📣 Do-It-Blind (DIB) online Besprechung am Montag, 3. November, um 19:00 Uhr. Du bist eingeladen! bbb.metalab.at/rooms/joh-szv-o… Wöchentlich am Montag besprechen wir neue Formen der digitalen und inklusiven Zusammenarbeit. Mach mit! 🛠️ #make #blind #inklusion
Learn using BigBlueButton, the trusted open-source web conferencing solution that enables seamless virtual collaboration and online learning experiences.
In this episode, Josh and Otto dive into the world of Debian packaging, exploring the challenges of supply chain security and the importance of transparency in open source projects.
one thing we finally made real in #curl as a direct consequence of the xz attack was reproducible builds. Since the xz release added things into the release that did not come from autotools nor git, verifying reproducible builds would have caught that. Having that in place forces attackers to land their backdoor in git to be able to ship it, which should increase the bar significantly.
yeah, in the #curl case I hope and wish that the people making the curl packages for distros (or build curl for other purposes) do the reproducible check - so that they know for sure that the one doing the curl releases didn't smuggle anything in. It also usually also requires that a few people do it and can trigger the alarm if they would find something odd.
building from git means building without autotools on every single platform and would mean I would have to use cmake on a daily basis which would drive me nuts. So not likely to happen anytime soon in curl 😃
@bagder There are also many projects not using git. The plain files collection (tarball) will remain as the lowest common denominator for a long time. Anyway the build change could have also been committed to git just like the new test files were. Doing it in only the tarball was just one layer of extra obscurity, not really the key here.
I think it was part of the key for the xz attack. The git repository gets wider exposure and review by the public - that was avoided by injecting the files directly into the tarball.
You have an idea for a software project, but lack the resources to implement it? The Prototype Fund supports you or your small team with up to €158,000, coaching, consulting and networking opportunities.
The Story of StartMenuExperienceHost.Exe. Once upon a time, there was a little process named, StartMenuExperienceHost.exe. This executable, as so called, became responsible for hosting the start menu bits in Windows 10 and 11. By doing this, Microsoft could avoid crashing your entire shell if the start menu crashed. So, perhaps they had a good reason: Sandboxing hardens your system against such crashes. In Windows 10, StartMenuExperienceHost lived happily. It consumed very low amounts of RAM, typically around 40 to 60 MB. It quietly sat there, waiting for its user to hit that magic start button. Then along came Windows 11. The Start menu moved further into WinUI/XAML with more composition effects and glue to other shell bits; it runs in its own user-scoped process now too. Windows 11’s Start became more entangled with web-delivered features, even going as far as talking to the widgets process for content updates. This in turn, really burdened poor StartExperienceHost. Our friend now went from using 40 MB to 140 MB Ram when idling. Today, it runs almost as much as content as a web browser inside itself, and yet it lives faithfully on inside the computers of hundreds of millions. The end.
@remixman hahaha. On Windows 10 you can actually still run explorer.exe from Windows 7. (github.com/world-windows-feder…) - sadly this stopped working on Win11. I use it all the time, because it brings back a single-process explorer, but when I try to launch it in Win11 that explorer.exe just hangs there doing nothing So MS killed it somehow later on, or removed the APIs it used.
As a result of this little story I told, I figured it all out for Windows 11, for myself anyway. Between CrossDeviceExperienceHost, SearchHost, StartMenuExperienceHost, and newer Explorer bits, Windows 11 just consumes a lot more RAM. A lot of this can be tamed. - Open-Shell: (github.com/Open-Shell/Open-She…)- With this, I can have a search box again. Best yet, StartMenu.exe consumes only 20 MB of RAM now, but downside: I had to manually take ownership of StartMenuExperienceHost.exe and just rename it to a .bak file. At any time, a Windows update can sneak in a new version, at which point, it'll relaunch silently again. - Explorer patcher: (github.com/valinet/explorerpat…) Also useful. It alone trims down 50-100 MB of ram, even if it spins up a smaller explorer process. I set everything to Windows 10 style, register as shell extension, all that - significantly better explorer that's less leaky. Now I'm fairly satisfied with the Windows 11 IoT Enterprise LTSC version. It's a slight overhead on memory, but once you disable many of the leaky shell bits included, it becomes more like Windows 10 LTSC.
just curious, but have you ever thought of trying to use Win11Debloat-2025.10.06.zip to see if it can help you taim windows 11 as you call it? smile. just thought I would ask.
