I've been handed a huge archive of sound effects from the Sunset Editorial collection, as well as the "Red" and "Gold" libraries, which were donated to USC Cinema in 1990. Additional split-apart versions will go up, but this is 20+gb of .wav files from original tapes!
From the original Blog Post:The “SSE” sound effects come from the Sunset Editorial collection which was donated to USC Cinema in 1990. Sunset Editorial had...
In the original 6265 as well as in the latest 6265bis draft, this paragraph exists: When the user agent generates an HTTP request, the user agent MUST NOT attach more than one Cookie header field. ...
multi header cookies has been a PITA in the js community for a while, specifically behaviors with header getters (eg deprecated getAll method from our Headers instances used by fetch, our primary http mechanism). It would be beneficial to do away with the edge case IMHO. I support your single header suggestion.
Hi, I have a set-cookie-parser library and I got a report that it fails when parsing fetch responses that contain multiple Set-Cookie headers. Looking through the spec and the output, I see that it...
Can you quickly tell which of the URLs below is legitimate and which one is a malicious phish that drops evil.exe? This week, Google launched a new TLD or “Top Level Domain” of .zip, meaning you can…
Web Design References: News and info about web design and development. The site advocates accessibility, usability, web standards and many related topics.
My favorite part of Altman's Senate testimony: "we noticed ChatGPT spits out falsehoods, propaganda, hate speech, and bomb-making instructions, so we edited the training data to remove erotica."
Accessibility of web content requires semantic information about widgets, structures, and behaviors, in order to allow assistive technologies to convey appropriate information to persons with disabilities.
LibreOffice 7.6 will be released as final in mid August, 2023 ( Check the Release Plan ) being LibreOffice 7.6 Alpha1 the first pre-release since the development of version 7.6 started in mid December, 2022.
Ya comentamos por aquí hace algunas semanas que un proceso de #oposiciones en Catalunya se ha saldado con la cabeza de la responsable de Funció Pública por haber delegado el trabajo en una empresa privada (spoiler: sale de pena).
Segunda parte del drama. Misma empresa, otra vez liadas máximas, esta vez en el Metro de Madrid:
"Denuncian notas matemáticamente imposibles". CEO creativo con Excel: bueno, esa será tu opinión.
Los opositores a las plazas de maquinista y jefe de sector en el Metro de Madrid denuncian irregularidades en el proceso de selección celebrado el 23 de abril. Un concurso...
Recordar que la cesada había entrado en el cargo cuando el concurso para la realización de las oposiciones ya había sido licitado y adjudicado sin que tuviera nada que ver con ello.
No, si cortar cabezas políticas está muy bien, particularmente cuando la administración tiene medios para hacer lo que se externaliza. El problema es que la cabeza cortada era inocente ya que se encontró con todo el pescado vendido. Es a eso a lo que me refiero.
Me meto por meterme, porque no tengo vista del expediente ni mucho menos, pero cuando un contrato se ejecuta mal también se puede resolver y secuestrar la garantía, algo que la administración hace en demasiadas pocas ocasiones. También hay mucha negligencia, o directamente complacencia, en recibir cosas mal hechas.
@modulux La suerte es que todos estamos de acuerdo en que lo ocurrido fue una cacicada y que ni la administración ni la empresa implicadas van a pagar por ella.
Luego nunca se sabe si al final alguna cosa prospera, pero mi deseo es que haya un poquito de susto y que no se externalice (mucho) más por miedo a que haya otra de estas.
En mi admin se llegó a externalizar la redacción de un decreto. Que después quedó como el culo y se tuvo que corregir por los propios servicios que lo deberían haber redactado en primer lugar.
The reason I'm suggesting this, is because if you are a small/medium instance with open registrations, and spammers find and abuse your instance, I imagine that other instances will limit/suspend your instance without hesitation, given how willing some were to limit/suspend the much larger mastodon.social.
But do note this comment on the PR:
“To give some context to people seeing this: this is an emergency feature backport from Glitch SOC to help mitigating an ongoing spam wave, this feature may not make it in a next release, or with significative changes.”
Add optional hCaptcha support.
Whenever the environment variables HCAPTCHA_SECRET_KEY and HCAPTCHA_SITE_KEY are set, the admin can enable hCaptcha:
When enabled, users are shown a captcha when con...
Please, please do not do this under any circumstance, if you care about your instance being accessible to the #blind and visually impaired (hint, you should).
#HCaptcha is a horrible example of how not to implement a #captcha solution, forcing people to register their email address and store a cookie, as well as disable cross origin restrictions on their devices in order to pass validation.
