adevtool: add satellite eSIM overlays to avoid the special Skylo eSIM on 9th/10th gen Pixels being listed as a regular eSIM and being possible to erase with the regular eSIM erase functionality
kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.111
kernel (6.12): update to latest GKI LTS branch revision including update to 6.12.52
System Updater: prevent reboot and security preview notifications from timing out after 3 days which is standard behavior since Android 15 QPR1
System Updater: mark notification permission as fixed to prevent disabling overall notifications, but enable blocking progress, failure and already up to date notification channels
Sandboxed Google Play compatibility layer: add support for overriding BinderProxy transactions
Sandboxed Google Play compatibility layer: add support for out-of-band updates to GmsCompatLib
raise emulator super / dynamic partition size due to reaching the limit in some cases
adevtool: prefer prebuilt AOSP JDK 21
All of the Android 16 security patches from the current November 2025, December 2025 and January 2026 Android Security Bulletins are included in the 2025102201 security preview release. List of additional fixed CVEs:
2025100901 provides at least the full 2025-11-01 patch level and the Android 2025-11-05 patch level (Pixel Update Bulletin could have fixes we don't get early) but will remain marked as providing 2025-10-05.
For detailed information on security preview releases, see our post about it.
Today I received the invitation to update. It explained the embargo fiasco pretty clearly, and it's well designed in order to influence the user to accept it. But still opt in.
Easy, short and to the point. Great work all around.
This makes me frightened to even try finding anything in curl, as my previous findings in two other projects was found out to be me misusing them, so the issues was closed.
I don't do AI, but I might make false assumptions or invalid research on a topic, which shows my lack of knowledge in the subject.
@mctwist no need to be scared. People have reported problems for years without any problems at all. The problems begin if you, without knowing what you're doing, ask your AI chat bot to find security problems in a project - and you then believe it or assume it speaks truth without verifying that yourself. But why would any sane person do it like that?
My understanding is that strcpy in c is one of the traditional "unsafe" functions, because it's easy to cause security issues with it. Since it's so well-known, LLM has likely seen it very often in training data.
However, curl is written according to ANSI C for portability, where only strcpy is available - so there's a trade-off LLM's have no capability to deduce.
@agnew_hawk @philip yeah I think so too. strcpy is a common footgun in C so it makes sense to be particularly thorough about its use and many times you can find flaws in the logic around use of this function.
This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.
Privacy and security enhanced releases of Chromium for GrapheneOS. Vanadium provides the WebView and standard user-facing browser on GrapheneOS. It depends on hardening in other GrapheneOS reposito...
Imagine a browser where you type in “Taylor Swift” and it doesn’t even admit that her website exists. I write about Atlas, ChatGPT’s new anti-web browser that should come with a warning label. anildash.com/2025/10/22/atlas-…
Research coordinated by the European Broadcasting Union shows that Artificial Intelligence routinely misrepresents the facts when summarising news stories.
Stalwart Mail Server is an open-source mail server solution with
JMAP, IMAP4, POP3, and SMTP support and a wide range of modern
features. It is written in Rust and designed to be secure, fast,
robust and scalable.
I always begin my reports with "step 2" as well, which is a perfectly human thing to do and not at all a hint at something having been partially copy pasted from a genAI chat log...
I had a feeling he was going to do this to me again. I told him in the TGV chatroom yesterday that he did not have my permission, or anyone else’s for that matter, to "parody", but he refused to quit. You can still see the conversation at theglobalvoice.info/chatroom.htm.
My wife is away for a few weeks on an elder care visit so I’m wondering: does anybody have any good recommendations for a two player game, ideally that can be played on #iPhone / #iPad or possibly the web?
it can’t be action/arcade because she shrinks from the sight of a video game controller like a vampire reacting to garlic or fire. 
Word games are good. We used to play words with friends, but it became an ad in crusted garbage heap so I’m not particularly inclined to go back to that.
It is a shame how little control #WebDevelopers have over the #ScreenReader user experience. Blind folks are getting the audio version of the black text on white background experience, without any design or flair.
