I understand why it needed to be done, but I am saddened that there were enough naive (bad?) actors slopmitting AI slop to the point that the bounties via HackerOne ended up unusuable.
Canary in the coalmine – the whole apparatus of formal bug-bounty programs is surely doomed since it is an incentive to spam and the effort bar to produce plausible spam has been lowered so much
people misconceive big and important with wealthy... somehow the concept of what drives open source is just not understood by the simple minded moneyhunters... :(
I totally understand the move. When running web apps with bounties this has been an issue even before AI as there are so many things of little to no value one can report.
Anyway just saw you'll be at FOSDEM, looking forward to see you rant about sloppy security reporters in person ;)
the AI talk at #EuroBSDcon was hilarious, though. But I'm sure you'll always have something to talk about. Hope, this will calm BS submissions down a bit.
Hello @bagder , I wonder if moving to a less crowded code hoster might lower the maintenance burden related to AI crap ? I am sure you are aware of @Codeberg for example.
At @backintime we also have to deal with low-quality (student) and AI-crap PRs. Moving the project to @Codeberg is one item of my todo list.
For all #foss maintainers I hope we can find a way.
I understood that you cut off the money for extern "contributors" (PRs & Issues). Am I right so far? But your project is big and popular and still will attract a bunch of "contributors" providing low-quality issues and PRs burning your maintenance resources.
First: we have not cut anything, we have a proposal about doing it end of January.
Then: we plan to shut down the curl bug-bounty, which is what pays security researchers for reported confirmed security vulnerabilities. Today we get those reported through Hackerone.
There is no perceived problem in the curl project related to issues or PRs on GitHub and we do not intend to change anything in regards to them at this point.
we don't move off GitHub because no one else is going to sponsor us at this level, which thus would mean a SIGNIFICANT dent in our ability to ship quality software if we still would do it. I think that would be bordering to irresponsible behavior.
Thank you for clarify that. I thought hackerone is just something like a secondary issue tracker targeting on security issues. Aren't there security issue reports direct on the Microsoft GitHub issue tracker?
Microsoft (GitHub) is sponsoring curl? Give me a number and lets see if we can find an alternative. 😋
And this +10K is used for CI, not for your living expenses? The latter is payed by wolfSSL, according to the website?
I think +10K per month might not be a big deal for some other CI companies around. Especially when it is a popular project like curl which they can also use to polish up their image.
Paní Tykač, zakladatelku institutu Solvo, nejvlivnější ženu Česka, autorku aplikace pro pohodlnější rozvod, milovnici recyklace a držitelku ceny za kancelář roku, miluju. Někdo se řeže do předloktí, já chodím na její web. Bolí to a zároveň je to krásné. Tady se snížila a oslovila nás, nemyté masy, aby nám vysvětlila, že nemáme srát bohaté, jinak by taky mohli přestat pracovat a svět by se zastavil. V předklonu poníženě děkujeme, paní! idnes.cz/zpravy/domaci/ivana-t…
Už pár dní diskutuji s kolegy z našeho think tanku Solvo o cíleném žhářském útoku na kabelový most u elektrárny Lichterfelde u Berlína. Jak jsme se dočetli, zaútočili na luxusní čtvrť. Za rozsáhlým výpadkem proudu v Berlíně stojí levicoví extremisté.
"Lidé, kteří mají své úkoly, starosti, rodiny, a že není tak jednoduché se o to starat. Neznamená to, že když to dostanete, tak se stanete boháčem. Naopak, stanete se otrokem." @zoul
Česká televize začala vysílat nové díly série Modrá krev o šlechtických rodinách. „Úplně se změnil vztah lidí k nám. Náhle nejsme nepřátelé,“ říká průvodce cyklem František Kinský.
u té šlechty to částečně chápu. Často dostali v restituci zpátky nemovitý majetek v neutěšeném stavu, který kvůli tradici nechtějí prodat, a kapitál na jeho zvelebení neměli. To je potom fakt spíš starost než nějaká výhoda. Nicméně tady paní Ivana sedí se svým manželem na podílech ve firmách v hodnotě skoro 200 miliard. Stačilo by jednu tisícinu prodat a život si už jen užívat. Ale ona peníze hromadí a svůj kříž tak nese statečně dál.