There are much better alternatives, such as the no-hassle github.com/mCaptcha/mCaptcha, which does not need any user input other than checking a checkbox. Alternatively, use captchas that provide text versions, e.g. via solving a math question or at the very minimum, provide an audio version, knowing that it is not ideal for the hearing impaired.
A no-nonsense CAPTCHA system with seamless UX | Backend component - GitHub - mCaptcha/mCaptcha: A no-nonsense CAPTCHA system with seamless UX | Backend component
They have made an improvement, at least discord wise. I know they use that one, and there's probably an upgrade that gives text questions. I had luck with it a few times, but no further sites that I found using it, so don't know where to test.
As far as I know, companies who use it need to ask HCaptcha to enable the alternate text version. Even then, it may or may not pop up, for example to me it didn't pop up either on Discord mobile or on desktop, so right now I am not even able to log in to discord, even though I have an account I have used for years.
Specifically having to ask a company to provide an alternate solution when they are aware that there will be people who are unable to log in otherwise is just disgusting. You not only have to rely on a company (or possibly an individual) to do this, but also on HCaptcha. It is beyond ridiculous and it is certainly unacceptable. Hcaptcha is aware of this, and for years they have been telling us that there will be improvements, but they always choose the easy way out, which is, needless to say, not designed for the end user in mind. We are talking about just a Mastodon instance here, but imagine if this blocks you from accessing vital information that you wouldn't be able to otherwise. Health data, managing your passport or ID card on a government's site, hospitals, etc.
Nope, there's absolutely no guarantee that a text captcha for HCaptcha will pop up. I have checked on multiple devices, and many people I know have done the same. Only the regular image captcha is available. For some other people, the text captcha is available.
To my knowledge, mastodon.social does not have a captcha, at least it does not pop up here. When you create an account, the only checkbox that shows here is for indicating that you are agreeing to the privacy policy and terms of use.
Not here. No matter what I do here, it just does not pop up. I've cleared cookies, tried private browsing, desktop app, iOS app, email verification (which I have done years and years ago too), used multiple operating systems, multiple browsers, multiple Discord versions, even a VM, it just does not pop up.
I find that logging into Discord, as long as you're logged in on your phone, you can log into other devices using the QR code. You have to play with it at bit, but once you get it, it stays.
I do not speak German, but honeypots should work, as long as it is obvious to a screen reader user what does not need to be filled out or interacted with in general. For example, 'Check this if you are a spammer'. Simple solutions like entering commonly known information (like current year) are also effective.
Honeypots are great as long as the site hosting them is not targeted specifically.
Pitch bec6a1c has introduced hCaptcha support. This means that Mastodon transfers personal data to the USA (the user is forced to send a request and therefore their IP address to a USA-controlled d...
This is great, thank you. I don't get it though, they have implemented HCaptcha as an emergency feature, yet they state that they are aware of the accessibility implications. So basically they are saying that yes, we know that you won't be able to sign up or verify that you are a human, but still, have it because this is an emergency.
The correct way to handle this would be to say that yes, we are aware of the accessibility implications, so we do not implement this at all, but rather look for something else, because they exist. HCaptcha can be bipassed, see chrome.google.com/webstore/det…, so this is really not about finding an effective solution.
I would love to see an "open captcha" solution, that would be open source and privacy preserving. First step would be to collect requirements. For example, have solutions for people who cannot actually read the images (or hear sounds). Respect privacy by allowing servers to implement the test locally, without relying on third party. And of course be robust even if the code is public.
mcaptcha uses proof-of-work, which has lots of advantages but has also known issues. Big-iron computers can solve the puzzle much more quickly than small devices like cellphones, without depleting their battery. But it is sure better than passing user tracking data to Google...
I am a bit concerned that mcatcha solves a generic DDOS defense problem by imposing cost to the bots, which is different from "verify there is a living human behind the keyboard." Take the case in point, spammers creating bot accounts on "mastodon.social". Yes, they will have to spend a couple seconds of CPU time per account created. Is that going to deter them from creating a few thousand accounts?
I believe the difficulty can be increased to add more work, for example FriendlyCaptcha uses 10 seconds, which is enough time to fill out a form.
None of the captcha solutions will stop spammers if they are really determined, for example a lot of spam is created by hiring humans to solve captcha challenges. I look at this similarly to software cracking, since everything can be cracked there is no point spending time and effort to create the most foolproof defense, but rather something that makes it not worth it. Similarly to captchas, the cost to value ratio is what matters I think.
So in this light, a few seconds that can be spent on creating hundreds or thousands of new accounts is quite important, especially if the difficulty goes up and more time is added for each new challenge.