To #blind people with experience with #PowerPoint, I need help! My school wants me to create a #presentation with speaker notes and graphics, and I'm having extreme trouble even getting started. My info text box with my name, school, and date covers everything up, and I can't figure out moving it or how to get to speaker notes. I normally create assignments with #LaTeX, but I kept running into issues making a presentation that way. I'm on #Windows using #NVDA. Disability services made this sound doable and even easy, but so far that doesn't seem to be the case. #accessibility #MicrosoftPowerPoint #BlindStudent @mastoblind @main
We have training material for PowerPoint if you would like to learn the program in more detail: nvaccess.org/product/microsoft… It should be possible to create a presentation including graphics and speaker notes. Which version of PowerPoint are you using?
#curl binary builds at curl.se/windows/ started using a fresh public suffix list, and will bump them regularly. (no longer relying on the copy bundled with libpsl, which is almost 2 years old) github.com/curl/curl-for-win/c…
Replacing the public suffix list bundled with libpsl.
The original promise / expectation was that libpsl sees regular updates,
and a psl update with it, but the latest release is soon to be 2 year...
Tonight join @Liz, for Full Circle from 7 P.M. eastern (US time). Their will be a showcase, and in the third hour will be the next episode of Chickenman. So tune in tonight, and see who is hiding in the showcase. HKCRadio.com
The only thing that Ring (and their deal with local law enforcement to share videos) accomplishes is riling up the racist lookie loos in a neighborhood. theverge.com/tech/804052/ring-…
Das Gebäude wurde inzwischen doch abgerissen. Aber nebenan im #Bahnhof sind aus der #Grenzübergangsstelle originale Ausstattungsgegenstände und eine #Doku der ehemaligen #Grenzkontrollen eingerichtet. Sehenswert! #DDR
OK. Takže po migraci dat z NB s W10 na NB s W11 mě česká instalace linuxu místo těch W10.
Jenže kterou distribuci? Chci něco s Plasmou 6 a delší podporou ať nemusím řešit upgrade každý půlrok. Takže tentokrát ne Kubuntu - LTS má Plasmu 5 a 25.10. je až moc experimentální.
Takže po krátkém hledání jsem stáhnul #openSUSE Leap 16.
Bude fungovat? Splní očekávání? Zjistíme v následujících dnech 😎
With the upcoming release of JAWS, ZoomText, and Fusion 2026, we are introducing User Accounts, a foundational change that will shape the way we support, update, and personalize your user experience going forward. Why We’re Introducing User Accounts: • Faster, More Reliable Communication - Receive important notifications regarding updates, critical fixes, or security patches to stay connected and secure. • Expanding productivity - Multi-line braille support for modern braille displays. • Future Innovation - Secure sign-in enables us to introduce new AI features and other unique services as they become available • Simplified Experience - One account across multiple devices, paving the way for future enhancements like the ability to synchronize your preferences and settings across devices conveniently. • Privacy and Compliance - Account creation aligns with global data protection standards and ensures responsible access for educational users. If your JAWS, Fusion, or ZoomText license is up for renewal, now’s the time to renew. Contact our Customer Experience team at sworders@vispero.com for a quote. Best, Vispero. All rights reserved., 17757 US 19 North, Suite 200, Clearwater, FL 33764, USA, (877) 775-9474
@alexhall Oo, I know. They're gathering telemetry about who's using them, then when they figure out that 0.00000000001% of users have one, they drop support in 2027.
@jackf723 @alexhall I wonder if this might finally mean they finally start expanding the home annual license beyond the US. Supposedly the reason they gave at least to the UK reseller before was the infrastructure they have for it in place is all hosted in the US and is not GPDR compliant. And it sounds like this might be? In general though it just feels like they are pulling a Microsoft to gather more telemetry and maybe combat piracy. Gotta find money to cover those AI bills somehow I guess.
*ALL* tech should default to this mode! I should not have to go out to the internet and back to control local settings on something. Some automatic cloud processing is one thing, as their autopilot mode might do, but controlling settings with the app over the local network or bluetooth should just, be the default? Is it because bluetooth is such a pain in the ass to keep working? Would it actually be inconvenient for users that way? Or is it purely for harvesting? Eight Sleep adds ‘outage mode’ to smart beds after AWS problems left them frozen theverge.com/news/804289/eight…
Eight Sleep devices were bricked by Amazon’s server issues on Monday, with users reporting smart bedsstuck at high temperatures and inclined positions.
