@federicomena Thanks. So far I'm doing fine. But it looks like I'm ruining my daughters' birthdays, again. Same shit as exactly one year ago, when I caught it for the first time, just a few days before their birthdays.
I strongly hope I haven't already infected anyone in the family and I hope it will stay like that. There's really no need to repeat it all exactly like last year.
Merci à celleux qui œuvrent pour entretenir les voies de circulation 🚚🤜🤛🚴♂️, surtout après les belles rafales récentes qui ont généré plein de débris (branchages essentiellement) #VL3
c'est ça, c'est le long de l'A42, entre les Puces du Canal et la rue Duclos à Vaulx en Velin (y en a au moins deux comme ça en travers de la piste, je n'avais pas pris la scie pour les débiter hier aprem 😀)
#Signal threatens to exit the UK if the Online Safety Bill weakened encryption.
But we will not make it so easy: We will not 'walk' from the UK.
If Prime Minister Rishi Sunak and his government want to stop people in the UK to use strong encryption, he must block access to Tutanota - just like Russia and Iran.
The UK would be on the same level as authoritarian regimes like Russia & Iran.
Read our full statement & fight for strong encryption with us! 🔒💪👇
(PS. We left the UK eight years ago as we could see this coming and I wanted to do so on our own terms before we were forced to: ar.al/notes/so-long-and-thanks… – happy to lend our voice if there’s a united response in the works.)
@aral Let's be clear -- Signal would choose to walk if the choice were between staying and weakening our privacy commitments, or leaving. Until then, we will do everything we can to ensure people have access to Signal and meaningful private communications.
@Mer__edith @aral OK, but can you clarify why the options are "stay" and "walk" rather than "comply" and "ignore the ridiculous demands of a hostile totalitarian regime and help people find proxies" like you did for Iran and Russia?
@dalias @aral Because the journalist interviewing me asked a hypothetical: if you had the choice between staying and weakening encryption or walking, which would you choose? And obviously the choice -- in the context of that hypothetical -- is to proverbially walk. This is clear in the body AND abstract of the article, even though they chose a headline w less nuance. OF COURSE we'd set up proxies and etc before "walking". And what "walking" would actually entail is not straightforward.
@dalias @aral Honestly, it's a bit annoying to see an org that allied with ours in terms of values and is also facing down the misguided regulatory landscape overindex so hard on a headline in what appears to be an attempt to set themsleves apart as a more moral/strategic actor. We are clearly all fighting the same fight, and Signal will of course do whatever we can to get people everywhere access to private comms. As we always have.
@Mer__edith @dalias Agree. This isn’t a marketing opportunity. It’s an existential crisis for what we’re all working towards. Tutanota folks, I’d highly recommend getting whomever is in charge over there to give Meredith a call (if you have time, that is, Meredith and are open to it, don’t want to add more to your plate) and come up with a common strategy. Ideally, with an eye towards involving other organisations that are similarly effected. Again, I’m happy to help any way I can.
@aral @dalias We fully agree with what @Mer__edith says. W do not judge the 'walking' statement - it is a perfect way to put pressure on the UK government to not pass the Online Safety Bill. So is forcing them to block encrypted services - just like authoritarian governments.
We apologize if the post looks like an attack on Signal's strategy in this. It is absolutely not what we were trying to achieve, we just wanted to add to the pressure with our statement. We are in this fight together.
Some governments really get upset when they don't get to put their nose in other people's buissiness. They want to know everything everyone is doing all the time! That's why not just services like Tutanota is important, but also self hosting file storage and chat could prevent hits against privacy, freedom of data and freedom of speach like these hits.
Say if protesters in china whould use some strongly encrypted self hosted chat and social network, the chinese regime would have much harder time tracking them
@aral @dalias We fully agree with what @Mer__edith says. W do not judge the 'walking' statement - it is a perfect way to put pressure on the UK government to not pass the Online Safety Bill. So is forcing them to block encrypted services - just like authoritarian governments.
We apologize if the post looks like an attack on Signal's strategy in this. It is absolutely not what we were trying to achieve, we just wanted to add to the pressure with our statement. We are in this fight together.
