GitHub: https://github.com/lol768
- lol768 parentI don't. YouGov's data suggests 77% of the UK populace has a negative view of the brand. Musk has destroyed its credibility.
- This looks very cool, some immediate thoughts though:
- "TiXL is an open source software to create realtime motion graphics" - pedantry, but software is an uncountable noun. You cannot have a software.
- It wasn't immediately clear to me from the homepage that it's Windows-only. Appreciate it appears to behave under WINE, but it'd be good to make clearer.
- Plenty of UK banks that don't require this, and whose apps will also work on a rooted device. Monzo will display a warning that sets out the fact there's an increased risk, and then lets you be an adult and choose to continue to use the app if that's what you want to do.
The best part is that the Current Account Switching Service makes it very easy to make the jump from a legacy bank like HSBC.
- I thought this initially too, but there's a comment on https://bugzilla.mozilla.org/show_bug.cgi?id=2001758#c5 that suggests a belief it doesn't affect Firefox at all. So I don't know if the surface for these is particularly obscure such that browsers are insulated?
- > This is consistent with photo licensing
On the contrary, I would say this is increasingly unusual nowadays. There are print restrictions on e.g. iStock content, but there's no attempt to "ration" the number of visitors that see a stock photo at a specific price point.
It's something that's generally put me off from licensing paid fonts - despite the work that has gone into them, because you're almost signing a blank cheque and it's not easy to know how many visitors are scraping content for LLMs.
- What is the deal with Ubuntu and this version of .NET?
Every since they got rid of the Microsoft packages feed, it's just been a complete mess.
Ubuntu's own documentation states:
> .NET 10 will be available in the Ubuntu archive for Ubuntu 24.04+ and included in main upon its official release
But it isn't available?
- I think you are correct. There were similar issues with Firefox rolling out SameSite=Lax by default, and I think those plans are now indefinitely on hold as a result of the breakage it caused. It's a hard problem to solve.
> As an aside it's not clear that OCSP stapling is better than short-lived certs.
I agree this should be the end goal, really.
- The ship has very much sailed now with ballot SC63, and this is the result, but I still don't think CRLs are remotely a perfect solution (nor do I think OCSP was unfixable). You run into so many problems with the size of them, the updates not propagating immediately etc. It's just an ugly solution to the problem, that you then have to introduce further hacks (Bloom filters) atop of it all to make the whole mess work. I'm glad that Mozilla have done lots of work in this area with CRLite, but it does all feel like a bodge.
The advantages of OCSP were that you got a real-time understanding of the status of a certificate and you had no need to download large CRLs which become stale very quickly. If you set security.ocsp.require in the browser appropriately then you didn't have any risk of the browser failing open, either. I did that in the browser I was daily-driving for years and can count on one hand the number of times I ran into OCSP responder outages.
The privacy concerns could have been solved through adoption of Must-Staple, and you could then operate the OCSP responders purely for web-servers and folks doing research.
And let's not pretend users aren't already sending all the hostnames they are visiting to their selected DNS server. Why is that somehow okay, but OCSP not?
- It's such a shame that what was shipped there was so far off what the designs had suggested might be possible [1]
Two years ago we were told:
> We're going to build it right, and that means rewriting large pieces of our codebase. We'll ship the remaining stuff when they are ready.
I'm not sure how much more of the designs have actually been realised since then?
- It's being looked at.
- > In 2023, when tourism rates had yet to fully recover from Covid, over 66 million people visited the US from abroad. I don't have more recent statistics, but I'm going to assume that the number is the same or higher this year.
World Travel & Tourism Council says international visitor spending is going to drop by $12.5bn this year (down 22.5%).
- How have you found the generation performance? It seems like this should really be a perfect fit for this sort of use-case, and I'd hope the memory footprint and speed are all much more competitive than HTML-based approaches.
The team I'm currently working with are using Gotenberg for things which we can afford to take a little while, and C#/Skia for things which need to be reasonably quick.
- Hasn't this already existed in Firefox for the best part of the last year? I see a "Ask ChatGPT" context menu option with various tasks ("Proofread", "Summarise" etc) when I right click. It's easy to remove or point at a different provider too (browser.ml.chat.provider) if you prefer a different model, and I think the prompts are customisable.
- > Attempts were made to reach out to O2 via email (to both Lutz Schüler, CEO and securityincidents@virginmedia.co.uk) on the 26 and 27 March 2025 reporting this behaviour and privacy risk, but I have yet to get any response or see any change in the behaviour.
This is really poor. And why is a Virgin Media address the closest best thing here? https://www.o2.co.uk/.well-known/security.txt should 200, not 404.
To be clear, I have no problem with disclosure in these circumstances given the inaction, but I'm left wondering if this is the sort of thing that NCSC would pick up under some circumstances (and may have better luck communicating with the org)?
- The progress bar looks a bit like a snake being electrocuted.
https://m3.material.io/blog/building-with-m3-expressive#what...
- Hurrah. That was 13 years ago and it still doesn't support railcard discounts.
TfL may have been innovative a long time ago, but they haven't moved with the times at all. Hell, the Oyster POMs only got contactless payment readers in the last couple of weeks. Prior to that it was "chip 'n' pin" - y'know, the technology introduced back in 2004.
- https://ben-james.notion.site/tube-data
> You will regret using this data. You will regret using this API.
> It serves data from individual arrivals boards, which all spell stations differently.
> It describes train status in free text that varies between stations. “Approaching Barnet”, “Near Waterloo”, “Heading to Bank”, “Departing Southgate”, “Leaving Hampstead”, etc.
I'm not sure what you expected from an organisation still offering nothing but SMS-based MFA to its "customers" and one that got massively disrupted by a 17 year old in a cyber incident which seemed to paralyse the entire organisation a few months ago...
- This is an entire class of vulnerabilities that would've never been possible with XUL, is that correct?
I appreciate they had to move for other reasons but I also really don't like the idea that the DevTools and browser chrome itself now has all of the same security issues/considerations as anything else "web" does. It was bad with Electron (XSS suddenly becoming an RCE) and makes me pretty nervous here too :(
- I'm afraid it's something I need to agree with.
So many areas where resource-based conditions just do not work with particular GCP product offerings and you're forced to give out much broader access than you should be giving out. It's half-arsed and prevents you implementing PoLP.
AWS has a steeper learning curve here, but I've never been unable to constrain down e.g. access to an SNS topic in the way I want to.
- The latest JCVI recommendations are here: https://www.gov.uk/government/publications/childhood-varicel...
The shingles vaccination programme (for older adults) has existed since 2013.
The JCVI recommendation from 2023 took into account new evidence that had emerged since the original decision in 2009, using a new model to evaluate cost-effectiveness and better evaluate the impact on QALY from infection.
The original 2009 reasoning's decision is available here: https://webarchive.nationalarchives.gov.uk/ukgwa/20130107105...
- EBITDA? I'm not going to claim it's perfect (and if the company is struggling and paying back loans it's going to ignore the interest charges), but the idea behind it AIUI is that you strip out some of the, perhaps, "creative accounting" (that is mostly there to reduce a corporation tax bill) and deductions and focus on earnings/cost-of-sales. Which, should, in theory relate to how much a company can afford to pay for ancillary services.
In the industry I work in, between 96%-97%+ of revenue is the cost of the sale and is immediately handed over. Many purchases don't make a profit at all (fixed costs, commission doesn't cover them so it's loss-making - but you need to be able to offer them anyway).