Anyone using #AWS security groups actually let in ICMP rules, say type 3 (Destination Unreachable) ? Or does AWS let this through already for PMTU discovery? 🤔
It isn't that Linux is "better" when I say I enjoy it. It's just that the quality of MacOS has gone so far down that the issues with Linux are no longer any worse than the issues with Mac.
Of course this doesn't apply to app availability but, for the core OSes it is very much the case these days.
@feld I still have Linux as secondary to me for a lot of reasons, but stability is definitely no longer one of them. I'll be curious to see where I go in another few years.
I was having issues with Safari (and other browsers) freezing every few seconds, couldn't type, super crazy. And when you're constantly flipping between a terminal and a browser to work, it's unbearable.
FTR: I manage my own domains as well as scores of others with a small team, all with DNSSEC enabled. It has been many months since I last had a DNSSEC-related problem with any of them. It was a registry screwup. infosec.exchange/@atax1a/11534…
guy on the freebsd forums saying his dnssec suddenly stopped working, and we're struggling to keep ourselves from replying "yes, this is the dnssec experience"
But we must keep fighting. 💪 @all_things_secured_channel interviewed Hanna on the current status of Chat Control, whether it's coming back, and why you should care - even if you're not in the EU.
For the past few months, the EU has been on a mission to break privacy and end-to-end encryption in the name of child safety. Here's what this means for you, even if you're not an EU citizen.
My greatest concern is the EU will bring chat control back in a different guise / rehash it until they get everyone on board. That is the way the EU works. "In principle" the political will is still very much there to control everything and everybody.
I would like to thank the Playroom Sstaff for renaming their new arcade game Egg Hunter to a different name. I hated having to complain about it, but I appreciate their willingness to make the adjustment to avoid confusion with my existing games.
Attached: 1 image
Yesterday I posted a thing that blew up somewhat:
The first 3 letters of “Sweden“ and “Denmark“ spell out “Sweden.“ The remaining letters spell out “Denmark.“
@Johny28@thecanadian.
tá zákazníčka z Indie sa na mňa pozerala presne ako Klára, tu som a zober ma von ale toto nie je môj záujem a som chorý a nechcem momentálne myslieť na inú, keď tak na žiadnu.. ..ty vole ale zarezonovala
Brněnské vodárny nám před časem nainstalovaly chytrý vodoměr, který každý den hlásí svůj stav, ale ten není nikde dostupný v jednoduché strojově čitelné podobě. V blogpostu jsem se rozepsal o tom, jak jsem odečítání vyřešil a integroval ho do Home Assistantu. Vzal jsem to také jako experiment, jak si s tvorbou takového projektu poradí AI.
já odečet našeho panelákového soláru, který taky nemá API, vyřešil HA addonem Browserless Chromium, který simuluje Chrome ;) coby člověk od videa, který vůbec neprogramuje, jsem to nechal udělat Perplexity, a kupodivu to už půl roku funguje. Taky to tahá z javascriptového UI.
Tohle bohužel končí u mě na tom, že provozuju HA na Home Assistant Green, kde člověk nerozjede Docker. Je to bezúdržbové zařízení s minimální spotřebou, ale má své limity.
Igalia is honored to have been awarded a commission from the Sovereign Tech Fund to advance the @servo web engine. STF’s support will advance a multi-pronged effort focused on improving Servo’s accessibility, WebView API support, and overall project maintenance. Details here: igalia.com/2025/10/09/Igalia,-…
love that the replies are like no its not at all like this, then explain why it actually is exactly like this, with a helping of it's really easy actually. lol.
(See how I cleverly did not mention AI in the title!) You know we have seen more than our fair share of slop reports sent to the curl project so it seems only fair that I also write something about the state of AI when we get to enjoy some positive a…
A large part of the benefit of formal methods is that they force you to make an independent description of what the code should do, in a formalism that can later be checked (or refined).
These LLM-based tools seem to be happy to work with natural language specifications (such as code comments or the Telnet specification), which is a major step forward in usability!
this is the first time I read anything genuinely positive about AI. But how much of the bugreport's quality is due to the tool, and how much due to the human filtering it? So far it looks like all reports came through 2 individuals, so it is probably a combination of a better tool, and someone with the skills to understand the output and throw away the hallucinations (or maybe the tool has a feedback loop to test that the bug is actually real). I can completely understand the moral dilemma you mention, that is one of the reason why I haven't yet started using any of these tools myself.
I haven't said it here before, but I feel I really should. I've been an avid emacs user since I started to learn it back in 1991 on emacs 18. I worked at IBM with their RS/6000 machines at the time and I learned C on AIX with emacs as my editor.
> Fixing several hundred bugs per release is a normal rate for us.
That means nothing else than several hundreds bugs written per release at some point in the past or thousands waiting their time. Large code base = exponentially more bugs per line of code.
