I've discovered a Time-of-Check to Time-of-Use (TOCTOU) vulnerability in how `libcurl` handles persistent HTTP/2 connections. During the initial handshake, `libcurl` correctly validates the...
Hi Daniel, thank you for your thorough investigation. You have a good point that this looks like slop. I assure you no LLM had been used for creating that report. Best regards Simen.
I think I found another vulnerability in curl, related to the one posted above. If the attacker has elevated file system access they can replace the curl or libcurl binaries to execute arbitrary code when curl is called. /s
I really admire your patience, after the first two replies the user would be labelled as "ignore, report as spam". These users do not understand what they're doing is a waste of money (in this case, other people's money, not theirs).
TalkBack, a part of the Android accessibility suite, is the screen reader developed by Google and comes pre-installed on most Android phones and tablets.
Are you part of an open source project with a community of users, contributors, and/or third party developers?
I want to interview people about their projects with particular attention to how codebases, documentation, project management tooling, and community spaces are constructed.
On these "project tours" we'll go through your project together, on video call, and talk about how the structure of the project influences, and is influenced by, your goals, culture, logistical constraints, etc.
For a while now I have been looking for an easy-to-use solution to track the time I spent on various tasks at my wor. My colleague has recommended Toggl, a tool to do just that in the browser. I have tried it and neither the website nor the Windows app were accessible. Thanks to somebody boosting it, I have discovered Timery for Toggl by @joehribar , a third-party client for the Toggl service. It is easy, definitely accessible and powerful with shortcuts and widgets. It's customizable to the point where i now use the VoiceOver gesture of two-finger swipe left to start a new time entry (an instance of time running), as opposed to a timer which is a predefined time counting config that creates its own time entries once launched (this I start with a two-finger swipe to the right, pick a timer from the list and go). The new time entry only requires a name and starts immediately. I can assign it to a project later. The quadruple tap with one finger resumes the recent timer and a single tap on both sides of the screen (actually the half of the gesture to enable Braille Screen Input), stops any running tracking (I'll have to change that actually as it gets triggered everytime I really try to activate BSI). The subscription is definitely worth it! I don't have to even open the app most of the time and tracking has become much easier. Thank you! apps.apple.com/pl/app/timery-f… #Accessibility #Blind #iOS
Enhance your Toggl time-tracking experience with Timery! Start your most-used timers with one click. Edit your time entries easily. See reports of your time tracked.
Many moons ago, a friend ran an SSH honeypot that had a unique feature: when the attacker gained "access" to the system, he could then send responses to the interactive commands the attackers executed over an IRC channel.
One day, some attacker popped in, and he started to taunt them live. Often, the attackers were just throwing in some copypasta and weren't actually checking the responses. This one time, the attacker realised what was going on and was quite amused, and started to chat back, sending fake commands to see if he would get obvious human responses back (Note: that this was well before generative AI). This went on for some time, and some kind of a connection was formed. The attacker would come back to chat with my friend, logging in over SSH to this honeypot.
Eventually, the attacker divulged other means to communicate with him. He told my friend he was a bored Romanian guy who ran a kind of academy for young hacking talent. They'd gain access to some box, install their SSH bruteforcer (random IPv4 addresses and fixed password lists), and rinse and repeat.
Eventually, the attackers seemed to stop and disappear. My friend contacted them and asked what had happened: maybe they had been caught by authorities?
No such luck. Apparently, they had discovered some addictive online game that was more interesting.
I woke up today to loud gunfire and many explosions. As usual I checked that my family is ok. I succesfully completed the chemistry exam. I'll spend most of my time today preparing for the next exams. Hopefully nothing bad happens to us today.
I'm not a number. I'm human being. I have life details. I have a story. I have a dream. I love my life even if it's too difficult.
Re my last RT: paying someone to do something they already enjoy can actually make them enjoy it less. I am absolutely living proof of this.
I once got advice as a teenager. Someone said "don't do what you love for a living. You'll hate it later." And, while that's not 100% true, my autistic burnout doesn't agree.
