Thank you for your dedication to the curl cause and others. You inspire me to be more stable, less chaotic, and confident in my journeys. I appreciate your sharing and your candor. Cheers!
Following the recent advisory for **CVE-2025-14524**, I conducted an investigation into how libcurl manages OAuth2 credentials during complex redirect chains. I have confirmed that while the...
Anyway, BIND 9 now also has Bug Bounty program via #YesWeHack (fosstodon.org/@iscdotorg/11576…) and we got exactly one genuine issue out of 15 (and that's issue that has been previously independently reported). The rest was: ⁃ Cryptographic Weakness in BIND 9.20.15 PRNG Enabling DNS Cache Poisoning (Bullshit AI Slop; it just proved lack of randomness in provided PoC :) ⁃ Multiple EC/TLS Private Keys Committed to Public Bind9 Repository (yeah, in system tests) (1/2)
When the European Commission approached us about funding a bug bounty for BIND 9, we were impressed with the proposal. We have a policy against bug bounties (because we were frustrated with people wasting our time), but under this proposal, the YesWeHack team would do initial triage, and use their expertise to minimize the 'slop' reports. This is a game-changer for a small development team.
The bounty program is active, and we are looking for our first valid report.
Games I love like Warsim, The Wastes, and usurper inspired me to think about creating my own console-based game. Then I wrote 750 lines of code just to make a reusable system for console menus. And realized the save system is going to be another 500 lines, probably. And then the settings system. And after thinking about 2000 lines of code before I can get to anything even resembling the simplest game mechanic, I'm not inspired, anymore. Why is 99 percent of programming doing the least interesting part of any project?
Early in my programming career I wrote a whole series of functions that did the mundane things in a business program. Then I wrote a program that allowed me to create input and output screens WYSIWYG. Those screens called my functions. In a few weeks of work, which was kinda fun, I eliminated many days of tedium for each application I was to write over the next decade.
Keep that in mind when you build the foundation. You do it once.
@RegGuy Hmmm. I only wish I found that kind of thing fun. But it's just a lot of thinking about menu lists and settings objects and what gets passed where and how and what's global and blah.
@MostlyBlindGamer@RegGuy Right, but it would take me just as long to understand someone else's engine as it would to right my own. And none of them do quite what I want, anyway. IE a terminal window with options you select by entering a single number or character and pressing enter. They're all command-based. But if I want sighted players I have to think about output colors. And so that means a settings object. And some people want ASCII boarders ("---------" etc) and some don't. So now we have a bunch of case statements and need to check colour and ascii art settings. And if we're doing that we might as well do sound, too, to have an earcon when prompting for an option and a click when an option is selected. But now that means an audio library. And utilities to think about file paths and including assets. And now we're at 2000 lines just for menus.
@MostlyBlindGamer@RegGuy And we haven't even talked about localization. Because if I want that it has to be done at the start, or else it becomes a huge impossible thing later.
Lots of people struggle to prioritise fun over flexibility. My suggestion is to organically build those boring boilerplate systems bit by bit as they're needed. No menu system might mean manually editing stuff in a file between runs during initial development, but is probably better than no game.
@jscholes If I do it that way, it just means refactoring later, though. And that's even harder and less fun because now you're rebuilding things that already exist.
If you haven't built a menu system to begin with, there'll be nothing to rebuild. The refactoring will mostly be limited to slotting it in once you start.
If you've built one early that doesn't actually solve the problems you end up needing it to, or solves them in a way that ultimately makes it hard to integrate, that's when you'll end up rewriting stuff.
That said, thinking about object graphs, what gets passed where, and other architectural stuff is legitimately my favourite part of software dev. But I can't really do it without at least a semi-useful or interesting project to apply it to.
@jscholes Hah. So this all started when I decided I wanted a class where I could create a new menu, add the selection key, a name, and a callback function for each item, then call the menu to print itself and do all the input and error checking, and call the callback for whatever item was chosen. And then it just kept growing. I'm not even at the object graph stage. I just hate most of the text games I mentioned, where every menu looks and acts different, because print statements and case statements are just sprinkled all over the code.