@kboyd I want to know how much, in terms of GPU, CPU, RAM, disk, electricity and cooling these analyzers used to generate these reports. And how many results the humans filtered out. And how much that’s going to cost when the VCs demand their 100x returns.
a person posted on /r/datahoarder that they have created an archive of the Epstein files with added metadata like mentioned people and etc. But everything is LLM-generated.... Including the "full text" of the documents.
Rather than OCRing them, they were fed to chatGPT with a system prompt that told it that it was an expert at OCR.
What's interesting about "big tents" is that I've never seen their advocates try to stretch them as far to the left as they do to the right. It's never like "we're sending free laptops to this Maoist insurrectionary group because they have really interesting ideas." It's always about stretching the tent to fit the people advocating for fascism.
Sharing Insights on Accessibility: ABILITY at the European Blind Union Podcast
We are delighted to share that a member of the ABILITY project team recently took part in the European Blind Union’s podcast “EBU in Action”.
At ABILITY, we believe that the design of new assistive technologies must be guided by the real experiences, needs, and aspirations of blind and partially sighted people.
28th June 2025 marked the deadline for implementing the European Accessibility Act (EAA), a EU Directive aimed at establishing a series of accessibility requirements for products and services such as computers, smartphones, banking apps or e-commerce…
why we should stop mentioning the "Paradox of tolerance"
Sensitive content
Tolerance is only needed for behavior or aspects of people you don't like.
Therefore minorities and other marginalized folks do not deserve "tolerance", they deserve full and unconditional acceptance as who they are.
I think that's always what I disliked about the "Paradox of tolerance" , because accepting marginalized folks and tolerating behavior/opinions is just not the same.
why we should stop mentioning the "Paradox of tolerance"
Sensitive content
I can't say I agree... When referring to the intolerant, it's referring to those who by definition advocate for harming certain innocent groups of people (for example Nazi, Zionist, etc.), so your background doesn't matter.
why we should stop mentioning the "Paradox of tolerance"
Sensitive content
@TheEvilSkeleton sure, but as I've mentioned, "tolerance" is towards behavior you don't like.
There is no paradox, it doesn't exist in the first place. If I get accused of being tolerant towards marginalized people but not biggots, that's just a false statement!
I don't have to be tolerant, because I already accept them as part of us. I don't have to endure their presence, because it's not something I feel uncomfortable to be around.
why we should stop mentioning the "Paradox of tolerance"
Sensitive content
okay, I feel like we have completely different interpretations of what tolerance covers. I never interpreted that having marginalized people in your communities is "tolerating" them.
Hnutí ANO před volbami několikrát varovalo, že vláda může zfalšovat výsledky voleb pomocí korespondenčních hlasů. K tomuto scénáři naštěstí nakonec nedošlo…
A warning to any VoiceOver users running iOS 26.1 beta 2: Make sure to check settings/accessibility/accessibility shortcut. Mine got unassigned after the update, so you will have to set it back to VoiceOver if it is the case for you.
Oh, yesterday, an interesting milestone set by EU Regulation 2024/886 just passed without being noticed:
> Payment Services Providers that are located in a Member State whose currency is the euro shall offer receiving instant credit transfers in euro by 9 January 2025, and the payment service of sending instant credit transfers in euro by 9 October 2025.
And on top of it:
> Any charges shall not be higher than the charges for other credit transfers.
Always visit your important webpages like banking and e-mail services through links obtained through reputable search engines and is best to have them bookmarked afterwards. If you get e-mail about your Citibank, visit the website from your bookmark, not from the received e-mail. If there is something important, it will be on actual Citibank webpage. If not, then it's not that important.
@nyovaya @Tutanota the domain RFC doesn't really enforce a specific encoding. So the society adopted a limited subset of ASCII. But there's also a Punycode RFC which allows any UTF character:
Unicode domain names are probably the worst idea for cybersecurity since the flash drive autorun in earlier Windows versions. They probably wanted to be "multicultural" and "non-Western-centric" but ended up with a heaven for scammers with marginal legitimate usage. In principle, any browser and email program should show A BIG RED WARNING in presence of that in URL...
I'm often uneasy about clicking anything that comes by email, like my phone or electric bill. I don't retype the url; either I have it in a browser bookmark or it's in my password manager.
are you implying hackers are the same thing as cybercriminals? That's kinda un-excellent coming from a company whose services are promoted by hackers to their peers, friends, coworkers, families. Seriously disappointing.
@rysiek seconded, as a paid account holder and hacker. :)
Fwiw, it’s good to warn folks like this, Tuta (i have a pinned tweet about IDN homoglyph attacks because it’s a pet peeve masto.deoan.org/@neurovagrant/… ) - just keep in mind hackers protecc, not always attacc.
I hope the image is swapped out soon. I expect some level of corporate approval may be delaying action.
Attached: 1 image
Hello friends, I've seen the below image come up a few times elsewhere and am going to expound a little!
