Welcome to #wcurl v2025.11.04 github.com/curl/wcurl/releases…
It fixes CVE-2025-11563
curl.se/docs/CVE-2025-11563.ht…
Fix CVE-2025-11563: Don't percent-decode / and \ in output file name to avoid path traversal. Fix typos reported by pyspelling. Multiple improvements to GitHub Actions.GitHub
Záznam mojí přednášky z @openalt kterou pořídil tým @vhsky - moc díky
Mapy a služby v @maptiler.bsky.social anebo od od @openstreetmap k produktu
Buenos días desde la Administración Pública.
Persiguiendo con mi actuación la satisfacción de los intereses generales de los ciudadanos y y fundamentándola en consideraciones objetivas orientadas hacia la imparcialidad y el interés común, al margen de cualquier otro factor que exprese posiciones personales, familiares, corporativas, clientelares o cualesquiera otras que puedan colisionar con este principio.
Y vosotros, ¿qué tal?
Una curiosidad. En teoría para la TP hay una formalidad de acatar la constitución, el estatuto en su caso, y el resto del ordenamiento jurídico (art 62.1.c) ebep). En teoría esto se hace justo antes de tomar posesión (requisito d) del EBEP).
Entre tú y yo, a mi no me pidieron acatar nada. ¿A ti sí?
Interesting post by Cloudflare on detecting #CGNAT as well as the performance and availability impacts to users behind it: blog.cloudflare.com/detecting-…
This re-enforces the importance for both:
1) content providers to dual-stack sites (so that #IPv6 end-users can bypass CGNAT)
2) the importance for networks to deploy IPv6 alongside CGNAT so that only a shrinking subset of traffic needs to go through CGNAT
Of particular concern is the concentration of CGNAT in the developing world, creating even more risk of a multi-tier Internet with an IPv6-centric modern internet but with other parts of the world being stuck in the past with IPv4 CGNAT.
IPv4 scarcity drives widespread use of Carrier-Grade Network Address Translation, a practice in ISPs and mobile networks that places many users behind each IP address, along with their collected activity and volumes of traffic.The Cloudflare Blog
curl.se, the domain itself, celebrates five years as home of #curl today.
I told the story back then:
daniel.haxx.se/blog/2020/11/04…
Good things come to those who wait? When I created and started hosting the first websites for curl I didn't care about the URL or domain names used for them, but after a few years I started to think that maybe it would be cool to register a curl doma…daniel.haxx.se
My most inconsequential hot take is that most people not from the tropics who think they dislike coconut probably just dislike artificial coconut.
Most ‘coconut water’ not from a real coconut is kind of disgusting, I’ll give you that.
Abyste si udělali představu, jak jednoduchý je dodat vám na #VHSky projev prezidenta z 28. října:
28.10. večer
"Hele tyvole, ten projev je asi jako dobrej, nebylo by to dobrý nahodit i k nám?"
29.10. 5:43
Odesílám e-mail do kanceláře prezidenta republiky s žádostí o práva nahodit záznam i k nám
29.10. 11:40
Kancelář prezidenta reaguje s tím, že záznam prováděla #ČeskáTelevize a práva k distribuci také patří jí
29.10 11:48
Posílám téměř stejný e-mail do České televize s tím, že mě na ně odkázal #prezident, respektive jeho tým
29.10. 11:53
<Automatická odpověď - o Vašem e-mailu víme a určitě se mu budeme věnovat hned, jak dopijeme kafe nebo tak něco>
31.10. 8:14
Parafrázuji - "Jsme rádi, že nám píšete, ale píšete na blbý oddělení. Obraťte se na obchodní oddělení"
31.10. 8:48
Přeposílám téměř stejný e-mail na jiné oddělení v #ČT, kde zmiňuji, že mě na ně odkázal tým prezidenta a jiné oddělení televize.
3.11. 10:52
Píše mi produkční oddělení (ano, nikoliv obchodní :)) ČT, že záznam není licencovaný, je pouze nutné uvést zdroj a že mi ho dodají, když zaplatím 3 litry na technické náklady.
