mastodon - Link to source

In this newly disclosed #curl security report it is painfully obvious how the user's "clever" idea of using an AI to write the report made the report into a impenetrable wall of text instead of simply stating the problem in a few coherent paragraphs.

hackerone.com/reports/3324901


curl disclosed on HackerOne: libcurl: Host-Only Cookies Leak to...

libcurl canonicalizes numeric IPv4 hostnames during URL parsing and redirect handling (example: 127.000.000.001 to 127.0.0.1). When a host-only cookie (no Domain= attribute) is set, it is stored in...
HackerOne
#curl

mastodon - Link to source

@bnjbvr is an active member of the Rewrite in Rust task force, and he wants you to know how you can make your Matrix app go voom 🦀

Don't miss his talk at the Matrix Conference in October 15-18!

conference.matrix.org

A portrait of speaker Benjamin Bouvier, next to the title of his talk "Speedrunning Matrix clients with the Rust SDK"

The Matrix Conference

Come along to see the latest and greatest progress in the Matrix world! From huge government deployments to the latest innovations, hang out with your peers to share the best learning, insights, projects and tips!
conference.matrix.org
@Benjamin Bouvier 🥐

mastodon - Link to source

Ahoj, narodil jsem se v Karlových Varech, jen už tam docela dlouho nežiju...

Karlovy Vary jsou ale moje srdeční záležitost a často je s mojí ženou navštěvujeme...

Největší srdcovka je ovšem Grand Hotel Pupp, kde jsem se vyučil kuchařem...

Mám rád knihy, filmy a dobrou muziku. Baví mě sledovat fotbal a rád opečovávám naší zahrádku...

V roce 2018 jsem onemocněl. Trpím středně těžkou hemiparézou, jsem částečně ochrnutý na celou levou polovinu těla...

...a na pravou polovinu mozku

mastodon - Link to source
Attention: To any users of the IBMTTS community dictionaries, the repository URL has changed, by virtue of the repo owner changing username. The new link is
github.com/eigencrow/IBMTTSDic…
GitHub appears to be maintaining a redirect for now if you attempt to visit the original link, but I do not know how long this redirect will last. If you use any scripts, update their URLs. Otherwise, simply make note of the URL for when you wish to retrieve updates or contribute fixes. Note that version 25.09 was released two days ago as per our release policy.

GitHub - eigencrow/IBMTTSDictionaries: A large, community-driven pronunciation dictionary for the IBMTTS speech synthesizer in American English

A large, community-driven pronunciation dictionary for the IBMTTS speech synthesizer in American English - eigencrow/IBMTTSDictionaries
GitHub
This entry was edited (4 months ago)

mastodon - Link to source

Email & Calendar built for families. Made with ❤️ by Tuta.

Now your families can communicate & plan in privacy.

Learn more 👉 tuta.com/blog/best-family-cale…

Built for privacy with families in mind. Family sharing, no ads, and no AI.

Best family calendar app for Android | Desktop | iPhone. | Tuta

A family calendar must allow you and your loved ones to share agendas and stay in the loop. In this guide, we look at the best calendar app for families to use from any device in 2025.
Tuta

mastodon - Link to source

I just bought 20 envelopes and stamps, and I'm packing them with 5x #Conversations_im, 5x #OMEMO, and 5x #XMPP stickers each.

Send me an email if you want one. Put 'Stickers' in the subject so I can filter. While supplies last, obviously. (Though I'm more limited on the stamps than the stickers.)

Edit: I’m out of envelopes.

#xmpp #omemo #conversations_im
This entry was edited (4 months ago)

mastodon - Link to source

This should have been big news!

Ten funding agencies from eight European countries have pledged to support a public infrastructure that is poised to replace academic journals:
FWF 🇦🇹
RCN 🇳🇴
Forte 🇸🇪
ARIS 🇸🇮
SRC 🇸🇪
FCT 🇵🇹
CSIC 🇪🇸
DFG 🇩🇪
Formas 🇸🇪
ANR 🇫🇷
Only two of them issued press releases in English:
fwf.ac.at/en/news/detail/joint…
fccn.pt/en/atualidade/fct-assi…
and one more, NWO from 🇳🇱 considers joining:
nwo.nl/en/news/nwo-endorses-jo…
Why is this BIG? 1/4
#openscience #openaccess


FCT assina declaração de intenções para colaborar no fortalecimento do Open Research Europe (ORE) • FCCN

A FCT compromete-se a financiar colaborativamente a Open Research Europe - plataforma de publicação em acesso aberto sem fins lucrativos.   
Raquel Alfredo (FCCN)
#openscience #openaccess
This entry was edited (4 months ago)

mastodon - Link to source
NÚKIB vydal sérii varování před čínskými technologiemi. Oficiální dokument - varování má 9 stran a související metodika 26. Řeší různé technologie a území včetně Hongkongu a Macaa.
- Tady je obecný článek: portal.nukib.gov.cz/informacni…
- Kamery: portal.nukib.gov.cz/informacni…
- #Auta: portal.nukib.gov.cz/informacni…
- #FVE střídače: portal.nukib.gov.cz/informacni…
# kybez
#auta #fve

mastodon - Link to source

Having ongoing discussions about URL parsing differences as a basis for a #curl security vulnerability report made me check when I wrote my "my URL isn't your URL" blog post.

