@bart’s XKPASSWD service helps you create long, strong, and yet memorable passwords. It’s being modernized by the amazing Helma and the open source community.
If you’ve been a NosillaCast listener for any length of time, you’ve heard Bart and me talk about a service he created called XKPASSWD, This service helps you create long, strong, but memorable passwords.
If you're anything like me, the last several years have been a rough go.
The overturning of Roe V. Wayde was a blow to women's rights here in America.
Please don't tell me about how it was bad law. Fr
I just went back to watch #Beyoncé and the Chicks on their surprise CMA performance of “Daddy Lessons” again to make sure I wasn’t imagining our first impressions when Mollie showed it to me back then.
First of all, it’s an amazing performance. There’s no way I wouldn’t have been on my feet dancing along to it if I’d been there. But watch the crowd shots. There’s a lot of men who are doing anything from perfunctory clapping, to looking confused or actively unhappy. B crashed their party and they don’t like it.
And of course the Grammys shoved “Lemonade”, the album it was on, in the Urban Contemporary category (?!) and then ignored it for album of the year. Leaving Adele (who won) to remark “What the !%#$! does she have to do to win album of the year?” People literally wrote syllabi on Black History from the songs on that album. It was brilliant, both musically and in terms content. And the fact that the song wasn’t considered Country is absolutely nuts.
Beyoncé 💝 and The Dixie Chicks⚡️ perform “Daddy Lessons” at the 2016 Country Music Awards. 💝⭐️ SPECTACULAR✨💫HQ remastered sound 🎧 Editing by sbc (setz...
If you’re wondering why this old white person gets passionate about this stuff (beyond being upset at the fucking racism), my daughter has worked for Beyoncé since she was first brought in to work on “Black is King”, so she’s a topic close to my heart. Although my wife and I were listening to, and discussing, “Lemonade” even before then.
NVDA 2024.1 Beta 8 is now available, with quite a few updates from Beta 7:
- A bug fix where emojis in Windows Terminals could cause a crash - A bug fix for Native Selection mode in Word - Bug fixes to the installer process and ensuring NVDA exits safely - Improvements to documentation - Updates to translations
To find out more about everything new in NVDA 2024.1 overall, and to download the latest beta, please visit: nvaccess.org/post/nvda-2024-1b…
Beta8 of NVDA 2024.1 is now available for download and testing. For anyone who is interested in trying out what the next version of NVDA has to offer before it is officially released, we welcome yo…
Lost in the mass sterilization and boringification of macOS UI design was the incredible diversity and uniqueness that user-created themes brought us. Is it really better for humanity that every window has clean, antiseptic lines decided on by a handful of folks at Apple Park?
600,000 US cybersecurity jobs are unfilled. Cyber.org's Project Access trains blind & vision-impaired students in cybersecurity through camps & simulations, bridging the gap & empowering futures.
Now in its second year, the program gives vision-impaired students Windows-based laptops with assistive technology to learn text-based coding and run through password-attack and credential-harvesting simulations.
Hey Fedi! We're hosting a panel at SCALE 21x with some of the major players in the Linux desktop ecosystem to discuss where we go from here, any big ideas you want us to discuss?
Most of the questions in the document will not be covered. The questions are meant to serve as discussion starters for each topic to be used as the conversation permits.
Glad to hear that the panel will be discussing accessibility. In case you don't already know, the GNOME Foundation is currently coordinating some work on accessibility, thanks to funding from the Sovereign Tech Fund. That includes my project to prototype a new accessibility stack designed specifically for Wayland and sandboxed apps. cc @sonny
An informal proposal for dedicated elements for spoiler tags in HTML: use-cases, syntax, semantics, recommended UA behavior, and comparisons with “details”
In this video, I put the Apple Vision Pro to the test to determine if it's a viable device for individuals who are blind or visually impaired. Through a thor...
Hello dears! 🦄 A lot has happened with Jami this past week 🌞 To start the week on the right foot, here is our 3rd Dev Update (1 min read) jami.net/dev-update-2/
This is the third update about Jami's development by its developers. :)
Testing/Stability
These last weeks, the Jami team kept focusing on stability and automated
testing!
