9·
3 days ago
Arthur Besse
cultural reviewer and dabbler in stylistic premonitions
- 16 Posts
- 25 Comments
Joined 4 years ago
Cake day: January 17th, 2022
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
34·4 days agoI bought some cheap Chinese 2-way radios. The packaging has a big American flag and a “Designed in U.S.A.” claim, which I suspect is bullshit given the company involved. Also, there are two Bible verses referenced. This smacks of pandering to a particular slice of conservative Americans. All I want is cheap radios for skiing with my kids next winter, not a reminder of my country’s socio-political bullshit.
This bullshit is not from the well-known Chinese radio maker Baofeng (baofengradio.com) but rather from a US company called “BTech” which has the deceptive URL BaoFengTech.com.
5·5 days agosomething from the “stable ports” list at https://www.rockbox.org/
![screenshot of a paragraph of text from wikipedia: ""God is dead" (German: Gott ist tot [ɡɔt ɪst toːt] ⓘ; also known as the death of God) is a statement made by the German philosopher Friedrich Nietzsche. The first instance of this statement in Nietzsche's writings is in his 1882 The Gay Science, where it appears three times.[note 1] The phrase also appears at the beginning of Nietzsche's Thus Spoke Zarathustra."](https://lemmy.ml/pictrs/image/33db11fb-5653-4417-a877-e904b53032d1.png)
2·6 days agoCan someone tell me what vibe coding is?
a term coined 6 months ago for writing software using an LLM https://en.wikipedia.org/wiki/Vibe_coding
2·6 days agothis thread
also this thread
5·6 days ago(tldr: libxslt is a significant source of vulnerabilities and it should absolutely be removed from browsers ASAP.)
if they do something, it’s not in your interest
this is often true, but sometimes (like in this case) they are actually doing things that are in (almost) everyone’s interest: making browsers more secure 🙄
(see my other comment in this thread for details)
deleted by creator
fuck google generally, but in this case that mastodon post’s characterization that “Respondents overwhelmingly reject the suggestion” is not accurate - lots of people in that thread are in favor of removing it and those who aren’t aren’t making a strong case to keep it.
imo client-side XSLT never needed to be implemented; afaict its primary use is styling RSS feeds and I doubt many people ever actually read RSS feeds styled that way even if millions of feeds are/were.
some important context here
- https://gitlab.gnome.org/GNOME/libxslt/-/issues/127 CVE-2024-55549 (“Being an unpaid volunteer, I also don’t really care about external deadlines. I’ll just make the issue and the fix public and people can patch libxslt themselves. I also realized that I simply do not have enough free time and energy to continue maintaining libxslt and will step down as maintainer.”)
- https://gitlab.gnome.org/GNOME/libxslt/-/issues/128 CVE-2025-24855
- https://gitlab.gnome.org/GNOME/libxslt/-/issues/139 CVE-2025-7424
- https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 CVE-2025-7425
- https://gitlab.gnome.org/GNOME/libxslt/-/issues/144 use-after-free, no CVE assigned yet
- https://gitlab.gnome.org/GNOME/libxslt/-/issues/150 “libxslt is unmaintained” (some good news there, at least: two weeks ago, the guy who reported those five bugs over the last eight months stepped up to be the new maintainer… i assume he probably isn’t a Jia Tan 😅 since he is endorsed by a co-founder of GNOME itself. but, even if he does improve the library drastically, that still won’t justify having browsers include it in their general attack surface imo)
tldr: This obscure “feature” is a significant source of vulnerabilities which attackers are able to compromise endpoints with right now. The GNOME project’s libxslt is used by all modern browsers and has been largely unmaintained for a long time, and it is a pretty sure bet that it has lots more remotely-exploitable bugs (in addition to those which have already been discovered and not yet fixed, or for which fixes are not yet widely distributed).
it sounds like there is also a mostly-working JS replacement for this C++ code; if it is actually possible to ship that and avoid breaking any sites it would be preferable, but, otherwise, i for one would certainly be in favor of dropping browsers’ XSLT support (which was only ever for XSLT 1.0 anyway!) completely ASAP.
CoMaps is “offline-first” and they’re working on a deskop version, but it is alpha right now and they don’t appear to be distributing binaries of it (the desktop version) yet so you’ll need to compile it yourself. There are instructions here. I haven’t tried it yet myself but I think it looks promising!
Another option is to run CoMaps, OsmAnd, or another Android app under Waydroid.
also the maelstrom in question actually does exist: https://en.wikipedia.org/wiki/Moskstraumen
11·10 days ago"It is an interesting irony
it really isn’t 🙄
looking closer I see the earliest archive.org snapshot of this URL (from Feb 27, 2020, the day it was published) also says 1857 so it seems like the transposition to 1847 must have happened somewhere else - and yet the attribution to SciAm (external to the screenshot) was somehow preserved. @nymnympseudonym@lemmy.world can you shed any light on this mystery? where did you obtain this image (and know to attribute it to SciAm)?
apparently in 1857 “I have been informed by a European acquaintance” was sufficient sourcing for something to be published in Scientific American :)
somewhat relatedly, it’s 2025 now so you can actually link to a thing instead of just posting a screenshot of it: https://www.scientificamerican.com/article/that-giant-sucking-sound-doesnt-exist/
i wonder why this screenshot (and OP’s text which includes the fact that this comes from scientific american, which is not included in the screenshot) both say 1847 while the text on the SciAm website says it’s actually from 1857 🤔
