I understand why it needed to be done, but I am saddened that there were enough naive (bad?) actors slopmitting AI slop to the point that the bounties via HackerOne ended up unusuable.
Canary in the coalmine – the whole apparatus of formal bug-bounty programs is surely doomed since it is an incentive to spam and the effort bar to produce plausible spam has been lowered so much
people misconceive big and important with wealthy... somehow the concept of what drives open source is just not understood by the simple minded moneyhunters... :(
I totally understand the move. When running web apps with bounties this has been an issue even before AI as there are so many things of little to no value one can report.
Anyway just saw you'll be at FOSDEM, looking forward to see you rant about sloppy security reporters in person ;)
the AI talk at #EuroBSDcon was hilarious, though. But I'm sure you'll always have something to talk about. Hope, this will calm BS submissions down a bit.
Hello @bagder , I wonder if moving to a less crowded code hoster might lower the maintenance burden related to AI crap ? I am sure you are aware of @Codeberg for example.
At @backintime we also have to deal with low-quality (student) and AI-crap PRs. Moving the project to @Codeberg is one item of my todo list.
For all #foss maintainers I hope we can find a way.
I understood that you cut off the money for extern "contributors" (PRs & Issues). Am I right so far? But your project is big and popular and still will attract a bunch of "contributors" providing low-quality issues and PRs burning your maintenance resources.
First: we have not cut anything, we have a proposal about doing it end of January.
Then: we plan to shut down the curl bug-bounty, which is what pays security researchers for reported confirmed security vulnerabilities. Today we get those reported through Hackerone.
There is no perceived problem in the curl project related to issues or PRs on GitHub and we do not intend to change anything in regards to them at this point.
we don't move off GitHub because no one else is going to sponsor us at this level, which thus would mean a SIGNIFICANT dent in our ability to ship quality software if we still would do it. I think that would be bordering to irresponsible behavior.
Thank you for clarify that. I thought hackerone is just something like a secondary issue tracker targeting on security issues. Aren't there security issue reports direct on the Microsoft GitHub issue tracker?
Microsoft (GitHub) is sponsoring curl? Give me a number and lets see if we can find an alternative. 😋
And this +10K is used for CI, not for your living expenses? The latter is payed by wolfSSL, according to the website?
I think +10K per month might not be a big deal for some other CI companies around. Especially when it is a popular project like curl which they can also use to polish up their image.
Paní Tykač, zakladatelku institutu Solvo, nejvlivnější ženu Česka, autorku aplikace pro pohodlnější rozvod, milovnici recyklace a držitelku ceny za kancelář roku, miluju. Někdo se řeže do předloktí, já chodím na její web. Bolí to a zároveň je to krásné. Tady se snížila a oslovila nás, nemyté masy, aby nám vysvětlila, že nemáme srát bohaté, jinak by taky mohli přestat pracovat a svět by se zastavil. V předklonu poníženě děkujeme, paní! idnes.cz/zpravy/domaci/ivana-t…
Už pár dní diskutuji s kolegy z našeho think tanku Solvo o cíleném žhářském útoku na kabelový most u elektrárny Lichterfelde u Berlína. Jak jsme se dočetli, zaútočili na luxusní čtvrť. Za rozsáhlým výpadkem proudu v Berlíně stojí levicoví extremisté.
"Lidé, kteří mají své úkoly, starosti, rodiny, a že není tak jednoduché se o to starat. Neznamená to, že když to dostanete, tak se stanete boháčem. Naopak, stanete se otrokem." @zoul
Česká televize začala vysílat nové díly série Modrá krev o šlechtických rodinách. „Úplně se změnil vztah lidí k nám. Náhle nejsme nepřátelé,“ říká průvodce cyklem František Kinský.
u té šlechty to částečně chápu. Často dostali v restituci zpátky nemovitý majetek v neutěšeném stavu, který kvůli tradici nechtějí prodat, a kapitál na jeho zvelebení neměli. To je potom fakt spíš starost než nějaká výhoda. Nicméně tady paní Ivana sedí se svým manželem na podílech ve firmách v hodnotě skoro 200 miliard. Stačilo by jednu tisícinu prodat a život si už jen užívat. Ale ona peníze hromadí a svůj kříž tak nese statečně dál.
It is our moral imperative to consider the "real world" and actual users when assessing the possible security impact of a reported #curl issue. If we deem that there is likely to be zero affected users, then we do more damage than good by insisting on doing the security dance for the issue.
Then we end up with a severity level that is below LOW, and then we treat it as a bug instead. For the good of mankind.
