Most of the sloptimists don't - for whatever reason - know about that.
In my experience most sloptimists don't even bother to read the bug-bounty docs - otherwise we'd receive much less reports as they are clearly about things exempt from a bug-bounty...
We will ban you and ridicule you in public if you waste our time on crap reports.
I see why that is needed, but at the same time I think there is a thin line here, what if someone simply is not sure, a false positive, is that a waste of time to perform investigation?
That ban/ridiculation threat demotivates the report, the message simply says that if you are not a high level engineer or a big company with resources to have identified something in the field, please don't report, individuals with limited knowledge not encouraged to report and that's when the person simply chooses the easiest path: Post the report publicly to some forum or microblog and then there is a disclosure of something that should have been embargoed.
I got the motivation but I don't feel good about the wording.
Heute hatte ich wieder sehr viele sehenswerte Videos ohne Untertitel in der Timeline. Diese like & booste ich aus Prinzip nicht, denn es ist frustrierend, nicht nachvollziehen zu können, worum es geht & was gesagt wird. Das tue ich Follower*innen nicht absichtlich an.
Könnten wir daher bitte auch bei Videos verstärkt darauf achten, dass möglichst alle teilhaben können? Gerade bei offiziellen Statements gibt es in der Regel mehrere Quellen, wählt bitte die mit UT.
We seem to have data that confirms that the #curl bug-bounty has received a steep increased submission rate through 2025, while several other Open Source programs also hosted on Hackerone have not. (There's a graph coming in my pending blog post.)
What could possibly be the reason for us taking more heat and more junk than others? Why oh why?
could it be because your a household brand? Even my grandmother has heard of curl; she doesn’t know what it does aside from being in the computer. Could being more well known have resulted in people focusing on the project over others?
wild guess: possibly, being one of the most public, most used OSS projects out there, LLMs have more info on that and so, when left run wild, they "find" more possible vulnerabilities?
Kejora dropped last week, and I really don’t want it to fall through the cracks.
This is a hand-drawn narrative puzzle-platformer about a little Indonesian girl who realizes her village is living the same day again and again. Everyone else is acting like it’s normal. She’s the only one clocking the loop. Which is a special kind of nightmare, if you’ve ever been the only sane person in a room.
It starts off deceptively cozy. Early 1990s rural village life. Rice fields. Forest paths. Errands. Kids being kids. Then it pivots into “oh, we’re doing this now” territory. An eldritch-looking monster shows up near the forest and starts hunting children like it’s part of the daily schedule. Suddenly you’re sneaking, solving environmental puzzles, and running for your life through caves and abandoned structures, trying to figure out what the village is burying.
The best part is you’re not alone. You’ve got two friends with you, and it’s basically a party system without pretending it’s co-op. You swap between them and use their abilities to get through obstacles, distract threats, and access areas Kejora can’t reach. It feels like childhood teamwork, except the stakes are “don’t get eaten by whatever that thing is.”
And I have to talk about the animation. It’s gorgeous. Full hand-drawn 2D characters, backgrounds, and cutscenes. It absolutely gives Studio Ghibli vibes, but it’s not Japan doing Japan. It’s Berangin Creative, an Indonesian studio, making something that looks familiar at first glance and then quietly reminds you it’s coming from a different cultural gravity.
This is why I love games as an art form. The art is beautiful, but the real hook is that you get to step inside it. You’re not watching a time-loop mystery in a rural Indonesian village. You’re exploring it firsthand, learning its rhythms, and uncovering what the town is hiding. That’s the magic.
"Jean-Baptiste Fressoz’s dizzying history of energy consumption argues that no energy transition has ever occurred: each generation consumes more of past fuels. Not only are his claims ahistorical but they justify an unwarranted pessimism about the future."
Hoy, en mi proyecto de ser un poco menos analfabeto matemáticamente, estoy haciendo la construcción de los reales como clases de equivalencia de secuencias Cauchy. De momento estoy con los lemas básicos (probar las condiciones de clase de equivalencia, reflexividad, simetría, transitividad). Cuando tenga que probar las leyes del campo me voy a cagar, pero bueno, se intentará.
a mí me lo instalaron, le dije que en mi casa lo usaba y me dijo ah, pues todo el problema sea ese. Tuve que pagar una licencia del complemento para Exchange, pero ahora incluso Thunderbird soporta nativamente Exchange, aunque solo a través de EWS y creo que sin libreta de direcciones global. Todo es tema de pedirlo y ver si se enrollan, y comprobar que ese Exchange tenga activado EWS.