It is our moral imperative to consider the "real world" and actual users when assessing the possible security impact of a reported #curl issue. If we deem that there is likely to be zero affected users, then we do more damage than good by insisting on doing the security dance for the issue.
Then we end up with a severity level that is below LOW, and then we treat it as a bug instead. For the good of mankind.
How about we declare June 14 Schengen Day – a day of both celebrating the achievement that is the Schengen Agreement and of protest against border checks.
Politicians – and voters – almost exclusively hear the xenophobic ramblings of the nationalists. We need to change that!
It is important that the achievements of Schengen, of free movement in Europe without border control are emphasised. German EU law professor Werner Schroeder decided to sue Germany over illegal controls https://euobserver.com/rule-of-law/ar0dff2b9e
Guys! How did they even do this? Click on this YouTube video on iOS, pay attension to the duration it shows you, then click on the channel and look at the video from there. Pay attension to what VO says the duration of the video is.
Viele Politiker kritisieren Elon Musk und X als Plattform für Hass, Desinformation und Radikalisierung – und äußern diese Kritik ausgerechnet dort. Damit stabilisieren sie Reichweite, Relevanz und Geschäftsmodell genau jener Plattform, die sie angeblich ablehnen. Wer X nutzt, füttert den Algorithmus mit Aufmerksamkeit. Konsequente Kritik hieße: X verlassen und Kommunikation dorthin verlagern, wo Debatten nicht durch Empörung monetarisiert werden.
Der Mythos der »notwendigen Opposition« auf Plattformen wie X und TikTok ist eine Illusion: Auseinandersetzungen verstärken Desinformation und fördern das Geschäftsmodell.
Wer so handelt, macht sich zum nützlichen Statisten: Man empört sich über die Folgen, aber liefert weiter den Treibstoff. Das ist keine Notwendigkeit, das ist Bequemlichkeit – und am Ende Feigheit vor dem Reichweitenverlust. Wer X als demokratiegefährdend bezeichnet, kann dort nicht gleichzeitig „weiter informieren“. Das ist Legitimation durch Mitmachen.
Oh das ist ja toll! Ich sehe gerade, wenn wir noch 8 Follower hier bekommen, kann ich unserem Chef ENDLICH sagen, dass wir hier mehr erreichen als bei Instagram und das, wo ich für meine Liebe zum #Fediverse hier immer eher belächelt wurde 😍 habt den Tag schön 🍀 Edit: Ne, den Insta-Account betreue ich nicht ... das ist nicht mehr meins ... nur ehe jemand fragt
every time the topic of "the internet is hopelessly broken" comes up, someone has to mention Meshtastic, I'll be that person this time. I've never used it myself, and even though the way it works it provides some very unimpressive throughput only enough for text messaging, I just like the general concept of an uncontrollable peer-to-peer mesh network.
there are so many of us (even this newbie*) who are massively thankful for all your work and dedication!
I just checked out the FOSDEM schedule and saw that your talk is on Sunday at 5pm and I screamed NOOOOO because I will be on the train back to Paris then. I'm so sad to miss it.
Wishing you a wonderful day and thank you for all you do!
* thanks to curl I was able to install YunoHost and embarked on this awesome self-hosting adventure
yeah, I realize that my FOSDEM talk is so late that a bunch of people already have left when I get to start blabbing, and the rest will be so tired they will fall asleep 😁 But hey, there will be a video of it!
No one can say that I do not have friends.BUY ON ITUNES: https://itunes.apple.com/us/album/i-h...And buy the "Crazy Ex-Girlfriend" Season 1 Volume 1 Soundtra...
ok, so now metta is getting pushy about the new updates like the web wrapper. Please update to the latest version of WhatsApp. You are running an old application version which will expire in 6 days.
