GitHub Security Lab audited DataHub: Here’s what they found
The GitHub Security Lab audited DataHub, an open source metadata platform, and discovered several vulnerabilities in the platform’s authentication and authorization modules. These vulnerabilities could have enabled an attacker to bypass authentication and gain access to sensitive data stored on the platform. ⌘ Read more

** Ideas for making accessibility and equity a core part of the software development lifecycle **
In accessibility and the product person I said

we need to make accessibility a core part of our processes

Here, I want to talk about that in more detail. I want to briefly explore what making accessibility a part of core processes looks like, and how that is different from centering access … ⌘ Read more

** Accessibility and the product person **
This post is a slightly modified version of a talk I presented to the product practice at my work. It presents a few ways that product designers and managers can help to move accessibility forward. It is a little bit different than what I normally share, here, but, I thought it may be interesting to some folks.

[![Picture of a slide with the title “Why though?” It also includes a quote from Kat Holmes’ book Mismatch. The quote reads: “There are many challeng … ⌘ Read more

2022 Transparency Report
Looking back over a year’s worth of developer-first content moderation and, new in this report, making our data more accessible to researchers. ⌘ Read more

** Accessibility updates **
I’m feeling pretty chuffed! Last week I wrote about my intention to make this website more accessible. My motivations were many-fold, but, primarily, mostly shame. I’ve worked as an accessibility specialist in the past, and now spend a bunch of my days at work looking for ways to make public infrastructure online more accessible. It seemed fitting to at least make sure the little bit I contribute to the web here is also accessible.

I thought it was going t … ⌘ Read more

Isode: Cobalt 1.3 Release Features
Cobalt 1.3 depends on M-Vault 19.0 or subsequent versions

• M-Vault Bootstrap.   Enables operation in conjunction with M-Vault 19.0 to support headless bootstrap.
  
• Managing users in M-Vault groups, such as Directory Server Administrators  and Messaging Configuration Read/Write.  This enables Cobalt to control user and operator rights to access M-Vault.
  
• AD/LDAP passthrough support
  
  • Allow users (per domain) to support mand … ⌘ Read more

In reply to: Oatmeal - week notes

The worst kind of blogging is blogging about blogging, so, I’ll keep this blogging about blogging short!

I’ve made some minor updates to the design of the website that have improved it’s usability a wee bit, and are a step in the right direction toward upping my accessibility game. The major remaining accessibility issues are around color contrast and some structura … ⌘ Read more

Dependabot alerts are now visible to more developers
Default settings will allow developers with write and maintain access to see and resolve Dependabot alerts. ⌘ Read more

I had an AWS training in November and have the opportunity to get the “Certified Developer Associate” certificate. Even though I have two attempts, I want to do well on the first shot. Since the trainer didn’t show us everything that is required for the exam, I’m kind of re-doing the training with this Udemy course (luckily I have access to Udemy Business and don’t have to pay for it). It’s really helpful because it helps me demystify the AWS cloud and reduce the 🤯 whenever I do something in the AWS console. ⌘ Read more

I bought a full year of access to the Freeletics coach, so I should actually start doing my workout, right? 🙃 I can already feel the soreness just thinking about it… ⌘ Read more

** Thoughts on accessibility in smol computing **
What follows is my attempt to spark a conversation in a few converging, but separate communities I lurk in.

I’ve already had a bunch of amazing conversations around this topic with a lot of people. Those conversations helped to shape what follows. Thanks to everyone who was willing to think this stuff through with me.

