Paris and Berlin are now linked with an 8 hour daily rail service, that starts at €59. It produces 100th of the emissions of flying between the cities. euronews.com/travel/2024/12/13…
You know how many of the popular apps we use to check the weather offer the data of the Norwegian Meteorological Institute as an option? Having recently learnt that Norway has one of the most stringent laws on accessibility in Europe, I have decided to check their official app for iOS and am not disappointed. It found my current location in Poland without a problem, albeit with a typo for some reason. It also provided webcam imagery from my hometown - this of course is not accessible. It remains to be seen how accurate the data really is long-term. About the accessibility: the data presented is grouped as it should so it is read out in one cluster for each 3-hour segment. Custom hints will let you know that by tapping twice, the hourly forecast is expanded. In the 10-day view, each day is a heading. Unfortunately, the graphs are not accessible despite the API's for this being available for some years now. Other than that, the app is very simple and convenient to use so if you're looking for something uncomplicated to check your local weather, you can try YR. No idea how accessible that is under Android but I expect the experience might be similar apps.apple.com/pl/app/yr/id490… #Accessibility #A11y #Blind
Yr på iPhone og iPad er ulikt alt annet du tidligere har sett innen værvarsling.
Sveip deg gjennom en vakker og animert himmel og se hvordan været endrer seg time for time - samtidig som du får alle detaljene du trenger å vite.
“So you're my replacements... A dandy and a clown..!” On this day 1972 - Season 10 of Doctor Who began with William Hartnell and Patrick Troughton reprising their roles as The Doctor in The Three Doctors - Episode 1 #DoctorWho
@DavidGoldfield It was such an iconic moment and celebration for the show. A great story as well, so well written, and the dynamic between all the Doctors was great fun. 😀
Tom Baker has been honoured by King Charles with a Member of the Order of the British Empire (MBE) award for services to television. cultbox.co.uk/news/doctor-who-…
Actor Tom Baker has been honoured by King Charles with a Member of the Order of the British Empire (MBE) award for services to television. The 90-year-old actor was chosen along with other recipients as part of the New Year Honours.
John @tuckner sent me on an interesting wild goose chase. He is investigating the Cyberhaven extension compromise, trying to find out more. And he found something that he considered another campaign compromising browser extensions, related to the sclpfybn[.]com domain: secureannex.com/blog/sclpfybn-…
Edit: Just to make sure this is clear: so far there is little indication that these two campaigns are somehow related. Both being present in one extension was most likely a coincidence.
One of the extensions that used to contain the code in question was Visual Effects for Google Meet – which brought him to me because I recently covered that extension in my Karma Connection article: palant.info/2024/10/30/the-kar…
I checked my data but couldn’t find sclpfybn[.]com domain mentioned in any extensions other than the ones @tuckner found already. I then looked for similar code and immediately found it in Urban VPN Proxy.
First thought: Urban VPN Proxy has the legitimate version of a library that was trojanized elsewhere. Taking a look at the communication of Urban VPN Proxy disproved that theory almost immediately – not only was it communicating in exactly the same way, but also to an unknown domain, namely ducunt[.]com. Yet the same endpoint existed on the official urban-vpn[.]com domain as well.
So not only did Urban VPN Proxy contain essentially the same code, it was likely added there by the developers themselves. Further investigation increased the suspicion that all these extensions haven’t been compromised, that this was rather some monetization SDK.
At which point @tuckner found the sales pitch for that SDK, detailing how it would add ad blocking functionality to the extension at the cost of exfiltrating very detailed browsing data (of course anonymized and aggregated before being sold to everyone asking for it, we know the drill). And explanations on how to make sure Google won’t object.
And that explains it all: before the Visual Effects for Google Meet developer sold their extension to Karma, they tried to monetize it with this “ad blocking library.” The sales pitch doesn’t mention who develops the library but everything points to Urban VPN.
According to Urban VPN privacy policy, they are selling the data they collect from their users via BIScience Ltd. Who are most likely the hidden owners of Urban Cyber Security Inc., a company registered to a virtual address in the USA.
