"What happened?" "Iâm stuck. It's so embarrassing." âI guess things went... a-rye?â âPlease do shut up.â "You should get out of the sun." "Why?" "Otherwise, you'll be toast." "You're an asshole, Charlie." âYouâre right, you deserve butter.â
Given that I see calls for better support for those random opensource devs that happen to maintain some of the most important pieces of software on the planet: a good friend of mine is maintaining expat - possibly the most important+popular xml library out there - and he has a message in his latest changelog that you may want to read: github.com/libexpat/libexpat/bâŚ
Although no Debian stable versions are known to be affected by CVE-2024-3094 the next point release for 12.6 has been postponed while we investigate the effects of this CVE on the Archive. https://lists.debian.
Although no Debian stable versions are known to be affected by CVE-2024-3094 the next point release for 12.6 has been postponed while we investigate the effects of this CVE on the Archive. lists.debian.org/debian-securiâŚ
@masukomi Stripe payment links, Cash App, Ko-Fi, Buy Me a Coffee (looks like a Ko-Fi clone?), Liberapay, GitHub Sponsors, and (if it exists) your bankâs p2p payment portal seem like better options than Patreon and PayPal. I use everything on this list except BMAC and bank-provided p2p payments on my support page.
All except CashApp have small Stripe processing fees; CashApp probably makes money off user data instead of fees (i donât really know). Anybody know any others? And how does BMAC compare to Ko-Fi?
Attached: 1 image
For those of you considering starting something with Patreon, it's fully moved into late stage enshitification.
This poor creator was given $583 by their patrons, and Patreon took $109 of it in fees.
Back from a great service. For those who wanted to hear me sing oceans, I am reasonably pleased enough with how I did to feel like I can share it. Please excuse the audio quality. I literally pulled it off the Facebook video. I donât really know how to make it better because itâs not multitrack. dropbox.com/scl/fi/4mfpehbrj1yâŚ
Dear woman, you have a lovely voice. It's very gentle and yet powerful when you want it to be. You also have excellent vocal control going from low to high notes and you make that transition seamlessly with what sounds like very little effort. Can't wait to play this for my wife.
For anyone wanting to read up on the #xz clusterfuck: tukaani.org/xz-backdoor/ is currently the best starting point and will likely remain the best starting point
CVE-2024-3094 concerning a backdoor exploit in XZ Utils 5.6.0 and 5.6.1 releases are currently being analyzed, for the moment we have paused Archive processing. We will advise as soon as possible. For more reading and information: tukaani.org/xz-backdoor/micronews.debian.org/2024/1711⌠#debian
CVE-2024-3094 concerning a backdoor exploit in XZ Utils 5.6.0 and 5.6.1 releases are currently being analyzed, for the moment we have paused Archive processing. We will advise as soon as possible. For more reading and information: https://tukaani.
I know this is not directly related to the recent Chinese (?) backdoor, but the XZ format has all kind of problems and I personally avoid using it. Having a better compression ratio is not a reason to prefer XZ, IMHO. See nongnu.org/lzip/xz_inadequate.⌠#gnulinux #opensource #Debian
CVE-2024-3094 concerning a backdoor exploit in XZ Utils 5.6.0 and 5.6.1 releases are currently being analyzed, for the moment we have paused Archive processing. We will advise as soon as possible. For more reading and information: tukaani.org/xz-backdoor/
So, while the xz backdoor disaster has us thinking about how we interact with maintainers of open-source dependencies, I thought I'd ask for advice on resolving a dilemma I'm facing with AccessKit (github.com/AccessKit/accesskit). I want to add this dependency: crates.io/crates/immutable-chu⌠Like xz (before the long attack began), immutable-chunkmap is a one-person project; he's doing it in his spare time. But, at the risk of sounding entitled, there are things I want fixed before I depend on it. 1/?
The two main problems with this potential dependency are:
1. It brings in a handful of transitive dependencies for (IMO) marginal gain. This is easily fixed.
2. It uses unsafe Rust code, for a few functions that I don't need. I would rather stick to 100% safe code (outside the standard library) for the platform-independent parts of AccessKit.
Both of these things are relevant in light of the xz scare, because it's likely that open-source dependencies will now come under more scrutiny. 2/?
1. Wait and see if the upstream author accepts my PR, putting on hold the AccessKit work that requires this dependency, and accept that there will be some unused unsafe code in there, which might make my project look bad if you look hard enough.
