Servo Report Week 19 2025
Highlights from last week:
- Upgrade Stylo to 2025-05-01
- Implement is-element-nonceable
- Implement `document.scrollingElement`
- Continued improvements in DevTools and Trusted Types
You can help support Servo, an independent web browser engine, and the health of the web ecosystem by donating:
github.com/sponsors/servo
opencollective.com/servo
Sponsor @servo on GitHub Sponsors
Servo aims to empower developers with a lightweight, high-performance alternative for embedding web technologies in applications.GitHub
Romanians to choose between George Simion and Nicușor Dan in presidential vote runoff
https://www.euronews.com/my-europe/2025/05/16/romanians-to-choose-between-george-simion-and-nicusor-dan-in-presidential-vote-runoff?utm_source=flipboard&utm_medium=activitypub
Posted into Europe News @europe-news-euronews
Romanians to choose between George Simion and Nicușor Dan in presidential vote runoff
Romanians face a presidential election redo on Sunday. Hard-right George Simion scored a victory over pro-European Nicușor Dan in the first round, but recent surveys show the race is tight.Euronews (Euronews.com)
Ministero dell'Istruzione
Il Ministro Giuseppe Valditara, ha firmato un decreto che autorizza lo scorrimento delle graduatorie per la realizzazione e messa in sicurezza di mense scolastiche, nell’ambito del #PNRR.Telegram
#EuropeanUnion #russiaUkraineWar
#11yrInvasionofUkraine #RussiaIsATerroristState
Ukraine 'lost contact' with F-16 during combat, pilot ejected, Air Force says
The Air Force "lost contact" with an F-16 jet during a mission to repel a Russian aerial attack overnight on May 16 following an emergency situation on board, the Air Force reported.Martin Fornusek (The Kyiv Independent)
tinyurl.com/yrxv2tep
Mali's Junta Faces Pressure to Resolve Huge Debt Over Regional Dam
The Electricity Crisis in Mali: A Complex Web of Debt and DependenceMali currently stands at a crossroads, grappling with a staggering debt of over $94 million owed to the agency responsible for managing the Manantali Dam, a crucial hydroelectric powNewsroom (Axadle | Stay Informed with Horn of Africa Headlines)
A photo of a Marriott hotel in Philadelphia. Nothing special about the hotel itself, I just thought the design of the building looked pretty neat. Shot in February 2025.
#Philly #Philadelphia #Pennsylvania #Buildings #architecture #architecturephotography #cityscapes #urbanexploration #urbanphotography #streetphotography #travels #travelphotography #Fensterfreitag #WindowFriday #TGIF #Friday #photography #Pixelfed #photodaily #shotoniphone #cloudy
Every day it gets worse!
Nearly 100 people killed in #Israeli attack on #Gaza - Hamas-run civil defence - BBC News
bbc.co.uk/news/articles/crr704…
Nearly 100 people killed in Israeli attack on Gaza - Hamas-run civil defence
It marks the largest ground assault on north Gaza since Israel resumed its offensive in March.Rushdi Abualouf, Cairo; Yolande Knell, Jerusalem; Mallory Moench, London (BBC News)
#EuropeanUnion #russiaUkraineWar
#11yrInvasionofUkraine #RussiaIsATerroristState
Ukraine to receive $84 million from World Bank to restore homes damaged in Russia's war
Ukraine will receive $84 million from the World Bank to restore housing damaged in Russia's war, the Finance Ministry announced on May 15.Volodymyr Ivanyshyn (The Kyiv Independent)
Scattered Spider hackers in UK are ‘facilitating’ cyber-attacks, says Google
US retailers being targeted after attacks on Britain’s Marks & Spencer, the Co-op and HarrodsDan Milmo (The Guardian)
pablomartinezcalleja.blogspot.…
US consumer sentiment slides to lowest in 3 years as trade war raises anxiety about inflation
https://apnews.com/article/economy-inflation-consumer-confidence-f7d2635e665fa1be2695c5e830fc23ae
Diamond Beach, with ice flowing out of the Jökulsárlón Lagoon, with the Breiðamerkurjökull glacier in the background, in Iceland.