@JamminJerry yeah, sadly a lot of what that deletes is just not as present as on the LTSC enterprise Windows 11 build. For example, not as many of the copilot apps, no bing stuff, thankfully still classic notepad and calculators. Some others, like that Web Experience pack, do get installed, and of course the tweaks in it for telemetry or other things still helps on enterrise too, so it's not as clear-cut as "nothing works." :) It's why I wrote a deeper one for these Windows editions, because a lot of debloat things don't ever touch memory compression or other knobs like that, and I wanted to see how close to baseline of Windows 10 I can get 11 not only in terms of performance but RAM usage and when it's idle, how much CPU it's using. I think after dozens of going back-and-forth between them, re-imaging backups after backups of one and the other, I figured it out. Quite a painful process but one that I hope really pays off.
well if you find what works, I think you should write a very detailed step by step on how you did this. what programs you used, how to get them, and in those programs what to set in them to make things work, and be as good as you like.
If 2025 has shown me anything, it's that I am a grown ass adult, and am literally incapable of maintaining a regular sleep schedule for more than a week. Just not gonna happen. One day I'll end up getting distracted and going down a rabithole, or I'll just not get tired until 2 AM, or I'll go to bed at 6 PM. I hate it so damn much.
AFAIC, this is a common problem among blind people. Because the eyes don't behave the same as on non-blind persons, the body ddoesn't process melatonin the same way.
We apprehensively followed the developments and the debate concerning Framework’s endorsement and support of Omarchy. We have no direct experience with this Linux distribution, its community, nor with the political environment around it. We did not speak up before now because learning about all of it and keeping up with all the commentary would have been a full-time job. Unfortunately we do not have the time to read every single comment on the dedicated forum thread.
Despite our admittedly limited and superficial understanding of this matter, we believe we have witnessed and read enough to make an informed decision and take a clear position.
The statements from Framework and from Nirav Patel (its CEO) made it very clear for us that Framework is not a company we feel represented by any more, and surely not a company that we want to represent as Ambassadors.
To be frank, it is not even necessary to dive into the petty drama about the recent events in order to provide an explanation of our decision. We are deeply disappointed by a company that is self-proclaimed as the resistance of the tech industry, the good David that intends to stand against the big tech Goliaths that are devouring it. Framework’s behaviour brought to surface an embarrassing and absurd inability to take an explicitly political position, blinded by the Western patriarchal narrative that technology in itself is not political. By trying to keep everyone happy (or at least not to make anyone mad) inside a fictitious “big tent”, the company proved to be no better than any of its Silicon Valley peers, dismissing comments about DHH, and comments about fascism and racism as not strictly related to the main mission.
We were proud to be ambassadors because we believed that Framework not only made products that empowered those who purchase them to fully own and repair their devices, but most importantly because we wrongly expected that this would imply changing the paradigm and the narrative about tech companies altogether.
We were offered the possibility of having a 1:1 conversation with Nirav Patel. We did not take it, because it is self-evident that our opinions are in contrast with the statements that he already made. Too bad, Framework is going to lose much more business than it would have if it simply acknowledged a mistake, took a deep inward look, and questioned its own values and stance.
In a world that is burning, thorn by conflict and greed, it is not enough to be “less evil”, to be radical only in some cases, and be moderate in others. We wanted to be ambassadors of a company that does not see fascism and proprietary software as two distant topics, but that recognised the entanglement of politics and technology, of capitalism and authoritarianism. It seems that this is not the case.
Farewell, Framework. We will miss the shining brave idea we had of you.
Day 2 of the Hackathon went great. Marvin (@larma) helped me implement an opt-in feature in #Conversations_im which routes all P2P sessions (calls and files transfers) via the users home server (similar to the feature found in Signal).
I went on a nice walk to a viewpoint on Mount Royal afterwards.
@Goffi It's "iceTransportPolicy: relay" in RTCPeerConnection configuration in the web (see developer.mozilla.org/en-US/do…). There's also a property "force-relay" in libnice's NiceAgent. So I guess this functionality is widely available in ICE implementations.
The RTCPeerConnection() constructor returns a newly-created RTCPeerConnection, which represents a connection between the local device and a remote peer.
