After heartbleed in 2014, there were a lot of calls to abandon OpenSSL and support alternative libraries because it had written itself into a corner full of holes. I didn’t anticipate that 11 years later, there’d be a call to abandon OpenSSL because it’s written itself into a corner of running at 1% the performance of those very same alternative libraries haproxy.com/blog/state-of-ssl-…
[HAProxy Technologies] The SSL landscape has shifted dramatically. In this paper, we examine OpenSSL 3.x, BoringSSL, LibreSSL, WolfSSL, and AWS-LC with HAProxy.
tangentially, I’m perplexed that someone would both name their project BoringSSL and be very willing to break API compatibility on a moment-to-moment basis. That feels like a “pick one” situation
there's nothing wrong with being the bleeding-edge option, but we need to workshop this branding. ExcitingSSL. RollerCoaster Crypto. Thrills and Chills TLS
Tldr: Sorry about what happened, Fosstodon is committed to being a safe and inclusive space, and we're taking measures to ensure this won't happen again.
I guess it’s a good thing that the genocide in Ukraine has devalued your currency so much that 800,000 rubles isn’t actually that much money.
> By the ruling of the magistrate of judicial district No. 422 of the Tagansky district of Moscow, companies Threema GmbH and Pagebites Inc have been fined 1 million rubles each, and Gultsch & Weiss GbR has been fined 800 thousand rubles.
Мировой суд Таганского района Москвы оштрафовал три иностранные IT-компании за неисполнение российского законодательства, сообщили во вторник в пресс-службе суда.
out of curiosity: is this happening out of the blue, or have you been instructed to [do stuff]? Do you know what specific directives you're violating, how?
«Любой, кто думает, что Путин остановится после территориальных уступок, просто глуп» — Байден дал (theins.ru/news/281137) Би-би-си первое интервью после отставки Экс-президент США Джо Байден дал первое интервью с тех пор, как в январе покинул Белый дом. В беседе с Би-би-си он сравнил попытки администрации Трампа заставить Киев пойти на территориальные уступки с политикой «умиротворения», которую правительство Великобритании в 1930-х годах вело по отношению к Гитлеру. По словам Байдена, Владимир Путин считает всю Украину частью России, так что «любой, кто думает, что он остановится», если получит часть территории в рамках мирного соглашения, «просто глуп». «Я просто не понимаю, почему люди думают, что если мы позволим диктатору, бандиту, думать, что он может забрать значительные участки земли, которые ему не принадлежат, то это его удовлетворит», — добавил политик. Экс-президент рассказал также, что обеспокоен состоянием отношений между США и Европой и что разрушение этих отношений «изменит современную историю мира». Читать в России без VPN (storage.googleapis.com/kldscp/…) Подписаться на The Insider (t.me/theinsider) | Задонатить (donate.theins.ru/en) | Написать редакции (t.me/TheinsiderBox_bot)
❤️ - Trumps Bildungsministerin Linda McMahon erklärte am Montag in einem Brief, die Bundesregierung werde Harvard keine neuen Zuschüsse gewähren, da die Hochschule gegen Bundesrecht verstoße und „ihre gesetzlichen Pflichten, ethischen und treuhänderischen Aufgaben, Transparenzpflichten und jeglichen Anschein akademischer Strenge“ vernachlässige.
Harvard reagierte, überprüfte den Brief auf Rechtschreibfehler und Zeichensetzung und veröffentlichte ihn anschließend in den sozialen Medien:
Join us in Budapest and tell us what you’re doing with LibreOffice! The Document Foundation invites all members and contributors to submit talks, presentations and workshops for this year’s LibreOffice conference in Budapest at ELTE’s Faculty of Info…
- extremely unfortunate location for this, as the country has proven to be anything but ‘free’, as it is routinely against anything supportive of the rules and regulations geared towards the citizens in the EU. Belarus Lite.
Title: Curl ProgrammingAuthor: Dan GookinISBN: 9781704523286Weight: 181 grams A book for my library is a book about my library! Not long ago I discovered that someone had written this book about curl and that someone wasn't me! (I believe this is a f…
This is a gruelling summary of all the things wrong with OpenSSL haproxy.com/blog/state-of-ssl-… I've mostly watched this whole thing from the sidelines, but was also affected noting that private key parsing suddenly became 70 times slower. I think they've now improved it to "only" be 10-20 times slower, and there does not seem any effort to work on it any more.