This is a longshot, but yesterday I gave a 3-hour (!?) lecture to a group of students from the Fashion Institute of Technology on the history of manga, and before I could finish answering a student's question about yuri, we ran out time and had to clear the room. So on the off chance that one of the student's might search my name and find this account, here's the full answer. #FashionInstituteOfTechnology #KyotoInternationalMangaMuseum 1/n
My next adventure is figuring out Linux, to be specific, it's gonna be Ubuntu 25, on my Medion Laptop which won't be helpful running Windows anymore since it already consumes 5/8GB Ram idling around. And I wanted to build myself an own opinion on Linux and it's accessibility for a while now. Already got the installer to talk, though I haven't installed it yet. Firstly had to figure out how to boot into that thing cuz each Laptop manufacturer has it's own magic procedure that might or might not work to get into whatever kind of boot menu they decide to add or don't. Anyway this evening I hope I can get through the setup process. I have already spend to much time with it yesterday lol, went to bed at 1 AM on a work day.
I just encountered a datepicker on an airline website that I could actually use with a keyboard plus screen reader with zero issues and now I feel like everything I know is a lie.
My new Mastodon/Bluesky client, FastSM, which is based off the old work from me and @TheQuinbox, is now available in really, really early alpha! You can download the latest build, which gets updated with each new commit, at: Windows: github.com/masonasons/FastSM/r… Mac: github.com/masonasons/FastSM/r…
Is there somehow the abillity to make an item in a timeline still respect line breaks? For example take the following: This is an example of. A line break.
See, NVDA will not make a natural break because the text looks like: This is an example of.A linebreak. This can also be seen when copying something with speech history. Edit: Oh hmm, in this case it did actually put a space to make a break. Not a line break, but at least something. That wasn't the case with all posts I've seen though, for example when you get a autoreading notification it'll just dumb the text ignoring line breaks.
Lol then I keep the dark mode off. No it does not for me. I press space, NVDA says pressed, I tab forth and back and it hasn't changed the checked state...
@alexchapman Idk if that's what wx calls though. I've only used unsupported win32 APIs once and that was LDRRegisterDLLNotification, which was so undocumented that windows.h doesn't define it anywhere and you have to copy-paste it from msdn lol
@alexchapman Yeah, WX doesn't really have a good dark mode implementation. That said, monkeypatching should only be done if you know the consequences of what that monkeypatching does. I'm kinda curious how extensive it is now lol
@draeand Then I found this thing just now: learn.microsoft.com/en-us/wind… So in later versions Microsoft are supporting this Win32 dark mode stuff it seems.
psst :) super tiny change but right now the invisible interface isn't echoing to braille displays, I think it's a boolean when initializing accessible_output that isn't set to True. Much obliged if you could fix :)
When opening a conversation of a post that someone boosted, the newly added timeline is called conversation with name of the booster, e.g. Tom boosts Bop and I open the conversation, it should say conversation with Bop not conversation with Tom as it does right now.
Josh should release a demo client and stop ignoring the blinks. Or at least open-source it, dude won't make any money on it with that attitude anyway and I hate how the thing breaks when hiss server does. He's holding users hostage.
@kev Meh people should just stop with their obsession for audio platforms. TBF he made great success with Ramblio, can't really understand it though, apparently there was enough time to work on web apps, IOS and Android clients and even back end for that entire thing but Tweesecake, oh na let's only hand it to some random ass beta testers and not say anything ever again. Yup might be controversial opinion but well. Glad we have this client now.
In the bookmarks timeline, removing a bookmarked post doesn't remove it from the timeline itself. The state get's changed because in the context menu of the post I could add it to the bookmarks again, but it won't get removed from the bookmarks tl, even when refreshing.
Hey I have a question. I can't seem to get posting to work in the invisible interface with the Win 11 keymap. I tried editing the keymap, because the default keystroke is used by OneNote, which I hate by the way, but still, it comes up. I tried tro edit it but it didn't work.
This is really cool! Thanks! Suggestion, spell check would be amazing if you could. I found myself using TWBlue's a lot even to check quick for some other task.
It didn't let me edit the keymap. What I mean is, I edited it but it did not seem to use what I put in. It saved it, but the keystroke itself didn't work. @jackf723 even helped me. We ended up disabling the OneNote tray agent so I can use the default one, but it's perplexing why I couldn't have it work when I changed it in the keymap.
Quick question for you. I've been taking the files from the zip file and copying them to the original FastSM folder. I assume I need to do that to preserve my settings. Is this correct or can I just unzip the latest version and run it from there? Thanks!
