Today I am stepping down from my role as the CEO of #Mastodon. Though this has been in the works for a while, I can't say I've fully processed how I feel about it. There is a bittersweet part to it, and I think I will miss it, but it also felt necessary. It feels like a goodbye, but it isn't—I intend to stay on and continue to advise the new leadership and contribute, because Mastodon—and the fediverse—is one of the very few beacons of hope for a better web.
Buried in this nicely-detailed RCA is a pretty damning fact:
Cloudflare left .unwrap() in mission-critical Rust code.
For non-Rustaceans, .unwrap() handles a type called Result that can either be Ok with a value, or an Err with an Error. The whole point is to gracefully handle errors and not let panics make it to production code.
I use .unwrap() sometimes! Usually when there's a logical guarantee that the result can never be an error. But I make sure to purge it from critical processes for exactly this reason.
Cloudflare suffered a service outage on November 18, 2025. The outage was triggered by a bug in generation logic for a Bot Management feature file causing many Cloudflare services to be affected.
Tomorrow night join @Liz, for Full Circle from 7 P.M. eastern (US time). Their will be a showcase, and in the third hour will be the next episode of Chickenman. So tune in tomorrow night, and see who is hiding in the showcase. HKCRadio.com
Decided with the direction that @freedomscientific is taking JAWS that it's time for me to cancel my home annual subscription and switch over to @NVAccess as my screen reader on my personal machine. NVDA does what I need on it (web surfing, email, writing, and some coding) fine, so I figure why not. And I can always pick the subscription back up if I really need it for something.
Thanks Justin! Great to have you :) You're probably already across this, but there is a "Switching from Jaws to NVDA" guide which is quite handy: github.com/nvaccess/nvda/wiki/… And as someone familiar iwth both - if you do notice anything missing from that guide (whether you need help with it, or already know how to do something not documented there) please do let us know and we can update it for others.
If you can give us more information on those work app you need, we can look and make sure we are at least aware of what isn't working, and hopefully endeavour to get better with them.
Honestly, the biggest thing on my wish list would be making reading through chats in Teams as easy as it is with JAWS with its virtual PC cursor turned off.
That's something concrete to start with, thanks! Just for someone who uses Jaws even less frequnetly than teams - can you please give me a quick description of what that is like, compared to how NVDA does it?
Sure. With JAWS, when you're in the section ;showing the chat history, you can just arrow up and down to jump from message to message. If you hit enter on one, you can then tab through things like any links in the message, an options menu, the options for reacting to a message, etc. Since Teams is a progressive web app, it's probably just some role="application" wizardry. Heck, there may just be a key combo I can hit to get it to work like that.
Gaming while blind is the highest difficulty. I like challenging experiences with intense naratives. Like The Last Of Us, or Alt Frequencies!Specs: I5-13600K, RX 3050, 16GB DDR4, Keycron K4 keyboard, PS5 controller and Madcats fightstick.
ooh that game is fun, once you configure the settings right for accessibility like raising volumes on opponent positional and fighting cues, it's really playable. Problem is, still haven't gotten through more than 2-3 fights in tutorial, so I'll fight you if I ever get through it and maybe some battles after LOL
@Tamasg I'm talking about the original arcade versions of Mortal Kombat! There is an app called Fightcade that will let you match people to play online via an emulator. Tried it out last night and it seems decently accessible! The games are mono, but, that's the game, nothing to be done there.
This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.
Privacy and security enhanced releases of Chromium for GrapheneOS. Vanadium provides the WebView and standard user-facing browser on GrapheneOS. It depends on hardening in other GrapheneOS reposito...
Is there a basic media player for Windows? Play/pause, transport, supports all the formats, volume, all the basics. No cluttered UI, no library, no advanced playlist stuff, no video/DVD playback, no magic album art stuff. Just hand it one or more audio files and it plays, with good hotkeys and good accessibility.
yup Foobar, I personally don't mind VLC but I can see what you mean by the clutter, plus it being QT-based is really what I hate about it most LOL. Foobar I can never get used to, too bare-bones for me, but might work for your use case once you set up your config right I think.