Ще спра да ритуитвам, особено бг съдържание: толкова сме малко, че всички се четем. И Тръмп съдържание също: целият ми фийд е в едни и същи постове които до края на деня се завъртат по два пъти.
Another Trump regime accomplice falls: Lindsey Halligan is out.
Trump tried to use her to prosecute former FBI Director James Comey and New York Attorney General Letitia James, even though Lindsey Halligan had no experience as a prosecutor.
Judges ruled she had to be approved by the Senate or a district court.
This is what we need to do. Rebuild the internet, reclaim the word social in social media and put people before platforms.
We must uncouple our attention from the tech-bro, elitist, narrative-controlling monopolies1 and get back to building individual, independant website presences. The indieweb.
Sites that are shared and aggregated by RSS feeds, collected into like-minded groups by webrings, boosted with decentralised social media platforms such as Mastodon, and cross-pollinated with interlinks and cross site conversations from individual posts.
Subvert, bypass, and starve the big platforms of their attention oxygen. Let them suffocate in a circle-jerk of AI generated slop.
There is now a growing movement of people dumping the scroll-gatekeepers, and building their own cheap, simple (often retro looking) independant websites.
Here is an example: Daryl Sun has a simple site that is packed with information and interesting links for anyone spending a little time to click rather than scroll (just like here).
In the spirit of re-wilding the web and creating interesting tendrils, I have updated my own ABOUT PAGE to let you know far more about me than you ever knew you wanted to know. It is a work in progress and will grow over time.
Another great example is Brennan, who writes some really interesting stuff and has recently begun moving his focus from posting on Medium to growing his independent site.
He always has tons of interesting outgoing links, is a member of a heap of webrings, as well as including a slash page of all his interests and projects.
I am gaining a lot of inspiration from this movement and urge you to consider dropping out of the shittosphere of big social media and spending that newfound scroll time creating your own independent online presence.
Let us tear the whole thing down and rebuild it fit for purpose.
If you already have a indie website drop me a link in the comments….I would love to follow and share.
Facebook. Twitter X. Bluesky. Youtube. Tiktok. and the rest… ↩︎
Everything you need to know about me: Who?A little about me.Contact.How to get hold of me.NOW.What I am up to in real time.Zen & me.My practice.Lens.My gear and a few of my favourite pics.AI &a…
I’m trying to find a reliable way to read small displays with VoiceOver on my iPhone using the camera, like displays on modern power banks and recently, one of those small USB analyzers. Wondering if others who use VoiceOver out there have done this? Any tips or tricks? what apps work better for this?
A man was sitting on the plane next to a young woman, without further ado he began to talk about all the titles he had and his profound knowledge, the young woman only listened, but the man did not stop showing off all his knowledge. As the young lady didn't say anything, the man told her: -Let's chat.... I've heard that flights seem less long if you talk to the person next to you. The young lady who had just opened a book to start reading closed it slowly and said in a soft voice: -What would you like to talk about? -Well, I don't know... What about "nuclear physics"? he tells her in a mocking tone and showed him a big smile... -Well, that seems to be an interesting topic, but first let me ask you a question... A horse, a cow and a sheep eat the same thing: grass; But, why is the sheep's excrement like small pellets, the cow's is a paste and the horse's looks like a ball of dry grass? Why do you think that happens? The man, visibly surprised by the young woman's intelligence, thought about it for a moment and said: -Hmm... I have no idea. The young lady replied: -Do you really feel qualified to talk about nuclear physics, when you don't even know shit?
I'm working on a crash in Firefox and was investigating to figure out why a particular decision was made. This led me back to a piece of code which was first written... 23 years ago... by someone at Netscape! The code has evolved a little since then, but it's basically the same, just with minor refactoring. And I'm about to rip out said code. Always blows my mind when something like this happens.
@FastSM I still have the issue that any replys I post, even if it's in threads e.g. replying to my own posts, are not shown in the send timeline. Yup newest build filters are off, caching is off. Really not sure what's the cause here. Might try reauthenticating the account or something, but idk if that helps?