2. Copy the parts of this library that I need into my own code, with attribution (the license isn't a problem).
3. Release a fork of the library, and depend on that in AccessKit.
What I definitely don't want to do is be pushy about getting my PR merged, or about modifying his library to prioritize 100% safe Rust code over having all the functionality that he clearly wanted it to have. At the same time though, if I embed his code into my library (even with attribution) or fork it, then I'm denying him the gratification that would come from having my library depend on his, with the accompanying boost in download counts and similar statistics. 5/?
And, maybe it's rude to be quick to fork instead of trying to collaborate. Maybe I just need to be patient. But at some point, I'll need the functionality that this dependency would provide, unless I want to compromise performance (by not having a copy-on-write map). I don't see a clear right decision here. Really trying not to be an entitled asshole though. 6/6
Oh, I guess the other option would be to just add the dependency now and accept the things that I see as problems (the extra dependencies and the unused unsafe code), and accept that my project will look bad (by some measures) as a result. But again, open-source dependencies are going to come under more scrutiny now because of the xz backdoor.
I also see some red flags about general project health in immutable-chunkmap: no CI, no tagged releases, just manual publishing to crates.io. Again, really trying not to come off as entitled; I'm grateful that he wrote this useful code and gave it away for free. Just trying to decide what to do with it since I don't want to depend on the released library as-is.
I think pragmatically I would depend on it for now with a blocking issue before my next feature release (or before merging the feature branch to main), submit upstream patches to enable CI and put the undesirable transitive dependencies and unsafe code behind a feature (can stay on by default, but you'll use --no-default-features). If there are no tests, I figure I'd have to write some even if I forked, so would try sending them upstream.
You could send the contributions upstream, but vendor/fork it for now while you wait for them to be accepted or discussed. That's what I usually do when I have changes that need to be made to a dependency; I would rather not maintain a vendored/forked copy indefinitely, so I send patches upstream, but I vendor or fork it until they're accepted, at which point I can move back to depending on it (or not, if they're not accepted).
@unlambda Honestly, if I reduce the vendored copy of the Rust library down to 100% safe code, and only the functions I actually need, I could probably leave it alone indefinitely afterward, as it wouldn't be the kind of thing that has to be perpetually updated for security. The only question is whether embedding that library inside mine (with attribution), as opposed to openly depending on the upstream library, would be considered a dick move.
@unlambda If I were working on a proprietary project, as I often do, I'd vendor or fork the open-source dependency without a second thought, as long as I can comply with the license. But since my project is also open-source (and itself a library), and anyone can see what I'm doing, I guess I'm holding myself to a higher standard.
I don't think it's a dick move, with proper attribution.
It might be worth checking with upstream if they'd accept a PR to put everything that requires unsafe behind a feature flag (if it really is some optional functionality that could be separated out).
I do notice their readme says "written using only safe rust" which indicates that they find this desirable, even if the library doesn't actually match that any more.
IMO, a fork, making it clear that your preference is to not have a fork, is fine and quite respectful of the maintainer's time. A project I co-maintain got briefly forked because they needed additional functionality to ship as a default part of NixOS, they had a release schedule, and we were low on time to figure out how we wanted to land it, and I am quite delighted to see that people found it useful enough for it to be a default part of NixOS one way or another! github.com/nix-community/nsncd
Honestly the embed alternative sounds not too bad if (and only mostly if) you foresee that the attention towards the PR, be it accepted or rejected, will come in around the same timeframe. Your attention will be on and around this subject already, so you can more easily and safely take the path of embedding the code and, say, de-embedding it later and depending on the lib if the PR is accepted. Yes it is more work but IMO, it's something that at least both parties stand to gain or tie from regardless of the result of the PR.
Also, honestly, I wouldn't worry too much about unsafe in deps of your deps. It's the simplest tradeoff in engineering: either you trust someone else to do their work (including them trusting other people) and also the easiest to deal with if you go the embed option (again: regardless of PR results).
But that's just me, and I usually prefer embed + attribution to work on my 1PPs.
@jason No, I don't have one. A few reasons. I'm visually impaired (legally blind), so I wouldn't be able to directly judge whether a picture is good. But I'm told that I look much younger than I am, so I wouldn't want an actual picture of my face to give the wrong impression. And I have no idea what else I'd want to use as a picture. And generally, I just want people to see my name and what I write.
thanks for the explanation! Glad I asked, nice to find out why people do what they do.
Maybe I should ask my clientâs devs to differentiate âno picâ from ânetwork problemâ cuz I get a bit gaslit that my internet is down when I see the generic icon.
