I've discovered a Time-of-Check to Time-of-Use (TOCTOU) vulnerability in how `libcurl` handles persistent HTTP/2 connections. During the initial handshake, `libcurl` correctly validates the...
Hi Daniel, thank you for your thorough investigation. You have a good point that this looks like slop. I assure you no LLM had been used for creating that report. Best regards Simen.
I really admire your patience, after the first two replies the user would be labelled as "ignore, report as spam". These users do not understand what they're doing is a waste of money (in this case, other people's money, not theirs).
TalkBack, a part of the Android accessibility suite, is the screen reader developed by Google and comes pre-installed on most Android phones and tablets.
For a while now I have been looking for an easy-to-use solution to track the time I spent on various tasks at my wor. My colleague has recommended Toggl, a tool to do just that in the browser. I have tried it and neither the website nor the Windows app were accessible. Thanks to somebody boosting it, I have discovered Timery for Toggl by @joehribar , a third-party client for the Toggl service. It is easy, definitely accessible and powerful with shortcuts and widgets. It's customizable to the point where i now use the VoiceOver gesture of two-finger swipe left to start a new time entry (an instance of time running), as opposed to a timer which is a predefined time counting config that creates its own time entries once launched (this I start with a two-finger swipe to the right, pick a timer from the list and go). The new time entry only requires a name and starts immediately. I can assign it to a project later. The quadruple tap with one finger resumes the recent timer and a single tap on both sides of the screen (actually the half of the gesture to enable Braille Screen Input), stops any running tracking (I'll have to change that actually as it gets triggered everytime I really try to activate BSI). The subscription is definitely worth it! I don't have to even open the app most of the time and tracking has become much easier. Thank you! apps.apple.com/pl/app/timery-f… #Accessibility #Blind #iOS
Enhance your Toggl time-tracking experience with Timery! Start your most-used timers with one click. Edit your time entries easily. See reports of your time tracked.
@zersiax This is developed by an indie developer who, as far as I can tell, specializes in the Apple ecosystem so no Windows, unless there's something I don't know.
The number one reason for (at least) weekly changes to my site is to update the AI crawler/siphon blockers ... it never stops : there are 97 of them right now 😤
"carbon capture project." <- and they are getting scammed on this. The only carbon capture is by keeping that shit in the ground. In solid or liquid form.
seems like the next five have more to do with actually good things, but I have a bad feeling anything good is going to perpetually be locked behind "once we complete all these O&G and resource extraction projects for private companies we'll have a look at it".
The HSR on the Windsor-Québec corridor at least hasn't been cancelled (as far as I know), but expediting that would have been a positive sign.
I wish I could have chosen multiple options. Option 3 is under serious threat as well, as more and more device manufacturers refuse to unlock the bootloader for alternative OS installation. I'm tired of the fact that a manufacturer can decide that the fully functional computer in my pocket is now obsolete just because they can't be bothered to support it anymore. This is making me seriously consider life without a smartphone. Maybe I should give Fairphone a go before I do that...
Mudita Kompakt is a minimalist phone designed for mindful living. Featuring an E Ink screen, long battery life, and distraction-free tools, this E Ink phone helps you stay focused and unplug with ease.
PWAs can mitigate the problem, but they don’t completely solve it. They’re a halfway house: more open than app stores, less powerful than true side-loading? I don't know:)
It seems that this might be the push that Linux and other OS options needed to de-Android. The fact is that Android has been under serious threat for over a decade. Remember the Oracle legal attacks to try and take it back over Java? Whereas devs were devalued with open source alternatives, now maybe they will flourish? Let's hope.
I'm also using Graphene. But in the future, if Google decides to cancel AOSP, I buy the last gen of Pixels that support custom OS and keep it. Phones arent getting better anyways, only that stupid AI shit nobody wants.
Another option. I use Lineage for now, but I think it affects me anyway as when less people use APKs or F-droid less developers are going to publish less apps outside Google Play Store. So I hope you will continue providing Tuta mail/callendar on F-Droid and also support any possible Linux on mobile project with Tuta apps just in case Google also kills AOSP forks one day.
the best option is that some open source community need to start manufacturing phone with lineage os or any other open source os to fcuk Google... I'm using my phone without any Google apps😎.. Even I replaced my phone reinstalled apps like dialer msg contacts camera file manager.. Everything... Fcuk goo(shit)gle 😁
yes, 1, 2, and 3. All of the above. I use GrapheneOS, so I plan to continue installing whatever apps I want to. And both Google and Apple can go fuck themselves.
i would not yet feel that issue because microG would never implement such anti-features, and if google puts that into aosp then would i need to worry tbh, but i already am switching over to #plasmaMobile6 on #PostmarketOS and with it away from the bloat of android but i am stuck on 2 apps that need AVB so no waydroid and for them do i use a seperate phone running #IodeOS. i hope that this pushes the devs of android roms to maybe switch and contribute to #mobilelinux for more freedom.