@Goffi @Monal yes, I agree. I understand an individual's desire to hide their IP but there is also value in having P2P connections actually be P2P. In case of A/V calls there are also significant performance/latency considerations.
I recently saw a toot saying that Linux on the desktop will take off and go mainstream once the terminal is hidden away under advanced settings (actually, twenty years after that). I had an immediate emotional reaction to that. This was my response: toot.cafe/@matt/11548590734157…
I feel like future generations need to be able to easily discover programming, almost stumble into it, as I could on my family's first computer, an Apple IIGS. So the idea of burying the terminal just seems wrong.
@ifixcoinops@retro.social I say don't ever hide the terminal away. We need to make sure that future generations always know that their computers are theirs to tinker with and modify as they see fit.
This is also kind of how I feel about "immutable" distributions. If computers worked this way when I was a kid, I don't think I would have gotten into computing. Being able to tinker and break/fix/improve things was essential to me feeling like it was worth it to pursue it for life.
It also gets rid of what makes Linux special over other OSes. If the only way to win is to do all the bad things everyone else does, that's not a win.
@neal I'm leaning toward using an immutable distro myself, but only if I can easily rebuild it or at least add overlays. Your last point is spot on, though.
@neal Burying the terminal seems wrong *to us* but it's hard for me to argue against the idea that a huge swath of mainstream users just want an appliance.
"It also gets rid of what makes Linux special over other OSes."
Well, not entirely. One of the things that makes Linux special is that it respects user freedom -- even if said user never exercises the full set of freedoms. It is enough IMO if we manage to liberate a significant percentage of users from abusive ecosystems even if they never do more than change the wallpaper.
The problem is, or a problem is, that we keep trying to design one-size-fits-all distributions that are suitable for the lovable weirdos that have brought Linux this far *and* users who just want an appliance that lets them install a few apps.
I doubt that's possible. We have to have the Fedoras and Debians, for us, but what suits us is not ever going to be the thing that brings "The Year of the Linux Desktop".
I don't know that you *have* to hide the terminal to be successful, but if using the CLI is required it's going to scare off a lot of users. I wish that weren't so!
We should be teaching kids how to use the CLI in school. Hell, if I had my druthers, kids wouldn't be allowed to touch a GUI until they'd learned to do everything with CLI tools. But that requires a much different world than the one we live in today.
@jzb The thing is... I *want* to drive those outcomes, where kids are exposed to more, and that the standard of basic computer literacy is raised. But if we lock down and dumb down the system too much, that outcome can never be possible.
The other issue is that we talk about "immutable" Linux distributions without acknowledging what they actually are: appliance Linux operating systems. Nobody wants to say it out loud because the term (rightfully) has negative connotations for users.
@neal I doubt that's really true, so long as other distributions are available. The kids who have exploratory mindsets are going to search for things and stumble on Fedora, Debian, etc. They'll tell their friends, show off what they've done/discovered. IME with kids, though, you can lead a kid to a computer, but you can't make them tinker. Nor can you really *stop* them if they're so inclined. @matt
@jzb @neal IMO it's not just about whether it's possible for a maximally determined kid to tinker, but how easy it is to do. It's the difference between an Apple II, where the BASIC interpreter is just a Ctrl+Reset (or in some cases, a Ctrl+C) away, and a pre-OSX Macintosh, where a programming environment has to be installed. As a kid I liked the former much better. And a terminal icon that you can click on, on the desktop/dock/whatever by default, is _more_ discoverable than the old Ctrl+Reset.
Putting a terminal front and center is a statement that you, the user, will want or even need to do things with your computer that we, the developers, didn't necessarily anticipate and design prefab, polished user interfaces for. Burying the terminal is a statement that we developers know best, and you users are a lower class that need to be protected from the things that we think you can't handle.
I'm personally of the belief that we should strive for being able to handle everything well in a preferred graphical interface, but that doesn't mean we should hide the terminal. Hiding the command line interface goes in the direction of trying to prevent the user from going beyond what you envisioned.
