Is One Enough? Screen Reader Use Among Employed People: a Peer-Reviewed Publication From The National Research and Training Center on Blindness and Low Vision
Hamilton's cybersecurity insurer isn't paying out, because Hamilton didn't satisfy the basic security requirements in the policy they purchased. $18.3M and counting. Ouch!
Devin’s headlamp cut through the darkness. At the base of the pine trees lining the narrow green strip beside Notre Dame East Boulevard, he was bent, writing on the white backside of a plastic sheet.
Using #GNOME Builder again after Zed added mecha-hitler integration, currently rebuilding my website, and finding Builder very pleasant to use after customizing some stuff, and ofc adding #Vim keybinds in. Honestly nice having a GUI to configure stuff, and it being native to my GNOME system!
An hour after I posted my piece about Meta’s Super Intelligence memo, a friend pinged me and pointed out that once again, Mark Zuckerberg has subsumed someone’s idea and phrase and…
🇺🇸 It's been exactly one year since we went live with our Reproducible Builds publicly. Almost exactly at their first anniversary, we passed the mark of 50% apps covered by them.
But more has happened since: we've improved on the RBs, published the framework. You've asked for Download Statistics? Today we make those public. And more – plus more to come. As usual, we announce what it's ready – no fabulous promises, just facts. So read the full update here:
Half a year has passed since our last blog post. You might be curious what we achieved since then – and we have not been idle! Be prepared for more reproducible builds, download statistics, and other nice things 😃
🇩🇪 Es ist genau ein Jahr her, seit unsere reproduzierbaren Builds öffentlich live gingen. Fast genau zum ersten Jahrestag konnten wir mehr als 50% unserer Apps bestätigen.
Doch es ist noch mehr passiert: Wir haben die RBs verbessert und das Framework veröffentlicht. Ihr fragt nach Download-Statistiken? Die gehen heute live. Und mehr. Und mehr wird kommen. Wie immer sagen wir nur, was fertig ist – keine (leeren) Versprechungen. Hier das vollständige Update:
Ein halbes Jahr ist seit unserem letzten Blog-Post vergangen. Ihr fragt Euch vielleicht, was hier seitdem geschehen ist – und wir haben nicht auf der „faulen Haut“ gelegen! Freut Euch über mehr Reproducible Builds, Download-Statistiken und weitere sc…
And as our Download Stats only give numbers for, uh, Downloads, here's a sneak peek at our web server stats overall load 😉 Stats for today are not yet in, hence the drop at the end (snapshot is from around half past midnight this morning). @SylvieLorxu
"i just got a google pixel phone and your name and email is on the phone, it says you helped to make it. i wanted to say thank you for xmaking this amazing phone. i love using it."
LibreOffice 25.8 will be released as final on August, 20, 2025 (check the Release Plan). LibreOffice 25.8 Release Candidate 2 (RC2) brings us closer to the final version, which will be preceded by Release Candidate 3 (RC3).
Waitress: any decisions on dessert? Me: how big is the tiramisu (Waitress gestures with her hands about six inch square) Me: oh! That's too much. I can't possib- Waitress: No. It's not too much. There's no such thing as too much tiramisu.
Reader: it was too much. But definitely a light-hearted moment that made my day.
Tohle auto je Pepovo*. Pepovi nebylo příliš naděleno do hlavy, proto klidně nechá auto tam, kde mu od pazoury odpadne. Že auto překáží nebo že je to v rozporu se zákonem, Pepu netrápí. Nebuď jako Pepa.
*Pojmenování "Pepa" je zástupné, skutečné jméno řidiče neznám.
já zas kvůli nějakýmu Pepovi na chodníku musel s kočárem po silnici. Už mě nebaví ta bezohlednost už. Fakt by ty cajti měli někdy vytáhnut paty a projít se po sídlišti.
@stepan "Nejlepší" jsou takoví, co na příčné parkování určené pro běžná auta postaví dlouhou dodávku. Na chodníku se chodec s bídou protáhne (kočárek ani vozík neprojede), zatímco druhý konec dodávky vyčnívá do jízdního pruhu. Ale jinak samozřejmě vytváření nových parkovacích míst přímo na chodníku je taky lahůdka.