#iceland #icelandphotography #icelandlandscape #glacier #jokulsarlon #jokulsarlonglacierlagoon #breioamerkurjökullglacier #ice #Landscape #LandscapePhotography #LandscapePhotographer #OurPlanetDaily #EarthFocus #photographer #Nature #NaturePhotography #naturephotographer
- Sensitive content
- Parola filtrata: nsfw
Pwn2Own Berlin 2025: Windows, Linux e Virtualbox cadono miseramente in un giorno. Ed è solo l’inizio
Hacking, hacking, hacking! Al Pwn2Own non si scherza: è qui che l’élite mondiale della cybersicurezza mostra quanto sia fragile il mondo digitale. In palio? Fama, gloria… e più di un milione di dollari in premi per gli zero-day scoperti!
Nel primo giorno della competizione di hacking Pwn2Own Berlin 2025, i ricercatori sono riusciti a guadagnare 260.000 dollari dimostrando catene di vulnerabilità zero-day in Windows 11, Red Hat Linux e Oracle VirtualBox. Organizzato durante la conferenza OffensiveCon, il torneo di quest’anno si concentra sull’hacking delle tecnologie aziendali e include per la prima volta una categoria di attacchi basati sull’intelligenza artificiale.
Uno dei primi ad essere colpito è stato Red Hat Enterprise Linux for Workstations. Un membro del team di ricerca DEVCORE che utilizzava lo pseudonimo Pumpkin è riuscito a eseguire un’escalation di privilegi locali tramite un integer overflow e ha ricevuto 20.000 dollari per aver dimostrato l’exploit.
Hyunwoo Kim e Wonghee Lee hanno ottenuto risultati simili. Tuttavia, in questo tentativo, uno dei collegamenti si è rivelato essere una vulnerabilità nota (N-day), motivo per cui è stato considerato una “collisione” con un errore già documentato, piuttosto che una scoperta completa.
Anche Windows 11 è risultato vulnerabile. Chen Le Qi di STARLabs SG ha ricevuto 30.000 $ per aver aumentato con successo i privilegi a SYSTEM tramite una catena use-after-free e un integer overflow. Il sistema è stato compromesso altre due volte: Marcin Wiązowski ha sfruttato un bug di scrittura fuori limite e Hyunjin Choi ha dimostrato un attacco di type confusion.
Il Team Prison Break ha dato un contributo significativo all’ammontare delle ricompense. Sono riusciti a uscire dall’isolamento di Oracle VirtualBox e ad eseguire codice arbitrario sul sistema host utilizzando un integer overflow, guadagnando 40.000 dollari. Questa direzione è tradizionalmente considerata difficile, poiché richiede non solo il superamento della sandbox, ma anche un controllo affidabile dell’esecuzione sul sistema operativo sottostante.
Inoltre, il primo giorno di gara, sono stati hackerati degli strumenti di intelligenza artificiale. Sina Heirhach del Summoning Team ha ricevuto 35.000 dollari per aver sfruttato una vulnerabilità zero-day in Chroma e un bug noto in Nvidia Triton Inference Server. Billy e Ramdhan, membri di STARLabs SG, hanno impiegato 60.000 dollari per uscire da Docker Desktop ed eseguire codice sull’host sfruttando una vulnerabilità di tipo use-after-free.
Classifica TOP-5 del primo giorno di gara ( Trend Zero Day Initiative )
L’hackathon durerà fino al 17 maggio e il secondo giorno i partecipanti tenteranno di compromettere Microsoft SharePoint, VMware ESXi, Mozilla Firefox, Oracle VirtualBox e Red Hat Linux. Tutti i prodotti vengono tenuti aggiornati, il che sottolinea l’importanza di ogni 0day che viene dimostrato. I produttori hanno 90 giorni di tempo per rilasciare gli aggiornamenti dopo che le vulnerabilità sono state ufficialmente divulgate.
