yay it's almost time for our #SFC AMA!!!! get your questions ready, Fediverse! What would you like to know about? @bkuhn, @ossguy@copyleft.org and I will be standing by!
And while we're pausing from questions, I'd be a bad Executive Director if I didn't mention that we still have $92,680 left in our match challenge! Until 1/15 (or until we've reached the $251,939 challenge amount), donations count twice.
I've been inundated with emails today, saying that there are only hours left to donate in 2025! I won't be so theatrical, but I will say it's a very good time to donate to #SFC. We'll use the funds as wisely as possible towards our mission of software freedom.
> Even it were possible, changing from a one-hour to a four-hour confirmation would have significant negative impacts on the Bitcoin ecosystem.
how? What negative impact? The Bitcoin blockchain is a payment rails, not a trading platform. On-chain trading does not have to happen; only final settlement. Layers have been built on top of it for a long time now because even 1 hour sucks for some use cases.
It's like pretending that when you trade stocks they're in your name. No they're not, unless you purchase them and they're direct registered. When you're on eTrade, Vanguard, etc trading stocks they're just changing values in a database inside that company. If you want to direct register your MSFT stocks that you're holding on eTrade it's going to take several days (near a week last I saw) for that to "settle" too.
> A self-employed person who makes a modest income of $60,000 will pay over $13,000 of it in payroll and income taxes.
oh this is easy, register a single-member LLC and pay yourself a salary of only $20,000. You only do the full payroll taxes on that $20k, and the remaining $40k you can take as equity disbursements
if you get a good accountant they'll coach you through this
I wonder how much federation is borked if I enable Authorized Fetch mode
pls boost if you see this post
edit: okay it seems to be fine. might just been my first testing when I thought it was broken because I was fetching using the wrong url on a remote instance
apparently someone or something is trying to screw with my server
Limiting tcp reset response from 521 to 213 packets/sec Limiting tcp reset response from 482 to 215 packets/sec Limiting tcp reset response from 1158 to 190 packets/sec Limiting tcp reset response from 1354 to 184 packets/sec Limiting tcp reset response from 664 to 213 packets/sec Limiting tcp reset response from 890 to 210 packets/sec Limiting tcp reset response from 643 to 213 packets/sec Limiting tcp reset response from 278 to 195 packets/sec Limiting tcp reset response from 501 to 204 packets/sec Limiting tcp reset response from 659 to 212 packets/sec Limiting tcp reset response from 1281 to 214 packets/sec Limiting tcp reset response from 641 to 209 packets/sec Limiting tcp reset response from 349 to 213 packets/sec Limiting tcp reset response from 692 to 215 packets/sec Limiting tcp reset response from 1597 to 189 packets/sec Limiting tcp reset response from 1370 to 208 packets/sec Limiting tcp reset response from 610 to 210 packets/sec Limiting tcp reset response from 426 to 214 packets/sec Limiting tcp reset response from 1011 to 209 packets/sec Limiting tcp reset response from 609 to 207 packets/sec Limiting tcp reset response from 354 to 200 packets/sec Limiting tcp reset response from 228 to 216 packets/sec Limiting tcp reset response from 353 to 203 packets/sec Limiting tcp reset response from 1277 to 199 packets/sec Limiting tcp reset response from 1311 to 205 packets/sec Limiting tcp reset response from 799 to 210 packets/sec Limiting tcp reset response from 423 to 203 packets/sec Limiting tcp reset response from 392 to 206 packets/sec Limiting tcp reset response from 334 to 198 packets/sec Limiting tcp reset response from 678 to 185 packets/sec Limiting tcp reset response from 2004 to 185 packets/sec Limiting tcp reset response from 1069 to 214 packets/sec Limiting tcp reset response from 1201 to 187 packets/sec Limiting tcp reset response from 1124 to 207 packets/sec Limiting tcp reset response from 275 to 195 packets/sec Limiting tcp reset response from 299 to 214 packets/sec Limiting tcp reset response from 793 to 188 packets/sec Limiting tcp reset response from 1841 to 187 packets/sec Limiting tcp reset response from 1647 to 202 packets/sec Limiting tcp reset response from 818 to 197 packets/sec Limiting tcp reset response from 1034 to 204 packets/sec Limiting tcp reset response from 885 to 209 packets/sec Limiting tcp reset response from 354 to 184 packets/sec Limiting tcp reset response from 721 to 210 packets/sec Limiting tcp reset response from 1479 to 184 packets/sec Limiting