Realized that one aspect of my disdain for suggested replies is that I can literally type my reply faster than reading them and then moving the cursor to one of them and clicking. Not everyone can type that quickly.
I didn't think that I could type exceptionally fast but I've had enough people comment on it that I guess I have this enhanced ability without even realizing it. Idk, I guess after years and years and years of touch-typing your fingers just do the dance and the words happen
I've come to a point in my life where I find speaking to be a ridiculously complicated and inefficient way of communicating. The funny thing is, because of extensive scripting and such, you wouldn't know it if you actually heard me speak, but the process of buffering words and formulating all the right things to say is just so very taxing. Thus, as of late, I am speaking as little as I can get away with.
FOr me, it's the people that expect a script I find it hardest to communicate with. Clsoe people who know my default language thingies, well, they can get wordsed at.
Das im ganzen deutschsprachigen Raum angesehene Beratungs- und Vermittlungsprojekt „bidok – behinderung inklusion dokumentation“ steht vor dem Aus. Nach 20 Jahren streicht das Sozialministerium mit Jahresende 100 Prozent der Förderungen.
Wrote up some thoughts about the proposed ban on the sale of TP-Link devices in the US.
The U.S. government is reportedly preparing to ban the sale of wireless routers and other networking gear from TP-Link Systems, a tech company that currently enjoys an estimated 50% market share among home users and small businesses. Experts say while the proposed ban may have more to do with TP-Link’s ties to China than any specific technical threats, much of the rest of the industry serving this market also sources hardware from China and ships products that are insecure fresh out of the box.
Use Linux they say. It's easy for non-technical users and they never have to touch the command line they say.
I just spent 4 hours the other day digging around CLI and man pages and more trying to get my rsync and restic and system to do even kinda sorta system backup to cloud functionality that's built into Windows and MacOS, or offered as an easy client from your backup vendor. "Backup my home directory up to someplace". Because easy backup clients just aren't available or well supported for Linux.
No I'm not particularly interested in "oh you just have to go and find this random package that's in this repo and configure it and ...
As someone who recommends linux and chromebooks for "non-technical" users, I always attach a caveat.
Linux is great for the 2 ends of the bell curve. If you're doing something super niche and you need full control and are willing to put in the work, obviously its great.
Its also great if your idea of a "computer" is just a facebook, YouTube and email machine. I have setup family members with either chrome books or Linux mint and it "just works" for them. Bonus points for keeping them better protected from malware.
But for anything in the middle, its probably gunna be more painful than other OSes.
@varx Absolutely this. The people who have the worst time are the “power users”: people who are technical enough to have expectations about how they want things to work but not technical enough to do it without serious guard rails and hand holding. These are the folks who jump into a Terminal and hose their system the most often
@danirabbit @varx that's the result of sysadmins (and LARPers) skewing the curve over the past 25 years by changing the definition of "power user" from "people with domain knowledge of a specific application or task" to "people who use shell scripts to duct tape a bunch of CLI tools together when confronted with any issue"
An article published by LWN a few months ago describes a new, container-based, atomically updated desktop Linux distribution proposed for the European Union public sector. I expect the public-sector employees to be in your second category, with the distribution preconfigured to offer exactly the applications needed in their department or job role. Almost all Linux users I know are of course in your first category: the flexibility, configurability and control are the point so far as they're concerned, not an obstacle.
## Summary:
The Arbitrary Configuration File Inclusion (ACFI) vulnerability was identified in the curl utility via the --config option. This flaw is a form of External Control of File Name...
dang. Reminds me of when corporate uninstalled `nc` because it's a hackers tool. I mean, sure hackers use it, but hackers use toilets and doors too. Are you going to remove the toilets and doors?
Honestly it looks like a maximum-report-length filter would be handy. If you can't describe the problem in 250 words (not counting test code) then either you don't understand the problem or you're a slop-bot.
I don't quite understand why you don't give up on hackerone.
