glitchsoc - Link to source

arbitrary code execution in PDF.js.

a malicious PDF can execute arbitrary JS as soon as it's opened in Firefox.

codeanlabs.com/blog/research/c…


CVE-2024-4367 - Arbitrary JavaScript execution in PDF.js — Codean Labs

A vulnerability in PDF.js found by Codean Labs. PDF.js is a JavaScript-based PDF viewer maintained by Mozilla. This bug allows an attacker to execute arbitrary JavaScript code as soon as a malicious PDF file is opened.
Thomas Rinsma (Codean Labs)
This entry was edited (1 year ago)

pleroma - Link to source
Geoff Huston's offers interesting commentary on DNSSEC and the problem of securing the domain name system more generally:
potaroo.net/ispcol/2024-05/dns…
My own domains are DNSSEC-signed. The necessary Bind 9 configuration is simpler nowadays than it used to be, as much of the process has been automated - a welcome change.
#Internet #DNS #DNSSEC #security

ISP Column - May 2024

www.potaroo.net
#security #dns #Internet #dnssec

pixelfed - Link to source

Non-Binary Pride Arrow Brick Stitch Fringe Beaded Earrings

Today marks one year since I beaded my first pair of earrings! Now I have a tangible reminder of how far I've come, because I kept practicing, even when beads broke, and needles...

So in honor of my "beadiversary" and the upcoming Pride Month, I recreated my first ever earrings with a new pattern, single brick stitch this time. Check them out:

cvkvlv.com/products/non-binary…

Two pairs of yellow, white, purple, and black Native beaded earrings on a marble background. The one on the left is labeled "May 2023 and the one on the right is labeled "May 2024"

Non-Binary Pride Arrow Brick Stitch Fringe Beaded Earrings

Materials:Glass seed beadsStainless steel fish hook findingsApproximately:4 3/4 inch or 12 cm length1 inch or 2 1/2 cm width
Cvkvlv.com Beadwork

mastodon - Link to source

Precisely four years ago, the first ever changeset with #MapComplete was made. Granted, it was a testing point - but it marked the birth of MapComplete:
openstreetmap.org/changeset/85…

Tomorrow, there is an OSM-meetup/birthday party for it: osmcal.org/event/2867/


OpenStreetMap-meetup + MapComplete birthday party

(English below) Een gezellig samenkomen voor iedereen die interesse heeft in OpenStreetMap - van totale beginner tot expert.
OpenStreetMap Calendar
#MapComplete

mastodon - Link to source

Most of us have been told to stand up straight. In her new book, Beth Linker uncovers the surprising history of posture science and its lasting impact.

The data isn’t there to support over a century’s-worth of assumptions about bad posture.
buff.ly/3yugdHI


Slouching and the posture panic, with Beth Linker - Niskanen Center

Probably all of us have, at one time or another in our younger years, been told to stand up straight.
Geoff Kabaservice (Niskanen Center)

mastodon - Link to source

Ta církev je ztracená.

zpravobot.news/@novinkycz/1125…

novinkycz :bot: (@novinkycz@zpravobot.news)

V katolické církvi je už příliš mnoho homosexuálů, a proto by další neměli vstupovat do kněžských seminářů. Prohlásil to podle listu Corriere della Sera a dalších italských médií papež František při jednání italských biskupů o vzdělávání kněží.
Zprávobot.news

pleroma - Link to source
This episode of the Security, Cryptography, Whatever podcast offers insight into the history of Transport Layer Security (TLS), and critical discussion of certificate transparency, DNSSec, and other protocols. Post-quantum cryptography is also considered.
securitycryptographywhatever.c…
#Security #CryptographicProtocols

ekr

iykyk Links: https://hovav.net/ucsd/dist/draft-shacham-tls-fasttrack-00.txt https://crypto.stanford.edu/~dabo/pubs/papers/fasttrack.pdf https://datat...
securitycryptographywhatever.com
#security #cryptographicprotocols

mastodon - Link to source

#AndroidAppRain at apt.izzysoft.de/fdroid today brings you 7 updated and 3 added apps:

* Healthy Battery Charging: keep your phone charging between 40% and 80%
* Easy Notes: simple modern notes app with material design
* Tack: metronome with Wear support

apt.izzysoft.de/magisk had 1 #Magisk #module updated and 1 added:

* Disable Low Ram Flag (for Android Go devices)

Enjoy your #free #Android #apps with the #IzzyOnDroid repo :awesome:


IzzyOnDroid F-Droid Repository

This is a repository of apps to be used with F-Droid. Applications in this repository are official binaries built by the original application developers, taken from their resp. repositories (mostly Github, GitLab, Codeberg).
IzzyOnDroid App Repo
#android #free #apps #AndroidAppRain #magisk #izzyondroid #module
Unknown parent

mastodon - Link to source

Filip Hracek

@Bubu Sorry, no plans at this point. I was looking into it a while ago but realized it'd be a lot of work to make the game look decent on a large landscape screen. The alternative is a "lazy" port (that looks like a mobile game running on the desktop) but I'm not going to do that.