3.11. 11:00
Zasílám e-mail, zda chápu správně, že když si to z videa vyseknu sám a napíšu, že to je z ČT, tak ušetřim tři litry
3.11. 11:05
Produkční oddělení potvrzuje, že to je legálně správný postup pro toto video, ale ať si dám pozor, že u ostatních je většinou potřeba zaplatit licenci.
3.11. 20:09
Video visí! :party popper::party popper::party popper::party popper:
Nejtěžší je dostat se k někomu kompetentnímu - ve chvíli, kdy se mnou komunikoval produkční, tak už to šlo rychle a byli i celkem ochotní. Každopádně až se budete ptát, proč to zpoždění, tak tady je důvod :)
Jde to buď ve webUI anebo se dají normálně stáhnout a přepsat. Mně by se třeba líbila i EN verze, ale nemůžu dělat úplně vše :D
Kdybys měl čas (nebo kdokoliv jinej), tady je link na ty vygenerovaný:
vhsky.fsn1.your-objectstorage.…
Apple has today released macOS Tahoe 26.1, watchOS 26.1, tvOS 26.1, and HomePod Software 26.1 to the public. As with iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.www.applevis.com
Sensitive content
watching a video about private equity buying everything in pro audio (native instruments, etc)
i think over a long enough timescale (more than five years) the only tools that remain are FOSS ones.
it doesn't matter that you think they're janky compared to professional-grade ones (sometimes they are, sometimes they're actively better, though that's rare)
because you won't have your professional-grade ones for very long, anyways.
If you are not yet convinced that Fedora Flatpaks is a hostile 'alternative' to Flathub, here's a good one for you:
An indeterminate amount of their packages are, in fact, directly based on existing manifests from Flathub. Not by manually inspecting code themselves; rather, by running a script which goes through Flathub's APIs and parses the respective apps' manifest to generate manifests for Fedora Flatpaks: pagure.io/flatpak-module-tools…
All this, without crediting the original authors.
> The comments over there (so far) are by people who don’t understand Fedora nor flatpaks, it seems.
discussion.fedoraproject.org/t…
This is often the kind of sentiment resonating around Fedora, in my experience. If you don't agree, you "don't understand" it. Never mind the fact that I used to contribute to Fedora in the past, where my earlier contributions were articles about Fedora Flatpaks!
- fedoramagazine.org/an-introduc…
- fedoramagazine.org/comparison-…
Sincerely, this comes from someone who was deeply interested in Fedora Flatpaks and wanted to push it in a non-hostile direction, but the developers have shown that they just want to turn it into a 'traditional package manager with extra steps'.
This article compares and contrasts the Fedora Flatpaks remote with the Flathub remote.Hari Rana (TheEvilSkeleton) (Fedora Project)
TheEvilSkeleton 🇮🇳 🏳️⚧️ reshared this.
New Blog Post: Seth Jenkins broke kASLR by doing … nothing 😩
googleprojectzero.blogspot.com…
Posted by Seth Jenkins, Project Zero Introduction I've recently been researching Pixel kernel exploitation and as part of this research I ...googleprojectzero.blogspot.com
Hear me out.
We fork Mumble server. We change the chat to be IRC. We use Obsidian IRC (web irc clone of discord) as the client. IRCv3 SASL EXTERNAL will let us auth the user using the same key identity mumble uses. Convert the Obsidian web to Tauri for cross platform desktop app.
That's it. Self-hosted Discord, now just improve the UI and invite people to rewrite in Rust and add storage backends for the chat history and nobody needs Discord ever again.
github.com/ObsidianIRC/Obsidia…
Modern IRC Client for the web and maybe more. Contribute to ObsidianIRC/ObsidianIRC development by creating an account on GitHub.GitHub
Peter Vágner reshared this.
Basically you did this?
~(p&q)
= 1 & ~(p&q)
= (p|~p) & ~(p&q)
= (p & ~(p&q)) | (~p & ~(p&q))
= (p & ~(1&q)) | (~p & ~(0&q))
= (p & ~q) | ~p
= (1 & ~q) | ~p
= ~q | ~p
Not bad.