New automated tests (called smoke tests) were written for iOS and Andro…
I was reading a discussion of the 2023 Rust Survey results [1], when I came across this comment that surprised me:
"Rust really needs a lot of IDE tooling to use productively, [...] without type hints and the like you end up spending more time looking up documentation than writing code."
I suppose it's possible I don't know what real coding productivity is like. But I've been using a pretty plain vim configuration, without even syntax highlighting, for about 20 years. And if I've been less productive in Rust than in other languages, I'm not sure that it's been due to lack of IDE features. I'd be curious to hear others' experiences and opinions.
LOL. You are one of the most productive developers I know, in terms of your output. I've never watched you work, so I suppose it's possible that something about your setup is suboptimal. But it's also what works for you; I get the feeling that if easy wins exist, you'll consider taking them, and familiarity should never be underestimated. This is probably more about what different brains optimise for than it is about Rust.
i can’t find a reason why Rust would be different from whatever language. You can be productive with and without an IDE. Maybe an IDE helps with learning, refactoring.. But it’s also more complexity etc..
*me writing tens of thousands of lines of clippy and rustc code in geany on a Chromebook*: Huh?
Now I'll gladly admit that I've since come around to enjoy the modern amenities of rust-analyzer, first through VSCode and more recently through Helix, but one can certainly be *quite* productive without them.
Debian Edu is nearing completion for release, at 52% completion the documentation still needs translation updates for most languages. Can you help and contribute for your langauge? hosted.weblate.org/projects/de…
This is just a reminder that we'll be on Tek Talk tonight at 8:00 PM Eastern time. Join Deane Blazie and other members of the team to learn more about the BT Speak® pocket computer featuring an eight-dot Braille keyboard and speech output. We're looking forward to hearing and answering your questions. DG accessibleworld.org/events/eve…
Accrescent 0.17.1 released! This one fixes a bug where the download progress indicator was hidden and makes preparations for some upcoming server scaling improvements (follow for more info on that 😉).
This release fixes a UI bug where the download progress indicator was hidden and prepares for future server scaling improments by adding a backup pinned TLS certificate key.
Bug fixes
Fix download...
Someone on Reddit asked a question that showed honest interest in #3DPrinting but just didn't understand what you could meaningfully do with it. They also had a bunch of misconceptions about its limitations.
As a result, I've put together a blog post that should hopefully give curious folks a good idea of what you can really do with a 3D Printer other than make silly things to put on your desk. Includes many examples.
trurl 0.10
Changes since previous release
o add --replace
Bugfixes since previous release
o fixed buffer overflows on %00 use
o support compiling with old versions of Visual Studio
o enable more C ...
I promise I'm not trolling. This seems like a new project that handles something that humans (or at least humans not named Daniel Stenberg) get wrong a lot: URL parsing. Did you consider Go or Rust for this project?
For context, in my professional capacity I end up having a lot of conversations about moving to memory-safe languages, and there seems to be an assumption that it will be intuitively obvious when a new project shouldn't be started in C - an assumption that I think is probably wrong. I think based on my personal biases, I probably would have identified this as a likely candidate. Since you wrote it in C and Perl, and since you literally wrote some of the duct tape (or do you prefer super glue) that holds the internet together, I'm hoping to get your thoughts. I'm sure you get a lot of "just write Curl in Rust over a long weekend" type of messaging, and I really hope this doesn't come across that way.
@camdoncady @joshbressers please go read joelonsoftware.com/2000/04/06/… and then think about the context of @bagder having copious knowledge and access to expertise for url related shenanigans and C. Implementing this in rust is extremely non trivial and would likely result in a lot of fun new problems.
In other words, sometimes you gotta work with the tools that you’re most experienced with. Also, in the hands of an expert, even dangerous tools can be reasonably safe and effective. There’s a cost to making people switch their tools and learn new things, and they may or may not be a payoff that makes it worthwhile. #Economics.