How about we declare June 14 Schengen Day – a day of both celebrating the achievement that is the Schengen Agreement and of protest against border checks.
Politicians – and voters – almost exclusively hear the xenophobic ramblings of the nationalists. We need to change that!
It is important that the achievements of Schengen, of free movement in Europe without border control are emphasised. German EU law professor Werner Schroeder decided to sue Germany over illegal controls https://euobserver.com/rule-of-law/ar0dff2b9e
Guys! How did they even do this? Click on this YouTube video on iOS, pay attension to the duration it shows you, then click on the channel and look at the video from there. Pay attension to what VO says the duration of the video is.
Viele Politiker kritisieren Elon Musk und X als Plattform für Hass, Desinformation und Radikalisierung – und äußern diese Kritik ausgerechnet dort. Damit stabilisieren sie Reichweite, Relevanz und Geschäftsmodell genau jener Plattform, die sie angeblich ablehnen. Wer X nutzt, füttert den Algorithmus mit Aufmerksamkeit. Konsequente Kritik hieße: X verlassen und Kommunikation dorthin verlagern, wo Debatten nicht durch Empörung monetarisiert werden.
Der Mythos der »notwendigen Opposition« auf Plattformen wie X und TikTok ist eine Illusion: Auseinandersetzungen verstärken Desinformation und fördern das Geschäftsmodell.
Wer so handelt, macht sich zum nützlichen Statisten: Man empört sich über die Folgen, aber liefert weiter den Treibstoff. Das ist keine Notwendigkeit, das ist Bequemlichkeit – und am Ende Feigheit vor dem Reichweitenverlust. Wer X als demokratiegefährdend bezeichnet, kann dort nicht gleichzeitig „weiter informieren“. Das ist Legitimation durch Mitmachen.
Oh das ist ja toll! Ich sehe gerade, wenn wir noch 8 Follower hier bekommen, kann ich unserem Chef ENDLICH sagen, dass wir hier mehr erreichen als bei Instagram und das, wo ich für meine Liebe zum #Fediverse hier immer eher belächelt wurde 😍 habt den Tag schön 🍀 Edit: Ne, den Insta-Account betreue ich nicht ... das ist nicht mehr meins ... nur ehe jemand fragt
every time the topic of "the internet is hopelessly broken" comes up, someone has to mention Meshtastic, I'll be that person this time. I've never used it myself, and even though the way it works it provides some very unimpressive throughput only enough for text messaging, I just like the general concept of an uncontrollable peer-to-peer mesh network.
there are so many of us (even this newbie*) who are massively thankful for all your work and dedication!
I just checked out the FOSDEM schedule and saw that your talk is on Sunday at 5pm and I screamed NOOOOO because I will be on the train back to Paris then. I'm so sad to miss it.
Wishing you a wonderful day and thank you for all you do!
* thanks to curl I was able to install YunoHost and embarked on this awesome self-hosting adventure
yeah, I realize that my FOSDEM talk is so late that a bunch of people already have left when I get to start blabbing, and the rest will be so tired they will fall asleep 😁 But hey, there will be a video of it!
No one can say that I do not have friends.BUY ON ITUNES: https://itunes.apple.com/us/album/i-h...And buy the "Crazy Ex-Girlfriend" Season 1 Volume 1 Soundtra...
ok, so now metta is getting pushy about the new updates like the web wrapper. Please update to the latest version of WhatsApp. You are running an old application version which will expire in 6 days.
This is a longshot, but yesterday I gave a 3-hour (!?) lecture to a group of students from the Fashion Institute of Technology on the history of manga, and before I could finish answering a student's question about yuri, we ran out time and had to clear the room. So on the off chance that one of the student's might search my name and find this account, here's the full answer. #FashionInstituteOfTechnology #KyotoInternationalMangaMuseum 1/n
My next adventure is figuring out Linux, to be specific, it's gonna be Ubuntu 25, on my Medion Laptop which won't be helpful running Windows anymore since it already consumes 5/8GB Ram idling around. And I wanted to build myself an own opinion on Linux and it's accessibility for a while now. Already got the installer to talk, though I haven't installed it yet. Firstly had to figure out how to boot into that thing cuz each Laptop manufacturer has it's own magic procedure that might or might not work to get into whatever kind of boot menu they decide to add or don't. Anyway this evening I hope I can get through the setup process. I have already spend to much time with it yesterday lol, went to bed at 1 AM on a work day.
I just encountered a datepicker on an airline website that I could actually use with a keyboard plus screen reader with zero issues and now I feel like everything I know is a lie.