Es ist beschämend, dass ein Staatskonzern wie die Deutsche Bahn den Datenschutz bzw. geltendes Recht so missachtet. Noch beschämender ist allerdings, dass nicht einmal nach unseren Hinweisen ein Umdenken stattfindet. Im Gegenteil: Der Kunde wird weiter illegal getrackt und die DB argumentiert getreu dem Motto: »Alles gut, hier gibt es nichts zu sehen.« Unsere Konsequenz ist daher die Klage, gegen einen Staatskonzern, der geltendes Recht wissentlich missachtet. 👇
@midor Im Abo hast Du dann Deine Daten hinterlegt und jedes mal wenn Du die Chipkarte auslesen lassen musst gibts Deinen Standort etc. dazu 🤷♂️ @HandballEvi @IzzyOnDroid @kuketzblog
He visto varias noticias bastante seguidas sobre #acoso escolar, suicidios e intentos de #suicidio, así que me parece oportuno rescatar este hilo de una lista de correo una vez más. Es la primera vez que lo enseño aquí en Mastodon. Ya tiene sus años, pero nada ha cambiado. El acoso escolar a personas #ciegas. Os invito a leer todos los mensajes hasta el final del hilo, no sólo el mío: mailmanlists.eu/pipermail/educ…
We're getting some more detail from LastPass about their two breaches last year that were from the same attacker.
There's a lot to unpack here, but this detail about targeting a LastPass DevOps employee on their home computer is somewhat sobering:
"Due to the security controls protecting and securing the on-premises data center installations of LastPass production, the threat actor targeted one of the four DevOps engineers who had access to the decryption keys needed to access the cloud storage service."
"This was accomplished by targeting the DevOps engineer’s home computer and exploiting a vulnerable third-party media software package, which enabled remote code execution capability and allowed the threat actor to implant keylogger malware. The threat actor was able to capture the employee’s master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer’s LastPass corporate vault."'
Despite high confidence in the outcomes of our investigation and actions taken in response to the first incident, the threat actor leveraged information stolen during the first incident, information available from a third-party data breach, and a vul…
Like IIRC one of the original motivations for the RiiR was that the C librsvg had vulnerabilities in it found regularly? Did that improve after the rewrite — and if so, is it thanks to ✨Rust's safety guarantees✨, or just due to the people who scrutinized the old C codebase no longer doing that to the new one?
What about performance? Is librsvg faster now that it's in Rust? Which part of that is due to Rust (compiler optimizations and so on), which part due to high-quality crates being easily available? Maybe some optimizations you had to do manually, but they have been "enabled by Rust" (i.e. ease of refactoring)? Something something fearless concurrency?
What about binary size — is it much worse (so I've heard)? You speak of cache locality — does that have a noticable effect on performance (especially on memory-constrained systems) on old C vs today's Rust librsvg?
What about, uh, speed of development, ease of refactoring again, code quality, and contributors? Did RiiR make things better? Worse?
I remember you've shown some examples where Rust clearly made things more concise *and* robust, with error handling around... parsing colors, IIRC? But surely there were opposite examples? What was the ratio?
my questions are nothing special, really — but if you're feeling like it, then sure, that sounds so cooool, let's do that :)
I'll need to write a more complete / less terse version of the questions then; it's one thing when you're trying to fit thoughts into a toot (and failing, and posting many toots instead 🙃), and another thing when you're writing for a full-scale blog post.
@bugaevc I wonder if @YaLTeR / @alatiera / @svenfoo would like to be in the interview too, since they wrote huge chunks of the port. I don't think Paolo is here?
Back in 2016, you have started porting librsvg to Rust. You said that one of the main motivations for the port was improving security, since memory safety-related issues and vulnerabilities were being found in librsvg “every once in a while”.
@YaLTeR @alatiera @svenfoo this is a &mut link -- you can edit / add suggestions / add answers /etc!
Please tell me if Google Docs doesn't work for you, we can do HackMD or HedgeDoc or just Markdown in Git or whatever. Or feel free to just copy over my questions into whatever software you're using to write your posts (which I hope is :D)
@bugaevc @alatiera @svenfoo This is very well written! I've added a tiny bit about using rayon to parallelize the filters, but I think you pretty much covered everything else.
Acabo de descubrir que existe el Fondo de Música Tradicional del CSIC, con grabaciones recogidas en pueblos por todo España desde 1944. Es una maravilla, cómo es posible que no conociera yo esto antes. musicatradicional.eu
Have you checked out fedi.directory/ from @FediFollows yet? It's a great resource for finding accounts to follow. They've recently added an Adaptive Technology category. We're pleased to be the first ones in the category, along with @AiraVI and hopefully many more to come!
Oh... good. 🙄 It was only a matter of time until someone used ChatGPT to write a script for an #AudioDrama story, then used artificial voices to narrate the parts of said story.