Deleted my cache as well, restarted the client. Still nothing. Also another thing, why is the Download VLC button still in the YT settings (thought VLC was removed)? Finding it a bit hard to keep up with all the random updates adding stuff and then removing it 2 hours later because it might be buggy or not properly tested etc. No offense or anything.
I added it back because I couldn't get sound_lib to be able to play youtube. Now I can play youtube again with VLC but no one else can. So at this point I don't know anymore
@SuchMichel Unpopular opinion but why is it even required? Ok maybe that's just me having an YT Premium sub but even without, there is Brafe etc. Watching the vid on the official site let's me directly like it, go to the channel, etc. And yt-dlp barely works for me anyway, like just use a VPN and you're already out. Just saying, I get why it would be useful for someone else and in the end it's up to me if I use it.
Please discard what I said. No idea what's been going on, I guess some saving issue or me not closing the app properly, anyway I found the filter still active in the accounts config file, tried clearing it from the dialog again, and it did actually save now. Not sure what that was. Sorry about that.
@archos @OttovonWenkoff Coze? Ne! Ne! Pockej. Ja to nechci vedet. Mi to pripomnelo radu, ze si v mrazu nemas nudle otirat do rukavu, protoze kdyz to udelas podruhy tak si o ty predchozi zmrzly poskrabes frnak. ;)
I’ve been playing with Komplete Kontrol S61 MK3 for about a week, and I’m not so sure about the default velocity curve or the keybed. The default velocity curve makes me trigger quiter notes more often than I intended, so I had to change. I’m also used to a firmer stop at the bottom of the key travel, but this keybed feels more squishy than solid. I guess this makes it quieter when you play, but it feels pretty weird. Does anyone else have opinion on this, or is it just me? @FreakyFwoof
@jcsteh I’ve played many different keyboards and usually adapt to them pretty quickly. This is the first time I’ve had a reaction to a keybed on any keyboard. lol
@jcsteh It took me a while to get used to but now I find I prefer it. Had to learn to adapt. Even doing drums is way nicer on my fingers than MK2, which was very hard at the bottom.
@jcsteh Yeah I mostly use my 88 fully weighted keys for playing and mostly use KK to control things instead of playing. I might just return and get a smaller version. lol
Dotaz do pléna, než se obrátím na odborníky. Mám kombinovaný plynový kotel (stará Destila DPL 25) a 150l bojler. Ten je propojen s vodou, která jde na ohřev radiátorů. Oba kohouty jsou otevřené. Bojler se spíná jen na tzv. noční proud. Problém je v tom, že voda je v něm prostě vlažná. Jak to, co je špatně? Odtéká voda z bojleru do radiátorů a už se nestihne ohřát? Co mám jak ověřit?
Žena už je z toho nervní, asi zruším noční proud a budu platit o 10000 Kč ročně víc, ať mám klid.
Voda z bojleru NEODTÉKÁ do radiátorů. To jsou dva oddělené okruhy. Je to starý kotel, takže klidně může být problém s přepínáním na ohřev teplé vody. Určitě je potřeba ověřit, jestli se bojler opravdu dostatečně ohřívá – tedy jestli do něj kotel skutečně posílá teplo, když má. Zkontroloval bych také, jestli je na bojleru nastavená teplota alespoň na 60 °C a jestli ohřev správně a spolehlivě spíná. Otázka je i to, jestli je výměník správně odvzdušněný. Zkusil bych přepnout kotel do letního provozu a ověřit, jestli vůbec zvládne vodu ohřát.
Tyhle kotle znám a už podle rozvodů k bojleru to vypadá, že je celý systém za hranou životnosti – nemluvě o spotřebě plynu. Je to zkrátka kombinace víc možných příčin. Běží čerpadlo u kotle?
zavolej si odborníka, ten 10k stát nebude. Buď odešel termostat nebo něco těžko radit na dálku, nebo nespíná relé od HDO když je noční proud, nebo odešlo těleso, vypadl jistič. Pokud je bojler nahřátý, co čerpadlo nebo nejaký směšovací ventil ? Netuším jak to tam máš.
