Comment on
Why do you use/choose Linux?
Freedom.
Comment on
Why do you use/choose Linux?
Freedom.
Comment on
Which websites should we link to?
I really like LibraryThing and uses it since about 15 years. Here's my account if you want to connect: https://www.librarything.com/profile/cedricbonhomme
Comment on
Cedric (@[email protected])
Reply in thread
I will investigate this! Thank you!
Comment on
Global, distributed and backwards compatible CVE alternative launched by CERT
Reply in thread
this an initiative from the CIRCL CERT: https://www.circl.lu/
The GCVE is already supported by Vulnerability-Lookup (https://github.com/vulnerability-lookup/vulnerability-lookup) an open source software partly funded by Europe.
Comment on
Newspipe 12.1.0 released
Reply in thread
I admit, I didn't realize that back in 2016 when I renamed the project to "Newspipe". But I have no regrets about it.
Comment on
Newspipe 12.1.0 released
Reply in thread
I started this project in January 2010, and I have been maintaining it ever since. Only recently did I use Claude Code with Opus to make some improvements to the layout (mainly the third column and the new scrolling system) and the README. I'll continue to use Claude Code to help me with UI and also maintain the translations.
Comment on
Looking for Lemmy accounts about software vulnerabilities, CVEs, etc.
Reply in thread
hello,
Thank you very much for your reply and the information. I'll have a look at your links.
Actually, I am simply looking for various information about vulnerabilities. The goal is not to find announcements of vulnerabilities. This is part of the "Vulnerability Lookup" project: https://vulnerability.circl.lu/ where we gather "sightings": https://vulnerability.circl.lu/sightings
A sighting can have various sources such as: GitHub Gist, Pastebin, Fediverse, Telegram channels, etc. So yes... here my questions is about sightings from the Fediverse. For now I am happy with this simple tool to monitor the Fediverse: https://github.com/CIRCL/FediVuln
It is able to find status related to security vulnerabilities and generate sightings in our "Vulnerability Lookup" project. That's it ;-)
thank you !
Comment on
Vulnerability Report - September 2025
Reply in thread
Considering vendor ranking. I see this quite often. Recently during Vuln4Cast conference. I think we will try some CNA ranking as well. Just to see. Or make a CNA classification. For example some CNAs often publish advisories related to Wordpress vulnerabilities that are barely maintained. I would like to be able to make stats including or excluding various CNAs, vendors, etc. We need first to handle couple of new indexes in our system for this.
Comment on
Vulnerability Report - September 2025
Reply in thread
Most of the time, yes. It has a relation with the impact. I’m referring to activity on social networks such as Mastodon and Bluesky, but also to other sources like Nuclei templates, Metasploit modules, and the Shadowserver Honeypot dataset. We rely on different types of sightings. It’s not just about “mentions.” The sightings used in the reports are from different sources: https://www.vulnerability-lookup.org/tools/#sightings
Regarding social network mentions, especially on platforms like Bluesky, I was quite skeptical at first since there’s a lot of noise. Lot of people are simply ranting. I changed my mind on this. Honestly, most of the time when we observe a spike in activity shortly after — or even before — the publication of an advisory, it turns out to be a severe vulnerability. Or something we have to look at.
We discussed this topic in our paper presented in Berlin: https://www.vulnerability-lookup.org/events/#first-cyber-threat-intelligence-conference , and more recently, we explored its connection with forecasting and automated classification techniques in our paper “VLAI: A RoBERTa-Based Model for Automated Vulnerability Severity Classification.”
Comment on
Global, distributed and backwards compatible CVE alternative launched by CERT
Reply in thread
this an initiative from the CIRCL CERT: https://www.circl.lu/
The GCVE is already supported by Vulnerability-Lookup (https://github.com/vulnerability-lookup/vulnerability-lookup) an open source software partly funded by Europe.
Comment on
A Cybersecurity Weather Map
Reply in thread
of course, you can clone/fork the repository as you want.
Comment on
Vulnerability-Lookup 3.0.0
Reply in thread
thank you!
Comment on
Cedric (@[email protected])
Reply in thread
lol, but thanks!
Comment on
Cedric (@[email protected])
Reply in thread
Thank you for the compliment!
And definitely, you should have a look at Pixelfed. The community is surprisingly active!
I cross-posted the post to [email protected] . Thanks for the tip!
Comment on
Cedric (@[email protected])
Reply in thread
Thank you very much!
Actually I cross-posted it because someone advised me to do this after I initially shared it on [email protected] . But next time I'll directly share on [email protected] ;-)
Comment on
MOSP, A platform for creating, editing and sharing, always valid, JSON objects
Recommendations and some security standards are available on the official MOSP instance.
Comment on
Newspipe 12.1.0 released
Reply in thread
thank you !