I think this is really only a mindset that a computer enthusiast can have. For most people if they want to do something that wasn’t thought of by the developer, they won’t roll up their sleeves and get to tinkering, they will go somewhere else or just give up on that task. The idea of there being some kind of classism or elitism about it is because you think programming is somehow noble. We’re not wizards, we’re tradespeople.
it’s like seeing an electrical panel in a closet and thinking, “these arrogant electricians looking down on the homeowners”. No it’s hidden because it’s ugly and I don’t want to see it in my house. I don’t want to think about it or touch it ever
@danirabbit I mean, if you follow the analogy it's worth noting that you cannot actually just hide an electrical box inside a closet, it'd be against code in most places. They're visible because they need to be safely accessible when there are problems. So they're ugly, and they're important when the lights go out, or the stove stops working. Unfortunately in Linux the stove stops working quite regularly, and until *after* that stops being a problem, hiding the terminal is just worse.
I understand where this idea comes from, computers didn't really become this mainstream home item until after DOS but at the same time I don't like the idea of computers turning into an appliance that you can't control.
The problem is when the existence of the terminal is used as an excuse to not make the GUI feature complete. And also when terminal access doesn't act as a booster switch to make the same familiar app more powerful, but instead as a virtually blank slate onto which you have to repaint all the work you already did in the GUI.
(Feel free to substitute "terminal access" for any other relatively advanced or complex control/integration mechanism here, like an HTTP API or extension framework.)
It's not about burrying the terminal, it's about not needing to use it.
Open source is fundamentally about fixing your own problems. The issue with things that require terminal commands to accomplish is that anybody who has the capability to fix that has no motivation to do so.
I can't agree tbh, most PC users are not tinkerers, and I mean it, they think OS is some built-in thing and browser is its core component. Terminal will only scare them away, so if we want Linux to be widely adopted, I'd say that 90% of its features should be accessible via a GUI, and terminal should be left for tinkerers to find in the settings, like on Windows - right click the Start menu, and you can quickly open it. Most users don't know that you can right click things for extra menus!
I wish I could agree. In a perfect world, having the terminal and all the UNIX-y goodness it contains always available would be amazing. Yet, most people I have met want a device that "just works" and if they have to do *anything* (and I literally mean anything) they give up. Users have been trained to assume that when something breaks, that's it. They buy a new device. That is antithetical to how Linux works, where most things are fixable. If a user sees a terminal, they panic and give up
As a full-time #JAWS user who uses #NVDA only for testing and when JAWS really can't cope with an element, I simply didn't think about this issue but now it makes me laugh and cringe at the same time, as it was raised in a YouTube stream about NVDA I've recently seen. In JAWS, when you script something, you may assign a keystroke to your scripts, and as soon as you do that, JAWS will warn you about a conflict if the keystroke has already been assigned. In NVDA however, if, say, user A develops an addon that does a thing and assigns Ctrl+Insert+1 to it, then user B develops another addon that does another thing, an absolutely different one, and assigns Ctrl+Insert+1 to it also, guess what happens when user C installs both? Hold your breath… It's random! Apparently, the addon installed later overwrites the keystroke, but you as an end-user press a key, expecting, metaphorically, to get a cup of cappuccino, but you get all your windows in the whole house open, because NVDA doesn't warn devs that another addon has this key already assigned! And how can it, probably, since there are tons of addons? Anyway, I'm sure it's possible but, I mean… hahahaha (sorry). And guess what? There is another addon that allows you (as an end-user!) to check duplicates and reassign whatever you need. Phew! I mean… no comments, other than splendors and miseries of #OpenSource (yes, I know, you're mad at me, I repeat this phrase every day, but I will do it more, as it expresses the state of things perfectly). #Accessibility #ScreenReader
Is that actually a valid comparison though? With JAWS, you generally install scripts that are only specific to a single app. If you want to install something global, things get a lot messier. Those warnings only hold if you as the user assign your own keystrokes.
@jcsteh I agree with jamie here. Global addons are so far apart from system-wide JAWS scripts that the comparison just doesn't hold water.
i'd far sooner have to reassign a couple of keys due to clashing tools I've chosen to add to my bespoke setup than put up with the junk coming out of JAWS lately, I'll be honest!
@cachondo I genuinely have no interest in being involved in a screen reader flame war here. However, if there are going to be comparisons, they'd ideally at least be comparing equivalent functionality.
@jcsteh sorry, I got a bit high-horsey about JAWWS. I installed a copy for a client a few weeks ago and was bombarded by FSCast or something and it really annoyed me, given the user was deafblind.
