A future vision of the work.

1. Leaders who determine Policy
2. AI that gathers State from everywhere
3. Everything is done according to SOPs
4. SOPs are regularly updated
5. GOTO

vous pouvez soutenir ma proposition d’un audit par la Cour des Comptes de l’usage fait du budget de la CNIL

Just do whatever interests you now. Don’t seek a story of purpose to guide or label your interests. [...] Focus on what fascinates you, even if it’s uncharacteristic. There is no purpose because there is no line connecting moments in time. There is no plot. You are not a story.

Dans son développement, le NIST reconnaît que les règles de composition ont pour ambition d’accroître la difficulté de deviner les mots de passe choisis par l’usager. Cependant, « les recherches ont montré que les utilisateurs réagissent de manière très prévisible aux exigences imposées par les règles de composition », note l’institut.

Wealth, feeling like you have plenty, is an equation.

A web browser with emphasis on local-first data storage.

Repository: https://github.com/OkuBrowser/oku.

Discussions: https://discu.eu/q/https://okubrowser.github.io/

Social Media: connect people
Me: ok let's do it.

Meta now: let's use AI to generate content based on your face or other of your data 🤦‍♂️

Voilà... comme tous les autres services en ligne, Telegram va devoir se conformer à la loi.
Le mieux pour ne pas avoir à donner des informations aux autorités, c'est d'en collecter le moins possible. Telegram peut lire toutes vos conversations, sait avec qui vous avez discuté, quand et de quoi. Donc les réquisitions judiciaires vont probablement suivre.

(via https://sebsauvage.net/links/?aj9C8w)

It aims to eliminate the complexity and redundant boilerplate code when building a federated server app, so that you can focus on your business logic and user experience.m

The announcement for 1.0 is there: https://github.com/dahlia/fedify/discussions/141

on a lot of platform indeed

Minimalistic web application designed for sending end-to-end encrypted notes and files.

Github project: https://github.com/CorentinTh/enclosed/tree/main

The Centers for Medicare & Medicaid Services (CMS) federal agency announced earlier this month that health and personal information of more than three million health plan beneficiaries was exposed in the MOVEit attacks Cl0p ransomware conducted last year.

Personally identifiable information are leaked.

A great feedback from a main Nuxt contributor about Open Source contribution

#idea #blog create my own ama page. A follow-up with few questions is to create a FAQ page :)

Software is a way to get something done.

The followers of the Code It Yourself Manifesto believe in these things:

• We implement it according to our own goals.
• We make mistakes and learn from them.
• We learn how our tools we depend on need to work.
• We gain a deep understanding of our problem domain.

Normal :)

Que la gravité de la Terre réussisse à piéger un astéroïde pendant plusieurs semaines, voire plusieurs mois, n’est pas un phénomène inédit – cela se produit plusieurs fois par décennie – mais il reste fascinant.

An ode to spreadsheets

Peelopaalu is an unsorted link collection that consists of random websites that I find interesting in some way.

Strava utilise les données d'utilisateurs pour entraîner ses IA

Nous utilisons les informations que nous recueillons et recevons dans le cadre de la fourniture des Services, y compris pour vous offrir la capacité de réaliser les actions suivantes :

Fournir des fonctionnalités d’IA. Par exemple, nous utilisons l’apprentissage automatique ou l’intelligence artificielle, y compris les grands modèles de langue, pour détecter des anomalies dans les classements, générer des recommandations d’itinéraire ou fournir des conseils de formation personnalisés.

En ce qui concerne nos produits ou fonctionnalités utilisant l’apprentissage automatique ou l’intelligence artificielle, y compris les grands modèles de langage (« Fonctionnalités d’IA »), nous utilisons les informations que nous recueillons pour améliorer la qualité, la fiabilité et/ou la précision de nos Fonctionnalités d’IA en créant, développant, formant, testant, améliorant et maintenant les modèles d’IA et de ML gérés par Strava ou nos prestataires de services.

(via https://carfree.city/@scott/113174071604397428)

How to cache? It depends of the context: push vs pull and owned vs user.

Push means that the asset is pushed to a central server and then distributed.
Pull means the asset is referenced and the central server has to “pull” the content.
Owned means it’s owned by the central server.
User means it’s user-submitted content.

Push + owned

Make everything push + owned content if possible. "It turns out, however, that you can make a shit ton of other stuff push + owned if you try a little harder. "

How does the client check if they're expired?
Use “stale while re-validate”. Ur welc’

In summary:

• store asset
• use stale-while-re-validate access patterns
• should work offline

Push + User & Pull + Owned

Handle these with hash URLs. Hash the URL and treat it immutably.
Push + User: Forum comment -> hash URL
Pull + Owned: "in-content" assets. That’s where it’s user generated content, but not owned by the server.

Summary:

• Load asset
• Use infinite TTL + hashed URLs
• Should not re-fetch across page/app reloads

Pull + User

That’s where it’s user generated content, but not owned by the server. Posting gifs into the chat is a prime example; linking a blog post and generating a media upload for that is another.

Guess what: this pattern fits for highly dynamic user-generated content, which means it’s the content users link to each other in-platform.

Stable URL, short TTL. YES, SHORT TTL. [...] Debounce + throttle? Sure. Micro-TTL? Yes. Cache? Never.

The attacks occurred on an old version of the long-retired application Ricochet that lacked new features The Tor Project has released since to mitigate against the kind of 'timing' analysis described in the articles.

Matt Brichler on the 99% of people lie:

"People have a terrible habit of assuming “everyone” does something, when that’s simply not the case."

Everyone thinks that their perception of the world is correct. It’s only when you begin to realise that the way you look at things is nothing more than your perspective that it becomes infinitely more valuable.