In totale, a Berlino 2025 sono in palio più di un milione di dollari. Le categorie di attacco non riguardano solo browser e virtualizzazione, ma anche applicazioni aziendali, infrastrutture cloud, automobili e intelligenza artificiale. Sebbene nell’elenco degli obiettivi figurino anche le unità di prova Tesla Model 3 (2024) e Model Y (2025), finora non è stato registrato alcun tentativo di attacco contro di esse.
L'articolo Pwn2Own Berlin 2025: Windows, Linux e Virtualbox cadono miseramente in un giorno. Ed è solo l’inizio proviene da il blog della sicurezza informatica.
It's freebie Friday!!
Are you trying to learn or teach students how to connect input devices to a microcontroller? It's easy if you know how pull-up circuits work! Check out our electronics activities here: mirobo.tech/electronics
#STEM #STEMeducation #electronics
Apple has become the most developer-hostile company to work with as if those same developers aren't the ones driving iPhone sales.
News Flash, Mr. Cook: People don't buy your products for your pretty Calculator app. You're choosing wrong, again.
RE: threads.com/@verge/post/DJq5xl…
The Verge (@verge) on Threads
Apple is placing warnings on EU apps that don’t use App Store payments https://buff.ly/xQSbCNsThreads
I'm a bird: got the word
Listen here: now ya heard
Freedom fighter: that's a Kurd
Lipless rapper: that's absurd
#Birds #Nature #Wildlife #Photography #Rap
#lesficfri
*** DARE ***
“I literally stayed up all night reading this book cover to cover. I want my own Armstrong Protection Services.”
tiffanyetaylor.com/whimsical-h…
#romanticsuspense #stalker #dangerinperil #bodyguardsecurity #graphicdesigner #loveatfirstsight #butchfemme #lesfic #sapphicbooks #bookstodon #writingcommunity #lesbian #lgbtq #lgbtqia
@lgbtqbookstodon @bookstodon @sapphicbooks
- Sensitive content
- Parola filtrata: nsfw
The Legend of Ochi ha conquistato il web grazie al piccolo Ochi, una creatura che sembra uscita da un sogno. Ma dietro la magia non c’è intelligenza artificiale, bensì anni di lavoro artigianale con p...
hynerd.it/the-legend-of-ochi-r…
The Legend of Ochi, il regista smentisce le voci sull'IA: "Non prendete in giro chi ha dedicato la propria ...
Per realizzare The Legend of Ochi la produzione ha fatto ricorso all'intelligenza artificiale? Il regista Isaiah Saxon fa chiarezza sulla questione.Violeta Fidanza (HyNerd)
archive.is/23Sno
- Sensitive content
- Parola filtrata: nsfw
The one and only @pluralistic kicking off his @pycon keynote talking about how scheduling apps for nurses buy a nurse’s financial data in order to gauge their wages, i.e. pay them less if they’re in debt.
The enshittification hydra has many heads.
#enshittification #PyCon @ThePSF
reshared this
"The Invitation" 🌿
Art by Elisabeth Alba
I'd love to do another Fae Green Man illustration someday...
Prints at albaillustration.etsy.com/list…
The original painting is also available.
#fae #faun #green #illustration #artistsonmastodon #mastoart #fediart #fairy #whimsicalart #fantasyart
Any researchers from Tilburg University attending the Digital Durkheim Knowledge Café event on Monday 19 May?
Come say hi and check out the poster about our applications for Open Access Publishing. I'll be there to try and answer any questions you may have (about our applications, not about Durkheim).
tilburguniversity.edu/current/…
#TilburgUniversity #OpenAccess #OpenScience
Digital Durkheim: Open Scholarship for Social Sciences and Humanities | Tilburg University
Tilburg University invites you an event exploring how open research practices are evolving in Social Sciences and Humanities.Tilburg University
Ontario has delivered its budget for 2025 during an uncertain time for the Canadian economy. On the #onpoli podcast @spaikin, @john_michael_mcgrath and @jessica_smith_cross discuss the ins and outs of the budget.
