artifactview's own test report: https://cb--thetadev--artifactview--65-1.av.thetadev.de/junit.xml?viewer=1

Automatically created pull request comment: https://codeberg.org/ThetaDev/artifactview/pulls/2

Does anyone know the status of #funkwhale? The website (funkwhale.audio) has been down for a couple days now. #fediverse @opensource

A lot of old games have become unplayable on modern hardware and operating systems. I wrote an article about how making games open source will keep them playable far into the future.

I also discuss how making games open source could be beneficial to developers and companies.

Feedback and constructive criticism are most welcome, and in keeping with the open source spirit, I will give you credit if I make any edits based on your feedback.

Cross-posting to the OpenSource community as I think this topic will also be of interest here.

This is an analysis of how "open" different open source AI systems are. I am also posting the two figures from the paper that summarize this information below.

ABSTRACT

The past year has seen a steep rise in generative AI systems that claim to be open. But how open are they really? The question of what counts as open source in generative AI is poised to take on particular importance in light of the upcoming EU AI Act that regulates open source systems differently, creating an urgent need for practical openness assessment. Here we use an evidence-based framework that distinguishes 14 dimensions of openness, from training datasets to scientific and technical documentation and from licensing to access methods. Surveying over 45 generative AI systems (both text and text-to-image), we find that while the term open source is widely used, many models are ‘open weight’ at best and many providers seek to evade scientific, legal and regulatory scrutiny by withholding information on training and fine-tuning data. We argue that openness in generative AI is necessarily composite (consisting of multiple elements) and gradient (coming in degrees), and point out the risk of relying on single features like access or licensing to declare models open or not. Evidence-based openness assessment can help foster a generative AI landscape in which models can be effectively regulated, model providers can be held accountable, scientists can scrutinise generative AI, and end users can make informed decisions.

Figure 2 (click to enlarge): Openness of 40 text generators described as open, with OpenAI’s ChatGPT (bottom) as closed reference point. Every cell records a three-level openness judgement (✓ open, ∼ partial or ✗ closed). The table is sorted by cumulative openness, where ✓ is 1, ∼ is 0.5 and ✗ is 0 points. RL may refer to RLHF or other forms of fine-tuning aimed at fostering instruction-following behaviour. For the latest updates see: https://opening-up-chatgpt.github.io

Figure 3 (click to enlarge): Overview of 6 text-to-image systems described as open, with OpenAI's DALL-E as a reference point. Every cell records a three-level openness judgement (✓ open, ∼ partial or ✗ closed). The table is sorted by cumulative openness, where ✓ is 1, ∼ is 0.5 and ✗ is 0 points.

There is also a related Nature news article: Not all ‘open source’ AI models are actually open: here’s a ranking

PDF Link: https://dl.acm.org/doi/pdf/10.1145/3630106.3659005

p2p.positive-intentions.com

github.com/positive-intentions/p2p

a thin wrapper around peerjs with some functionalities for "intuitive" p2p communication.

this is a lighweight version of what is being used in our chat app. it will be developed with the aim to replace what is being used.

this is early development on this and it's missing all the bells-and-whistles seen in the chat app. It's an unstable experimental work-in-progress. it may contain bugs and/or incomplete features. provided for demo and educational purposes only.

Meet the new projects

Trustworthy hardware and manufacturing

Collection of Verified multi-platform Gatewares — Comprehensive repository of open source gateware designs
Flashkeeper — Write Protection on SOIC-8 flash chips without soldering
foaHandler — Reverse engineer the OpenAccess file format
FPGA-ISP-UVM-USB2 — Open hardware FPGA-based USB webcam
MEGA65 Phone Modular MVP — OSHW mobile device with form-factor of hand-held game consoles
nextpnr for GW-5 — Add support to nextpnr for Gowin GW-5 FPGA family
VexiiRiscv — Next generation of the VexRiscv in-order FPGA softcore

Network infrastructure incl. routing, P2P and VPN

Movedata — Privacy-preserving, energy efficient data replication and verification
NixBox — Nix integration with netbox
OpenHarbors — Dynamic Tunneling of WPA over IP/L2TP
Toward a Fully-Verified SCION Router — Formal verification of the reference open source SCION Router

Software engineering, protocols, interoperability, cryptography, algorithms, proofs

Diesel — Safe and performant query builder and ORM written in Rust
lib1305 — Microlibrary for Poly1305 hashing
libvips — Add animated PNG and enhanced JPEG XL support to libvips
MailBox renewal — Performance upgrade of MailBox mail modules
PTT — Unikernel Mailing list server in OCAML
Support for OpenPGP v6 in rPGP — Implement draft-ietf-openpgp-crypto-refresh in rPGP
Tracing and rebuilding packages — Improved metadata/provenance for build artifacts
UnifiedPush — Decentralized and open-source push notification protocol

Operating Systems, firmware and virtualisation

Arcan-A12 Directory — Server side scripting API for Arcan's directory server
Arcan-A12 Tools — A12 clients for different platforms and devices such as drawing tablets
postmarketOS daemons — Add modern service daemons to postmarketOS
Redox OS Unix-style Signals — Add Unix-style signal handling to Redox Operating System
TrenchBoot as Anti Evil Maid - UEFI boot mode support — Add UEFI to the Qubes integration of Trenchboot with AEM
tslib — Better configuration and callibration of touchscreen devices
Wayland input method support — Better specification for Wayland input methods

