mastodon - Link to source
IMPORTANT: We're pre-disclosing two high severity CVEs in Matrix's federation protocol, which will require a coordinated upgrade on July 22nd of all servers running in untrusted federations. Client developers may need to make minor changes too. Please see matrix.org/blog/2025/07/securi…

Pre-disclosure: Upcoming coordinated security fix for all Matrix server implementations

Matrix, the open protocol for secure decentralised communications
Matthew Hodgson (matrix.org)

mastodon - Link to source

Hyrum's Law: With a sufficient number of users of an API, it does not matter what you promise in the contract; all observable behaviors of your system will be depended on by somebody.

This means:
- Users depend on bugs
- Implementation details suddenly are the spec
- Breaking changes are always breaking for someone
- Documentation is a suggestion of intent rather than reality

Also, relevant XKCD: xkcd.com/1172/

Workflow

xkcd

mastodon - Link to source

Wednesday, time to switch coffee places for diversity's sake.

lokjo.com -> just type 'coffee' and select 'coffee break' and it'll show you all places, at once, except corporations, or advertising, or 'suggestions', and without taking your data, or anything.

It just shows you all coffee places, like a fair map should do. 😊

edit: explained a bit more clear

#lokjo #fair #coffee #positivenews #EU


Lokjo.com - Your worldwide local map

lokjo.com
#EU #coffee #positivenews #lokjo #fair
This entry was edited (6 months ago)
in reply to Trezzer (aka Helvedeshunden)

mastodon - Link to source

Lokjo - a European online map

Ah yes, low amount of places happens sometimeswith OSM, it might be a reason for some people to help out, if they have time of course.

They are sorted byplaces who are noted as coffee-places or those who noted down they serve coffee, like some bakeries, newspaper stands etc.

If you know some places you can add them through @MapComplete or through osm.org.

@MapComplete
This entry was edited (6 months ago)

mastodon - Link to source

We’re proud to support @HowTheyVoteEU with our open source donation for their important work: making EU politics more transparent for everyone.

🔎💌 Open source + transparency = a perfect match!

👉 Learn more about this inspiring project & our support for open source: tuta.com/blog/open-source-spot…

#opensource #EU #Democracy #Privacy #Email #FOSS #Tuta

Image of Tuta Mail interface with the Tuta Mail app icon next to the HowTheyVoteEu website and logo.

HowTheyVote.eu is bringing transparency to EU politics | Tuta

Open Source Spotlight: With its focus on open source, HowTheyVote.eu chose Tuta Mail to set up a professional mailbox. Let’s check what they do and why they need Tuta!
Tuta
#foss #email #opensource #privacy #EU #democracy #tuta @HowTheyVote.eu

mastodon - Link to source
All American trains have a vulnerability where a hacker can remotely trigger the brakes over radio frequency. A single researcher has been warning about this for 13 years and the government has FINALLY acknowledged it’s real and is making train companies fix it: 404media.co/hackers-can-remote…

Hackers Can Remotely Trigger the Brakes on American Trains and the Problem Has Been Ignored for Years

“All of the knowledge to generate the exploit already exists on the internet. AI could even build it for you,” the researcher told 404 Media.
Matthew Gault (404 Media)

mastodon - Link to source

Via Rail proudly announce an upgrade to the awful, awful Halifax - Montreal line.

They are going to modernise it by using carriages built in 1954.

1954.
When I lived in the UK, there was a heritage steam train line with carriages newer than that.

Mind you, the village of Corfe Castle (pop 1,355) has more rail passengers in Nov and Dec each year than Halifax (pop 530,167) has in a year. #CanadaFail
cbc.ca/news/canada/nova-scotia…

#canadafail

mastodon - Link to source

Donner votre avis pour faire progresser l’accessibilité numérique, ça vous tente ? 💬

Si vous êtes en situation de handicap, rejoignez notre panel de testeurs et testeuses !

En quoi ça consiste ? Vous allez sur un site web, vous naviguez dessus, vous nous dites ce que vous avez pensé.

Lors d'un échange individuel ou d'un atelier collectif, selon vos envies et disponibilités.

