The theft at the Louvre reveals security flaws in the world's most visited museum. The passwords for the video surveillance systems were extremely simple.
@bogo @aral One of the most common things I get asked to do is to relax and, if possible, remove altogether anything tied to security. People just do not want to be bothered with access codes and things like that. Even after they get burned, they just won't listen.
oh wow, Tuta is a historic company and this seems like a very good opportunity for people in that field to get involved in their important work. nice nice nice 🌻
After more than five years, Eloquence, the legendary text-to-speech (TTS) voice loved by blind and visually impaired users around the world, is returning to the Google Play Store! Many of you will remember Eloquence for its incredible speed and clari…
Und woher kommen sie? Aus Werbemodulen in Apps. Geschäftsmodell: Datenhandel.
Holt Eure Apps also besser von IzzyOnDroid und @fdroidorg (und darauf achten, dass möglichst kein "Ads" Anti-Feature gesetzt ist). Aber ob die EU das lernt?
Händler bieten Bewegungsdaten von Millionen EU-Bürgern zum Verkauf an. Weil sich nach Recherchen von BR und netzpolitik.org auch Personal von EU-Institutionen ausspähen lässt, passt die Kommission ihre Richtlinien für Mitarbeiter an.
This Technical Guideline BSI TR-03185-2 “Secure SoftwareLifecycle for Open Source Software”, or “SecureOSS Lifecycle” for short, complements the BSI TR-03185(-1) “Secure Software Lifecycle”, which solely addresses the lifecycle of proprietary softwar…
Thx for sharing this. Our products are not OSS, but I'm in the process of gathering all sorts of information about the upcoming #CRA and this might be helpful.
A lot! One of the most common reactions or questions I get about curl when I show up at conferences somewhere and do presentations: -- is curl still being actively developed? How many more protocols can there be? This of course being asked by people …
"We work hard at maintaining backwards compatibility and not breaking existing use cases. If you cannot spot any changes and your command lines just keep working, it confirms that we do things right."
We apprehensively followed the developments and the debate concerning Framework’s endorsement and support of Omarchy. We have no direct experience with this Linux distribution, its community, nor with the political environment around it. We did not speak up before now because learning about all of it and keeping up with all the commentary would have been a full-time job. Unfortunately we do not have the time to read every single comment on the dedicated forum thread.
Despite our admittedly limited and superficial understanding of this matter, we believe we have witnessed and read enough to make an informed decision and take a clear position.
The statements from Framework and from Nirav Patel (its CEO) made it very clear for us that Framework is not a company we feel represented by any more, and surely not a company that we want to represent as Ambassadors.
To be frank, it is not even necessary to dive into the petty drama about the recent events in order to provide an explanation of our decision. We are deeply disappointed by a company that is self-proclaimed as the resistance of the tech industry, the good David that intends to stand against the big tech Goliaths that are devouring it. Framework’s behaviour brought to surface an embarrassing and absurd inability to take an explicitly political position, blinded by the Western patriarchal narrative that technology in itself is not political. By trying to keep everyone happy (or at least not to make anyone mad) inside a fictitious “big tent”, the company proved to be no better than any of its Silicon Valley peers, dismissing comments about DHH, and comments about fascism and racism as not strictly related to the main mission.
We were proud to be ambassadors because we believed that Framework not only made products that empowered those who purchase them to fully own and repair their devices, but most importantly because we wrongly expected that this would imply changing the paradigm and the narrative about tech companies altogether.
We were offered the possibility of having a 1:1 conversation with Nirav Patel. We did not take it, because it is self-evident that our opinions are in contrast with the statements that he already made. Too bad, Framework is going to lose much more business than it would have if it simply acknowledged a mistake, took a deep inward look, and questioned its own values and stance.
In a world that is burning, thorn by conflict and greed, it is not enough to be “less evil”, to be radical only in some cases, and be moderate in others. We wanted to be ambassadors of a company that does not see fascism and proprietary software as two distant topics, but that recognised the entanglement of politics and technology, of capitalism and authoritarianism. It seems that this is not the case.
Farewell, Framework. We will miss the shining brave idea we had of you.
Me zrovna tahle situace dost trapi. Je mi lito tech lidi, kteri pracuji na ruznych OSS, ktere DHH uplne random podporoval (cti: ma penize a hodil je jejich smerem).
Cesta z toho neni canclovat tvurce OSS, ale naopak je podporovat vic, aby meli volbu DHH nebo 37signals ze seznamu podporovatelu vyskrtnout. Tedy i podpora Frameworku napriklad tomu kritizovanemu Hyprlandu muze prinest velka pozitiva.
U Hyprlandu jde o jejich maintainera (Vaxry) a celkově toxickou komunitu, ne přímo o DHH. V prvním postu v tom linkovaném fóru je odkaz na writeup a podle všeho je pořád platný, ač už je starší.
