A more recent issue came about when Pixelfed’s creator, Daniel Supernault made the details of a vulnerability public before server operators had a chance to update, which would have left the fediverse vulnerable to bad actors, she says. (Supernault has already apologized publicly for his handling of the issue that had affected private accounts.)
In the case of the Pixelfed issue, for instance, the Hachyderm Mastodon server, which has over 9,500 members, decided it needed to defederate (or disconnect from) other Pixelfed servers that hadn’t been updated in order to protect their users.
It is weird to spend almost half the words in this, pretending that something in Pixelfed that wasn't a problem on Pixelfed's side was. This is the weirdest "vulnerability" in the world to pick if you want to pick one to hold up extensively as an example.
Regardless whether you want to pretend that not caring about Mastodon is a valid defense when implementing software using the ActivityPub protocol, that still doesn't change anything regarding how Dansup handled the disclosure of the effects it had.
This is nothing to do with ActivityPub. It's to do with Mastodon's custom implementation of "private" posts.
Making it extremely clear to everyone that random server software can expose Mastodon's "private" posts is absolutely the right way to handle disclosure here. Dan didn't even try to do that, he just fixed the bug, but if he had made a big post saying "hey this is not my fault Mastodon private posts are not private, here's full explanation about what's going on" I think that would have been completely fine. This is not a "vulnerability" in the traditional sense like a buffer overflow, it's just a design flaw in Mastodon which other softwares are by convention agreeing to cater to. I think the culture of security (and the level of clue in general) in the Fediverse has wandered into territory where "let's all pretend that these posts are secure and get mad at anyone who reveals that they are not" is widely accepted now, but that doesn't make it right.
Maybe I'm wrong, but shouldn't posts only be insecure if they're propagated to the insecure instance? Is any private post visible to people on servers that the poster doesn't have followers on? Could I curl the uri of a post thats "private" and get the post's content?
Maybe I’m wrong, but shouldn’t posts only be insecure if they’re propagated to the insecure instance?
"Insecure" in this case simply means any server that doesn't implement Mastodon's custom handling for "private" posts. With that definition, the answer to your question is yes. It has been mentioned by Mastodon people that this is a significant problem for the ability to actually keep these private posts private in the real world. The chance of it going wrong is small (depending on your follower count) but the potential for harm is very large. I would therefore go further, and say that it's a very bad thing that Mastodon is telling people that these posts are "private" when the mechanism which is supposed to keep them private is so unreliable.
Is any private post visible to people on servers that the poster doesn’t have followers on?
It is not. If you're sufficiently careful with approving your followers, making sure that each of them is on an instance that's going to handle private posts the way you expect, then you're probably fine.
Could I curl the uri of a post thats “private” and get the post’s content?
If it's been federated to an insecure server then yes. If not then I think no.
pretty much every user i've seen around who makes use of private posts wants the option for them to federate i understand that there was backlash over this when it was implemented, but i think havi...
Mastodon really is the internet explorer of the fediverse. In any case, I don't think its that bad. I would compare it to an email provider accidentially leaking messages. Still bad, but its not a reason to abandon email as a means of communication. We should encrypt posts, like diaspora does. Like how we should pgp encrypt emails, but no one will.
also, I just checked myself, a random "private" post I made isn't accessible over AP if I curl it unauthenticated. Running curl.exe https://calckey.world/notes/a63slz8j6l -H "Accept: application/activity+json" returns nothing, but replacing the uri with a public post does show it. An insecure server's copy of the post isn't accessible over AP, only the original post's link should return anything.
I mean, discoverability is hard, sure, but add a few hashtags and you can get a lot of people to see your posts. also, mentioning a lemmy group as a user posts your post to the community.
You cannot use a mastodon app as a lemmy client, but you can view lemmy communities by opening them as if they are profiles. For example, open @fediverse@lemmy.world and it will show up as a user, but it will be the communitiy's posts.
You can mention it in a post to forward the post to the community as well.
Toward the end of the Cretaceous, flowering plants (angiosperms) transformed ground habitats, making them more diverse. While it was known that tree-dwelling mammals faced challenges after the impact of the asteroid, it wasn’t clear if mammals adapted by becoming more ground-based. Earlier research primarily analyzed complete skeletons to study how ancient mammals moved.
A recent University of Bristol study reveals that many mammals were transitioning to a ground-based lifestyle before the asteroid’s impact. By analyzing small bone fragments—an approach never used to study whole communities—the researchers examined fossils from museums in New York, California, and Calgary. Their findings show that a significant shift toward ground-dwelling occurred several million years before the mass extinction that ended the age of dinosaurs.
New research by scientists at the University of Bristol explains how a ‘stop-start’ pattern of evolution, governed by environmental change, could explain why crocodiles have changed so little since the age of the dinosaurs.
A new security fund opens up to help protect the fediverse | TechCrunch Sarah Perez 4–5 minutes
The fediverse, also known as the open social web that includes Mastodon, Meta’s Threads, Pixelfed, and other apps, is ramping up its security. On Wednesday, a nonprofit focused on bringing governance to open source projects, the Nivenly Foundation, announced the launch of a new security fund that will pay those who responsibly disclose security vulnerabilities that affect fediverse apps and services.
While all software can have security issues, Mastodon — an open source and decentralized alternative to X — has fixed numerous bugs over the years, leading to the need for such a program. Another issue found in the fediverse is that many servers are run by independent operators who don’t necessarily have a security background or understand best practices.
