The #curl project will not accept or otherwise handle any vulnerability reports during the month of July 2026. We call it the curl summer of bliss.

https://daniel.haxx.se/blog/2026/06/15/curl-summer-of-bliss/

@bert_hubert

I have a question for people who have been through really hard times. Not a bad day or a bad week, but extended periods of grinding, crushing hardship. (If you know, you know.)

My question is: what did other people do to support you that helped? Especially long distance friends (cf pandemic).

So many people I care about are struggling and deeply suffering. I want to find ways to be a better friend.

#AskFedi #Polycrisis

For-profit software companies — big & small — now typically mandate employees use #LLM-backed generative #AI.

I now have multiple reliable reports that many companies also mandate weekly token counts — used as a measure of human performance.

I also heard tale of an enterprising #FOSS developer who hooked the thing up to #Emacs UI & has it doing line-by-line edits to waste tokens.

This world is so strange now I'm worried that I slipped to a subtly different world in the #multiverse circa 2015.

So here's the other thing that bothers me about all this. Regardless of the eventual results, this thing they're doing is *incredibly* resource intensive. They routinely spend billions of dollars on training these models, and billions more on operating them. It's not simple to parse out what fraction of that is directly attributable to the massive scale vuln finder/fabricator. But for the sake of argument lets just pick a plausible number, and call it 50-100 million dollars.

What could we have gotten for 50-100 million dollars of sponsorship for security audits? Prior to this, the largest single investment into FOSS security I'm aware of was the 2015 audit of openssl, after the heartbleed incident. It's hard to find precise costs for that, but I found a few sources estimating 1.2 million dollars, and that is arguably the most security critical piece of software in the world.

But suddenly there's 100x more resources available to do this work, now that producing the artifact can be done with stolen labor? Now that they can externalize the cost of false positives onto the already mostly unpaid maintainers of these projects? Even if their claims are true, which we have no reason to believe and very good reason not to, it's still a travesty

"the language we are using about AI adoption is very similar to how Clayton Williams described rape.

“It’s happening whether you want it or not.”"

(Original title: How to use NO as a complete sentence)

https://buttondown.com/monteiro/archive/how-to-use-no-as-a-complete-sentence/

a thing i have found younger researchers of the late 90s internet don't really appreciate is the number of ephemeral websites made by literal children. i was 12/13/14 making websites on freehosts for fun and i knew easily a dozen other people my age doing the same. the person who hosted the forum i was part of in high school started it at 15 on a server under his bed. there was no concept of age verification. if you had an internet connection and lax parental supervision you were good to go.

(this post is not about the utterly inane age verification laws nor is it about porn. it is about the very often ignored contributions of young people to culture.)

RE: https://social.ridetrans.it/@Andres4NY/116699359478980781

It's amazing how piracy was nearly wiped out by convenience and reasonable pricing, then brought straight back with greed and enshittification.

OH RIGHT

while yall are investgating alternate browsers, STAY AWAY FROM BRAVE

• run by homopobe and financial backer of other homophobes Brendan Eich

• crypto is all over the fucking thing. they drip feed users tiny amounts of crypto for unblocking certain ads and fill the home screen with crypto trackers and shit

• they "block ads" but inject their own affiliate links into sites you view

this is not the browser youre looking for

EDIT: i have muted this post. it's been two years stop replyguying me defending brave and vivaldi omfg. and also stop suggesting browsers, i already did that in this thread, tldr librewolf and ironfox, go away

🚨 Say that I were to give a talk to EU policy makers and OSS communities at a very big conference tomorrow...

...and that I want to spend half of my talk on how Google is locking down #Android through:
1. Device attestation
2. Developer registration
3. Age verification

What should I absolutely not forget to mention? 👀

Input is welcome, sorry for the short notice. Plain language and realistic calls to action pls.

@fdroidorg @GrapheneOS @postmarketOS @Fairphone @appfair @fsfe @murena @volla

This is one of the most impressive #IOCCC entries I've ever seen:

https://www.ioccc.org/2025/cable/index.html

Hoooooly shit

My favorite bugs are where the vendor doesn't consider it a vulnerability: How a USB-connected speaker can infect a PC without ever being touched: https://arstechnica.com/security/2026/06/highly-reviewed-speaker-can-be-hacked-over-the-air-to-infect-connected-devices/

"Your use case is, there's a fourteen year old in an emergency room at 3 AM. English is their second or maybe fourth language. They have a battered school Chromebook or a hand-me-down Android device that was the cheapest thing on the market six years ago or a PS Vita their parents don't even realize has a web browser, and they're trying to educate themselves in the middle of the single most terrifying night they've ever experienced. Your site needs to work for that person at that moment."

I just published a pet project: GNU Emacs rendering with native Metal on macOS.

The whole redisplay runs on the GPU: text through a glyph atlas, images as textures, inline video decoded straight into Metal, and cursor effects. Pixel-identical output against the stock Cocoa backend.

OpenGL for Linux/Windows is scaffolded behind a driver abstraction, waiting to be implemented. Hands welcome.

https://github.com/tanrax/emacs-gpu

#emacs #gpu #metal #macos

I can't help but pee myself laughing, I swear. :_) https://www.youtube.com/shorts/sSJoTHuMLFo

nope, not a banger new movie coming up

that's the official photo of the Norwegian men's soccer team headed to this Summer's World Cup

@hpod16

Periodically people say '[abusive company with unethical business model] could only have originated in the USA, it could never have succeeded in Europe' and it takes me a minute to realise that they somehow meant this as an endorsement of the USA.

Almost 25 years ago, I wrote a blog post with the title ‘jumping ship slowly’ about leaving Windows (XP was awful, it was mind boggling to me that Vista managed to make people nostalgic for XP). My advice remains the same:

Don’t try switching OS first. The OS is the most easily replaceable bit in the stack. Switch applications first. Most ‘Linux’ apps are cross platform. They’ll run on Windows, and the few that don’t will run in WSL2. You can switch out apps one at a time, and take the time to get comfortable with the alternatives.

Once you’re comfortable not using any Windows-only apps, changing the OS but using all of the same applications is very easy to do. Changing OS and application stack at the same time is an enormous obstacle.

I believe this is also why a lot of corporate and government Linux migrations fail: they try to change everything at the same time and that’s too steep a learning curve.

One principle I’d like to be enshrined in law:

If you create incentives that reward a behaviour, you can (and will) be charged as an accessory in any case where someone is doing something illegal as a result of optimising for that behaviour. An affirmative defence would need to demonstrate that you had safeguards in place to effectively disincentivise that behaviour.

For example, if you are running a delivery company and you set targets that mean people are paid more if they drive or park illegally, you are automatically charged as an accessory to however many counts of dangerous driving your drivers are charged with. If you are a city councillor and vote to close all of the public toilets so that there’s nowhere for taxi drivers to relieve themselves, you can be charged as an accessory to a few hundred counts of public urination.

In my experience RCU does very little checking. It says it's watching but I think it just likes to watch as you crash your kernel.