Before I get into it I want to say at the top this isn’t meant as an accusation against anyone in these communities, nor the goals of t … ⌘ Read more

Creating an accessible search experience with the QueryBuilder component
GitHub’s search inputs have several complex accessibility considerations. Let’s dive into what those are, how we addressed them, and talk about the standalone, reusable component that was ultimately built. ⌘ Read more

The Tandy Zoomer – The x86 PDA before the Palm Pilot
A 1992 handheld, with multitasking, that could access AOL. Wild. ⌘ Read more

The Laws of OAuth
The first law of OAuth states that the total number of authorized access tokens must remain constant in an isolated system. ⌘ Read more

GitHub, accessibility, and the disability divide
We just published our vision for GitHub accessibility at accessibility.github.com. Here’s the TL;DR: the prime directive of the GitHub accessibility program is to empower people with disabilities to build cool technology. ⌘ Read more

Erlang Solutions: Advent of Code 2022 – Every Puzzle Solved in Erlang

Christmas is getting closer and with that, the annual Advent of Code begins. For those who do not know, Advent of Code is a fun and inclusive event which provides a new programming puzzle every day. The fun is that these puzzles can be solved in any programming language and are accessible for varying levels of coding experience and skills. The real test is in your problem-solving. This year, we’ll be solving each of the problems in … ⌘ Read more

JMP: Writing a Chat Client from Scratch
There are a lot of things that go into building a chat system, such as client, server, and protocol.  Even for only making a client there are lots of areas of focus, such as user experience, features, and performance.  To keep this post a manageable size, we will just be building a client and will use an existing server and protocol (accessing Jabber network services using the XMPP protocol).  We’ll make a practical GUI so we can test things, but not spend too much time on p … ⌘ Read more

RT by @mind_booster: The EU will fund a pilot project for a public directory of #publicdomain works. This is based on a whitepaper I wrote with @Senficon for the 2021 @creativecommons summit. Thanks for bringing us 1 step closer to making this a reality @echo_pbreyer & team! https://www.patrick-breyer.de/en/kick-off-for-eu-database-of-public-domain-works-and-digital-access-to-scientific-works/
The EU will fund a pilot project for a public directory of [#publicdomain](https://nitter.net/search?q=%23publicdom … ⌘ Read more

Jérôme Poisson: Libervia progress note 2022-W45
Hello, it’s time for a long overdue progress note.

I’ll talk here about the work made on ActivityPub (AP) gateway and on end-to-end encryption around pubsub.

Oh, and if everything goes well, this blog post should be accessible from XMPP and ActivityPub (and HTTP and ATOM feed), using the same identifier goffi@goffi.org.

The work made on the AP gateway has been possible thanks to a NLnet/NGI0 grant (w … ⌘ Read more

Protecting Internal Web Resources

TL;DR: This blog post is a write-up of the process I went through to setup a set of internal web resources and apps for a small company I am running in my spare time ( providing a Single-Sign-On / SSO experience for internal users with web applications protected by flexible access policies including single and multi-factor authentication / two-factor authentication or 2FA).

As I mentioned in the TL;DR above, I run a small software/technology com … ⌘ Read more

Improving navigation for GitHub Actions
GitHub Actions changed how developers automate workflows with GitHub. Today, we’re introducing a new navigation to manage your GitHub Actions experience, improving discoverability and accessibility as well as opening up future feature opportunities. ⌘ Read more

Introducing fine-grained personal access tokens for GitHub
Fine-grained personal access tokens offer enhanced security to developers and organization owners, to reduce the risk to your data of compromised tokens. ⌘ Read more

RT by @mind_booster: When it comes to improving access to AV works, the EU must — at the minimum — put an end to #geoblocking of publicly funded AV works. Here is our proposal that we have submitted to the @DigitalEU stakeholder dialogue last week: https://communia-association.org/2022/09/30/proposal-av-stakeholder-dialogue-geoblocking/
When it comes to improving access to AV works, the EU must — at the minimum — put an end to #geoblocking of publicly funded AV w … ⌘ Read more

GitHub supports internet freedom and global availability in Iran
Access to the open internet is essential to defending human rights, and developers have an important role in promoting freedom of expression and transparency. GitHub is committed to keeping Iranians connected to the global developer community. ⌘ Read more

September Extensions Roundup: Test APIs, Use Oracle SQLcl, and More
Find out what’s new this month in the Docker Extension Marketplace! Access InterSystems, test APIs, use Oracle SQLcl, and backup/share volumes — right from Docker Desktop. ⌘ Read more

wsl-vpnkit: Internet for WSL2 distros behind a VPN
I’m still alive. 👋 Today, at work, I discovered a nice little tool for WSL2. On my work laptop I need to use Cisco AnyConnect to connect to the corporate network. Unfortunately this blocks Internet access in Windows Subsystem for Linux VMs (at least in the Ubuntu VM, I tried to use for some Docker stuff). I tried a lot of different hacks and workarounds, but none worked. Until I found wsl-vpnkit. It just works. 😄 ⌘ Read more