Already, the Nivenly Foundation has helped a few fediverse projects set up their basic security vulnerability reporting process, and now it’s looking to distribute small payouts to anyone who responsibly discloses other security vulnerabilities that may still be in the wild.
The payouts will total $250 for vulnerabilities with a vulnerability severity score (known as CVSS) of 7.0-8.9 and $500 for more critical vulnerabilities with a CVSS score of 9.0 or greater. The funds for the payouts come from the foundation, which is supported directly by members — which includes individuals as well as other trade organizations.
The vulnerabilities themselves are validated by acceptance from the fediverse project leads as well as public records in vulnerability disclosure (CVE) databases.
The fund is currently in a limited trial after the discovery of a security vulnerability in the decentralized Instagram alternative, Pixelfed. Open source contributor Emelia Smith came across the issue, and the Nivenly Foundation paid her to fix it, she explains.
A more recent issue came about when Pixelfed’s creator, Daniel Supernault made the details of a vulnerability public before server operators had a chance to update, which would have left the fediverse vulnerable to bad actors, she says. (Supernault has already apologized publicly for his handling of the issue that had affected private accounts.)
“Part of the program is…education for project leads, helping them understand why responsible disclosure practices for security vulnerabilities are important,” Smith told TechCrunch. “We came across several projects that just said ‘file security vulnerabilities in our public issue tracker,’ which absolutely isn’t safe, as any malicious actor watching that repository would now be able to attack instances of that software,” she added.
Typically, the common practice is to disclose minimal information about a vulnerability, giving server operators time to upgrade, Smith said. However, this requires that project leads understand security best practices.
In the case of the Pixelfed issue, for instance, the Hachyderm Mastodon server, which has over 9,500 members, decided it needed to defederate (or disconnect from) other Pixelfed servers that hadn’t been updated in order to protect their users.
With this new program designed to follow best practices around the disclosure of vulnerabilities, the need to defederate to protect users may become less common.
Sarah has worked as a reporter for TechCrunch since August 2011. She joined the company after having previously spent over three years at ReadWriteWeb. Prior to her work as a reporter, Sarah worked in I.T. across a number of industries, including banking, retail and software.
I’d say any additional support for these platforms is a win! I hope this is another step forward in making a viable option for open source, and especially, the fediverse.
Il VEGER V0567 è un modello compatto e versatile, con una batteria da 5000mAh e supporto per ricarica rapida 20W PD, pensato per offrire una soluzione pratica e potente per ricaricare iPhone, Apple Watch, AirPods e altri dispositivi USB-C.
I have Irish friends (republic and northern) who stock up on Taytos when they're home, and rave about them. They export from Ulster to the US, but I've never seen there here in Scotland - weird. tayto.com/about/
https://www.tayto.com/wp-content/uploads/2022/05/Craic.mp4OUR STORY Founded by Thomas Hutchinson in 1956, our family owned business selects the finest potatoes and uses local ingredients to produce great tasting crisps and snacks for everyone to enjo…
Oggi è come se il piano di realtà a me circostante si stesse lentamente, ma inesorabilmente, sfaldando, tutto ai miei danni. Purtroppo, anche questo, ossia il farmi dubitare del mio stesso stato di esistenza, è uno dei metodi con cui gli spiriti esercitano l’ingiusto trollaggio secolare su di me, e io altro non posso fare […]
sfaldamento universitario con il tempo rinstranito
Oggi è come se il piano di realtà a me circostante si stesse lentamente, ma inesorabilmente, sfaldando, tutto ai miei danni. Purtroppo, anche questo, ossia il farmi dubitare del mio stesso stato di esistenza, è uno dei metodi con cui gli spiriti esercitano l’ingiusto trollaggio secolare su di me, e io altro non posso fare che patire, in questo modo, cercando invano sollievo nel postaggio. 🥲
Precisamente, il #meteo non capisco come cavolo stia funzionando al momento… Stamattina prima di andare all’università si stava bene, e invece arrivata lì c’era quel solito vento freddino — che è in verità molto più fastidioso di quanto non sia freddo, ed è stato capace di farmi mettere i guanti ad aprile iniziato… chissà da che paese di merda dove la primavera non esiste viene — che puntualmente non si è mitigato con il passaggio delle ore. E ora, di nuovo alla maison, si sta di nuovo OK… è assurdo! ☠️
Qui infine però ora pioviggina, e in effetti ci sono tanti nuvoloni neri… ma c’è anche stranamente un botto di sole. Piove col sole forte classico delle 4 del pomeriggio (e sono le 5, maledetta ora legale!). All’università però c’è stato da piangere: non c’erano nuvole brutte, però camminando a giro in pausa pranzo mi sono presa tipo 4 o 5 gocce (contate) in 2 minuti. E io proprio qui ho temuto che fosse la mia testa in corso di sfaldamento… ma no, è proprio la realtà in cui sono immersa che lo sta facendo, purtroppo e per fortuna; testimone la foto che qui includo di un gocciolone che è caduto sulla manica del giubbino e ha fatto persino gli schizzi… 🥱 #meteo
IN A NUTSHELL 🚀 China has reportedly outpaced the US in developing next-gen stealth drones with superior energy efficiency. 💡 The drones utilize dual synthetic jet (DSJ) technology, which eliminates traditional control surfaces for enhanced stealth.