@ivan_soto yep, good idea, and it seems telegram is going back more than before with a11y, android users have bugs and issues with the accessibility too as i heard from my friends. I think using flutter can works?
very odd. I'm assuming you're calling accessible_output2.outputs.auto.Auto() to initialize? I just made sure NVDA's live regions for raille are enabled which I believe affects this, and compared against TC. TC works, fastSM not yet. So either your change isn't in the build somehow, or something odd is afoot :)
@kev I was doing that, but I couldn't work out which sound to do for which event, like for instance on TC I have sounds for new toot, new DM, new notification and so on, but its formatted differently. I might need help with that, I managed to sort out about 10 sounds, but I might have to put up a link to a dropbox thing of it so one of you could help me with it. Not just that, I also got sidetracked as I needed to get something else done lol.
@kev No there's some differences, I've been trying to make my Galaxia soundpack for FastSM but getting a bit confused with some of the filenames and can't figure out some of it.
@kev I agree, I've been tempted to move away from Tweesecake as a client for a while now, he needs to be more communicative and stop keeping his shit behind closed doors like this.
was gonna make some Soundpacks for it if it supported them besides the default one. I’m in love with Go Tweeting! I guess, since I have to make a version of that soundpack for everything I use. Also, usually I use option+left or right when editing on Mac to go to previous or next word, but in the app it goes to the previous or next timeline even when I’m in an edit field.
I'm not sure why but I had to manually update from 0.2.2 to 0.3.0. It just didn't do a thing when I hit check for updates. I fight with my updaters so I know the struggle is real. The errors file was open when I tried to start from an empty one to get you errors for it, but nothing showed up.
Hi, just tested it, this early release seems to work remarkably well! Just noticed it looses accented characters in the account.display_name. Example: frédéric appears like frdric.
Trying FastSM. Seems like a very decent piece of software, for such an early stage, kudos! I wanted to hug you immediately when I saw templating system implemented at this stage!
BTW, can you please test Alt+Windows+A for adding users to a list? In invisible interface, I mean? It doesn't seem to work here for some reason. Also a question: the app itself is portable, but where are user data stored?
@menelion Win alt A works here. Also, by default the app data is in %appdata%\FastSM. You can move this FastSM folder into your app folder and rename it to userdata to make the app run completely portably.
I have a bug in FastSM .3.0 when adding a custom timeline such as favorites it addes it but when restarting the app its no longer shown and trying to add it again gives the error that it's already open.
I did a bit of spelunking on this myself, it looks like the issue might be in the Auto class within accessible-output2, not your code :) As an experiment, can you add: speaker.braille(text) below speaker.speak(text) in speak.py? should fix it :)
I will say that our puppy socks has the cutest little bark ever. I’ve got a recording of it sitting in my Voice Memos. But I think he’s gonna be one of those dogs that likes to be around people. He tends to whine or follow us around the house when we’re moving around and doing other things. He just loves being around all of us. and he loves to play first thing in the morning when we all wake up.
@Bri yes. Never owned a dog before so this is our first time. He’s only two months old. But when he gets playful, he’s pretty crazy. Every time my mom puts him on the couch. He just loves to jump off it. Plus, he’s at that age now where he’s starting to chew on things.
Grimalkin's Fall Festival Virtual Day is now archived for all to see!! Catch many new artists, the youth of Girls Rock Camp D. C. and my own band Rainbow Portal in this multimedia extravaganza! #music #live_music #musician #musicianLife archive.org/details/grimalkin-…
Okay so tonight I have to brag. So with Termux, Emacs, and Emacspeak, there were 2 big problems I still had from when I got AI to rig DecTalk up. First, the tone used for "blank line" and indentation was not working. Second, after a while the Emacspeak sounds would stop working even though DecTalk still was. So, Claude Code, Opus 4.5, fixed the tone issue, something about sox and Termux specific stuff, and made the Emacspeak sounds thing less of an issue than it was. It still happens, but on first launch without putting Termux in the background and such, it stays alive.
The coolest part, I was using Claude Code inside of Termux on the bus going out to eat. And by the time I got home, it was all fixed!
Across the U.S., people are rising up against ICE raids and state violence—and the risks are real.
Peaceful protest is a constitutional right. But this Trump regime has made clear it will not respect that right when power is challenged.