@andrew @mcourcel I stopped using Winamp about 15 years ago in favor of Foobar 2000. I really don't like it's default configuration, but same can be said for Winamp.
The Final Straw: Why Companies Replace Once-Beloved Technology Brands
What causes a business to abandon hardware, software, or tools it once relied on? Enumerating the common reasons helps you recognize when it’s time to move on. functionize.com/blog/the-final…
@thunderbird I can't find your repo online anywhere for Thunderbird for Android. I wanted to report some issues. In particular, swiping to delete/archive is just... horrible. Just scrolling through emails will randomly delete mail.
Sorry for any problems finding the repo! Here is the link github.com/thunderbird/thunder… - we also are working on a swipe regression that could be causing some of your issues!
In 2007 I did a talk about #curl at the FSCONS conference. The video is lost in time but today I realized that FSF Europe is still hosting the torrent file.
Not too many seeders of that content left though... 😎
there should be an “original file” field where you can re-download exactly what you uploaded
if it’s the same ogg as in the torrent, can you seed it for a bit? I already added it to my client and i’ll seed it indefinitely (if I ever receive the file)
The Cadence uses a technology best described as micro-magnetic bistable actuators. "Bistable" means the pin is stable in two positions: fully UP and fully DOWN. It uses a pulse of energy only to flip the switch. Once the pin is up, a permanent magnet (not electricity) locks it in place. It sits there for free. You could leave the device on a single page for 100 years and it wouldn't drain the battery. Fascinating. Imagine a tiny permanent magnet attached to the bottom of the pin. Surrounding it is a copper coil. To raise the pin, the device shoots a quick millisecond pulse of electricity through the coil, repelling the magnet and shooting the pin up. Once it hits the top, it "latches" (magnetically sticks) to a metal plate or catch. To lower it, it shoots a reverse pulse, pulling it down where it latches again. look up: US Patent 10,249,217. US Patent 10,163,367. US Patent 9,812,033.
Facinating, and that certainly has potential. I assume then that means the pins have little-to-no give, similar to the Orbit. However that system seems as though it could be more resilient than Orbit TrueBraille.
@KaraLG84 not quite. It uses a motorized mechanical carriage (a tiny motor and cam system) that physically drives underneath the cells to push the pins up or down. This is why the Orbit refreshes cell-by-cell (like a wave) rather than the whole line popping up instantly. The motor has to travel across the line to set the pins. Once the motor pushes the pin up, it rests on a mechanical ledge. It is rigid (signage quality) like the Cadence, but it got there via a slow motor, not a fast magnetic pulse. Cadence dots can be pushed down, although not as squishy as older Piezo tech, just not fully firm like Orbit's. Still, when you push down, you feel a resistance under your finger, so heavier-handed Braille readers would still be "checked" by Cadence, and thoose with neuropathy in their fingers could read it.
In this episode of Double Tap, Steven Scott and Shaun Preece speak with Brian Clark and Wunji Lau, the Director of Marketing from Tactile Engineering, about ...
@nandicre If I was a graphical artist, I would draw a variant of xkcd2347 with: - X11 the random project, - Wayland a pillar still under construction, - GNOME leaning on both X11 and Wayland, transitioning to dropping the former, - Lots of heavy stuff leaning on X11, but not yet on Wayland.
My list is remarkably similar. Except for text editor (vim) keyboard layout (US international), desktop (XFCE), blog system (my own), and mobile phone email client. What made you choose Aqua mail over for example K9?
@derickr I honestly can't recall why anymore but there was something with K9 that didn't work for me or that didn't feel right. And then it just stuck.
Debian, KDE Plasma and you never Game. Sounds familiar, though I privately run Debian stable. And I would suppose that your mail setup is more than just postfix ;)
Debian, KDE Plasma and you never Game. Sounds familiar, though I privately run Debian stable. And I would suppose that your mail setup is more than just postfix ;)
My favorite thing about infinite scroll is when your connection hiccups and nothing else will load so you have to reload the entire page and scroll a dozen times just to get to where you were so you can start the fuck over and hope your connection doesn’t hiccup again.