A company I used to work for was using hackerone and the amount of garbage reports that we were receiving was simply unsustainable. After we switched to email, things became way better.
Holy crap! Don't you see what this means? That by supplying curl a config file path via its "config file path" option, we can trick curl into opening a config file AT THAT PATH.
"Sensitive Information Disclosure: An attacker can read any file accessible to the user.". No shit. I'd say it's not only curl, but also entire OS is broken. This is single finding that will bring entire world down!
Hop on bunny.net and speed up your web presence with the next-generation Content Delivery Service (CDN), Edge Storage, and Optimization Services at any scale.
Random "discovery" of the day. Python has a rational type (from fractions import Fraction as f). It can be used for all the things you would think. Really neat when working on maths. You can do things like f(1)-f(1,2)*f(2,3)+f(1,4) and get a rational result out of it.
one of the most common security reports we get in #curl is claims of various CRLF injections where a user injects a CRLF into their own command lines and that's apparently "an attack".
We have documented this risk if you pass in junk in curl options but that doesn't stop the reporters from reporting this to us. Over and over.
this isn't even novel; it's a repeat of SMTP Smuggling from 2023: sec-consult.com/blog/detail/sm… (though this researcher blames the messenger rather than the faulty receiver)
I found that if I pass the URL of a website to curl, and the website contains private information, it prints private data to my terminal, which is clearly a GDPR violation!
StreetComplete is a really fun and accessible way to contribute to OpenStreetMap from an Android device - walk around in your local neighbourhood (or anywhere really) and solve 'quests' by answering questions about the things around you!
You don't need to learn anything about mapping conventions, or infrastructure, or about the more complex mapping tools that exist for OpenStreetMap. The app will explain everything to you that you need to know, when you need to know it, and ask easily understandable questions with reference pictures for the answers.
The only setup needed is to make an OSM account and log into it from the app, so that it can upload your answers - and you can also do that at any later time, after trying out the app without an account for a while first. You can just install it and go outside right away!
The app doesn't need any cellular internet connection; it can work offline and synchronize your answers once you reach a place with eg. WiFi. It's also quite performant, and should run well even on lower-end phones. There is also a 'multiplayer' option that lets you split up in teams and each tackle different quests in the area.
Part of the reason I’m so against LLM coding assistants is that it seems like it can do nothing but suck all of the joy and fulfilment out of work.
Like, for any task that requires skill, there’s some pleasure in using that skill and succeeding at it. Why would I want to automate it?
It’s like the thing of “automating my hobbies so I can spend more time doing the laundry”.
And obviously, yes, I do realise that my job doesn’t simply exist for the sake of me having fun. I don’t actually expect that to be a persuasive argument from a business perspective. But what makes the whole thing completely inexplicable to me is that this automation doesn’t even do a good job or speed things up at all.
All the code I’ve seen from LLMs has been total garbage. At best, it’s eventually come out with something as good as a human could do, except no faster, and through a process that’s far more annoying and unpleasant than simply doing the work manually.
There’s literally nothing in it for anybody (except the LLM companies, who get a subscription fee for doing something you could have easily done yourself, and who, when you complain that the results are bad, invent nonsense like “you have to have multiple LLMs all checking each other’s output” to wring more money out of you).
I see what you mean. In my case, one thing I found it useful for is unbearably boring and fiddly code that I can't bring myself to write (I know because I needed it for years and I didn't write it).
Specific example:
coqtop used to have a "Show Script" command that would let you see the proof script (the list of tactics nicely formatted) before you wrote Qed and defined them. But they removed it, making it much harder for me to write my proofs into a file, (most people use IDEs but their a11y is bad).
So I got an agent to code me a python tool that sits between me and coqtop, collects my input, splits it into tactics, checks which ones succeed, writes them into a log for me, and even unwinds if I use Undo or Restart or whatever.