tcp reset response from 560 to 194 packets/sec Limiting tcp reset response from 541 to 190 packets/sec Limiting tcp reset response from 762 to 186 packets/sec Limiting tcp reset response from 335 to 204 packets/sec Limiting tcp reset response from 448 to 186 packets/sec Limiting tcp reset response from 686 to 196 packets/sec Limiting tcp reset response from 588 to 212 packets/sec Limiting tcp reset response from 1136 to 208 packets/sec Limiting tcp reset response from 1066 to 190 packets/sec Limiting tcp reset response from 353 to 206 packets/sec Limiting tcp reset response from 502 to 211 packets/sec Limiting tcp reset response from 416 to 190 packets/sec Limiting tcp reset response from 614 to 214 packets/sec Limiting tcp reset response from 912 to 200 packets/sec Limiting tcp reset response from 968 to 186 packets/sec Limiting tcp reset response from 1153 to 207 packets/sec Limiting tcp reset response from 1312 to 191 packets/sec Limiting tcp reset response from 484 to 196 packets/sec Limiting tcp reset response from 605 to 186 packets/sec Limiting tcp reset response from 583 to 215 packets/sec Limiting tcp reset response from 258 to 214 packets/sec
In Norway, they’re building a new stave church, using only Viking-age tools and techniques. 1,000 people are involved, and it is expected to be complete by 2030.
I have been under distress lately due to personal circumstances that are outside my control. I cannot find a permanent job that allows me to function, I am not eligible for government benefits, my grant proposals to work on free and open-source proje…
Ha muerto otro referente de mi juventud. No un famosete de cine o televisión, sino un simple mortal con quien compartí muchas aficiones. Estoy cansada de los Memento Mori. 😮💨
Are you a #GNOME volunteer? Tell us your 2025 highlights!
Do you know that some companies will match your volunteer hours with GNOME providing $10-$25 per hour to the GNOME Foundation? Some can offer up to $15k/year.
If you have volunteered for GNOME, this is a great way to help #GNOME additionally through your efforts.
This is a lose thread of things I've achieved this year, and things that happened in my life throughout the year. Most of them which i'm proud of. Well, I don't have anything particular in mind, and I might add things here and there over the coming days, so here we go. 1/X
I pushed my Hitster online implementation to new heights. With now over 7K songs, thanks to the help of my partner and a friend, and we got online hits management now too. Squashed a few bugs here and there, and Bingo mode is on the roadmap for next year. Over all, pretty happy with how things are progressing on this end. 2/X
I became a PHD student back in June. I still don't feel too well in this seat to be honest, writing papers will definitely never become something I feel comfortable with. I also just wrote a 2-pager and submitted it for a conference, let's see if something comes of it or not. But anyway, writing something is better than nothing. The initial goal was to finish in 3 years, it doesn't feel like this is in the cards TBH, but I don't want to stress myself anyway. It'll take all the time it needs. 3/X
I turned 30 this year. I know that age isn't important and all, but it still feels like time is ticking in so many different ways. It doesn't feel bad to say and think that i'm 30 now, but it feels bad that time runs so fast these days. I guess that is part of becoming older. Not a pleasant feel, not gonna lie. 4/X
My partner got a job. Just a half-time one, but that means that she can finally stand on her own two feet after finishing her Bachelor degree back in 2023 and not finding a job right after. This helped us put some money into getting some new desks, and we want to keep our eyes open for a new and bigger flat next year. Who knows what'll happen, but i'm proud of her, she can finally buy herself some things she doesn't necessarily need but always wanted to get her hands on. 5/X
I put together a little showcase of how a Komplete Kontrol software browser could look like if it was accessible. Nothing fancy really, but I built it in Rust and used Tauri for it. Not gonna lie, writing a software that feels snappy and cool that uses the same technology stack as Discord, but uses just a tiny amount of resources compared to that beast kinda feels great. It was an interesting ride. 6/X
AI made me think quite a bit this year. It helped me to get into a foreign codebase, namely SayThe Spire, and understand the concepts behind it and finally make some changes. It also helped me carry out some maintenance tasks way easier by doing some tiny bits of research. I however also encountered major pitfalls in more complex projects. I also don't think I have to measure my value as a dev by amount of code output, I prefer to write solid, but less code over dumb code in hig amounts. 16/X
