I've discovered a Time-of-Check to Time-of-Use (TOCTOU) vulnerability in how `libcurl` handles persistent HTTP/2 connections. During the initial handshake, `libcurl` correctly validates the...
Hi Daniel, thank you for your thorough investigation. You have a good point that this looks like slop. I assure you no LLM had been used for creating that report. Best regards Simen.
I think I found another vulnerability in curl, related to the one posted above. If the attacker has elevated file system access they can replace the curl or libcurl binaries to execute arbitrary code when curl is called. /s
I really admire your patience, after the first two replies the user would be labelled as "ignore, report as spam". These users do not understand what they're doing is a waste of money (in this case, other people's money, not theirs).
TalkBack, a part of the Android accessibility suite, is the screen reader developed by Google and comes pre-installed on most Android phones and tablets.
Are you part of an open source project with a community of users, contributors, and/or third party developers?
I want to interview people about their projects with particular attention to how codebases, documentation, project management tooling, and community spaces are constructed.
On these "project tours" we'll go through your project together, on video call, and talk about how the structure of the project influences, and is influenced by, your goals, culture, logistical constraints, etc.
For a while now I have been looking for an easy-to-use solution to track the time I spent on various tasks at my wor. My colleague has recommended Toggl, a tool to do just that in the browser. I have tried it and neither the website nor the Windows app were accessible. Thanks to somebody boosting it, I have discovered Timery for Toggl by @joehribar , a third-party client for the Toggl service. It is easy, definitely accessible and powerful with shortcuts and widgets. It's customizable to the point where i now use the VoiceOver gesture of two-finger swipe left to start a new time entry (an instance of time running), as opposed to a timer which is a predefined time counting config that creates its own time entries once launched (this I start with a two-finger swipe to the right, pick a timer from the list and go). The new time entry only requires a name and starts immediately. I can assign it to a project later. The quadruple tap with one finger resumes the recent timer and a single tap on both sides of the screen (actually the half of the gesture to enable Braille Screen Input), stops any running tracking (I'll have to change that actually as it gets triggered everytime I really try to activate BSI). The subscription is definitely worth it! I don't have to even open the app most of the time and tracking has become much easier. Thank you! apps.apple.com/pl/app/timery-f… #Accessibility #Blind #iOS
Enhance your Toggl time-tracking experience with Timery! Start your most-used timers with one click. Edit your time entries easily. See reports of your time tracked.
Many moons ago, a friend ran an SSH honeypot that had a unique feature: when the attacker gained "access" to the system, he could then send responses to the interactive commands the attackers executed over an IRC channel.
One day, some attacker popped in, and he started to taunt them live. Often, the attackers were just throwing in some copypasta and weren't actually checking the responses. This one time, the attacker realised what was going on and was quite amused, and started to chat back, sending fake commands to see if he would get obvious human responses back (Note: that this was well before generative AI). This went on for some time, and some kind of a connection was formed. The attacker would come back to chat with my friend, logging in over SSH to this honeypot.
Eventually, the attacker divulged other means to communicate with him. He told my friend he was a bored Romanian guy who ran a kind of academy for young hacking talent. They'd gain access to some box, install their SSH bruteforcer (random IPv4 addresses and fixed password lists), and rinse and repeat.
Eventually, the attackers seemed to stop and disappear. My friend contacted them and asked what had happened: maybe they had been caught by authorities?
No such luck. Apparently, they had discovered some addictive online game that was more interesting.
I woke up today to loud gunfire and many explosions. As usual I checked that my family is ok. I succesfully completed the chemistry exam. I'll spend most of my time today preparing for the next exams. Hopefully nothing bad happens to us today.
I'm not a number. I'm human being. I have life details. I have a story. I have a dream. I love my life even if it's too difficult.
Re my last RT: paying someone to do something they already enjoy can actually make them enjoy it less. I am absolutely living proof of this.
I once got advice as a teenager. Someone said "don't do what you love for a living. You'll hate it later." And, while that's not 100% true, my autistic burnout doesn't agree.
I certainly find it cumbersome to read books on request rather than just picking what I want. And I can really see how working in digital accessibility would burn me out for wanting to fix things on a personal or family level.
The number one reason for (at least) weekly changes to my site is to update the AI crawler/siphon blockers ... it never stops : there are 97 of them right now 😤
"carbon capture project." <- and they are getting scammed on this. The only carbon capture is by keeping that shit in the ground. In solid or liquid form.
I wish I could have chosen multiple options. Option 3 is under serious threat as well, as more and more device manufacturers refuse to unlock the bootloader for alternative OS installation. I'm tired of the fact that a manufacturer can decide that the fully functional computer in my pocket is now obsolete just because they can't be bothered to support it anymore. This is making me seriously consider life without a smartphone. Maybe I should give Fairphone a go before I do that...
Mudita Kompakt is a minimalist phone designed for mindful living. Featuring an E Ink screen, long battery life, and distraction-free tools, this E Ink phone helps you stay focused and unplug with ease.
PWAs can mitigate the problem, but they don’t completely solve it. They’re a halfway house: more open than app stores, less powerful than true side-loading? I don't know:)
It seems that this might be the push that Linux and other OS options needed to de-Android. The fact is that Android has been under serious threat for over a decade. Remember the Oracle legal attacks to try and take it back over Java? Whereas devs were devalued with open source alternatives, now maybe they will flourish? Let's hope.
I'm also using Graphene. But in the future, if Google decides to cancel AOSP, I buy the last gen of Pixels that support custom OS and keep it. Phones arent getting better anyways, only that stupid AI shit nobody wants.
Another option. I use Lineage for now, but I think it affects me anyway as when less people use APKs or F-droid less developers are going to publish less apps outside Google Play Store. So I hope you will continue providing Tuta mail/callendar on F-Droid and also support any possible Linux on mobile project with Tuta apps just in case Google also kills AOSP forks one day.
@Tutanota Gmail blocked my message from Tuta to a friend on the ground of "reducing spam". This is the message "host gmail-smtp-in.l.google.com[74.125.71.27] said: 550-5.7.1 [185.205.69.213 12] Gmail has detected that this message is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail, 550-5.7.1 this message has been blocked. For more information, go to 550 5.7.1 support.google.com/mail/?p=Uns… 5b1f17b1804b1-45df817e1fdsi13055195e9.31 - gsmtp (in reply to end of DATA command)"
I created a Linux VM and used Debian as the distribution. Everything installed perfectly, but after setup the sound got really choppy. Is it possible to fix it somehow?
I can suppose you allocated too little memory to the VM. @fireborn Can you assist please? Original post for reference: "I created a Linux VM and used Debian as the distribution. Everything installed perfectly, but after setup the sound got really choppy. Is it possible to fix it somehow?"
@menelion @fireborn It could be too little RAM. It could also be what happened to me...I had the processors and cores settings backwards. Set processors to 1 and cores to at least 2, 4 or 8 is better but you might not have that much available depending on your system. Just a suggestion.
Seirdy
in reply to Rayne, Raging Misandrist Arc • • •