But... isn't (p|~p)=1 the very law of the excluded third that intuitionists avoid?
I didn't exactly do it that way (I proved it over prop rather than bool).
What I did was incorporate the explicit LEM propositions like this:
Theorem deMorgan:
forall p q: Prop,
(~(p /\ q) /\ (p \/ ~p) /\ (q \/ ~q)) -> (~p \/ ~q).(p /\ q -> False) /\ (p \/ (p -> False)) /\ (q \/ (q -> False)) ->
(p -> False) \/ (q -> False)H : p /\ q -> False
H0 : p \/ (p -> False)
H1 : q \/ (q -> False)
===
(p -> False) \/ (q -> False)For case P, prove the right branch of the goal's disjunction, Q -> false.
Introduce Q (assume the hypothesis).
Then apply H, to the goal, which by now is False, and it becomes P /\ Q.
Split and prove each branch by assumption, since we have both P and Q.
For case P -> False, prove the left branch of the goal, by assumption, since p -> False proves P -> False.
Qed.
In fact I realised I don't need such a strong LEM assumption for both P and Q. The assumption for one is enough.
(~(p /\ q) /\ ((p / ~p) / (q / ~q))) -> (~p / ~q).
Works fine.
Just destruct the disjunction and use the same symmetric proof strategy for both:
In Coq script:
intros p q.
unfold not.
intros.
destruct H.
destruct H0.
destruct H0.
right.
intros.
apply H.
split; assumption.
left.
assumption.
destruct H0.
left.
intros.
apply H.
split; assumption.
right.
assumption.
Qed.
Sensitive content
By request of the listeners, a replay of @Derek and Robin's adventure to the haunted house known as ‘Wicked World’ in Nicholasville, Kentucky is airing on HKC Radio as we speak.
Both patches in the November 2025 Android Security Bulletin have been included since our September 2nd release. It's now known that our 2025090200 and later releases provided the 2025-11-05 Android security patch level early due to shipping extra patches.
source.android.com/docs/securi…
It's because these two patches were included in the full September 2025 bulletin patches we shipped but were made optional until November 2025.
Later in September, we started our security preview releases able to provide Android Security Bulletin patches around 2-3 months early.
Our security preview releases currently have the December 2025 and January 2026 patches.
December 2025 has a huge set of patches due to being a quarterly patch level. January 2026 will likely be empty.
We should have quarterly March 2026 patches to ship within a couple weeks.
Due to having early access to the patches which we can use for our security preview releases, we've been able to determine that a subset were pushed to AOSP and other projects prior to the official embargo ending which means we'll be including those in our regular releases soon.
Our security preview releases shipped all available December 2025 security patches in September 2025 and have continued adding the remaining patches. It should be frozen soon, but most of the patches have remained the same since September. Some were deferred to future bulletins.
The new security patch system being used by Android is confusing for users and bad for the security of anyone not using GrapheneOS with our security preview releases. We could have set the patch level string to 2025-11-01 in early September but in this case we didn't do that.
The Trump regime says it will pay SNAP benefits reduced by 50% to the 22 million households enrolled in the program.
Reminder that this reduction in food access is verbatim how Netanyahu has treated Palestinians in Gaza for decades.
This is why we warned that whatever is permitted to them "over there" will be done to us over here.
This injustice is coming from so called "Christians." Of course we all recall when Jesus said I'll only feed 5 out of 5000. /s
Apple has today released iOS 26.1 and iPadOS 26.1 to the public, bringing several enhancements to VoiceOver and braille, various visual changes to interface elements throughout the operating systems, expanded language support for Live Translation, an…www.applevis.com
reshared this
Sensitive content
this is the "Rolling Anarchy" logo by the band Levellers
> Levellers 'Rolling Anarchy' sticker - designed by Jeremy Cunningham vintage c. 1994
LibreOffice
in reply to Alison Chaiken • • •