Music definitely was on the B-side of this year. YouTube channel stopped, I think I didn't touch any music at all this year. Well, maybe at the beginning. And now that my PC stopped to accept my Thunderbolt 4 switch too I basically lost access to my sample library hard drives too. I'll find a solution in time, but there are days when I want to go back to writing or arranging music. I initially wanted to get a new desktop PC next year too, but thanks storage prices, that is not gonna happen. 7/X
2025 also closes my second year in professional teaching people. I still feel kinda like an imposer compared to some teachers out there who know their way much better than me, but I feel like I was able to help some people get the hang of their workflow and enable them to do what they like most, hopefully without ripping them of their money. 8/X
Back in Januar this year I attended a meeting about how we could improve Germany's financial support for game developers and making accessibility part of that equation. It turned out to not achieve anything due to various foreseeable circumstances and changes within the gouvernment back in February, but it kinda felt good to be there and talk to people who are interested in my oppinion as a studied game developer. 9/X
Projects that certainly didn't get too much attention this year include Musical Sight, now Ear Dojo thanks to @Scott. I managed to rewrite my importer to incorporate the catalog from ReaperAccessible, bringing the total amount of products within the catalog to over 1.8K, but about 1K of them aren't properly tagged thanks to our catalogs not being exactly compatible. I also thought of some ear training exercises I want to add to Ear Dojo, let's see if that'll happen soon. 10/X
Also ReaHotkey fall flat for me this year. Luckily Matej took over with maintaining Kontakt and Komplete Kontrol entirely, and I didn't have the chance to test wether Dubler is still up and running. I was originally planning to add Melodyne support at some point, but that has to wait a bit longer as it seems. 11/X
I managed to read 62 books this year (and counting, Goodreads takes its time). Currently about 20,380 pages (dunno how long in narrated hours). Kinda doubled my reading throughput since 2024. I also enjoyed most of them really, kinda reminds me of the good old days about 20 years ago when I literally inhaled every book I could find back then. 12/X
My year started pretty badly, as I was noticing changes in how my body behaves and what it does in non-predictable circumstances which worries me quite a bit. I thus turned to my doctor who thinks that this isn't too much to worry about. I got some medication which seems to help a bit, but not make the things go away. With my family backstory I turned to a specialist, but only got an appointment in April, so this is basically still on hold for the time being. 13/X
In terms of games, my partner and I finished Trails through Daybreak and Trails through Daybreak 2 this year, two games we really, really enjoyed alot, and we're looking forward to Thrails beyond horizon which should arrive in January. Apart from that, we played Clair Obscur with a friend, and I think this game also made it to the spot of game of the year for me. Certainly unexpected, but awesome in so many ways, and more. 14/X
I played quite a bit Slay The Spire this year too, since I was able to pick up the SayTheSpire mod and add support for Downfall and fix some other things as well. The original dev also merged my changes, and its great to give something back to the community. I also played a bit Doki Doki Literature Club and Sequence Storm this year, as well as Final Fantasy VI and IX, which i'm also looking forward to playing more in the future. 15/X
Hi fediverse! I'm looking for earing supports I can use in DIY jewelry making, specifically in silver grade 925 or in titanium. Do you know an online shop where I could get them?
(a non-topical comment on your post... I refreshed my feed in phanpy.cosocial.ca and this post happened to be at the top and rendered with "Musc" which then morphed into "Music" almost right away. I'm supposing that there was a typo and you edited it and, since I've never seen anything around edits that was not a notification that someone I replied to or liked had edited there post, I found it interesting to have seen. Curious if this what actually happened or if I was imagining things)
I knew the edits were recorded/visible, I just found it interesting to see one played back "live". Up until now, I've only seen it update slowly like replies etc come in.