Pokud nevíš jak ti to funguje ve vlastním domě, je to těžké.
@OttovonWenkoff Tak topenář nejsem Ale co jsem viděl fungovalo tak, že plynový kotel jel přímo do bojleru, pokud bylo třeba topit více, tedy termostat v místnosti sepnul, kotel jel naplno ale v bojleru nebyla dost teplá voda, sepnula ještě elektřina.
Ona to může být nějaká blbost, bude kolem toho běhat, měnit věci a vyhazovat peníze. No, hlavně nezvat "známého " aby to bylo levně, to často dopadne draho.
@GuloGulo každý plynový kotel má prioritou teplou vodu i ta stará Destila. Měl by to být samostatný okruh, vůbec to nemá mít nic společného s radiátory. Pokud ano je to špatně. To by musel nahrřát boiler a zavřít ventily, jinak se to bude stále ochlazovat. Jestli spíná noční proud a otevřené ventily taky špatně. Nedoplatí se ta elektriku @OttovonWenkoff @michal
Měl jsem doma něco podobného - není náhodou bojler níž, než ty radiátory? Jestli ano, tak se bojler "vybíjí" do topení kvůli stratifikaci teplé vody - teplá voda je lehčí než studená a má tendence stoupat nahoru i bez čerpadla. Já měl bojler ve sklepě napojený výměníkem na topný okruh a místo aby kotel dohřival bojler, když nebyla potřeba topit, tak naopak bojler elektrikou nahříval topení, protože bojler byl ve sklepě a topení (podlahovka) nad ním. Pomohla instalace ventilu, který ten okruh - propojení bojler-topení uzavřel, pokud nejel kotel, tím se zrušilo samotížné obíhání vody. Ale nevím, jestli je to i tvůj případ.
@jan_petrus To kolik je pater je úplně jedno, buď je o špatně vyřešený, máš jen jeden topný okruh, tak běží jedno čerpadlo pro vše a ochadí boiler. Když topíš elektřinou musíš zavřít ty ventily u zásobníku. Jinak budeš ohřívat elektřinou i radiátory. Pošli mi tu fotku, možná bude stačit vždy jen něco zavřít a pak otevřít. Potřebuji jen juknout jak je to napojený. Jestli tam je trojcestný ventil a nebo jestli je to špatně a boiler je na okruhu topení, vlastně jako další radiátor.
Aha. NVSP Phoneme Editor updated to use the newer engine and packs, so people can edit away. Also introduced: Pressing spacebar on fields in "edit phoneme" or editing pack settings brings up the edit dialog for it. Also huge change: Now the various phoneme tuning parameters have human explanations that tell you what they are, so tuning should be made easier. Download: eurpod.com/synths/NVSPPhonemeE… (V4's going away in a little bit unless people find major bugs in this one)
They tricked us into funding their businesses and executives in the promise of a retirement and then lied to everyone who gets fooled into opening up a 401k. If you do really well you can probably buy a few years at most of your current standard of living before it's gone.
People who can do the math and see there's no point should drain it. It's one way to fight them financially when there's no hope of a future. If this could be organized effectively you'd probably be able to pop the bubble.
* Compressor: a lightning fast, ad free, super lightweight native video compressor 🛡️
This toot comes delayed as a lot of RBs failed today. Luckily we were able to fix most of them already; for the remaining ones, issues are open with the corresponding devs.
This is a repository of apps to be used with your F-Droid client. Applications in this repository are official binaries built by the original application developers, taken from their resp. repositories (mostly Github, GitLab, Codeberg).
It's not GNOME, it's not KDE, it's not the new Vanilla OS DE, it's new, uses <100M of memory, is accessible (for real) and uses GTK4 (but not libadwaita).
What’s the motivation for the project? It looks pretty cool, but historically your work has had a specific reason to be developed. Bottles to improve the Wine experience on Windows, Bottles Next to fix the architecture of Bottles and improve its UX (also, any news on Next?), cpak for a portable and sandboxed package format… so I’m curious as to the perceived issue that led to this project being born!
@moshimotsu I was just tired of bloated desktops, I wanted something modern that stays under 200MB. It’s built natively for Wayland using labwc under the hood to avoid reinventing the wheel, with no plans for Xorg support. I love the GNOME workflow but I’m fed up with the libadwaita-only direction and the feeling that any modification is an impurity. This is also a good playground, where I can do anything without being forced into someone else's design guidelines.