The best thinkers can see things from other angles and come to open conclusions with the confidence to both defend their position and be open to new ideas.

[about the tech stack with k8s] the payoff feels abstract and are hard to quantify.

It's the same for OSS dependencies.

what if platforms like AWS or GitHub started splitting the check? By adding a line-item to the invoices of their customers to support Open Source finding.

For example, 3% ?

OSS projects have no governance and most of them are not ready to receive money though. How to distribute this tax too?

Another model is to pay depending of how many developer there are in the company.

The second step after recognizing the OSS funding issue is having a baseline funding amount.

About the explosion of pagers in Lebanon.

On Tuesday things changed. Whoever got admitted at the hospital with a specific kind of injury will end up in some list. Social networks will be traced and new targets will be identified.

The lessons that software developers can learn: Supply chain attacks in the real world happen every day!

I want to insist because it seems that it's not clear for everyone yet. There is no other way to mitigate software supply chain attacks for an ecosystem / programming language than to build an extensive standard library.

If Rust want to be seriously considered to build the foundations of computing, the number one and only priority of the Rust foundation should be to work on building an "extended standard library", let's call it stdx

À voir comment cette loi sera appliquée; et comment les entreprises montrerons la rémunération.

"Ignore all previous instructions"
"[citation needed]"

The project is on github: https://github.com/lycheeverse/lychee

Platform of username trading

mozilla's main problem right now appears to be they just do not recognise that they have pissed users' trust up a wall and now we are suspicious of everything they do.

you cannot, in a position like that, just do things which look dodgy as fuck and expect users to suck it up quietly, whether or not they are as they look.

Different definition of a UI component, from the minimalistic css one to the SSR full page.

Let the trademark be free

Another CSS reset explained

La semaine dernière, plusieurs entreprises ont annoncé à tour de rôle avoir été victime d’une cyberattaque ayant entraîné le vol de de données personnelles : Boulanger, Cultura, DiviaMobilités, Truffaut, Cybertek et Grosbill ainsi que Assurance Retraite.

Dans un email envoyé ce week-end à certains clients (dont nous avons eu une copie), le loueur de voiture explique avoir « découvert le 5 août 2024 (heure de l’Est) qu’un tiers non autorisé avait accédé à l’une de nos applications professionnelles […] Sur la base de notre enquête, nous avons déterminé que l’accès non autorisé a eu lieu entre le 3 août 2024 et le 6 août 2024 (heure de l’Est) »

5 185 nouveaux caractères. De nouvelles écritures, comme le Sunuwar, des hiéroglyphes égyptiens et l'arrivée d'autres émojis.

High quality GIFs

gov.uk does not use jQuery anymore.

L'utilisation incessante JavaScript de pointe a contribué à rendre le web moins accessible, en affectant de manière disproportionnée les utilisateurs dont les appareils et les conditions de réseau sont incapables de télécharger les énormes charges utiles associées à ces frameworks et (2) de gérer la mémoire requise pour exécuter le code du framework dans le navigateur. L'accent mis sur la création d'applications hautement interactives entraîne une coupure d'accès au Web de certains internautes.

Pire encore, les personnes qui ont tendance à posséder des appareils moins puissants et celles qui vivent dans des zones où la connexion à l'internet est plus lente sont souvent celles qui pourraient bénéficier le plus d'un accès bien soutenu au web (par exemple, pour accéder aux services gouvernementaux).

The downside of AI for programming:

• Erosion of Core Programming Skills
• Over-Reliance on Auto-Generated Code
• Lack of Ownership and Responsibility
• Reduced Learning Opportunities
• Narrowed Creative Thinking
• Dependency on Proprietary Tools
• false sense of expertise

Pour ces deux manquements, la formation restreinte a prononcé une amende de 800 000 euros à l’encontre de la société CEGEDIM SANTÉ.

Context:

To understand what’s happening here you need to remember that it’s a category error to treat LLMs as thinking entities.
They are statistical models that work with numbers – tokens – that represent language and the relationships between the words. It’s statistics about language wrapped up in an anthropomorphic simulation.

Attack:

The token stream (Strategic Text Sequence) itself – the numbers not the words – is an attack surface.

Reality of the threat:

This is going to get automated, weaponised, and industrialised. Tech companies have placed chatbots at the centre of our information ecosystems and butchered their products to push them front and centre. The incentives for bad actors to try to game them are enormous and they are capable of making incredibly sophisticated tools for their purposes.

Le système de backup actuel ne fonctionne plus. Quelques idées sont évoquées.

Trouvé via https://www.bortzmeyer.org/whois-mobi.html

Cela peut être un bon entraînement de le réécrire en #rust #RIIR.
Oh wait https://gitlab.rd.nic.fr/afnic/code-samples/-/tree/main/API/Rust/src?ref_type=heads

How it is generated by AI: https://modem.io/blog/blog-monetization-making-of/

A migration script in rust

The API seems simple as shown in the video https://youtu.be/ZbhzLP3vnkg

Not sure why this is, but I’m guessing it’s got something to do with working with a schema. It exercises the same sort of brain muscles1 as designing data structures or architecting an application.

One out of 200.

There is some progress concerning the amount of errors though (since 2021 to 2024): 125, 126, 132, 99.

Une caricature

Outline:

Using a BKTree data structure to identify and correct typos
Writing the Business Logic to Perform Typo Corrections
Pulling from Redis and caching it with lazy_static!
Identifying english words (among others, BKTree Search for Non-Dictionary Words)

It's Open Source: https://github.com/Conobi/politiscales

It's perfectly legal for people to take your writing, code, videos, music and other works into a 'dataset' that can be used to train an LLM model to forge your art or writing style -- for money.