Edit: Updated link to Tuckner’s blog post, he split it away from the original investigation.
A bunch of malicious extensions in Chrome Web Store have hidden affiliate fraud functionality, collect users’ browsing profiles, or both. These extensions appear to be connected to the Karma shopping assistant, developed by Karma Shopping Ltd.
In other words, screw pedestrians, especially blind and other disabled people!
Waymo robotaxis, which are now ubiquitous in parts of CA, will often not stop for pedestrians using crosswalks there, unless a pedestrian is far into the road.
i haven't seen 3d printed ones this year (probably getting sneakier), fun tradition, good to see that's a thing! stickers are amazing, but nothing beats the 3d printed ones.
Another great podcast episode from @RyanAndrosoff this time with Andres Raieste from Estonia.
This is the second podcast from this year's #FWD50 conference in Ottawa. I would definitely recommend that folks in government listen to Trust is Everything | Ep 27
I liked the line about the importance of demonstrating incremental improvements. Starting with the tax department is also interesting.
Trust is everything. It’s clear we’re in a moment in time where people do not trust their governments. There is skepticism about the impact of big technology...
A reminder, a week on after this news broke, if you have the HONEY browser extension from PAYPAL installed, you should uninstall it immediately and delete all its cookies.
The extension + app owners
- does NOT find you the best coupons - does backroom deals with big retailers to drive conversions, with less discounts - steal(s) from creators - harvests your data for resale and manipulation - is classified as malware
Full details here (nb, the youtube display may not work because Youtube is actively blocking their cards / videos from displaying on Mastodon because of the MastoDDos effect)
Was Honey a legitimate money saving tool? Or just an affiliate marketing scam promoted by some of YouTube's biggest influencers?If you have any inside inform...
And if anybody ever tells you #security or #reproducibleBuilds are "set-and-forget", laugh straight into their faces. Software evolves, and so do their threats and risks…
German readers: Die Deutsche Version folgt in Kürze…
2024 waves goodbye, 2025 knocks at the door: what did we achieve in 2024, and what are our plans and hopes for 2025? Join us to take a look back at security measures established, at progress with Reproducible Builds – and for a look ahead of what mig…
Und wenn Euch jemand sagt, #security oder #reproducibleBuilds wären (einmal aufgesetzt) reine Selbstläufer: Lacht sie laut aus. Software entwickelt sich weiter – und so auch ihre Risiken und Threats…
2024 winkt zum Abschied, 2025 klopft an die Tür: Was haben wir 2024 erreicht, und was sind unsere Pläne und Hoffnungen für 2025? Werft mit uns einen Blick zurück auf die eingeführten Sicherheitsmaßnahmen, auf die Fortschritte bei Reproducible Builds …
Envision Glasses are AI-powered smartglasses that articulate everyday visual information into speech. And, with this information, comes the feeling of independence and the perception of possibilities.
Changelog: - fix for a bug after adding/removing a post to favorites which led to lose custom emojis; - fix spacing between post and reply placeholders when using the new Card layout; - fix a minor accessibility issue with the new audio player; - fix crash when rendering some HTML posts; - fix "floating" (overlapping) images for embedded contents; - localization updates (included support for upcoming Romanian translation); - library updates.
I think we are almost ready for the 0.4 version. In the meantime I've submitted both Raccoon apps to Google Play so I may be needed some volunteers to participate in the closed testing program before the apps can be made available to the general public.
La palabra “zíngaro” es una especie de red flag 🚩 para muchos gitanos. Cada vez que alguien, en nuestro territorio y en nuestras lenguas, escoge esta denominación en realidad a nosotros nos llega lo siguiente:
a) Evitas la palabra “gitano”. ¿Y por qué la evitas? Porque para ti “gitano” es una palabra connotada negativamente. Es decir, relacionada con elementos negativos. Quizá eres de los que dicen “gitanillos” o “de etnia” 🤮.
b) La palabra zíngaro te permite asociar elementos mágicos, místicos o espirituales especiales a las personas de las que hablas. Quieres hablar de una conexión especial con la naturaleza, una forma especial, casi mística de relacionarse entre ellos, los animales y el resto del mundo. Una visión muy similar a la que se fabrica de los pueblos indígenas de todas partes.