This is very parsing-heavy code, reasonably brittle. But, it's easy to test.
Which is something LLMs seemingly can benefit from.
I have a very strong suspicion the code for the tool is less than optimal and clean. I also couldn't give a shit, so long as it works, which it does.
And the whole thing of parsing IO and trying different things, looking at strings byte by byte, etc, it's such an incredibly tedious and annoying thing I'd never have written this for myself. As a result I spent years not using Coq. Now I am using it again.
@modulux My baseline assumption is that if an LLM is a useful tool for any particular task, then it indicates some underlying problem. In many cases I think there are better solutions to those problems — but I don’t pretend to be able to claim that there are always better solutions.
For example people mention ‘boilerplate’ a lot. But we had ways of automating boilerplate before LLMs were widely available (templating, editor integrations, etc). And, on some other level, boilerplate suggests that the language/library is badly designed, and so could be fixed at that point too.
I can imagine there are cases where the tool developers are unresponsive enough that fixing it at the user level is required, but the boilerplate is of such complexity that automating it is impractical. In those cases I could imagine that an LLM makes sense. But a lot has to go wrong for that to be the case.
Right, I admit it's not a typical situation. I don't think I've found very many sataisfactory uses for coding agents either (though if I had to work professionally on code I don't care about, maybe this would happen more, I don't know).
It's interesting to think of the sort of projects they can work for though: highly testable, highly unpleasant to write, lots of edge cases and branching and detailed context that's hard to hold in a human mind.
@fastfinge I've never heard of the third option. If it can output via proper OS live region semantics like OSARA and Paperback do, rather than holding onto this antiquated notion of using screen reader specific libraries primarily, I would probably use it.
@jscholes Yes. And spoon-feeding text to a screen reader should not be what developers primarily think of when they think of accessibility. The actual GUi should be made accessible through platform APIs. I know you know this, of course; I'm just stating it for the benefit of anyone watching who is outside the cottage industry of apps developed specifically for and usually by blind people.
If only platform apis were actually reliable in the real world. If only toolkits like unity and others supported them. The days of the screen reader api are far from over.
@fastfinge @jscholes This is where AccessKit (accesskit.dev/) might help. Yeah, plugging a project I started. We did a proof of concept retrofitting it onto an old version of Unity a few years ago. github.com/AccessKit/the-inter… This was a mod to an existing open-source demo game; the Unity version was old even when we did it. And it was very hacky, as we had no cooperation from the engine. We haven't revisited this lately with modern Unity.
My understanding is that I also need to be comfortable in rust. I’m not. 99 percent of the time these apis are the only thing allowing medium skilled programmers like myself to plug accessibility holes.
@fastfinge @jscholes AccessKit does have a C API now. Someone could probably do a convenience library on top specifically for creating a hidden live region, though.
@fastfinge @jscholes But our Unity proof-of-concept actually exposed an accessibility tree for the whole window, with focus, so you could use NVDA object navigation or the like to review it.
@fastfinge @jscholes I'd like to see the various game mods for retrofitting accessibility follow in our footsteps on this. I don't have time to work on those things myself though.
So would I. But the various game mods are developed by people mostly like me: hobbyists with jobs, and who are just skilled enough to find solutions and get things done. But without clear documentation and an easy to call API we can plug in, we're stuck. So I wouldn't expect this any time soon. All of the output systems in the above pole require one, maybe as many as three, lines of code to use.
@fastfinge @jscholes Sigh, yes, we need to fully document AccessKit, write bindings for more languages, and make sure the documentation is available for users of all the bindings. Unfortunately, my current funding for working on AccessKit doesn't cover either documentation or bindings.
@fastfinge @matt In this case by "OS semantics", I specifically meant live regions and have updated my previous response accordingly. To my knowledge, OSARA outputs a great deal of screen reader specific text without using a single screen reader library on Windows and it works perfectly.
