Uploaded from my Facebook account, this is a small video of me playing Forza Horizon 5 and starting a mission and finishing a mission. Blindness accessibility features have been enabled.
streamed yesterday: one-hour german #chaosradio @cccfr freiburg feature at @RDL with a deep-dive conversation about #deltachat origins, what it has and hasn't to do with e-mail, protection against server compromise, phone based compared to e-mail networking, how to conspire for baking cheese cakes, authoritarianism and sovereignty, protest and organization, how to arrange for shopping and checklists in chats ... and fun music :)
Tonight's weird tech question: Is there a DOM API/JavaScript hack of some sort I can use to track, save, and restore the screen reader's position in a relatively static HTML document? Say, for instance, you were reading a book in an HTML document with your screen reader, then closed the window. Now imagine that window was an app, and I wanted to make certain your position was restored when that app opened again. Is there an API I could hook into for that?
It's not quite focus, because that'd require tabindex. It probably isn't one of the text properties, right? Because you're not exactly in charted territory when you're arrowing through a paragraph not in a writable element like an input or textarea. Can I track that at all?
No. The closest thing to an automatic solution to that is probably tracking scroll position, and you may or may not be able to make that more granular by making the text quite big (I haven't tried). But even then, the best you're gonna be able to achieve is to track the closest element and put focus back there to restore the position, without character-level accuracy.
I know that Mozilla and NV Access have done some work to allow selection of text within the NVDA browse mode buffer to be communicated to the browser for on-page actions that require a selection. But: 1. That doesn't work across browsers; and 2. your use case seems targeted at reading, not selecting.
Thanks, that's what I was thinking. And just to check an assumption, setting the scroll position won't update the screen reader's position in the doc--I'd have to use focus shenanigans for that?
For context, this is my attempt at a document reader that saves/restores position when the document is closed/reopened. I don't think I need character accuracy, or even paragraph accuracy, if I can open books or longer documents to roughly where the reader closed out.
FWIW I'm not just being lazy and asking, I'm trying right now and it isn't working, which I suspected it wouldn't. It's also possible I'm using my web framework wrong or that something is behaving silly under Linux.
This is, as far as I know, the primary reason why QRead, Christopher Toth's book reading app for Windows, uses a rich edit and not a web view; the rich edit has a caret, so the application can save and restore its own cursor position. The screen reader's virtual cursor is invisible to the application.
You can sort of try and hack this by giving all your divs a negative tabindex and then calling .focus on them, we tried this a few years ago when thinking about QRead web, but the biggest problem is the inaccuracies. I'm okay with being a paragraph back in a book, but not a paragraph forward, and because of the nature of screen readers and the DOM we'd likely get the latter in a lot of cases.
There are some instances in which a webpage can move the scroll position without explicitly setting focus to the target element, and have the screen reader's reading position follow. But that can be less reliable, particularly if the target element is visually obscured, and setting focus is a more explicit/guaranteed way to do it.
Note that if you're setting focus to things like headings and paragraphs that aren't focusable by default, you'll need to dynamically inject a `tabindex="-1"` for the best results.
Perfect, thanks, thinking I'll just try grabbing the first visible element after the last-saved scroll position and do the tabindex dance to position the screen reader. Not character-perfect but good enough for my purposes.
UI Automation (UIA) is Microsoft’s recommended accessibility framework for Windows, replacing the earlier Microsoft Active Accessibility (MSAA) framework. De...
amazing overview, I guess it's a good reference on knowing how browser render page, particularly your cash the world article. also I love these *Must read* for web developers: how modern browsers work by Mariko Kosaka
Closing in on the first big milestone of Exchange support in @thunderbird! One of the last major items on our list before the next big step is the ability to copy folders - including from outside an Exchange account into one - and I've just managed to get it to work locally. It's not fully done yet, and there's still more work needed elsewhere before everything is ready to test, but it's good progress regardless 😁
The colours in the video are a bit naff, I blame the screen recording tool.
I wrote a CLI tool wrapping the NVDA.zip API, so you can just run nvdl to download the latest NVDA version, nvdl alpha to download the latest alpha, etc. It works on all platforms, and on Windows you will be asked if you want to run the installer after downloading. You can also use -u or --url to get the download URL only, not actually download the installer. github.com/trypsynth/nvdl
Just last week, two people asked me if I could help them set up a #Nextcloud service and move their data off of the big US tech clouds. It may still be small, but the trend is real.✌️
@stooovie Hard to say. I don't cancel the accounts for them, but they usually pay for it and it wouldn't be very economical for them to keep it running.
@WoundClad @stooovie Getting it for free? Certainly not with the amount of data they have. I didn't mean Nextcloud installations on their premise. I do it for myself, but I don't think it's good every one, actually it isn't for most. By "setting up a Nextcloud service" I mean picking something like Hetzner Storage Share and setting it up the way it works for them like the old solution.
A few years ago, I wrote a web audio game based on an old Eureka A4 game called Aliens. The original version was purely audio. I just added some visualisation to see whether it would be potentially more engaging (and easier to learn) for sighted folks. Given that I'm totally blind and not particularly adept with CSS, the visualisation is kinda crappy, but I got my kids to help me check that it at least works. I haven't had anyone with sight test it on mobile, so it's likely completely broken there and thus I'd recommend desktop for now. Anyway, here it is if anyone's interested: files.jantrid.net/aliens/
@KaraLG84 Haha. They don't kill you though. If you miss them, you just miss out on bonus points. They can confuse you though when there are a lot of other things happening.
@KaraLG84 The original game had a slightly different sound for commanders. I might need to do something like that here, though I'm not sure it'd make things easier, just more interesting. What do you think?
Bummer. Last week our OpenTechFund contract was not signed but suspended along with OTF itself. Shit happening overseas.
However, we wouldn't deliver resilient messaging infrastructure and apps if we weren't a resilient and fun community. We never had much money to begin with, and are graced with great pro-bono contributions.
We are now looking for other public funding but it takes time. Meanwhile it'd be great to get intermittent help via a wealthy donor or small tips delta.chat/en/donate
Donate Money Help Delta Chat develop and grow as an independent project serving the people who use it: IBAN DE86100777770428658900, Account owner (please always specify): Björn Petersen, BIC NORSDE...
Haven't seen this widely talked about beyond the Ableton Access mailing list but having just tried this for myself this needs more recognition. For any Live users, we have what I think might be the first fully accessible Max4Live device, and it's a very useful one at that because it's a audio meter, which supports reading both true peaks and all of the Lufs values, either in realtime or by processing a file. It also supports normalising files, and after you turn it on the hotkeys are global so you can keep checking the levels IE wile you mix. The developer is also intending to release the libraries he developped that aid in communicating with screen readers which will no doubt be very helpful in making future Max4Live devices more accessible. youtube.com/watch?v=jGE4zHv-1k…
Download Flufs here https://iftah.gumroad.com/l/flufshttp://instagram.com/iftah.gabbaicheck out tim burgess herehttp://www.raisedbar.net00:00 - 01:23 - Intro...
Saw this on Reddit about a week ago and been meaning to download it. The Maxess externals have been released as well: maxforlive.com/library/device/… Now all that's left is for Max to become accessible so blind devs can jump in.
@ZBennoui Great, gonna bookmark this for future advocacy efforts :) In general there are still some M4L widgets that need to be made accessible for general users, like buttons, if those are even a thing - I haven't looked at the developer documentation. For example the new expressive chords device that was just released should have a button to import the selected clip as a set of chords but you can't find it with a screen reader, and I think that's more important to do first.
Oh yeah I noticed some devices seemed to be missing controls, but I just thought the devs were using something custom. Hope Ableton is working on that.
Have made my first ever experience with the package pickup stations of the Austrian post last weekend. They have been made accessible to the blind. The procedure is as follows: 1. You receive a physical notification about a package being dropped off at a station in your mailbox. 2. The notification has one of its corners cut off to make a tactile difference. This way you can tell where the code you need to scan is located. 3. You go to the pickup station. The tactile flooring inside will guide you to the stations. 4. You touch anywhere on the touch screen of the station. 5. You touch again, this time the area above a circle shape that can be touched on a strip below the screen itself. 6. The voice guide is activated and issues further instructions. 7. You place the code on your notification in front of the reader. 8. Assuming it has been scanned correctly, you proceed to signing the delivery confirmation on the touch screen. How you can do it without seeing the screen is still a mystery to me but I guess anything you draw is accepted by the system. 9. The locker opens and makes a ticking sound until you find it, remove your package and shut the door. I still find the way of opening it with a mobile app that some providers in other countries offer far easier but it's great those are ready for use even if you don't want or can't use a smartphone. #Accessibility #Blind
Edit: This post is based on outdated information which is no longer relevant. I apologize for the confusion. NVDA Remote was merged into NVDA for the upcoming 2025.1 release. This sounds like something to be happy about, but read on.