Right now, the plan is to have Release be the default in flathub starting next summer. We'll keep everyone updated on those plans on our blog and here on Mastodon. :)
Microsoft warns that Windows 11's agentic AI could install malware on your PC: "Only enable this feature if you understand the security implications" windowscentral.com/microsoft/w…
hypercentralizers are not having a good day today -- #github has joined #cloudflare to block or slow down millions of folks from doing stuff.
Maybe a good time to checkout out this new ACLU article about the current Apple/Google app-store oligopoly aclu.org/news/free-speech/app-…
TL;dr Google/Apple increasingly wield their world-wide #appcontrol in the political interests of various governments, and not in the interest of user security or privacy. The article lays out three areas of fighting back ...
Hello. Could you please send me a working proxy for Delta Chat? I am in Russia, and without a VPN, Delta Chat does not work here on the default server.
I am rapidly coming to the conclusion that folk who embrace technology like Delta Chat, Mastodon, Linux, De-Googled phones, FOSS, etc. will only ever provide a back-up service to mainstream society when the 'stuff hits the fan', so to speak.
The contemporary version of the Amateur Radio operators who traditionally provide the backbone of reliable communications in times of disaster, if you will.
I'm not sure decentralisation will ever reach a 'critical mass' in my lifetime.
Google/Android are starting to retreat on the developer verification, see details under "Empowering advanced users" at link below (still remains to be seen what it will actually look like)
@NVAccess I'm telling people how awesome speechplayer is, but some people say the engine with espeak sounds harsh. It's rather unfortunate that Debian doesn't compile speechplayer. I love that it's always in the nvda, and that Fedora includes it by default. I would love it if speechplayer was standard, it's so much better than traditional espeak in my opinionated opinion.
While we don't include it seperately ourselves, you can still download all the ocmponents if you're up for setting it up yourself? github.com/nvaccess/nvda/wiki/…
Thank you so very much for this one!! Seriously!! Thank you!! Does this mean, I can get good Ol original Ben back? Does this also mean I can have the awesome speechplayer with the weird accent once again? I loved how it said oo sounds and stuff, it reminds me of one of the debian maintainers lol. It's so uniquely great to me. Do you use speechplayer yourself? I'm very much obsessed with it.
I must admit I haven't tried from those files recently, but do let us know how you go and what you think - I'm sure others would be interested in your experience (and perhaps even moreso if you document the process you go through so they can try too).
It sounds like a plan, thank you very much! That is exactly what I will do, I would even make a repository for it and share it, and there would be a read me with instructions and little details for if something breaks, this is that and the other. It would be very deep and detailed. I guess I should start by firstly reading the link that you sent me earlier and trying to get it working. I'll try on winders as I know that's where it's probably most worky as it's an nvda addon after allington. After that, I'll see how feasible it is to build it on macOS/linux, I'll try debian first than fedora. Debian sadly seemingly doesn't compile speechplayer in espeak which is rather silly, so I'l; be fixing that promptly. I'll also make a speechplayer standalone speech dispatcher module and see if I can do some talkyTalky with Yuri about speechplayerSA on iOS, as he was able to put speechplayer in espeak on ios which is perty darn great!! Seriously!! Do you realise just how great speechplayer in espeak is? I'm sure you do.
So rblind.com didn't go down, and it isn't anymore broken today than it usually is. Cloudflare breaks #accessibility. It always has, and it always will. Now the rest of you know how it feels to be locked out because you don't run JavaScript and can't solve a captcha. Will you stop using #cloudflare? No, of course not! If it blocks #AI, you're completely fine with denying that blind users might be human at all. As AI becomes more and more capable, the definition of "human" is going to become more and more restrictive, until everyone who isn't completely able bodied and doesn't have absolutely perfect vision, hearing, and cognition is completely excluded.
@gooba42 Yup. Though your post reminds me of the time a childhood friend of mine got banned from a game for being a bot, because she was Neurodivergent and played too regularly for too many hours. This sort of thing has been happening since the dawn of statistics. I think the game was runescape or neopets or one of those 90's browser games all the cool kids were playing back in the internet stone ages.