@jscholes If I ever finish the basics, the thing I'm aiming for, probably in 70 years or so, is a singleplayer trade wars/elite style space game. Planetary exploration, trading, combat, procedurally generated galaxy, etc. All the stuff we have in that style is either multiplayer PVP, or only semi-accessible like smugglers5. Interface via console menus, because that feels both simple and retro. But with stuff happening in realtime like textspaced used to be (it's now discontinued), and high quality sound. The idea is you just let it run on your taskbar and check in every 20-30 minutes when you hear something that needs doing. So kind of casual all-day play while multitasking. I've dreamed of something like that for like 20 years, but nobody has done anything even close. Textspaced was the nearest, but it never quite got there, and it's gone, now.
From the standpoint of accessibility-first, need recommendations for office suite software that is not Microsoft Office? It doesn't have to do everything that MS Office does. Documents and spreadsheets are all I really need. I'm also rather hesitant to go the Google route for this stuff. Libre Office? OpenOffice? Any ideas?
Ontario opposition NDP Leader Marit Stiles said it best. “It’s the same Doug Ford playbook; do nothing, then complain to grab headlines," Stiles said. "Saskatchewan Premier Scott Moe flew to China with the Prime Minister to advocate for his province’s canola farmers. "Meanwhile, Ford was sitting at home, leaving Ontario workers with no one to fight for them. If you’re not at the table, you’re not fit for Premier." cbc.ca/news/canada/toronto/dou…
London PR firm rewrites Wikipedia for governments and billionaires Founded by Keir Starmer’s comms chief, Portland helps rich clients ‘protect their reputation’ – with a shady, off-the-books service thebureauinvestigates.com/stor…
as #FOSDEM 2026 is approaching I was thinking about bridging the livestreams to #PeerTube as well.
Streams are under #CreativeCommons license that allows sharing videos, so there is no big deal in it.
As there are plenty of rooms (and we dibs Social Web for #VHSky :) ), it would be fun to coordinate streaming accross multiple instances to stream as much rooms as possible without overloading single instance.
What do you think, anybody interested?
Also, anybody has idea how to actually bridge m3u to PeerTube? @j4n3z maybe?
I work from home a lot. Some days, there's not much work to do so I wait for my wife and son to go out and shout "BIG DAY IN THE BIG BOYS BED' and both dogs run upstairs to burrow under the bed covers and we all have a mid-morning nap together. It's the highlight of my week.
I’ve found an issue with syllable start detection compared to Python. In Python, the detection starts at a consonant if it's followed by a vowel, which influences pitch path calculation. This could explain some differences. But there’s also an exception for stressed vowels. Interesting!
Let’s be honest, Ring was already some technocratic, dystopian BS, but if you needed a reason to finally, finally kill it with fire, here’s your reason: Ring is partnering with Flock to help ICE spy on you and your neighbors for the government 👀
The amount of times Google Gemini gave me a solid code correction and answer while Chat GPT sits there thinking and thinking is staggering, honestly it's making me disavow it because it's not like this is better in "pro" mode. I noticed Gemini "thinks" in smaller chunks but it could be just that they update the process more often. Regardless, GPT, you're beginning to really really suck. Gemini can give me the same quality of C++ and Python code recommendations, it's still shit when pasting back full code for you so better when patching, which is about the only thing holding me back from it as opposed to GPT. Gemini can read attachments but it doesn't quite get the same containerization treatment - GPT mounts your files from /mnt/data, Gemini clearly stores it somewhere and can read but when writing it is restricted from spitting back a file for you and envoking commands in a container. Huge downside to Google, ugh. Something that using a local Gemini Cli instance could solve though, honestly.
You wanna talk about Gemini? They fixed the uploading multiple files thing in AI Studio, now the response formatting is all fucked up so each file isn't a single code block anymore and the download/copy buttons are gone. Fix one thing, enshitify another.