Now every new feature and change has to go through NV Access to get approved, which is a lot more work than adding your feature to an addon.
Why not create a separate addon? As said in #17703, they plan to remove the ability for addons to run on secure screens in the future. If this happens, nothing like Remote can ever be created again without the blessing and cooperation of NV Access. Instead of empowering developers and users by allowing them to choose which addons are usable on secure screens, NV Access plans on disabling them. Merging this just gives NV Access more leverage to meeting this goal. Their reason might be something like now that Remote is merged, we don't need addons there anymore because the interaction time is so short.
You might say that NVDA is open source, so someone can just modify the features they don't like. That's true, but it has to be signed for UI Access to work correctly, so someone would have to pay quite a bit to fork it and do their own thing. You then also have the problem of a fragmented community between NVDA and the new one.
The advantage with Remote merged in is that the users will be able to use Remote without an extra download, but we're going to be stuck with whatever NV Access gives us. I guess we'll see what they turn it into.
2/2 We understand users may need to run add-ons on secure screens. We are also keenly aware that allowing arbitrary code to run on secure screens can be a risk. We are building a way to allow users to run add-ons in secure contexts safely. We are working to give users more options to customise their level of security & have no plans to stop add-ons running on secure screens. As always, we encourage feedback, particularly where we have announced something & may not have considered all use cases.
@alexchapman @meatbag We'd be happy to take any concrete feedback you have on exactly what has gone downhill? (Steps to repro, comparison with 2024.1, etc)?
@fireborn We aren't disabling add-ons on secure screens. If @tspivey had raised any concerns with us, we could have explained, but please see our reply here: fosstodon.org/@NVAccess/114187…
Thanks to @BTyson for tagging us. We can't respond if we don't see a post. NVDA is a community driven project, and one of the roles of NV Access is to help ensure that people can trust the software. There are several projects currently underway that touch on this. We are working on a more customisable & secure corporate mode for enterprise users. We are also working on a comprehensive & secure add-on runtime & API (which will also help prevent yearly API breaking changes). 1/2
Wow, not even synthesizers? Or what if there actually are Braille display driver add-ons? The infra for those exists, even if I haven't yet encountered any in the wild. Also speech history. I'll probably just keep using tele NVDA if their integration of this doesn't break any such add-ons.
@x0 We aren't disabling add-ons on secure screens. If @tspivey had raised any concerns with us, we could have explained, but please see our reply here: fosstodon.org/@NVAccess/114187…
Thanks to @BTyson for tagging us. We can't respond if we don't see a post. NVDA is a community driven project, and one of the roles of NV Access is to help ensure that people can trust the software. There are several projects currently underway that touch on this. We are working on a more customisable & secure corporate mode for enterprise users. We are also working on a comprehensive & secure add-on runtime & API (which will also help prevent yearly API breaking changes). 1/2
Now, if they do end up making a corporate version of NVDA which comes with add-ons hard disabled, I wouldn't object. Security departments are worried about arbitrary code execution and it isn't entirely unfounded. I wouldn't take it for a malware target but it might allow you to break out of a sandbox. A useful signing mechanism would be nice to bring in synth drivers and app modules approved by higher ups.
@x0 We ARE working on a corporate mode, and more secure add-on API to address these concerns AND allow users to still do everything they need. Please see fosstodon.org/@NVAccess/114187… for more information.
Thanks to @BTyson for tagging us. We can't respond if we don't see a post. NVDA is a community driven project, and one of the roles of NV Access is to help ensure that people can trust the software. There are several projects currently underway that touch on this. We are working on a more customisable & secure corporate mode for enterprise users. We are also working on a comprehensive & secure add-on runtime & API (which will also help prevent yearly API breaking changes). 1/2
@KyleBorah @x0 We regularly liaise with corporate IT departments using NVDA and haven't encountered a company or IT department in at least 10 years worried about NVDA because it's open source. If you can provide concrete details to us of specific organisations with concerns (privately) we'd be grateful. In the meantime, please see this section of our corporate pages which links to multiple international company & government policies encouraging open source: nvaccess.org/corporate-governm…
Government and corporate users have specific requirements around security and documentation. NV Access is pleased to work with organisations around the world. This page contains documentation and …
@KyleBorah Ah. Wait, they specifically don't trust FOSS things because the code is available as opposed to them paying for something propriotary? I know NVDA is a bit too big to audit, but if someone is concerned, isn't FOSS better for transparency than propriotary? Plus it isn't as if loads of modern corporate infra isn't built on it. I guess it jsut seems weird to me that an IT department would inherently distrust open source given how far it's spread into even the corporate world.
@x0 @KyleBorah We regularly liaise with corporate IT departments using NVDA and haven't encountered a company or IT department in at least 10 years worried about NVDA because it's open source. If you can provide concrete details to us of specific organisations with concerns (privately) we'd be grateful. In the meantime, please see this section of our corporate pages which links to multiple international company & government policies encouraging open source: nvaccess.org/corporate-governm…
Government and corporate users have specific requirements around security and documentation. NV Access is pleased to work with organisations around the world. This page contains documentation and …
@alexchapman @KyleBorah @x0 We regularly liaise with corporate IT departments using NVDA & haven't found a company or IT department in at least 10 years worried about NVDA because it's open source. If you can provide concrete details to us of specific organisations with concerns (privately) we'd be grateful. In the meantime, please see this section of our corporate pages which links to multiple international company & government policies encouraging open source: nvaccess.org/corporate-governm…
Government and corporate users have specific requirements around security and documentation. NV Access is pleased to work with organisations around the world. This page contains documentation and …
@x0 we might need to make our voices heard about that. I don't have that much knowledge on how this works, but while I think it's ok to think about being able to block it in some way that would be very difficult to get around on specific computers or user accounts, my own computer if I want to run add-ons in secure environments, then I should be able to.
@valiant8086 @x0 We aren't disabling add-ons on secure screens. If @tspivey had raised any concerns with us, we could have explained, but please see our reply here: fosstodon.org/@NVAccess/114187…
Thanks to @BTyson for tagging us. We can't respond if we don't see a post. NVDA is a community driven project, and one of the roles of NV Access is to help ensure that people can trust the software. There are several projects currently underway that touch on this. We are working on a more customisable & secure corporate mode for enterprise users. We are also working on a comprehensive & secure add-on runtime & API (which will also help prevent yearly API breaking changes). 1/2
This is bad news for Eloquence users who use Eloquence for secure screens. Luckily, I'm not one of such users. Usually, I use my default configuration. But I have a few friends who use Eloquence for everything, including their secure screens. I mean, porting IBMTTS into the core of NVDA would be a bit ridiculous, as I previously stated, I do not use Eloquence. I know some people who would say otherwise though.
@mckensie We aren't disabling add-ons on secure screens. If @tspivey had raised any concerns with us, we could have explained, but please see our reply here: fosstodon.org/@NVAccess/114187…
Thanks to @BTyson for tagging us. We can't respond if we don't see a post. NVDA is a community driven project, and one of the roles of NV Access is to help ensure that people can trust the software. There are several projects currently underway that touch on this. We are working on a more customisable & secure corporate mode for enterprise users. We are also working on a comprehensive & secure add-on runtime & API (which will also help prevent yearly API breaking changes). 1/2
@BTyson Brandon, firstly thank you for tagging us in this thread. We are disappointed that this was created rather than asked privately where we could have cleared it up AND we weren't even tagged in it... So, we aren't disabling add-ons on secure screens. You'll have seen our original reply, but linked again here just in case it's useful: fosstodon.org/@NVAccess/114187…
Thanks to @BTyson for tagging us. We can't respond if we don't see a post. NVDA is a community driven project, and one of the roles of NV Access is to help ensure that people can trust the software. There are several projects currently underway that touch on this. We are working on a more customisable & secure corporate mode for enterprise users. We are also working on a comprehensive & secure add-on runtime & API (which will also help prevent yearly API breaking changes). 1/2
@BTyson By the way, Which synthesizers do you know of which support languages eSpeak-NG / OneCore don't support (or don't support well)? Not doubting it - in fact the opposite and trying to keep track of resources which users may find useful.
@vol4life8657 @BTyson We aren't disabling add-ons on secure screens. If @tspivey had raised any concerns with us, we could have explained, but please see our reply here: fosstodon.org/@NVAccess/114187…
Thanks to @BTyson for tagging us. We can't respond if we don't see a post. NVDA is a community driven project, and one of the roles of NV Access is to help ensure that people can trust the software. There are several projects currently underway that touch on this. We are working on a more customisable & secure corporate mode for enterprise users. We are also working on a comprehensive & secure add-on runtime & API (which will also help prevent yearly API breaking changes). 1/2
@BTyson @NVAccess I fully concur with all the points mentioned. I will refrain from updating my version of NVDA should this transpire. Although integrating NVDA remote as a component of the primary NVDA package might seem beneficial, the resultant compromise is not advantageous for the end user. It is almost as if the argument is that they will be provided with NVDA remote and other crucial add-ons deemed important, but are restricted to downloading add-ons solely from the specified add-on store, and your only screen reader open to you is NVDA at startup. I acknowledge that the latter point is somewhat exaggerated, however, in my view, there should be no reason for users to be restrained from using their preferred speech synthesizer on the UAC screens or at startup. From a user's standpoint, even contemplating such an idea is illogical.
