From David Kingsbury: April 4 Launch of the third edition of "The Windows Screenreader Primer: All the Basics and More": Thursday, April 4, 7:30 PM Eastern Time groups.io/g/tech-vi/message/66…
From the Andrew Heiskell Braille and Talking Book Library: NVDA for Windows and Voiceover for Mac Workshops start April 3!! groups.io/g/tech-vi/message/66…
ableism, audism, and eugenics from a Mozilla tech lead
Sensitive content
as advised, I did the receipts preservation if anybody wants it. the context was about Autistics, he just also made sure everyone knew he feels the same way about Deaf people. he’s apparently the “Tech Lead with the Mozilla Performance team”
Very rare fire hackernews comment: > FOSS as infrastructure doesn't mean every piece of FOSS is. And infrastructure can be incidental. While we're using analogies tortured beyond all meaning, a goat path in the forest is infrastructure if I ride my bicycle on it to get somewhere, but the goat herder was just herding their goats. If you want to rely on something (code, forest path, whatever), you should probably take steps to ensure the longevity and security of that thing, especially if you depend on it to make money. If I really need my goat/bicycle path, I could do path maintenance on it or try to get the government to do it, but complaining that I'm late for work because the goat herder didn't clear a fallen tree that their goats can jump over but I can't bike around is both foolish and obnoxious. — news.ycombinator.com/item?id=3…
So, folks, CloudVision V3.2.0.1 for NVDA, which was released few minutes ago, fixes the Be My AI recognition issue. github.com/alekssamos/cloudvis… @NVAccess
Remember those high-quality, form-fit leather cases? They're back, and now with free shipping. Browse our complete selection here, and let us know if there is one you are looking for that we haven't listed. atguys.com/store/index.php?mai…
We feature high-quality cases from top brands including Turtleback for your technology. If you're looking for something specific that you don't see here, please send us a message.
Gracias a que una persona grabó y difundió una intervención policial con dos personas negras que tuvo lugar en Lavapiés el pasado sábado, el debate sobre la violencia policial se ha vuelto a poner sobre la mesa. El Ministerio del Interior ha iniciado una investigación de oficio sobre los hechos y ayer varios colectivos antirracistas convocaron una concentración en el barrio. Todo esto fue posible, como decimos, gracias a la grabación de los hechos. De lo contrario, muy posiblemente la versión policial habría preponderado sobre la de los detenidos. Por ello, es muy importante que conozcamos nuestros derechos respecto de la posibilidad de grabar a agentes de la autoridad en el ejercicio de sus funciones. ¿Se les puede grabar? ¿En qué circunstancias? ¿Y se pueden difundir las imágenes? Lo desarrollamos en este artículo👇 red-juridica.com/ilegal-grabar…
#SpeechHistory for #NVDA has been updated for 2024.1 compatibility, and even includes a new feature!
You can now capture multiple speech history items in realtime, which is useful for e.g. bug reports without copying from the Speech Viewer. Press NVDA+Shift+F11 to start recording, use NVDA as normal, and then press NVDA+Shift+F12 to stop recording. All recorded speech will be copied to the clipboard, with items separated by a line break (`\n`).
If you missed it yesterday, #SpeechHistory for #NVDA has been updated for 2024.1 compatibility, and includes a new speech recording feature. Use NVDA+Shift+F11 to start recording, and NVDA+Shift+F12 to stop, at which point the recorded speech will be copied to the clipboard.
Note that the add-on should also be listed in the Store soon.
In March 2023, I submitted #SpeechHistory to the #NVDA Add-On Store, which at the time was very new. I ran into errors with the process NVAccess had in place, some of which were caused by problems with my submission. Unfortunately, my PR was closed before I had time to address them, and I didn't have the mental energy at the time to try again.
I gave it another go this week, now that the Store and related procedures have undergone a lot of testing and growth. This time, I needed to be approved as a new add-on submitter, which is a totally reasonable requirement. Unfortunately the process seemed to become stalled on the NVAccess side with no information as to why, including after a follow-up from me. (Edit: it seems that I was approved as a submitter on April 2nd, but without any indication from NVAccess that this had taken place, and without the original add-on submission actually being accepted.)
Thankfully, somebody from the community approached me privately tonight, and offered to submit the add-on using their existing trusted contributor status. The end result is that Speech History is now in the Store, and I guess I'll come back in 2025 and hope for third time lucky.
Seems quite cumbersome even if the individual steps make sense. I hope @NVAccess does give you some communication about it eventually. Granted it's a small team and it's only been a couple of days, and I'm sure lots of devs are submitting 2024 addons around this time.
@simon They are/have been, but most were auto-approved because of the known status of the author. My approval request was one in a single-digit set requiring manual intervention, and none of the others seem to have gone anywhere either.
@simon Hi James, thanks for your patience. I'll see what I can find out for you (I am in and out of the office a lot this week so I can't promise to follow up today, but I'll get back to you as soon as I can).