It's possible my understanding could be out of date. I'd love a better way to do things. However, as far as I know, live regions require the window to have focus, and require the app to be a web app. That's just not the case for any one of my use-cases. Sometimes I'm using an apps built-in scripting language to add accessibility, sometimes I'm patching an app to send text to the screen reader, or sometimes I'm creating an entirely separate app to run in the background to read log files and output alerts that way. In none of these cases would live regions work.
@fastfinge @jscholes No, live regions are no longer exclusive to web apps. My understanding is that the application window has to be in the foreground, but the child window that contains the live region doesn't necessarily have to have focus. Paperback did this particularly elegantly by setting properties on a Win32 static text control.
Better, but still not going to work for 99 percent of mods. In general, you don't get to spawn a new window, or modify properties on existing ones. The only place I could make this work is adispeak; I can write a full C# DLL there and do whatever I want. But if I do that, I lose the ability to notify the user if they have the IRC client in the system tray, or even just on the taskbar. Far from ideal.
@fastfinge @jscholes If your mod can be active after the main window is created but before it's shown, you can bolt on accessibility by doing Win32 window subclassing on the main window. AccessKit includes code for doing the subclassing step, but you have to do it at exactly the right point in the window life cycle or it doesn't work reliably. That's the main problem we had with Unity.
And what happens if the main Window ever gets destroyed or recreated? While I can often hook into app startup, most mod frameworks don't allow detailed hooks into Window Creation. It's possible I'm missing things, and smarter people than me can come up with a way to make this generally viable. But based on my research and skill level, I just don't see a path to avoid screen reader libraries in the majority of cases. Live regions are only useful in the case where you're writing your own app from scratch or modifying an open source app, and you never need to alert the user to things when the foreground window doesn't have the focus. This is a vanishingly small number of cases. As far as I can see, screen reader API's, and robust libraries to call them, are going to be useful for years to come.
@fastfinge There are different use cases with various constraints.
I used the word "primary" on purpose in my first post. Right now, screen reader libraries are the first and often only thing reached for by developers of these abstraction libraries.
I would like to see a better abstraction library that keeps the ease of use while supporting multiple techniques. It could opt for the most reliable and user-friendly pattern by default based on information glean from its operating environment and some gentle hints from the developer.
E.g. you don't supply a window handle? There's no window for a live region so it falls back to SR libs. @matt @tunmi13
So would I. But this gets hard to do in a way that's cross-platform and cross-language, while also preserving ease of use. Most of these abstraction libraries just don't even support Braille at all.
I would consider these to not work. They're Windows only, and they have a hole bunch of strange timing and delay issues between when they fire and when they get read.
@fastfinge @jscholes As far as I'm concerned, intruding when you're not in the foreground is an anti-feature, unless you're using the OS notification facility, which is under the user's control.
Notifications are far too verbose for, for example, reading out a chat message where your username is mentioned. I depend on that feature every day to do both my job and my hobbies. And there's no way any of the popular apps like tweesecake or TWBlue work without it.
@matt User control is one reason live regions are a better idea than screen reader libs at least, because I can turn them off.
If an app has decided to shove stuff down the NVDA Controller Client DLL, there's nothing I can do about it. Other than maybe deleting the DLL or restricting access to it, at which point it's anybody's guess whether the app in question will go silent, crash, or switch to SAPI.
Of course, this begs the question about why screen readers don't have a permissions system. @fastfinge @tunmi13
Apple kind of does with its allow script control checkbox. But it should be on a per app basis. I agree that more control is needed. But I am strongly convinced this isn't a feature I could live without.
As an example, the person I'm currently in a meeting with has three monitors. One for the meeting, one for social media and dashboards, and one for what she's working on. Invisible interfaces and alerts from non-foreground apps are the only way I have to be even slightly as fast as her. And I'm already slower at a lot of things, because of the nature of inaccessible GUIs, so further friction and speed decreases would not be acceptable at all. If I didn't have these features I guess I'd have to have three laptops and a mixer? I don't know.
