just called ai "the mediocrity machine" in a meeting and the tech bro is shaking a finger at me and twitching so hard he can't even plug what's happening into the machine so it can tell him how to respond
Was surprised to learn that there are apparently no command line tools for poking around the Linux accessibility tree, so I made Acsh, the Accessibility Shell. With Acsh you have both a CLI and REPL, in which you can do things like:
/> ls # Lists all top-level apps
/> cd firefox-1.26 # cd into Firefox, with tab completion. REPL only
/firefox-1.26> cat 0 # Get more information on the first child by index, if you're fine with the possibility that index might change before the command is processed--not likely at this level. Paths are referenced by name or index
/firefox-1.26> watch 0 # Get stream of events for the first child
/firefox-1.26> search -r button ok # Find all OK buttons in this Firefox instance
... # and more
The future, though, is probably acsh mount. This makes the accessibility tree available as a FUSE mount under ./a11y by default. ./a11y/README.md gives a better overview of the layout, but in brief, directories are apps/accessible objects with their children as subdirectories. Properties are either files containing their raw values or .json files with richer structure. There's an events.json.sock Unix socket in each directory below the root that lets you watch events for an accessible object and all its children, and you can use standard filesystem tooling to search/filter/stream. It's probably slow because there's no caching--it's meant to be a debugging/introspection tool, after all. I'll probably rename this to acfs and drop the CLI/REPL soon--it was great for prototyping and the idea to use FUSE only occurred to me after I realized I was slowly re-inventing all of a filesystem anyway.
It should work with 0-based indexes. I'm about to drop the CLI/REPL code entirely though--FUSE is so much more efficient IMO. Happy to hear any concerns you have with that.
Considering I just kept blindly typing "clear" to clear my terminal not realizing I was in acsh and not my normal shell, yeah I should probably try FUSE instead lol
Heh yeah, I spent a bunch of time getting cd .. working before I realized that if I made folks too comfortable working in this REPL, they'd probably eventually demand a full embedded BASH shell. :P So yeah, definitely try FUSE. If you need an example of how to do something, ask and I'll work it into the FUSE README.md. I don't want to make it super specific but I do want to make it scriptable and as user-friendly as a FUSE filesystem can possibly be.
A boycott doesn't tell a company that they've pissed you off: it tells a company that you have the option to not consume their products. It's very hard to boycott the electricity company or the water company, because you need their products.
This is why Google and Amazon are who they are. You want to boycott Google products? Good luck living in the modern world. Google have intentionally made themselves too important and ubiquitous to be successfully boycotted. It's not just the tech companies either. If you live in a town which only has one supermarket - and many people do - then you can't realistically boycott them.
We, and by we I mean the masses, are too weak to boycott these companies. Consider that for a moment. Consider the staggering power inequality that this demonstrates. We need stronger weapons.
Using acsh mount with Claude Code and holy shit is it a gamechanger. Mounting my accessibility tree as a filesystem and letting the LLM use tools it is trained on has made identifying accessibility issues so much easier.
I've wanted to play with Godot's AccessKit-based accessibility for a while now but it has enough rough edges to make it just difficult enough to have fun with. I know there are additional accessibility plugins but they're just not enough to make the experience one I want to have
A couple hours in and I've already A) labelled unlabelled controls in the New Project dialog B) turned a status area into an auto-updating live region and C) identified and fixed an off-by-1 bug in single-line text edit fields making them present as blank if the cursor position is at the end. And the only reason it took that long is due to some weird scons cache corruption where the labeling fix required 2 full half-hour builds, which is now fixed. I've also identified several other accessibility issues I plan to work on over the next few days to hopefully create a first-class accessibility experience in the editor and game UIs.
I remain conflicted about the harms generative AI/LLMs cause, because for me they're very much an assistive technology. Could I technically have trawled through all the event logs, widget information, and code to make these changes? Sure. Would I have? Not if I wanted a life outside of fixing accessibility issues. Could someone else have done this. Sure, but where's the overlap between the folks with the time to fix these issues and the lived experience of using a screen reader and finding all the edge cases, like labels speaking twice or text presenting as blank if you happen to be on the last character? Should I stop using it this way because thousands of others use it to generate unsupervised slop? Should I take a bus instead of a plane to travel back home today?