All good. DoD just put out a DRP 2.0 with talk being that there will be no exemptions made since this is straight from the SecDef this time. Already know people that took the first one with non-defense jobs lined up now getting 2 paychecks until the end of September. DRP 2.0 is going to be way bigger than the first one
The vast majority of people have no idea how much turmoil there's been in federal backed research and development. Even stuff like wildland firefighter's getting workforce hit right before fire season is about to begin. Friends that did bioengineering (lab grown food and lab grown organ research) for private companies that have been laid off because of federal grants cuts/uncertainty
I know it’s bad. My wife is a researcher at a non-profit that relies greatly on federal grants, which are getting killed left & right, and so her company is laying off left & right.
I'm not sure why any of this is surprising. The US was perfectly fine letting China manufacture all the things. That manufacturing know-how leads to design know-how. The desire by US corporations to keep wages low or eliminate US labor entirely to use outsourced manufacturing leads to this.
It isn't just military hardware: it is products across entire industries. China is producing good ones, and even when they aren't, they're producing them at volumes the US could not dream of touching.
America needed well placed, strategic policies to support domestic manufacturing decades ago. Now numbskulls started seeing that those jobs should be in the states. Republicans capitalized on that to get elected to attempt it in the worst possible and most destructive possible way.
"As for this agreement and the NATO question, there is no mention of NATO in this agreement, and there never was," President Volodymyr Zelensky said on April 1.
Disclaimer: The article linked is from a single source with a single perspective. Make sure to cross-check information against multiple sources to get a comprehensive view on the situation.
A great-grandparent from Italy used to be all it took to guarantee Italian citizenship. A surprise decree has now changed all that, making it much harder for those with Italian ancestry to use blood line as a pathway to become Italian.
Disclaimer: The article linked is from a single source with a single perspective. Make sure to cross-check information against multiple sources to get a comprehensive view on the situation.
Disclaimer: The article linked is from a single source with a single perspective. Make sure to cross-check information against multiple sources to get a comprehensive view on the situation.
Saudi Arabia and other Gulf states have imposed a ban on US warplanes using their air fields or skies to attack Iran after US President Donald Trump over the weekend threatened to bomb the country.
Disclaimer: The article linked is from a single source with a single perspective. Make sure to cross-check information against multiple sources to get a comprehensive view on the situation.
For information, Framasoft is a french non profit that fights really hard to protect our privacy rights and the right to free software. They have a bunch of FOSS apps to replace some of the FAANG services, they're also the creators of PeerTube if I recall correctly.
Framasoft is a not-for-profit popular educational organization, a group of friends convinced that an emancipatory digital world is possible, convinced that it will arise through actual actions on real world and online with and for you!
The European Chips Act has set ambitious goals and its implementation is a significant pan-european effort. From an academic perspective, last year we published an open letter emphasizing the critical importance of open-source EDA for academia in Europe. We were excited and grateful to see that this initiative triggered the definition of a European roadmap in this area, and a matching Chips JU call for project funding. We believe that the projects funded by this call will have a significant impact. Moreover, we already see rising interest from many EU stakeholders, with increasing investments into open-source chip design, especially in open source IP development (e.g. RISC-V cores), and open source EDA tools.
One additional critical barrier remains toward the end-goal of building real open-source chips, especially for prototyping and education: namely, streamlining the access to open source chip production facilities (foundries) is essential. Programs like ChipIgnite, Tiny Tapeout and IHP’s open source program have become “guiding stars” that demonstrate that everyone with a computer can build chips. We believe that having low-cost, regular and easy access to chip production is critical to create excitement and build up expertise, widening the pool of chip designers with tape-out experience: a true silicon democratization and a further de-mystification of chip design.
Monthly meetings are held on the first Thursday of each month, at 13h00 to 14h00 Eastern Time (currently 17h00 to 18h00 UTC). You can find them listed in the SocialCG Calendar. The next meeting will be held on 3 April 2025.
We will be discussing:
Review of brainstorm/whiteboarding session from March
Context Ownership
Brainstorm use cases/user stories
Moving objects (between contexts) and moving contexts (between audiences)
Relies on context ownership “FEP”
Brainstorm use cases/user stories
Support for multiple objects (forking)?
Same origin only? Support moving objects/contexts between instances? Different FEP?
April 2025 Agenda Forum and Threaded Discussions Task Force Format Information gathering prior to the meeting will be held asynchronously via the fediverse, with topics posted on one of the following two locations: https://community.nodebb.
Predates ActivityPub, was submitted to the W3C, has evolved up until ~2018 in some form. Concepts that could be relevant for Forum TF work:
sioc:Item is directly associated with a sioc:Container, whereas as:Object is included in an indirect list of items within as:Collection
Containers vs Collections For more on the difference between a Container and a Collection, see RDF Schema sections 5.1 and 5.2
A Container has open membership. There might always be more items in a container that are unknown: <#Bag> <#red ball>.<#Bag> <#green ball>.<#Bag> <#blue ball>.# We do not know if the bag contains any other balls, such as a yellow ball. A Collection can have closed membership. For example, Lists can be terminated with a nil element. <#List> rdf:first <#A>.<#List> rdfs:rest rdf:nil.# We know that the list does not contain any more elements beyond A. The way this is applied in SIOC is like so: <#Item> sioc:has_container <#Container>.<#Container> sioc:container_of <#Item>. The way this is applied in ActivityStreams is like so: <#Collection> as:items (<#Item>).# There is no way to signal that the Item is part of the Collection, and it is not expected that collection items will expose links back to every single collection they are a part of.
A Post has_container which can be directly a Forum, or it can be something like a Thread (which can itself has_container of a Forum).