And if you want to get a sense for how unsatisfactory live regions are, compare mudlet, that uses live regions to read new text with mushclient with mushreader, that uses the screen reader API. Notice how mudlet misses some text if it comes in too fast, doesn't always read text, and can't control if the text interrupts the previous text it sent or is added to the end of the queue. Mushreader has none of these problems.
@fastfinge @matt I agree completely with the use case and efficiency argument. And the real world data from two similar apps using different techniques is extremely helpful.
@jscholes @fastfinge The fact that Mudlet is based on Qt 6 (I just checked), which implements UIA, and its implementation of live regions is unreliable, is especially useful information.
If you want an easy and predictable game to test the differences, proceduralrealms.com is a good example. It works in both clients, it tends to dump multiple lines of text to the client at once, some of those lines have special characters, and within 20-30 minutes of playing with each client you'll notice the differences and the bits mudlet is missing.
@fastfinge I'm certain the latter is caused by Zoom's implementation, not the OS. The alerts aren't fired at the same time as the visible text, rather than it being a case of the alerts being delayed after being fired. @matt @tunmi13
@jscholes @fastfinge I also think, though I realize I might be in the minority on this, that screen readers should ignore MSAa alerts from non-foreground windows. Narrator ignores UIA notifications from non-foreground windows, except for a few OS components that are treated as exceptions; not sure about NVDA and JAWS.
Yup, you would be in the minority. Sighted people can have multiple windows on screen, and quickly glance at them. We can't. Getting alerts from non-focused windows is the only way to replace this experience.
@matt @fastfinge That should also be under the user's control, down to the specific window level if necessary. Narrator giving certain Microsoft alerts preferential treatment is kind of icky.
@jscholes @fastfinge Based on a quick look at SRAL (which I also wasn't familiar with), I wouldn't recommend it. It does attempt to implement a dummy UI Automation provider as one option (along with the usual screen reader APIs), but that implementation shows poor understanding of how to use UIA.
@matt @jscholes @fastfinge Maybe one of these days once Paperback has working live region speech output on all three platforms, or at the very least Mac and Windows, I'll publish it as a tiny C library.
WASHINGTON — The Supreme Court on Monday turned away a long-shot attempt to overturn the landmark 2015 ruling that legalized same-sex marriage nationwide
I've noticed that my profile is displaying 0 followers, while I still have everyone in my followers list and they can see my posts just fine. Apparently, this strangeness is only happening to me.
Yeah Mastodon is quite weird regarding that sometimes. My Tweesecake shows 0 followers on your account, when I click on the list for your followers I only see 2 people, me and someone else, but I'm sure you have more lol. idk if it depends on client, server, anything else. But yeah. It is how it is.
@jonathan859 Yes. Something's horribly wrong with this. I'm seeing my full followers list on my own instance, only 4-5 people on tweesecake.social, and you're seeing two (on I assume) on your instance. Everyday discovering something brand new!
I really need a ruler and pencils to spear time at job... hold my beer.
edit: hold my ruler 😂 edit1: bartender ask me why im laughing.. u know Lexaurin uhm Mastodon and so on 😂 edit2: i didn't know how many people taking them btw edit3: it wasn't one time this season to customers asking me for...
What will the world be like in 10 years? Or 50? We don't know – but we all need to think about long-term data storage. Don't get locked out 🔒 of your own documents – instead, choose a format designed for long-term archiving: blog.documentfoundation.org/bl… #foss #openSource #freesoftware #openstandards
Digital documents in proprietary formats often become inaccessible within a few years due to undocumented changes to the XML schema that are intentionally employed for lock-in purposes.
This is relevant to most people, but especially to any organization that cares about long-term continuity. Which *should* include all levels of government, publicly-funded organizations, and any business that plans to be around for more than a decade.
feld
in reply to John-Mark Gurney • • •