@cachondo I actually do think NVDA's failure to warn users about key conflicts is a problem, and I say this as the person who wrote the majority of that code. Unfortunately, it's a really hard problem to solve because NVDA's keyboard mapping is extremely context sensitive. It's not just per app or global; it goes right down to the specific control. That has definite advantages, but lack of key conflict warnings is a definite downside.
Видимо о подобном поведении не задумывались, либо когда-нибудь потом планировали решить проблему. В Intellij Idea например, если окажется что у 2 плагинов совпадает какое-то сочетание клавиш, при его нажатии скажет что keymap conflict и предложит выбрать действие по умолчанию. Соответственно есть возможность переназначить на другое сочетание.
@Yinshi Ну хоть так! А это ты же понимаешь, да? Народ ставит дополнения десятками, потом клавиши делают невесть что в рандомном порядке. Я в шоке просто, но никогда раньше об этом не задумывался.
Я задумывался об этом недавно, когда зашёл разговор со знакомым про кастомизацию NVDA. Просто не знал что там происходит в подобной ситуации. Теперь знаю. Большой привет разработчикам, если они вдруг не планируют решать эту проблему в принципе. Перекладывать это на пользователя - бля, ну так себе история. В общем, как когда-то сказал однокурсник "open source = open bugs".
@Yinshi Ну я бы знаю, что сделал, просто я приватный бета-тестер Джоза и у меня по NDA нет права им это говорить. Если коротко, то примерно то же, что и IntelliJ, только во время установки аддона.
The management at my org is thankfully very good and gets it, but if you are struggling to explain to your management as to why they should stop sucking the GenAI marketing juice and chasing the AI laser pointer like a cat and instead do foundational security, explain it a way they'll understand: AI.
Also, if your management has seen the widely reported "80% of Ransomware Attacks are AI-Driven" headline published by MIT, it was paid for by a vendor.
The paper is absolutely ridiculous. It describes almost every major ransomware group as using AI - without any evidence (it's also not true, I monitor many of them). It even talks about Emotet (which hasn't existed for many years) as being AI driven.
It cites things like CISA reports for GenAI usage.. but CISA never said AI anywhere.
No, REvil don't use AI to set ransom demands, CISA never said that, none of the sources cited said that, and they were running before the GenAI craze. It's just absolute nonsense, every page is.
If you want to know why MIT are working with Safe Security and what Safe Security are doing... they sell an AI product which they say is developed with MIT to solve the report they made up, after receiving 8 figures in VC funding.
It isn't a new paper btw - e.g. senior MIT people have been using it in public at a cybersecurity conference earlier this year and linking to the now deleted PDF.
MIT have also silently, without noting on the pages, started rewriting their website to remove references to their own work. They've also changed the URLs of the pages to remove references.
LMAO, I've run into this issue quite often and I often thought that maybe it was me, I had hit the wrong button. But no, it wasn't me, it was Windows. This is another tell of the overall quality of the software and hardware industries. It's going down and it keeps going down. How else would you explain taking a decade for a multi-billion dollar corporation to fix an obvious bug?
If you ever tried the infamous "Update and shut down" option in any Windows build, it often leads to a reboot instead to an actual shutdown. Now, Microsoft has finally fixed this issue starting with Windows 11 25H2 Build 26200.7019 (or 26100.
I’m currently working on an interesting project. Last year, I met a former homeless man named Peter. He lost all his money to gambling. On the streets, he sold a street magazine, and later he started writing his own book. Today, most of his income comes from selling that book. He wanted to create an audiobook. Since the budget was small, we did it like this: I gave him a Zoom H1N recorder. He locked himself in a relatively quiet room and gradually recorded the entire book. He sent me the raw material, which I ran through @Auphonic to remove background noise and room echo and to balance the loudness levels. Now I just need to remove the mistakes and create the music background. It won’t be full studio quality — but honestly, I’ve heard “studio” recordings that sounded much worse than what we’re working on now.
Looks like the number of platforms in the sidebar box ("29") and the number of platforms in the list on §libcurl (~34) don't really align, unless *BSD are counted only as one platform. A little confusing, but certainly not a major nitpick.