A Forum can has_parent of another Forum, if wishing to model subforums.
A Forum can has_space of a Space (like a desktop or file share), or in more concrete cases can has_host of a Site.
Mapping to AS2-Vocab? If we roughly map this to AS2-Vocab we might get something like this: @id: @type: [as:Person, sioc:UserAccount]@id: @type: [as:Person, sioc:UserAccount]@id: @type: [as:Note, sioc:Post]as:attributedTo: sioc:has_creator: as:content: "Hello"sioc:content: "Hello"as:context: sioc:has_container: @id: @type: [as:Collection, sioc:Thread] # caveat where as:Collection has spec issuesas:attributedTo: as:audience: # maybe?sioc:has_container: sioc:container_of: @id: @type: [as:Group, sioc:Forum]as:attributedTo: # i guess?sioc:has_moderator: sioc:has_host: @id: @type: [as:Service, sioc:Site] # idk about this onesioc:host_of:
We probably want to separate eventually the idea of "i authored this" from "i have authority over this", especially if a forum "lives" somewhere on a host. Comparison to NNTP / NetNews protocol / Usenet network RFC 5536 defines an article format for sharing RFC 822/2822/5322 style Internet Messages with mandatory headers:
Date (as:published)
From (as:attributedTo)
Message-ID (@id)
Newsgroups (as:audience??)
Path (no analogue, represents the path taken as the article is shared across newsgroups? so an ordered list of where it was shared/reshared from?)
Subject (as:name or as:summary, but probably not required for AP Forum TF)
RFC 5537 describes architecture for distributing such articles as Internet Messages:
A "posting agent" passes an article to an "injecting agent"
The "injecting agent" injects the article into a group
A "reading agent" can then fetch articles from a group
RFC 3977 describes NNTP protocol: <pre><code class="lang-auto"> Example of a successful posting: [C] POST [S] 340 Input article; end with <cr-lf>.<cr-lf> [C] From: "Demo User" <nobody@example.net> [C] Newsgroups: misc.test [C] Subject: I am just a test article [C] Organization: An Example Net [C] [C] This is just a test article. [C] . [S] 240 Article received OK Example of an unsuccessful posting: [C] POST [S] 340 Input article; end with <cr-lf>.<cr-lf> [C] From: "Demo User" <nobody@example.net> [C] Newsgroups: misc.test [C] Subject: I am just a test article [C] Organization: An Example Net [C] [C] This is just a test article. [C] . [S] 441 Posting failed Example of an attempt to post when posting is not allowed: [Initial connection set-up completed.] [S] 201 NNTP Service Ready, posting prohibited [C] POST [S] 440 Posting not permitted</nobody@example.net></cr-lf></cr-lf></nobody@example.net></cr-lf></cr-lf></code></pre> We could probably do something with Announce and/or Offer or similar?
In a simple model where there are only groups and posts, no threads (a la FEP-1b12)
Offer Note to Group
Group can then accept/reject the post and issue an Announce?
Once we introduce threads, we will want to have more control not at the group level but at the thread level.
There is a bit of a philosophical question of approach here -- given that the core mechanism here is fundamentally notification messages via LDN (POST to inbox), although it is arguable that Activity payloads gets used as a sort of JSON-RPC more than as a notification... should we therefore optimize for a notification-oriented flow or a more procedural flow instead?
In a notification flow, we just want some resource to be aware that we have made a new post, and they can then distribute it or not. Say something simple like this: id: actor: type: Announceobject: to/cc/audience/bto/bcc: id: actor: type: Announceobject: audience: [, ]cc: but instead of addressing or targeting you might instead address or target ? whichever application is listening to the thread's inbox then handles the cascade of distribution upward: id: context: id: context: # ?audience: # ?attributedTo: followers: id: audience: followers: id: members: # extension property/collectionfollowers: what is desired is roughly this:
Announce to the
the Announces to...
?
?
the might also Announce to and to
the challenge is in avoiding duplicate traffic, so ideally this would be under the control of a single controller who issues a single Announce to the sum total of the accumulated audience: id: actor: type: Announceobject: to/cc/audience/bto/bcc: # ... some chain of events later...actor: type: Announceobject: to/cc/audience/bto/bcc: - # - is already aware? - - - - - - this is essentially an event driven architecture. you'd need to choose between "exactly once" and "at least once" delivery.
concerns:
what ends up in shares collection? for a single share action, do we end up with multiple Announce activities in there?
who gets addressed? inbox forwarding? this probably shouldn't be the responsibility of to have to be aware of every single downstream/upstream recipient, right?
A surgeon in China successfully removed a lung tumor from a patient located 5,000 km away by operating a robot remotely from Shanghai. The innovative procedure took place with the patient in the ci...
The agency head said a $20 billion Biden climate program was marred by fraud and abuse. Documents filed for a court hearing this week don’t support that.
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.
The European Chips Act has set ambitious goals and its implementation is a significant pan-european effort. From an academic perspective, last year we published an open letter emphasizing the critical importance of open-source EDA for academia in Europe. We were excited and grateful to see that this initiative triggered the definition of a European roadmap in this area, and a matching Chips JU call for project funding. We believe that the projects funded by this call will have a significant impact. Moreover, we already see rising interest from many EU stakeholders, with increasing investments into open-source chip design, especially in open source IP development (e.g. RISC-V cores), and open source EDA tools.
