I'll be speaking at #DebConf next month! My talk is titled "Intro to #SecureDrop, a sort-of Linux distro"

https://debconf23.debconf.org/talks/39-intro-to-securedrop-a-sort-of-linux-distro/

Looking forward to being back in India and seeing #Debian folks again!

My biggest accomplishment for the week is replacing a nearly 19k line Python dependency with a 2 line function in #SecureDrop: https://github.com/freedomofpress/securedrop-proxy/pull/115

Happy Friday!

Just in case anyone needs to know this, the most secure way of blowing the whistle online is via #SecureDrop

This is a #Tor service set up for the purpose of dropping #data to #news orgs and such.

For example the current address for the Guardian's SD is http://theguardian.securedrop.tor.onion

You need a Torified browser to access it. You can get one here https://www.torproject.org/download/

Just in case anyone needs to know this, the most secure way of blowing the whistle online is via #SecureDrop

This is a #Tor service set up for the purpose of dropping #data to #news orgs and such.

For example the current address for the Guardian's SD is http://theguardian.securedrop.tor.onion/

You need a Torified browser to access it. You can get one here https://www.torproject.org/download/

Je ne parle pas trop de tech ou de mon travail ici mais l’une des enterprises pour lesquelles je bosse, Freedom of the Press Foundation, organise un hackathon pour le logiciel #SecureDrop ce week-end, dans le cadre de #AaronSwartzDay.

Si vous souhaitez participer, voici le lien https://github.com/freedomofpress/securedrop/wiki/Hackathon

Pour aller plus loin:

https://www.aaronswartzday.org
https://securedrop.org
https://freedom.press

#Whistleblowing #LanceurDAlerte #LibertéDeLaPresse

I will be at #AaronSwartzDay this weekend with the rest of the #SecureDrop team! Hope to see people there in person or virtually!

https://www.aaronswartzday.org/

Also interested in hacking on wiki things of course :-)

#SecureDrop uses a custom grsecurity-patched kernel for some extra security. Until very recently, every time we wanted/needed to update to a new kernel, it required a full SecureDrop release, going through the whole QA, etc. process.

In September we detached this process, and today we released our first kernel packages independently from a SecureDrop release!

https://github.com/freedomofpress/securedrop/issues/6328#issuecomment-1306455935

We're also working on formalizing a proper update policy: https://github.com/freedomofpress/securedrop/issues/6514

In preparation for #OpenSSL's "critical" security release tomorrow:

sudo lsof | grep libssl.so.3

*most* Debian servers should be unaffected because it only affects OpenSSL 3, not 1.1. #SecureDrop is still on Ubuntu Focal so it should also not be affected.