Now that I have access to Udemy Business and can watch many, many courses for free, I subscribed to two courses. One to improve my English and one to improve my quick-wittedness. Let’s see if I complete them and if they really help. ⌘ Read more

Paul Schaub: Creating a Web-of-Trust Implementation: Accessing Certificate Stores
Currently, I am working on a Web-of-Trust implementation for the OpenPGP library PGPainless. This work is being funded by the awesome NLnet foundation through NGI Assure. Check them out! NGI Assure is made possible with financial support from the European Commission’s Next Generation Internet programme.

[![](https://nlnet. … ⌘ Read more

@prologic@twtxt.net I don’t know any other way to host my file at my domain unless I make a sub domain. I am going to ask codeberg if they offer access of logs.

@abucci@anthony.buc.ci Its not better than a Cat5e. I have had two versions of the device. The old ones were only 200Mbps i didn’t have the MAC issue but its like using an old 10baseT. The newer model can support 1Gbps on each port for a total bandwidth of 2Gbps.. i typically would see 400-500Mbps from my Wifi6 router. I am not sure if it was some type of internal timeout or being confused by switching between different wifi access points and seeing the mac on different sides.

Right now I have my wifi connected directly with a cat6e this gets me just under my providers 1.3G downlink. the only thing faster is plugging in directly.

MoCA is a good option, they have 2.5G models in the same price range as the 1G Powerline models BUT, only if you have the coax in wall already.. which puts you in the same spot if you don’t. You are for sure going to have an outlet in every room of the house by code.

Huh… Nope.

HTTP/1.1 200 OK
Content-Length: 407
Content-Type: text/calendar
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag
Permissions-Policy: interest-cohort=()
Content-Security-Policy: default-src 'none'; sandbox
Referrer-Policy: same-origin
Vary: Authorization


BEGIN:VCALENDAR
VERSION:2.0;2.0
PRODID:SandCal
CALSCALE:GREGORIAN
BEGIN:VEVENT
DTSTAMP:20220822T180903Z
UID:bb63bfbd-623e-4805-b11b-3181d96375e6
DTSTART;TZID=America/Chicago:20220827T000000
CREATED:20220822T180903Z
LAST-MODIFIED:20220822T180903Z
LOCATION:https://meet.jit.si/Yarn.social
SUMMARY:Yarn Call
RRULE:FREQ=WEEKLY
DTEND;TZID=America/Chicago:20220827T010000
END:VEVENT
END:VCALENDAR

Tailscale SSH
I finally got around to using Tailscale SSH. I’ve been using Tailscale for over a year to access my servers via SSH (my VPS is even available via Tailscale only), but I haven’t used the new Tailscale SSH feature yet. ⌘ Read more

Dependabot now alerts for vulnerable GitHub Actions
GitHub Actions gives teams access to powerful, native CI/CD capabilities right next to their code hosted in GitHub. Starting today, GitHub will send a Dependabot alert for vulnerable GitHub Actions, making it even easier to stay up to date and fix security vulnerabilities in your actions workflows. ⌘ Read more

All GitHub Enterprise users now have access to the security overview
Today, we’re expanding access to the GitHub security overview! All GitHub Enterprise customers now have access to the security overview, not just those with GitHub Advanced Security. Additionally, all users within an enterprise can now access the security overview, not just admins and security managers. ⌘ Read more

‘Based’ Paganism vs. Christianity
I’ve been meaning to write about Paganism recently. I will frame it as a response to an email I received within the past day or so:

Hey Luke,

First off, I would like to thank you for all your efforts in making everything
you know accessible to everyone. You have exposed me to some of the most
thought-provoking people on the internet and Varg is one of them. I was
wondering if you can write an article or make a video on what you think about
Varg’s Paganism in r … ⌘ Read more