@patricus @vol4life8657 @BTyson We aren't disabling add-ons on secure screens. If @tspivey had raised any concerns with us, we could have explained, but please see our reply here: fosstodon.org/@NVAccess/114187… Please follow us for OFFICIAL information, and remember you can now also sign up to updates like our blog via email: eepurl.com/iuVyjo
Thanks to @BTyson for tagging us. We can't respond if we don't see a post. NVDA is a community driven project, and one of the roles of NV Access is to help ensure that people can trust the software. There are several projects currently underway that touch on this. We are working on a more customisable & secure corporate mode for enterprise users. We are also working on a comprehensive & secure add-on runtime & API (which will also help prevent yearly API breaking changes). 1/2
@vol4life8657 @BTyson @NVAccess yeah, are we turning NVDA into narrator now? please don't disable addons on secure screens, just don't! let me pick what addons I need, not some oh I'm going to restrict your freedom bullshit now!
@svenja @vol4life8657 @BTyson We aren't disabling add-ons on secure screens. If @tspivey had raised any concerns with us, we could have explained, but please see our reply here: fosstodon.org/@NVAccess/114187… Please follow us for OFFICIAL information, and remember you can now also sign up to updates like our blog via email: eepurl.com/iuVyjo
Thanks to @BTyson for tagging us. We can't respond if we don't see a post. NVDA is a community driven project, and one of the roles of NV Access is to help ensure that people can trust the software. There are several projects currently underway that touch on this. We are working on a more customisable & secure corporate mode for enterprise users. We are also working on a comprehensive & secure add-on runtime & API (which will also help prevent yearly API breaking changes). 1/2
@mckensie @BTyson We aren't disabling add-ons on secure screens. If @tspivey had raised any concerns with us, we could have explained, but please see our reply here: fosstodon.org/@NVAccess/114187… Please follow us for OFFICIAL information, and remember you can now also sign up to updates like our blog via email: eepurl.com/iuVyjo
Thanks to @BTyson for tagging us. We can't respond if we don't see a post. NVDA is a community driven project, and one of the roles of NV Access is to help ensure that people can trust the software. There are several projects currently underway that touch on this. We are working on a more customisable & secure corporate mode for enterprise users. We are also working on a comprehensive & secure add-on runtime & API (which will also help prevent yearly API breaking changes). 1/2
@jcsteelguitars @mckensie @BTyson We aren't disabling add-ons on secure screens. If @tspivey had raised any concerns with us, we could have explained, but please see our reply here: fosstodon.org/@NVAccess/114187… Please follow us for OFFICIAL information, and remember you can now also sign up to updates like our blog via email: eepurl.com/iuVyjo
Thanks to @BTyson for tagging us. We can't respond if we don't see a post. NVDA is a community driven project, and one of the roles of NV Access is to help ensure that people can trust the software. There are several projects currently underway that touch on this. We are working on a more customisable & secure corporate mode for enterprise users. We are also working on a comprehensive & secure add-on runtime & API (which will also help prevent yearly API breaking changes). 1/2
@mckensie @BTyson @NVAccess I'm not at all in favor of the plan to totally disable addons on secure screens. what if people use a particular speech synth that they prefer using and that's not built into NVDA? This is totally fucked and should be totally optional!
@Bruce @gocu54 @BTyson We aren't disabling add-ons on secure screens. If @tspivey had raised any concerns with us, we could have explained, but please see our reply here: fosstodon.org/@NVAccess/114187… Please follow us for OFFICIAL information, and remember you can now also sign up to updates like our blog via email: eepurl.com/iuVyjo
Thanks to @BTyson for tagging us. We can't respond if we don't see a post. NVDA is a community driven project, and one of the roles of NV Access is to help ensure that people can trust the software. There are several projects currently underway that touch on this. We are working on a more customisable & secure corporate mode for enterprise users. We are also working on a comprehensive & secure add-on runtime & API (which will also help prevent yearly API breaking changes). 1/2
@LeonianUniverse @Bruce @gocu54 @BTyson Only sudden if it were true - and if it were, we'd announce it, officially, ourselves.... We aren't disabling add-ons on secure screens. If @tspivey had raised any concerns with us, we could have explained, but please see our reply here: fosstodon.org/@NVAccess/114187… Please follow us for OFFICIAL information, and remember you can now also sign up to updates like our blog via email: eepurl.com/iuVyjo
Thanks to @BTyson for tagging us. We can't respond if we don't see a post. NVDA is a community driven project, and one of the roles of NV Access is to help ensure that people can trust the software. There are several projects currently underway that touch on this. We are working on a more customisable & secure corporate mode for enterprise users. We are also working on a comprehensive & secure add-on runtime & API (which will also help prevent yearly API breaking changes). 1/2
@Bruce @gocu54 @NVAccess @BTyson Yeah, this seems kinda sudden if you ask me, why would they restrict peoples' freedom like this all of a sudden? I'm glad I switched to Jaws for the most part, that's for sure.
@x0 @Bruce @gocu54 @BTyson No... because we're not quite sure where Tyler got this from... Rest assured we will continue to encourage community feedback about any change like this...
@x0 @Bruce @gocu54 @BTyson Ah well in that case, this must be documented in our Roadmap.... No... Our Blog? No.... Our own social media posts..... No? Hmmm.... Maybe .... just maybe.... this whole thing wasn't from us at all......
@jackf723 @alexchapman @x0 @Bruce @gocu54 @BTyson As previously mentioned, we aren't disabling add-ons on secure screens. If @tspivey had raised any concerns with us, we could have explained, but please see our reply here: fosstodon.org/@NVAccess/114187… Please follow us for OFFICIAL information; you can now sign up to updates like our blog via email: eepurl.com/iuVyjo
And for corporates wanting to block add-ons, they probably wouldn't allow add-ons with unclear licenses in any case.
Thanks to @BTyson for tagging us. We can't respond if we don't see a post. NVDA is a community driven project, and one of the roles of NV Access is to help ensure that people can trust the software. There are several projects currently underway that touch on this. We are working on a more customisable & secure corporate mode for enterprise users. We are also working on a comprehensive & secure add-on runtime & API (which will also help prevent yearly API breaking changes). 1/2
@fireborn @jackf723 @alexchapman @x0 @Bruce @gocu54 @BTyson We aren't disabling add-ons on secure screens, and certainly not for users who don't want it. If @tspivey had raised any concerns with us, we could have explained, but please see our reply here: fosstodon.org/@NVAccess/114187… Please follow us for OFFICIAL information, and remember you can now also sign up to updates like our blog via email: eepurl.com/iuVyjo
Thanks to @BTyson for tagging us. We can't respond if we don't see a post. NVDA is a community driven project, and one of the roles of NV Access is to help ensure that people can trust the software. There are several projects currently underway that touch on this. We are working on a more customisable & secure corporate mode for enterprise users. We are also working on a comprehensive & secure add-on runtime & API (which will also help prevent yearly API breaking changes). 1/2
@serrebi @jackf723 @alexchapman @x0 @Bruce @gocu54 @BTyson Don't worry, we aren't disabling add-ons on secure screens. If @tspivey had raised any concerns with us, we could have explained, but please see our reply here: fosstodon.org/@NVAccess/114187… Please follow us for OFFICIAL information, and remember you can now also sign up to updates like our blog via email: eepurl.com/iuVyjo
Thanks to @BTyson for tagging us. We can't respond if we don't see a post. NVDA is a community driven project, and one of the roles of NV Access is to help ensure that people can trust the software. There are several projects currently underway that touch on this. We are working on a more customisable & secure corporate mode for enterprise users. We are also working on a comprehensive & secure add-on runtime & API (which will also help prevent yearly API breaking changes). 1/2
@jackf723 @alexchapman @x0 @Bruce @gocu54 @NVAccess @BTyson Feels like that’s the point of all this. Hope someone forks it. I made portable versions of NVDA for a while, but I didn’t think I had the skills to deal with forking properly.
@alexchapman @serrebi @jackf723 @x0 @Bruce @gocu54 @BTyson If you want to fork it for your own interest, go ahead, but please don't do it based on unsubstantiated rumours. Also, if you would like to make contributions which would benefit the whole community, please do consider contributing them to the official NVDA project, that way they will benefit ALL users
@NVAccess @alexchapman @serrebi @jackf723 @x0 @Bruce @BTyson I honestly don't even understand the changes myself, nor do I knokw how to fork programs, as I don't even know what forking is.