To most people, a router is just "that thing that turns cable internet into wirelesss internet." According to them, the internet in my router is exactly the same as the internet in your router (maybe faster or slower). If they have a some kind of cursed WiFi setup to get reception in a different room that's actually two networks inside one another, they expect all smart tech to still keep working.
Anyway, none of this would have been a problem with IPV6, working UPNP and less security paranoya.
Also you have WiFi assist, which sometimes switches you over to LTE when that's convenient. To most people, that's just "internet", it should work just like that "other internet" does.
Bluetooth sucks at "family sharing" and multi-point. You can do it, but it's a completely different skillset than `await fetch(...)`. Then there's BLE, which has its own share of problems.
@miki Why does it have to be so bloody hard to just, make a thing talk to a thing over a short-range wireless radio link? Is NFC even designed for this?
@miki Figured. You'd have to, like, configure it to taste and then go touch it with your phone to apply. Which isn't particularly convenient either, and forget real-time status.
@miki Taildrop seems to be the closest to universal, and it does end up being p2p because Wireguard. And ironically, Android seems to be the most problematic towards it because file permissions.
@jackf723 It's P2P as long as it can punch through, but it still relies on centralized servers for coordinating the punching-through part, and as a fallback for when P2P and/or UDP (which is the only protocol you can realistically use over P2P in most network conditions) is unavailable.
Here we cover how we can get through NATs (Network Address Translators) and connect your devices directly to each other, no matter what’s standing between them.
@jackf723 @miki Huh? We're talking about controlling smart devices without going through cloud infra so AWS going down doesn't brick your smart appliance, not file sharing. Although I think I did hear something about the EU wanting to have an interoperable standard, a la air drop, between all the phones, and hopefully computers can get it too at some point...
@miki That was more proof of concept, I.E. if Taildrop can make things work p2p, irrespective of platform/physical network constraints, then a p2p home-control setup could in theory be achieved.
@jackf723 @miki Still needs a coordination server, though. I also still need to figure out whether it's capable of completely avoiding relaying when I'm talking to devices that are actually on my LAN, can it just, resolve the LAN IP address and beam directly at it, or go through the router? I never saw an article on that one. I'm behind a Spectrum NAT.
@jackf723 Yes, do `tailscale ping node_name`, that'll tell you what you're going through.
That's one of the things ICE (no, not that ICE) is good at. It tries using all the IP addresses a node has, both local and global, until it finds one that works or falls back to relaying.
@miki @jackf723 Well the first time it came back via a 2603:... IPv6 address, but then it appears to have found the internal one, 192.168.1.x. The IPv6 ping was 70 ms, then the internal one was 6, but then it was 30ms and 1.2 seconds? These ping times are nuts. Same address though so it seems after a few packets through it figured out the best route and is now sticking with it. For reference, I pinged my phone.
@miki @jackf723 Now I don't know whether that's going out to the router and back or whether the computer knows the phone is nearby and just sends the wi-fi packet straight-up, but I doubt anything but a wireless radio connected to some kind of interception software could tell me that.
@jackf723 That's not how WiFi works, it always goes through the router. Security / possible firewalls / client isolation are one reason, range is another, no need to establish WPA sessions between devices is yet another.
There's no IP routing though I think, it's all on L2 and ARP / MAC address based I believe.
@miki @jackf723 Oh, huh. I thought it could somehow use something at the network layer mapped to IP addresses to talk to a device directly, is that ethernet rings only? I guess that's why wi-fi direct exists, and is now dead.
@jackf723 Even on ethernet you can't do that any more with the latest specs I think. You could do it on 10mB/s and 100mb/s, I think that's where that idea stopped. Nobody does it like that any more, people haven't been since the early 90s.
@jackf723 Ask your favorite LLM about the difference between an access point, a hub, a switch and a router. Those are pretty basic network concepts, a modern large model should have no problems there.