My mum and her friend took me and her friend's daughter to Cadbury's World back in the 80s. We were allowed to eat all the chocolate we wanted, which we translated as everything we could. I couldn't bear to eat chocolate for seven years after that visit.
Some of the variables you can define in the yaml now: # Base defaults for NV Speech Player frontend. # # If a setting is not listed here, the C++ defaults are used. # Packs are merged in this order: # default.yaml -> <lang>.yaml -> <lang-region>.yaml -> <lang-region-variant>.yaml # # Keep this file small. Put language-specific tweaks into their own files.
Why are Google's higher quality tts voices gated behind Google talkback? What kind of fucking insanity is this. The testing versions didn't work this way, so what gives? Get all the way to fuck.
Sigh. We could pass the cast pointer from the callback since it points to valid C++ memory, but it could be riskier in some cases, especially with temporary DLL memory. The safer approach would be to create a new speechPlayer.Frame, set its fields, apply modifications, and then send it to queueFrame. We also need to handle cases where the frame is NULL, meaning silence. So much work.
hey man, just wanted to say thanks so much for working on this, this adon is the only one I know of where you can update the formants of the adon using a UI. Keep up the good work and you're doing good!
@GoemonIshikawa next one will include a /packs folder for everyone. the packs folder will have phonemes.yaml and inside lang, per-language rulesets. this will make it way more of a community effort. It's coming.
Do you know if there's a way where you could make a small UI within the adon for making phonemes and language rules so we could make our own languages for you to include? Banger ideas your having there, I'll for sure help with making things for this adon, sadly though sliders and entering via UI is about the only thing I can do as although I wanted to do the same thing for espeakNG, I'm not good with working with just a notepad and a list of formants. But hopefully if you want to go the UI direction as well I can for sure make languages and accents with it along with you! I've been meaning to make Barbados English with synths, as I come from a part of the world that includes Barbados people.
@GoemonIshikawa oh yeah, that is not out of the question whatsoever. But I first want to lock down linguistic rules, even if that means future-proofing now for things like tonal languages and other dialectical characteristics. That's what I'm trying to smoothen out next before improving or working on other languages as it will really serve as a foundation.
For sure totally! Don't you think though that you should have stuck to English and just worked on that only before putting other languages in though? I do have a little understanding as I hang around friends who speak much languages, though sadly I don't know how you would present that in code.
@GoemonIshikawa Haha not a chance with Hungarian being my first :) I think I had two simultaneous goals: Do really good English, but also make a good Hungarian speech synthesizer, because there is not a good one right now. So by nature of supporting Hungarian and US English (which is like its own language), it expanded things so much that by that point I was like, "wellp, let's add all the languages we can!" xD
That does sound very good, but from the looks of it just as an outsider looking in it kinda looks like some languages when updated are having the rules mixed, as words like Ahmed are becoming ashMed. But yes take a brake my brother, and resume when you can! I myself have always wanted to see if I can someday make a version of English US that between sentences or in certain punctuations we can put a filter on some of the consonant sounds to make like sudo breath in and out, to really push formant synthesis!
@flyingpenguinMwauthzyx @GoemonIshikawa for sure odd - I tried the latest driver directly and installed over my working copy just to verify, but it shows up here from that link's download.
@GoemonIshikawa @flyingpenguinMwauthzyx yeah noticing this too! I'm in the process of making US and UK better but these are the types of feedback that I'd really like. It's very close and I tried to make sure we calculate aspiration, pitch, all that the same way so the rules are kept, hopefully I can be in a place where that can be a change in one of the rules or phonemes and not the frontend code itself by now.
@GoemonIshikawa @flyingpenguinMwauthzyx Got some really good feedback from @TomGrant91 about the word soundings so I'm refining based on what he said too since I think he's right. At least it's not missing vowels and phonemes like it was in that first build, couldn't even say the word manager or priveleges :D ahaha. Coming together, but slowly.
@flyingpenguinMwauthzyx @TomGrant91 If you want I can try and help with some languages like Japanese, for starters do you know how the synth determins that kind of lettering? Like does it have a letter list of sorts such that it can say the letter?