But if a nonprofit decides to purchase hardcopy books, scan them in, and create a digital lending program providing works to anyone who asks -- for free, that's checks notes illegal. :D

This might be one of the unavoidable side quests if you are trying to tenaciously make a living from working on (and only on) open source. More than a year ago I wrote a blog post detailing my motivation for the things I have been doing and having a "grindset".

sharing, engaging with the community, enjoy programming again

(fichiers datant du 12 septembre 2018)

The authors propose

pw;dr - paywall; didn't read
ai;dr - ai, didn't read

All games run in the browser.

Le commentaire du hollandais volant à ce sujet est plus que pertinent: https://lehollandaisvolant.net/?id=20240905053634

L'article original de 404Media https://www.tweaktown.com/news/100282/facebook-partner-admits-smartphone-microphones-listen-to-people-talk-serve-better-ads/index.html

Another commentary of the consequences of that article: https://futurism.com/the-byte/facebook-partner-phones-listening-microphone

A field could have 0 or more string items.
Two or more items, the field is an array.
One item the field is set to a single string.
Zero items, the field i not set at all.

Avoid that: pass an array and call it a day

(via https://lehollandaisvolant.net/?id=20240903192331)

ON note que l'EPR de Flamanville a du retard... mais comme ici, le délai est du à des autorisations...

1 600 MWe à la fin de l'année.

Totally agree.

I keep my life simple because I know my time is limited. Time and health are my best proxies for happiness.

How?

Mostly by saying no.

No streaming subscriptions. No gym memberships. No Instagram and TikTok. 6 years old shoes and wardrobe. No meetings if possible. No commute; I work remotely. No property; I'm a happy tenant. No trips. No great home cinema setup. Limited tooling on the computer. No notion or Obsidian if a text file + git is enough.

On the other side, relying on reddit or HN for comments is exclusive.

Simple means focused.

Yes, there’s a creative process and they allow themselves to be creative, but they do so in a very constrained environment: their office. While others chase trends, they do the thing they’re always doing.

Where is the line between blue and green?

Rust is the first language in a long tome being able to compete with C or C++.

Rust also built a market around it. Orner languages of the same category did not.

A more general approach, more suitable for link blogs so inclined, would be to use word count with a note on writing style. Something like “850 words, fluffy, no long words” or “850 words, tech jargon, complex sentences” would be much more useful than the “3 minutes” that most default today

#empowerment

See also https://jpegxl.info/art/

Webize 😃

TL;DR we don't care in unit tests about internal testing. That doesn’t mean shallow rendering is wrong.

I personally use them to test well separated logic and iterate over:

• write the test that make the feature pass
• implement until the code passes the test
• next feature or case or exception
• repeat.

Yes. TDD.

Wtf am I reading at

Meanwhile P2P, HADOPI, DRM, Aaron Schwartz

BUT ai is ok.

One approach for achieving compile-time checks, might be having two different structs for alive and dead player, and have the necessary methods implemented for them respectively.

why it’s bad:

• the API is not clean. We are storing the same fields in both Dead and Alive player, while they are both just Players.
• the end-user has to know when to create an instance of Alive player and Dead player. It might be simple to guess in this example, but imagine much more complex/abstract types. If possible, our API should be responsible for when to use which type, not the end user.

Solution 3 is better with an struct that uses a state! The state determines how is the player and different functions are implemented for a player state.

Note it is similar to typescript with an interface or type such as Player<'alive'> of type Player<T> = { state: T, ...}

Using monospace fonts to design based on the ch unit.

Background: https://wickstrom.tech/2024-09-26-how-i-built-the-monospace-web.html

Il s'agit simplement d'optimisation des cultures.

Fin mars à mi-novembre.

MAIS ces tomates ont moins de minéraux (Calcium, Magnésium, Vitamine C, Polyphénols, Lycophène).

Selon le directeur général délégué Centre technique interprofessionnel des fruits et légumes, cela dépend aussi de la variété.

Le gêne responsable du ralentissement du dépérissement de la tomate bloque aussi son goût.

They started a blog because they wanted a bunch of fast game prototype.

Why they continued?

1. I enjoy writing
2. Writing helps think more clearly and flesh out ideas.
3. Publishing something forces me to do better.
4. The blog is a place to document my personal projects.
5. Looking at a log of things I’ve done makes me feel better.
6. The blog project solves problems
7. Become a better writer and as consequence a better developer

During the years, the posts have grown larger and more ambitious. The interests also changed, so are the posts.

It is built with Rust from an Haskell rewrite as far as I understand.

Claim: "Run any JavaScript and Node.js app in any browser"

The snippets can be embedded on websites.

le taux de mortalité maternelle dans l’Etat a augmenté de 56 % entre 2019 et 2022, tandis qu’il n’a crû que de 11 % aux Etats-Unis.

Il y a donc corrélation entre l'interdiction de l'avortement et le taux de mortalité maternelle.

how to compile and run JS code in rust through V8

I think open source is a chance to step outside the normal producer-consumer dichotomy and enter the world of relationships. [...] is a chance to give and receive.

How to start contributing?

• If you are new to a project (as to a company), you have a priceless gift. You can see more clearly than people who are already there. You might be in a perfect position to challenge 'received wisdom.' 💡
• If you care about a project, then you are in the best position to make it better.
• Contributing to open source is a phenomenal way to grow.

About writing their own RSS script:

I learned new things and got satisfaction out of seeing them run correctly. I get nothing like that out of comparing apps and services.

the biggest advantage echoes what Dr. Drang says: Programming is often more fun than the alternative uses of my time.

Three reasons why time spent programming is well spent and joyful:

1. Learning: for example the EmojiHomepage to learn VueJS; Altercamp Live to learn "Phoenix LiveView" and practice OTP knowledge.
2. Control: the software does exactly what you want + from the self-built programs come the IKEA Effect
3. Creativity: creating anything is a desire and practicing it always leads to joyful experiences. That includes anything - complex systems, simple scripts, an article posted online, a wooden box.