Netscape 6.0 is finally going into its first public beta. There never was a version 5.0. The last major release, version 4.0, was released almost three years ago. Three years is an awfully long tim…
I'm a rust rookie, I couldn't do this in rust without spending enormous amounts of time. I did not want to do that - I just wanted to crank out a useful tool and I know my way around C. Also, the tool uses the libcurl URL API (as a fundamental part) so it would rely on that (C code) anyway.
@joshbressers @ariadne @camdoncady@infosec.exchange @bagder @kurtseifried you can answer troll questions with reasonable answers, that doesn't make the question reasonable.
Asking someone announcing the release of a piece of software to reconsider their design decisions without knowing a thing about the project isn't reasonable.
@kevingranade @joshbressers @kurtseifried i have to agree here. the questioner first acknowledges that daniel is a domain expert in regard to URL handling, and then implies that he might make a mistake.
yes, sure, even an expert might make a mistake (nobody is perfect), but the implication followed up by the suggestion to use Go to prevent mistakes is not a legitimate argument, and there have been mistakes made in Rust URL parsers before, so clearly Rust does not give a magical protection against mistakes either.
this makes the inescapable conclusion that the questioner is trolling.
@kevingranade @joshbressers @kurtseifried (there is also the implication that URL parsing is some error prone operation when in reality URLs have a stable grammar, and it is pretty much trivial for an experienced C developer to write safe URL parsing routines)
@ariadne @kevingranade @joshbressers this is a good example of you are an expert in something for example, you know that you or else have a stable grammar and are not magic. But the fact that you know that they actually have a grammar, let alone a stable grammar put you in zero point a lot of zeros one percent of the population of technologists. I would point out that Google took URLs away from the address bar because nobody knew what they were and they were just confusing.
How many components does a URL have (no cheating and checking Google):
@ariadne @kevingranade @joshbressers So best case scenario 54% of people on mastodon who see my toots (which I think we'll all agree is a pretty skewed population to sample) know a URL has 10 parts. I bet none of us can name them all.
@kurtseifried @camdoncady @joshbressers @gregkh just listened. Good content. Sensible stuff. The Linux kerrnel is at such a different scale than we are in curl, but I can still relate.Thanks guys!
@kurtseifried @camdoncady @joshbressers @gregkh at least a very large portion of them, yes. And curl runs on about 99 other operating systems as well... perhaps in device volume, iOS and ipodOS are the most important ones as they are in the billions.
House Republicans were shocked by some of the recent high-profile retirements announced by their colleagues, which have included powerful committee chairs and rising stars inside the GOP.
Cuando pensaba que no había nada peor que lo de pedir un pago para rechazar las cookies, me encuentro un medio que una vez que has rechazado las cookies, te planta un cartelón enorme que te ocupa media pantalla diciendo que si quieres leer la noticia, que aceptes las cookies.
Z virtuálních regálů online prodejce potravin Rohlík v nejbližších dnech zmizí výrobky zemědělské a potravinářské skupiny Rabbit CZ, za níž stojí jeden z hlavních organizátorů aktuálních zemědělských protestů Zdeněk Jandejsek.
An interesting new data leak has emerged, reportedly involving a Chinese Ministry of Public Security (MPS) private industry contractor called iSoon (aka Anxun).
Wish I could read Mandarin. But it appears to describe a number of undisclosed data breaches. "An Xun infiltrated overseas government departments, including India, Thailand, Vietnam, South Korea, NATO..."
"2020-11-25 02:35:38 wxid_5390224027312 wxid_soekgggwnfgm21 One network security detachment cannot handle the whole case and we definitely still need cooperation"
Sucks when you don't have enough hackers to plunder all of the riches.
The translated chats are pretty wild. On the one hand, they paint a picture of a company that is typical of IT shops: Overworked and under-resourced.
But beyond that, they have various "clients" that appear to be different Chinese government agencies seeking access to foreign govt systems. The clients supply a list of targets they're interested in, and there appears to be something of a competitive industry that has sprung up to gain the access requested, of which this company is but one of many players.
In this discussion, they talk about the prices for various webshells (website backdoors) on different govt targets, mentioning a 100,000 - 150,000 bounty (currency?) for a webshell at the FBI.