Do take care, as an admin knowing that you had edited the curl article might consider that a “conflict of interest” edit under the rules. It would be a good idea to disclose your connection to the project. en.wikipedia.org/wiki/Wikipedi…
Looks good. I see a reference error at the bottom of the page though: "Cite error: A list-defined reference named "Stenberg, GitHub, 2019" is not used in the content (see the help page)."
Digitalizacja w ochronie zdrowia nie jest nowym wynalazkiem. Stosowano ją już w latach 30. XX wieku; wtedy oznaczała jednak stosowanie leków z naparstnicy (łac. digitalis). Źródło: jezyk-polski.pl/index.php/jp/a…
Autorzy dowodzą, posługując się przykładami z korpusów i innych cyfrowych kolekcji tekstów, że wyraz digitalizacja, odnoszony dziś przede wszystkim do czynności i procesów związanych z techniką komputerową funkcjonował w polszczyźnie już przynajmniej…
Featured image (used in source code with watermark added): Photo by AussieActive via Unsplash: https://unsplash.com/photos/statue-of-liberty-new-york-1brtlzDq-o8
This interview offers valuable, historically informed insights into the contestation of democratic norms and institutions within democracies. democracyparadox.com/2025/10/2…
Chtěli byste zveřejňovat videa, aniž byste záviseli na YouTube, které je čím dál víc prolezlé reklamami? Na přednášce se seznámíte s projektem PeerTube, který vytváří stejnojmennou video platformu, která stojí i za Vhsky.cz. Můžete si ji ale hostovat sami a přitom se zapojit do široké sítě, aby se vaše videa šířila co nejdál.
Australia’s competition regulator sued Microsoft, alleging it misled around 2.7 million users into paying up to 45% more in subscription prices for Microsoft 365 because of its AI integration. But there’s more to this story than just money.
I have always struggled to understand that so many people who need a word processor no more sophisticated than WordPad, never use spreadsheets and know where to buy and how to use USB thumb drives to save and back up their files pay anything for Microsoft's online Office and storage services.
Especially when recent outages at both Amazon and Azure show just how fragile cloud based systems are.
They tried to mislead me too. I started self hosting nextcloud instead, and swapped to Libreoffice. I'm not sure this AI force feeding will be very profitable.
I don't understand people who pay for 365. I buy and download the full office bundle for $50 and I get updates for 3-4 years. I have it on both my windows laptop and macbook. On linux I use OpenOffice.
The US-style AI scam as FAANG is doing it, is a securities style fraud, to make their companies look like “growth stocks”, thus getting a pass on P/E criteria that apply to “mature stocks”. Luckily for them #Trump has dismantled regulations in the US.
As I've established again and again, we are in an AI bubble, and no, I cannot tell you when the bubble will pop, because we're in the stupidest financial era since the great financial crisis — though, I hope, not quite as severe in its even…
Your "friends" at Proton have Proton Drive, however... ... I can't identify glitched files not uploaded via Windows, and... ... it randomly fails to upload files from Android, and... ... there's no Linux option.
As I read elsewhere, what really happened is that they STARTED charging for Co-Pilot, when they hadn't before. Materially, that's different from raising the price.
Even if that wasn't the case, though, what's illegal about raising the price, and how is doing that -- and notifying people in advance -- some kind of trickery? Isn't raising prices common and usually legal?
Don't get me wrong, all of this is shitty. But what's illegal about it?
I'm truly amazed that there aren't actually lawsuits worldwide over that. I don't know exactly what you call this (it's kind of close to bait and switch) but it's pretty much illegal in the entire world... You can't just suddenly start charging people for a thing they didn't actually sign up for. I don't know why this even has to be said...
The problem of reaching some moderate level of fame and success is that everyone thinks you’re great✨, all the time. Your life must be glamorous. Nobody ever checks on you. Nobody ever compliments your work. You’re never the award or prize winner. Nobody mentors you. Never again. You must be✨super.
I am extremely excited to share that I will be doing a live shibari performance at Hot Nonsense Cabaret in February. If you're in or near Sydney, you should come watch me get tied up on stage!
Tickets aren't on-sale yet, but save the date: 19th of February, 2025
John Lee Hooker (August 22, 1912 or 1917 – June 21, 2001) was an American blues singer, songwriter, and guitarist. The son of a sharecropper, he rose to prom...
Štěpán Škorpil
in reply to Turris project • • •