U Omarchy jde o DHH - Omarchy má přímo popis "Omarchy — Beautiful, Modern & Opinionated Linux by DHH"
Tj. nejde o to na koho hodil DHH peníze, ale že jde přímo o projekty, za kterými stojí Vaxry nebo DHH.
Těch prvních pár postů ty témata rozebírá dobře, než se z toho stal monstrthread.
I wish Ableton's Drift synth had three oscilators instead of just two. You can kind of fake it to a point by fudging stuff, but, as they say somewhere, "ACK, WRONG!"
Fix CVE-2025-11563: Don't percent-decode / and \ in output file name to
avoid path traversal.
Fix typos reported by pyspelling.
Multiple improvements to GitHub Actions.
Persiguiendo con mi actuación la satisfacción de los intereses generales de los ciudadanos y y fundamentándola en consideraciones objetivas orientadas hacia la imparcialidad y el interés común, al margen de cualquier otro factor que exprese posiciones personales, familiares, corporativas, clientelares o cualesquiera otras que puedan colisionar con este principio.
Por poder no han podido ni expedirme el F2R de toma de posesión porque les da error en la aplicación. Me ha tenido que hacer el jefe un certificado "a mano" para que conste que tomé posesión ayer. Más que nada para poder darme de alta en MUFACE.
Una curiosidad. En teoría para la TP hay una formalidad de acatar la constitución, el estatuto en su caso, y el resto del ordenamiento jurídico (art 62.1.c) ebep). En teoría esto se hace justo antes de tomar posesión (requisito d) del EBEP).
Entre tú y yo, a mi no me pidieron acatar nada. ¿A ti sí?
Interesting post by Cloudflare on detecting #CGNAT as well as the performance and availability impacts to users behind it: blog.cloudflare.com/detecting-…
This re-enforces the importance for both: 1) content providers to dual-stack sites (so that #IPv6 end-users can bypass CGNAT) 2) the importance for networks to deploy IPv6 alongside CGNAT so that only a shrinking subset of traffic needs to go through CGNAT
Of particular concern is the concentration of CGNAT in the developing world, creating even more risk of a multi-tier Internet with an IPv6-centric modern internet but with other parts of the world being stuck in the past with IPv4 CGNAT.
IPv4 scarcity drives widespread use of Carrier-Grade Network Address Translation, a practice in ISPs and mobile networks that places many users behind each IP address, along with their collected activity and volumes of traffic.
Good things come to those who wait? When I created and started hosting the first websites for curl I didn't care about the URL or domain names used for them, but after a few years I started to think that maybe it would be cool to register a curl doma…
Abyste si udělali představu, jak jednoduchý je dodat vám na #VHSky projev prezidenta z 28. října: 28.10. večer "Hele tyvole, ten projev je asi jako dobrej, nebylo by to dobrý nahodit i k nám?" 29.10. 5:43 Odesílám e-mail do kanceláře prezidenta republiky s žádostí o práva nahodit záznam i k nám 29.10. 11:40 Kancelář prezidenta reaguje s tím, že záznam prováděla #ČeskáTelevize a práva k distribuci také patří jí 29.10 11:48 Posílám téměř stejný e-mail do České televize s tím, že mě na ně odkázal #prezident, respektive jeho tým 29.10. 11:53 <Automatická odpověď - o Vašem e-mailu víme a určitě se mu budeme věnovat hned, jak dopijeme kafe nebo tak něco> 31.10. 8:14 Parafrázuji - "Jsme rádi, že nám píšete, ale píšete na blbý oddělení. Obraťte se na obchodní oddělení" 31.10. 8:48 Přeposílám téměř stejný e-mail na jiné oddělení v #ČT, kde zmiňuji, že mě na ně odkázal tým prezidenta a jiné oddělení televize. 3.11. 10:52 Píše mi produkční oddělení (ano, nikoliv obchodní :)) ČT, že záznam není licencovaný, je pouze nutné uvést zdroj a že mi ho dodají, když zaplatím 3 litry na technické náklady. 3.11. 11:00 Zasílám e-mail, zda chápu správně, že když si to z videa vyseknu sám a napíšu, že to je z ČT, tak ušetřim tři litry 3.11. 11:05 Produkční oddělení potvrzuje, že to je legálně správný postup pro toto video, ale ať si dám pozor, že u ostatních je většinou potřeba zaplatit licenci. 3.11. 20:09 Video visí! :party popper::party popper::party popper::party popper:
Nejtěžší je dostat se k někomu kompetentnímu - ve chvíli, kdy se mnou komunikoval produkční, tak už to šlo rychle a byli i celkem ochotní. Každopádně až se budete ptát, proč to zpoždění, tak tady je důvod :)
@michal na automatické překlady titulků by se dal použít tento plugin: skilltech.network/peertube-sub… Otázka je, jak by to fungovalo, protože i v těch přepisech do češtiny je hromada chyb a automatický překlad do angličtiny by byl ještě horší.