The Hacker news discussion about this post has many testimony: side effects of programming without clear goal first. https://news.ycombinator.com/item?id=24564835

Est-ce que c'est le Uber des tâches liées au logement?

Un sujet fort pertinent pour la conception de technologies en général.

Every problem at every company I’ve ever worked at eventually boils down to “please dear god can we just hire people who know how to write HTML and CSS.”

This UX is awful? That UI looks old? Accessibility busted? Performance bad? Design team can’t ship stuff? Customers annoyed by tons of bugs? Everything takes too long to build? No time for small usability improvements?

Hire. HTML. And. CSS. People.

The axioms of programming

• small teams
• difference between theory and practice
• metrics
• greenfield projects
• employee turnover
• "If anyone is remote, everyone is remote."
• "Given long enough, all tech discussions turn into discussions about K8s."
• two hard problems: People are the hardest problem in Computer Science; Convincing people that people are the hardest problem in Computer Science.

The highest resolution image.

This is the largest and most detailed photo ever taken of a work of art. It is 717 gigapixels, or 717,000,000,000 pixels, in size.

The distance between two pixels is 5 micrometres (0.005 millimetre), which means that one pixel is smaller than a human red blood cell.

The team used a 100-megapixel Hasselblad H6D 400 MS-camera to make 8439 individual photos measuring 5.5cm x 4.1cm. Artificial intelligence was used to stitch these smaller photographs together to form the final large image, with a total file size of 5.6 terabytes.

2 km/h dans 2h --> 4km de parcourus
2 km/h dans -2h (il y a 2 heures) --> -4km de parcourus
-2km/h dans 2h --> -4km de parcourus (en arrière)
-2km dans -2h --> 4km de parcourus

Shift is_active to something more generic: a status field, so we can expand it down the line for other parts of the state space.

Honestly, 80% of the time in these meetings I just tell people to either use an enum instead of a boolean or to make it more clear which data is events and which is state. I'm always right, it's always useful, and there's never that much fuss about it.

In addition to the content of web pages, it's important to record how this digitized content is constructed and served. The HTTP Archive provides this record. It is a permanent repository of web performance information such as size of pages, failed requests, and technologies utilized. This performance information allows us to see trends in how the Web is built and provides a common data set from which to conduct web performance research.

• Generative AI has polluted the data
• Information that used to be free became expensive

If someone is collecting all the text from your books, articles, Web site, or public posts, it's very likely because they are creating a plagiarism machine that will claim your words as its own.

Des toilettes sèches pour consommer moins d'eau et revaloriser l'urine riche en azote (illustration).

La Commission pourra faire appel de cette décision.

LinkedIn content is now used to train AI.

There’s some good news for users in the EU, the UK, Iceland, Norway, Liechtenstein (both of them!) and Switzerland as their data isn’t being used to train LinkedIn's AI at all and won't for the foreseeable future.

Mediapart, Le Canard Enchaîné, La Lettre, Glitz Paris, Miss Tweed, L'Informé, Puck (US).

CLI tools can make great things

Recursive link checker (compared to the rust lychee)

Estimez vos aides pour rénover votre logement

Une rénovation énergétique pour des factures moins élevées dans un logement plus confortable et plus écologique.

Contexte: https://www.service-public.fr/particuliers/actualites/A17676?xtor=RSS-111

Crev is a scalable, social, distributed Code Review and recommendation system that we desperately need for establishing trust in Open Source code.

Getting started: https://web.crev.dev/rust-reviews/your_personal_reviews/

The project is not maintained anymore though.

How the author evolved about getting news and updates.
First from social media, then from a curated list on Reddit.
To multiple RSS readers (Feeder, Miniflux) to Yarr.

They share their feeds in the post too :)

As we further discuss backup strategies, please remember, that having a remote volume mounted as a primary or a secondary disk in your system means you have filesystem access to a distributed data store that you use by simply doing file operations (e.g. cat, tail, cp, touch, mkdir, etc.).

I would simply mention that features that exist in ZFS, Btrfs or XFS (not a CoW fs but has some CoW features). [...] both ZFS and Btrfs offer transparent filesystem compression, meaning even the stored, deduplicated pages can be further reduced in size.

"Thing" backup strategies:

• backup data pages in the file verbatim
• pack data pages as you copy them (byte by byte copy with database cleanup beforehand)
• dump the data as SQL commands

"How" backup strategies:

• litestream: copy the db changes depending on the WAL
• SQLite .backup command creates an exact page by page replica of the database file at the point of invoking the command.
• SQLite VACUUM INTO
• SQLite .dump
• good old cp with --reflink=always in a transaction

Excellente analyse à propos des infrastructures qui définissent totalement l'utilisation de voitures.

Altis note que les autres modes de transport ne sont pas évoquées par BFMTV.

À propos de ces voitures électriques:

Dans le calcul, il faut aussi prendre en compte l'assurance et la recharge électrique, on est loin des 20 euros par mois, plutôt 50 ou 60, amha.

Contrairement au cliché mille fois répété (mais faux), le DNS ne sert pas qu'à « traduire des noms de domaine en adresses IP ». Il est d'un usage général et permet de récupérer, indexées par un nom de domaine, diverses informations. Un nouveau type d'information vient d'être officiellement enregistré, WALLET, pour indiquer l'adresse d'un portefeuille de cryptomonnaie.

Not owning things is a privilege.

It is a privilege to say: “I don’t need a spare in case of emergency.”

It is a privilege to say: “I know I won’t need this in the future.”

And it is a privilege to afford quality products that will last you close to a lifetime instead of having to re-buy stuff.

and the author lifestyle that is better (without the current minimalism "trend").