@TheEvilSkeleton @moshimotsu the issue is not the shell but the direction of the GNOME Apps which are part of the Environment. Plus the issue I have with GNOME OS `just existing*`, but that is up to me. I have to write a blog to really explain this last one 🤗
I'm not sure what you mean by GNOME OS "just existing", especially considering I use GNOME OS on my tablet and desktop nowadays and see plenty of reasons why it should exist (laptop is on Silverblue, but I plan to switch to GNOME OS some day)
I guess I'll wait to hear your detailed take on GNOME OS once you write the blog post ;). I've had a lot of issues with Vanilla OS with how outdated GNOME is, but also the unclear direction with how containers are pushed and the tooling around them, which were some of the reasons why I went straight to GNOME OS from Silverblue
@TheEvilSkeleton Maybe @mirkobrombin and I are misattributing GNOME’s vision for its ecosystem to its vision for the shell.
Naturally the shell can’t be going LibAdwaita-only, as (looking from the outside in) I would figure many shell elements, like widgets/the dock/etc, are just using GTK4—not to mention non-LibAdwaita apps still run on it. The ecosystem is what seems to be going LibAdwaita-only, both in GNOME shell, and elsewhere. I figure?
there is no backups for arcanechat.me no user data is kept in backups not even if it is already encrypted data, if the server is wipped all data is gone, but here is the twist, you will barely notice! your account will be magically restored as soon as you connect, and all your data is safely stored in your devices, in your pockets, not in some cloud a.k.a "someone else's computer"
as a #chatmail relay operator this gives peace of mind you don't get with other selfhosted chat solutions
If you develop for #linux please make offline installation possible, for people in countries with restricted internet. Came back home last night and today I want to install Luminance HDR but their only option for linux is via the terminal, and yet, while I can access full internet on my phone using a VPN, I can't access any on my laptop/workstations, so I can't install this program, unless I use Wine. I'm in #Uganda They cut off internet during elections and it has now been partially restored.
I bet a lot of my programmer friends are going, "why didn't you just use JSON and serialize settings that way?" Y'all, I did consider good ol JSON, because yes, it does have a faster compute time, but before the phoneme editor and NVDA driver settings, JSON would have been a lot less human-readable. YAML does suck for indents, I agree, but so does Python, if you are thinking on those lines, and good code indenting is honestly just good code hygiene if you think about it, why not keep that alive. I read them on a Braille display a lot, I recognize not all people do, but poorly indented code in Braille VS well-indented is the difference from knowing quickly where functions begin VS trudging code as though it were a thick foggy swamp. And I don't like that feelin'.
I am currently using Airpods Pro 2 as hearing aids, with everything cranked as much as it can be cranked. It's probably not the best thing for my particular condition, but it works, mostly, until I can do something better, which is not now.
I have a clock in this room, which chimes every hour through a speaker.
Something about that sound freaks them out a little, and, when I also have screen reader speech or something else going at the same time, I get an almost ghost vocoder effect, where certain frequencies get modulated by the chiming clock.
It makes it almost sound like the clock is speaking, or ghost aspects of it are, anyway.
Out of curiosity, did you input your own audiogram values or did you just let the hearing test do its thing? I don't like that you can't manually adjust them, but the fact that you can enter your own is pretty neat.
I bet a lot of my programmer friends are going, "why didn't you just use JSON and serialize settings that way?" Y'all, I did consider good ol JSON, because yes, it does have a faster compute time, but before the phoneme editor and NVDA driver settings, JSON would have been a lot less human-readable. YAML does suck for indents, I agree, but so does Python, if you are thinking on those lines, and good code indenting is honestly just good code hygiene if you think about it, why not keep that alive. I read them on a Braille display a lot, I recognize not all people do, but poorly indented code in Braille VS well-indented is the difference from knowing quickly where functions begin VS trudging code as though it were a thick foggy swamp. And I don't like that feelin'.