Apple has today released macOS Tahoe 26.1, watchOS 26.1, tvOS 26.1, and HomePod Software 26.1 to the public. As with iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.
A Cab picks up a Nun. She gets into the cab, and notices that the VERY handsome cab driver won't stop staring at her. She asks him why he is staring. He replies: "I have a question to ask, but I don't want to offend you" She answers, "My son, you cannot offend me. When you're as old as I am and have been a nun as long as I have, you get a chance to see and hear just about everything. I'm sure that there's nothing you could say or ask that I would find offensive." "Well, I've always had a fantasy to have a nun kiss me." She responds, "Well, let's see what we can do about that: #1, you have to be single and #2, you must be Catholic." The cab driver is very excited and says, "Yes, I'm single and Catholic! "OK" the nun says. "Pull into the next alley." The nun fulfills his fantasy with a kiss that would make a hooker blush. But when they get back on the road, the cab driver starts crying. "My dear child," said the nun, "Why are you crying?" "Forgive me but I've sinned. I lied and I must confess; I'm married and I'm Jewish." The nun says, "That's OK. My name is Kevin and I'm going to a Halloween party."
watching a video about private equity buying everything in pro audio (native instruments, etc)
i think over a long enough timescale (more than five years) the only tools that remain are FOSS ones.
it doesn't matter that you think they're janky compared to professional-grade ones (sometimes they are, sometimes they're actively better, though that's rare)
because you won't have your professional-grade ones for very long, anyways.
i have understood for over a decade now that community led open source isn't a _development_ strategy or _maintenance_ strategy. it is a survival strategy in an adversarial environment dominated by capital. this is why, in long term, it is superior to any other type of software/hardware development
If you are not yet convinced that Fedora Flatpaks is a hostile 'alternative' to Flathub, here's a good one for you:
An indeterminate amount of their packages are, in fact, directly based on existing manifests from Flathub. Not by manually inspecting code themselves; rather, by running a script which goes through Flathub's APIs and parses the respective apps' manifest to generate manifests for Fedora Flatpaks: pagure.io/flatpak-module-tools…
Calling it hostile is too strong. The people at Fedora aren't bad! They probably thought it was a pragmatic solution. Having said that, I think it's better that they only use Flathub. There own repository doesn't add anything for the user.
I think it's important to distinguish between hostility and whether people are inherently good or bad, as being hostile and good are not mutually exclusive.
They are regularly reminded that Fedora Flatpaks is a bad solution and doesn't address any problems besides the legal side of things, which isn't true whatsoever because Flatpak has technical measures to handle the legal issues.
Developers from numerous projects have openly expressed and criticized Fedora Flatpaks, but the Fedora Flatpaks developers keep insisting and justifying its existence by misinforming people and smearing Flathub, only to obfuscate the fact that they literally rely on Flathub for generating manifests.
This isn't about whether they are good people or not, but it's about whether they're hostile or not – which they are.
to be fair, I have no intention in having a productive discussion with them, as a lot of things that come from them are misinformation that were addressed a long time ago, by several people, several times. The last thing they want is productivity, because let's be real — they would have deprecated Fedora Flatpaks a long time ago if they did care about being productive, or at worst limited it for (pre-)installs.
I contributed to Fedora Flatpaks in the past, not by code, but by researching and writing articles:
Information about it were much more difficult to find because very little was (and still is) documented. (To this day, people still regularly refer to both articles.)
I had a lot of hope for the project, in fact I even joined the special interest group, but it became evident that none of my suggestions/criticism mattered to the main developers, and they double down on it despite being regularly told by many people from different backgrounds that it's a really bad idea. All they want is to turn it into a glorified distro package repository, and they've been stuck on it since then. Hence me calling them hostile.
Let's hope that if they get enough criticism they will stop with the Fedora Flatpak repository. I also don't see the value of it. If they have problems with Flathub they can better improve it. Nice articles you wrote by the way!
This is often the kind of sentiment resonating around Fedora, in my experience. If you don't agree, you "don't understand" it. Never mind the fact that I used to contribute to Fedora in the past, where my earlier contributions were articles about Fedora Flatpaks!
Sincerely, this comes from someone who was deeply interested in Fedora Flatpaks and wanted to push it in a non-hostile direction, but the developers have shown that they just want to turn it into a 'traditional package manager with extra steps'.
You have my full support, if anyone at Fedora tries to tell you you don't get it, remind them that Bazzite and Bluefin and Aurora have had orders of magnitude more success than Fedora's offerings and depend on flatpak as the default install method. We go out of our way to remove every trace of Fedora Flatpak and our store even ignores the repo if installed by the end user or brought over from someone rebasing. To do anything else would be a disservice to our users.