Todo ello contribuye a vernos como parte de un decorado de parque temático. Romantiza (sorry) la marginalización y exterminio, la prohibición de avanzar.
Para la supervivencia, algunos de nosotros hemos tenido que aprovechar estos estereotipos que podríamos considerar inofensivos (ciertamente son menos nocivos que otros). Pero también contribuyen a hacernos misteriosos, sospechosos y desagradables.
Somos gitanos. Si estás leyendo, puedes decir la palabra, dila sólo si es necesario pero siempre con normalidad, aunque la otra te parezca más poética.
Y si sigues sintiéndote incómodo, “romaní” no falla.
No seas como esos compañeros docentes con el síndrome del salvador blanco que bajan la voz para decir “gitano”. El término os lo inventasteis vosotros, pues ahora apechugad. 😅
Adjunto descripción gráfica de todo lo anterior. 🙈
"Advent of Code" is an online event where you're given 25 two-part code puzzles, which you're supposed to solve in 25 days in December. I was busy so instead I'm doing a slow-motion, one-puzzle-per-week version over the course of 2025, but with an added restriction: I have to do it in a different language each week.
Journal editors resign to protest AI use, high fees, and more Board members expressed concerns over high fees, editorial independence, and use of AI in editorial processes. arstechnica.com/science/2024/1…
I take umbrage with headlines like this. It wasn't the employee's fault for the data breach at Ascension, a healthcare giant with over 140 hospitals across the United States. It was Ascension's leadership that failed to implement adequate cybersecurity defenses that resulted in the breach of 5.6 million patients' data.
Waymo (aka Google) admits that it trains its robotaxis to break the law. When WaPo reporter finds robotaxis fail to stop for pedestrians in marked crosswalk 70% of the time, Waymo says it follows "social norms" rather than laws. Expert explains: When robotaxis obey law, they don't go fast enough to compete successfully with Uber, so Google execs ordered engineers to ignore laws. wapo.st/3ZZDifm
I continue to see a waning of ambition and optimism among technologists, or at least those who are most visible online. For example, this post: "The web is too big, or scaling down" scottrichmond.me/the-web-is-to… And I have to admit I feel it myself.
I started writing this post in October, when . I got distracted by the professoring business, and didn't finish it until now. It's not quite so salient (and,...
I think a big part of the appeal of retro-computing, which I dabble in, is retreating into simpler systems, not to mention simpler times in our lives (e.g. childhood). More recently, I want to do something with microcontrollers and Rust, again to get away from the wobbly towers of abstractions in modern desktop and mobile platforms. But those abstractions do serve important purposes, including accessibility; that's why I only dabble in retro-computing.
The business world tells us we should build ever faster and higher-level, to focus on delivering business value. I can see that, in the right context, this can be about more than churning out crap software to try to make money; it can be about solving an important problem before anyone else bothers to address it. That's how I justify (to myself) using Electron in one of my products. That focus on building just good enough, as fast as possible, isn't satisfying, but I guess it's inevitable.
“Life continues, and some mornings, weary of the noise, discouraged by the prospect of the interminable work to keep after, sickened also by the madness of the world that leaps at you from the newspaper, finally convinced that I will not be equal to it and that I will disappoint everyone—all I want to do is sit down and wait for evening. This is what I feel like, and sometimes I yield to it.”
The current fad is generative AI. And yes, I admit that I use it myself sometimes, and it's fun to play with. But when it comes to what I actually work on, I find myself wanting to go in the opposite direction: not building on top of a big, inscrutable thing that uses as much computing power as we can throw at it, but instead, simplifying the tech stack, understanding it deeply, tightly controlling sources of complexity like concurrency and asynchrony, etc.
