The current air quality index for #Minneapolis, #Chicago, almost all of #Minnesota, #Wisconsin and much of #Iowa, #Illinois and #Michigan is currently hovering around 175-200, unhealthy for everyone. Protect yr lungs and wear a mask out there fam!
(map as of 1pm central time July 31 on airnow.gov)
This is bad, on its face, but there is also zero chance it won't be abused to block other content that whatever TPTB deem undesirable. #torrent #privacy #indieweb
Congratulations. Any plans to start working on an ARM64-based sled? Or is x86-64 still so entrenched that only systems nerds care at all about being free of that legacy? (I was just reading an article about how x86-64 VMs still boot into 16-bit real mode.)
I guess another factor is whether any ARM64 chips with competitive performance are available for a company like Oxide to integrate, or whether Apple and the hyperscalers are in a league of their own here.
Also, truly a gem in my collection of Ancient Paper Artifacts—I just scanned and uploaded the AOL guide for "Information Providers." This document was heavily NDA-ed back when AOL existed. archive.org/details/america-on…
America Online is an interactive, online service that offers a rich variety of information and communication services in an engaging, easy-to-use format....
Here's what AOL had to say about "Netiquette" in July 1994.
"Online, no one can hear your voice. What you would have said hesitantly, or ironically, or with a shrug, appears online as words alone, usually with more force than you intend."
Drum roll please... my two projects for the RevenueCat #Shipaton will be Bouquino and Accessibility Testers 🎉
🐐 Bouquino is an app that makes reading in your second language a breeze! 🧪 Accessibility Testers is an app for hiring real users of assistive tech to test your app for accessibility.
What's the problem? The Online Safety Act has been a disaster. Rather than protect children, millions of adults are facing widespread censorship, and teenagers are having their freedom of expression restricted.
**Audit every libcurl POST in your stack. Treat `CURLOPT_POSTFIELDS` like explosives.** Either switch to `CURLOPT_COPYPOSTFIELDS` or prove your pointer lives forever. No exceptions.
@joshix @silvermoon82 Maybe HackerOne, as a CNA, just automatically assigns a CVE number to every damn bug that reaches the 'disclosed' state. I dunno how H1 works - I've never had the desire to do bug hunting for free in my off time, since I do it basically full-time as a salaried position. Based on the comments on the link you provided, this seems most likely to me.
Alternatively, sometimes it's less effort to just say "sure kid" than to spend the time to explain to someone how being able to move a read cursor past the end of a buffer can't actually help an attacker if the attacker can never retrieve the read contents.
I've had 45-minute conversations trying to explain similar things to someone on my team... "Yes, it's a bug. No, it's not a vulnerability." It's exhausting every time I do it, and I only ever have 1 or 2 engineers who need that level of attention and mentoring. Imagine being the maintainer for a popular open source project and having 100s of reports coming in. Having to spend 45 minutes convincing some kid that the shiny new bug they found isn't a CVE would just DoS the entire project.
Sometimes the path of least resistance wins, no matter how wrong it is.
@joshix @silvermoon82 That last one looks like it has no impact - you can read past the end of the buffer, but the attacker never gets the contents of the read data, so it really doesn't help them at all. Sure, it's a bug in the software, but I fail to see how that's CVE-worthy.
A vulnerability needs to have an impact - something that gains an attacker either additional information, or additional access. Anything else is just doing what they can already do, but with extra steps.
# libcurl heap-buffer-overflow: API contract vs. memory safety — you decide.
An easily reproducible heap buffer overflow exists in libcurl’s `curl_slist_append()` function, triggered by passing a...
🇫🇷 Französisch: Traduction du dossier Chat Control 2.0 🇸🇪 Schwedisch: Chat Control 2.0🇳🇱 Niederländisch: Chatcontrole
Inhalt der Seite:
Die Abschaffung des Digitalen Briefgeheimnisses
Hilf jetzt mit die Chatkontrolle zu stoppen…
🇬🇧🚨Leak: Many countries that said NO to #ChatControl in 2024 are now undecided—even though the 2025 plan is even more extreme! 🗳️ The vote is THIS October. 👉 Tell your government to #StopChatControl! Act now: chatcontrol.eu
How is it that within 10 minutes of the Online Safety Act, Ofcom is investigating 34 porn sites, yet in 30 years of disability legislation in the UK there hasn't been a single instance of case law for websites or apps because the EHRC has signally failed to support people with disabilities even when there is a strong case to be made? 😩
✅ Faster Mail✅ Faster Calendars✅ Faster Contacts We've invested a lot in recent months to improve speed on your encrypted Tuta apps on all clients. While the...