In my experience, less things also means less distractions, less need for space and less complications.

100% true from my experience.

It’s about contentment, sure. But I also think it’s about knowledge and culture — knowing what you don’t need and what you can get out of life for less.

The Open Source ideology is misused by companies: its ideology concerns production (similarly to FLOSS). You contribute to the software back.

Copyleft can force an absolute minimal “contribution” back to your project, but it can’t force a good-faith one. This makes it an inadequate tool towards building something with the kinds of values that many developers care about.

But I do think I’ve properly identified the problem: many developers conceive of software freedom as something larger than purely a license that kinds in on redistribution. This is the new frontier for those who are thinking about furthering the goals of the free software and open source movements. Our old tools are inadequate, and I’m not sure that the needed replacements work, or even exist.

Ferrocene is the open-source qualified Rust compiler toolchain for safety- and mission-critical. Qualified for automotive and industrial development.

About C and C++ standards; their evolution and the apparition of Rust as an online open-source collaboration and cross-platform language. How Rust features go from idea to stable. What is the reference documentation of Rust?

While for many users, a specification would just be “nice to have”, there are also Rust users for whom such a specification is absolutely necessary to be able to use Rust for the field they work in.

It’s good that we, the Rust project itself, own the language and the process for making changes to it. We just need to get better at documenting it, and could use some help.

Index.html, style.css and index.js. 3 files.

An example: https://frostapalooza.bradfrost.com/

Constatant que le TLD .mobi (TLD qui est par ailleurs une mauvaise idée, mais c'est une autre histoire) avait changé son serveur whois, de whois.dotmobiregistry.net à whois.nic.mobi, et que le nom de domaine dotmobiregistry.net, non renouvelé, avait expiré et était donc libre, les chercheurs ont enregistré le nom dotmobiregistry.net, mis en place un serveur whois (je rappelle que le protocole est très simple et que n'importe quel·le étudiant·e peut programmer un serveur whois en un quart d'heure) et récolté d'innombrables requêtes provenant de clients whois qui n'avaient pas mis leur base à jour.

Les chercheurs ont ensuite analysé ces requêtes.

Afin d'éviter cette faille et "si on veut faire les choses proprement, on ne doit plus utiliser whois mais son successeur RDAP"

Un article détaillé de ArsTechnica est disponible à https://arstechnica.com/security/2024/09/rogue-whois-server-gives-researcher-superpowers-no-one-should-ever-have/

IP and names in URLs can change. They will over time.

Merdification en perspective de MariaDB?

Use cases for :has:

• .card:has(button:focus-visible)
• .xy-pad:has(.handle:active), .xy-pad:has(.handle:focus-visible)
• We can use :has as a sort of global event listener: html:has([data-disable-document-scroll="true"])
• JS-free darkmode: body:has(#dark-mode-toggle:checked)
• p:has(+ figure): with :has, we can style one element based on another element in a totally different container! See the cool code playground that highlights

:has can be powerful to replace JS with HTML semantics.

C'est une bonne chose. Après un an quand même...

Webassembly components that can be reused in other programs 😲

The component standard is defined on https://github.com/WebAssembly/component-model/

generates electromagnetic radiation from a device's RAM to send data from air-gapped computers.

The RAMBO attack achieves data transfer rates of up to 1,000 bits per second (bps), equating to 128 bytes per second, or 0.125 KB/s.
Transmissions are limited to a maximum range of 3 meters, with an error rate being 2-4%.

HTML mit custom components to load partial templates.
CSS with imports is max two level deeps: one main that has all the imports. Variables, selector nesting and vendor prefixing are now fine.
Design token with https://open-props.style/

Javascript can be imported with <script src="" type="module"> tags.

le géoblocage d'un serveur public est totalement contraire à l'esprit d'internet et c'est préjudiciable aux internautes.

Photo de pancarte :
À vendre : carte électorale d'occasion (bon état)
Motif : je m'en sers mais ça marche pas :/

The comparison are pertinent. It compares the following topics:

• Gender
• Creativity
• Sustainability
• Trends

If it's ok for OpenAI, then it is ok for the rest. Maybe it is not.

The question is: why should I buy something while OpenAI use it for free? Where do you draw the lines? Is piracy now fair? What's the difference between OpenAI and piracy?

1 - Encadrer la capacité d’agir des mineurs en ligne
2 - Encourager les mineurs à exercer leurs droits
3 - Accompagner les parents dans l’éducation au numérique
4 - Rechercher le consentement d’un parent pour les mineurs de moins de 15 ans
5 - Promouvoir des outils de contrôle parental respectueux de la vie privée et de l’intérêt de l’enfant
6 - Renforcer l’information et les droits des mineurs par le design
7 - Vérifier l’âge de l’enfant et l’accord des parents dans le respect de sa vie privée
8 - Prévoir des garanties spécifiques pour protéger l’intérêt de l’enfant

At the beginning of the century, people played around and gave all kinds of things URIs like "http://example.com/foo.rdf#color".

for one reason or another people demanded the right to be able to use http://example.net/people/Pat to denote Pat rather than a web page about Pat.

The term Resource is indeed enough for REST, but other use cases such as RDF already reserved Resource for something different.

in fact in RDF the resource was allowed to be anything at all. A class, rdf:Resource even used the term as the universal class of all things.

isometric icons under CC BY 4.0.

Thanks to the author!

Nice improvements as always. I am not full-in in Vue anymore, but I still enjoy it

The QR Code generator of the author's dream (via https://fietkau.social/@julian/113055759198127054)

• It's instant, purely client-side, and has no ads or upsells.
• It has a variety of color, shape, and logo embedding options.
• There's PNG and SVG export.