@Tutanota Gmail blocked my message from Tuta to a friend on the ground of "reducing spam". This is the message "host gmail-smtp-in.l.google.com[74.125.71.27] said: 550-5.7.1 [185.205.69.213 12] Gmail has detected that this message is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail, 550-5.7.1 this message has been blocked. For more information, go to 550 5.7.1 support.google.com/mail/?p=Uns… 5b1f17b1804b1-45df817e1fdsi13055195e9.31 - gsmtp (in reply to end of DATA command)"
I really don't think Carney knows what the words "nation building" means. "Nation building" is making big ambitious investments that make people proud of being part of the nation and unite the nation.
Public healthcare was a nation building project. The railroad was a nation building project. The Canadarm did some nation building. Weed could have been if Trudeau didn't fuck it up and put the provinces in charge. Dental care could have been if it wasn't just Obamacare for teeth.
Examples of nation building projects would be: - High speed rail - Free universal child care - Massive investment in public transit across all cities (not PPP) - A UBI - A nationalized ISP with a mandate to provide high speed internet to all
No one is going to be like "I am so fucking proud we have invested in a copper mine!" or "Wooo! Upgrades to existing nuclear power plant!!" or "phase 2 of an LNG pipeline? Awesome! Phase 2, baby!!"
Those are not nation building. Those are just industry investment.
RIPE 91 is coming to Bucharest, Romania — 20–24 October 2025! 🌍
Why attend? 🟨 Technical sessions, policy discussions & tutorials 🔹 Share knowledge with experts worldwide 🟨 Connect with peers & grow the global Internet community
Since 1989, RIPE Meetings have united ISPs, operators, academics, governments, and regulators to shape the Internet together.
🇪🇺YES: Germany is not supporting the EU's #ChatControl bill as proposed! The blocking minority needed to stop this illegal mass surveillance plan seems secured (for now). ✅
Zítra jdu poprvé zkusit vzít #kolo na nějakej real-deal výlet namísto drobných popojížděk. Vůbec netušim, co mě čeká, jestli to dám a jestli to dá kolo, ale kdo se bojí, chčije v síni!
Večer přemažu #Rockrider, nabiju powerbanku, pobalim hadry a na konci mě snad bude čekat zasloužený #pivo...
...anebo smrt :D
Vyrážím dopoledne, takže když někdo v okolí týhle trasy budete mít cestu, můžem pokecat (pokud někde nezabloudim :D )
Ja teda nechci nejak spekulovat, vnaset pochybnosti, nebo nedejboze neverit, ale neni vam divny, ze na vsech fotkach tady od Schmakera stoji? Jeste jsem ho nevidel jet. Vzdycky zastavka! On to kolo normalne tlaci, na hezkem miste se vyfoti a tlaci dal. To je jasny. ;)
To bys teda měl 😁. V těch Alpách jsem žral jak bagr, bez toho bych to nejspíš nedal. A když nebylo jídlo, nebo na to nebyl čas, tak energetické gely, tyčinky apod.
REMASTERED IN HD!!Official Music Video for Because I Got High performed by Afroman.(C) 2001 Universal Records, a Division of UMG Recordings, Inc.#Afroman #Be...
Oh yes, we know your truth, and I’m a feisty bitch. The same Julie Deden who runs CCB, and regularly tells women who are sexually assaulted that “they need to not make this a big deal because it could wreck his life.” His, fucking, life? What about her life? The same Julie Deden who has been asked, multiple times, to step down and has refused? Sick bitch who should not be in such a high place of power. Julie Deden you should be ashamed to show your vile face in public let alone speak about supporting blind folks. nfb.social/@nationsblind/11518…
Attached: 1 video
Do you know our truth?
The Nation's Blind Podcast is back! Melissa and Anil are joined by Julie Deden, our 2025 Jacobus tenBroek award winner and Wesley Hillman, a Kenneth Jernigan Convention Scholarship winner, who was a first-ti…
@cublanco @tardis Sure, everyone is entitled to make a joke, and perspectives very on what others think is funny. It’s just in my line of work, I have to educate others about potential pitfalls of what they say potentially affecting their future. That’s all I was trying to do here. Have a wonderful day.
@technocounselor @cublanco @tardis I. Agree completely, if we were on facebook, twitter, and I was using my real name. Employers can easily look that up. For the record, my sense of humor is very dark and sarcastic, so not everyone will find it funny. So you’re right, I would put far less on facebook or even on a mastodon that uses my real name.