Another thing contributing to my bad mood today: I saw a link to a piece Steven Sinofsky wrote in 2016 about the difficulties of cross-platform apps: medium.learningbyshipping.com/… He said the best long-term strategy was to go all-in on native, and I do remember that being common wisdom in the 2010s for mobile apps, if not desktop. The industry seems to have retreated from that. As if to say, "fuck quality, fuck user experience, just get a good-enough app out there to everyone." And I'm not innocent.
Targeting multiple operating systems has been an industry goal or non-goal depending on your perspective since some of the earliest days of computing. For both app developers and platform builders…
This sounds like a binaristic description of the trend (in therapy parlance, "black-and-white thinking"). Another less judgmental way to describe the same fact pattern is "on balance, we need to prioritize portability and speed of delivery over certain aspects of quality which are expensive to implement". I'm not necessarily saying that the industry deserves such charity but I think it's helpful to think in terms of incentives and systemic forces and imagine most actors are rational
@glyph Yeah, you're right, of course. I'm curious, why did you decide to use AppKit directly in Pomodouroboros, and then do a separate GTK UI for Linux? Leaving aside screen reader accessibility which isn't relevant for this app, is something like Qt still not good enough? Or did you decide you just really wanted to do a polished Mac UI since that's the platform you use? Have you already blogged about this?
1. Pomodouroboros is an unusually UX-sensitive app. It's designed to provide a very specific stimulus in a very specific way, and if it can't be provided that way, then the app is pointless. There's more than one possible way to deliver that stimulus but each distinct way is still *very* specific and sensitive to minor variations.
2. the integrations required are not only specific but quite *platform*-specific, requiring things like global hotkeys, overlays, shaped windows, transparency, activation policy, focus policy, and even when cross-platform toolkits provide access to this functionality, it's obscured behind APIs which do not provide cross-platform behavior. I can get Qt to do what I want on the mac, but doing what I want on Linux, if it's even possible (I've gotten close) is different code anyway
(Ironically I think Qt may be the way I end up getting this to work on Windows, at least at first; its behavior there seems a bit more reliable and a more comprehensible wrapper over really atrocious platform APIs)
3. the cross-platform toolkits come with a truly catastrophic amount of bloat. py2app at least does a good job of keeping the download size very manageable (as I recently posted about; approximately 32MB compressed, which is only about 75% of the size of the NYT homepage). Users don't like big downloads regardless, but user *perception* of what a "tiny" status-bar app should take up is small. Electron or Qt + Python would make this _gigabytes_ instead.
@glyph Yeah, and Python bindings on top of C++ toolkits like Qt and wx basically double the bloat. Aside from accessibility, which I've done some work on and need to get back to, what do you think about GTK on Windows? GTK has the advantage of bindings being loaded at runtime from a compact interface definition rather than using lots of pre-generated glue code.
GTK has systematically removed all of the APIs that I need to implement Pomodouroboros, because Wayland has (for misguided, incorrect "security" reasons) removed the functionality those APIs depend upon, and GTK considers "Linux desktop" the most important least common denominator.
Of course since "security" is an excuse rather than an actual systemic property, I can still access all the functionality by forcing a fallback to X11 and then talking to it directly github.com/glyph/Pomodouroboro…
@glyph About cross-platform toolkits and bloat, one of the crazier things I ever did was to use Eclipse's SWT in a Python project by embedding the Avian lightweight JVM via pyjnius. This was in 2015. I think SWT *and* Avian was still a bit less bloated than wxPython or PyQt. I chose SWT because it had more consistent accessibility across Windows and macOS than wx (e.g. no need to use a different list control on each platform). But now Avian is dead. I'm probably never porting that app to ARM.
@glyph Well they ported it to ARM, and I think even ARM64, for iOS, so most of the work is probably already done. Anyway, that particular app is close to being killed.