Corrupting memory without memory corruption
In this post I’ll exploit CVE-2022-20186, a vulnerability in the Arm Mali GPU kernel driver and use it to gain arbitrary kernel memory access from an untrusted app on a Pixel 6. This then allows me to gain root and disable SELinux. This vulnerability highlights the strong primitives that an attacker may gain by exploiting errors in the memory management code of GPU drivers. ⌘ Read more

6 strategic ways to level up your CI/CD pipeline
From incorporating accessibility testing to implementing blue-green deployment models, here are six practical and strategic ways to improve your CI/CD pipeline. ⌘ Read more

**The SDF Public Access UNIX System Celebrates 35 Years!

Here’s what I wrote about SDF back on the 20th anniversary, only now more impressive as SDF goes on in operation, and still faithful to the same ideas, objectives and modus operandi.

Happy birthday!

https://mindboosternoori.blogspot.com/2007/06/sdf-celebrates-20-years.html**
The SDF Public Access UNIX System Celebrates 35 Years!

Here’s what I wrote about SDF back on the 20th anniversary, only now more impressive as SDF goes on in operation, and still … ⌘ Read more

I grepped access logs and found at least three subscribers! @apex@rawtext.club, @prologic@twtxt.net, and @darch@neotxt.dk, hi there!

JD.com extends access to Tencent’s WeChat for three years with US$220 million in stock
JD.com is keeping its preferential access to WeChat’s 1.29 billion users, extending a partnership with Tencent that gives it a short cut on the platform. ⌘ Read more

Singapore man who preyed on disabled children jailed for record 45 years in ‘exceptionally sickening’ case
Prosecutors said the man committed his crimes over the span of 16 years, including from 2005 to 2018 when he worked as a part-time tutor to ‘gain access to a ready pool of children’ – many of whom were disabled. ⌘ Read more

Biden signs landmark gun control bill into law with bipartisan support ‘to save lives’
President Biden called the legislation the most significant of its kind in decades; measures include restricting gun access for youngest buyers and bolstering mental health support. ⌘ Read more

China relaxes barriers for transgender health, but family approval remains an obstacle
While policy changes make it easier for LGBT youth to access gender affirmation surgery, many still struggle with getting their parents’ consent. ⌘ Read more

Browsing the World Wide Web via E-Mail. 1990’s Style.
A look back at “Doctor Bob’s Guide to Offline Internet Access”. ⌘ Read more

Hopes fade for swift Nato accession for Finland and Sweden
A dispute with Türkiye, which is blocking their bid to join the alliance, appears unlikely to be resolved before a summit in Spain next week. ⌘ Read more

Paul Schaub: Reproducible Builds – Telling of a Debugging Story
Reproducibility is an important tool to empower users. Why would a user care about that? Let me elaborate.

For a piece of software to be reproducible means that everyone with access to the software’s source code is able to build the binary form of it (e.g. the executable that gets distributed). What’s the matter? Isn’t that true for any project with accessible source code? Not at all. Reproducibility means that the r … ⌘ Read more

TikTok moves US user data to Oracle servers amid concerns over China
The move comes as US media reports that such data was repeatedly accessed by China-based ByteDance staff, according to leaked audio from internal meetings. ⌘ Read more

G20 to raise US$1.5 billion for global pandemic fund, host Indonesia says
The money will finance efforts such as surveillance, research, and better access to vaccination for lower-to-middle income countries, health officials said. About US$1.1 billion has been pledged so far. ⌘ Read more

WTO talks down to the wire with no major deals yet in sight, India holds its ground
First meeting for four years wrapped up without solutions to issues such as food security, overfishing and access to Covid vaccines. India said it was a voice for developing countries resisting high-handed Western demands. ⌘ Read more

WHO will share vaccines to stop monkeypox amid inequity fears
Agency chief says the initiative for ‘fair access’ to vaccines and treatments will be ready within weeks, but health experts say it’s a missed opportunity to control monkeypox in Africa where it has been for decades. ⌘ Read more