youtube.com/watch?v=k4qZ9DgF3H…
#onpoli
- YouTube
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.youtube.com
Trump’s Middle East theatricals were all about putting Bibi in his place
Trump is literally taking control of U.S. foreign policy in the region and pushing back Israel’s attempts to bomb its way to peace. Join us…Strategic Culture Foundation
« Position: Stop Making Unscientific AGI Performance Claims »
proceedings.mlr.press/v235/alt…
Position: Stop Making Unscientific AGI Performance Claims
Developments in the field of Artificial Intelligence (AI), and particularly large language models (LLMs), have created a ’perfect storm’ for observing ’sparks’ of Artificial General Intelligence (A...PMLR
L’interesse per la non esclusività nei rapporti sessuali e amorosi è sempre più frequente. Ma non fa per tutti. L'articolo di Maïa Mazaurette.
L’ascesa della coppia aperta
L’interesse per la non esclusività nei rapporti sessuali e amorosi è sempre più frequente. Ma non fa per tutti. LeggiMaïa Mazaurette (Internazionale)
Trump agreed to major chip sales to the UAE and to establish what will be the world’s largest AI campus.
This week, former Labour MP Ian Austin used these pages to argue that Britain should press ahead with a new trade deal with Israel – and ignore the growing calls, including mine, for trade sanctions instead.
There’s a total moral vacuum at the heart of his argument.
He offers a series of statistics and anecdotes about the benefits of trading with Israel, of being its ally.
telegraph.co.uk/business/2025/…
🕎 🇵🇸 ☮️
#Gaza #Palestine
#Press #News
Sir Keir Starmer’s Israel trade envoy should hang his head in shame
There is no justification for a deal, only an overwhelming case for sanctionsDale Vince (The Telegraph)
(Video) Papa León XIV evitó la bandera LGBTIQ+: #Falso | vía #FastCheckCL
fastcheck.cl/2025/05/16/video-…
#actualidad #banderadelapaz #chequeo #colectivolgbtiq+ #desinformación #facebook #factchecking #falso #fastcheckcl #instagram #leónxiv #lgbt #papa #papaleónxiv #prevost #redessociales #robertfrancisprevost #tiktok #twitter #video
(Video) Papa León XIV evitó la bandera LGBTIQ+: #Falso
Se comparten publicaciones asegurando que el papa León XIV evitó una bandera LGBTIQ+ durante una aparición pública.Lucas Vergara (Fast Check 🔍)
Microsoft discontinued email access for the International Criminal Court's chief prosecutor, Karim Khan. This action was a consequence of sanctions imposed by the Trump administration. Organizations must explore alternative productivity solutions such as Proton Mail and FOSS office suites.
#Proton #FOSS #Microsoft365 #EconomicOutlook #Tech Policy #CorporateResponsibility #DigitalServices #TechNews
abcnews.go.com/International/w…
Trump's sanctions on ICC prosecutor have halted tribunal's work
Nearly three months ago, U.S. President Donald Trump slapped sanctions on the International Criminal Court's chief prosecutor, Karim KhanMOLLY QUELL Associated Press (ABC News)
ICC prosecutor Karim Khan steps aside pending outcome of sexual misconduct investigation
https://apnews.com/article/un-icc-prosecutor-khan-sexual-misconduct-d826e69abfbedacef2b270ffe410610d?utm_source=flipboard&utm_medium=activitypub
Posted into International News @international-news-AssociatedPress
OpenAIRE is co-organising the NSLP 2025 Workshop on Natural Scientific Language Processing & Research Knowledge Graphs, taking place on 2 June 2025 in Portoroz, co-located with ESWC.
Learn more: shorturl.at/nLPbJ
#NSLP2025 #OpenScience #FAIRdata #NLP #RKG #ESWC2025 #AI4Science
Enhorabuena a todas las personas, organizaciones e instituciones que han contribuido a hacer realidad este merecido reconocimiento a Julio Anguita, SG de @elpce, coordinador de @izquierda_unida y alcalde de Córdoba.
Julio vivirá por siempre en la historia de nuestro pueblo.
Derrick
in reply to BuenaVidaPics • • •