And thanks for all the posts about the xz mess, theyâre very helpful.
Me ha asaltado una de esas locuras que a veces me da. Voy a ponerme a leer este libro de 1670 que he encontrado escaneado por la biblioteca del Banco de EspaĂąa. Se trata de la "Historia de la conquista de la China por el tĂĄrtaro" de Juan de Palafox y Mendoza. Palafox es un personaje interesantĂsimo del s. XVII, muy importante en su ĂŠpoca, pero hoy bastante olvidado. Fue obispo y polĂtico, llegando a ser virrey de Nueva EspaĂąa. Por la conexiĂłn tan directa que tenĂa MĂŠxico con Asia a travĂŠs de Filipinas, Palafox conociĂł de primera mano todas las noticias que llegaban de China y las plasmĂł en este extraordinario libro.
Abro hilo para ir compartiendo citas de la lectura.
The abusive behavior that was being used to manipulate Lasse Collin into bringing on more maintainers for #xz went unnoticed because abusive behavior in Open Source communities is so pervasive. In context, we can clearly see it was part of an orchestrated operation. Out of context, it looks like just another asshole complaining about stuff they have no right to complain about. robmensching.com/blog/posts/20âŚ
Originally a thread on Twitter about the xz/liblzma vulnerability, when I finished typing it, I realized I had a real world slice of Open Source interaction that deserved more attention.
This is a repository of apps to be used with F-Droid. Applications in this repository are official binaries built by the original application developers, taken from their resp. repositories (mostly Github, GitLab, Codeberg).
Is there anything we can do to reward and thank *you* for discovering the backdoor? Any crowdfunding thing we can contribute to as a gesture of thanks? We were all lucky that you tracked down the anomaly, and I for one appreciate that you chose to take the time to do so.
Keynote lovers! I bring you a completely new Keynote voice, one that can better read numbers (not perfect but doable) and ssounds way more like Keynote does. You can replace it over your existing voice: Download and install eurpod.com/en-us-keynote-mediu⌠in your "piper voice manager" to use this voice. Over 6000 epics went into this training, on 1+ hour of audio now, finetuned from HFC_medium.
@fireborn I'm not sure either. I know the Piper skeleton is installed already (like main modules) but I think there's a speech-dispatcher connector, if I googled piper speech dispatcher I found something on that
@Bri @fireborn @x0 I tried it as daily driver, even before the BT Speak - I would often take my R-Pi 4 with an external battery pack, a small speaker, a small keyboard, and wire it all up. (Imagine what that must have looked like to sighted people who were baffled as they saw my contraption laid all out) - but it worked enough to do writing, browsing, just the usually basic coffee shop stuff, and that was like in 2015 or so, surprisingly.
@fireborn @Bri @x0 oh yeah, fun fact. The WM8960 chip is why you can't upgrade the Kernels on the BTSpeak. I'm guessing it powers the built-in speaker, so they are now doing more things to safely hold back packages that way people can apt-get update without issues. But my image is pretty screwed after doing it, now I get DPKG conflicts about the kernel install failing all the time.
@Bri @fireborn @x0 The upcharge of $400 still doesn't make sense. I wish they could transparently break down why 400, because beyond time and labor to make the desktop keybinds to work with the keypad, and labor for unit customizing, the 400 is just not there for me in value. I'm amused because someone on the list just said they might not buy one at that pricepoint since they mostly want note-taking features, so this change could turn some off.
@Bri @fireborn @x0 wow yeah just saw that msg on the list. This is the most interesting line in there: "A. Yes. You have the option to upgrade to a BT Speak Pro until the end of 2024. The cost of the upgrade is $400.00." - so what I thought sort of came true, in that basic oners can now get a path to use pro. Wow.
@fireborn @Tamasg @bri @X0 Don't forget about the added tech support and documentation requirements for a more complex product. I know none of you have ever worked on the other side of such a thing before, so understand me when I say that the extra work can be, and often is, enormous and vastly under-appreciated, and certainly underpaid most of the time.
@fireborn @sclower @Bri @x0 yeah from the business side it does make sense, but it's hard to quantify that into value amounts directly and so I think the 400 upcharge just feels extra when someone doessn't have that insight. It's also why I purchased it, because I realized that upsell for myself and didn't regret paying the $400 over basic. But I also work with IT companies so that empathy is easier to come by.
@fireborn @Bri @x0 I'm not pointing fingers or finding fault, just stating facts. Blind products aren't cheap to make or support, especially with a small company. Every single person interacting with customers has to know blindness tech inside and out; not so for nearly every other facet of non-disabled computing. And that talent pool is super tiny.