The repo is there: https://fietkau.software/QRSVG.git

“Nous estimons l’impact de la réforme sur l’emploi, la valeur ajoutée et l’investissement. Aucun impact n’est détecté sur ces variables. Les entreprises ayant fortement recours au CICE n’ont pas embauché plus, après 2019 que les entreprises ayant peu recours au CICE.” ‒ Rapport de l’Institut des Politiques Publiques, 2022

Entre autres...

L'instance Mastodon du CCC à un éléphant qui lance la fusée du CCC au lieu du simple avion en papier.

(via https://social.atypique.net/@quota_atypique/113210687627716459)

Calcul du coût des contributions en €

The idea is to set sensible typographic defaults for use on prose (a column of text), making particular use of the font features provided by OpenType.

A (somewhat opinionated) list of SQL tips and tricks that I've picked up over the years in my job as a data analyst.

Google dépose plainte pour abus de position dominante par Azure de Microsoft.

Microsoft enfermerait ses clients dans des conditions d’utilisation très défavorables au déménagement vers d’autres solutions hébergées, surtout à cause des coûts de migration.

Est-ce qu'ils connaissent Firebase ?

Cela n'empêche en rien que Google a raison de porter plainte, car les arguments sont présents.

A lot of Rust lectures lately. See https://video.infosec.exchange/w/p/aUTyZA8bp5b8EDeT8VaV6M

Pour maintenir une « sécurité alimentaire », l’entreprise avait eu recours entre 2016 et décembre 2022 à des traitements de certaines de ses « eaux minérales naturelles » (ultraviolets et filtres au charbon actif). Un process qui n’aurait pas dû permettre l’utilisation de l’adjectif « naturelle ». Quant aux forages illégaux, ils concernent neuf des 130 captages utilisés par Nestlé sur Contrexéville et Vittel, entre 2013 et 2019. « Ceux-là n’avaient pas reçu les autorisations légales. Ils ont tous été régularisés par arrêté préfectoral en 2019 », a souligné lors de l’audience le procureur de la République.

The cluster is hosted by a small French hosting company. This indicates that European data protection regulations (GDPR) should apply. European law requires explicit user consent for collecting and storing personal data.
The open Elasticsearch server, accessible to anyone without authorization, stood out due to a massive index with a mysterious name, “vip-v3.” It contained 95,350,331 documents from at least 17 data breaches and had a total size of 30.1GB.

Company involved in the leak (from the txt files):
Lycamobile, darty, Pandabuy, discord, dvm, electro dépôt, Bins & Bières, Snapchat, FRS, Go Sport, Intersport, LDLC, Corse GSM, Pinterest, Minecraft FR (forum), SFR, Shadow (cloud computing service).

It also shares data from sport 2000, Wakanim and Rinaorc (minecraft server, or service using the AuthMe plugin).

L'association de lutte contre la corruption en politique en France

capture d'écran du jeu avec une ourse rectangle en tenue de plage dans un fauteuil roulant, l'air en colère, devant une scout et une petite maisonnette de plage: Mais mon fauteuil n'a jamais été un frein pour moi. Ce sont les autres qui m'ont empêchée d'avancer.

Never mind that you can also harvest code from any of your shelved projects. I mean why rewrite the Fisher–Yates shuffle algorithm if you have it already in a shelved game? Code for switching the monitor depth (on those early Macs) I moved from game to game… Polygon-point collision code, a sine lookup-table for quick trig functions, a dot-product routine, cross-product routines…

was the whole exercise of my guerilla programming technique a wash? Maybe. But it always served me well

There were times too when a coworker might have said, “You should have used a Bloom Filter” and I was able to come back with, “Yeah, already tried that but the typical data we are seeing is so small that the performance gains were negligible and added unnecessary complexity to the code base so I tossed it.” Boom!

A.B.I Always Be Iterating.

I discovered it from https://lobste.rs/s/d1n9k6/kind_websites_i_like#c_w9zus8

Similar to bearblog.dev

The form should be the following:

*links resources only from the same domain (same tld)

• no CDN / Captchas / geographical restrictions
• does not require JavaScript for main functions (including e.g. writing comments, registration or placing orders)
• works in text browsers like Lynx
• screenshots of whole page can be saved (no weird scrolling, fixed panels etc.)
• if I save the page as HTML, it can be viewed offline later (including all important assets)
• no tracking or affilate links
• no ad system, no aggressive adverts (moderate ones are acceptable, content:advert ratio should be somehow 90:10 or better)
• meaningful titles and links (not misleading and if I bookmark the page, I can find it by keyword later)
• images have alternative text and / or description
• cited or borrowed content from other authors has proper references
• links to downloadable files say also format and size, e.g. „technical documentation (PDF, 560 KiB, 84 pages)“
• all pages have a timestamp / date of creation and last change
• says who is the author (may be a pseudonyme) and what is the purpose of the website; something like impressum
• catalog of all pages or at least news are available as RSS/Atom/RDF machine-readable format
• no annoying cookie consents, newsletters, pop-ups, paywalls etc.
• generated content (AI and other) is clearly marked (if any) and differentiated from human-created content
• no automatically playing videos or sounds; no autoplay (unless explicitly turned on by the user)

Maybe I could share mine someday. #futureBilletDeBlog

Someone points out the dark nets and the need for optimized websites. Other list different arguments or ideas.

A set of 90 emojis featuring a ghost, including pride variants.

If you are going to use these in a commercial space you are urged to leave a tip please. I offer these for everyone and do not release paid sets most of the time.

Examples on https://nederland.gay/objects/00c6d0b4-be9d-46f9-ad6c-d48a3eb7a295

La nouvelle API Temporal, successeur de Date pour la manipulation de date.

Wow les réalisations sont inspirantes. Simples et claires.