@BTyson @x0 @Bruce @gocu54 As of now, we've seen one unsubstantiated rumour panic a heap of people on here, from someone who should know better and have approached us with their concerns first. The NV Access team have discussed this today and confirmed there are no plans even through 2026.x for anything this disruptive. If you have seen an issue which seems to state this, PLEASE share it as I am curious as much as anything now.
@x0 @Bruce @gocu54 @NVAccess The issue I was looking at for this said that the milestone is set for 2025.1, hence why I posted this now. My plan was to wait, but the milestone seemed to be set already.
@gocu54 @BTyson @x0 @Bruce Please see our initial response to this thread - we aren't disabling add-ons on secure screens. If @tspivey had raised any concerns with us, we could have explained, but please see our reply here: fosstodon.org/@NVAccess/114187… Please follow us for OFFICIAL information, and remember you can now also sign up to updates like our blog via email: eepurl.com/iuVyjo
Thanks to @BTyson for tagging us. We can't respond if we don't see a post. NVDA is a community driven project, and one of the roles of NV Access is to help ensure that people can trust the software. There are several projects currently underway that touch on this. We are working on a more customisable & secure corporate mode for enterprise users. We are also working on a comprehensive & secure add-on runtime & API (which will also help prevent yearly API breaking changes). 1/2
@BTyson @x0 @Bruce @gocu54 I'm not sure why you didn't bring your concerns to us instead of creating a needless panic in the community - but please do share this issue as we are curious now?
@NikJov @stirlock @BTyson Mike is right - don't panic just yet - we aren't disabling add-ons on secure screens. If @tspivey had raised any concerns with us, we could have explained, but please see our reply here: fosstodon.org/@NVAccess/114187… Please follow us for OFFICIAL information, and remember you can now also sign up to updates like our blog via email: eepurl.com/iuVyjo
Thanks to @BTyson for tagging us. We can't respond if we don't see a post. NVDA is a community driven project, and one of the roles of NV Access is to help ensure that people can trust the software. There are several projects currently underway that touch on this. We are working on a more customisable & secure corporate mode for enterprise users. We are also working on a comprehensive & secure add-on runtime & API (which will also help prevent yearly API breaking changes). 1/2
@stirlock @BTyson @NVAccess Or maybe wait until it happens and see how it transpires, and then provide your feedback? Personally, I can't imagine that there wouldn't be an exception for speech synthesizers/Braille display drivers, but let's wait and see. Other than that and kill NVDA in some cases, I don't really have any addons that absolutely must run for the 30 seconds that will take me to sign in/confirm UAC.
@Lino_JR @BTyson We could - even better, when someone has a concern about something they THINK we are doing, maybe bring it to us directly in the first instance, so we can respond, before taking it publically and needlessly scaring the community....
@evilcookies98 As long as you've got a workable screen reader & are happy. If you do switch between the two, our switching guide may be helpful: github.com/nvaccess/nvda/wiki/…
FWIW, we aren't disabling add-ons on secure screens. If @tspivey had raised any concerns with us, we could have explained, but please see our reply here: fosstodon.org/@NVAccess/114187… Please follow us for OFFICIAL information, and remember you can now also sign up to updates like our blog via email: eepurl.com/iuVyjo
Thanks to @BTyson for tagging us. We can't respond if we don't see a post. NVDA is a community driven project, and one of the roles of NV Access is to help ensure that people can trust the software. There are several projects currently underway that touch on this. We are working on a more customisable & secure corporate mode for enterprise users. We are also working on a comprehensive & secure add-on runtime & API (which will also help prevent yearly API breaking changes). 1/2
@NikJov the point is it leaves your preferences mostly intact. It doesn’t switch back to eloquence on speed slow as a snail just because you pull up the sign in screen.
@NikJov if your preference is not using some cruddy built-in voices, yes, it is. I don’t think you’re hearing me here. This isn’t just for fancy functionality.
@evilcookies98 @NikJov If you want to use Jaws, go for it - but NVDA lets you easily use your preferred speech settings on the sign in screen. If that's your main concern, I'd be happy to walk you through addressing it (and in any case, we'd be happy to hear any other concerns you do have you feel warrant changing screen readers - feel free to write to us at info@nvaccess.org)
@evilcookies98 My preference is my speech rate. About custom voices, we'll see what happens when it happens. I have no need to switch my screen reader over something that may happen in a year, but maybe it won't even impact me in any way, for instance maybe synth drivers will be an exception. I don't see the need to instantly jump to the worst conclusion possible.
@NikJov just because that’s your preference doesn’t mean it’s everybody else’s. Think bigger here. Also, what about our braille display people? They’re getting screwed too.
@evilcookies98 Nobody is getting screwed because the change isn't even implemented yet. When it goes to alpha, that's the time to provide feedback if your points aren't already in consideration. So, I can't actually think bigger, because there's nothing to think about. It's only an item on the roadmap.
@NikJov @evilcookies98 Ah that's the problem.... Did we say that? Please do point out where it says on our roadmap we are going to disable add-ons on secure screens? You'll find it here: nvaccess.org/post/nvda-roadmap…
NVDA Roadmap This document outlines NV Access’s planned development roadmap for NVDA and its supporting infrastructure. Priorities are grouped into short, medium and long-term time-frames. Th…
@NikJov @johann @evilcookies98 Because the default is user hostile. At least have it be users choice. The default, allowing these add-ons on secure screens, of course. Businesses that want things to be secure. Can check the box, or enable it on install somehow. This does not need to be the default.
@serrebi @johann @evilcookies98 To be honest, I really don't know of many open, or close source apps that provide the ability to run whatever custom Python code on the Windows sign-in screen. To be clear, I fully agree that there needs to be a way for speech synthesizers and Braille display drivers to run, but other than that, almost no add-ons are needed during the minimal amount of time on secure screens.
@NikJov @johann @evilcookies98 I agree with that, of course. I think it is interesting timing that remote got put in with an inconvenient shortcut command that I have come around too, and now we are talking about blocking out speech synthesizers some people don’t like us using from the logon screen. Not a good look for MVDA.
@serrebi @NikJov @johann @evilcookies98 I think I've driven home the original point, but just wanted to pick up the keystroke - I can't recall if there was discussion on that, but do feel free to comment on the issue / give us feedback on it - and of course, you CAN change keystrokes in NVDA's input gestures, as described here: nvaccess.org/post/in-process-2…
We’re nearly at the stable release of NVDA 2024.2! While we prepare, we thought we’d try something new – a table of contents so you can quickly find out / jump to the various articles i…
@serrebi @johann @evilcookies98 It doesn't have anything to do with someone liking or not liking a certain synthesizer. As for the remote shortcut, that's a highly individual item, for me, taking over the F11 key on its own was way more inconvenient, and with no way to change it without editing the source code. I switched over to TeleNVDA just for that. At least now, you can choose your own preferred shortcut.
We’re nearly at the stable release of NVDA 2024.2! While we prepare, we thought we’d try something new – a table of contents so you can quickly find out / jump to the various articles i…
@NikJov @johann @evilcookies98 Yes, I know the reason the feature is coming about is really about security, and not about eloquence, but just the timing of it all. I don’t see why it isn’t a checkbox, and something that could be enabled on install, or silently on install if it means so much to some people.
@serrebi @johann @evilcookies98 That's the thing. We don't know yet how it will work, just that it is a plan. The feature isn't here yet, so its details aren't known. I don't know if there will be a way to override it for advanced users, or not. No special timing involved too, this has been on the roadmap for a while, check the first issue about it I saw in 2022 at github.com/nvaccess/nvda/issue…
Overview There is currently no way to ensure that add-ons are secure to run. This is especially concerning on secure screens. When config is copied to secure screens, all add-ons are also copied. T...
@NikJov @serrebi @johann @evilcookies98 Ways of ensuring security, yes, but this particular issue was closed two years ago. If there IS a current issue proposing NVDA unilaterally disable all add-ons on secure screens which is triaged and assigned a milestone release, please do link to it....
Hello, dear NVDA developers! I have a suggestion for you. Since NVDA has the option to copy the current settings for use on secure system screens, clicking on the corresponding button in the "Gener...