@sclower @fireborn @Bri @x0 yeah that's the thing, if Blazie had terrible support I would not agree either. The fact that Bryan Blazie called me from his Airport and people like yourself + Jess doing a lot of customer support (and others) speaks volumes to the care they put into that product. I wish I could explain this away like that to everyone though. But it's hard since the buyers can only go on anecdotal evidence for it.
I wonder now, given the amount of training here, why the beginnings of words and strings are chopped off? We were told that more sample data was necessary, but now i'm starting to wonder.
@nick it does that with normal Piper voices too though, I think it's the way NVDA needs to generate the wave sample - it opens / closes the device. Later improvements the developer of this add-on tried to upstream to Piper (where the two encoders are separated out to allow for smaller-chunk streaming) fix this issue, but most likely will require new voices to be rebuilt as they will not remain compatible.
@nick yeah I think there was a major add-on revisionn in the works since the October release, but first he had to get the changes into the upstream Piper repo, so I'm just not sure if that process got stuck somewhere.
@nick I would re-generate the 3 speech synth voices I have for sure with a newer notebook if the voice packages became incompatible, I think even at this stage with the imperfections it's surprisingly close to the likeness of the real synths. @mush42
@nick @mush42 I think it's really cool. I wonder how it would take in something like the BT speak? Imagine having that Votrax voice you made a few days ago being a part of it? I'm sure some of the old BNS users would love it, and even the speech synthesizer lovers like me. I've always been fascinated by that voice, ever since I heard it doing the Monty Python argument sketch with DecTalk back in 2014 or so.
@jmd2000 @Tamasg @Nick @mush42 We experimented with Piper on the BTSpeak. The main problem was that it was just too slow to respond to be useful as a daily driver. If generated voices can be made efficient enough, I'd love to try again. Hearing a replication of the old BNS or Keynote Gold voice coming out of that would be hillarious.
@sclower @jmd2000 @nick @mush42 darn. I was wondering about that myself, yeah. I figured these voices were made to run on the R-pi itself better (as the Piper project was originally made to give TTS to the Pi) and the big difference you also have with an R-Pi over the NVDA add-on is GPU inferencing. Presumably the Piper voice on an R-pi could use GPU to accelerate this but maybe even that's not good enough for latency.
@jmd2000 @nick @mush42 Yeah, I'm unclear whether the bottleneck was strictly software or not. From what I remember, latency was about equal to the Piper driver for NVDA in the first quarter of 2023.
@sclower @jmd2000 @nick @mush42 First versions of the Piper addon could run on my 2012 Intel machine, most recent versions don't speak at all. I know this is old, but other stuff runs pretty well.
@FreakyFwoof @sclower @jmd2000 @nick Probably a software dependency issue. Maybe a certain version of VC-RT is missing from your system. If you're running the latest version, can you send me the server logs found under the logs directory in the piper folder, which you can find under NVDA's config directory.
I canât tell you how angry this makes me feel for this maintainer.
I donât know who Jigar Kumar is, or what the motivation was behind the emails that the author is referencing, but I can tell you if I was trying to get a bad actor in as a trusted developer, this is how I would approach it.
Originally a thread on Twitter about the xz/liblzma vulnerability, when I finished typing it, I realized I had a real world slice of Open Source interaction that deserved more attention.
ÂťOpen source projects don't have a top down approach. People work on whatever they find interesting and fun. You can't force volunteers to work on whatever you consider "core issues". Get over it.ÂŤ
Phoronix: KDE Introduces New Marknote App
KDE developers have announced the first release of Marknote, a new note-taking application for the KDE Plasma desktop...
https://www.phoronix.com/news/KDE-Marknote-App
ÂťNo it hasn't. GNOME is an open source project without any top down entity either. Let's not convert everything into a mind numbing stupid DE flamewar. ÂŤ
I'm trying to reproduce what you wrote in a clean debian bookworm docker container and ./maketgz 8.7.1 is failing due to a missing pib/libcurl.plist
I think that could be a way forward for curl: have a dockerimage to produce those files.
Then you can use that image, users can reproduce it, and we could even have a github action that runs this image on every tag push and automatically uploads release artifacts.
These version numbers are not enough, when I tried earlier I noticed that the generated files seemed to contain patches added by Debian or Ubuntu, you should specify the exact versions including the distribution-specific revision (from dpkg -l).