Legitimately not sarcasm, it's just hard to put all of this in perspective sometimes. If I had a spare 30K or so in the couch cushions, I'd buy my own GPU machine and call it an assistive tech expense.
What I'm not at all conflicted about is letting these things run amuck, dumping the slop onto someone else, and passing that off as somehow virtuous because the AI can do no wrong. I've seen it do plenty wrong that I would not leave it unsupervised and uncaged, just as I wouldn't leave my cat unsupervised around a plate of food. Nor would I just dump the results on anyone without taking the time to read them first, and to at least make sure nothing overtly silly is being done in my name. But where most folks can just glance at a window or a screen of logs and fairly easily spot errors or issues, I can ask Claude to take a screenshot or skim logs, and something that would either have been impossible or extremely time-consuming for me is done in under a minute. I don't know what to do about the fact that a bunch of jackasses want to do bad things with that same tech.
If the AI bubble burst tomorrow I'd shed exactly 2 tears and go on with my life. I just wish society's impulse with generative AI/LLMs wasn't to use them for just about every shady thing imaginable such that it's so hard to talk about the ways that they can help without worrying about the can of worms I'll open or the hate I might get. Yes they can be wrong. Yes they can hallucinate. So do humans, but I don't happen to have a helper human in my back pocket every time I need one.
So far just Godot. The off-by-1 seems to be in their code--some sort of attempted workaround to treat single-line text inputs like multi-line text inputs by appending a newline, which caused arrowing past the last character of a single-line input to speak "blank" as if the field was empty. Need to verify the fix in multi-line inputs but that involves generating an actual project so I have a testcase, which I'll get to when I'm back home. At least Claude flagged that, so it didn't just slop it out and hope for the best.
* Mac text processing and spreadsheet accessibility is essentially useless and not getting better. * I need text processing for work and studies. * I need Windows for text processing and spreadsheets because, as much as it is not great, at least it isn't Mac * Parallels is subscription-based and has been getting progressively worse at working efficiently and without turning an M1 Macbook Air into a furnace. * VMWare Fusion is free, but it took about half an hour to download because I had to realize my VMWare account was not migrated to a Broadcom account, realize that the Broadcom login page does not link to the register page, find the register page, register, verify my email, click on the "DOWNLOAD RIGHT NOW NO SERIOUSLY WE MEAN LIKE ACTUALLY RIGHT THE HELL NOW LIKE THIS INSTANT" buttons again, find the product in the support downloads portal thingy, agree to terms, go through additional screening to download the product which included giving them an address (notice I didn't say my address because apparently "123 My Street, My City, My Province" is valid), press the "HTTPS download" button (this one does not include the word now or all-caps even though it's actually the final boss of the encounter), copy the app into my drive, open the app, agree to terms again and uh... Presumably be able to use it, though I expect additional screening to be required when trying to create a VM. So I'm just slightly miffed on principle. * Buying a Windows Mini PC seems like a logical option, but it's expensive even at the half-decent lower end and I work on the go like all the time.
I think that's it. I think I'm switching to Linux. Ahahahahahahahahahahahahahha funny joke. Anyway yeah I'm a little disillusioned with the state of things. Tra la la it's almost Christmas let's not get dragged down.
It's certainly not ideal by any chance and not as polished as Parallels (my friend uses it and she has constant issues with USB device and folder sharing), but it'd probably work for that use case, and you're definitely technically adept enough to understand its quirks.
@miki If folder sharing is an issue, that already puts me at a disadvantage because I mostly open files from my Mac drive. I'm sure there's a way but the last thing I want to do is add more hurdles. Also, graphics hardware acceleration, because for better or worse I also want to be able to play games on it.