I certainly find it cumbersome to read books on request rather than just picking what I want. And I can really see how working in digital accessibility would burn me out for wanting to fix things on a personal or family level.
The number one reason for (at least) weekly changes to my site is to update the AI crawler/siphon blockers ... it never stops : there are 97 of them right now 😤
"carbon capture project." <- and they are getting scammed on this. The only carbon capture is by keeping that shit in the ground. In solid or liquid form.
seems like the next five have more to do with actually good things, but I have a bad feeling anything good is going to perpetually be locked behind "once we complete all these O&G and resource extraction projects for private companies we'll have a look at it".
The HSR on the Windsor-Québec corridor at least hasn't been cancelled (as far as I know), but expediting that would have been a positive sign.
I wish I could have chosen multiple options. Option 3 is under serious threat as well, as more and more device manufacturers refuse to unlock the bootloader for alternative OS installation. I'm tired of the fact that a manufacturer can decide that the fully functional computer in my pocket is now obsolete just because they can't be bothered to support it anymore. This is making me seriously consider life without a smartphone. Maybe I should give Fairphone a go before I do that...
Mudita Kompakt is a minimalist phone designed for mindful living. Featuring an E Ink screen, long battery life, and distraction-free tools, this E Ink phone helps you stay focused and unplug with ease.
PWAs can mitigate the problem, but they don’t completely solve it. They’re a halfway house: more open than app stores, less powerful than true side-loading? I don't know:)
It seems that this might be the push that Linux and other OS options needed to de-Android. The fact is that Android has been under serious threat for over a decade. Remember the Oracle legal attacks to try and take it back over Java? Whereas devs were devalued with open source alternatives, now maybe they will flourish? Let's hope.
I'm also using Graphene. But in the future, if Google decides to cancel AOSP, I buy the last gen of Pixels that support custom OS and keep it. Phones arent getting better anyways, only that stupid AI shit nobody wants.
Another option. I use Lineage for now, but I think it affects me anyway as when less people use APKs or F-droid less developers are going to publish less apps outside Google Play Store. So I hope you will continue providing Tuta mail/callendar on F-Droid and also support any possible Linux on mobile project with Tuta apps just in case Google also kills AOSP forks one day.
the best option is that some open source community need to start manufacturing phone with lineage os or any other open source os to fcuk Google... I'm using my phone without any Google apps😎.. Even I replaced my phone reinstalled apps like dialer msg contacts camera file manager.. Everything... Fcuk goo(shit)gle 😁
@Tutanota Gmail blocked my message from Tuta to a friend on the ground of "reducing spam". This is the message "host gmail-smtp-in.l.google.com[74.125.71.27] said: 550-5.7.1 [185.205.69.213 12] Gmail has detected that this message is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail, 550-5.7.1 this message has been blocked. For more information, go to 550 5.7.1 support.google.com/mail/?p=Uns… 5b1f17b1804b1-45df817e1fdsi13055195e9.31 - gsmtp (in reply to end of DATA command)"
I created a Linux VM and used Debian as the distribution. Everything installed perfectly, but after setup the sound got really choppy. Is it possible to fix it somehow?
I can suppose you allocated too little memory to the VM. @fireborn Can you assist please? Original post for reference: "I created a Linux VM and used Debian as the distribution. Everything installed perfectly, but after setup the sound got really choppy. Is it possible to fix it somehow?"
@menelion @fireborn It could be too little RAM. It could also be what happened to me...I had the processors and cores settings backwards. Set processors to 1 and cores to at least 2, 4 or 8 is better but you might not have that much available depending on your system. Just a suggestion.
I keep hearing politicians from both US political parties making the manifestly absurd claim that, “This is not who we are.” To the contrary, this is exactly who we are and this is exactly what we do. Admitting we have a problem is the first step.
I really don't think Carney knows what the words "nation building" means. "Nation building" is making big ambitious investments that make people proud of being part of the nation and unite the nation.
Public healthcare was a nation building project. The railroad was a nation building project. The Canadarm did some nation building. Weed could have been if Trudeau didn't fuck it up and put the provinces in charge. Dental care could have been if it wasn't just Obamacare for teeth.