*Nine years ago*. And we have not made a single move towards a solution in all this time.

daniel.haxx.se/blog/2016/05/11…


My URL isn’t your URL

When I started the precursor to the curl project, httpget, back in 1996, I wrote my first URL parser. Back then, the universal address was still called URL: Uniform Resource Locators. That spec was published by the IETF in 1994.
daniel.haxx.se
#curl

mastodon - Link to source

Digital Extremes violate the #cURL license?

github.com/curl/curl/discussio…

If they do, that's a shame but there's not a lot I can do. Anyone who can verify this claim? (probably by scanning the binaries for known names or similar)


Digital Extremes violate the cURL license · curl curl · Discussion #18474

Hi, I just want to let you know (and have there be a record) of the fact that Digital Extremes, a Canadian video-game-developer-turned-GaaS-developer, are using cURL (statically linked alongside Op...
GitHub
#curl

mastodon - Link to source

Tak jsem se dva roky před padesátkou rozhodl odejít z firmy s dobrým týmem a skvělým šéfem, abych se věnoval – opět na volné noze – svému projektu, který sice český průmysl potřebuje jako 🐖 drbání, ale za to to může být hezká finanční polízanice pro mě. ;)

Jenže, poslání. A nový impuls. A vůbec. 🏃🏻‍➡️

Víc (možná i tady, jestli se osmělím) tak za 10 dní.

Štěstí přeje odvážným a připraveným, ne? 🍀

in reply to fc

pleroma - Link to source

feld

beware of the gremlins when using httpc/hackney/poison:

elixirforum.com/t/strange-http…

Also don't forget that validating the certificate is not the same as validating the hostname you're connecting is actually covered by the certificate! That's why this had to be made:

github.com/deadtrickster/ssl_v…

Crazy that this is necessary


Strange httpc/hackeny behavior on ssl verify

I need to call HTTP API verifying SSL or not. However, I found both httpc and hackney behave strange - ssl option stay across different functions. See this code: bad_url1 = "https://expired.badssl.com/" bad_url2 = "https://wrong.host.badssl.
Elixir Programming Language Forum
in reply to fc

pleroma - Link to source

feld

OTP has some catching up to do, that's the core issue IMHO. But they've come a long way in the last few years. As Erlang/Elixir have been experiencing huge growth these issues that nobody cared about are being solved with each new OTP release.

The next issue that will drive you nuts is no dual stack / Happy Eyeballs support. But you can get halfway there with this hack:

github.com/skunkwerks/inet64_t…

This will make all your connections try IPv6 first then fall back to IPv4. I'm pretty sure your httpc usage would not be able to connect to an IPv6-only website right now because httpc is hardcoded to only try an inet_tcp socket, never an inet6_tcp


GitHub - skunkwerks/inet64_tcp: Magic thing to make old Erlang stuff work in IPv6-only networks

Magic thing to make old Erlang stuff work in IPv6-only networks - skunkwerks/inet64_tcp
GitHub
This entry was edited (4 months ago)
in reply to fc

pleroma - Link to source

feld

Happy Eyeballs tries both simultaneously and picks the fastest path. If many A or AAAA values are published for the same record, it is somewhat smart about trying them in groups. (according to latest v3 spec I think?)

If someone has a broken AAAA record published for example, inet64_tcp will try the IPv6 host and then give up with a failure. It won't fall back to the A record because an AAAA record existed. That's all this does -- check for AAAA first and then connect if it exists, otherwise do the normal A record lookup and IPv4 socket connection.

You could probably modify that inet64_tcp to have error handling and be much more intelligent though! It's not complicated code, the trick is just knowing how to overwrite the OTP inet_tcp function which the library is already configured to do for you. You could definitely enhance the logic to make it more robust.

This entry was edited (3 months ago)
in reply to Ben Zanin

mastodon - Link to source

Federico Mena Quintero

@gnomon Everything looks super sharp, indeed! They are giving me a small headache, as per usual, but it should go away in a couple of days.

My problem with multifocals is that I have my laptop raised over my desk, and I need to tilt my head back. My old monofocals weren't cutting it anymore.

Now let's see if I can get used to changing them when I sit up and down...

@Ben Zanin

mastodon - Link to source

Living organisms are assumed to produce same-#species #offspring.

But this is not the case for Messor ibericus, an #ant that lays individuals from two distinct #species.

In this life cycle, females must clone males of another species because they require their sperm to produce the worker caste.

As a result, males from the same mother exhibit distinct genomes and morphologies, as they belong to species that diverged over 5 million years ago.