So I wasn't going to post about this but I just got off the phone with Tesco customer service and I'm shocked.
Last night I was having some soup, Tesco brand Tuscan inspired Bean soup, to be exact, bit down on a chunk of glass that was in there. Taste of blood in my mouth, dent in my tongue, possibly swallowed a small bit... I was worried about it. Also, fucking hell like.
Today I call em up, had already sent an email, they are uninterested, tell me I have to complain in store.
@fireborn It's disgraceful, not only were they unconcerned about me their customer, but the fact I had to insist on giving them details, imagine it was their mother or grandmother, or child or spouse eating fucking glass.
if only someone would do "un-mozillated firefox (with ALL connection to mozilla stripped) so we can actually work on a decentralized extension store, and a decentralized safebrowsing"
And for security dev, to actually restart the work on security, and why not check out to put servo in it, in an experimental mode.
Since mozilla want ot suicide maybe time we soft fork until hard fork
It's a shame snapping isn't working. Because of this, I keep having to go back to v1.9.5. Snapping does work with this older version. Hopefully, this will be fixed in the future.
It feels so good to know I'm localy archiving/saving podcasts with audiobookshelf now. Noone ever taking old episodes away just because. Really wish I had done that way sooner. Guess some surely nostalgic stuff will never see the light of the world again.
Seit gestern steht eine Cherry Stream auf meinem Schreibtisch, die die gute alte G83 abgelöst hat. Wenn man jahrzehntelang auf so einer Tastatur geschrieben hat, muss man sich erst einmal bemühen, die neue nicht gleich wieder durch zu festes Tippen kaputtzumachen. 😁 Aber es ist ein absoluter Traum auf der Stream zu tippen, und sie kostet keine 30 Euro. Mal sehen wie lange sie durchhält.
In wie fern Traum? Hier kommt der Blindie in mir raus aber gibts mal ne Audio demo? Bin grad auch noch am Überlegen was ich mir fürs Büro hole weil puh, die Dinger da sind irgendwie meh.
@jonathan859 Sie hat halbhohe Tasten, also nicht ganz so flach wie ein Laptop, aber tippt sich trotzdem fast genauso leicht. Man kommt auf ganz andere Geschwindigkeiten als mit der vergleichsweise schwergängigen G83. Habe dadurch bisher auch weniger Buchstabendreher und sonstige Tippfehler, vor allem in Verbindung mit Großbuchstaben am Wortanfang. Bei der G83 musste ich oft nachkorrigieren. Ach und sie ist weitestgehend standardkonform, findet man heute auch eher selten.
@jonathan859 Ich schicke nachher mal ein Audio. Sie ist nicht besonders flüsterleise, im Vergleich zu anderen Tastaturen, aber darauf kam es mir auch nicht an. Leiser als die G83 definitiv.
Back to nicer topics, finally getting my free weekend for the Open Beatz festival 2026, absolutely looking forward to this. My 1st real festival. Sadly they seem to have a kinda strict recording policy, so we'll see wether I can take the Zoom with me. But well it's still a half year so plenty of time to overthink jk.
It's kinda funny how people label 800€ income as rich these days. Like, just FYI it's absolutely not. Just because I'm buying useful tools for myself or stuff for my hobbys doesn't mean I'm rich or sth. I mean sorry for you if you're in a worse situation or something, IKR that's not cool. But I'm working 40 hours a week for this. I have the full right to spend the money I earn from that, no justification needed. that's not rich that's life. Just because someone might have more money doesn't make them rich.
And no, I'm not targetting certain people with this, but I heard this from various people in different places in the last few weeks, friends or people who absolutely don't know me. Over all I guess mind your own business I guess. Work on getting as rich as I, lol.
Da war ich im ersten Teil des Artikels doch baff erstaunt. Es sieht so aus, als halte im Bundeskanzleramt die Vorstellung Einkehr, das aktuelle Regime in Washington sei nicht mehr durch Besänftigung in Schach zu halten.