My new Mastodon/Bluesky client, FastSM, which is based off the old work from me and @TheQuinbox, is now available in really, really early alpha! You can download the latest build, which gets updated with each new commit, at github.com/masonasons/FastSM/r…
@draeand Yeah, I use Qt for LiveChatter and it has some responsiveness issues, but for something like a Youtube chat reader I thought it most suitable, especially if I didn't wanna fall into the same trap as VeTube did.
@draeand Alrighty. I would use FastSM more if it wasn't flash banging me all the time, and I don't like invisible interfaces, I prefer traditional navigation, not multiple keys just to read posts lol.
@alexchapman @draeand Yeah see, and this is where I have an issue. # Monkey Patching # We wrap the __init__ methods of Dialog and Frame to automatically apply styles # when they are initialized.
@draeand That, but mine and Stu's client is the Thrive client, which the Mastodon thing is eventually gonna be integrated into Thrive Messenger to become an old school MSN style thing that's basically like what Tweesecake is lol, so then there'd be two clients compeeting from the same people lool
@alexchapman @draeand Not necessarily. 1, competition isn't a bad thing. 2: I think what you're trying to do is pretty neat with Thrive. If people like thst atyle of interface and want to use it, awesome. I think you shouldn't let the existence of my or anyone else's client stop you from writing yours.
@draeand OK, let's look into it. I'd hope you'd be able to take the class Wx.MswDarkMode method from Thrive and that all works out. If not, then hopefully there's another way to do it.
@draeand I know. I'm not saying that its gonna stop me from writing mine, but having both Thrive and Veet, both from me and Stu, that doesn't make sense roflflfl
@alexchapman I mean. You also have to consider the fact that if Bri updates her version of WX and it breaks because the monkeypatching depended on something internal? Or that was made internal? I've no idea how the Python dark mode stuff works so I'm spitballing but
@draeand I think that's refering to the Win32 API that controls color themes. I think it can be found somewhere, but I had Gemini help me with it and that probably doesn't know about half the Win32 shit lol.
@alexchapman All of the undocumented APIs seem to be in wxApp::MSWEnableDarkMode? From the docs: "This function uses undocumented, and unsupported by Microsoft, functions to enable dark mode support for the desktop applications under Windows 10 versions later than v1809. Please note that dark mode testing under versions of Windows earlier than 20H1 has been limited..." Yeah... Oof
@draeand OK, so like based on if the system setting is dark mode? That's basically opt in as by default Windows uses light mode. As I also said in a previous reply, it seems Microsoft is supporting Win32 dark mode stuff so the chances of this shit breaking badly are pretty low.
Does this yet have the TweeseCake feature of being able to give personal nicknames to accounts? I use it a lot for people who either have really long names, or I know exactly who they are. I also have my own personal nickname set to "Me" so I can recognize and fly through my own posts quickly.
@alexchapman @draeand are you running from source? Or the build? It doesn't matter, but I just pushed more code for you to test, if the build though you might have to wait a few minutes to get it
@draeand The build. I'm gonna probably git clone it later in the day, gonna test a bit more and then probly head off to bed its like 5 AM in the UK lol.
@draeand Yup, now me and other people who have some usable vision and hate bright white backgrounds can use this without our eyes being bothered like that lol, I know some people that welcome the dark mode stuff as well as me, and that also includes my GF, I won't bother blowing her notifications up at this time in the morning roflfl.
Are there known issues with the home timeline syncing right now? I'm on the newest build (downloaded 10 mins ago or something). I put my focus on some random older post on the TL, close the client, open it again, and when it finished loading I'm still on the newest post in the home timeline.
Oh right it was my mistake, enabling it in the 1st place would be smart to do. Anyway how about making this account specific and not a global advanced thing? Just a small idea but maybe worth a thought. Also if I'm not lost I think the sound for pinned posts doesn't play for now, at least on the one profile I've tried it (kc@chaos.social).
Indeed. Anyway dark mode also works, this thing is amazing. Fast, modern, open source, quick bug fixes. Really great work, sounds like a donation when I'm back from work cuz at this point this is very well my new primary Mastodon client for PC.
Seems like I can't view my own profile anymore? Pressing CTRL+Shift+U and typing in my name says no user found. Same when I do that on a post of mine, no user found. Waa I'm no user.
When writing a new post, and then going to the Desktop, the post get's eaten, the dialog won't show back up. RIP to my 2 years on Mastodon babbling, gotta rewrite it now, :p.
So I think I know what's going on. I press CTRL+N, the edit box appears, I go to the desktop, refocus, the program window and it focuses the main dialog. I can see the edit box is still there visually, but NVDA won't gain focus. I can click it with the mouse, and NVDA will jump back in. Windows 11 25H2.