The evolutionary history of this system appears as sexual parasitism that evolved into a natural case of cross-species cloning, resulting in the maintenance of a male-only lineage cloned through distinct species’ ova.

#biology #evolution
nature.com/articles/s41586-025…


One mother for two species via obligate cross-species cloning in ants - Nature

In a case of obligate cross-species cloning, female ants of Messor ibericus need to clone males of Messor structor to obtain sperm for producing the worker caste, resulting in males from the same mother having distinct genomes and morphologies.
Nature
#biology #evolution #species #offspring #ant

mastodon - Link to source
BOBBIN: Now with Enhanced Apple IIe support, thanks to @sethkushniryk ! Currently in the "enhanced-revised" branch, not yet in main. I can play @a2_4am 's "Pitch Dark" collection now!
github.com/micahcowan/bobbin/t…

GitHub - micahcowan/bobbin at enhanced-revised

A terminal-driven Apple II-series emulator aimed at efficient development for 8-bit Apple computers - GitHub - micahcowan/bobbin at enhanced-revised
GitHub
@4am ❧ @Seth Kushniryk

glitchsoc - Link to source

With everyone being so focused on Ty and Pyrefly right now, I'd like to put a lesser known type checker in the spotlight for a second, called Zuban.

I know, yet another Python type checker, just what the Python ecosystem needs! But hear me out, this one is genuinely exciting to me.

It's made by a long time Python ecosystem contributor, who you might know for creating Jedi.

Of course, it has all the goodies you'd want these days, which is a good CLI, an LSP, being written in Rust for performance, etc.

But it also aims for Mypy compatibility with zmypy, making it a great potential option for existing projects using Mypy that just want something faster.

I reported a couple of issues which got fixed in a span of hours too!

I'd say give it a go, don't expect perfect results, but report issues if you find them :blobcatthumbsup:

#Python #notAnAd


GitHub - davidhalter/jedi: Awesome autocompletion, static analysis and refactoring library for python

Awesome autocompletion, static analysis and refactoring library for python - davidhalter/jedi
GitHub
#python #notanad

mastodon - Link to source
I gave a seminar entitled "How Rust won: The quest for performant, reliable software" at the Topos Institute on Jun 3, and the video (youtu.be/k_-6KI3m31M) is now published. I hope people enjoy it!

[Berkeley Seminar] Raph Levien | How Rust won: the quest for performant, reliable software

Title: How Rust won: the quest for performant, reliable softwareAbstract: For a long time, high performance has been in tension with reliability. In particul...
YouTube

mastodon - Link to source

#AndroidAppRain at apt.izzysoft.de/fdroid today brings you 16 updated and 1 added apps:

* CoMaps - Hike, Bike, Drive Offline with Privacy (added on request of its developers; not yet RB)

Enjoy yourr #free #Android #apps with the #IzzyOnDroid repo :awesome:


IzzyOnDroid F-Droid Repository

This is a repository of apps to be used with your F-Droid client. Applications in this repository are official binaries built by the original application developers, taken from their resp. repositories (mostly Github, GitLab, Codeberg).
IzzyOnDroid App Repo
#android #free #apps #AndroidAppRain #izzyondroid

mastodon - Link to source

I thought abortion was BEFORE the birth?

Florida plans to become first state to eliminate all childhood vaccine mandates: ctvnews.ca/health/article/flor… #polio #scarletfever #smallpox #mumps #measles #rubella #wontsomeonepleasethinkofthechildren #childdeathstate #childkillerstate #USA #USAUSA


Florida plans to become first state to eliminate all childhood vaccine mandates

Florida plans to become the first state to eliminate all childhood vaccine mandates, a move that critics called “reckless and dangerous.”
The Associated Press (CTVNews)
#USA #measles #usausa #polio #ScarletFever #smallpox #Mumps #rubella #wontsomeonepleasethinkofthechildren #childdeathstate #childkillerstate

mastodon - Link to source

Europe Can Build Its Own Social Media
by Sebastian Vogelsang

project-syndicate.org/commenta…
#EuropeanAlternatives #BuyFromEU #BuyEuropean #SocialMedia


Europe Can Build Its Own Social Media

Sebastian Vogelsang thinks policymakers are overlooking the potential for developing platforms on decentralized, open protocols.
Project Syndicate
#socialmedia #europeanalternatives #buyfromeu #buyeuropean

mastodon - Link to source

It's September 3... the Montréal election is November 2...

Almost 15% of Montréal identify as anglophone—where is the English version of Transition Montréal's website?

transitionmtl.org/ #polMTL #MTLpoli #ticktock #MTLvotes #montrealvotes


Transition Montréal | Un vent de changement sur la métropole

Transition Montréal : Découvrez notre chef, nos candidat.e.s et notre plateforme pour un Montréal progressiste et audicieux, transformé rue par rue !
Transition Montréal
#polmtl #mtlpoli #ticktock #mtlvotes #montrealvotes