Let‘s Encrypt describing their ACME profiles in detail:

‚classic‘: 90 days, all as before
‚tlsserver‘: 90 days, smaller certs, cut lean for its server role and modern clients
‚shortlived‘: ~6 days, otherwise like ‚tlsserver‘

If you have no idea what the mentioned TLS extensions are about, do *not* configure a profile. But if you do, use classic.

If you have a rough idea and serve modern clients, tlsserver cuts some bytes and the auth process is tighter.

letsencrypt.org/docs/profiles/

Profiles

A profile is a collection of characteristics that describe both the validation process required to get a certificate, and the final contents of that certificate.

^{letsencrypt.org}

In this installment on PBS about the static site generator Jekyll to create free websites on GitHub, @bart digs into the build process, and how the location, naming, and content of files automatically turn into web pages.

pbs.bartificer.net/pbs178

#Programming #Jekyll #GitHubPages

Getting Started with Jekyll Pages

^{Programming by Stealth}

Traveling as a trans person is already hard enough. The Trump administration is making it even harder. As part of their campaign of hate, they’re deliberately misgendering trans people on their passports, insisting on what was assigned at birth rather than the truth they now live.

Look, gender markers on government identification are bullshit. Fun fact: gender markers were only added to passports in the 1970s. We could do without them, and in fact, we have! But if we’re gonna have them, by the Goddess, they shouldn’t be weaponized by willfully ignorant bigots.

The “proposed” changes are already in effect, since this government loves to decimate first and ask questions later. Nevertheless, they need to know that there are a ton of people who are absolutely not okay with this. Are you one such person? Stand up and be counted!

transequality.org/news/freedom…

FREEDOM TO FLY: Take Action to Protect Trans Passport Access | A4TE

The U.S. Department of State has opened public comment periods on three important passport applications, and we must flood all three with our opposition to anti-trans changes before it's too late.

^A4TE

🎉 Published PipeTap with libcamera fork

Now it's time to beta test!

PipeTap is an application that control @libcamera driven camera through @pipewire .

Test device on video: OnePlus 6 with @postmarketOS

PipeTap:
gitlab.com/NekoCWD/pipetap
Libcamera fork:
gitlab.com/NekoCWD/libcamera

#photography #linuxonmobile #mobilelinux #ShotOnOnePlus #ShotOnMainline

F*CK Airbnb. ctvnews.ca/montreal/article/ai…

#NOAIRBNB #MTLpoli #polMTL

Airbnb urges Montreal to reject summer-only short-term rental rules

Airbnb Canada is urging the City of Montreal’s city council to vote against new rules that would restrict short-term rentals to the summer months.

^{Marisela Amador (CTVNews)}

Every now and then I remember that the internet goes back and forth really quickly through a giant wire they dropped in the sea.

en.m.wikipedia.org/wiki/Transa…

communications cable across the Atlantic

^{Contributors to Wikimedia projects (Wikimedia Foundation, Inc.)}

#AndroidAppRain at apt.izzysoft.de/fdroid today brings you 20 updated and 1 added apps:

+ Pomodoro: a very simple and tiny pomodoro timer app (less than 100 kB!) 🛡️

Enjoy your #free #Android #apps with the #IzzyOnDroid repo

IzzyOnDroid F-Droid Repository

This is a repository of apps to be used with your F-Droid client. Applications in this repository are official binaries built by the original application developers, taken from their resp. repositories (mostly Github, GitLab, Codeberg).

^{IzzyOnDroid App Repo}

Today I learned: If you use #Chrome and are annoyed by those "Sign in with Google" dialogs stealing keyboard focus on certain websites, you can disable it at the browser level.

In the address bar, type or paste in "chrome://settings/content/federatedIdentityApi" (without the quotes. You should land on the "Third-party sign-in" Settings page.

On that page, there'll be two radio buttons: "Sites can show sign-in prompts from identity services", and "Block sign-in prompts from identity services". Set it to the second one, and you should find that the problematic dialogs are no longer present.

#accessibility #screenReader

a friend invited my wife and me to visit them… and we were invited to an event i’ve wanted to do since childhood

had to turn both down because they’re in states where i can’t use the bathroom, and if i had to go to the hospital they’d forcibly detransition me by stopping my HRT

do you get it yet?