Is there somehow the abillity to make an item in a timeline still respect line breaks? For example take the following: This is an example of. A line break.
See, NVDA will not make a natural break because the text looks like: This is an example of.A linebreak. This can also be seen when copying something with speech history. Edit: Oh hmm, in this case it did actually put a space to make a break. Not a line break, but at least something. That wasn't the case with all posts I've seen though, for example when you get a autoreading notification it'll just dumb the text ignoring line breaks.
Lol then I keep the dark mode off. No it does not for me. I press space, NVDA says pressed, I tab forth and back and it hasn't changed the checked state...
@draeand OK its working. One thing I have noticed and this was able to be spotted thanks to dark mode preference, the timelines list overlapping with the contents list, making it difficult to read the list of timelines as they are being covered by the main contents.
@draeand OK so its doing something, but the main background is still bright. I'm not sure if there's a color value overriding the dark mode colors or what, but when I opened things like the settings dialog they were in dark mode, its just the main window that seems to still be bright.
@alexchapman Idk if that's what wx calls though. I've only used unsupported win32 APIs once and that was LDRRegisterDLLNotification, which was so undocumented that windows.h doesn't define it anywhere and you have to copy-paste it from msdn lol
@alexchapman Yeah, WX doesn't really have a good dark mode implementation. That said, monkeypatching should only be done if you know the consequences of what that monkeypatching does. I'm kinda curious how extensive it is now lol
@draeand Then I found this thing just now: learn.microsoft.com/en-us/wind… So in later versions Microsoft are supporting this Win32 dark mode stuff it seems.
psst :) super tiny change but right now the invisible interface isn't echoing to braille displays, I think it's a boolean when initializing accessible_output that isn't set to True. Much obliged if you could fix :)
When opening a conversation of a post that someone boosted, the newly added timeline is called conversation with name of the booster, e.g. Tom boosts Bop and I open the conversation, it should say conversation with Bop not conversation with Tom as it does right now.
Josh should release a demo client and stop ignoring the blinks. Or at least open-source it, dude won't make any money on it with that attitude anyway and I hate how the thing breaks when hiss server does. He's holding users hostage.
@kev Meh people should just stop with their obsession for audio platforms. TBF he made great success with Ramblio, can't really understand it though, apparently there was enough time to work on web apps, IOS and Android clients and even back end for that entire thing but Tweesecake, oh na let's only hand it to some random ass beta testers and not say anything ever again. Yup might be controversial opinion but well. Glad we have this client now.
In the bookmarks timeline, removing a bookmarked post doesn't remove it from the timeline itself. The state get's changed because in the context menu of the post I could add it to the bookmarks again, but it won't get removed from the bookmarks tl, even when refreshing.
Hey I have a question. I can't seem to get posting to work in the invisible interface with the Win 11 keymap. I tried editing the keymap, because the default keystroke is used by OneNote, which I hate by the way, but still, it comes up. I tried tro edit it but it didn't work.
I will say that our puppy socks has the cutest little bark ever. I’ve got a recording of it sitting in my Voice Memos. But I think he’s gonna be one of those dogs that likes to be around people. He tends to whine or follow us around the house when we’re moving around and doing other things. He just loves being around all of us. and he loves to play first thing in the morning when we all wake up.
@Bri yes. Never owned a dog before so this is our first time. He’s only two months old. But when he gets playful, he’s pretty crazy. Every time my mom puts him on the couch. He just loves to jump off it. Plus, he’s at that age now where he’s starting to chew on things.
Grimalkin's Fall Festival Virtual Day is now archived for all to see!! Catch many new artists, the youth of Girls Rock Camp D. C. and my own band Rainbow Portal in this multimedia extravaganza! #music #live_music #musician #musicianLife archive.org/details/grimalkin-…
Okay so tonight I have to brag. So with Termux, Emacs, and Emacspeak, there were 2 big problems I still had from when I got AI to rig DecTalk up. First, the tone used for "blank line" and indentation was not working. Second, after a while the Emacspeak sounds would stop working even though DecTalk still was. So, Claude Code, Opus 4.5, fixed the tone issue, something about sox and Termux specific stuff, and made the Emacspeak sounds thing less of an issue than it was. It still happens, but on first launch without putting Termux in the background and such, it stays alive.
The coolest part, I was using Claude Code inside of Termux on the bus going out to eat. And by the time I got home, it was all fixed!
Across the U.S., people are rising up against ICE raids and state violence—and the risks are real.
Peaceful protest is a constitutional right. But this Trump regime has made clear it will not respect that right when power is challenged.