While the hyperlinks in the image display correctly, those aren't actually the addresses of those sites! Instead, they're th…
If you build an app that is fighting fascism, anywhere in the world, please reach out. I’d be delighted to offer as much free accessibility consulting as you need. #accessibility
Vaxry once told me, in private, around a year or two ago, that I should not be writing software if my vision impairment prevents me from being unable to understand his code.
This comment was uncalled for, since my eyes were not the reason his code was hard to understand.
jsme všichni lidi, já si politiky neidealizuji. Za mě tam krom bitcoinu nebyl žádný fatální. Navíc vždy když byl nějaký problém, tak ho vyřešili. Navíc pětikoalici nějak zásadně nakonec nespadli preference, jenom prostě tentokrát nepropadlo tolik hlasů. A jak už jsem slyšel, fakt to mohlo dopadnou mnohem hůř.
No tak to je úleva. Jen se bojím, že pro spoustu lidí je sousloví "zpomalil růst" moc složité na pochopení. Úplně stejně jako u růstu emisí CO². Mají z toho takový neurčitý úlevný pocit. Dokud nezjistí, že v nějakou chvíli už všechny ty mandatorní platby domácnosti nedokážou zaplatit, a můžou si vybrat kterou nezaplatí. Ale nakonec, vždycky si můžou vzít půjčku, neasi? A sehnat třetí práci.
Happy birthday to The Crossroads Inn, my little instance here has been going for two years now. The name was based on a suite of melodies I came up with 12+ years ago, and at one point there were 10+ parts, but parts A and B are the core of it all. The name also works for a cosy place where all my interests come together and get shared, of course. 🍻🍾 This was played on my Gypsy Jazz grande bouche bouzouki-guitar (it's a complex beastie!), and yes, that also includes the percussion part. #Music
If you have more or better screenshots, please share! This shot is taken from the ending sequence of the PC version of the game Grand Theft Auto V. 44 minutes in! See the youtube version. Sky HD is a satellite TV box. This is a Philips TV.
akože cvičil som ale potom pive ty vole to je mh náročné ráno. neviem, 15. máme team building a mal by som myslieť na peniaze a na to že sa musím učiť #dobréRáno
Got to hand it to the boys and girls over at @Tutanota for making the sometimes tricky process of setting up a custom domain into an absolute breeze. Their Custom email domains tool in settings basically holds your hand and walks you through the process. Thank you Tuta! ❤️❤️❤️
@Tutanota Just a FYI, the new super low contrast appearance of the website view for email (and presumably the rest, but I only use it for email) is an accessibility issue and just plain harder to read. I have really good vision and it still is unpleasant for me. Reducing contrast to almost nonexistent levels may look better to some people, but overall just is much worse of a view. Sometimes simplest is best and email doesn't have to look fancy.
At least give us something closer to the classic color scheme to choose. Though ideally the more color options the better. (Or even add a custom theme option?)
like there's a bunch of faff in here about security issues (and sure, fair enough, the context here *is* wired's "security" column) and quality problems, but there is a much darker interpretation of what's happening
bluntly, POSIWID: "open source" is a social system for corporations to externalize infrastructure costs, and, materially, not much else. there are of course principles involved and possible future benefits, but *today*, that's mostly what is going on in the "community"
corporations have been reluctant to "give back" because while it can produce good press, if you start "giving back" to the "community" too much, then the cost savings you got from externalizing your complement starts to erode; if you're going to give money to some tech, might as well own it
but the scary part of this article is the bit where vibe coding *reads* to corporate interests as an alternative to open source, in that you can externalize your infrastructure development and maintenance costs onto OpenAI's VC investors instead. slightly higher overhead per developer, but no need to deal with pesky human beings who might start to agitate for more resources, so the reduction in hassle is worth the cost
it doesn't actually work; a vibe-coded framework is never going to help structure your systems anywhere near as well as one that is the result of human judgement and discernment, even one with a hefty pile of legacy junk associated with it. but management is not going to be able to see this; structurally, managers see the benefits and have a much harder time measuring or even perceiving the costs
this is why there is no such thing as "vibe engineering" and it is farcical to imagine a world where it even could exist. even with all the responsible code review and QA and cross-checking (which is like, literally impossible, given the amount of vigilance fatigue that AI systems provoke, and the metrics we have so far all bear that out), the long-term maintenance cost of a workslop infrastructure is going to be *devastating*
the biggest problem we *already have* in open source right now, which we have oversimplified into the term "supply chain security", is the lack of understanding that putting a dependency in your project's dependency set (package.json, pyproject.toml, requirements.txt, cargo.toml, etc) is not just "downloading some code", it is *establishing an ongoing trust relationship with a set of human beings*. this fact is *way* too obscured in all the tools we use.
✂️ 
feld
in reply to Tom • • •Tom
in reply to feld • • •feld
in reply to Tom • • •interesting
well, regardless, I wouldn't really care. If Amazon's edge can't deal with ICMP related attacks you're beyond help anyway