Don't be that paranoid, you are not entitled to give social media to employers, at all. So no idea why we'd even raise that up. It's not like we tag people or anything, this is fedi, if someone don't like it, there are plenty of choices. Every opinion is valid. And I don't know if any of you realise it, but people go to fedi to run off from popular social media, so there that. That was an unnecessary, if valid concern. Like I said, I am not dismissing, but we're all free to share. I created this because I don't care about the bosses of people. I do my job, you do your job, as long as that's a thing, no one really cares. Plus, let's be real, blind orgs suck, they probably have good stuff, yes, but if there are bad personnel, then the whole thing is caboom, untrustworthy, like who tf cares, even?
I should've mentioned created my account, but I got distracted. Bleh. Also, bad people deserve a little bit of torture, the slow kind, that life will give them, so whether we joke or not, life has a way of dishing it out, in the doubles sometimes.
@technocounselor @cublanco @tardis Also if an employer is doing a Google search for Kaitlyn Amira as part of a background check, they probably already know more about her than anyone should be comfortable with. Not her actual name, and how'd they find her Mastodon?
Um, masto public posts are very public. Well, you really can't google me, for example. Google here prevents me for example, to look at people's backgrounds, or anything about them. So yeah. Also, everyone does background checks, and as long as someone isn't an ass and harming people in actuality, I doubt an employer will jump on them. Masto stuff shows on Google if you know what to look for, but yeah.
🇩🇪YES! SPD-Justizministerin Hubig blockiert zurzeit deutsche Zustimmung zur grundrechtswidrigen #Chatkontrolle! 🛡️ ➡️ Damit dürfte die Sperrminorität aktuell stehen! ⚠️ ABER: Innenministerium will bis Oktober einen faulen Kompromiss. bundestag.de/presse/hib/kurzme…
Berlin: (hib/LBR) Der Digitalausschuss hat sich am Mittwochnachmittag mit dem Stand bei der unter dem Stichwort 'Chatkontrolle' bekannten CSAM-Verordnung befasst. Mit ihr soll sexualisierte...
🇪🇺YES: Germany is not supporting the EU's #ChatControl bill as proposed! The blocking minority needed to stop this illegal mass surveillance plan seems secured (for now). ✅
It was a surprise and a great honour to be called to the stage at #ELC Europe 2025 to receive a community contribution award from the hands of Tim Bird.
Thank you Tim, the program committee and all the people who have worked behind the scenes to organize ELC Europe 2025. You are too numerous to be listed individually here, but all of you deserve acknowledgment.
I've grown a bit tired of the web filling up with curl command line examples showing use of superfluous -X's. I'm putting code where my mouth is. Starting with curl 7.45.
1/3 "V pléne v stredu [Tomáš Zdechovský] hovoril, že miliardy z eurofondov miznú v projektoch, ktoré neslúžia slovenským ľuďom, ale nezodpovedným politikom a ich kamošom. „Kontrolné orgány, ktoré majú stáť na strate poctivých, sú paralyzované. Tam kde kedysi padali stovky žalôb, dnes padajú sotva dve ročne,“ dodal."
V rovnaký deň, keď bolo v Štrasburgu najviac novinárov kvôli Správe o stave únie, sa poslanci Európskeho parlamentu zaoberali zneužívaním európskych peňazí aj stavom právneho štátu na Slovensku.
2/3 "Na jeho slová reagoval nezaradený poslanec Erik Kaliňák zo Smeru, podľa ktorého sú závery misie plné lží a okrem iného obvinil českého europoslanca z politickej kampane na úkor Slovenska."
3/3 "Zdechovský Kaliňákovi povedal, že sa o ňom v Česku „pomerne často“ hovorí v bezpečnostných službách. „Vaše návštevy ruskej ambasády a utekanie zadným vchodom, či vaša spolupráca s portálom Voice of Europe, ktorý patrí k proruskej dezinformačnej scéne….ukazuje to na úpadok demokracie a kultúry pri človeku, ktorý by mal radiť premiérovi,“
Is your website missing out on one of #HTML’s easiest yet most powerful tools? The lang attribute takes just seconds to add, but it makes a massive difference for #accessibility, SEO, and how your content displays. @webi18n
In this video, @xfq, who leads @w3c's #Internationalization activity, breaks down exactly what the language attribute does and demonstrate why skipping it can have real consequences. @webi18n
by Fuqiao Xue, Senior Principal Internationalization SpecialistIs your website missing one of the simplest and most powerful HTML attributes? The lang attrib...