Vous recevez un bon d'achat d’au moins 20 € pour chaque activité réalisée.

a42.fr/volontaire

#a11y #handicap

Partagez votre expérience et recevez un bon d’achat d’au moins 20 € en participant à nos tests d’accessibilité ! Access42.

Partagez votre expérience en participant à nos tests d'accessibilité

a42.fr
#a11y #handicap

mastodon - Link to source

Valve gets pressured by payment processors with a new rule for game devs and various adult games removed gamingonlinux.com/2025/07/valv…

#Steam #Valve #Gaming #PCGaming


Valve gets pressured by payment processors with a new rule for game devs and various adult games removed

Valve have added a new rule to the Onboarding guide for game developers, noting that payment processors get a say in what stays on Steam.
Liam Dawe (GamingOnLinux)
#gaming #steam #valve #pcgaming

mastodon - Link to source

NVDA 2025.2 Beta 3 is now available for testing: nvaccess.org/post/nvda-2025-2b…

Changes introduced in Beta 3:
- Added a WASAPI toggle to SAPI5.
- Added a confirmation dialog to update root certificates when downloading add-ons.
- When using NVDA Remote Access, speech from User Account Control screens on the remote computer now works reliably.
- Updates to translations.

#NVDA #NVDAsr #Beta #PreRelease #News #Update #Software #FLOSS #FOSS

NV Access | NVDA 2025.2beta3 available for testing

www.nvaccess.org
#foss #floss #software #nvdasr #News #update #nvda #beta #prerelease

Tamas G reshared this.

mastodon - Link to source
"I post silly messages on Mastodon and I chat with friends on IRC." The life of a free software developer. daniel.haxx.se/blog/2025/07/13…

How I do it

A while ago I received an email with this question. I've been subscribed to your weekly newsletter for a while now, receiving your weekly updates every Friday. I'm writing because I admire your consistency, focus, and perseverance.
daniel.haxx.se

mastodon - Link to source

Seit gestern ist der TI-Messenger auch für Versicherte (zumindest bei manchen Krankenkassen) verfügbar

zm-online.de/news/detail/ti-me…

An sich ist das ein etabliertes Protokoll (Matrix), dass zur Kommunikation genutzt wird.

Bemerkenswert ist die Koppelung mit der ePA-App.

Müsste das so sein? Nein.

#TI #TIM #ePA


TI-Messenger: Neuer und sicherer Chat im Gesundheitswesen

Mit der Funktion sollen Patienten sicher mit ihrer Arztpraxis chatten können
Zahnärztliche Mitteilungen
#epa #tim #ti

mastodon - Link to source
About 20 years ago, I saw an excellent rock. It was unusual, so I took a photo. But I couldn’t find the photo shortly afterwards and thought I’d deleted it by mistake. I was sad. I kept describing the rock to people, but they were strangely uninterested. I am clearing out my photo archive and I just found it. I am happy. I missed this rock. I thought of it often. I can show my rock to people now, whether they want to see it or not. You included.
Short version: a rock that is half black and half white. Fuller description: Looking down at a rock not the size of a large boulder. A rock about the size of, say, a rugby ball. It is dark wet with rain, lying on a winter beach in Skagen, Denmark. Small stones in lighter greens and beiges are nestled around it at one edge. Larger uninteresting rocks in dull blacks and greys are on either side. The excellent rock looks like two rocks fused together. The left half is jet black and has a rippling texture that reminds me of the crisp packets we shrank in the oven to amuse ourselves as kids. The right half is bright white with patches of grey and very smooth. The join between the two halves is invisibly smooth. The rock looks alien to me. Obviously, I didn’t touch it. I assume there were faeries or trolls nearby.
in reply to daniel:// stenberg://

mastodon - Link to source

DrRac27

I wonder if you could just write some easy test a real security researcher could easily pass but where those AIs fail. And in each report you send it to them privately and ask for the solution until you even read it. Something where variable names and comments are missleading maybe to confuse the AI?
```
// explain why this is vulnerable
void vulnerable() {strncpy()};
// why is this ok
void save() {strcpy()};
```
something like that?