The latest from Ubuntu 23.10 worked best for me, these were probably what you used, but having the exact version makes it easier to reproduce in the future.
As to the best place to document, my suggestion would be to (once you have determined the set of tools which matter and how to obtain their exact release) change your script to put the relevant versions in a text file somewhere within the tarball itself.
In a candid interview, one of the co-founders of Applause Group, which owns Voice Dream Reader, addresses some of the concerns expressed by some members of our community regarding the move to subscriptions for all. We also talk about future features including Kindle support, which is close to release. Itâs available now for our Plus subscribers and to everyone in 72 hours. Join Plus for as little as 59 US cents a month. LivingBlindfully.com/plus
IAAP wants disabled people, including photographers, to do work for free. And not even just for the course, the license is CC-Zero which allows anyone to do anything with it.
IAAP charges for these courses. Do not submit your photos. Everyone, but especially people who are disadvantaged, have the right for fair and just compensation. Outrageous!
Calling All Contributors! Help Enhance Disability Representation in our CPACC Course! đ¸
Mary Albert, the mind behind the renowned CPACC Exam PreparationâŚ
Time to celebrate - and to take a look at how the team grew from 4 to 30 people! đ â Read more on our exciting journey of bringing #privacy to the world: tuta.com/blog/road-to-success
To date Tuta (formerly Tutanota) has enabled millions of people to leave Gmail and other privacy-intrusive services. Our road to success was not always easy, but incredibly fun!
@lcee Currently we are not offering remote positions, but if you are interested in relocating to Hannover we do offer assistance with the visa and relocation process.
Addressing indoor air quality saves lives and helps us achieve at work, in school, and in self-governance.
Brain function declines by 15% as CO2 levels hit 945ppm, and by 50% at 1400ppm.
Have you ever measured CO2 at your desk or a contentious City Council meeting? What you find might surprise you!
These scientists recommend mandating clean air in public buildings, with 800ppm as the upper limit. That's good policy: science.org/doi/10.1126/sciencâŚ
Why canât you suspend users in Pixelfed? Why is the only option marking their accounts as spam?
Why are mod management tools in Pixelfed still the worst of any software across the fediverse?
You want to talk about a commitment to improve moderation meaningfully? Why are you worried more about some ridiculous-ass reel app over key moderation features?
I held back before, but now itâs clear youâre just a bad faith actor looking to fulfill your own childish impulses of fame and building the ânext big thingâ.
If Loops and Sup are anything like how you treat the Pixelfed project, theyâll be jokes at the expense of the users and admins who try their best to make the most out of these broken platforms.
FediPact is a noble endeavour, but one borne out of the lack of actionable improvements.
Where is the FediModPact of people dedicated to improving platform safety services and tools for each fediverse platform?
It's easy to say you're blocking threâŚ
Today I briefly emerge from the undergrowth to inform you that there exists the optimal life form and it is a type of sea slug known as a "leaf sheep" which indirectly harnesses photosynthesis through the chloroplasts of the algae it munches on. Either that, or at the very least, the most adorable.
unsolicited extended alt-text for people who don't know what leaf slugs look like
Sensitive content
alt-text: leaf slugs resemble vibrant-green succulent plants with cartoony blushing cow heads sticking out of them, grazing on a field of algae. Each spotted âleafâ on their body has a magenta tip.
Off the back of my last post, I'm compiling a list of publishers that sell ebooks and whether or not those ebooks come with DRM.
Shout me if there are particular publishers or vendors, whether they are DRM-free or not, that you know that I can add to my (publicly available, CC-0) list.
whatâs the benefit of using a DRM-free ebook publisher over selling through crowdfunding platforms like Ko-Fi, Gumroad, Patreon, etc? I imagine discoverability is part of it.
Iâve gotten a few books on Gumroad and found it to be fine from a consumerâs perspective.
I was asking about the advantage of publishing through a DRM-free ebook publisher vs self-publishing through an indie platform, not about where to buy books from.
Apple has launched a new tutorial webpage featuring beginner resources for programming using Swift, Swift UI, and Xcode. appleinsider.com/articles/24/0âŚ
Unmute Presents Unmute Presents â Thomas Domville
Today, Marty spoke with Thomas Donville from AppleViz about his tech journey from COBOL programming to network administration, facing challenges post-vision loss in 2005, and his role at AppleViz. Thomas highlighted the limited accessibility tools available, challenges working with servers, and the community-driven nature of AppleViz. He also shared podcasting equipment recommendations and AppleViz's expansion into various tech discussions beyond Apple products. Our talk explored Thomas's commitment to tech accessibility and AppleViz's growth as a valuable resource for the visually impaired community.