Every time I see talk about captchas, I'm reminded of that time when I needed to take remote control of a blind friend's computer to solve a captcha for them so they could register their account for...
Agreed. It's nothing more than a dirty work-around. I think it's kinda like when I run into the Nth form that requires to declare whether I'm a "Mr." or a "Mrs." without any other options and I think, fuck it, no spoons for this battle now, and just go for "Mrs."
MCAPTCHA is what servers like Calckey and Pleroma need to implement; Pleroma's even worse than Calckey; at least with Calckey, they use a solution that's workable, though a PIA. for Pleroma, the solution doesn't have any alternatives.
I agree with the impaired vision comment but hcaptcha does not require email nor disabling protection for me. Maybe they simply love me so I'm the someoone cannot imagine they do the things you described. 😉
That's because you can solve their image challenges. If you are blind or visually impaired, the only way to bipass it is to either register your email address, after which they give you an extra cookie to bipass the captcha when you check the checkbox, or companies need to ask HCaptcha to allow text versions and even then there is no guarantee that it will pop up as an alternate challenge (see my problems with Discord).
If you go with number one, you need to disable cross-origin restrictions, essentially making your browser less secure. You are not only giving out your email address, you need to store an extra cookie over and over again, because it expires. You are also limited to solving a number of captchas daily. Needless to say, there are so many things that are just horribly wrong with either of these approaches.
You are right, I did not specifically point out that this is only true if you are blind or visually impaired. But it follows from the fact that I recommend not using HCaptcha if you care about the blind and visually impaired, because of point a and point b. Sorry about the confusion.
Their V2 works, if you speak English, since they provide audio captchas. V3 works as well, since you don't need to do anything to verify. But they have their fair share of problems, for example your IP being flagged for abuse even though you did not do anything abusive at all. But that's a different story.
It's not only blind and visually impaired, though, what about blind deaf people? Them too. Or all the captcha companies who actually forget about the existence of those folks. I see only audios audios audios. Okay, they help us, the blind, but about those who're blind deaf, or blind and hard of hearing? That's not going to help them. Very little captchas actually have text options.
Of course. Text captchas are likely the most accommodating, if you don't count people who might find answering text challenges difficult. This is why I prefer captchas that need no, or very little interaction at all. Mcaptcha is one of these, which is why I recommended it.
I tried to register the other day on a web forum and they required me to move attributes of a shark to the right and others to the left. I have failed three times and were firewalled. Turns out English call the rear fin of the shark as "tail". 🤷
The accessibility of hCaptcha is very, very bad, requiring registration, a permanent cookie, and lowering browser security settings. This is an awful solution. Yes, I understand it's necessary to combat spam; but please don't do this at the expense of disabled users.
@talon Absolutely shocked to see this, very poor decision by Mastodon maintainers to merge this in and recommend admins use this to combat spam. Totally understand that something needs to be done to prevent spam bots from registering, but doing so at the expense of severely reducing accessibility is deeply concerning.
Especially when this whole thing could be solved by making the instance invite only. There are enough users to generate invitation codes that will keep the sign-up flow moving if that’s what they want. It also allows for easier growing of networks because you can set the invitation link to automatically follow you. I saw this coming a mile away and this is why I constantly bang the drum of closed small instances and teach others how to use their invite codes. This will become far worse
Invite-only puts a pretty hard cap on growth. A couple potential random ideas, and I realise they're not going to be perfect, but humans can create spam too.
Do not allow links on the first toot. Do not allow DMs for n hours after registration or until a DM has been received from another account.
And, of course, the easiest of all: allow people to limit DMs to followers.
The 2nd wouldn't really help: Many of these spam bots had registered weeks and months ago and lay dormant for that time.
The 3rd is already possible, though poorly implemented: senders - including good faith ones - receive no feedback, if the recipient has blocked DMs - they just think the recipient is ignoring them.
Right, I was referring to that issue, blocking DMs but not silently. Of course that might just move the spam to the timelines, but it'd be easier to detect there.
"You may wish to consider implementing hCAPTCHA yourself to protect your own instance," Please note that if you do this, it will prevent many blind people from signing up onto your instance. hCAPTCHA does not have an audio version; instead, if you cannot complete the visual version for whatever reason, you have to give them your email (!), so they can send you a link to a site for setting an accessibility cookie. This cookie frequently does not work at all. It has a time limit before you can set it again, so if it fails to set, or if you close the browser and have automatic deletion of cookies enabled, as you should, you'll just have to wait. And of course, it only works within browsers, not applications; Discord is an excelent example of a non-passable captcha. Enabling application signups is a much more accessible way of avoiding spam. If this is something the admin team cannot handle, it is time for going invite-only.