New research shows glitter that makes its way into the sea is actively disrupting a crystal-forming process known as biomineralisation, which affects how marine life such as sea urchins, corals and oysters form their shells and skeletons. This mineral formation also contributes to how the ocean helps regulate Earth’s climate by moving carbon through the planet. So the consequences could be far from pretty. #Glitter #Environment #Oceans #Biodiversity #ClimateEmergency
Ooh, I really like your site! Awesome! Can a curious soul ask where you made it, or if you host it via something like wp? Real cool accessible stuff! :)
@tardis Of course! It is a static site generator, in this case, Eleventy. At the moment I upload it to a server myself but with a backup on Github. I host with Nearly Free Speech because I intend to write about my own sexual experiences and I will be explicit, so I need a place that won’t ban me for writing about adult sex. The more important thing is I made it with #Eleventy.
Oh, this is cool. I see. I should look at it. I have a wiki, but have to add a whole page every time I want to post, and that's a bit tiring, so having an actual way of posting, would be better. As for expereicnes and particular this type that can get you banned from popular company ran thingies, I can't say. Hehe. I tend not to like them, mine or others, I cringe when I see a movie, what can I say? ıut good luck with writing! :) ;)
@tardis Ah! I used to work on a ClassicPress hosted on someone elses server but what I like about static site generators is, if I want to edit a post, for example, I just opened up a text file, edit the Markdown that’s there, then update the site and it all happens offline and in spaces that I control, which is nice!
Can WCAG be applied to mobile? Well, sort of… it maps quite well, as long as you carefully assess how each criterion works in the mobile context.
That's what the W3C's Mobile Accessibility Task Force has done, with a group of experts. We've just published our first public working draft of WCAG2Mobile: w3.org/TR/wcag2mobile/
This document describes how Web Content Accessibility Guidelines (WCAG) 2.2 [WCAG22] principles, guidelines, and success criteria can be applied to mobile applications, including native mobile apps, mobile web apps and hybrid apps using web component…
Changelog
Security
Update dependencies
Check scheme on account, profile, and media URLs (GHSA-x2rc-v5wx-g3m5)
Added
Add warning for REDIS_NAMESPACE deprecation at startup (#34581 by @ClearlyClai...
Goodbye my sweet Peter. You had too much love for this world and people didn’t understand you. You gave me the best 10 years of my life, you thought me many things, and you saved me with your love. I will never forget you. I miss you like the sun. Until we meet again…
No-as-a-Service (NaaS) is a simple API that returns a random rejection reason. Use it when you need a realistic excuse, a fun “no,” or want to simulate being turned down in style. - hotheadhacker/n...
How did I vote in the federal election on the weekend? The simple answer? I didn't. Why? Because blind people in Australia still can't vote without a middle man. someone between us and our ballots, filling them in for us.
🗳️ Blind and vision impaired Australians still can’t vote independently — and that’s not just unfair, it’s undemocratic. We deserve to vote privately, safely, and with dignity. It’s time for real, accessible options — braille ballots, secure phone voting, equal rights. ✍️ I started a petition to demand change. Please sign it. Share it. Help us be heard. 👇 change.org/p/let-us-vote-indep…
"in a world where everyone is striving to reduce their energy footprint, sticking to a library that operates at only a quarter of its predecessor's efficiency, and six to nine times slower than the competition, contradicts global sustainability efforts"
It's difficult to show all the degradations in a reproducible single-threaded benchmark, so I never updated that ticket. But in a multithreaded workload, their heavy reliance on malloc and all the locking it requires interacts badly with every other need for synchronization in a process.
Now that OpenSSL 3.0 has made most structures opaque and required a _new() function to construct them, a lot of code that used to have no malloc dependencies is now quite malloc heavy. This effect ...
TBF, a big part of the article is a deep dive into the finding of where the performance hit lives, which I happily skipped over. That cut the reading time in two. Talk about performance :)
while I understand the reasoning, the position that modern libraries should support tls 1.0 doesn’t sit right with me. Especially with no caveats about limited use cases.
Not performance but security related; here's a CVE from 2019 that remains unfixed. OpenSSL finally acked it in 2024 as "feature request", with no plans to fix: github.com/openssl/openssl/iss… It affects Windows. Forks fixed it throughout the years.
This is a long time problem, and opening a new Issue to give it some visibility and place to discuss. OpenSSL loads its config (openssl.cnf) from a disk location baked into the binary at build time...
On Wednesday, May 28th at 19:30, Dr. Richard Stallman will deliver a keynote on Free/Libre Software and Freedom in the Digital Society at Libre Graphics Meeting.
See the details in the linked announcement regarding admission to the talk.
I also included a personal note on the decision, as I received mixed feedback.
October 14th, 2024 Richard Stallman (aka “RMS”) is the founder of GNU and the Free Software Foundation and present-day voting member of the Free Software Foundation (FSF) board of directors and “Chief GNUisance” of the GNU project.
So; when you come into a conversation, and this is your framing. You've already pre-decided the outcome and are working backwards to justify it.