You can also find overviews of course, if you're willing to wade through the blogspam and/or have access to Cisco content.
To be entirely fair, this could be done very very well with some collaboration from smartphone vendors. I have a protocol design in mind that would work if it had buy-in, but that's not something one can just go and implement.
Sweet dang. re: Omarchy & Framework - “Out of all the Linux distributions out there, this barely configured stack of poorly written Bash scripts on top of Arch is clearly the best choice for us to support!”
I'm just genuinely trying to have fun the last little bit I'm here :) I'm volunteering to do tours, volunteering to help people or do things that people are asking for volunteers to do, trying to be more social and relaxed and fun. I have my final meal on Friday and honestly, I'm not stressed about it. It's gonna be fun. I'm excited about it and excited to see what my travel assignment for next week will be.
Isn't it somewhat traditional for them to drop you off in the middle of nowhere, some random location, and you get to figure out where you are and get back to a designated point?
@BorrisInABox Yes, however since their travel instructor has been really super sick for a great chunk of the past year, and I'm already a good traveler and he knows it, it's possibly going to be a bit different for me, we'll see.
The "alternative" they'd give you is some shit like coinbase which only supports some ethereum shitcoins which take $50 fee on an $30 transfer if you don't use a custodial wallet that needs your blood type and anus printout.
@mint back when etherum GPU mining was good I had a debit card linked directly to coinbase. I could buy some ETH on a Monday, spend it freely on snacks, and still come out ahead by Friday. Those were the days.
Hi, if anyone knows about 3d printers and accessibility, can you help out my partner? If you have Ramblio and can respond on there that'd be awesome, but if not, please let me know and I can pass it on. ramblio.com/ramble/pfMqaFK68wC…
Nuclear and Hydro Linked to Lower Electricity Prices. Wind and Solar are Not.
I often hear the phrase “Wind and solar lower electricity prices", but is that really true? I decided to plot the data.
Looking at the average spot market price (no taxes or tariffs) across 30 European countries in 2024, wind and solar seem to have no effect on electricity prices. The weighted regression actually shows a slightly positive slope, meaning prices go up as the share of wind and solar increase, but it is far from statistically significant (R2 = 0.03, p = 0.4).
In short: wind and solar explain nothing about a country’s electricity price.
On the other hand, when looking at clean firm power sources like hydro and nuclear, the explanatory power becomes much stronger.
Using a Weighted Least Squares (WLS) regression across 30 European countries, weighted by total electricity production, there is a clear and statistically significant relationship (R2 = 0.4, p < 0.001). Countries with more hydro and nuclear tend to have lower electricity prices. Of course, this does not explain all the variation, since plenty of other factors matter too.
But it sends a clear signal: hydro and nuclear are linked to cheaper electricity, while wind and solar are not having any measurable effect in either direction.
[Original text by Johan Christian Sollid, as posted on X]
Markdown support is coming to #LibreOffice! And a new dialog to edit table styles, Python and BASIC code auto-completion, Rust UNO language bindings, and more - all thanks to participants in the Google Summer of Code: blog.documentfoundation.org/bl… #foss #OpenSource
This year, LibreOffice was once again a mentoring organization in the Google Summer of Code (GSoC), a global program focused on bringing more developers into free and open source software development. Seven projects were finished successfully.
Will that include support for typing in markdown? I keep trying to add bullet lists and headings with markdown syntax 🤦♂️ I am too used to the plain text world to use a proper document editor
@gunstick Glad you like it! As it says in the blog post, the initial support is for importing Markdown files. It will be in LibreOffice 26.2, due in February next year.
@jzb Importing and exporting! Regarding your second point, you could submit it as an enhancement request: bugs.documentfoundation.org/ – But of course, we're a volunteer-driven project with very limited resources. If you want the feature ASAP, you can help our volunteers, or fund a developer!
warmaster
in reply to KindnessInfinity • • •Today I received the invitation to update. It explained the embargo fiasco pretty clearly, and it's well designed in order to influence the user to accept it. But still opt in.
Easy, short and to the point. Great work all around.