One additional critical barrier remains toward the end-goal of building real open-source chips, especially for prototyping and education: namely, streamlining the access to open source chip production facilities (foundries) is essential. Programs like ChipIgnite, Tiny Tapeout and IHP’s open source program have become “guiding stars” that demonstrate that everyone with a computer can build chips. We believe that having low-cost, regular and easy access to chip production is critical to create excitement and build up expertise, widening the pool of chip designers with tape-out experience: a true silicon democratization and a further de-mystification of chip design.
Seeing that DVD are slowly going end-of-live and that you can't buy a lot of my childhood favorites in german anymore and streams are compressed-to-death (and DRMed), i had a streak of preservia. Which is why i rip a bunch of discs from the library on Linux (yes, legally not ok, but morally just ease of access, i wouldn't sell them). Since it's only to watch them when nostalgia hits, i want them in a ready-to-watch format, chose AV1 webm for small size. My burner is LibreDrive-ok ootb, meaning makemkv goes automatically in that mode.
I have the discs for a limited time, so i used to use dvdbackup for DVD and later feed the folder to handbrake for conversion. Now i got a bunch of blu-ray:
ripping one takes even longer; whole 25 hours; i don't have the time for the whole LotR series with bonus disks.
makemkvcon backup needs only about 2 hours per disk, but the resulting folder is 80 GB big; i have only about 250 GB free space ** and the makemkv backup somehow has no audio streams, while handbrake does
While i write this, handbrake is loading the chapters (that alone needs more than 1 hour for blu-ray); i'm trying if a lossless FFV1 mkv conversion (for later re-conversion) takes less long.
Now:
Any better approach?
Any way to fix makemkv having no audio? (i could juggle with external disks) I think i have all libraries and the KEYDB.cfg.
Edit: nope, handbrake suddenly has unable to decrypt unit (AACS)
Automatic Ripping Machine (ARM) Scripts. Contribute to automatic-ripping-machine/automatic-ripping-machine development by creating an account on GitHub.
I've had no problems compressing Blu Ray MKVs into MP4s with handbrake (using MX Linux). My drive is a branded, internal one (I want to say LG or Asus.) I am at work right now, by I can look at the model number when I get home if you want. Interestingly, I have actually used it on both German Blu Rays and North American ones.
Yeah, just now someone answered the comment on the shop mentioning libredrive compatibility, that the vendor changed the drive and you have to flash it now.
i wonder if it'll save any time/space if you make iso images from your bluray's with something like dd and mount them when you want to play them, instead of ripping their contents.
I would think it moral to download the discs you own as rips. Get a vpn for a month and download away. This would be a lot less time and electrical energy consuming compared to ripping them yourself. Also somebody else has already dealt with drm bullshit.
Yeah, but where? Far as i know, videos in german are mostly in private torrent groups you don't get easily in. No need for VPN here, download is legal and torrent is grey area and nobody cares, as long as you don't make business with it.
Take a look at scenenzbs.com I think they are open to registration. They have what you are looking for. You will have to make a donation before you can download stuff. You also need a download provider like eweka (around 7 euro per month). And a download client like sabnzbd.
Yeah, the makemkvcon backup command had missing audio, so i assumed, it was the case for the graphical interface too. But it works fine, about same speed and i just discovered, that you can open the resulting mkv on handbrake and choose audio channels and whatnot as if it was the disc itself. Only issue with duplicates (confirmed via video-compare , great tool with dynamic move-mouse split) but that's what the checkmarks are for. I'll mark it as solved.
I’ve done it with ffmpeg before - I think the command’s on the Arch wiki. I preserved subtitles as well. I overall remember it being pretty reasonable since I didn’t set it up to re-encode, just pass through original video.
Oggi, nel senso di 2 aprile, con anche il Direct di mezzo, si parla veramente molto di Nintendo Switch 2 (…e sarà mica un caso che il numero coincide???). Ma, francamente, se ne straparla anche oggi generico, da ormai diverse settimane. Eppure, per quanto se ne parla, e per quanto ormai ne stiano pure facendo […]
t.me/famiterimediosa/1090 Oggi, nel senso di 2 aprile, con anche il Direct di mezzo, si parla veramente molto di Nintendo Switch 2 (…e sarà mica un caso che il numero coincide???). Ma, francamente, se ne straparla anche oggi generico, da ormai diverse settimane. Eppure, per quanto se ne parla, e per quanto ormai ne stiano pure facendo vedere, siamo decisamente ancora a livelli da “mio cuggino che lo zio lavora da #Nintendo ce l’ha nel garage in America“.
E questa situazione desolante la si vede a colpo d’occhio nei grafici di vendita totale, come in questo ricostruito da qualche mematore: il primo quarto economico del 2025 si è appena chiuso, e Switch 2 conta un tristissimo 0 come numero di unità vendute… un valore che è specialmente terrificante, se messo a confronto con i ~13 milioni di Nintendo Wii U, console che persino al suo picco veniva reputata un fallimento. È chiaro che i numeri economici non raccontano tutta la storia di un prodotto, però se già partiamo così direi che Ninty ha sgarrato…
I have created an app that allows to scan barcode and get the origin of the brands (with information about parent holding company if any). It also suggest EU alternatives for the product scanned.
There is already more than 1.1m product in the databases and 140k brands (out of \~150k) analyzed. The analysis is made by automatic crawlers, so there might get issue regarding that, do not hesitate to report it. Data are coming from the great OpenFoodFacts database.