Seit Tagen klagen einige User auf Mastodon über eine Spamwelle. Der liegen automatisierte Angriffe auf unzureichend geschützte Teile des Fediverse zugrunde.
For the attention of federated systems developers, including Matrix, Fediverse and others.
It may be good to know about an issue going on with FedCM “Federated Credential Management” draft spec. Liquid Surf brings it to the attention of all federated systems fans in their blog post: Can FedCM improve the user experience of decentralized ecosystem ? . In short, the spec aims to make a slicker browser flow for the Sign-In-With-Xxx buttons.
To us who care about federated computer infrastructure, introduction of a new standard to streamline the sign-in flow might seem minor and remote, but there is a catch.
What Is FedCM?
FedCM, short for Federated Credential Management, is a new draft specification for web browsers, published by the Federated Identity Community Group and strongly driven by teams from Google. It represents an advancement in how websites manage user logins, when logging in through different identity providers (such as “Sign in with GitHub/Google/etc.”) while preserving user privacy... — Liquid Surf: Can FedCM improve the user experience of decentralized ecosystem ?
The Catch
The critical issue is, at present, the draft standard is likely to cement the monopolies of the big providers (like Google and Facebook) and leave out small providers. In short, the problem is the draft spec says the site we're logging into (called the RP) solely dictates what list of identity providers should be offered to the user. What will happen in that case? Most sites will offer only the BigTech identity providers. Read the blog post and the issue Allow IDP registration #240 for details.
What to do about it?
The proposal in Allow IDP registration #240 is, in short, not to have the RP site solely dictate what list of identity providers should be offered, but also to let the browser register the user's chosen identity providers and present those as options when a new login is requested.
Decentralising ID providers is key to the whole decentralised movement, including Fediverse, Matrix, self-hosters as well as the ability for independent businesses to provide comprehensive IT services without one of the tech giants playing gatekeeper.
We, all of us who care about federated/decentralised infrastructure, now need to push the draft Federated Credential Management “FedCM” standard to support “Sign In With” the user's choice of identity provider (which may be small, local, independent, hosted by one's school or enterprise or self, and so on). If this extension to the proposal does not get enough support to be accepted, we might get a standard that perpetuates the status quo of sites only offering Sign In With the giants like Google/Github/Facebook, ugh. That would be another death blow for user agency and privacy and variety.
Fedi devs, let's demo this truly user-centric version of FedCM, show us how awesome it is! Fedi fans, this might seem remote from our viewpoint but it's important for our future. Let's share this issue more widely among Fedi projects!
We will have a Solid Special Topic on FedCM this tuesday at 14h00 UTC, it would be great if people from the fediverse can join too :) Please let me know if you are interested and I'll PM you the link to the visio
TL;DR there is a significant amount of context at the start of this issue before we get to the proposal, here is a google doc version for an alternative form. Background The origins of many federat...
At this years MiniDebCamp Hamburg, March 3 - 10, there will be a traditional Debian Cheese and Wine party! See https://wiki.debian.org/DebianEvents/de/2024/MiniDebCampHamburg
Is it stupid that I'm trying to raise one billion dollars to protect my cat? Some might say so. But it is infinitely stupider that people have raised over $480,000 to cover Trump's legal fees.
So, please help me raise one billion dollars to protect Fishy. It is objectively not the worst way you could spend your money. gofund.me/40393797
Fishy was abandoned on the side of the road in the pouring rain. It looked like a child scratche… Low Quality Facts needs your support for Help Protect Fishy.
today I wanted curl to auto-gunzip a gzipped response. Before I try and implement it myself, is there a reason why it doesn't have that feature already?
... but is there a point to not just assume that's what the user wants IF AND ONLY IF the user is on a tty? There is already a warning before spamming the terminal with binary, so I figured if the response headers described some coding and curl knew how to decode it and the user is on a text terminal, then.....
Kee Hinckley
in reply to Kee Hinckley • • •Kee Hinckley
in reply to Kee Hinckley • • •