I don't hate YAML entirely. What bugs me about it are:
* either my IDE defaults to two spaces, or that's the expected indent, because I can't use my normal tabs with it * I still don't know when to put a hyphen before something * I can't skip sections by using jump to matching symbol commands * to me, it feels more fragile and harder to lint
I'm getting used to it, because Gitlab runners, Docker Compose, and other tools demand it. But I still don't really like it. JMO.
IMHO enforced indention is bad. 1st, presentation and content must be decoupled. the web has truly proven the benefits therein. 2nd, this is ableist. Many folks need things to look a certain way for their disability, be it visual, processing, attention, what have you. Enforcing indention is harmful to those folks. 3rd, this removes choice. JSON can be indented, auto or otherwise, but YAML must be, which means no choice. Tech should work for us, not the other way around.
@sinabahram lol, that's why I said that I recognize not all people do. Besides, people can just use speech indentations / tones if they can't read Braille, so I don't consider indentation ablist at all that way. I've gotten used to writing enough Python that by this point in my life, I'm sowely in the "always indent" camp.
@sinabahram but I will say: I do see where it could be seen as ablist, in the sense that someone might not have pitch perception, nor Braille, then what? But that's where I think we just need more alternatives for indicating that, haptics, ETC. Would be cool to see an IDE where it did use certain haptic bumps because that I think could even benefit everyone equally for quickly feeling a count of indent levels. I personally see it as a part of semantics, even for machines, because they can parse the number of indents and understand blocks of code better. Without it, chunking would become a lot harder for machines, too. So it benefits both worlds, it's just a matter of equally making it available to everyone.
I feel you're stating indention is needed. I fundamentally disagree. That is simply one way of conveying scope. Another is braces, another is fixed columns from back in the fortran days, and much more. Instead of baking inaccessibility in, let's simply not do that. Also the way it is done is itself inaccessible by enforcing spaces per Python's pep-8 instead of tabs. More importantly, nothing prevents indention being automatically added with all these other options.
also, I don't mean to be all computer sciency, but it is 100% not semantics. It is syntax being conflated with semantics, which is my objection. Syntax should be syntax and semantics should be semantics. It's not about opinions, but rather about data. No peer-reviewed programming language literature to the best of my knowledge supports indention making a statistical difference for programmers. So, in the abscence of evidence, I always choose choice.
daniel:// stenberg://
in reply to daniel:// stenberg:// • • •Klaus Frank
in reply to daniel:// stenberg:// • • •Alerta! Alerta!
in reply to daniel:// stenberg:// • • •From my experience: No.
Most of the sloptimists don't - for whatever reason - know about that.
In my experience most sloptimists don't even bother to read the bug-bounty docs - otherwise we'd receive much less reports as they are clearly about things exempt from a bug-bounty...
It'S fire&forget...
Every minute spent reading is lost revenue
Bruno Cesar Rocha ★ rochacbruno
in reply to daniel:// stenberg:// • • •I see why that is needed, but at the same time I think there is a thin line here, what if someone simply is not sure, a false positive, is that a waste of time to perform investigation?
That ban/ridiculation threat demotivates the report, the message simply says that if you are not a high level engineer or a big company with resources to have identified something in the field, please don't report, individuals with limited knowledge not encouraged to report and that's when the person simply chooses the easiest path: Post the report publicly to some forum or microblog and then there is a disclosure of something that should have been embargoed.
I got the motivation but I don't feel good about the wording.
daniel:// stenberg://
in reply to Bruno Cesar Rocha ★ rochacbruno • • •Wolf480pl
in reply to daniel:// stenberg:// • • •it links to curl.se/dev/vuln-disclosure.ht… which still mentions HackerOne.
I thought you were no longer using HackerOne? Or do you still use it, just with no bounties?
curl - Vulnerability Disclosure Policy
curl.sedaniel:// stenberg://
in reply to Wolf480pl • • •BUG-BOUNTY.md: we stop the bug-bounty end of Jan 2026 by bagder · Pull Request #20312 · curl/curl
GitHubdaniel:// stenberg://
in reply to daniel:// stenberg:// • • •Neil Craig
in reply to daniel:// stenberg:// • • •💯
daniel:// stenberg://
in reply to daniel:// stenberg:// • • •We will ban you and ridicule you in public if you waste our time on crap reports | Hacker News
news.ycombinator.comgary
in reply to daniel:// stenberg:// • • •