I'd be interesting in knowing how it happens (does the client stay connected to my server and the server offers up edited updates when such a connection is maintained?).
Does such a thing exist? You would need an active device for that to power the USBC AirPods and a DAC to convert analog to digital for the USB-C host, which then turns it back into analog. Not sure how that would work in practical terms.
If you ever find such a thing, I would be overjoyed to hear of it. I've been looking for 3.5 input, USB C output, for quite a while. I don't want a mixer, it has to be very portable. My search has resulted in nil, sadly.
@techsinger You'd probably have to build something custom with micro controllers and junk. Far as I know, such a thing doesn't exist as a commercial product.
Numbers and algorithms are so messed up for my brain. I have a YouTube channel with 97K subscribers and if I publish a video that does below 1K it feels like a failure, even tho I get dozens of positive comments, I'm proud of the video, and I had fun during the time I spent making it. Fuck numbers and algorithms, dude. I need to go back to how I was pre-internet, just making things for my own pleasure, and being happy if only a handful of people like it
yeah, forums and blogs used to only have comments and messages, then views and "reactions" started appearing because writing a comment I guess became too hard 🫠
Welp ... I was just informed through a Slack DM that I will no longer be working at the place I'm working at in two weeks' time. That is, evidently, how we handle that now. Not entirely unexpected as the writing on the wall was evident, but still not loving that approach for reasons I haven't quite worked out yet. If anyone needs help with their #accessibility from someone with both native #screenReader experience and a coding background, keep me in mind I guess :) #fediHired #layoffs
I should probably slightly amend that statement. If someone needs help with their #accessibility from a native #screenReader user with a coding background, keep me in mind. If you want your product to be more #accessible as a new year's resolution, also keep me in mind. i won't even judge if you drop the resolution two weeks after. If you've received complaints your product isn't accesssible but decided they weren't worth addressing, please realize you're deliberately choosing to exclude a bunch of people, decide you want to be a better human than that, and THEN keep me in mind :)
to whoever stole my Zoom F4 recorder from #39c3 from the toilet rave / Maskenball: please, at least, give me the storage cards inside. they contain very valuable recordings. please. contact me at sdcards@nik.mx.
Is it the brain that thinks? It's at least a typical conception that the brain is where the thinking takes place. But in reality it's the body and its wider metabolism with it's surroundings from which thinking materializes.
Okay, I am thinking about doing Jamuary this year, but maybe with a twist? Would any of you mutuals be interested in creating a prompt for me?
This could be anything, with the stipulation YOU create it. A text prompt of any kind; a visual score; a drawing, painting or photograph; a set of instructions such as tempo, key, timbres, etc; a brief sound recording for me to react to or even incorporate; a mood board or collage; etc/et al.
Just had a great 3 hours music session with @ZBennoui, going through my recently installed ample guitar, and coming so far with a project of mine on which he's been helping me, that now I can finally resume some work on it myself! Yes, that old forgotten instrumental I posted once upon a time in july. Either way as a little shoutout, this ongoing cooperation is amazing looking back and listening to the first tracks, comparing them to what we have now. Really appreciate your help man!
Hey #39c3, can you share pictures of fox ears? My colleagues at home won’t believe me that all of our 1,000 fox ears have found a new owner 😅 / Pls boost
Realizing I could use trackpad gestures to back out of the libadwaita navigation views then spending more time flinging the views back and forth than actually responding to people in Fractal.
that would probably be switching to Linux (with GNOME of course!) on my main PC after years of deliberation and mostly using vms and secondary computers
learning I could alt-space to make *any* window Always on Top and even mighrate with me between workspaces, which is truly one of the coolest windowing UI features ever. 🙌
I joined the Summer of GNOME OS challenge, and actually ended up creating/registering so many issues that I was in the top three when the challenge ended. I'm pretty sure the only reason is because others didn't register their issues, though, but it was still fun.