Elle est toutes les bibliothèques que j'ai connues, ce que j'y ai trouvé de mieux et ce que j'aurais aimé y construire. Bref, La bib' est la bibliothèque de mes rêves, quand je rêve du coin de la rue.

Traduire cet article en fr

Générer dynamiquement des champs de formulaire totalement débile qu’on cache ensuite avec toutes les astuces de la terre pour ne pas les afficher aux utilisateurs. Mais pas aux bots.
Le champ est rempli à la soumission du formulaire ? Ah ben dégage le bot hein ☺️

100 milliards dépensés dans l'IA au lieu d'autres secteurs comme l'éducation.

Comment cette technologie va-t-elle être rentable avec la consommation en ressource nécéssaire?

ICMP packets with "LOVE" in ASCII.
TCP packets with different window sizes.

This strange traffic mimics legitimate data streams, and while it's not known if it's malicious, its true purpose remains a mystery.

quick recap

• arc boosts can contain arbitrary javascript
• arc boosts are stored in firestore
• the arc browser gets which boosts to use via the creatorID field
• we can arbitrarily chage the creatorID field to any user id

thus, if we were to find a way to easily get someone elses user id, we would have a full attack chain

when someone referrs you to arc, or you referr someone to arc, you automatically get their user id in the user_referrals table, which means you could just ask someone for their arc invite code and they'd likely give it

Brands go to Sans Serif fonts and uniform logos.

Reasons?

• "modern utility": Cleaner and more legible, they are better suited to a variety of media and work particularly well online. The purity of these fonts allows the brands to be an empty vessel, ready to accommodate rapidly shifting trends.
• simplification: to being a trusted, dependable part of people’s everyday lives.
• Brands are also defined by their products now: they become words and does not need a big logo.
• readability: even if it is becoming less of an issue

Shoot for simplicity and legibility, but keep your distinguishing features. Don’t throw away what the brand has been working on for decades.

Une critique de la vidéo de McFly et Carlito avec Jean-Marc Jancovici. Certains sujets pertinent ont été abordé.

En revanche, les inégalités sociales face à l'écologie ont été absent de la discussion, de même que la gestion des transports (en réduisant le débat à la voiture) et des autres considérations que le carbone.

si ces actions individuelles ne sont accompagnées d’aucun changement politique, ces petits gestes resteront vains.

avoir recours au covoiturage est une bonne pratique pour réduire nos émissions liées au transport, mais cela n’enlève rien au fait que de nombreux territoires français sont dépendants de la voiture, elle-même dépendante de l’essence ou du diesel.

La sensibilisation aux plus grand nombre est cependant primordiale !

Another link checker tool that supports recursion

An idea to put URL query parameters in the body pf the request.

It is useful to avoid the limitations of the URL length. Another use case is a custom DSL inside the request body.

At the end, it's a less readable than GET but more powerful.

How to Choose

• If the closure only reads from the environment: Use Fn.
• If the closure needs to mutate the environment: Use FnMut.
• If the closure needs to consume ownership of values from the environment: Use FnOnce.

A PoC for a driver in Rust seems promising.

Lito, a self-taught Japanese artist who began creating intricate, hand-carved art on fallen leaves as a way to manage his ADHD. He carefully selects each leaf & carves whimsical patterns that often depict animals, objects & landscapes - transforming delicate leaves into complex scenes.
Art that captures the fleeting beauty of nature.

Perfect for static websites

Sur l'efficience, Tesla est ici meilleur au Kw/km parcouru. Ils utilisent toujours la même batterie.

Topic addressed:

• Funding
• crates.io contributions and major updates
• Safety-Critical Rust Consortium

The primary objective of this group is to
support the responsible use of the Rust
programming language in safety-critical
software — systems whose failure can impact
human life or cause severe environmental or
property harm.

• Rust-C++ Interoperability Initiative
• Security Initiative (Public Key Infrastructure Model, Supply Chain Security, Token Security, Threat Modeling, Painter & Typomania tools)
• Infrastructure support
• Rust language Specification

Futur areas of focus: complete crates.io prevenance scans; federate distributed code review-publishing, admin functionnality for crates.io, improve crate signing & PKI with https://theupdateframework.io/, real-time results of crate security scanning)

Signals, Zoneless, Material 3, ...

Use cases for CSS display contents: ungrouping elements

• styling generated HTML
• conditional (header) layout
• remove a container
• a grid of photos
• alternating columns
• quote
• footer layouts
• subgrid alternative

CSS display: contents is known to cause accessbility issues when used with HTML tables, headings, buttons, and lists

Also what about the tabbing order?

We simply have to recognize 3 things:

1. First, if we do not continue to work to change the Internet, we really will have only two choices: the corporate salad or nothing.
2. Second, the control of the Internet is ultimately in our hands, [... corporations] do not have the power to lock down the Internet to prevent us from going wherever we like, unless we believe their lie that our only two options are to eat their salad or leave.
3. Third, each of us must banish the idea from his mind that he has failed if he creates a website and millions of people don't flock to it. That is corporate thinking, and it has no place on the small web.

Ideally, a personal website should be thought of as a gift to all Internet users.

Corporate search engines will almost never take you to a personal website unless you are either very lucky or you already know it exists. If you already know a website exists, you don't need a search engine to find it. This means only those who are motivated and know how to look will find what they are looking for on the small Internet.

It has a links to specific search engines.

For those who are not technically inclined, sites like these make starting your first blog easy: Bear Blog (free), Nekoweb (free), Mataroa (free or $9/yr for premium), and Write.as ($6/month).

Vu que les fuites de données ne sont pas vraiment évitables, est-ce que ces sociétés vont moins collecter des données?
(via https://sebsauvage.net/links/?Qgk2LA)

I’ll point out that the training data requires the wholesale harvesting of creative works without compensation.