As it happens, we still use CVS in our operating system project (there are reasons for doing this, but migration to git would indeed make sense).
While working on our project, we occasionally have to do a full checkout of the whole codebase, which is several gigabytes. Over time, this operation has gotten very, very, very slow - I mean "2+ hours to perform a checkout" slow.
This was getting quite ridiculous. Even though it's CVS, it shouldn't crawl like this. A quick build of CVS with debug symbols and sampling the "cvs server" process with Linux perf showed something peculiar: The code was spending the majority of the time inside one function.
So what is this get_memnode() function? Turns out this is a support function from Gnulib that enables page-aligned memory allocations. (NOTE: I have no clue why CVS thinks doing page-aligned allocations is beneficial here - but here we are.)
The code in question has support for three different backend allocators: 1. mmap 2. posix_memalign 3. malloc
Sounds nice, except that both 1 and 3 use a linked list to track the allocations. The get_memnode() function is called when deallocating memory to find out the original pointer to pass to the backend deallocation function: The node search code appears as:
for (c = *p_next; c != NULL; p_next = &c->next, c = c->next) if (c->aligned_ptr == aligned_ptr) break;
The get_memnode() function is called from pagealign_free():
This is an O(n) operation. CVS must be allocating a huge number of small allocations, which will result in it spending most of the CPU time in get_memnode() trying to find the node to remove from the list.
Why should we care? This is "just CVS" after all. Well, Gnulib is used in a lot of projects, not just CVS. While pagealign_alloc() is likely not the most used functionality, it can still end up hurting performance in many places.
The obvious easy fix is to prefer the posix_memalign method over the other options (I quickly made this happen for my personal CVS build by adding tactical #undef HAVE_MMAP). Even better, the list code should be replaced with something more sensible. In fact, there is no need to store the original pointer in a list; a better solution is to allocate enough memory and store the pointer before the calculated aligned pointer. This way, the original pointer can be fetched from the negative offset of the pointer passed to pagealign_free(). This way, it will be O(1).
I tried to report this to the Gnulib project, but I have trouble reaching gnu.org services currently. I'll be sure to do that once things recover.
I can't get the Z-Wave ZWA-2 device to pass through to a bhyve VM where I'm running Home Assistant because it only allows full PCI pass through of a device or USB controller. It does get exposed as a serial device which I can sorta pass through to byhyve, but it doesn't really work.
I was able to get a console on the HASS VM and figure out which serial device was matching com2 that I was connecting into it and I could connect from the host and pass through some ascii chars back and forth, but when HASS tried to talk to the device it kept saying there were errors talking to it. Very odd. Lights were blinking on the device though confirming communication of some sort was happening. I looked at the Z-Wave-JS code and saw it was using 115200,8n,0 essentially so that's what I used... no dice.
Someone on the FreeBSD forums suggested using a virtual null modem device inbetween and then using socat to connect to the other end of the virtual null modem cable, but that didn't work either.
However, I can configure HASS to talk to zwave-js-server running in a FreeBSD Jail as you can custom configure the websocket connection to point to anywhere instead of localhost. That did seem to work! It found the device and even did a firmware update on it. So it "works".
I need to clean up this setup because I'm literally running it as root at the moment and I'm using a git clone of their master branch 🥲
Now I just need to figure out how to ensure I can have a consistent serial device name in /dev so this doesn't break in the future.
Once that's sorted I'll have to write a blog post about it
On Mastodon you can search just your own posts by including the phrase "from:me" in your search.
There are lots of these special phrases (called "operators") which let you customise your Mastodon search, so that you get a very specific set of search results.
You can see a complete list of Mastodon search operators in this guide:
:thonk:
in reply to daniel:// stenberg:// • • •will the string `attack_script ` write a file, with a bunch of needless left padding per line?
odd
@bagder
simendsjo
in reply to daniel:// stenberg:// • • •Gregor Schmidt
in reply to daniel:// stenberg:// • • •Xeniac
in reply to daniel:// stenberg:// • • •I'm joining team slop.
Also I would close the report as works as intended. Certificates are meant to be checked at the beginning of a session, not in between.
Pusca
in reply to daniel:// stenberg:// • • •Mike Roach
in reply to daniel:// stenberg:// • • •🔗 David Sommerseth
in reply to daniel:// stenberg:// • • •This line:
That smells generative AI reply by a million miles distance.
@bagder
crazyeddie
in reply to daniel:// stenberg:// • • •It's funny because I read its replies and immediately recognize it as AI in the first two sentences.
Then I look at yours and I'm like, "But this one is also polite..."
We're all going to have to be dicks to each other so we know we're human.
sre4ever
in reply to daniel:// stenberg:// • • •