Thanks for the interest. I really appreciate it.

@Bubu
in reply to victor tsaran

mastodon - Link to source

Jack-Frostodon

@vick21 I think the biggest problem with audio description is a true lack of standards truly optimized for the format. SAP is a workaround that was never really meant for audio description,. The biggest problem is the need for a secondary audio mix in the first place. The open-standazrd xlm/srt format that has been used for captions gets this right, and even better, it's been excluded from most movie/tv drm - so while the video may be drm-laden, the captions sure aren't.
@victor tsaran
in reply to Jack-Frostodon

mastodon - Link to source

Jack-Frostodon

@vick21 So what I think needs to happen is a similar standard for audio description, with individual files with each audio description event that fire at the designated queue times, just like captions. Lines on the queue card, like captions, can have additional parameters, such as how much the orginal audio needs to be ducked during the description, and when it should come back. This way, a heavy-action sequence can have its own ducking rules compared to a light scene.
@victor tsaran
in reply to Jack-Frostodon

mastodon - Link to source

miki

@jackf723 @vick21 This is how audio description on TV works, at least in most of Europe. That's how it has to be, terrestrial and satellite bandwidth is very limited, and wasting it on tracks that are used very infrequently is just unacceptable. As a broadcaster, you have a choice between overpaying for bandwidth for very little benefit, converting the AD mix to mono at some horrendously low bitrate, or overlaying the low-bitrate, mono AD track on top of normal, high-quality audio. Most broadcasters go for the last option.
@victor tsaran @Jack-Frostodon
in reply to miki

mastodon - Link to source

James Scholes

@miki Do you have any reading material on how widespread this is in practice? I've never encountered any satellite systems in Europe that actually choose to do mixing at the receiver. Terrestrial, yes, but I only have experience of the UK system. Whereas I've tuned into multiple satellite channels from various countries where the AD is just mixed in at the source. @jackf723 @vick21 @weirdwriter
@miki @victor tsaran @Jack-Frostodon @Robert Kingett backup
in reply to James Scholes

mastodon - Link to source

James Scholes

@miki A few months back, a British broadcaster trialed a more descriptive, blind-friendly audio stream for a televised rugby match[1]. Of course, they only had the mono, low-bitrate AD channel to use, and presumably couldn't manage the fade values in realtime. So we ended up with US-SAP-style, crappy stadium audio.

[1] itvmedia.co.uk/news-and-resour…

@jackf723 @vick21 @weirdwriter

Guinness and ITV make sporting history by trialling live descriptive audio commentary for the Guinness Six Nations

Discover how Guinness and ITV are making sporting history by trialling live descriptive audio commentary for the Six Nations this weekend
ITV Media
@miki @victor tsaran @Jack-Frostodon @Robert Kingett backup
in reply to James Scholes

mastodon - Link to source

miki

@jscholes @jackf723 @vick21 Poland does this somewhat regularly. We get audio description for quite a few football (soccer) matches here. It's quite surprising really, considering the fact that we barely get it for anything else. Soccer is the only thing that gets somewhat regular and consistent AD. The quality is quite crappy, I can't tell you the exact stream parameters but I know who to ask.
@James Scholes @victor tsaran @Jack-Frostodon
in reply to Jack-Frostodon

mastodon - Link to source

Jack-Frostodon

@vick21 The biggest favor an open standard can do is it can pull the description files from a centralized, streaming provider-agnostic repository of audio description files. Before watching the movie,, the streaming app could download and cache all the individual descriptions that make up the description track so that they play on queue. And the description database could be semi-wikipedia style, wherein anyone can submit descriptions but they go through a board review.
@victor tsaran
in reply to Jack-Frostodon

mastodon - Link to source

miki

@jackf723 @vick21 This isn't as easy as you think, movies from different sources may have different lengths, e.g. due to a PAL/NTSC difference, an extra Netflix logo etc.

The only approach which makes sense here is the german Greta system and its derivatives. It's essentially Shazam for movies, you pick a movie you want to watch, give it a short sample, and it syncs your audio description with the movie audio. The added benefit to this is that the AD is completely independent of the movie source, works in cinemas and can be played through your own headphones when watching a movie with sighted friends or family.

@victor tsaran @Jack-Frostodon

hometown - Link to source

Know any NYC students, or their parents?

The mayor closed the libraries on Sundays, and is set to close them Saturdays too -- citing budget constraints 📚

The budget's being debated right now!

So, if you live in NYC?

Here's a form that'll auto-send a letter to your city councillor telling them to vote to "keep the libraries open sundays": actionnetwork.org/letters/open…

Forward it to any students in NYC 🤘

Parents can use it too -- just rewrite the opening salutation to say "I'm a parent"


OPEN THE LIBRARIES NYC

LAST YEAR, MAYOR ERIC ADAMS CLOSED THE LIBRARIES ON SUNDAYS NOW HE'S CLOSING THEM ON SATURDAYS TOO! SPEAK UP! FIGHT BACK! OPEN THE NYC LIBRARIES! TELL YOUR REPRESENTATIVES THAT THE MAYOR'S ACTIONS ARE UNACCEPTABLE AND ROLL BACK HIS PROPOSED 58…
actionnetwork.org

hometown - Link to source

Sensitive content

mastodon - Link to source

I'd like to remind all Mastodon users that you can add a language filter to any follow relationship on Mastodon.