@IceWolf Yes, it does. The problem is that all of these are intended to destroy the open web, by blocking a particular type of use someone doesn't like. The only way to preserve accessibility is to instead focus on blocking whomever or whatever is using an unfair share of server resources. If that's AI, block it. If that's me hammering your server for some reason, block me, too. Setting up rate limitting is a well understood problem. Blocking AI because it's slamming the server is an excuse. And you already have no reliable way to tell the difference between an AI, a script, and a screen reader. Block based on resource use.
I think the problem is that "AI" scrapers are getting around that by a) ratelimiting themselves and b) botnetting.
IMO it's 100% legit to block "AI" scrapers based on what they're going to do with your stuff, in addition to the whole resource use thing. And as for resource use, it sounds like some of them do botnetting without ratelimiting themselves, so you still get hammered it's just from _everywhere._
@IceWolf I strongly disagree with this. In the 90's, publishers insisted that all ebook platforms block text to speech, because blind people should be forced to purchase the more expensive audiobooks. This didn't stop until multiple court cases were filed against Amazon and others, and a UN treaty got signed. If we allow authors to say "You can't do X, Y, and Z with my otherwise freely available content", that will soon be abused to disallow using translation software on it, then turning it into Braille, then using screen readers on it, etc. Some directors still don't allow audio description of there films to be produced. Should an artist be allowed to say "no alt text for my photo can ever be produced by anyone"? And it's quite easy to not just rate limit, but tarpit abusive connections. So soon all the botnets resources are taken up by holding open worthless connections.
Hmm. I'd say there's a difference between "no screen readers!!" (that reminds me of the Youtube anti-adblock nonsense) and going "don't scrape my site to shove it into the Slop Machine".
@IceWolf Right, but as long as capitalism exists, any limits we set to stop one will always be abused to stop the other. As someone with accessibility needs, the only way for me to have a life and job is for the internet to stay completely open. Not just "open to whatever types of use authors and companies feel like granting", because that always excludes accessibility.
@IceWolf Twitter and Reddit are more good examples. They decided to shut down there API's, in order to sell content to the AI machine. So most blind people are on Mastodon now. But if the fediverse decides they want to stop all AI training as well, a side-effect of blocking that will be shutting out people using assistive technology. Just like Reddit and Twitter did. Only for the opposite reason.
@IceWolf And just like how there is no DRM scheme that can stop someone from copying digital bits, and no encryption scheme with a backdoor that only the good guys can use, there is no way to block AI scrapers, but not screen readers and other accessibility programs. Because they're both just software.
THIS. i have my own custom bot blocker that works well with the scrapers i get. it actually doesn't use JS even. i wont deny that it probably still reduces accessibility sadly. but it works. and i cant limit based on usage when every bot visit is a different IP. i try to block their datacenter IP ranges and they switch to residential IP botnets.
@foxbutt@IceWolf In general, you can start by tarpitting. And you can also rate-limit by geographic areas. For example, 99 percent of my visitors are from the US and Canada. But obviously, I don't want to block the entire rest of the world. But I do have all other countries on a much, much quicker rate limit. There are ways around this if you care. But most people don't; accessibility is a sacrifice they are willing to make on my behalf.
The other problem, of course, is all of these solutions will block legitimate scripts. For example, The Internet Archive, scripts that mirror resources on physical media to ship to underdevelopped countries, and that thing that I use to download multi-page articles for offline reading on my phone because the subway doesn't have internet access.
agreed that blocking real bots ends up being an issue sadly. i kinda just allowlist some user agents since the bots i get are more interested in faking old browser user agents.
i do agree with the alt text comparison to an extent. i dont know if this is entirely true but i feel like images with alt text would be more valuable to ai scrapers building image generation tools. HOWEVER, despite that, i want to have alt text on my site and fedi posts for accessibility.
@foxbutt@IceWolf Right, because an open internet means that you don't really get to decide what accesses your content: my screen reader, someone on an ebook reader from eight years ago, a smart TV, or a fridge. Abusive bots are a problem, and need to be stopped. But that's to save the server resources, rather than to limit content use. Because if you limit AI ability to scrape your content, you will always lock me out. The entire fediverse is wonderful for AI! It's got an open AI that my specialized accessibility client can access, and so can any AI training tool. To block the AI, you'd have to take away the API, or put up something that would also block other human and automated uses of it as well.