Currently there is no iOS one, ~~I might create one if people are interested in the app (as App Store pricing is high, I prefer to check if people like the app before paying the fee)~~. EDIT:As a few people is requesting it and are interested, I will proceed to App Store submission for iOS version and pay the required fee. I will keep people informed about that. It should take a few days, the time I get a mac, release app and going through the validation process of Apple (it takes 48hr according to internet, so let's see if it's that fast).
I will publish a web version soon that will allow to use the app without installing it (either android or iOS).
Enjoy ! 🇪🇺
EDIT: Some more information. Cosmetic products are also available on it, but database is quite limited currently and brand crawling has just started. I plan to expand database in upcoming days.
Fa male leggere quel “finale” in copertina. Non capita spesso (anzi, per niente) che un’opera, una serie, una saga susciti il desiderio di infinito in chi la fruisce. Eppure Vanni Santoni ha fatto questo. È riuscito a far sperare al lettore che ciò che sta leggendo non finisca mai.
Tea
Tea deve far posto nella rubrica del cellulare, ma piuttosto che cancellare i numeri dei morti cancella quelli della gente che non le piace.
Vanni Santoni – L’autore
L’esordio letterario di Vanni Santoni risale al 2004, anno in cui inizia a collaborare con la rivista indipendente fiorentina Mostro.
Oltre a Personaggi precari, appunto, si dedica a diversi progetti e interventi, e vince svariati premi letterari: un’attività scrittoria continua, quindi, numerosa e riconosciuta.
Molti anche i suoi libri pubblicati nel corso degli anni. Quello che definitivamente sancisce il suo successo è Gli interessi in comune, uscito nel 2011.
Non è in un solo ambito, quindi, che si esaurisce Vanni Santoni. Giornalista, critico, traduttore… Insomma, un protagonista della scena letteraria e intellettuale a tutto tondo, oltre che una delle sue personalità più influenti.
Un’idea di quanto poliedrica la sua attività sia la si può avere anche solo dando una rapida occhiata alla pagina del suo blog, sarmizegetusa.wordpress.com.
Personaggi precari
Non è un libro, non è un progetto letterario, non è niente di facilmente descrivibile. Tradotto anche all’estero, ormai è diventato un essere vivente a sé stante.
Faliero
– O Faliero, che tu fai con codesto filo spinato qui n’i’ bosco? – Lo stendo in qua e in là. Così, tanto per rompere i coglioni.
La sua genesi
La storia di Personaggi precari è decisamente intrecciata a quella del suo autore. Sì perché Vanni Santoni inizia a scriverli nel 2004 e già nel 2007 giunge a una prima pubblicazione, con la vittoria del premio letterario “Scrittomisto”, per la casa editrice RGB.
Ma facciamo un passo indietro. Personaggi precari nasce proprio sul blog che abbiamo nominato: frammenti, schegge, poche frasi che tracciano al volo ritratti di tipi unici ma anche universali.
Il loro successo forse viene proprio da qui. Evolutisi negli anni tra riviste, radio, fumetti e quotidiani, i Personaggi precari approdano a una prima edizione di cui sopra. La maggior parte di loro nasce, però, tra il 2008 e il 2012. Si arriva così a una seconda edizione nel 2013 con la casa editrice Voland, che non li abbandonerà più. Vanni Santoni con questa edizione dichiara chiuso il progetto perché “sebbene quantitativamente ridotta – cinquecento personaggi su una produzione complessiva di circa settemila – mi è sembrata al momento della compilazione, e mi sembra tuttora, esaustiva rispetto agli scopi del progetto”, come si legge in una sua illuminante intervista del 2015 (labalenabianca.com/2018/05/21/…). Ma già sappiamo che non è finita qui.
Voland è lungimirante, gliene va reso merito. Il progetto, infatti, è potenzialmente infinito, i Personaggi continuano a crescere e a cambiare, continuano a essere richiesti da riviste e testate varie, approdando a una seconda edizione nel 2017 e, infine, a questa edizione finale nel 2024.
La forma
Vanni Santoni dimostra tutto il suo estro anche nella scelta della forma espressiva. L’aggettivo che più spesso si trova associato a Personaggi precari è “epigrammatici”. Che significa? Significa brevi ma incisivi, concisi ma esaustivi, significa che insomma con poche parole sono in grado di aprire un intero mondo.
Il lettore ci si rispecchia, rivede i suoi gesti e le sue fissazioni, oppure se non riconosce proprio se stesso di certo ci ritrova tutta una serie di situazioni nelle quali capita spesso di imbattersi. Lo dicevamo prima: la sua fortuna nasce proprio da qui.
Alfio
“Perché il rotolo di alluminio è sempre nei cassetti della cucina, ma mai nel primo? Perché le medicine sono nello sportello del bagno? E i liquori in quello basso del soggiorno? Chi trasmette queste prassi? Chi?”
Poche righe, in alcuni casi anzi poche sillabe: se i Personaggi fossero un’opera pittorica sarebbero uno schizzo. C,osì come nello schizzo in pochi segni c’è già tutto. Un rapido tratto, appena un’idea e via, il quadretto è già pronto.
Il tema della precarietà
La forma, però, non è fine a se stessa e nemmeno è una mera questione di estetica. L’epigramma è una precisa scelta stilistica, che se da una parte dimostra di adattarsi perfettamente alle nuove piattaforme di pubblicazione e lettura online, dall’altra fornisce anche la giusta rappresentazione visiva di ciò che tiene uniti l’uno all’altra le figure di queste pagine: la loro condizione di precarietà.