@asael @pvagner We aren't disabling add-ons on secure screens. If @tspivey had raised any concerns with us, we could have explained, but please see our reply here: fosstodon.org/@NVAccess/114187… Please follow us for OFFICIAL information, and remember you can now also sign up to updates like our blog via email: eepurl.com/iuVyjo
Thanks to @BTyson for tagging us. We can't respond if we don't see a post. NVDA is a community driven project, and one of the roles of NV Access is to help ensure that people can trust the software. There are several projects currently underway that touch on this. We are working on a more customisable & secure corporate mode for enterprise users. We are also working on a comprehensive & secure add-on runtime & API (which will also help prevent yearly API breaking changes). 1/2
@cachondo We aren't disabling add-ons on secure screens. If @tspivey had raised any concerns with us, we could have explained, but please see our reply here: fosstodon.org/@NVAccess/114187… Please follow us for OFFICIAL information, and remember you can now also sign up to updates like our blog via email: eepurl.com/iuVyjo
Thanks to @BTyson for tagging us. We can't respond if we don't see a post. NVDA is a community driven project, and one of the roles of NV Access is to help ensure that people can trust the software. There are several projects currently underway that touch on this. We are working on a more customisable & secure corporate mode for enterprise users. We are also working on a comprehensive & secure add-on runtime & API (which will also help prevent yearly API breaking changes). 1/2
@RyanF Good pickup Ryan - if this HAD come from us, there would be a link to an issue, a PR, an item in our roadmap..... We aren't disabling add-ons on secure screens. If @tspivey had raised any concerns with us, we could have explained, but please see our reply here: fosstodon.org/@NVAccess/114187… Please follow us for OFFICIAL information, and remember you can now also sign up to updates like our blog via email: eepurl.com/iuVyjo
Thanks to @BTyson for tagging us. We can't respond if we don't see a post. NVDA is a community driven project, and one of the roles of NV Access is to help ensure that people can trust the software. There are several projects currently underway that touch on this. We are working on a more customisable & secure corporate mode for enterprise users. We are also working on a comprehensive & secure add-on runtime & API (which will also help prevent yearly API breaking changes). 1/2
@SeveraSnape Unfortunately (or acutally, fortunately) Tyler has the wrong end of the stick on .... wherever he got this from. We aren't disabling add-ons on secure screens. If @tspivey had raised any concerns with us, we could have explained, but please see our reply here: fosstodon.org/@NVAccess/114187… Please follow us for OFFICIAL information, and remember you can now also sign up to updates like our blog via email: eepurl.com/iuVyjo
Thanks to @BTyson for tagging us. We can't respond if we don't see a post. NVDA is a community driven project, and one of the roles of NV Access is to help ensure that people can trust the software. There are several projects currently underway that touch on this. We are working on a more customisable & secure corporate mode for enterprise users. We are also working on a comprehensive & secure add-on runtime & API (which will also help prevent yearly API breaking changes). 1/2
@gocu54 @alexchapman @serrebi @jackf723 @x0 @Bruce @BTyson No need to try to make your own fork for this, we aren't disabling add-ons on secure screens. If @tspivey had raised any concerns with us, we could have explained, but please see our reply here: fosstodon.org/@NVAccess/114187… Please follow us for OFFICIAL information, and remember you can now also sign up to updates like our blog via email: eepurl.com/iuVyjo
Thanks to @BTyson for tagging us. We can't respond if we don't see a post. NVDA is a community driven project, and one of the roles of NV Access is to help ensure that people can trust the software. There are several projects currently underway that touch on this. We are working on a more customisable & secure corporate mode for enterprise users. We are also working on a comprehensive & secure add-on runtime & API (which will also help prevent yearly API breaking changes). 1/2
Ok, I can clarify again, we are NOT removing the ability to run add-ons on secure screens. It was a thought awhile ago, we have moved on from this considering how it would impact users. The 2025.1 milestone was a false automated tag when the issue was closed. It was closed as a duplicate of #6305 & #12879 which are both still open.
@NVAccess thanks for the clarification! This once again shows that noone is safe from falling for Misinformation. I'm sorry that you have to correct it in so many Conversations right now.
@NVAccess @Aryan @fireborn @jackf723 @alexchapman @x0 @Bruce @gocu54 @BTyson I had a few reservations, said my bit and let the thread end. Not all of it was even about addons and secure screens. People took more out of it than I intended. I thought my original post was pretty clear that it was in the future, not a something to panic over right now thing, and I even included my source. Maybe it would've been better to wait until that actually showed up as a PR to comment.
@svenja And unfortunately there's only going to be more and more misinformation going around in future (not about us specifically, I hope - I just mean in general!)
@Aryan @fireborn @jackf723 @alexchapman @x0 @Bruce @gocu54 @BTyson You deliberately pulled a month old comment from an issue which was closed as a duplicate, ignored the referenced open issues & did not ask in the appropriate channels - ideally on the issue where the comment was made, or at least by email to us, or even tagging us. So no, I don't buy for a minute that you legitimately expressed a concern and let it be. You deliberately lit a fuse and waited for the fireworks. - Quentin
@NVAccess @x0 @Bruce @gocu54 In the original issue, Sean Budd states, "Note, we plan to remove the ability for add-ons to run on secure screens in the future," which was why I also wanted to tag NV Access.
@x0 @Bruce @gocu54 @NVAccess It was the one you posted, it said that it was added to the 2025.1 milestone, and so it was seeing that, plus that the issue was closed, that led to me posting this.
@BTyson @x0 @Bruce @gocu54 It looks like the way the issue was closed set the system thinking it was "completed" & added to the next milestone (2025.1). Though for THAT to be correct, it would need to have been closed by a pull request (addition of code actually addressing the sisue). The comment about future direction was, as noted, a thought at the time, which hadn't been at fleshed out yet. Since then we've changed that direction. It would only have taken a question to US to confirm.
@BTyson @x0 @Bruce @gocu54 And we are grateful you did, as the OP didn't bother - In fact, the best place to question that issue comment, if not the issue, would have been an email to US directly, not a public comment to everyone EXCEPT us. We had since considered the impact and alternatives and changed thinking, and would have been happy to confirm that if anyone had asked... (And yes, I've since commented on the issue to confirm that as well)
Thanks to a meetup at our local hackerspace @metalab , I have learnt about a web-based, open source, highly accessible video downloader frontend you can fire up at cobalt.tools. Really easy how it works: 1. You open the site; 2. you paste the link into the edit box; 3. You press enter; 4. The standard "Save File" dialog comes up. All the extra stuff like formats and qualities can be set in the settings and a choice between a video, audio-only or video-only version is offered under a button below the link input. #Accessibility #Blind
Oops, the list of supported sites has no spacing to the virtual buffer, causing an absolutely huge blurb of nonsense to get thrown at the SR. I should open an issue about that.
A very nice write up, I like the approach. I think the key is that he simply asked them for support. Lots of FOSS devs don't want to ask, I know that from myself. Asking for donations, or even nagging, is well know to work. Like Wikipedia. I wonder if it would be possible to eliminate the friction to donating so much that FOSS devs could make a living without having to learn how to run fundraising campaigns? Maybe it just isn't possible.
It feels quite uncomfortable that cloudflare is somewhat openly admitting to analysing login credentials that are going through the reverse proxy, and providing aggregated stats on it (without explicit consent of the user it appears?)
Based on Cloudflare's observed traffic between September - November 2024, 41% of successful logins across websites protected by Cloudflare involve compromised passwords.
Don't get me wrong the results are actually pretty interesting, but I just cannot think of a ethical way of doing this, and it feels kind of jarring that they just "did that"
Nearly half of observed login attempts across websites protected by Cloudflare involved leaked credentials. The pervasive issue of password reuse is enabling automated bot attacks and account takeovers on a massive scale.
Today I learned: If you use #Chrome and are annoyed by those "Sign in with Google" dialogs stealing keyboard focus on certain websites, you can disable it at the browser level.
In the address bar, type or paste in "chrome://settings/content/federatedIdentityApi" (without the quotes. You should land on the "Third-party sign-in" Settings page.
On that page, there'll be two radio buttons: "Sites can show sign-in prompts from identity services", and "Block sign-in prompts from identity services". Set it to the second one, and you should find that the problematic dialogs are no longer present.
@clv0 Yeah, it was not automatic, I had to set up some filter (or rule or whatever it's called) for this.
I can't remember exactly what I clicked on to set it up (lots of brain fog and memory problems!) but it works. I've seen others post about this solution, too.
@clv0 @ahimsa_pdx I *think* this should be blocked by one of AdGuard or Easylist Annoyances blocklist (i.e. both should work). I no longer see those banners at least.
🚀 Bringing a #1 hit back to life! 🚀This is my original 1996 chart-topping production of “Flava” by Peter Andre. After 30 years, I recovered the original Lo...
Hey guys, forget the world's problems for like three minutes and listen to this banger. This band is so good, gunna be stuck in my head for days. youtube.com/watch?v=zcImJyZ9K5…
I missed a very important anniversary. On February 25, 1925, the first recording session with a microphone took place. Prior to that, everything was recorded acoustically.
DJ THT - Broken Love is OUT NOW! Join my official playlist on Spotify now:➡️ https://bit.ly/harddancebeats-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- ...
Wow, that's a banger! I have to dive deeper into Hands Up, love the vibe. I got kinda bored by hardstyle / hardcore techno, but one song does still resonate with me a lot: youtube.com/watch?v=HBc1bV6LJa…
My first (and last) time making mainstream Happy Hardcore.Stream/Download: https://fanlink.tv/AtefLWDVideo by AnimeXStar Zhttps://www.youtube.com/channel/UCP...