Bro my Brain like physically hurts after reading that lol. I feel your pain though. Parallels seems like the best option, I tried UTM and it didn't go well. Was installing Windows, and then like right as it was about to be done Mac OS just decided to crash and restart on it's own. I don't know what the hell that was about. I'm assuming it's fixed now, but I'm scared of UTM and will never install it again lol.
So I want to download VMWare Fusion. So I press the big "DOWNLOAD NOW (opens in new window)" (note the all caps) link on the product page. I get sent to another page explaining the many wonders of Fusion with a big "DOWNLOAD NOW (opens in new window)" link which I press. I'm sent to a log-in page.
Can you imagine being so conscious of the fact that your download process is so insanely convoluted and full of corporate bullshit that you have to all-cap the names of the two links that lead to the very first step of the actual download and make sure they include the word "NOW" so that people don't realize you're leading them onto this field of corporate bullshit?
I wouldn’t bother. I helped someone set it up yesterday, someone who just couldn’t afford parellels but needed a VM with graphics hardware acceleration. By far the most serious issue that returned recently is that if VoiceOver is running, any VM that’s running inside fusion crashes. On top of that many features just don’t exist that used to exist back in the Intel days, such as easy install so you have to install Windows of OCR because narrator is broken right now, and there is no support at all for shared folders.
@pitermach Jesus Christ. Oh my god. Yeah okay thanks or letting me know, you just saved me a lot of time and much annoyance. Actually the annoyance was pretty high already. Yep okay we hate Broadcom too, add 'em to the list.
📣 Do-It-Blind (DIB) online Besprechung am Montag, 1. Dezember, um 19:00 Uhr. Du bist eingeladen! bbb.metalab.at/rooms/joh-szv-o… Wöchentlich am Montag besprechen wir neue Formen der digitalen und inklusiven Zusammenarbeit. Mach mit! 🛠️ #make #blind #inklusion
Learn using BigBlueButton, the trusted open-source web conferencing solution that enables seamless virtual collaboration and online learning experiences.
well, I am using Conversations and Monocles for android. I know Monal works fine in iOS. For linux Gajim is a good client. I have also installed Matrix protocol apps in my phone, like Element, so my question was a genuine one. I am up for the best privacy oriented software out there. I wonder what is your take on that. 👍
Yay so soon we'll be able to have WhatsApp, Telegram, Teams, Slack, Linkedin and Facebook chat all combined into one big pot of surveillance sh*t! Happy days.
this is basically the green bubbles trick all over again. they're positioning those third party platforms as second-class. and overall this reeks of malicious compliance
My car has a perfect timings. In the morning I was taking it to the service for oil change. On the 2km long journey the clutch started to malfunction and breaking lamp malfunction notification showed up. At least they can fix it all at once. I hope that no more malfunctions will show up after I take it from the service.
@schmaker Not saint. The clutch really fixed itself. They tested it and works fine. They suspect a small oil leakage from transmission to clutch. And as this clutch slipping happens so rarely, they recommended not fixing it yet.
„Chtěli bychom změnit společenskou normu. Síla té výzvy má být právě v tom, že se k ní připojí co nejvíce rodičů. Aby se dítě bez mobilu nebo s tlačítkovým telefonem necítilo mezi ostatními spolužáky nepatřičně. Spoustě rodičů dnes vzrůstající problémy vadí, ale nemají odvahu jim takto čelit, když cítí tlak ostatních.“ denikn.cz/1904895/chytry-telef…
Iniciativa českých rodičů se snaží změnit přístup dětí k mobilům. „Nejde o zákazy, ale o společnou koordinaci rodičů dětí, které ještě telefon používat nezačaly,“ vysvětlují autoři. Několik rodičů Deníku N popsalo důvody, proč tento záměr podporují.
Zni to hezky, ale mam pocit, ze vyzva resi spatny problem, spatnym zpusobem a ze spatneho duvodu. Takove ultimatni kombicko.
Je to proste framework, jak umoznit rodicum volit strategii uteku a uplne to ignoruje kde a jak problemy na sitich vznikaji a udela to exitujici privatni skupiny (na WA, Discordu...) mensi a toxictejsi.