Dal mondo del lavoro, il tema della precarietà si è espanso ad ambiti sempre più ampi e sempre più diversi, fino a diventare una condizione esistenziale. In una realtà che diventa ogni giorno più veloce e più mutevole, gli esseri umani si ritrovano senza punti fermi e coordinate fisse sui quali tracciare una rotta, finendo per correre nella confusione più totale.
Il malessere è diffuso quindi, il disagio esistenziale è onnipresente, ma i Personaggi piuttosto che agire attivamente per cambiarlo scelgono di adattarsi a questo stile di vita. Le conseguenze le sappiamo tutti: comportamenti deviati, relazioni tossiche, autolesionismo…
Raia
A occhio, si nutre solo di uva spina, melagrane, Pan di Stelle e amanite muscarie.
Conclusioni
Da una parte mi è presa la febbre di andare a caccia di tutti questi Personaggi precari, di scovarli in tutte le loro pubblicazioni e apparizioni e di collezionarli. Dall’altra, invece, vorrei scoprire i miei di “personaggi precari”, quelli che magari incrocio al bar o che ascolto in treno senza rendermene conto.
Grazie a Voland che me li ha fatti conoscere, grazie a Vanni Santoni che li ha creati, anzi, viene quasi da dire che ce li ha presentati.
Un'intervista a Vanni Santoni su "Personaggi precari" e su tutta la galassia che gli è germinata intorno: genesi, riferimenti letterari, sviluppi. Tutto.
Grazie infinite OLIGO Editore . ❤️❤️❤️ Una bellissima sorpresa, tre autori fantastici: "Piccoli segreti di provincia" di Fabrizio Binacchi, "Dissolvenza" di Giorgia Tribuiani, "A brulichio" di Pasquale Vitagliano. ❤️❤️❤️ Freschi di stampa, tre notevoli autori. OLIGO Editore sa scegliere bene e, giorno dopo giorno, si impone sul mercato editoriale, ricevendo apprezzamenti dai lettori e dalla stampa. ❤️❤️❤️
Grazie infinite OLIGO Editore. ❤️❤️❤️ Una bellissima sorpresa, tre autori fantastici: "Piccoli segreti di provincia" di Fabrizio Binacchi, "Dissolvenza" di…
Sexy Alaya in Fragrance. Ginger cutie slowly takes off her see through lingerie and strikes various sexy poses on the floor - Free picture Gallery from Metart
En 1992 Petro Chrdle neatendite por si mem fondis eldonejon. En tri jardekoj li eldonis 265 librojn, el kiuj proksimume cent en Esperanto. Pere de lia eldonejo aperis ankaŭ la plej freŝaj versioj de la Biblio kaj la biblieca Plena Ilustrita Vortaro – kaj lia propra libro pri profesia uzo de Esperanto, neatendite furora. Ĵus aperis la lasta el liaj esperantlingvaj eldonaĵoj en Ĉeĥio. Tamen la eldonado ne ĉesos, sed translokiĝos Ameriken.
Gli avvistamenti di cose particolari dentro i miei autobus continuano, a quanto pare. Stamattina ho notato, per credo la prima volta (…a meno che la mia memoria non mi stia perculando, ma non ho dubbi sul fatto che non ne ho mai parlato) in funzione uno di quegli strani tablet di bordo piccolini (da non […]
Gli avvistamenti di cose particolari dentro i miei autobus continuano, a quanto pare. Stamattina ho notato, per credo la prima volta (…a meno che la mia memoria non mi stia perculando, ma non ho dubbi sul fatto che non ne ho mai parlato) in funzione uno di quegli strani tablet di bordo piccolini sul posto guidatore (da non confondersi con un cosino di un’altra volta). Abbastanza intrigante, e purtroppo non sono riuscita a fare una foto, ma appena scesa ho fatto un disegnino sul mio di tablet, quindi poco male. 🥰
Ha una forma rettangolare abbastanza stondata (nel mio disegno rende poco, ma non riuscivo a fare le curve bene, abbiate pazienza), ed un corpo di metallo blu… se avesse bordi meno da preistoria e fosse piu sottile, sarebbe stiloso.
Sul fronte ci sono 5 tasti in basso, mi pare di colore blu come la scocca, con nomi presenti ma illeggibili dalla mia distanza, e poi due neri di lato su di un pezzo nero, con in basso due LED mi pare rispettivamente verde e giallo (forse in quest’ordine, forse l’inverso). Qualcuno servirà a far scoppiare il mezzo?
Sempre in basso sul fronte, ci sono dei buchini piazzati a griglia; forse degli speaker, ma non ho sentito questo affare emettere suoni durante il viaggio (…per fortuna?).
Ci sono mi pare due cavi (neri) sotto, tra cui uno dal connettore grosso, che sarà o una VGA o una seriale… boh, chissà che roba sarà questo coso, come hardware e software.
La UI (che segue il tema blu della scocca!) era una schermata con al lato quella che sembra una navbar, poi quella che evidentemente era una traccia delle fermate, con un simbolo di autobus piazzato nel punto approssimato corrente; poi a destra qualche altra cosa, tra cui l’orario corrente (mi pare) in alto, e un bollino verde gigante con scritto “in orario” (che era corretto, in questo caso).