@NVAccess Thanks. Someone else did uncover that I had been approved on the second of April, but without any notification so I had no idea. The add-on submission issue also remained open. @simon
@simon I think Sean has been approving those but has been on leave - we are looking into whether we can automate a message when approved but at least we can ensure we have the process documented even if it needs to be manual. Sorry it didn't happen in your case! Now you are approved though, you should be able to submit future updates a bit smoother.
I think the #xz incident is teaching us that our infrastructure is dangerously fragile in the face of well-organized/funded attackers. The response isn’t “try harder” or “donate to your OSS project”, it needs to be institutional, professional, and at scale.
I think this has little chance of actually improving the world. A large org moving its weight around and assigning people to participate in projects who are not driven by the tech or a desire to use or improve the project?
I'm a skeptic.I'm afraid people will not come with the proper motivations and drive.
Watching several foundations and organisations that had/have similar approaches since Heartbleed tells me that they often end up in bureaucracy and infighting, unfortunately.
UPDATE: In honouring the original request for a HOWTO discussion, that's my main point. Make very sure that (managerial) overhead is minimised to mostly admin stuff like paying bills and procurement. Avoid having charismatic "Heroes" that will try to put ego above goals.
@jwildeboer indeed. Imagine also the imbalance in projects with a bunch of eager volunteers working their butts of in their spare time, only to have big-org assign a new person coming in from the outside - getting paid to be there - arguing for less features, slowing down and rather just doing more tests. Why would projects even listen to or care about them?
I understand the desire and intent but I think it is difficult to drive this from the outside like this.
@bagder @jwildeboer I didn't picture it as an organization that took any position on features or velocity of change. Tim seemed pretty clear about it staying out of features or leadership roles. A security (and maybe performance analytics) focused org that followed dev and just made security-related PRs could be mostly ignored by the project and it would still have a positive impact. The risk is doing too much and getting bogged down in micromanaging non-security stuff.
@bagder @jwildeboer The difference for e.g. the NSA to get a small and a big-corp project backdoored is that for the first, they need a lot of social engineering, while for the latter, they'd just need to send an NSL. Or get one of theirs through the hiring process. And often, you can't tell the difference.
Eric Rescorla from Mozilla, who helped the Dual EC DRBG backdoor to get into the TLS RFCs is one of those persons I don't know on which side they are.
Doing more tests doesn't sound like a bad thing though.
I wonder if the path of a third-party sponsored effort driving testing could actually be a good answer, which would free some community development resources to do feature development.
We would need to carve a role in the project carefully, so that it contributes without taking over, but it can be helpful.
@bagder i agree. But if we get a more useable build system out of it, that would probably be the biggest positive impact the security world would have had on software in decades. So I will take it.
@bagder ahah i would argue we have *not* done build systems for 40 years ;)
Just like we have not done programming languages adapted to this level for decades until we got lucky to steal some of Mozilla money. (I am not saying RiiR here)
@Di4na For the last 25 years, I have had people coming to my projects arguing for adding build system support for system X or rewriting it to only use system Z because the system Y is so bad.
The names and people change over time. But they still come.
@bagder I still do think we have a tooling problem, especially build systems. It takes a large amount of maintenance time out of the hobbyists maintainers limited ressources.
Does that means I am selling a solution? Nope. I do not have a good one rn. I have some ideas that could be explored, but that is far from being something to switch toward
What I think is worth considering is how we would fund exploring this problem.
@bagder because while Autoconf is not THE problem, I think we both can agree that Autoconf and Make are A problem in term of maintenance and experience for the person using them, at every level.
Does not mean we have something far better today. But it is something painful and ... Problematic. No?
it's like saying we have a problem with cars because their engines are too complicated and we should have simpler ones.
Sure maybe, but they are complicated for reasons.
I maintain that people have worked on and still are working on build systems for decades. If we need improvements there, then... well, someone should join those projects or start new build tool projects. I will not.
@bagder @Di4na Who said cmake was good? I said autotools was bad and looked around, pointed out that meson and cmake seem to be the most visible alternatives, and wrote “Are they good enough? I don’t know.”
Even if I (let's say) would currently have an interest in maintaining project X and it would be possible to motivate to my employer, I will likely work on something else in 1-2 years time.
Not sure what that would do for long term stability.
@bagder To be fair, curl is obviously the kind of project that doesn't need the kind of help I'm suggesting. I specifically mentioned “Open-Source projects that have a high ratio of adoption to support”. Obviously OSQI would never have the resources to help with everything.
I actually don't know, are there more projects like curl or like xz? (There are plenty like xz.)
1. I did not say nor imply that I need that kind of help in curl 2. I am a maintainer of other well-used libraries as well (c-ares and libssh2), with much less contributors. I would maybe say they are closer to xz than curl.
curl has been in "the xz territory" during long times in its lifetime. I based my comments on my lifetime as an Open Source maintainer contributor.
But I also understand that being a critic is easy and I've said my piece now so I'll drop it now.