Measurement, monitoring, analysis and abuse handling

Back2Source next — Better matching of binaries with source code
Enhance the vulnerability database — Enhance the VulnerableCode vulnerability database
LANShield — Constrain local network access for mobile devices
OWASP dep-scan — Security and risk audit tool

Middleware and identity

Client Proof-of-Work in TLS — Mitigation against DoS amplification on the TLS handshake

Data and AI

LabPlot — Scientific and engineering data analysis and visualisation

Services + Applications (e.g. email, instant messaging, video chat, collaboration)

bluetuith — Bluetooth connection/device manager for the terminal
Draupnir — Moderation bot for Matrix servers
Gancio — Shared agenda for local communities that supports Activity Pub
Miru — Multi-track video editing and real-time AR effects
Openfire IPv6 support — Add IPv6 support to the Openfire XMPP server

Vertical use cases, Search, Community

COCOLIGHT — Lightweight version of Communecter
OpenCarLink — Security tooling for vehicle ODB2 ports

Still hungry for more projects? Check out the overview of all our current and recent projects...

Can y'all help get me started with open source drone stuff? Ideally sub 250g. I'm looking to get into the hobby, and don't have anything. Recommendations for controllers, SIMs etc would also be nice.

cross-posted from: https://infosec.pub/post/13676291

I've been building MinimalChat for a while now, and based on the feedback I've received, it's in a pretty decent place for general use. I figured I'd share it here for anyone who might be interested!

Quick Features Overview:

• Mobile PWA Support: Install the site like a normal app on any device.
• Any OpenAI formatted API support: Works with LM Studio, OpenRouter, etc.
• Local Storage: All data is stored locally in the browser with minimal setup. Just enter a port and go in Docker.
• Experimental Conversational Mode (GPT Models for now)
• Basic File Upload and Storage Support: Files are stored locally in the browser.
• Vision Support with Maintained Context
• Regen/Edit Previous User Messages
• Swap Models Anytime: Maintain conversational context while switching models.
• Set/Save System Prompts: Set the system prompt. Prompts will also be saved to a list so they can be switched between easily.

The idea is to make it essentially foolproof to deploy or set up while being generally full-featured and aesthetically pleasing. No additional databases or servers are needed, everything is contained and managed inside the web app itself locally.

It's another chat client in a sea of clients but it is unique in its own ways in my opinion. Enjoy! Feedback is always appreciated!

Self Hosting Wiki Section https://github.com/fingerthief/minimal-chat/wiki/Self-Hosting-With-Docker

I thought sharing here might be a good idea as well, some might find it useful!

I've added some updates since even the initial post which gave a huge improvement to message rendering speed as well as added a plethora of new models to choose from and load/run fully locally in your browser (Edge and Chrome) with WebGPU and WebLLM

Situation: You run a website and want users to have to do some amount of work in order to activate a function in your code. The "function" can be anything: creating an account, receiving some kind of in-game token/reward, dispensing coins from a faucet, whatever. Captchas are becoming increasingly both increasingly complex and increasingly useless against spam attacks. Various "proof of personhood" options are available (SMS verification etc) but come with downsides as well.

An obvious alternative to captchas is some kind of "proof work" scheme where the user has to run a certain number of hash calculations. This is cheap for individual users but expensive for spammers to spam, and could even net you a little crypto if you wanted it to. This, for example, is the approach used by Tor's anonymity network help prevent DDoS attacks. This is fine, but it serves no other purpose and uses lots of of energy. Though in Tor's implementation, it is only occasionally used as opposed to being used for every request.

My script is a "proof of useful work" captcha alternative. The user must download and process a chosen amount of workunits from a chosen BOINC project(s). This work is "useful" because it contributes to scientific research. BOINC is a software for distributed/volunteer computing and its used by scientists all over the world including the Large Hadron Collider (CERN) to offload expensive computation to the machines of volunteers. My script downloads stats from the BOINC projects and verifies the user has completed the work. If the user is a pre-existing BOINC user, they will already have sufficient credit to instantly activate the function on the site.

The default setup for this software is as a "crypto faucet", but you can plug-in any function you want: anti-spam, user registration, whatever. It calculates a cost for the "work" and makes sure it dispenses less than the cost, making sure no user has incentive to use the faucet more than a few times since it would cheaper for the user to just do the work on their own without the faucet acting as a middleman.

Downside of this tool is that the user may take some time to accumulate the credit (unless they are an existing BOINC user with credit) and the BOINC projects only report updated credit once every 24 hours (though if you ran your own BOINC project for this purpose, you could get this time down much lower). So while this can be good for longer-term tasks (such as giving an in-game reward to users who contribute to science), it is not quick. They also have to download and run BOINC (and change their username at a BOINC project), which is a big step compared to a captcha. In an ideal world, the BOINC work could be completed in the browser instead of by downloading BOINC, I believe folding at home had a client that could do this at one point.

Anyways, I think it's an interesting idea. Maybe you do too and can use it to your advantage somehow.