Joe SteinkampA Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale https://www.wired.com/story/teampcp-software-supply-chain-attack-spree-github/
Alex Hall
@alexhall
- 551 Followers
- 71 Following
- 12.1K Posts
I have a computer science degree and work in IT. I'm a fan of Apple, but not to an extreme. I enjoy playing acoustic guitar and electric bass. I'm blind.
MostlyBlindGamer@fastfinge @cachondo @NVAccess @prism this is very clearly an emotional conversation where both parties are wrong.
Samuel is a confused user who wrote what reads like a frustrated takedown piece, having hit a straw that broke the camel’s back moment in perceived lack of transparency.
NVAcess doesn’t have a public relations person, but its account that relates to the public is doing that job in a defensive stance.
You guys should kiss and make up.
You’re also kind of both right. Let’s look at the magnifier, since I consider myself an expert user of Windows Magnifier and ZoomIt:
There was no back room decision, it’s all very transparent. Here’s the GitHub issue where it was discussed:
https://github.com/nvaccess/nvda/issues/12539
A low vision user reported that Windows Magnifier was not following the NVDA virtual cursor.
My instant thought? No big deal, Magnifier can already follow keyboard focus, just have an option to move to mouse to the virtual cursor all the time and leverage the existing tool.
There was a discussion on the Windows Magnifier to Narrator private APIs and then the decision was make to add a magnifier solution to NVDA.
About a year later an add-on author said they’d addressed this issue by moving the mouse cursor and only had a pending problem with tabbing. They were advised the team was already working on a magnifier, but that they could open a PR for this issue.
The issue was ultimately closed by the PR that introduced the magnifier implementation.
This was discussed, decided and implemented completely in the open, and prioritized in a very surprising way.
“I can’t keep my pants up with this belt.”
“We’ll make you a new pair of pants.”
“I have this hole punch I used to tighten my belt.”
“We’re already making the new pants.”
There are valid criticisms to make here, but they had their time and place: that issue.
I know a lot of people have accessibility and other issues with GitHub, but that is where this FOSS project is developed and that’s where enthusiastic community members should contribute. I also know there have been discussions about how to make that process more approachable for more people. That’s good, keep doing that.
Just my two cents. I hope this can put things into perspective for you guys and turn this to a more productive direction.
Wow, an LLM not doubling down and insisting it knows what it's talking about? How refreshing! Or maybe the way I asked the question caused it to prefer an uncertain response since that's what the predictive model landed on. Never forget that these things do not and cannot think.
Claude:
So to directly answer your question: no, I'm not certain the TLS setup is as simple as I described. The RSA option is genuinely the simpler and better-documented of the two for your exact use case
The One Court, a tactile tablet for feeling sports game action, is now available to pre-order. Instead of having to use it at a stadium during a game, you can use it at home. Even more surprising, it's only $500 before the pre-order discount. There is a subscription of $30/month.
I care nothing at all about sports and have no interest in this product. However, I'm delighted that people who want one can finally have their own.
if you end up preordering a Onecourt, feel free to say Liam Erven referred you. We both get a free month of service. I've been waiting for something like this for many many years. https://www.onecourt.io/preorder
That's not an indictment of anyone. If I avoided everything that goes against my beliefs, I'd probably be vegetarian, use a FairPhone, and avoid Wal-Mart and Amazon. Instead, I eat meat, I use an iPhone, and I got a grocery delivery from Wal-Mart an hour ago. Sometimes it's accessibility, sometimes it's cost, sometimes it's convenience, but we all go along with most things and pick a few stances to focus on. For most people, none of those stances include avoiding Google and LLMs.
RE: https://tldr.nettime.org/@tante/116605858023186072
I use Firefox for my main browser, Kagi for my search, Apple and Fastmail (the latter paid) for mail, an Apple phone, and LLMs that aren't Gemini. I'm pretty sure none of it matters. If it did, Chrome wouldn't be the top browser, and Google wouldn't be so popular that it's a verb. An organization I volunteer with runs on Google, as does my employer. No matter what we do, people choose the convenient, popular, and easy, and it's hard to blame them. Google may well win this.
RE: https://mastodon.online/@AppleVis/116607355952261793
I know this is mostly a wrapper around existing tools, but I still feel like a completely vibe-coded app that's meant to delete a lot of files isn't a great idea.
NV Access@fastfinge I think there's a misunderstanding on how the Add-on Store works. Every add-on in the store must keep a consistent hash which the VirusTotal scan reflects, which must be the exact same add-on you download from the Store. NVDA won't keep the download of an add-on without a matching hash. The scan provides useful results from well respected security vendors without every user needing to know how to audit code. This is done when the add-on is uploaded to store, not from your PC. 1/2
RE: https://social.the-gdn.net/@draeand/116603745201257513
The first of these two PR's claims to fix NVDA dying when large amounts of console output are sent to it, like if claude sends a massive response or you mouse over a UIA terminal window causing NVDA to reread the whole thing. I doubt I'll have the time and energy to test this myself until the weekend, but I would absolutely encourage anyone who has the time to test it to do so, and if this works I vote that every user who has been begging NV Access to fix this for months pitch in to help donate at least the amount of money he must've paid in mind altering substances to be able to fix this. Incredible work my friend!
The first of these two PR's claims to fix NVDA dying when large amounts of console output are sent to it, like if claude sends a massive response or you mouse over a UIA terminal window causing NVDA to reread the whole thing. I doubt I'll have the time and energy to test this myself until the weekend, but I would absolutely encourage anyone who has the time to test it to do so, and if this works I vote that every user who has been begging NV Access to fix this for months pitch in to help donate at least the amount of money he must've paid in mind altering substances to be able to fix this. Incredible work my friend!