Bonus: ovviamente, nonostante l’orario su questo tablettino fosse sorprendentemente giusto, sullo schermo grande per i passeggeri (che invece era spento per maggior parte del tragitto, vai a capire come funzionano quei robi) no… lì 2 ore in avanti. Avranno per caso cambiato l’ora domenica, ma nel verso sbagliato? ☠️
Who Killed Hannibal?, also known as Eric Andre Shooting Hannibal Buress, refers to a skit from The Eric Andre Show in which we see Andre fire a gun multiple times as co-host Hannibal Buress, then turn to the camera and ask “Who killed Hannibal?” The …
Unveiling Trae: ByteDance's AI IDE and Its Extensive Data Collection System
Trae - the coding assistant of China's ByteDance - has rapidly emerged as a formidable competitor to established AI coding assistants like Cursor and GitHub Copilot. Its main selling point? It's completely free - offering Claude 3.7 Sonnet and GPT-4o without any subscription fees. Unit 221B's technical analysis, using network traffic interception, binary analysis, and runtime monitoring, has identified a sophisticated telemetry framework that continuously transmits data to multiple ByteDance servers. From a cybersecurity perspective, this represents a complex data collection operation with significant security and privacy implications.
[...]
Key Findings:
Persistent connections to minimum 5 unique ByteDance domains, creating multiple data transmission vectors
Continuous telemetry transmission even during idle periods, indicating an always-on monitoring system
Regular update checks and configuration pulls from ByteDance servers, allowing for dynamic control
Permanent device identification via machineId parameter, which appears to be derived from hardware identifiers, enabling long-term tracking capabilities
Local WebSocket channels observed collecting full file content, with portions potentially transmitted to remote servers
Complex local microservice architecture with redundant pathways for code data, suggesting a deliberate system design
JWT tokens and authentication data observed in multiple communication channels, presenting potential credential exposure concerns
Use of binary MessagePack format observed in data transfers, adding complexity to security analysis
Extensive behavioral tracking mechanisms capable of building detailed user activity profiles
Sophisticated data segregation across multiple endpoints, consistent with enterprise-grade telemetry systems
The fusion-fission hybrid will use high-energy neutrons produced by a fusion reaction to trigger fission in surrounding materials thereby boosting energy output and potentially reducing long-lived nuclear waste.
One of the most exciting trends we’ve seen over the last few years is the rise of truly personal computers — that is, bespoke computing devices that are built by individuals to fit thei…
Remember when government officials discussing sensitive information over unsecured channels was treated as a national crisis worthy of endless investigations? Apparently, those days are over. While…
t.me/famiterimediosa/1090
FundMECFS
in reply to psychothumbs • • •PhilipTheBucket
in reply to FundMECFS • • •Yeah, there's also this:
It is weird to spend almost half the words in this, pretending that something in Pixelfed that wasn't a problem on Pixelfed's side was. This is the weirdest "vulnerability" in the world to pick if you want to pick one to hold up extensively as an example.
troed
in reply to PhilipTheBucket • • •PhilipTheBucket
in reply to troed • • •falseprophet likes this.
irelephant [he/him]🍭
in reply to PhilipTheBucket • • •Is any private post visible to people on servers that the poster doesn't have followers on?
Could I
curlthe uri of a post thats "private" and get the post's content?PhilipTheBucket
in reply to irelephant [he/him]🍭 • • •"Insecure" in this case simply means any server that doesn't implement Mastodon's custom handling for "private" posts. With that definition, the answer to your question is yes. It has been mentioned by Mastodon people that this is a significant problem for the ability to actually keep these private posts private in the real world. The chance of it going wrong is small (depending on your follower count) but the potential for harm is very large. I would therefore go further, and say that it's a very bad thing that Mastodon is telling people that these posts are "private" when the mechanism which is supposed to keep them private is so unreliable.
marrus-sh.github.io/mastodon-i…
github.com/mastodon/mastodon/i…
It is not. If you're sufficiently careful with approving your followers, making sure that each of them is on an instance that's going to handle private posts the way you expect, then you're probably fine.
If it's been federated to an insecure server then yes. If not then I think no.
custom federation levels (at the very least, for private posts) · Issue #712 · mastodon/mastodon
GitHubirelephant [he/him]🍭
in reply to PhilipTheBucket • • •Mastodon really is the internet explorer of the fediverse.
In any case, I don't think its that bad. I would compare it to an email provider accidentially leaking messages. Still bad, but its not a reason to abandon email as a means of communication.
We should encrypt posts, like diaspora does. Like how we should pgp encrypt emails, but no one will.
also, I just checked myself, a random "private" post I made isn't accessible over AP if I curl it unauthenticated.
Running
curl.exe https://calckey.world/notes/a63slz8j6l -H "Accept: application/activity+json"returns nothing, but replacing the uri with a public post does show it.An insecure server's copy of the post isn't accessible over AP, only the original post's link should return anything.
Coelacanth
in reply to psychothumbs • • •Mention Lemmy for once 😠
irelephant [he/him]🍭
in reply to Coelacanth • • •r.EndTimes
in reply to irelephant [he/him]🍭 • • •irelephant [he/him]🍭
in reply to r.EndTimes • • •r.EndTimes
in reply to irelephant [he/him]🍭 • • •irelephant [he/him]🍭
in reply to r.EndTimes • • •cmgvd3lw
in reply to psychothumbs • • •FundMECFS likes this.
irelephant [he/him]🍭
in reply to cmgvd3lw • • •You cannot use a mastodon app as a lemmy client, but you can view lemmy communities by opening them as if they are profiles. For example, open @fediverse@lemmy.world and it will show up as a user, but it will be the communitiy's posts.
You can mention it in a post to forward the post to the community as well.
FundMECFS likes this.