@IceWolf@foxbutt I'm not at all. But I'm absolutely certain some other company is! All they have to do is spin up an instance and join the major relays. Or just buy access to the local timeline on mastodon.social. My point is that in order to prevent these things, the fediverse would have to block all automated access of any kind: screen readers, third party clients, everything.
Fortunately, fedi's decentralized nature provides a little bit of defense against this
if they get access to mastodon.social's federated timeline, a) that only covers stuff mastodon.social sees, and b) that's a normal account that can be banned if the mastodon.social people find out (and actually have moderation)
and you could absolutely spin up your own instance to scrape fedi, but someone tries that every few months and everyone blocks the hell out of them. :3
You can't just scrape the activitypub API without being a legit server (and hence blockable), that's what authorized fetch is for.
@IceWolf@foxbutt Everyone blocks the people who admit they're doing that. Do you really think Google and Metta aren't running some random instance under a quirky name? Do you really think every single server admin will refuse money for access to their timelines? The thing about a distributed system is...it's distributed. Once dozens and dozens of servers have it, you really don't have any hope of controlling where it goes or what happens to it.
@IceWolf@foxbutt There are, of course, ways to "fix" this. We could require relay operators to request photo ID of every single server operator who joins the relay. And we could only federate with other servers that are willing to provide their ID's to us. And we'll only allow API access for approved organizations. The cure sounds a lot worse than the problem, to me!
@IceWolf@foxbutt Currently, my small single-user instance is receiving over fifty thousand posts a day. The database currently contains slightly over twenty million posts. And I'm just one dude. If an organization wanted visibility into the entire fediverse, I'm sure they could do a lot better!
Well now I'm curious about our instance (basically single user, though technically not since we're plural and different people have different accounts!).
Course, to federate you also (IIRC) have to follow people, and you're not a(n automated) bot, and followbots tend to be looked down on here. So a Secretly Facebook instance spewing follow requests so they can federate and start sucking up people's posts is pretty likely to be rejected!
@IceWolf@foxbutt No, all you have to do is join a relay server. Then it will send you every post from every other server that also joined that relay server. Almost no relay servers currently require approval to join. Also, because of how threading works, once you become aware of a user (perhaps because they boosted you or whatever), most fediverse implementations will happily let you "backfill": IE allow your server to download every public post of that user so you can view it locally.
Huh on backfilling. "Most implementations" being "anything that's not Mastodon" I take it, just like with all the other useful features Masto doesn't have?
Masto actually added backfilling super recently with 4.5 or something, I gotta backport it because we're running a patched Masto 3 but ugghh it's gonna be a pain.
@IceWolf@foxbutt Nah, it depends on how your implementation is configured. Some server owners turn off backfilling because they want to save disc space and don't care about search. And some server owners configure things so that there server will only show your server a certain subset of posts from a user, rather than all of them when it asks. And then authorized fetch and how it interacts with blocking and post privacy adds another layer of complexity.
And, of course, none of this stuff is (or can) be enforced by any kind of technical server. Someone could easily write/patch an "evil mastodon" to suck up as many posts as it can, while fooling the other server into thinking the requests are legit. Kind of like how some torrent clients are written to upload as little as possible.
@IceWolf@foxbutt And relays are weird because they're trying to solve the discovery problem. IE I want to make sure I see all posts with the blind hashtag. But in a distributed system, there's really no good way to do that without giving everyone everything.
and since fedi has a "know your admin" culture, you don't really see a lot of servers ran by strange faceless people who could be secretly siphoning off everything to Facebook.
@IceWolf@foxbutt I dunno. I have no idea who runs tech.lgb or mastodon.online, two servers picked completely at random from the 15,603 instances currently federating with me. The fact that I'm a good person doesn't mean that everyone else on the network is. And let's be real: if I was going hungry and had little or no access to healthcare, and open AI said "Hey, buddy, we'll give you a million dollars for that post archive!" how many people would choose to be sick and homeless rather than make that deal?
