Seems bad. "An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild."
It seems to be JavaScript-free from the description, which makes it even scarier. Imagine the libwebp decoder bug except embedded media blocking doesn't really work (who blocks CSS?).
I'd be interested to know if it's sufficient to avoid this recent vulnerability. Either way, it confirms my opinion that UI animations are an anti-feature.
As a uBlock Origin filter (paste in Settings > My Filters):
! No CSS animations
##*,::before,::after:style(transition:none !important;animation-delay:0ms !important;animation-duration:0ms !important)
! No CSS animations (different method)
##*,::before,::after:style(animation-timing-function:step-start !important;transition-timing-function:step-start !important)
There's other (often perf heavy) CSS clutter that's nice to get rid of:
! No image filters
##*,::before,::after:style(filter:none !important)
! No text-shadow
##*,::before,::after:style(text-shadow:none !important)
! No box-shadow
##*,::before,::after:style(box-shadow:none !important)
! No rounded corners
##*,::before,::after:style(border-radius:0px !important)
No rounded corners is fun. You realize many loading spinners are actually CSS rounded corners! Youtube becomes almost unrecognizable — mercifully — especially if you also revert the new TikTok-inspired font:
Firefox doesn't seem to support css animation-timeline, I think this refers to the JS AnimationTimeline API? In that case "dom.animations-api.timelines.enabled" flag should control it.
He works (or recently worked) for Mozilla on security-related projects. The code commit fixing the issue was isolated to the /dom/ directory in the source tree, and Firefox does not support CSS Animation Timelines. The Animation Timelines code is not directly accessed by web devs, and it appears the only way to execute that code is via the JS API for Animation Timelines. I'm not a web security expert, but the signs seem to point to him being correct.
I only had a quick look, but it looks like they tweaked the state update so the model can be run with parallel scan instead of having to do it sequentially.
Which can in turn be automatically parsed and pull the data into said document. So when Google decides that the mail/workspace account is banned for whatever reason they deem, you don't lose the content, you just change the automation tool to the new e-mail address (and inform relatives about the new e-mail as well).
it might be enough just to have a headless email client logged in on a personal server somewhere that pulls down incoming emails, and can act as a backup in a pinch
> Duolingo is good at going from nothing to something
Seconding this. I got noticeably better at Chinese after using duolingo every day. I feel like I hit a ceiling now and it's not helping too much, but it definitely worked.
Thanks! The tricky bit is to make this work in different languages where the "space" is not used to separate the different words, such as Chinese. We should implement a real Chinese lemmatizer there to chunk the words.
Not sure if you saw it, but we already have pinyin in there. If you open up the settings and tick "show pronunciations" they will appear above the chat messages.
> We should implement a real Chinese lemmatizer there to chunk the words.
Or find all substrings that are listed in a dictionary (≈everyone uses cc-cedict https://www.mdbg.net/chinese/dictionary?page=cc-cedict ) and give translations for all of them. That way, the user won't be limited to any particular chunking granularity, which is always a finicky aspect of word segmenters to fine-tune.
At least for chinese there are off-the-shelf word segmenters you can use like jieba[0]- I used it in gptlingo and it Just Works(TM).
The "show pronounciations" setting just turns on pinyin above characters - what I want is to type pinyin and enter chinese characters. Actually showing the pinyin above characters is quite distracting!
I used postgrest (without htmx) on an old project; it's impressive how far you can push it.
HTMX seems like a perfect fit for it too, although I'm not sure how much I really want to maintain htmx templates inside SQL functions...
Zero interest. BTDT (php). Static analysis, local testing, refactors, bulk changes delivered atomically (transactions, if you will) are missing critical features with this type of pattern. Great for hacking around, but not for making something stable.
I'm a technical generalist with 10 years experience and a Ph.D in CS focusing on category theory and machine learning.
I've worked in a variety of roles both full-time and contract: Full stack developer, data scientist, pentester, and machine learning researcher.
Most recently I was awarded a grant to develop a differentiable IR for zero-knowledge machine learning[0].
I'm in the same boat- I just want a simple headset that overlays a big, high-resolution monitor on my normal vision.
The closest thing I know of is the [Simula One](https://www.simulavr.com/), which seems to be a VR "virtual monitor".
VR instead of AR is a dealbreaker for me though- I want AR virtual monitors that overlay the displays on my actual vision. Even VR which uses a camera to pass through to the display isn't really what I want.
My ideal hardware would just be a "dumb" AR display with wide FOV and an HDMI input that just overlays the video data onto my normal vision.
From what I understand a big challenge is the wide FOV though, but I don't know enough about optics to really understand why this is the case.
It sounds like the closest thing to what you want is the Xreal Air, not the Simula One, which is a project for a full high-quality standalone VR headset (that happens to run Linux instead of Android like other standalones).
> VR instead of AR is a dealbreaker for me though
The problem with AR is a basic technical one: you can't use a transparent lens to paint black pixels over white light. That's why Apple, despite being desperate to make the "Apple Glasses", has basically abandoned AR entirely in favor of VR-but-the-video-passthrough-is-so-good-it-feels-like-AR design, and I would expect most other companies working on AR devices to follow suit.
My Air turned up today. The "can't paint black with light on a transparent surface" solution is a sheet of plastic. Put it on when it matters, take it off if it doesn't... Can't fault it for simplicity.
See:
- NVD page for CVE-2024-9680: https://nvd.nist.gov/vuln/detail/CVE-2024-9680
- Mozilla security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2024-5...