I’ll also point out the ludicrously profligate energy use required not just for the training, but for the subsequent queries.

but "these things will get better!"... first there is no evidence. Second what the hell kind of logic is that?

Il explique : « ce qui pose problème c’est l’impossibilité d’utiliser certaines fonctionnalités non accessibles : comme la sélection du nom d’un professeur pour un parent qui veut lui écrire dans la messagerie, ou le décryptage d’un pictogramme de couleur pour un travailleur social qui souhaite vérifier l’absence d’un élève. »

La loi est entrée en vigueur en 2005.

En 2021, la secrétaire d’État chargée des personnes handicapées, pourtant compétente en vertu d’un décret de 2019, s’est déclarée incompétente puis a refusé d’agir auprès des sociétés éditrices de ces logiciels, actions pouvant aboutir à des sanctions.

L'ARCOM hérite par la suite de cette responsabilité.

La loi s'applique donc, mais il faut maintenant résoudre les problèmes d'inaccessibilité.

The implicit association is not recognized by at least two assistive technologies

Tout écrivain, Saint-Exupéry le premier, vous le dira : l’art de l’écriture, c’est de supprimer, de trancher, de raccourcir le texte pour lui donner de la puissance.

Dans mon entourage, les gens l’utilisent pour envoyer des dossiers administratifs. Alors, est-ce utile ? Non, c’est juste que ces dossiers sont complètement cons, que personne ne va les lire et qu’on utilise des outils cons pour gérer des problèmes à la con qu’on se crée soi-même.

Un outil et non une solution:

Comme le dit la linguiste Emily M. Bender, on ne demande pas aux étudiants de faire des rédactions parce que le monde a besoin de rédactions. Mais pour apprendre aux élèves à structurer leurs pensées, à être critiques. Utiliser ChatGPT c’est, selon les mots de Ted Chiang, prendre un chariot élévateur à la salle de musculation. Oui, les poids vont faire des va-et-vient, mais va-t-on se muscler pour autant ?

aphorisme: « tout le monde peut écrire, l’écrivain est celui qui ne sait pas s’empêcher d’écrire »

Bruno Leyval dessine tous les jours depuis qu’il est tout petit. Il dessine tout le temps. Il s’est transformé en machine à dessiner. Cette sensibilité de toute une vie ne pourra jamais se comparer à un algorithme générateur d’images.

À propos de l'IA qui génère du code: On cherche à optimiser la « création de logiciel » tout en oubliant la maintenance du logiciel et de l’infrastructure pour le faire tourner.

73% of the Web Platform Tests passes on Servo.

For simple sites, keep things manual.

Automate when it hurts to do it manually.

"Joy in the smallest things comes to you only when you have accepted death" Carl Jung says.

Because death means the end of everything, knowing that death is the end allows me to use this idea as a source of strength and resilience.

Why 2D maps are always incorrect because of elevation: they have to do some approximations.

Plus de données disponibles!

L'accueil du site: https://www.opendatarchives.fr/

Les mesures prises par l'éducation nationale sont les pires possibles selon un meta-analyse

Tiré du diaporama https://slideplayer.com/amp/17031201/, de l'Education Endwoment Foundation.

Les mesures les plus impactantes positivement sont aussi listées.

A rust web app framework similar to Rails

• unsystematic
• valid
• semantic
• accessible
• required-only
• hyper-optimized

A partial lisp-implementation in Rust.

I’m a bit biased, but IMHO writing a minimal lisp interpreter is a great project to learn a great variety of features of any programming language.

CalVer is a versioning convention based on your project's release calendar, instead of arbitrary numbers.

Snapchat testera bientôt l’intégration de publicités dans l’espace de son interface dévolu aux conversations entre amis. Evan Spiegel, son CEO, justifie cette décision par la nécessité de trouver de nouveaux leviers pour soutenir la croissance de l’entreprise. Il illustre dans le même temps la course à la performance publicitaire dans laquelle sont engagés les grands réseaux sociaux.

Hot take as the enshitiffication of snapchat begins: let's create an encrypted network similar to snapchat. The message recieved gets deleted once read. It means few storage compared to other social networks. A similar usage can be found with Signal. Signal allows it with the conversation settings.

Reasonable Colors is an open-source color system for building accessible, nice-looking color palettes.

Since Rust 1.65:

let Some(user) = get_user() else {
    return Err("No user".into());
};

The option can also be handled with .ok_or() if it's recoverable.

The last solution is to use the match statement.

The W3C Technical Architecture group eventually decided to resolve the architectural problem that if an HTTP response code of 200 (a successful retrieval) was given, that indicated that the URI indeed was for an information resource, but with no such response, or with a different code, no such assumption could be made.

IndieWeb for tech savvy and developers. A technical knowledge is needed.

Indie Web refers to the non-corporate or non-commercial web.

We could find better names: "human web" or the "people net".

There are initiatives derived from the IndieWeb: The Slow Web, The Smol Web.

Currently, we're envisioning:

• Novel Writing Month - 50,000 words
• Novella Writing Month - 20,000 words
• Short Story Writing Month - 5 stories of at least 2,000 words each
• Poetry Writing Month - 1 poem per day
• Blog Post Writing Month - 1 blog post per day
• Graphic Novel Writing Month (maybe?) - a 50-page graphic novel
• …or, of course, a custom goal.

EICAR files in different file formats.

A funny NASA project: type in your name to see it spelled out in Landsat imagery of Earth!

The Landsat series of satellites has been observing Earth for over 50 years, collecting breathtaking imagery and invaluable data used to study our planet’s changing surface.

With a new online interactive, users can type in their name, then view and export the graphic of that name spelled out in Earth features found in Landsat images.