I wrote 13 Rules to Protect Yourself While Protesting to help you stay safe, protect one another, and show up with purpose and clarity as we defend our communities.
Please read & share widely. Our safety depends on each other.
Read and share as communities across the United States rise up against ICE raids and state violence
Peaceful protest is enshrined in the Bill of Rights.
I am curious, so today, lets do some Mastodon research on typing verbosity on your #ScreenReader, when typing on a physical keyboard. What is your Typing echo set to? #accessibility #a11y
I voted "Characters" because it's what it's set to right now, but I change it extremely frequently. Always between characters and off, though; never words in any form.
I should say that my previous explanation was for NVDA. On iOS I usually have it set to words to detect when autocorrect has changed them.
I absolutely feel faster with it set to off as well though. I just turned it off to type this reply, but like to have character echo when doing anything with numbers, dates, etc.
@jscholes Indeed, my iOs braille screen input is set to words, because making typos there is less obvious than on a physical keyboard. No autocorrect for Estonian on iOs though so it doesn't change what I type.
@jscholes very limited sample size and not with any allusions of it being scientific, but I have found through teaching both children and adults how to type, that one of the biggest ways they improve their speed is by turning offany sort of typing echo.
You cannot just write "potato is being blocked on my laptop" as the subject of your support request, and then just leave it at that. I don't know, either. Knowing computer people though, there are probably seven different incompatible versions of potato, and "potato" could be anything from a word processor to a network diagnostic tool. You thought I was joking, huh? So did I! But googling for potato software reveals an AI tool for biologists, some kind of audio mixing tool, an instant messenger, a text annotation tool, a background transcription tool, and more. All of these programs are all called just "potato". Also, the AI answers above the search results happily tell me, with no context: "Start using potato in your project by running npm i potato. The children components of your potatoes may themselves have components and your potatoes might rapidly look like small tree-like structures of components." I'll...get right on that. Potatoes that look like trees and have children is the one thing all of my projects are missing!
@MostlyBlindGamer But I'm not disappointed that the package description does nothing to explain why the package exists, why it's better, or why it should be used over the dozens of other ORM-like options.
@Bri It seems like their focus is really on the invisible interface, the GUI has lots of access key conflicts and for instance I can't tab to reply on the notifications buffer, it just has a post button and dismiss button.
@Bri Also, I can't figure out, when I get mentions, I'm hearing mention sounds plus what sounds maybe like a added to favorites sound? Or is there a general event sound? It's like 3 sounds at once and hard to discern.
@Bri @Kaliah Ok, I hit view conversation on this, to see if I can view the whole thread, and it played the noise, but I can't see it in the list of items in the tree.
@Bri @Kaliah Ok, I just tried it again, and now pressing view conversation doesn't even work, it just brings me back to the window and doesn't pull anything up in the tree, and it doesn't make a noise either.
Last boost, okay, this is messed up. Look, I don't like ICE as much as the rest of us but still, these people are going to be fighting for their lives. Would yu like it if someone doxxed you so people could potentially do bad things to you? My guess is no. #UsPol
@fastfinge Where are the consentration camps? No, I'm serious, where are the *actual* camps? and I'm not talking about the detention facilities. There are no people being murdered outright in there.
This is exactly what the Germans said during world war II. If you don't believe Alligator Alcatraz, and the detention centers ICE is running in Honduras, are concentration camps, you are just like the germans who claimed they were "just following orders". Your president is actively planning an armed invasion of my country of Canada, so don't expect any simpathy from me. Let's hope there will eventually be an equivalent of Nuremberg trials, and all of you enabling the modern SS will also get the justice you deserve.
I've gone through @bce 's product purchase process, including product browsing, configuration, adding to cart, viewing cart, and checkout pages to make sure they are accessible to screen reader users. I've replaced all tables with hierarchical headings, and made sure all inputs are labelled. I'm testing with LibreWolf on Debian with Orca. If any blind users out there could test with their setups and have any feedback, it would be greatly appreciated! Thank you!