Examples of nation building projects would be: - High speed rail - Free universal child care - Massive investment in public transit across all cities (not PPP) - A UBI - A nationalized ISP with a mandate to provide high speed internet to all
No one is going to be like "I am so fucking proud we have invested in a copper mine!" or "Wooo! Upgrades to existing nuclear power plant!!" or "phase 2 of an LNG pipeline? Awesome! Phase 2, baby!!"
Those are not nation building. Those are just industry investment.
For 100% accuracy in retaining complex material at work, I've gone down to 584 words per minute as a reading rate. 95% accuracy is still at 852 WPM, but I enjoyed my 100's across the board while I had them. Touch-typing has come out at 120 on computer and 72 on mobile.
I've also found myself rekeying for d's versus b's, and even c's and z's if I'm using US English sometimes. I wonder if it's worth a hearing test? Although even if it is, what'll they be able to do?
Those issues you mention are well known with Eloquence, and have been for at least 20 years, but given the issues with other synths, I still haven't found anything I can actually switch to. We need Eloquence for most things, then something else for reading letter by letter lol
From your responses, and seeing what's going on in your life, I feel like your issue could well just be that you're stressed and tired, and the brain doesn't do anything as well with either of those, so give it both to deal with and it just can't. You can only go as fast as you can go, after 27 years, you can't train to go any faster, so listen to your brain, listen to your body, and accept that you can only force it so far
@davetaylor2112 nope, but I'm itching for the change after 18 months of this.
Also, things around work will be different when I go back; the team restructuring means we can't do exactly the same level of work we have been. So although some of the current focus will remain, I'm hopeful we can broaden our remit to an extent which will make for a much more worthwhile variety of work. So fingers crossed on that.
I'm pretty sure you will find that you have to slow your reading speed down at some point, but it's not all about hearing, a lot of it is how the brain processes information as we age. I never could go anything like that fast, but I dare say, the harder you push it, the sooner that will kick in. For any kind of work to be sustainable, we have to go at a pace that doesn't actually tax us
@davetaylor2112 It's always felt so effortless. I stopped when it felt like I'd reached a happy level and that was well before college, so being slowed down has quite a sting.
That implies that you find it to be some sort of badge of honour to go fast. You might want to look at that otherwise you'll find yourself constantly judging yourself and feeling down on yourself as life goes on
@davetaylor2112 oh not at all, it's nothing I'm proud of having, just something i'm sad for losing. I probably took it for granted, more than anything.
Je viens d'écouter un podcast sur FranceInfo sur le mouvement « Au cash, citoyens ». Je ne comprends absolument pas ces gens, qu'est-ce qu'ils foutent ? Ils espèrent faire s'écrouler les banques, comme si c'était quelque chose de bon ! Oké, disons, vous avez réussi à anéantir, par exemple, La Banque Populaire. Et quoi ? Qui en bénéficie ? Pas de salaires, des petits entrepreneurs ferment leurs entreprises, les magasins aussi… chaos absolu. #France
Ils en ont parlé sur BFMTV il t'a quelques jours. Selon l'expert financier du plateau, leur journée d'action ne représente pas un danger d'écroulement pour les banques. Ils avaient chiffré cela au max à 5-6 millions € de commissions perçues en moins si jamais 2 millions de personnes participaient au boycott (bcp plus que les adhérents). Il faut savoir que les banques ont des réserves aux alentours de 25 millions €.
no, we don't. We brought Islamists everywhere, in some places there are no go zones and judging by hamas support in Western countries we can conclude that Qatar propaganda wing (aka universities) works very well
Vor ein paar Tagen: Ooh, wie cool ein Igel läuft hier nachts immer bei unserem Haus herum. 🦔 Heute: Überfahrener Igel liegt auf der Straße vor dem Haus. 😢
Does anyone happen to recall the name of the project that allowed you to map/unmap a caps/insert key with a keyboard command, for use with VMWare Fusion on Mac OS?
Seirdy
in reply to Rayne, Raging Misandrist Arc • • •