mastodon - Link to source
So AI-based, offline image descriptions are coming to NVDA. Apparently no follow-up questions or longer descriptions for now. The descriptions or captions are also initially in English.
github.com/nvaccess/nvda/pull/…
@NVAccess
#Accessibility #NVDA

Support image descriptions using local AI model by tianzeshi-study · Pull Request #18475 · nvaccess/nvda

…g and triggering via keyboard shortcut Link to issue number: Resolves #16281 Summary of the issue: NVDA currently lacks a built‑in, offline image captioning feature. Existing solutions require a ...
GitHub
#Accessibility #nvda @NV Access

mastodon - Link to source
@leo You could consider addressing the "AI slop avalanche" in a future Intelligent Machines episode. It is of course a much bigger problem than "just" for curl and me, but I wrote about it here: daniel.haxx.se/blog/2025/07/14…

Death by a thousand slops

I have previously blogged about the relatively new trend of AI slop in vulnerability reports submitted to curl and how it hurts and exhausts us. This trend does not seem to slow down.
daniel.haxx.se
@Chief TWiT

mastodon - Link to source

EU age verifier app was released today on github, saying it'll include remote attestation

Is it just me who finds this terrifying?

No more open operating systems for your phone if you want to be able to use it for age verification. For now, it sounds like this will be for porn, but social media (hello Mastodon) recently got a "recommendation" from our government to not be allowed below a certain age

Will we need a Google or Apple attested device to get around on the internet in a few years?

Screenshot of webpage (https://github.com/eu-digital-identity-wallet/av-app-android-wallet-ui) showing the following text: Important: App hardening (such as code obfuscation, anti-tampering, anti-debugging, and other protections) is not included in this release. The application is not protected against reverse engineering or other attacks. Production deployments must implement appropriate app hardening measures. The current release provides only basic functionality, with several key features to be introduced in future versions, including: App and device verification based on Google Play Integrity API and Apple App Attestation
This entry was edited (6 months ago)

reshared this

in reply to Luc

mastodon - Link to source

Sylvia

That's terrifying but also... annoyingly stupid? The Netherlands released such an app without Play Integrity years ago called Yivi (formerly IRMA).

Regardless of thoughts on the verification, we have an existing government app showing that Google Play Integrity integration is not needed.

Wrote a tiny bit about that here: github.com/eu-digital-identity…

Do not add Google Play Integrity integration

In the README, the following is listed: App and device verification based on Google Play Integrity API and Apple App Attestation I would like to strongly urge to abandon this plan. Requiring a depe...
TheLastProject (GitHub)
This entry was edited (6 months ago)
in reply to Peter Saathoff-Harshfield

mastodon - Link to source

Peter Saathoff-Harshfield

Unfortunately our train hit a truck at a grade crossing this morning.
We’re fine, just delayed, but the truck driver is not.

denver7.com/news/local-news/at…


At least 1 injured after Amtrak train collides with big rig in Gilpin County

At least one person was injured after an Amtrak passenger train collided with a semi at a railroad crossing in Gilpin County Monday.
Robert Garrison (Denver 7 Colorado News (KMGH))

mastodon - Link to source

This sounds like an impressive project. Running a million-board chess MMO in a single process eieio.games/blog/a-million-rea…

The post says this game is running on a single $80/month DigitalOcean VM. I bet it could run on a Raspberry Pi or similar single-board computer. If I'm calculating correctly, the full game board takes about half a GB of RAM.


Running a million-board chess MMO in a single process · eieio.games

How one million chessboards works
eieio.games

mastodon - Link to source

Join @manuq and @cassidy this Thursday at 1800 UTC (11 AM PDT) as we share a bit behind the scenes of Threadbare, our collaboratively-built open source game made in Godot Engine!

It's currently pre-alpha, but Threadbare is a story-driven game where players don’t just explore a world—they co-create it.

youtube.com/live/zlxXSgPMOYc

We hope to see you there!