I am smitten with DeltaChat... DeltaChat has been making massive strides lately and I think you should consider using it as your full time secure messenger.
Hi, this is Lothar aka lk108. I’m today’s guest on the blog and it’s my pleasure to introduce DeltaTouch, a third-party client based on deltachat-core-rust for the mobile phone OS Ubuntu Touch (UT)...
I mostly wanted to share lothar's blogpost in which he describes how easy it was for him to create a new client because the api of dc core is easy to understand.
Quickly read it but regardless of common misconceptions about deltachat, I cannot see a single advantage of it over SimpleX (my current top pick) or XMPP, and probably also KeyChat or Whitenoise on #nostr)
@gvs Simplex has two options for routing messages: the centralized SMP servers, and a 2-hop onion/Tor-like private message routing using forwarding nodes. Both of these are easily blocked if you want to shutdown access to Simplex for users.
XMPP: easy to block Anything using Nostr: easy to block
Shutting down all email services in your jurisdiction: much harder to accomplish
This is basically the only argument I keep seeing for DeltaChat. "But it's difficult to block because it's SMTP and that wouldn't be reasonable to block all email!". Which, could be true. But, it's also an unrealistic and exceedingly feeble argument for an otherwise wholly inferior architecture. @gvs
It's feeble because Simplex now defaults to port 443, which is also difficult to block as a whole. What ends up happening is that known service providers will get blocked and deltachat has 0 advantage again.
@gvs @adiz "known service providers" -- every email server is a DeltaChat service provider.
Do you think Russia is going to shutdown Yandex to stop people from using DeltaChat on it and cripple their own country's ability to use the internet?
The most they can do is demand all email servers in their jurisdiction block all encrypted emails, period, which requires custom technical solutions for each provider and will have severe consequences as well. Encrypted emails are not as uncommon as people think.
If I work in the government and want to be a whistleblower I could literally use my government email account with DeltaChat. Maybe they'll eventually detect that I'm using it, but they'll never be able to decrypt those messages.
They can be, but they keep and leak metadata. In some places, e-mail logs have to be stored for 2 years. So using your government e-mail account to use deltachat still reveals who you are talking too.
Neither does that argument negate that SimpleX now defaults to https traffic, which you think would be more likely to be wholesale banned then mail?
Nothing is going to convince me that DeltaChat (quirky email, basically) isn't a solution looking for a problem that doesn't perform as well, nor is as capable as, pre-existing, long-matured, well-established, purpose-built alternatives. @gvs
I don't know anyone outside of some niche Fedi circles who uses or knows what DeltaChat is. Meanwhile I am apart of and familiar to many thriving, populous XMPP, Matrix, and even IRC communities. I don't see any failure "in the field". 🤷 @gvs
Mail from and RCPT to cannot be encrypted. So all involved mailservers have a record who sends to who, when and size. In some places, those logs have to be kept years. @adiz
> You stated that any SMTP can be used for deltachat, so non chatmail servers have to be taken into account as well
Yes that's one of its strengths. They can't really block all possible methods of exfiltrating data securely.
Let's pretend they do successfully figure out how to get every email service in the country to block PGP mail? Delta controls the clients, they can just work around it. Unlikely but possible scenario: just generate random PNGs as attachments to innoculous mails and append the PGP data to the end of the PNG...
>You stated that any SMTP can be used for deltachat, so non chatmail servers have to be taken into account as well
And this continues to be the cruc of my argument. Everyone shilling DeltaChat does so with the disingenuous argument that "you can just use your existing email!"---which isn't really honest. There are major providers where it doesn't work. Assuming that does work, the recommended "best practice" is to have a separate email address entirely to use with DeltaChat vs. your primary, normal email address. And then, thereafter, to address all the performance issues associated with [*squints*]……trying to use email as an instant messenger platform……, and to utilize all the marketed features supposedly available immediately out of the box, the recommendations and solutions are to spin up, or have an account on, a specialized email stack.
By the time you do all of this one could otherwise be using an instant messaging protocol made for instant messaging.
Ultimately, the "sales pitch" is, dare I say, intentionally dishonest. @feld
@adiz @gvs best practice is to use a separate address, preferably a Chatmail server if possible.
But if you can't because you exist in an environment with extreme limitations, use your normal email.
That's it. That's the whole sales pitch. You lose some anonymity and only a little extra metadata is exposed, but still nobody can MITM your messages. Your conversations are still secure, plus you gain a TON of functionality.
Oh, now you want to do realtime collaborative editing of a document? Add the WebXDC app to your chat, and boom E2EE P2P connection established and realtime group text editing activated between all members. No need to use a third party service that may not even be accessible to some people in the chat.
Are all the features advertised functional out of the box on deployment of a ChatMail server? And, is it easy to manage/maintain a ChatMail server (e.g., Prosody XMPP almost literally "just works" and doesn't break with updates)? Genuine question. I am willing to go through the lengths of setting up a ChatMail server if it's so straightforward. @gvs
@adiz the default deployment is with a tool called "cmdeploy" that is Ansible-ish python which SSHes to the server and does everything, installs the configs from templates, does Acme HTTP-01, etc.
I do not like this because I don't want HTTP-01, I want DNS-01 especially as my original tests were behind NAT and the tooling has some test for connectivity built in and wasn't detecting the public IP properly so that annoyed me.
Updating is as simple as a git pull on the repo and running the same deploy command again.
HOWEVER, as I said I do not like this method so I maintain a separate implementation using a Chef cookbook that does not rely on a Chef server.
I have a video showing the entire deploy process to a fresh Debian VM. It's very fast and simple to do.
Done! You're online. Start issuing/registering accounts and to chat with people! It's that easy. Extremely straightforward. Prosody has an update? apt takes care of that with sudo apt update && sudo apt upgrade -y, just as it does with every other ordinary binary package. I have some transports and bridges setup that ship as Docker containers. Equally as straightforward and painless to get setup and running.
When I upgrade from Debian 12 to Debian 13, guess what? Everything is just going to work. If I have to move my service to a new machine I just copy the Prosody directory contents over and import the PostgreSQL database. So simple. So straightforward. So easy to manage. I like that.
@adiz the good news is that by then it doesn't matter, there won't be much of a purpose of self-hosting because your client will automatically learn of all the available Chatmail servers and self-register ephemeral email accounts and jump between them completely transparent to the user.
At that point deploying Chatmail relays is just strengthening the overall network
>At that point deploying Chatmail relays is just strengthening the overall network
If it becomes that easy (i.e., as easy as setting up an XMPP service, e.g.: Prosody) then I'd deploy and maintain a ChatMail server solely to strengthen the network even if I don't utilize the service itself.
> Are all the features advertised functional out of the box on deployment of a ChatMail server?
Majority of the features are in the client. The one thing you get with Chatmail is functional (and secure) push notifications on iOS and Android devices via APNS/FCM. Desktop doesn't need them as IMAP PUSH works there. *Some* Android devices can use IMAP PUSH, but depending on how aggressive the vendor changed Android to kill background processes etc.
> And, is it easy to manage/maintain a ChatMail server
Run package updates, maybe deploy the latest Chatmail changes once a month or so? There are some middleware services in Python that will be rewritten to Rust eventually. A couple of Dovecot/Postfix config tweaks have happened in the last few months as well. It's fairly low maintenance. I have apt Unattended Upgrades enabled on my servers so they take care of themselves including rebooting as necessary.
> By the time you do all of this one could otherwise be using an instant messaging protocol made for instant messaging.
Except when that protocol is blocked, but email still works.
If you're happy living in your little bubble where nobody is censoring the protocols you're using, feel free to keep doing whatever you're doing. But your suggested protocols have failed the people the DeltaChat team is helping.
@gvs @adiz Turns out Simplex using port 443 doesn't make it "difficult to block", because Russia has done it. Not just blocking the known public servers. They have DPI working that detects and blocks Simplex
Is there an existing issue for this? I have searched the existing issues Platform Android OS version Android 14 App version 6.0.4 Current Behavior . Expected Behavior . Steps To Reproduce . Relevan...
@adiz have you actually tried it yet, though? It cost you nothing but a minute of your time. No need to provide any identifying information to make an account, and the account will be auto-deleted if it's idle for too long.
click the link in my bio to message me. I'll show you some cool stuff that no other messenger has.
Yes, I have. And, it worked. But, it sucked. And I don't want to go through the lengths to make it not suck (like a dedicated address for it + a Chatmail deployment) when I already run an XMPP service which does everything DeltaChat does but better + more.
@adiz this statement is technically inaccurate. Xmpp and Delta chat have the same federated model, so architecturally they are equivalent.