Dokud budou existovat homogeni komunity na sitich (tridni, TdA, krouzkove...) bez kvalitni moderace, tak se nic nevyresi. Alternativa je zdrave komunity vytvaret.
Ano, je to problém, ale jsem přesvědčen, že je potřeba hledat jiné řešení než tlačítkový telefon do 14, to mi připadá už dost amišovský. Nastavil jsem celkem přísnou rodičovskou kontrolu, která tak všelijak (ne)funguje, ale zároveň chci a potřebuju aby měli v telefonu aplikaci záchranka, mapu, koupili si lístek nebo hledali v jízdním řádu, učili se pracovat s bankovním účtem... EU místo chat control mohlo třeba vynutit whatsapp na občanku od 15 let (radikální nápad od boku).
@banterCZ V Austrálii teď mají sociální sítě na občanku a myslím, že to nechceš. Stát neposkytuje to ověření, takže místo abys děti chránil před sítěma, pustíš kohoutkem Metě do trubky IDčka s osobníma informacema o úplně všech dospělých 🔥
Na těchto stránkách najdete informace o budoucích evropských peněženkách digitální identity a dalších změnách, které přináší nová unijní legislativa revize nařízení eIDAS. V úředním věstníku EU byla zveřejněna 30. dubna 2024.
@banterCZ Tak neposílá Googlu IDčka, to jsem poplet, jenom utužuje duopol, takže bez Googlu nebo Applu přestane EU fungovat. github.com/eu-digital-identity…
Android provides a standard hardware attestation API with support for arbitrary roots of trust and alternate operating systems. This provides a higher level of security than the Play Integrity API....
@honzajavorek @banterCZ přitom by to šlo jednoduše i bez zamykání lidí v platformách. Vlezu na web nebo do aplikace, co má věkové omezení, jsem tam nově tak to chce zjistit zda jsem dosáhl patřičného věku. Přesměruje mě na evropskou webovou službu s dotazem "bylo mu 16?". Evropská webová služba mě vyzve k přihlášení eidentitou, pak se zeptá zda může sdělit webu/aplikaci jestli jsem dosáhl 16 let. Dávám ano, vrací mě to zpět na původní web nebo do původní aplikace s true/false informací. O uživateli se aplikace dozví čistě jen to co potřebuje. Je to skoro jak oauth, tzn implementovat by to uměl každej.
Není to složitější? V kontextu registrace do sociálních sítí ti nestačí vědět, že tomu člověku bylo 16. To by si všichni mohli pozakládat účty na kámošovu občanku. Potřebuješ nějaký identifikátor: tohle je uživatel X a už mu bylo 16. Pokud to ID bude stabilní a svázané s uživatelem, bude prozrazovat nějaké soukromé informace. Pokud bude náhodné, jsme zase zpátky u scénáře „puč mi občanku, založím si účet“. Možná stabilní ID uživatele jedinečné pro službu?
@honzajavorek @banterCZ Úplně neprůstřelný to nikdy nebude. V nějaké úrovni se ta kontrola vždycky zastaví a dál nevidí. Myšlenka id uživatele per službu mi přijde fajn.
Tohle je třeba v Bank ID. Zjednodušeně - uživatel se pomocí Bank ID přihlašuje to nějakého systému. Bank ID vrací unikátní a stabilní identifikátor uživatele pro ten systém. Jiný systém dostane jiný identifikátor.
Problém by to byl u systémů ala Mastodon. Každá instance by měla jiný identifikátor pro stejného uživatele takže by se daly zakládat účty na jednu občanku na různých instancích.
@zdenek @honzajavorek @banterCZ to za mě není špatně. Jak říkám někde ten dosah dohledu vždycky končí. Zakládat účty na cizí občanku sice půjde, ale ve velkém se to asi dělat nebude a je tam psychologicky ten akt, že sis tu registraci vzal na vlastní triko. Je to jako když jsem si v 17 koupil alkohol na nějakou akci, a když mě u pokladny vyhmátli, vzal za mě pán co stál za mnou ve frontě. Vzal si to na svou zodpovědnost.