#godot #GodotEngine #OpenSource #gameDev


Live: Intro to Threadbare for Contributors

Join Manuel and Cassidy as they share a bit behind the scenes of Threadbare, a collaboratively-built open source game made in Godot Engine. It's currently pr...
YouTube
#opensource #gamedev #godotengine #godot @Manuel Quiñones @Cassidy James

mastodon - Link to source

From the Disability Visibility Project:

"Immigrant Rights Are Disability Rights"

disabilityvisibilityproject.co…

"… a true commitment to justice for disabled people must recognize that many undocumented immigrants are themselves disabled and deserving of basic rights, not total erasure from the disability rights discourse."

#USPol #Disability #DisabilityRights #Ableism #Immigration #HumanRights


Immigrant Rights Are Disability Rights

 Immigrant Rights Are Disability Rights Joe Stramondo   In 2019, a White disability rights leader with a national reputation, Bruce Darling, had a spectacular fall from grace because of commen…
Disability Visibility Project
#HumanRights #uspol #Disability #disabilityrights #ableism #immigration

mastodon - Link to source

PureOS Crimson Milestone Nears Completion

The PureOS team has made major progress toward delivering ready-to-flash Crimson images for the Librem 5.

May’s work focused on resolving core bootstrapping issues that prevented automatic image builds—particularly for arm64 builds from amd64 hosts.

Learn more at Purism: puri.sm/posts/pureos-crimson-d…

PureOS Crimson Development Report: May 2025 – Purism

Purism makes premium phones, laptops, mini PCs and servers running free software on PureOS. Purism products respect people's privacy and freedom while protecting their security.
Purism SPC

mastodon - Link to source

Just got the following email from Orbit Research regarding the Orbit Player:

Hello List Members,

We are excited to announce that the Orbit Player will begin shipping on Monday, July 21, 2025!

Orders are now open and we encourage you to place yours early to ensure timely delivery from our initial batches.

Please note that initial production batches are limited and expected to sell out quickly. Therefore, we recommend placing your order as soon as possible.
Shipments will be fulfilled in the order they are received, with priority given to customers on the pre-order list.

You can place your order online here:
orbitresearch.com/product/orbi…

Or call us at 888-606-7248 to order by phone.

Thank you again for your continued support!

Best Regards,

Customer Care Team
Orbit Research


Orbit Player - Global Version

The Orbit Media Player is a versatile, user-friendly device designed to enhance accessibility for blind and visually impaired individuals. It features a compact, lightweight design with tactile buttons for easy navigation.
Orbit Research

mastodon - Link to source

Well, Sameer finally got what he wanted: the end of an actually fast, actually secure counterpoint to Android.

CrOS can't make Android look like shit if CrOS also sucks:

theverge.com/news/706558/googl…


Google exec: ‘We’re going to be combining ChromeOS and Android’

A merger of Android and ChromeOS has been rumored for months, desired for a decade, and now Android head Sameer Samat says it’s on the way.
Dominic Preston (The Verge)

mastodon - Link to source

#AndroidAppRain at apt.izzysoft.de/fdroid today with 20 updated and 1 added apps:

* DHBW Horb Student App: study life app for students at DHBW Stuttgart Campus Horb 🛡️

And it seems we make a spot landing at the 1st anniversary of our public RB GoLive on August 1st. Current RB status: 648 apps (49.8%) – just 0.2% missing for the 50% mark! 🥳

Enjoy your #free #Android #apps with the #IzzyOnDroid repo :awesome:


IzzyOnDroid F-Droid Repository

This is a repository of apps to be used with your F-Droid client. Applications in this repository are official binaries built by the original application developers, taken from their resp. repositories (mostly Github, GitLab, Codeberg).
IzzyOnDroid App Repo
#android #free #apps #AndroidAppRain #izzyondroid

hometown - Link to source

Shared for absolutely no reason at all.

"Ottawa rushes to build its own AI translator as government use of free tools soars

Demand for official translation services is falling despite a rise in content creation. As public servants turn to free online tools, the government is racing to build its own AI translator.

If PSPC Translate works for staff in the department of about 19,000 people, the tool will be used more widely. It’s the first “lighthouse project” under the federal government’s artificial intelligence strategy, meant to help the public service learn how to build and implement new AI tools and create something that can be scaled across government."

thelogic.co/news/exclusive/ott…


Ottawa rushes to build its own AI translator as government use of free tools soars - The Logic

Murad Hemmadi (The Logic Inc.)