@placebo Hey! It is faster on iOS too. Unfortunately if you have a lot of storage taken up in your mailbox and do not open it often, it will take longer to load.
As a developer, I try to make my software as accessible as possible for everyone. Unfortunately, I often lack a view from the user's perspective. I received a list from @dankeck with at least 10 suggestions for improvements, most of which I implemented in one night as if in a fever dream. The game is probably still a long way from being a screen reader user's dream, but I'm doing my best. Step by step! #webdev #a11y
Ihr könnt euch T-Shirts in eurer präferierten Größe sichern, wahlweise auch in fitted! Außerdem haben wir noch T-Shirts aus den vergangenen Jahren und letzte Tassen der DS24 zu Schnäppchen Preisen. Als kleiner Bonus sind die T-Shirts im Vorverkauf vergünstigt.
Der Vorverkauf läuft bis zum 15. August. Bei Fragen schreibt uns gerne auf Mastodon oder eine Mail an datenspuren@c3d2.de
This morning we have concluded that POSIX clearly states that a command line short option that takes an argument should be possible to use with and without a blank: "-f foo" as as well as "-ffoo"
> a conforming application shall use separate arguments for that option and its option-argument. However, a conforming implementation shall also permit applications to specify the option and option-argument in the same argument string without intervening <blank> characters.
my first thought was "that doesn't make sense" but on further thought what else makes sense?
If it takes an argument then does it matter that there's a space there or not? To my mind whatever follows it must be the argument to it.
One possibility would have been to require an error if there was no space there - it would catch folks who didn't realise there had to be an argument to it (maybe at the annoyance of those who say "but this takes an argument, why do I need a space?").
Spannende Neuigkeiten im IzzyOnDroid Repo: Jetzt haben wir reproduzierbare Builds, spezifische Unterstützung durch einige der beliebtesten F-Droid-Clients und mehr!
Add defensive int overflow checking in the buffer queue allocation functions to prevent potential heap buffer overflows if large chunk sizes are ever used.
The calculation sizeof(*chunk) + q->ch...
Wanted to write in about this as I just love love this project. Something I could totally see myself getting into in college or late high school, now I'm too much of in the corporate world to have ...
We have always had a custom command line option parser in curl. It is fast and uncomplicated and gives us the perfect mix of flexibility and function. It also saves us from importing or using code with another license.
Compare: curl --proto https haxx.se # does cleartext http curl --proto =https haxx.se # fails, because cleartext http not allowed
So, if you would use --proto=https, you might believe you prevented cleartext http but you didn't, I suppose you would need to do --proto==https for that.
😂 (Note: though, not funny for recovering alcoholics or people allergic to alcohol)
BBC: Warning issued after US energy drink cans accidentally filled with vodka
"US authorities are warning consumers of Celsius energy drinks to check their cans after some were accidently filled with vodka.
The US Food & Drug Administration (USFDA) issued the warning for the Astro Vibe Blue Razz edition of the drink.
The mix-up came about after a packaging supplier mistakenly shipped empty Celsius cans to the vodka seltzer company High Noon, which filled them with alcohol."
Google Tightens Android Sideloading—At What Cost to Digital Freedom?
Google has begun blocking sideloaded Android apps in Singapore, citing security concerns over apps requesting sensitive permissions like SMS and accessibility services.
Purism makes premium phones, laptops, mini PCs and servers running free software on PureOS. Purism products respect people's privacy and freedom while protecting their security.
Will this push devices like the ones offered by @purism@social.librem.one to the forefront of digital technology? I know that I, for one, will likely be looking into one of these devices for my next phone. Though I just bought a new Motorola last week, I may buy a Librem just for testing, especially if OS's like Graphene go the way of the Dodo, due to Google, well, being evil...
![A square graphic with a figure and text. The figure is a cute, small shark in pink lurking behind a wall of stones. Below the figure, the text shows in huge letters "< polycule > and in smaller font size "- a geeky and efficient [matrix] client". The background is deep black.](https://fedi.ml/photo/preview/640/691008 "A square graphic with a figure and text. The figure is a cute, small shark in pink lurking behind a wall of stones. Below the figure, the text shows in huge letters \"< polycule > and in smaller font size \"- a geeky and efficient [matrix] client\". The background is deep black.")
amenome
in reply to feld • • •feld
in reply to amenome • • •