@glyph I was going to do the whole app in Java. Avian would have enabled AOT-compiling that code to a standalone executable (I think this was before GraalVM Native Image). But then writing JNI bindings by hand for platform APIs looked like way too much work, and I had some existing Python code I wanted to use, so I did the Python-embedding-Java hack. So, as you said, we're all rational actors making compromises; we can't max out quality in all dimensions.
@glyph I felt, during that particular development cycle, that indistinguishable-from-native UI was vital, so I did what I felt I needed to do to get there, without doing the whole app twice.
A point I should make about Pomodouroboros is that while this is far from the _only_ issue driving delays (personal issues are a bigger factor, if I even have a real "schedule" to begin with), spending so much time hand-polishing the native API interactions to make the experience come out just right has produced huge delays by itself. Perhaps if I were more fluent with Electron and did it as a janky web-ish experience it would actually be out to users by now, getting feedback and iterating
yep, and a whole additional layer of bugs (believe me, AppKit has enough bugs on its own, nevermind the ones that I'm introducing) to laboriously track down
@glyph Have you tried Toga? I'm turned off by the fact that it brings in .NET as a dependency on Windows so it can use Windows Forms, but I guess if I really care I should do a Toga Win32 backend.
I have played with it a little bit, and if I had to do the kind of app that benefits from cross-platform UI, I would probably reach for it first. It looks very simple but (to my eye at least) very native, across a really surprisingly big range of platforms. But one of the major benefits is that it would work really nicely on mobile, and Pomodouroboros can't even work on a mobile platform due to platform limitations :)
Normally, I'm a defender of "bloat", <joelonsoftware.com/2001/03/23/…> has held up remarkably well, I think for the most part users just don't appreciate what it takes to make a fully functioning application, the size of all the infrastructure required to do things like "auto-updates" or "security" or even just the resource size of images or 3D models or whatever for the aesthetic touches that users expect. But that's defensible for like, 20-50% increases in size, not 10,000%
Version 5.0 of Microsoft’s flagship spreadsheet program Excel came out in 1993. It was positively huge: it required a whole 15 megabytes of hard drive space. In those days we could still reme…
@glyph Re: bloat, I'm ambivalent about the Spolsky article. His rebuttal of Linus Åkerlund's rant is correct, of course; demand paging has been a thing for a long time. And of course, more features are generally a good thing for users. And important things like accessibility and, as you said, automatic updates and security, make the code bigger.
And yet, why shouldn't a little utility like a registry cleaner be 50K instead of 1 MB? Is wanting that a mental health issue?
@glyph It seems to me that the biggest causes of bloat, at least today, aren't actual user-visible features, but glue layers, especially glue layers (e.g. language bindings) that require you to ship large dependencies in whole without any possibility of fine-grained dead code elimination. Electron is that taken to an extreme, shipping a whole browser engine because JS is too dynamic.
Lots of great stuff on open source & AI from Facebook's @yannlecun - As usual @karaswisher asks some great questions. Am I convinced that the bots aren't going to lead to our downfall, no. Do I think Yann's got it right on legislation no. But I liked his responses on open source, and frankly his openness to confront power.
Johns Hopkins University and Vox Media have teamed up to present the On with Kara Swisher podcast at the Johns Hopkins University Bloomberg Center. The partn...
Wow! Fascinating! A new Caltech study quantifies the speed of human thought processes and finds that we think, remember, and process remarkably slowly. Thinking Slowly: The Paradoxical Slowness of Human Behavior caltech.edu/about/news/thinkin…
We’ve hit a major milestone on the road to Castopod v2: the release of the first 12 Castopod plugins!
These plugins showcase the power of our new Plugins Architecture, enabling endless customization and exciting new features.
💡 What’s Next? We’re working on a Plugins Repository for easy discovery and installation, plus UX improvements, async media uploads, PHP 8.4, better fediverse integration, compatibility and much more!
Explore the first 12 Castopod plugins, new features, Plugins Architecture enhancements, and upcoming improvements ahead of the final v2 release, including the Plugins Repository, an index for discovering and installing plugins.
Tusky
in reply to saxnot @ 39C3 • • •