The White House on Tuesday directed NASA to establish a unified standard of time for the moon and other celestial bodies, as the United States aims to set international norms in space amid a growing lunar race among nations and private companies.
Struggling with website accessibility for the visually impaired? Discover effective design tips, understand legal standards, and identify helpful tools.
Check out Penpot new interface with a much more intuitive experience for the user. This is another enhancement as part of the upcoming Penpot 2.0 release tha...
While the #xz backdoor has everyone focusing on ways to make and keep open source sustainable, let's talk about the systemic abuse reinforcement mechanism that is the CVE database. Case in point: CVE-2023-45853.
This is a "vulnerability" that is reported for an _example_ source code file included in the zlib package. NIST has inexplicably classified this as a 9.8 out of 10. They fail to attribute the report: nvd.nist.gov/vuln/detail/CVE-2…
#LivingBlindfully Transcript, Living Blindfully episode 275, Voice Dream Reader moves to subscriptions for all users, blind people and Linux, old DOS apps, and Jonathan’s new hearing aid journey - livingblindfully.com/lb0275tra…
It's pretty comprehensive (i.e. uses it for reload notification too), but still relatively short.
In the past, I have been telling anyone who wanted to listen that if all you want is sd_notify() then don't bother linking to libsystemd, since the protocol is stable and should be considered the API, not our C wrapper around it. After all, the protocol is so trivial
that one can explain it in one sentence: send an AF_UNIX datagram containing READY=1 to a socket whose path you find in the $NOTIFY_SOCKET env var.
But apparently turning that sentence (which appears in similar fashion in the man page) into code is not trivial, hence this new example code.
Hence, copy away, the thing is MIT licensed. And the protocol has been stable for a decade, and I am pretty sure it's going to remain stable for another decade at least.
This small comment from @bagder really made my day.
F/OSS can be a grind and there's no shortage of negativity and bad attitudes to be found. Buck the trend! A thank you or some words of praise go a long way.
I embloggerated, about xz and Tidelift. Some key points: - the first, angry, draft was titled "I told you so", because we've been saying volunteerism + increasing burdens + solo maintainership is a recipe for disaster since 2017 - money (and Tidelift) is not a magic bullet, it's a cornerstone—not enough by itself, but without money, other proposals will never hit scale - there's many more things I wish Tidelift could do, but we need more scale first 😞
Learn about last week's xz library backdoor hack, its link to maintainer burnout, why we need to pay open source maintainers, and how Tidelift can help.
Do you have any suggestions for the lower layer of the stack where xz lives? Do you think RHEL wasn't receiving enough money, due to freeloaders using CentOS and the like, or wasn't distributing it properly?
@matt I hesitate to dump on RH, because this problem is hard, but RH’s model has always been binary: either you’re employed by RH, and get money; or you’re not employed, and get patches (at best). We push beyond that, and Red Hat should too.
We've got a new Developer Digest, and this one is full of updates on Rust and Exchange support, a better mailing list subscription experience, and a successful ESMification! 🎉
Netanyahu is apparently following through with his threat to shut down Al Jazeera in Israel, at least temporarily, because "national security".
The US, meanwhile is "continuing to make clear the importance of a free press" (paraphrasing, but pretty close to the original wording). Real strong words there, land-of-the-free.
History will remember what we did here, and it will not look kindly on us.
NV Access is pleased to announce that version 2024.1 of NVDA, the free screen reader for Microsoft Windows, is now available for download. We encourage all users to upgrade to this version.
Highlights - “on-demand” speech mode - Native selection mode in Firefox - Bulk actions in the Add-on Store Many more updates and fixes. Please see the release announcement for all the info and download links: nvaccess.org/post/nvda-2024-1-…
NV Access is pleased to announce that version 2024.1 of NVDA, the free screen reader for Microsoft Windows, is now available for download. We encourage all users to upgrade to this version. Highlig…
@ElementalEcho When the new “on-demand” speech mode is enabled, NVDA does not speak automatically (e.g. when moving the cursor) but still speaks when calling commands whose goal is explicitly to report something (e.g. report window title). Related to that , in the Speech category of NVDA’s settings, it is now possible to exclude unwanted speech modes from the Cycle speech modes command (NVDA+s), so you can disable that, or ONLY allow speech modes you use etc.
Historians are learning more about how the Nazis targeted trans people
“In the fall of 2022, a German court heard an unusual case.
It was a civil lawsuit that grew out of a feud on Twitter about whether transgender people were victims of the Holocaust. Though there is no longer much debate about whether gay men and lesbians were persecuted, there’s been very little scholarship on trans people during this period.
The court took expert statements from historians, including myself, before finding that the historical evidence shows that trans people were, indeed, persecuted by the Nazi regime.”
Denying that trans people were targeted specifically — not as afterthoughts, but directly — by the Nazis, is holocaust denial
The original version of this was a direct subtoot of a certain instance admin on here who leveled these accusations against one of our multiply-marginalized moderators, but I decided to make this more generic..
Leo
in reply to A. T. Guys • • •David Goldfield
in reply to Leo • • •