EXCLUSIVA | Un informe oficial alerta de que Doñana solo podrá salvarse si se reduce a la mitad el agua que se extrae para regadío.
El documento, al que ha accedido elDiario.es, revela que el parque nacional cuenta con la mitad de agua que hace 40 años no por efecto de la sequía, sino por el "mayor bombeo" de agua para la agricultura eldiario.es/sociedad/donana-po…
A Doñana no le ha faltado agua, sino que se la han quitado. En cuatro décadas, mientras la extracción de los acuíferos para riegos se ha multiplicado por seis, el agua que ha llegado a los ríos y humedales desde los depósitos subterráneos ha caído a …
On each episode of The Moment, I speak with a different guest about an individual moment in an episode of Doctor Who that they have a lot to say about.
The show is currently on hiatus, but it will be back soon! I hope to have more info for you in May 2023.
In the mean time, why not listen to an episode from our archive? They're all good!
Each week on The Moment, I speak with a different guest about an individual moment in an episode of Doctor Who that means a lot to them: something that really had in impact on them, or that they had a strong reaction to, or that they think a lot abou…
I'm Daniel Stenberg, maintainer and lead developer in the curl project. I stream curl related stuff. Release presentations, curl development and related topics.
Freshly compiled, will watch that when eating breakfast my @opensuse meeting today got cancelled as @SUSE people are having internal conference in Prauge this week
stormdragon2976 pushed changes to the master branch of the linux-game-manager project Alert function from audiogame-manager added. Used for when password may be needed to extract TobyMod to proper location.
It's a really great day when a company allows you to be one of the very first to make a video about a new product. #FractureSounds release Spotlight Piano for #Kontakt. I’m happy to bring you a #playthrough of my favourite presets (not the entire library however). I’ll show you the sounds I enjoy the most, and take you through almost all of the #NKS mapping, apart from an oversight where I forgot to discuss the microphones on page 1, due to the second page capturing my attention. #InspiredBySound - Fracture Sounds - Spotlight Piano: youtu.be/z2FwvW5PmVs
Welcome to this playthrough video of my favourite presets from Fracture Sounds Spotlight Piano for Kontakt.In this video, I take a look at the NKS parameters...
I discovered some obfuscated code in the PDF Toolbox extension which is used by more than 2 million people. The code is meant to download a “config” file from serasearchtop[.]com after which it will run some functions according to this configuration. I didn’t see a non-empty configuration yet. However, given the specific call pattern used, I’m mostly certain that the idea here is injecting arbitrary JavaScript code into every website when it loads.
I suspect that this is part of the extension’s monetization strategy, most likely goal being injecting ads into all websites. But it could really be anything, and it might be spying on people as they enter their online banking credentials or credit card numbers.
PDF Toolbox extension (used by more than 2 million users) contains obfuscated malicious code, allowing serasearchtop[.]com website to inject arbitrary JavaScript code into all websites you visit.
@talon Yes and no. It is glitched out Brian. I wrote a bunch of sevens, because it makes his voice pitch up and down randomly. I wanted to see what would happen with such little and widely varried audio. If you think I should delete it, I can.
That's interesting, I think you're using the sound of an upright bass to play that. What keyboard is it? Aah, you switch to piano as I listen. Also what phone are you recording with?
@FreakyFwoof Like I said, I pressed the wrong button so it went into duet mode or whatever it's called. It's a Yamaha 125 digital piano. It's the one I'm getting bored of. Recorded using my iPhone 13 mini with the Just Press Record app set to stereo mode. Trying to upload my other clip from today but some say it won't play, so back to the drawing board.
@FreakyFwoof yeah! That could be fun! Got a clarinet in the cupboard, but haven't played for years and not sure I have the puff for it now. I'm craving woodwind instruments to play with- does that make sense? My board just has piano, organ, strings, possibly some kind of synth, but one of the organs is the type that seems to always get featured on old time radio shows, so there's some mileage there. It's also got xylophone or chime bars or something, which are a bit naff when low pitched, but great at the top end.
@FreakyFwoof yep, that's the one. Pretty hard to bugger it up too. I had some help from some people on R/Piano on Reddit a couple of years ago to work out a few things, but the rest has just been experimentation and different runs at the manual in various PDF apps.
Aah, yes. 'Are other copies of Word Perfect currently running?' Said the annoying message when your system would crash out with sometimes an 'A20 Hardware Error.' I remember the days...
#Tusky v22 beta 4 is released. Only one change, but if you've been using beta 3 with multiple accounts and have been inundated with repeat notifications that's been fixed.
One caveat; if you share access to an account with multiple people and you've all been using beta 3 you'll keep getting repeat notifications until everyone's upgraded past beta 3.