If you follow me and you don't speak German, you can easily remove my German posts from your timeline by adjusting the language settings.

Go to my profile page, select the dot menu and click "Change subscribed languages". Then select the languages that you speak.

This really is a hidden gem 💎 on Mastodon and not many people seem to know this feature :awesome:

#mastodon

Screenshot shows profile page context menu next to the subscription bell. Click "Change subscribed languages". A dialog opens.
In the pop up dialog, select all languages that you want to subscribe to.
#Mastodon
This entry was edited (1 year ago)

reshared this

mastodon - Link to source
Thanks to someone on r/ubuntu, I found out why I had so much trouble with Orca while installing Ubuntu 24.04. Their release notes specifically say this: "Screen reader support is present with the new desktop installer, but is incomplete". Thanks a lot, Ubuntu maintainers. I sure feel included in the Linux community. I guess I'll have to do what the redditter suggested: install 23.10 with the legacy installer, then update to 24.04. Release notes: discourse.ubuntu.com/t/ubuntu-…

Ubuntu 24.04 LTS (Noble Numbat) Release Notes

Noble Numbat Release Notes Table of Contents Introduction New features in 24.04 LTS Known Issues Official flavours More information Introduction These release notes for Ubuntu 24.
Ubuntu Community Hub

reshared this

mastodon - Link to source

Protecting your #privacy doesn't stop with our world's first post-quantum email #encryption. ⚛️🔒

Tuta uses #DNSSEC and #DANE to keep you secure. 💪

To learn more 👉👉👉 tuta.com/blog/tutanota-uses-da…

A background of 0s and 1s with the word "security" in the center.

Encryption for all emails: Tuta uses DANE, DNSSEC, and MTA-STS for maximum security

Protecting your data doesn't stop with end-to-end encryption. Tuta uses leading security protocols to protect web traffic and your standard email delivery.
Tutanota
#privacy #encryption #dane #dnssec
Unknown parent

mastodon - Link to source

miki

In the eyes of the law, yes. Microsoft is in a very unique position here, their account system is connected to xBox, so the easy way out, which is not letting children make Microsoft accounts in the first place, is not available for them. However, they still need to follow COPPA and the GDPR, so they had to implement proper parental consent and age verification procedures. They're big enough that they can't just let things slide and need to choose caution and legal ass-covering over a good user experience.

As a result, a lot of people had issues e.g. when they used personal accounts for small businesses and used the founding date of the business as the account's date of birth. Being locked out and being asked to link your account with your parents' isn't terribly unusual with Microsoft.

mastodon - Link to source

Ding Liren reagoval na Carlsenove slová, že je „navždy zlomený“

"Snažil sa povedať pravdu. Povedal to, čo cítil. Po majstrovstvách sveta to bolo pre mňa naozaj veľmi ťažké, najprv som bol vyčerpaný (z úskalia súťaží na majstrovstvách sveta). Potom som ochorel. Teraz som Môžem povedať, že som sa z choroby vyliečil, ale moja sila sa stále nevrátila na predchádzajúcu úroveň." #šach

#sach

mastodon - Link to source

Hier gibts übrigens eine deutlich seriösere (heißt: mit etwas mehr Aufwand verbundene) Umfrage zum "Verbrenner-Aus" in Form einer Unterstützungs-Petition. Wäre schön, wenn da mindestens so viele Leute unterschröben wie bei den depperten Klick-Abstimmungen mitmachen, einfach, damit klar ist, dass die hohen Befürworter*innen-Zahlen tatsächlich realistisch und nicht "kriminell manipuliert" sind: duh.de/ja-zum-verbrenneraus/

#Verbrenneraus


Deutsche Umwelthilfe e.V.: Rettet das Verbrenner-Aus!

Die Union will mit einer groß angelegten populistischen Wahlkampagne das beschlossene Verbrenner-Aus in der EU kippen! Damit torpedieren sie die einzige wirksame bisher beschlossene EU-Klimaschutzmaßnahme im Verkehrsbereich.
Deutsche Umwelthilfe e.V.
#Verbrenneraus

mastodon - Link to source

Client-side comments with Mastodon on a static Hugo website

#Hugo #goHugo #Blog #Blogging #Comments #Mastodon #Fediverse

andreas.scherbaum.la/post/2024…


Client-side comments with Mastodon on a static Hugo website

Ever since I moved this blog to Hugo from Serendipity, I missing the comment option a bit. This is something which a static blogging engine does not offer out of the box. And I did not migrate all the comments from my old blog to my new blog.
ads' corner
#blog #fediverse #Mastodon #hugo #comments #blogging #gohugo