I don't have a reliable way to reproduce, but NVDA sometimes activates the audio ducking and never releases the volume until I restart NVDA. I even have no ducking mode set in Audio Settings. Anyone has this issues? I'm using NVDA 2025.3.2 on Windows 10. @NVAccess
As others said, turning Narrator on will do this, but you don't need to restart NVDA. Cycling audio ducking on and back off with NVDA+Shift+D will also fix that.
@NikJov It looks like it might be this issue we have on our tracker? github.com/nvaccess/nvda/issue… Please do add any extra info not already covered there to the issue
Steps to reproduce: Set NVDA's audio ducking option to "Always duck". Set some music / audio playing on the PC Press WINDOWS+PLUS to start Windows Magnifier Actual behavior: At step 3, the playing ...
und das, wo ich für meine Liebe zum #Fediverse hier immer eher belächelt wurde 😍 habt den Tag schön 🍀
greem (Graeme, not Graham)
in reply to daniel:// stenberg:// • • •Good decision.
I don't think it will stop the slop though 😔
daniel:// stenberg://
in reply to greem (Graeme, not Graham) • • •greem (Graeme, not Graham)
in reply to daniel:// stenberg:// • • •Benjamin Balder Bach
in reply to daniel:// stenberg:// • • •thanks for curl! ❤️
did the "bad faith" genre grow with the introduction of AI?
daniel:// stenberg://
in reply to Benjamin Balder Bach • • •Gato Negro
in reply to daniel:// stenberg:// • • •Ingvar
in reply to daniel:// stenberg:// • • •Ben Tasker
in reply to daniel:// stenberg:// • • •Tom Walker
in reply to daniel:// stenberg:// • • •flaxo
in reply to daniel:// stenberg:// • • •Josh Bressers
in reply to daniel:// stenberg:// • • •x41h
in reply to daniel:// stenberg:// • • •and knowing is half the battle. GIJOE!
Sorry couldn't help myself.
Jordi Boggiano
in reply to daniel:// stenberg:// • • •I totally understand the move. When running web apps with bounties this has been an issue even before AI as there are so many things of little to no value one can report.
Anyway just saw you'll be at FOSDEM, looking forward to see you rant about sloppy security reporters in person ;)
not Evander Sinque
in reply to daniel:// stenberg:// • • •buhtz
in reply to daniel:// stenberg:// • • •Hello @bagder ,
I wonder if moving to a less crowded code hoster might lower the maintenance burden related to AI crap ?
I am sure you are aware of @Codeberg for example.
At @backintime we also have to deal with low-quality (student) and AI-crap PRs. Moving the project to @Codeberg is one item of my todo list.
For all #foss maintainers I hope we can find a way.
daniel:// stenberg://
in reply to buhtz • • •buhtz
in reply to daniel:// stenberg:// • • •But your project is big and popular and still will attract a bunch of "contributors" providing low-quality issues and PRs burning your maintenance resources.
daniel:// stenberg://
in reply to buhtz • • •First: we have not cut anything, we have a proposal about doing it end of January.
Then: we plan to shut down the curl bug-bounty, which is what pays security researchers for reported confirmed security vulnerabilities. Today we get those reported through Hackerone.
There is no perceived problem in the curl project related to issues or PRs on GitHub and we do not intend to change anything in regards to them at this point.
(cont)
daniel:// stenberg://
in reply to daniel:// stenberg:// • • •buhtz
in reply to daniel:// stenberg:// • • •Thank you for clarify that. I thought hackerone is just something like a secondary issue tracker targeting on security issues. Aren't there security issue reports direct on the Microsoft GitHub issue tracker?
Microsoft (GitHub) is sponsoring curl? Give me a number and lets see if we can find an alternative. 😋
daniel:// stenberg://
in reply to buhtz • • •> Aren't security issue reports direct on the GitHub tracker?
No. As they need to be kept private until assessed (and possibly dealt with).
> GitHub is sponsoring curl?
Yes.
> Give me a number
North of 10K USD/month.
buhtz
in reply to daniel:// stenberg:// • • •And this +10K is used for CI, not for your living expenses? The latter is payed by wolfSSL, according to the website?
I think +10K per month might not be a big deal for some other CI companies around. Especially when it is a popular project like curl which they can also use to polish up their image.
Thank you for sharing.
daniel:// stenberg://
in reply to buhtz • • •> I think
You think.