@zdenek @honzajavorek @banterCZ Jo já bych se taky klonil spíš k neomezování, ale o mnoho víc mi vadí omezování, které navíc diskriminuje uživatele (respektive tvoří duopol na trhu)
Mein Homelab-Rebuild 2025 – weg von Kubernetes, hin zu GitOps auf Proxmox: Komodo, Gitea, Renovate und ein schlanker VM-Stack für zuverlässiges Selfhosting.
That would explain both the increase in volume and the drop in accuracy.
I was secretly hoping it would be a mix of "the code is becoming less vulnerable each year" and "more people than ever are interested in hunting bugs, so we're seeing an influx of new blood and obviously these people aren't as good as the old hunters... yet".
I have such a strong dislike for LLMs that I feel the bias and perhaps hope to be proven wrong about how destructive it is.
@karl unless we have data proving otherwise, I don't think we can assume the newcomer rate to be different year-to-year. I also don't believe we have magically improved the curl source code to that extent suddenly this year. The steep quality downfall has to have another explanation. ..
Interesting! Thanks for sharing. Sequoia received 74 reports this year on yeswehack and we've confirmed 6 vulnerabilities. Of those, none were serious. Two had to do with wasting resources on specially crafted input. Two were out of bounds array accesses that result in a panic (we're using rust). One was a terminal injection, because we forgot to escape attacker controlled data that we print. And the last one was forgetting to check that the value returned from malloc is not NULL.
El marcado HTML incorrecto es una de las fuentes más habituales de barreras de accesibilidad. Georgiana Frincu comparte ejemplos reales de qué ocurre cuando la semántica falla y cómo solucionarlo de forma eficiente.
Todos creemos saber cómo funciona nuestra web… hasta que la probamos como lo haría una persona que usa tecnologías de asistencia. En este taller en la sala Next Digital, Núria Azanza y Karina Ramírez guian pruebas reales para que escuches lo que “dice” tu pantalla.
La visualización de datos puede generar barreras si no se piensa en todas las personas. Carmen Torrecillas explica cómo estructurar, describir y representar datos para que también sean comprensibles para quienes usan tecnologías de asistencia.
ARIA es potente, pero solo si se usa bien. Mia Salazar revisa casos en los que los atributos ayudan, en los que generan problemas y cómo encontrar el equilibrio entre semántica, estructura y accesibilidad.
Enjoy 50% off Cryptomator and protect your files with secure, zero-knowledge encryption. Want to know how long the sale runs and what’s included? All details are in our newest blog post 👇
Get 50% off Cryptomator this December, learn more about the upcoming price change in 2026, and continue benefiting from our fair one-time purchase model.
✨ Der netcup Adventskalender ist da! 🎁🏷️ Am heutigen Cyber Monday trifft Weihnachtszauber auf eiskalte Deals! Entdecke jeden Tag neue Überraschungen im Adventskalender.
Schnapp dir den Inhalt von Türchen 1 bis Dienstag, 02.12., 8 Uhr MEZ! 👉
I didn't realize that Swiss trains apparently also adhere to the "schedule for 80% of capacity rule".
Apparently trains in Switzerland go around 80% of the top speed possible on the track. The 20% overhead is used to make up time in the case of delays.
The thinking is: stable and predictable operation is more important than going faster. Because the cost of passengers regularly missing layovers is much higher than the benefits of trains being 20% faster.
How does this work when a delayed train is behind a non-delayed one on the track?
I feel like introducing a rule like this would require us[1] to redesign our train infrastructure to enable more points where trains can overtake eachother.
[1] Where "us" can mean whatever you want it to mean, and the point will still stand.
@miki this scenario rarely happens on Swiss rail. The manjority of routes are "monotonic", that is, a train ahead in schedule will also be ahead In arrival time. This is due to at least three factors:
no express service (if everything is the same speed nothing can catch up to each other)
redudnant connection network (a delayed train might get cancelled but the connections are still available through different routes)
single tracks and limited infrastructure (can't design for different speeds when there is only one track)
There are scenarios where it happens, those are when regional trains interact with intercity trains. In that case, a track change is made to allow the intercity trains to pass a regional train at a station, but those cases are the other way around: the regional train is delayed such that the intercity unexpectedly caught up.