Great to see. I've moved phones but seem to have lost the hashtags I was following, don't suppose you know how I get them back? Also is it possible to follow more than one set of hashtags?
@dm319 Those are saved in your instance (fosstodon.org), not Tusky. So if you've logged in with the same account you should have the same timeline as before.
Wer es immer noch nicht glaubt: eine mit Passwort versehene ZIP Datei darf man nicht als "sicher verschlüsselt" betrachten! Schon gar nicht in der #Microsoft #Cloud
"So scheint der Konzern mögliche Passwörter beispielsweise anhand von E-Mail-Texten oder den jeweiligen Dateinamen der Archive zu ermitteln. Aber auch das bloße Testen gängiger Kennwörter gehöre zu den Strategien des Unternehmens."
Ganz ehrlich? Wenn du das PW in der gleichen mail mitschickst, im Dateinamen stehen hast, oder ein "bekanntes" PW verwendest, dann darfst du dich nicht wundern, wenn jemand das Ding öffnet.
Ich bin ja auch ein absoluter Gegner von Microsoft und Big Tech, aber wenn sie die korrekten Passwörter auf solche simplen Wege ermitteln können, dann liegt das Problem nicht bei MS, sondern beim Nutzer.
Ja si tady nechci z Plzenaku delat legraci, chapu, ze posledni dobra vec co je potkala byla US armada v roce 45 a stejne jim to bylo na hovno, ale tohle je nas hotelovy pokoj. A ne, nijak extremne levny neni. Uz jsem spal za min a lepe. Chicht.
Lol ty trubky pěkně zasekaný. Na druhou stranu, já jsem 11 let v Německu a kolikrát člověk žasne, co dokážou nazvat penzionem, nebo hotelem. Jako to tvoje je taky děs.
This is a repository of apps to be used with F-Droid. Applications in this repository are official binaries built by the original application developers, taken from their resp. repositories (mostly Github).
Apple has released their #accessibility preview. 🤩 One part in particular is near and dear to my heart, and it's deeply emotional to see it coming to light. I'm so happy for the team and thrilled to see what they're doing this year. Sending all my love to Cupertino! 💙💙💙
Apple today previewed software features for cognitive, vision, hearing and mobility accessibility, along with innovative tools for individuals who are nonspeaking or at risk of losing their ability to speak.
BREAKING: #Google to start deleting unused #email accounts so other people can use them.
![STOP DOING OFFICES
* WORK WAS NOT SUPPOSED TO TAKE 90 MINUTES BY CAR TO GET TO
* YEARS OF URBANIZATION yet NO REAL-WORLD USE FOUND for going to a different building to use the SAME INTERNET
* Wanted to do that anyway for a laugh? We had a tool for that, it was called COFFEE SHOPS
* “Can you wrap up your call, we have this room booked” “how do we get office parking reimbursed” - Statements dreamt up by the utterly Deranged
LOOK at what corporations have been demanding your Respect for all this time with all the labor we have given them
(These are REAL FURNISHINGS found in REAL OFFICES)
[fluorescent strip lighting]
?????
[crowded open plan desks]
???????
[grey carpeted corridor]
?????????????
“Hello | would like to hear [headset] half of your Zoom call”
They have played us for absolute fools](https://fedi.ml/photo/preview/640/436962 "STOP DOING OFFICES
* WORK WAS NOT SUPPOSED TO TAKE 90 MINUTES BY CAR TO GET TO
* YEARS OF URBANIZATION yet NO REAL-WORLD USE FOUND for going to a different building to use the SAME INTERNET
* Wanted to do that anyway for a laugh? We had a tool for that, it was called COFFEE SHOPS
* “Can you wrap up your call, we have this room booked” “how do we get office parking reimbursed” - Statements dreamt up by the utterly Deranged
LOOK at what corporations have been demanding your Respect for all this time with all the labor we have given them
(These are REAL FURNISHINGS found in REAL OFFICES)
[fluorescent strip lighting]
?????
[crowded open plan desks]
???????
[grey carpeted corridor]
?????????????
“Hello | would like to hear [headset] half of your Zoom call”
They have played us for absolute fools")
cdaringe
in reply to daniel:// stenberg:// • • •nice find.
multi header cookies has been a PITA in the js community for a while, specifically behaviors with header getters (eg deprecated getAll method from our Headers instances used by fetch, our primary http mechanism). It would be beneficial to do away with the edge case IMHO. I support your single header suggestion.
github.com/whatwg/fetch/issues…
Get multiple headers as an aray rather than a combined value? · Issue #506 · whatwg/fetch
GitHub