Authors note: Because of Medium’s refusal to address its accessibility issues for both authors and readers, I’ve moved my last three years of blogs to Substack. Please sign up there for notices of…
If you have a Librem 5 or Librem 5 USA #phone or are planning to buy one, we strongly recommend adding the Lapdock Kit and unlocking all of this extra potential 🎉
Check out top 10 tips by President of Purism, and a Lapdock super-user, @kyle
Purism makes premium phones, laptops, mini PCs and servers running free software on PureOS. Purism products respect people's privacy and freedom while protecting their security.
📱 I've tagged version 0.1.0 of #feedbackd (a daemon to handle audio, haptic and led feedback on #LinuxMobile e.g. when using (but not limited to) #phosh :
#xmpp represented by the #xsf foundation attended today a workshop for interoperability between all messaging services including whatsapp and facebook messenger. All thanks to an eu law that will come into effect soon. Excited to see #xmpp being at the front on innovation. competition-policy.ec.europa.e…
Jett darf man wählen, worüber man hier nachdenken möchte:
* dass da Punkte fehlen * dass man das eigene Geschlecht wählen darf (und nicht das eingetragene hinnehmen muss) * dass "Bitte wählen" eine valide Angabe ist * alle drei vorigen Punkte?
#Godot4 RC 6 is ready for extensive testing! ⚔️ It's time to put it to heavy use, report any showstopper bug and thwart our ambitions to release #GodotEngine 4.0 Very Soon™. godotengine.org/article/releas…
Actually if you use biometrics-only authentication on apps (if implemented correctly!) instead of allowing also to use PIN, you will prevent access to many apps, even if the advisor knows the PIN. It is important to prevent the usage of PIN if faceID fails, for example. If you know the PIN and change faceID, it resets keychain, requiring to log-in to app again (if implemented correctly!) and you can’t access apps. So it helps a lot actually.
All iPhone owners should be concerned about this. I note part of this report:
"...part of an investigation into how iPhone thieves lock people out of their Apple accounts by using their passcodes to access the phone before changing the device's password and stealing funds from owners' bank accounts. "
How the hell do they do this? How is is possible? Can't Apple put a stop to this somehow??
Registration for #LAS2023 is now OPEN! Don't miss out on the opportunity to learn, collaborate, and help grow the Linux application ecosystem. Click the link to register now: conf.linuxappsummit.org/event/…
@olividir The very person running this Thunderbird account (e.g. @killyourfm) uses ProtonMail + Thunderbird daily, and it's worked consistently well on Linux, macOS and Windows.
"Design thinking was supposed to fix the world. Where did it go wrong?" Can start with the newsletter modal, cookie notice, and a subscription banner when opening the webpage. ☹️ technologyreview.com/2023/02/0… #webdesign #irony
New post! I documented my weekend efforts to run #Rust on classic Mac OS in case it's useful to others or if anyone has ideas of additional things to try.
I recently acquired a Power Macintosh 9500/150 and after cleaning it up and
building a BlueSCSI to replace the failed hard drive it’s now in a
semi-operational state.
When #GooglePlay introduced privacy labels, I was very curious to see how they managed to get reliable data about the #privacy properties of Android apps. I know first-hand how difficult and time-consuming privacy audits of #Android apps can be. Now Mozilla has taken a closer look, and it seems #Google doesn't even have reliable data.
*Privacy Not Included researchers find discrepancies between Google Play Store’s Data Safety labels and privacy policies of nearly 80 percent of the reviewed apps
Since opening registrations in Jan with 50 members we have doubled in size, following a nice pace of growth. We are now also steadily posting over 100 new posts/week.
Projíždím seznam a narazil jsem na Klaru (počasí). Zrovna nedávno mě velmi nemile překvapila velkým množstvím stahovaných dat na pozadí (cca 300MB/měsíc). Používám widget, takže jsem rád, když se data aktualizují samy, ale toto mě skutečně zarazilo, vzhledem k tomu, že to stahuje jen data o počasí.
Taky nechápu. Dřív jsem si toho nevšiml nebo se to nedělo, ale mám v telefonu nastavenou notifikaci, když překročím určité množství dat v měsíci. Na základě toho upozornění, teď v únoru, jsem koukl, jaká aplikace kolik dat žere a překvapila mě právě Klara.
Your weekly update on the world of building accessible iOS and Android applications, including blogs, tools, events, news, job opportunities, etc. #a11y #iOS #Android
Federico Mena Quintero
in reply to svenfoo • • •svenfoo
in reply to Federico Mena Quintero • • •@federicomena
Thanks. So far I'm doing fine. But it looks like I'm ruining my daughters' birthdays, again. Same shit as exactly one year ago, when I caught it for the first time, just a few days before their birthdays.
I strongly hope I haven't already infected anyone in the family and I hope it will stay like that. There's really no need to repeat it all exactly like last year.