I condemn in the strongest the invitation to, and elevation of, someone known to be a danger at physical events, who is unrepentant and who rejected every effort to be helped to find a way back.
Can you explain to me where stallmansupport.org is so wrong. Is it completely wrong or just partially? And vice versa, is the “report” completely right?
I also had the impression the “report” was written in a manipulative language and publishing it anonymously doesn’t support it either.
I’d be interested in a discussion that is not so emotionally loaded, and I’m open to arguments. I see and get to feel that you are upset.
This website refutes many of the accusations against Richard Stallman. It's the result of careful research from a rational and objective standpoint. It shows the truth, backed by the testimony of conscientious and thoughtful people.
@graphicore @halla @celesteh @federicomena @doctormo More practically and usefully: Why put yourself in the situation of “picking a side” on a clearly controversial issue, where multiple orgs have seen enough to officially cut ties, when there are surely many other people who could enjoy a spotlight and benefit the actual topic - without the risk? Why choose to do this? Pragmatically, does the move make sense?
standing up to bullies and against the injustice they promote through violence nearly always makes sense. that they choose violence to force others to join their character assassination campaigns is already a red flag that you don't wish to be on their side. that they demand swift submission, to deny people a chance to look into the facts, is more evidence that their violent tactics are not means to promote justice. now, of course, being a victim of their violence says nothing about you or anything who stood on their path is innocent; only looking into the facts can accomplish that. which is why they have to stop you so forcefully from seeking facts, isolating their victim and anyone else who defies their violence. it's really ugly, and it takes courage to stand up to them. but for anyone who cares about justice and against censorship and violence, standing up to them is the only move that makes any sense
(there are also plenty people tied up in false beliefs about the victims, induced by violence; whether they're mere victims of falsehoods or accomplices to the campaign of violence hinges on how they respond when called out for the violence they're participating in)
One boost = one tidbit about a classic woman science fiction writer who *isn't* Mary Shelley, Ursula K. Le Guin, Octavia Butler, or James Tiptree Jr. (great as they are!)
This is a repository of apps to be used with your F-Droid client. Applications in this repository are official binaries built by the original application developers, taken from their resp. repositories (mostly Github, GitLab, Codeberg).
#Meta couldn't respect our privacy even if it wanted: The politicians will start crying that it needs to spy on us in the name of safety, if we complain they make up bizarre stories about threats to children caused by the internet till they get their way. Corrupt corporations are a huge issue but secondary, the primary problem it all stems from is government and authority being out of control.
#Meta couldn't respect our privacy even if it wanted: The government will start crying that it needs to spy on us in the name of safety, if we complain they make up bizarre stories about threats to children caused by the internet till they get their way. Corrupt corporations are a huge issue but secondary, the primary problem it all stems from is politicians and authority being out of control.
As a reminder, our webinar starts tonight (Tuesday) at 7:00 PM Eastern time. We'll have demos of some of the new features in the May 2025 BT Speak update and you'll also have an opportunity to ask questions to the Blazie Technologies team. us02web.zoom.us/j/81366824333?…
So I was browsing the Internet today, and so I found some weird script someone made for Linux which takes a screenshot and describes it with Gemini. As usual, read the script before running it and all that, I obviously wasn't the one who created it because I don't code, so I cannot answer any questions about it or make new features or anything like that. But yeah I mean it's also AI, so don't use it, and Linux will obviously be filled with slop because of this awful person who added A11yAI to Linux, but yeah here it is:
For some reason, the address displayed at my Firefox address bar contained "&dl=1" instead of only &dl=1 at the end. Copying and pasting the URL directly from your post worked.
On Wayland for screenshots, you seem to be out of luck on Gnome, as the tools which the ImageGrab PIL library tries either are X11 only, or require some Wayland protocols which do not exist in the Mutter's supported ones. But it would in Kde, it seems.
Yeah. I am using Gnome, mainly so I actually like some of its features (e.g. the quick system settings), and I can much more easily find out what's annoying me most, so it needs a fix.
In this post, I share some important insights from examining the accessibility of CSS-only carousels that use new features introduced in the #CSS Overflow Module Level 5 spec.
To help those readers who might be planning conference trips or vacations in Europe I thought I’d share this helpful map (which I found here) that was generated by one of those famously accur…
@ebassi oh yeah, tomorrow I will post how people can start setting their libravatar/gravatar images, so that people can move on from their hackergotchis on their own. End of an era tho. :)
Apple App Store users can only sign in on the built-in server list, Apple won't allow manually adding servers
Google Play users can manually add unlisted servers
F-Droid users get a *much* wider server list and can add servers manually
abadidea
in reply to abadidea • • •abadidea
in reply to abadidea • • •