I wrote 13 Rules to Protect Yourself While Protesting to help you stay safe, protect one another, and show up with purpose and clarity as we defend our communities.
Please read & share widely. Our safety depends on each other.
Read and share as communities across the United States rise up against ICE raids and state violence
Peaceful protest is enshrined in the Bill of Rights.
I am curious, so today, lets do some Mastodon research on typing verbosity on your #ScreenReader, when typing on a physical keyboard. What is your Typing echo set to? #accessibility #a11y
I voted "Characters" because it's what it's set to right now, but I change it extremely frequently. Always between characters and off, though; never words in any form.
I should say that my previous explanation was for NVDA. On iOS I usually have it set to words to detect when autocorrect has changed them.
I absolutely feel faster with it set to off as well though. I just turned it off to type this reply, but like to have character echo when doing anything with numbers, dates, etc.
@jscholes Indeed, my iOs braille screen input is set to words, because making typos there is less obvious than on a physical keyboard. No autocorrect for Estonian on iOs though so it doesn't change what I type.
@jscholes very limited sample size and not with any allusions of it being scientific, but I have found through teaching both children and adults how to type, that one of the biggest ways they improve their speed is by turning offany sort of typing echo.
You cannot just write "potato is being blocked on my laptop" as the subject of your support request, and then just leave it at that. I don't know, either. Knowing computer people though, there are probably seven different incompatible versions of potato, and "potato" could be anything from a word processor to a network diagnostic tool. You thought I was joking, huh? So did I! But googling for potato software reveals an AI tool for biologists, some kind of audio mixing tool, an instant messenger, a text annotation tool, a background transcription tool, and more. All of these programs are all called just "potato". Also, the AI answers above the search results happily tell me, with no context: "Start using potato in your project by running npm i potato. The children components of your potatoes may themselves have components and your potatoes might rapidly look like small tree-like structures of components." I'll...get right on that. Potatoes that look like trees and have children is the one thing all of my projects are missing!
@MostlyBlindGamer But I'm not disappointed that the package description does nothing to explain why the package exists, why it's better, or why it should be used over the dozens of other ORM-like options.
@Bri It seems like their focus is really on the invisible interface, the GUI has lots of access key conflicts and for instance I can't tab to reply on the notifications buffer, it just has a post button and dismiss button.
@Bri Also, I can't figure out, when I get mentions, I'm hearing mention sounds plus what sounds maybe like a added to favorites sound? Or is there a general event sound? It's like 3 sounds at once and hard to discern.
@Bri @Kaliah Ok, I hit view conversation on this, to see if I can view the whole thread, and it played the noise, but I can't see it in the list of items in the tree.
@Bri @Kaliah Ok, I just tried it again, and now pressing view conversation doesn't even work, it just brings me back to the window and doesn't pull anything up in the tree, and it doesn't make a noise either.
Last boost, okay, this is messed up. Look, I don't like ICE as much as the rest of us but still, these people are going to be fighting for their lives. Would yu like it if someone doxxed you so people could potentially do bad things to you? My guess is no. #UsPol
@fastfinge Where are the consentration camps? No, I'm serious, where are the *actual* camps? and I'm not talking about the detention facilities. There are no people being murdered outright in there.
This is exactly what the Germans said during world war II. If you don't believe Alligator Alcatraz, and the detention centers ICE is running in Honduras, are concentration camps, you are just like the germans who claimed they were "just following orders". Your president is actively planning an armed invasion of my country of Canada, so don't expect any simpathy from me. Let's hope there will eventually be an equivalent of Nuremberg trials, and all of you enabling the modern SS will also get the justice you deserve.
I've gone through @bce 's product purchase process, including product browsing, configuration, adding to cart, viewing cart, and checkout pages to make sure they are accessible to screen reader users. I've replaced all tables with hierarchical headings, and made sure all inputs are labelled. I'm testing with LibreWolf on Debian with Orca. If any blind users out there could test with their setups and have any feedback, it would be greatly appreciated! Thank you!
und das, wo ich für meine Liebe zum #Fediverse hier immer eher belächelt wurde 😍 habt den Tag schön 🍀
Lars Marowsky-Brée 😷
in reply to daniel:// stenberg:// • • •Edvin Malinovskis
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to Edvin Malinovskis • • •JP Mens
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to JP Mens • • •curl - Project status dashboard
curl.seVolker Stolz
in reply to daniel:// stenberg:// • • •Wasn’t 📈exponential growth📈 what every project was hoping to achieve?!
Maybe it should be mandatory that the HackerOne submission must be done with `curl -X PUT … `, including BearerTokens/OAuth etc?