@IceWolf@foxbutt Right, and once again, I think DRM is an instructive example, here. Companies can ask people not to pirate there stuff, and usually, most of the people will request that most of the time. But it only takes one! And every single method of DRM that attempts to block piracy makes everything both less accessible and worse for everyone.
But yeah, detecting the ones that are ratelimiting themselves (or botnetting to spread the source IPs) is tricky.
Anubis does it with proof of work, "do a small thing that's inexpensive for any single person but a botnetting scraper would have to do it thousands of times". But that all falls over without javascript.
It'd be nice to see an alternate challenge for if JS doesn't work, some kind of actual question form that asks you a thing that LLMs are bad at. Maybe a randomized simple math problem or something, I dunno. A thing that isn't difficult to solve, if you're an actual person with reasoning and logic instead of a statistical word-slapper-together. (Though that doesn't help cognitive-deficiency people...)
@Genstar@IceWolf This, too. It also feels like...one step away from cryptocurrency mining. Remember when captchas were just to tell humans and computers apart? Then they were to help digitize public domain books for the general good. Then they were to help digitize books for Google's ebook library. Now they're to help train Google's AI to recognize photos! How long until someone goes "Hey, as long as we're making someone's computer do work to prove it's a real person...hmmm...why don't we have them mine some bitcoin for us? For charity! Well, at first..."
TIL: when you use adguard or another privacy protecting DNS, spellcheck in all Microsoft apps gets significantly worse. Apparently the "good" spellchecker requires some service it was blocking, and the fallback is terrible.
Try Grammarly, it works with blockers and it not only checks spelling but word context. That way correctly spelled words don't sneak by in the wrong context.
did grammarly clean up their data privacy nightmare? At least the earlier versions buried themselves deeply into the OS, intercepted all text across the OS and sent all of it to their cloud service for archival and training their language model, leaking everything you touched
@raven667@RegGuy Hmmm, if someone is going to violate my privacy, I think I'd rather it be Microsoft. At least Microsoft is a tiny bit less likely to get hacked and spill every single keystroke I've ever typed out onto the dark web. Also, the EU is likely looking closer over Microsoft's shoulder than grammarly's. Because, you know, we can't have spell check that's both smart and privacy preserving. That would be impossible!
@ktneely They're probably using en_US.dic. The problem is that new words never get added to it, and the algorithm they're using to detect spelling errors hasn't been updated since forever. Probably Levenshtein distance or something. Why bother doing any better for offline users when the online ones can just use an LLM? "Levenshtein" is a good example, actually. It's a spelling error if I'm offline, but not if I'm online. I assume it has some kind of online names database or something. That shouldn't need to be online, but they have no incentive to make it work offline.
yeah, that all makes sense, especially the incentive part. It's just so silly when we're really talking about a tiny amount of storage to just contain nearly all the words, even including proper ones (and I wouldn't have to "add to dictionary" every time I'm on a new build!)
@ktneely Oh, we have a solution for this. Just sign in with your Microsoft(tm) Account. Then we'll store all of your custom dictionary entries on the cloud so they'll always be available on all of your devices! You'll also get more contextually aware and relevant advertisements from our marketing partners based on the terms you use most frequently!
@andrew@bermudianbrit The way I first noticed it is when Voldemort started getting marked as spelled incorrectly using Microsoft Edge, when it never had been before. I then discovered that it couldn't suggest Dumbledore as a suggestion, no matter how close to the correct spelling I got. Then I noticed that modern terms like Kubernetes were also being considered misspellings. When I disabled AdGuard DNS and rebooted, the problems went away.
Merci à @juliemoynat pour le lien. donc, si vous dites que « #Linux simplement marche », souvenez-vous toujours que… pas pour tout le monde. La traduction de l'article merveilleux écrit par un expert aveugle qui sait vraiment ce qu'il dit : pad.public.cat/s/MWnoZL4hW# #Accessibilité
Matt May
in reply to victor tsaran • • •victor tsaran
in reply to Matt May • • •johann
in reply to victor tsaran • • •victor tsaran
in reply to johann • • •