Also, getting a reply and being taken seriously when I butted in on a board discussion was really nice :)
The thing I like most about GNOME is that it's content to sit in the background chugging along, doing its thing without calling attention to itself. The big highlight for me is that my extensions now work seamlessly across updates, so there's one less case where I even have to think about my desktop environment.
This may sound ridiculous but I'm so happy the sound controls make a noise now when you change the volume. It makes it so easy to check if the sound is working correctly when switching outputs!
The migration to the strparse API introduced regressions in Digest authentication parsing where Optional Whitespace (OWS) after commas was not skipped, and escaped quotes in values were not correct...
Yes, and actually the only serious bug from their list.
Koch either didn't watch the talk, he is in such defense of his own ego that he can't see how serious the bugs were, or he's tacitly admitting that PGP is not a serious recommendation.
Can you distinguish between these three explanations?
Could it be all of them are true?
Impact
While this may allow remote code execution (RCE), it definitively causes memory corruption.
Good research.
I think this sarcastic quip is what reveals Werner Koch's opinion about the security researchers and their work.
The rest of his email is measured (and partly responding to other mailing list participants rather than the disclosure directly).
what I don't get is why you take this opportunity to attack #pgp in general, like taking the opportunity to push for some agenda, the site is called gpg.fail, GPG not PGP, most of the problems are related to gpg or some C code implementation bug, or using gpg and others in the command line and getting tricked by some ansi printing in the terminal, how that translates to "let's kill pgp"? ex. none of the listed problems affect #DeltaChat at all
@adbenitez it's a bit like saying "After seeing the arrogance and dismissiveness of the OpenSSL devs, we should come up with a way to replace TLS and x509"
@pemensik We replace email itself with a protocol that doesn't have a plaintext fallback mode, but has the same UX and can optionally yeet ciphertext (without meaningful metadata) over IMAP/SMTP if necessary.
there has been so many projects wanting to replace email or claiming "email is dead" at the end of the day there is only one survivor, and it is not them
Why do the failures of gpg imply that openpgp and rfc9580 are bad? Have you looked at modern ways of doing openpgp and email like chatmail.at does it? See also chaos.social/@delta/1157966260…
There are also many broken ways to implement signal protocols but they are not useful as examples for discrediting signal.
Chatmail provides FOSS infrastructure for interoperable, secure, speedy and reliable end-to-end encrypted messaging. Check out clients as Arcane Chat, Bots or Delta Chat today!
@jack it also struck me often that these repeated "peace wishes" endings have so few to do with the typical content of Koch's mails, where he is very dismissive, also btw of ongoing #openpgp advances in the last several years.
One of my favorite "Star Sightings" was one my ex-wife had. She and her boyfriend at the time went to a Broadway show. Sitting in front of them was Patrick Stewart. My ex says to her boyfriend, that's Patrick Stewart. He replied, not it's not. At intermission Patrick Stewart turned around and said to her boyfriend in his baritone voice, "But he is."
ללהיטים הגדולים של כוורת להאזנה ברצף:https://www.youtube.com/watch?v=PHxYIcFyBVwמילים: דני סנדרסוןלחן: יצחק קלפטרהיא כל כך יפה זה צובט בלב שלך, אך בכאב עצום....
I thought the CCC FreeBSD jail escape exploit would be cooler than it was, but instead it's blocked by basic security hygiene when running jails I guess. I've never seen jails deployed in prod without securelevel elevated. But maybe there are a lot of completely unaware people out there. Who knows.
@piero honestly the default behavior of jails in FreeBSD should be to have securelevel=3 by default and force you to explicitly define it lower if you really need it
That's an interesting idea. But then one would either need 2 sets of /etc/defaults/rc.conf, conditionals there (ugly) or hardcoding this into startup altogether.
OK, TIMTOWTDI. At this point there is no /etc/defaults/jail.conf as opposed to rc.conf. We have got the defaults hardcoded in usr.sbin/jail/config.c. Perhaps this is a sane idea to have /etc/defaults/jail.conf with project "suggested" jail defaults or just bump the KP_SECURELEVEL to 3.
Slop drives me crazy and it feels like 95+% of bug reports, but man, AI code analysis is getting really good. There are users out there reporting bugs that don't know ANYTHING about our stack, but are great AI drivers and producing some high quality issue reports.