However, a key pain point for me for xmpp is that media attachment is out of band with regards to the protocol, occurring over http. It has all the same privacy concerns that media uploaded to the fediverse does. As media sent over Delta chat occurs in band (email attachment) and is end-to-end encrypted, it is strictly better from a privacy perspective.
However, from a normalfag perspective, interface remains the chief detriment of using xmpp over other solutions. The xmpp ecosystem has been waiting for "someone else" to make a good, functional, attractive client forever. It is not a good argument to say that all it needs is a client that has not been developed in 20 plus years. One client that is a functional clone of something that normalfags are used to like telegram or Whatsapp, is an enormous selling point for people not concerned with, or unable to understand arguments for privacy.
I like xmpp. I like Delta chat. But there will be no one true instant messaging solution until a plurality of users exist that brings it to dominate the market. Currently, those are all proprietary networks tied to services like Facebook or well, mostly Facebook I guess.
The open source community is never going to fill this gap. I'd like to be proven wrong, but I've been waiting for 20 years now...
waiting just as long. hasn't happened. the desktop ui for deltachat feels wonky and i'm slowly moving away from handset although arcanechat for 'droid is pretty okay.
what i like about deltachat is i already have a mail system which i use for.. mail. i can still keep encrypted mail separate from delta(openpgp) encrypted messages and it just works. i've handed deltachat to people in this thread, elsewhere on fedi, at the local coffee haus, and to the chick i'm dating who's not technical. so far so good.
i was always an enthusiast of xmpp, but damned if i can't get anyone to talk on it regularly so i use it for a transport bridge for fun, nothing serious.
@adiz @pwm it looks like the latest non-electron is github.com/dignifiedquire/drea… which hasn't had much velocity lately. we'll have to see how it goes.
@pwm @adiz thanks, i overlooked it. for now i'll keep on what is working. i'm starting to migrate fully to bsd for my desktop system, so that should also be a good time.
Everyone talks about XMPP and bad clients, but I just don't have this experience. There are multiple clients available and they all work well for me. 🤷
It's kinda a moot point when Delta Chat has just the one client.
I can concede media being facilitated by HTTP in XMPP vs. within the protocol itself. Still more performant and capable than trying to do file transfer over SMTP. @feld
DeltaTouch for Ubuntu Touch ArcaneChat for Android ArcaneChat TUI DeltaChat on KaiOS (feature / flip phone) kdeltachat for the KDE folks (stale at the moment though)
@adiz @pwm it's pretty easy for you to build a client on any platform if you want. You get to skip all the annoying parts of reinventing the SMTP/IMAP/PGP and Iroh functionality. In fact it would be stupid to reinvent it because the core has been audited multiple times.
So you just wrap the core DeltaChat JSON-RPC server (written in Rust) and treat it like an API service, and you're done.
Everything we're talking about (XMPP, SMTP, IMAP, etc.) are pre-existing and well established protocols that are neither new nor need reinventing. @pwm
just because there are client libraries for these protocols in another language don't mean they're good or safe
edit: I should really emphasize that the only safe PGP implementation is rPGP in Rust, and it has some required functionality you will not find in GPG, Sequioa, NetPGP, etc that is being leveraged for additional privacy. It would be a security downgrade to not use it.
edit2: anonymous recipient is an example, which makes it impossible for an adversary to analyze the PGP data and know who it was intended for because there is no exposed public key ID. The only way to know who the message was for is to successfully decrypt it with the recipient's key! github.com/rpgp/rpgp/issues/50…
Currently rPGP supports receiving packets with "anonymous recipient" (all-zero wildcard keyid/fingerprint), but I have not found any way to generate them. But key_id is always included in the gener...
> Everyone talks about XMPP and bad clients, but I just don't have this experience.
If you lock yourself in a box where only Android and Linux desktops exist, sure, there's an *okay* XMPP experience available. Conversations on Android is like the only good client available.
But the experience is still terrible on Windows, Mac, and iPhones
media attachment is out of band with regards to the protocol, occurring over http
Does it not send some sort of key over XMPP when you are sending a file to an OMEMO chat, making the data transmitted over HTTP useless without it? I never looked into it myself, but attachments sent without OMEMO look like normal links you can access from a web browser, those sent with OMEMO encryption have aesgcm:// schema.
I'm just not that knowledgeable about XMPP and not sure what that means 🤪 Does this mean that the URL is encrypted or that the file has to be downloaded and then decrypted with a key sent over XMPP?
Ah, I think I've found it: xmpp.org/extensions/xep-0448.h… Yeah, the key seems to be sent over XMPP separately, making HTTP traffic useless even if intercepted. Good enough!
@m0xEE @adiz @pwm that's similar to how Signal does it as well, and I think iMessage(?). Probably Whatsapp for groups too. Makes most sense anyway.
Fun part is that if the web hosting is not owned by the chat app team it has a potential for metadata leaks. Signal groups use CloudFlare, so you can just ask CloudFlare for the logs of who downloaded a file from their CDN and you get the IPs of all members of a Signal group. So you better hope that nobody has infiltrated your top secret anonymous anarchist chat group and shared a file because there's a way to unmask the members
There are ways to unmask IPs, anyway. If the concern is about deanonymization or infiltration or loss of encryption then honestly the most likely threat in any system is a mole, not people pulling server logs from service providers or man-in-the-middle attacks, etc.. And, there is virtually no way to program or digitally defend yourself out of infiltration if you're running a group or organization. 🤷
Luckily, we run our own websites and XMPP server, etc.. @pwm @m0xEE
(You could have the best, most secure, most anonymous, most decentralized, zero access, log-less, bla bla bla app or protocol to run your illicit or nefarious agendas over and it means almost nothing if you're communicating with someone who is an agent of the state or an informant.) @pwm @m0xEE
Want to try running your own builder – to confirm apps as #reproducibleBuilds or just to build your own apps? At #IzzyOnDroid we've just made "easy setup scripts" available which should take care for all requirements, while letting you choose which parts you want:
@s3nnet err… Steht gleich am Anfang in der Readme (hat leider nicht mehr in den Tröt gepasst): In der ersten Version funzt das nur mit Debian-basierten Systemen. Für RPM-basierte Systeme haben wir uns schon ein Issue aufgemacht. Für BSD möchte auch schon jemand schauen.
Aber schau gern mal über das 01_sudo_requirements.sh Skript, was da für Arch/Manjaro die passenden Dinge wären, und mach dafür ein Issue auf.
Can you explain in how far this project is linked to E Foundation or /e/OS? According to mobifree.org, NGI Mobifree is initiated and coordinated by them and nlnet is only an implementation partner (which I guess means they give Mobifree money to other projects like this).
Select Topic Area Product Feedback Feature Area Issues Body Please note: this issue is hard to explain due to the limited information I was given by support. Specifically, I was not told how many i...
@kranzkrone never underestimate the lock-in effect of the integrated CI 😢 Makes migration a lot harder (Github actions cannot simply be "copied" to Woodpecker, and unfortunately there's no migration tool for this – at least not to my knowledge) @SylvieLorxu
Definitely will be starting future projects on @Codeberg, I'm just too locked-into the GitHub Actions ecosystem for these existing projects right now...
### Comment
Hi everyone! Forgejo Actions has matured a lot over the past year, and we think it's time to approach a hosted offer by Codeberg, next to our existing Woodpecker CI.
TL;DR for Youtube Premium Lite: $8 per month, instead of Premium's $14. No ads on most videos, but ads on music. No downloading, no playback when Youtube is in the background/the phone is locked. Basically, consider Lite if you never listen to Youtube with the screen off and/or don't consume music through Youtube.
Today I learned that my humble hobby project #Linux #Desktop Migration Tool is being used in a company with 600k employees to migrate to new Linux workstations.
It's amazing how far code I started writing at night to help myself can get.
@JigenDaisukeJr I'm not sure if I can name, but of course, not all 600k employees have Linux workstations, but it's an organization of this size that also has quite a few Linux workstations.
it was originally written for home use. You get a new laptop and you need to move your apps, settings and user data from the old machine to the new one. The goal was to only use tools that are pre-installed on Silverblue. The tool expects that the OS installed on the new machine and the user account has already been created, no provisioning included. No Satellite or Foreman. It isn't intended for mass deployments, but for individuals. But people people get new laptops in organizations and it's usually on them how they move the data from the old to the new, so they find it useful even in larger organizations.
@cybervegan Thanks, this is a project that has rather extreme imbalance between time spent on investigating and experimenting and time spent on writing the code. Linux desktop migration was not really much explored on the "widely deployable" level before.
Many times in the past I wished there was a utility to do this, though. The process is usually very time-consuming and that's not what you want when you should be working tickets or cutting code.
These days, I use Debian with MATE desktop, and tend to avoid flatpaks, but I know I'm an outlier there - I know lots of other people will find it useful.