Taking the liberty to cross-post my involvement with Fedora Flatpaks; originally posted on Fedora Discourse.
4 years ago, I discovered Fedora Flatpaks, and developed a strong interest with the tech and approach behind it. After having a thorough understanding of it, I wrote two detailed articles about Fedora Flatpaks:
As time went by, I started losing interest, because there wasn’t much progress with the project, and it was duplicating effort that could have otherwise heavily benefited Flathub and every party involved (GNOME, KDE, elementary, freedesktop.org, Endless Foundation, etc.), which would have benefited Fedora, too.
This realization led me to write “Where Fedora Linux Could Improve § Only Ship Unfiltered Flathub by Default”, which criticized the lack of progress with it, as well as addressing one of the “legal concerns” (2022/12/06):
Any of my suggestions then were either rejected with no proper explanation, shrugged off, or sent to /dev/null. And whenever I asked for source for obvious misinformation, it would be dismissed.
I tried to push Fedora Flatpaks in a direction that would have been less controversial and more productive by limiting its scope, which would also enable us to allocate more resources on other stuff. However, once again, I wasn’t really taken seriously; at least I personally don’t feel like so.
Eventually, I lost every last bit of interest and removed myself from the SIG (2023/02/20):
All this to say, I tried really hard to keep my opinions to myself, and communicate diplomatically with them; I even wrote articles after doing several hours of researches in the span of weeks to show my interest, but I was treated extremely unfairly in return. So this naturally led me to one conclusion which I still hold today: they’re not looking for diplomacy; they just want to do whatever they want, even if it ends up upsetting/hurting people and projects’ image — I have the same sentiment with RPM packagers, too.
The Fedora Project is a great organization to gain experience no matter the team you are in. I am currently a part of the Fedora Websites & Apps team improving my technical writing, communication and design skills.
I agree with most of this - about the sheer futility and user (and upstream) hostility of this exercise - unless there is a clearly-articulated business / technical reason. I actually thought mcatanzaro's take was pretty good - ie the default shipped Flatpaks that go with RHEL (or whatever) should be made by them, otherwise don't bother. I can see the logic for this, if "we built it we know where it all came from" etc is what the customer is buying.
I think the credit argument is maybe a bit of a stretch. Maybe as a courtesy, but not an open and shut legal or principled argument. I don't think a lot of build manifests pass the threshold of being meaningfully copyrightable. Most Flatpak manifests on Flathub also don't have licenses or copyright attributions so it's not like the contributors are signalling this requirement. Maybe a bit of a miss from Flathub not having some clearer/default terms. On the todo list I guess!
@ramcq I was looking at it from the perspective of amicability, not legality. In other words, I'd expect community projects to attribute the original authors because it's the right thing to do, not because they have to.
@BorrisInABox I first encountered it when I got to see a Type 'n Speak around 1993.
Fun semi-related fact: if you set the Desmos calculators to Nemeth or UEB modes, you can also toggle what we call 6-key mode which lets you type Braille with the keyboard. I had fun working on that one.
@BorrisInABox I only knew about it from David Goldfield's demo from the 1992 Blazie newsletter tape. So of course that's the first thing I turned on when I saw one for the first time.
I don't think I actually used a Type 'n' Speak at all until 2005, other than very briefly messing with them occasionally at conferences and trade shows. I did see one, and an original Braille Lite in 1993 or 1994. IIRC, it was a pre-production Braille Lite model around that time.
@BorrisInABox Oh, man. I used a PAC Mate QX420 for most of my secondary education, and switching on braille mode for writing rudimentary Nemeth really helped in maths courses. Now I have the PC Keyboard Braille Input add-on for NVDA and can switch to Braille Unicode as my input table, but have no need for maths anymore. github.com/nvdaes/pcKbBrl @sclower @Bri
Is it a Bluetooth keyboard, on Windows, perhaps? I know there used to be a game/program called Pontes Braille Typewriter where you wrote Braille using the sdfjkl keys. I found that on a USB keyboard connected to my PC it'd work fine, but on a Dell Bluetooth keyboard it just couldn't handle that many simultaneous keys down.
@jaybird110127 My Logitech MX Mini will do it well enough over Bluetooth, but yeah, I've seen lots just bomb out big time.
My braillist in high school complained about that, because she would use Duxbury's braille input thing to do nemith. She got a new keyboard, and it wouldn't do more than two or three keys at a time, depending on which combination of keys were pressed.
SuspiciousDuck
in reply to SuspiciousDuck • • •Peter Hanecak
in reply to SuspiciousDuck • • •SuspiciousDuck
in reply to Peter Hanecak • • •majster bude v dielni o jednej.. lepšie ako vôbec
edit: sranda zatiaľ