It feels quite uncomfortable that cloudflare is somewhat openly admitting to analysing login credentials that are going through the reverse proxy, and providing aggregated stats on it (without explicit consent of the user it appears?)

Based on Cloudflare's observed traffic between September - November 2024, 41% of successful logins across websites protected by Cloudflare involve compromised passwords.

Don't get me wrong the results are actually pretty interesting, but I just cannot think of a ethical way of doing this, and it feels kind of jarring that they just "did that"

blog.cloudflare.com/password-r…

Password reuse is rampant: nearly half of observed user logins are compromised

Nearly half of observed login attempts across websites protected by Cloudflare involved leaked credentials. The pervasive issue of password reuse is enabling automated bot attacks and account takeovers on a massive scale.

^{The Cloudflare Blog}

GIMP 3.0 is released, check it out!

gimp.org/news/2025/03/16/gimp-…

A huge THANK YOU to everyone who contributed in any way - from testing and submitting bug reports through to designing, coding, fixing, packaging, testing some more, translating, documenting, hosting, administration, so many people, so much work, so much to be thankful for!

Welcome to GIMP 3.0!

Denmark de facto ended the death penalty in 1892, although after World War II we did for a brief period reintroduce the death penalty and killed 46 people after 5 years of Nazi occupation.

But Republicans really like things old school, and the Republican state of South Carolina recently executed a man by a three man firing squad.

Future generations are going to look back at our time and be confused that this practice existed in our otherwise modern, educated times.

npr.org/2025/03/08/g-s1-52808/…

And who and how is this protecting anyone????

Darn they marked a music video as "for kids" and now I can even minimize it on youtube music

So, a) there's a libexpat security release: github.com/libexpat/libexpat/r…

and b) the writeup on the security issue and how the resources to fix it were gathered is *really* good!
blog.hartwork.org/posts/expat-…

Release 2.7.0 · libexpat/libexpat

Original change log

^GitHub

Long shot but worth it. I think I may have found my blocker for using #NixOS on my laptop/dev machines and am looking for help.

In short, I have multiple #Rust projects that build on the CLI just fine but not in VS Code/Rust Analyzer. I didn't spot this until very recently when I realized problems in my own code weren't being highlighted but compiled crates worked just fine.

Seems RA can't find some libraries but to the best of my abilities I've made those libraries available to the shell. I also launch code . from the terminal so it should have the environment set up correctly without need for Nix-specific extensions.

It's been suggested I not use the code-fhs Nix package, but that means starting from scratch and fixing existing extensions which work.

Please don't suggest abandoning VS Code or substantially changing my accessible workflows unless you also have 12 extra hours per day for me. Also please don't suggest abandoning Linux entirely--this issue is NixOS, not Linux.

More context: discourse.nixos.org/t/rust-pro…

Rust project builds from the command line, but not in VS Code

Hey folks, seems like every time I think I’m starting to figure things out, I hit a new wrinkle. 🙂 I’ve been trying to move various projects to devshells.

^{NixOS Discourse}

Edit: This post is based on outdated information which is no longer relevant. I apologize for the confusion.
NVDA Remote was merged into NVDA for the upcoming 2025.1 release.
This sounds like something to be happy about, but read on.

Now every new feature and change has to go through NV Access to get approved, which is a lot more work than adding your feature to an addon.

Why not create a separate addon? As said in #17703, they plan to remove the ability for addons to run on secure screens in the future. If this happens, nothing like Remote can ever be created again without the blessing and cooperation of NV Access.
Instead of empowering developers and users by allowing them to choose which addons are usable on secure screens, NV Access plans on disabling them.
Merging this just gives NV Access more leverage to meeting this goal. Their reason might be something like now that Remote is merged, we don't need addons there anymore because the interaction time is so short.

You might say that NVDA is open source, so someone can just modify the features they don't like. That's true, but it has to be signed for UI Access to work correctly, so someone would have to pay quite a bit to fork it and do their own thing. You then also have the problem of a fragmented community between NVDA and the new one.

The advantage with Remote merged in is that the users will be able to use Remote without an extra download, but we're going to be stuck with whatever NV Access gives us. I guess we'll see what they turn it into.