What's key here is that it's not necessarily a product of infrastructure and more a result of careful planing and inter-operator cooperation.
As far as I know, what we do in Poland is quite the opposite. If a train is delayed, we allow that single train to be delayed more and more, to keep the rest of the schedule intact. This prevents a single delay from affecting the entire system.
I've just put out Codestats 0.4.0, renaming the binary to the much easier to type cs, sporting 410 supported programming languages, HTML and Markdown output formats, the ability to customize the presentation of numbers, how many decimal places percentages get rounded by, and even letting you sort the results by things such as the total number of lines, the file size, or even the number of comments! Cargo install codestats should get you there if you have Rust, but if you don't, I've put up Linux and Windows binaries here: github.com/trypsynth/codestats…. Enjoy!
CLI tool to provide a per-language breakdown of a folder of sourcecode, optionally respecting things like gitignores, hidden files, and symlinks. - Release 0.4.0 · trypsynth/codestats
What I'm looking for in an utility like this is some kind of directory breakdown to see where the `meat` of the code really is, perhaps filtered by language.
It's December first, and you know what that means:
Show off your advent calendars if you have them! 😊
Mine is shared by the family, with different surprises for everyone. For me there are tarot cards that I traded with other people. They were blind trades so I have no idea what's in store!
Take mario party, Pokemon, and some other classic games, and you get Crazy Party.Download the game here: https://lerven.me/cpGet these videos before everyone...
I'm a terrible person. Whenever I stay at a hotel for a gig or a conference, my breakfast of choice is usually a plate with two sausages, two pieces of bacon slapped in ketchup. That's the whole thing. Haha
@FreakyFwoof I didn't know that. I'm not allergic to egg but I can't stand them. So I usually have bacon, sausage, beans, hash browns if they have them and toast.
> And make uptime a design goal: a thousand-day uptime shouldn’t be folklore, it should be normal. Not a party trick, not a screenshot to boast about, but simply the natural consequence of a system built to endure.
But in all, beautifully-written article. I don't agree that trying to cater to the desktop is a bad thing, though, although the warnings they spoke of were valid.
That server had absolutely zero open ports to the internet and only acted as a transparent network traffic shaper with IPFW/ALTQ. It provided 10 years of service providing rock solid performance in this environment. I don't recall there being any CVEs that affected IPFW/ALTQ or any other TCP/IP functionality that it exposed.
I'm also an ex-infosec grump :)
Why is having a 10 year uptime on a FreeBSD network appliance so much different than a 10 year uptime on a Cisco switch/router? That is not uncommon either. If a CVE is only exploitable if you can somehow access the private management network I generally don't care so much because if they can access your management network you have much much bigger problems to deal with
I think they're a little confused because they seem to think that pkgbase means base comes from the ports tree and it's not stable anymore but rolling release instead. That's not what's even happening here.
Though they are correct at alluding to a more rapid development future being possible where we could have desktop users targeting STABLE or even CURRENT quite easily
Ritchie
in reply to Nolan Darilek • • •I just got around to trying it. Got it working on my nixos system.
Curious. Could the cd command theoretically be able to take numeric IDs? I feel like I could move faster through the tree.
Though the ability to mount with fuse interests me as well since I could navigate with fish
Nolan Darilek
in reply to Ritchie • • •Ritchie
in reply to Nolan Darilek • • •Nolan Darilek
in reply to Ritchie • • •cd ..working before I realized that if I made folks too comfortable working in this REPL, they'd probably eventually demand a full embedded BASH shell. :P So yeah, definitely try FUSE. If you need an example of how to do something, ask and I'll work it into the FUSE README.md. I don't want to make it super specific but I do want to make it scriptable and as user-friendly as a FUSE filesystem can possibly be.