This person (linked below) was experiencing Ghostty crashes and took it upon themselves to use AI to write a python script that can decode our crash files, match them up with our dsym files, and analyze the codebase for attempting to find the root cause, and extracted that into an Agent Skill.
They then came into Discord, warned us they don't know Zig at all, don't know macOS dev at all, don't know terminals at all, and that they used AI, but that they thought critically about the issues and believed they were real and asked if we'd accept them. I took a look at one, was impressed, and said send them all.
This fixed 4 real crashing cases that I was able to manually verify and write a fix for from someone who -- on paper -- had no fucking clue what they were talking about. And yet, they drove an AI with expert skill.
I want to call out that in addition to driving AI with expert skill, they navigated the terrain with expert skill as well. They didn't just toss slop up on our repo. They came to Discord as a human, reached out as a human, and talked to other humans about what they've done. They were careful and thoughtful about the process.
People like this give me hope for what is possible. But it really, really depends on high quality people like this. Most today -- to continue the analogy -- are unfortunately driving like a teenager who has only driven toy go-karts.
This is the first open source story I am hearing w/ a positive results from someone using LLMs to generate bug reports.
We have been struggling in LLVM w/ low quality LLM submissions. Curl completely banned them b/c it was so bad: mastodon.social/@LukaszOlejnik…
My biggest issue is how ridiculously verbose LLM submissions can be. Even ones that don't have obvious errors are soo long that if every submission was that long it would have significant impact on throughput.
Clearly someone using it thoughtfully can do excellent work but I am seeing very little evidence this is happening much.
AI vulnerability/bug founds and reports is a huge problem. Curl has banned the use of AI-generated submissions via HackerOne because none of it made any sense, and is a waste of resources and time. "We are effectively being DDoSed. If we could, we would charge them for this waste of our time" hackerone.com/reports/3125832
Joshua Rogers sent us a *massive* list of potential issues in #curl that he found using his set of AI assisted tools. Code analyzer style nits all over. Mostly smaller bugs, but still bugs and there could be one or two actual security flaws in there. Actually truly awesome findings.
I have already landed 22(![url=https://onlycasino.legal/users/MostlyHarmless])[/url] bugfixes thanks to this, and I have over twice that amount of issues left to go through. Wade through perhaps.
Credited "Reported in Joshua's sarif data" if you want to look for yourself
@sun securelevels are something most people aren't aware of, but if you can you should even run the host OS with a higher securelevel
The kernel runs with five different security levels. Any super-user process can raise the level, but no process can lower it. The security levels are:
-1 Permanently insecure mode - always run the system in insecure mode. This is the default initial value.
0 Insecure mode - immutable and append-only flags may be turned off. All devices may be read or written subject to their permissions.
1 Secure mode - the system immutable and system append-only flags may not be turned off; disks for mounted file systems, /dev/mem and /dev/kmem may not be opened for writing; /dev/io (if your platform has it) may not be opened at all; kernel modules (see kld(4)) may not be loaded or unloaded. The kernel debugger may not be entered using the debug.kdb.enter sysctl unless a MAC(9) policy grants access, for example using mac_ddb(4). A panic or trap cannot be forced using the debug.kdb.panic, debug.kdb.panic_str and other sysctl's.
2 Highly secure mode - same as secure mode, plus disks may not be opened for writing (except by mount(2)) whether mounted or not. This level precludes tampering with file systems by unmounting them, but also inhibits running newfs(8) while the system is multi- user.
In addition, kernel time changes are restricted to less than or equal to one second. Attempts to change the time by more than this will log the message “Time adjustment clamped to +1 second”.
3 Network secure mode - same as highly secure mode, plus IP packet filter rules (see ipfw(8), ipfirewall(4) and pfctl(8)) cannot be changed and dummynet(4) or pf(4) configuration cannot be adjusted.
Liam Erven
in reply to David Goldfield • • •Martin
in reply to Liam Erven • • •Liam Erven
in reply to Martin • • •Martin
in reply to Liam Erven • • •Reed Lindwurm
in reply to Liam Erven • • •