Today, Marty spoke with Thomas Donville from AppleViz about his tech journey from COBOL programming to network administration, facing challenges post-vision loss in 2005, and his role at AppleViz. âŚ
HT to @wdormann here - somebody has backdoored the open source project XZ which has downstream impacts.
For example, although OpenSSH doesnât use XZ, Debian patch OpenSSH and introduced a dependency which translates as the XZ changes introducing a sshd authentication bypass backdoor it appears.
One dude bothered to investigate in his free time about why ssh was running slow, so it was caught fairly early - i.e. hopefully before distros started bundling it.
Worryingly it looks like the backdoor comes via one of the two main devs and dates back over a month from their GitHub account, with legit commits too - XZ is used in systemd so this one might play out for a while.
I suspect distros probably want to roll XZ back to around January 2024, stop bundling updates until the developer is removed in GitHub or a logical explanation can be given, and somebody needs to fund a code review of it.
Please sync xz-utils 5.6.1-1 (main) from Debian unstable (main)
Hello! I am one of the upstream maintainers for XZ Utils. Version 5.6.1
was recently released and uploaded to Debian as a bugfix only release.
Originally reported on Google Code with ID 342 What steps will reproduce the problem? 1. Testcase is attached. Compile with GCC with -fsanitize=address option. 2. Run. 3. What is the expected outpu...
Back in 2022 a host of characters appeared and basically bullied the creator of the XZ project to hand it over to somebody else - at the time the guy cited mental health issues around not updating the project quickly.
At the time he was already talking about maybe handing over to the account who years later introduced the backdoor.
In mid 2023 said account introduced a change to Googleâs OSS Fuzzer to weaken detection for XZ.
Somebody played a years long game of Jenga and lost.
Before everybody high fives each other, this is how the backdoor was found: somebody happened to look at why CPU usage had increased in sshd, and did all the research and notification work themselves. By this point the backdoor had been there for a month unnoticed.
Iâve made the joke before that if GCHQ arenât introducing backdoors and vulns in open source that I want a tax refund. It wasnât a joke. And it wonât be just be GCHQ.
I was doing some micro-benchmarking at the time, needed to quiesce the system to reduce noise. Saw sshd processes were using a surprising amount of CPU, despite immediately failing because of wrong usernames etc. Profiled sshd, showing lots of cpu time in liblzma, with perf unable to attribute it to a symbol. Got suspicious. Recalled that I had seen an odd valgrind complaint in automated testing of postgres, a few weeks earlier, after package updates.
- sshd itself has no dependency on the XZ utils library. The streams got crossed in a way I donât think anybody understood (except the threat actor).
- had that backdoor been performant with sshd, I donât think anybody would have spotted it.
The way this played out opens a window of opportunity to go back and look at both issues.
c-ares version 1.28.1 - Mar 30 2024
This release contains a fix for a single significant regression introduced
in c-ares 1.28.0.
ares_search() and ares_getaddrinfo() resolution fails if no search ...
As we hear reports that it will take 10 years (đ¤Ż) to replace the 1.6 mile Francis Scott Key bridge in Baltimore, remember that China built the Danyang-Kunshan bridge and Qingdao Jiaozhou Bay Bridge in 4 years each.
Danyang-Kunshan Bridge is 102 miles long, and 100 ft above the water.
Jiaozhou Bay Bridge is 16 miles and 623 ft tall, earthquake and typhoon proof, and can withstand a direct strike from a 300,000 ton cargo ship. That last point is unfortunately topical.
The Jiaozhou Bay (German: Kiautschou Bucht, 36°7â˛24.44âłN 120°14â˛44.3âłE) is a bay located in Qingdao (Tsingtau), China. It was a German colonial concession fr...
Please excuse the audio quality. I literally pulled it off the Facebook video. I donât really know how to make it better because itâs not multitrack. dropbox.com/scl/fi/4mfpehbrj1yâŚ
Sonny
in reply to Sonny • • •Next steps
⢠Update them all to GNOME 46
⢠Fix metadata urls (âşď¸)
⢠Set App Brand Colors
⢠Update screenshots
⢠Fix App Listing Quality reviews
Sonny
in reply to Sonny • • •Seriously, thank you to volunteers for the amazing work on flathub.org
@tbernard @razze @cassidy and others!
LINux on MOBile
in reply to Sonny • • •Jorge Toledo
in reply to Sonny • • •