@cybervegan I don't really have anything against traditional packages, but if I supported them, the complexity would grow exponentially. The script can be also used to migrate between distros. What package formats to support, how to map packages from one distro to another one? Where to look for user data? Because it can be anywhere. Flatpak makes it viable. It only has one source for all distros, it has one location where applications store user data...
Yep. makes total sense - I can speak from experience there, because sometimes package names change, and you also have to manage dependencies...
I have a "process" I've developed over the years, for my own migrations, but it's much less critical when it's only my laptop, for personal use. My comment was not intended as a criticism - it's still very useful.
they don't, but I think it's well balanced here. I'm well paid for working on open source for Red Hat. And this company happens to be one of the biggest customers of my team (completely unrelated to my migration tool) and they have also contributed quite a lot of code to projects we use.
@kiudecan not sure if it'd help you with Windows to Linux migrations, it's really intended for Linux to Linux migrations. The primary scenario is that you get a new laptop and you want to migrate apps, settings and user data from the old machine to the new one.
For a while, a dog in Milan, Italy named Cacao, frequently rode the No. 54 bus—by himself! Yes, really. He would only board the bus if he recognized the driver, whom he had known for years. Cacao would go to a park and simply wander around gardens and public spaces before taking the same bus back to his house, where his owner, known only as Nicoletta, would wait for him to come back.
So the primary thing I've learned from trying out the Ducky One #mechanical#keyboard is just how much lag my previous keyboards (a codekeyboard and a razer) were adding. I use a #screenreader, so I'm deeply aware of the audio lag from headphones and the audio subsystem, and configure things to reduce that as much as I can. I also knew bluetooth can introduce lag. But on picking up the Ducky...wow! A few ms can really matter! My system feels faster than it's ever felt before. Even if I wind up returning this, now I know that keyboard refresh rate is a thing I care about. Also, the inductive switches feel really nice and clicky to press, but are reasonably quiet for those around me.
A look at the latest from Iftah - plus a full externals pack for developers working on adding accessibility features in Max for Live is on the way soon! Curious what folks think of this / how they use it!
Flufs is the loudness meter and analysis tool for Ableton Live (Max for Live) you've always wanted. But more than that, it's designed to be accessible to blind, low vision, and sighted users alike.
So this evening, #Windows update installed the wrong #AMD video driver update for my Framework 16. Using #narrator, I was able to boot into recovery mode, enter my bitlocker key to decrypt the effected drive, find my system restore point, and restore it to just before the bad update. The entire process was fully #accessible: all of my sound devices worked, my external keyboard worked, the screen reader read every screen, etc. The only thing that wouldn't work was my Braille display.
@mcourcel Yup, it is. However, if you're Windows is so broken that it can't boot, and you use the system recovery option, and it can't access the internet, it won't be able to get your bitlocker key that's associated with your Microsoft account. So it will give you a url to visit on your phone, where you sign in with your Microsoft account, and then it will give you a long string of numbers. You type those numbers into the broken computer, and then it can decrypt your bitlocker encrypted drive.
@mcourcel It is solid! The only two issues are that they assume you'll be leaving it plugged in when it's not in use, as the battery discharges over the course of a few days even when it's fully off. The other issue is that if you get the extra AMD GPU, the fans are loud if you're gaming or doing something else that would use a high percentage of the GPU constantly. Like, loud enough that you'd have to use headphones to hear your screen reader, and you wouldn't want to hold a conversation with someone with it on your lap. But I've even had it apart to upgrade the ram and hard drive! There are excellent instructions for doing that here: community.frame.work/t/framework-16-visually-impaired-owners-case-mid-plate-and-mainboard-orientation-guide/51168
Introduction This text describes the location, orientation and nature of some aspects of the framework 16 laptop for the benefit of visually impaired owners. It can be used alongside the framework maintenance guides.
Someday, someone will study the long-term effects of the cognitive dissonance of blind people mustering up legitimately positive energy about something so horrendous being accessible.
What do you do when you need to choose an OS at boot but aren’t physically near your machine? [Dakhnod]’s inventive solution is a mix of GRUB, Wake-on-LAN (WOL), and a lightweight ESP82…
It seems I'm going to get back on TWBlue's development for a while in case someone is interested. So if there are issues that have been pending to fix or new stuff you wish to add (filters are already on the list, and language selector is done) just reply and I'll add those to the issues on gitHub so it will be easier to track them.
Hi, what happened with translations? :) I am also glad to hear filters are on the list. There is also an issue with content warnings for some posts. Maybe it's the formatting or something, but some posts with content warnings aren't viewable, and have to be opened on the web. It's a strange issue, and only Windows clients seem to possess it.
@tardis hi there! sorry for the long time :), I was having some work, health and family stuff. I'll get back to you today with instructions regarding how to register in the translation site for TWBlue. About the issue, I've fixed a bug that was making TWBlue to not display posts with special characters or emojis on them, perhaps that is the same issue you're having?
Hi #blind community. I am searching for two programs for #Windows.
1. A accessible client to work with multiple calendars via CalDAV
2. A program which can work as a to-do-list.
In 2022, I introduced the project DISCMASTER, which is a unique project to make the internals of tens of thousands of 1990s-2000s CD-ROMs findable in a semantic search.
Today, I'm announcing the team has now made DISCMASTER 2, a ground-up rewrite with so much improvement.
Hi to all federating! Especially @NVAccess Just posted an issue with latest libre office and Say all in large documents. It intermittently skips lines. Can you reproduce? Every large document works.
It's good to see LibreOffice getting attention! @WestphalDenn & @bdorer reported another issue earlier which I wrote up as: github.com/nvaccess/nvda/issue… - Hopefully the end result will be LibreOffice support continuing to improve!
Steps to reproduce: Open any big document in the latest Libre office writer. press insert+ down arrow for say all Actual behavior: The error sounds are played, and NVDA skips the lines of the docum...
@WestphalDenn @bdorer It needs to improve, because it is a good alternative to robust cluttered Ms office. Personally, i want to switch, because they started to give features which are beyond my pocket.
@WestphalDenn @bdorer We have had some good support from LibreOffice in the last couple of years, and I would love to see accessibility in LibreOffice on par with other options as well, so do keep reporting any issues you come across as they do get looked at, Thank you!
Here's something @jaybird110127 will probably appreciate.
I recorded the alarm of my vintage Sharp CT-661G talking alarm clock with an EM pickup coil, and noticed that it has substantial aliasing. I put a high pass filter at 12 kHz on the audio, so that only the aliasing is audible, then ran it through a band shifter effect in Reaper a couple of times. The result is rather interesting.
I recieved some interesting news today about the Blind Geek Zone website that I closed last year. Apparently Sam Tupy was able to retrieve most of the audio files and pages from the site before it's demise. He's offered to put the site up so that others can get to everything once again and I plan on letting him do that. I'm very happy that someone was able to recover things as unfortunately I was not. Basically it's of only historical value but I thought it was very nice of him to contact me.
That's fabulous news. Not only did you put a lot into that site but it's important that we preserve our history and so I'm very happy that the files on BGZ will be archived. Please let us know more as you hear more and thank you for your work on BGZ.
James Scholes
in reply to Nolan Darilek • • •No. The closest thing to an automatic solution to that is probably tracking scroll position, and you may or may not be able to make that more granular by making the text quite big (I haven't tried). But even then, the best you're gonna be able to achieve is to track the closest element and put focus back there to restore the position, without character-level accuracy.
I know that Mozilla and NV Access have done some work to allow selection of text within the NVDA browse mode buffer to be communicated to the browser for on-page actions that require a selection. But:
1. That doesn't work across browsers; and
2. your use case seems targeted at reading, not selecting.
Nolan Darilek
in reply to James Scholes • • •Thanks, that's what I was thinking. And just to check an assumption, setting the scroll position won't update the screen reader's position in the doc--I'd have to use focus shenanigans for that?
For context, this is my attempt at a document reader that saves/restores position when the document is closed/reopened. I don't think I need character accuracy, or even paragraph accuracy, if I can open books or longer documents to roughly where the reader closed out.
FWIW I'm not just being lazy and asking, I'm trying right now and it isn't working, which I suspected it wouldn't. It's also possible I'm using my web framework wrong or that something is behaving silly under Linux.
Thanks again!
Matt Campbell
in reply to Nolan Darilek • • •Nolan Darilek
in reply to Matt Campbell • • •Quin
in reply to Matt Campbell • • •James Scholes
in reply to Nolan Darilek • • •That's mostly correct.
There are some instances in which a webpage can move the scroll position without explicitly setting focus to the target element, and have the screen reader's reading position follow. But that can be less reliable, particularly if the target element is visually obscured, and setting focus is a more explicit/guaranteed way to do it.
Note that if you're setting focus to things like headings and paragraphs that aren't focusable by default, you'll need to dynamically inject a `tabindex="-1"` for the best results.
Nolan Darilek
in reply to James Scholes • • •