How to Leave Substack. “Unfortunately, Substack willingly platforms, and allows bad actors to monetize, hate speech and misinformation. You should probably leave Substack.” leavesubstack.com/
The current air quality index for #Minneapolis, #Chicago, almost all of #Minnesota, #Wisconsin and much of #Iowa, #Illinois and #Michigan is currently hovering around 175-200, unhealthy for everyone. Protect yr lungs and wear a mask out there fam!
(map as of 1pm central time July 31 on airnow.gov)
This is bad, on its face, but there is also zero chance it won't be abused to block other content that whatever TPTB deem undesirable. #torrent #privacy #indieweb
Congratulations. Any plans to start working on an ARM64-based sled? Or is x86-64 still so entrenched that only systems nerds care at all about being free of that legacy? (I was just reading an article about how x86-64 VMs still boot into 16-bit real mode.)
I guess another factor is whether any ARM64 chips with competitive performance are available for a company like Oxide to integrate, or whether Apple and the hyperscalers are in a league of their own here.
Also, truly a gem in my collection of Ancient Paper Artifacts—I just scanned and uploaded the AOL guide for "Information Providers." This document was heavily NDA-ed back when AOL existed. archive.org/details/america-on…
America Online is an interactive, online service that offers a rich variety of information and communication services in an engaging, easy-to-use format....
Here's what AOL had to say about "Netiquette" in July 1994.
"Online, no one can hear your voice. What you would have said hesitantly, or ironically, or with a shrug, appears online as words alone, usually with more force than you intend."
Drum roll please... my two projects for the RevenueCat #Shipaton will be Bouquino and Accessibility Testers 🎉
🐐 Bouquino is an app that makes reading in your second language a breeze! 🧪 Accessibility Testers is an app for hiring real users of assistive tech to test your app for accessibility.
What's the problem? The Online Safety Act has been a disaster. Rather than protect children, millions of adults are facing widespread censorship, and teenagers are having their freedom of expression restricted.
**Audit every libcurl POST in your stack. Treat `CURLOPT_POSTFIELDS` like explosives.** Either switch to `CURLOPT_COPYPOSTFIELDS` or prove your pointer lives forever. No exceptions.
@joshix @silvermoon82 Maybe HackerOne, as a CNA, just automatically assigns a CVE number to every damn bug that reaches the 'disclosed' state. I dunno how H1 works - I've never had the desire to do bug hunting for free in my off time, since I do it basically full-time as a salaried position. Based on the comments on the link you provided, this seems most likely to me.
Alternatively, sometimes it's less effort to just say "sure kid" than to spend the time to explain to someone how being able to move a read cursor past the end of a buffer can't actually help an attacker if the attacker can never retrieve the read contents.
I've had 45-minute conversations trying to explain similar things to someone on my team... "Yes, it's a bug. No, it's not a vulnerability." It's exhausting every time I do it, and I only ever have 1 or 2 engineers who need that level of attention and mentoring. Imagine being the maintainer for a popular open source project and having 100s of reports coming in. Having to spend 45 minutes convincing some kid that the shiny new bug they found isn't a CVE would just DoS the entire project.
Sometimes the path of least resistance wins, no matter how wrong it is.
@joshix @silvermoon82 That last one looks like it has no impact - you can read past the end of the buffer, but the attacker never gets the contents of the read data, so it really doesn't help them at all. Sure, it's a bug in the software, but I fail to see how that's CVE-worthy.
A vulnerability needs to have an impact - something that gains an attacker either additional information, or additional access. Anything else is just doing what they can already do, but with extra steps.
# libcurl heap-buffer-overflow: API contract vs. memory safety — you decide.
An easily reproducible heap buffer overflow exists in libcurl’s `curl_slist_append()` function, triggered by passing a...
![A square graphic with a figure and text. The figure is a cute, small shark in pink lurking behind a wall of stones. Below the figure, the text shows in huge letters "< polycule > and in smaller font size "- a geeky and efficient [matrix] client". The background is deep black.](https://fedi.ml/photo/preview/640/691008 "A square graphic with a figure and text. The figure is a cute, small shark in pink lurking behind a wall of stones. Below the figure, the text shows in huge letters \"< polycule > and in smaller font size \"- a geeky and efficient [matrix] client\". The background is deep black.")
feld
in reply to Brad • • •