Wenn man ihm wohlgewogen sein will könnte man also interpretieren dass Friedrich Merz hier die Gangart umschaltet und sich nun auf die eigene Bevölkerung in Deutschland (und auch in Europa) fokussiert.
Soweit, so gut.
Und dann reißt der Kanzler, wie man das von ihm gewohnt ist, alles wieder ein.
Donald Trump gehe auf Kritik nicht ein, sagt Kanzler Merz – sondern halte, was er tut, für richtig. Statt das Völkerrecht zu achten, machten die USA reine Machtpolitik.
Im Schnitt kämen die Beschäftigten in Deutschland auf 14,5 Krankentage, sagte der CDU-Politiker. "Das sind fast drei Wochen, in denen die Menschen in Deutschland aus Krankheitsgründen nicht arbeiten. Ist das wirklich richtig? Ist das wirklich notwendig?," fragte Merz.
Die Frage ist so unfassbar dämlich, dass ich gar nicht richtig weiß, was man da erwidern will.
Glaubt er, die Menschen sind freiwillig krank? Dass ich mich, wenn ich krank bin, halt nur ein bisschen zusammen reißen muss, um wieder mehr für die Wirtschaftsleistung des Landes beitragen zu können? Glaubt er, dass Kranksein eine Willensentscheidung ist?
Was er damit infolgedessen automatisch insinuiert: Die Deutschen feiern krank und betrügen. Anders kann ich seine Argumentation nicht nachvollziehen.
Wie man mit solchen Aussagen ein Gemeinschaftsgefühl erzeugen will, das geeignet ist, äußeren Widerständen zu trotzen, das weiß vermutlich nur Herr Merz. Und Herr Linnemann vermutlich.
YouTube has started randomly switching German video audio to English even though I can totally well understand German. How the shit do I turn this off? I'm not having YT Premium for this kind of nonsense, especially while the Android app is already as inaccessible as it could get. I know how to switch back the audio track for a specific video, but I have to do that all the time then good bye lol.
If you're on the fediverse or Bluesky, and you've opted in but now want to opt out, block the Bridgy Fed bot user for the network you want to opt out of. For example, on the fediverse, block @bsky.brid.gy@bsky.brid.gy.
I get it, constant praise becomes boring, but seriously, @Bri has a gift. The gift isn't to develop software, lots of people can write code, that's nothing special, with the greatest respect. The gift is to write code which doesn't sort of work slowly and while drawing attention to itself. It's to write code which works quickly and blends into the background until called for when it does what it's supposed to and then goes back to the background until next time. That is both unusual and very useful.
Okay, so here's a silly test poll. Aliens have just landed on Earth. They explain that the Galactic Council of Sentients will allow them to provide humanity with one game-changing technology. The aliens will observe us to see how we use or abuse this gift, then decide when and how to proceed. What would you want their gift to humanity to be?
Medical advancements allowing low or no cost healthcare for all, and various new treatments (33%, 1 vote)
Clean energy generation allowing low or no cost energy/electricity for all (33%, 1 vote)
Molecular recycling and assembly allowing abundant low or no cost food/clothing/etc. for all (33%, 1 vote)
Tell all your friends! Or, if you don't like my show, tell your enemies as well. In either case the John Zone will be on tonight beginning at 8PM Eastern Time on www.hkcradio.com. To listen, either focus your media player of choice to listen.hkcradio.com:8000/hkc.m… or, if you have a smart speaker, ask Google to play HKC Radio or Alexa to ask MyTuner Radio to play HKC Radio.
:)
Burak Gürsoy
in reply to daniel:// stenberg:// • • •Ondřej Surý
in reply to daniel:// stenberg:// • • •And there's always this person: github.com/curl/curl/pull/2031… that ridicules themselves.
#LOL
BUG-BOUNTY.md: we stop the bug-bounty end of Jan 2026 by bagder · Pull Request #20312 · curl/curl
GitHubTheTomas
in reply to daniel:// stenberg:// • • •