День тисяча двісті двадцятий
Jun. 27th, 2025 08:30 am![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
andrzejnВночі був невеличкий наліт. На Осокорках вже знов тихо, у мене все гаразд.
Чекаю на перемогу.
Чекаю на перемогу.
andrzejn
Мастерская миров
Jun. 26th, 2025 08:09 amvitus_wagnerТут Шумил вдруг написал ЛитРПГ. Вернее, фанфик на другую ЛитРПГ другого автора (раньше он фанфики на Желязны со Стругацкими писал, может быть Виталий Литвин тоже заслуживает прочтения?)
А я вот над чем задумался - как-то очень популярны стали тексты по чужим мирам. Фанфики по изданным произведениям - от Стругацких до Роулинг, ЛитРПГ, межавторские проекты вроде "Земли Лишних" Андрея Круза и Ко. Кроме того многие авторы пишут сериалы из десятков продолжений действие которых происходит в одном и том же мире. При том что миры вообще-то слова доброго не стоят. Ну вот взять все эти многочисленные бояр-аниме, например. Или фэнтезя с орками и эльфами. Клоны же один другого. Редко у кого в физике, географии или истории мира найдется какая-то изюминка.
Это, интересно, почему? Потому что людям так тяжело творить миры? Мне всегда это было гораздо проще, чем творить сюжеты или даже характеры персонажей. Интересно можно ли организовать производство миров на заказ? Я бы занялся. Для меня всегда было проблемой создать героя и путь его по миру, который позволить этот мир читателю показать. Только организовывать не умею.
Или может быть дело в коммуникации между автором и читателем? Начав писать фанфик (не важно по книге, фильму, или компьютерной игре) автор немедленно приобретает общее смысловое поле с теми кто читал/смотрел/играл оригинал. И не только с ними. Я вот в MMORPG не играл, только жене через плечо посматривал. Тем не менее, когда я читаю все эти описания прокачки навыков, распределения очков опыта и т.д. мне всё понятно.
X-Post to LJ
globalizing the intifada in NY
Jun. 25th, 2025 01:33 pmstasТак чо, Нью-Йоркские демократы таки выбрали себе кандидатом в мэры анархо-социалиста и бойца джихада Мамдани. Учитывая, что там больше миллиона евреев и 2/3 из них - демократы, это как-то особо впечатляет. Я не знаю, кто там у них считается лидером, но интересно было бы узнать их мнение по этому поводу. Они согласны с хамасником Мамдани по всем вопросам, возмущены таким плевком в рожу со стороны партии, или просто ожидают загрузки очередной прошивки?
Лично моя же позиция - чем хуже, тем лучше. Демпартия уже давно перешла ту грань, когда там ещё можно было видеть какие-то конструктивные силы, и чем большему количеству страданий, издевательств и разрушений они подвергают свои собственные эпицентры и свой электорат, тем лучше. Тем, кому это не нравится, остаётся проголосовать ногами - это не из России в Америку уехать, виза не нужна, язык учить не нужно, жизнь за пределами Нью-Йорка и Сан-Франциско вполне есть. Ну или расслабиться и получать удовольствие.
Лично моя же позиция - чем хуже, тем лучше. Демпартия уже давно перешла ту грань, когда там ещё можно было видеть какие-то конструктивные силы, и чем большему количеству страданий, издевательств и разрушений они подвергают свои собственные эпицентры и свой электорат, тем лучше. Тем, кому это не нравится, остаётся проголосовать ногами - это не из России в Америку уехать, виза не нужна, язык учить не нужно, жизнь за пределами Нью-Йорка и Сан-Франциско вполне есть. Ну или расслабиться и получать удовольствие.
Опять мегафон колбасит
Jun. 24th, 2025 12:38 pmvitus_wagnerНу ладно когда не работает нестандартный порт 8448. Но когда не проходят (вернее зависают после первых нескольких килобайт) TLS соединения на порт 993 и аналогично starttls на порт 143 - это уже за пределами бобра и осла. Попасть в собственный почтовый ящик получается только через веб-интерфейс (благо в прошлом году я не поленился попатчить ciderwebmail и его поставил) либо через ssh -D и socksify.
Why is there no consistent single signon API flow?
Jun. 23rd, 2025 10:36 pmmjg59Single signon is a pretty vital part of modern enterprise security. You have users who need access to a bewildering array of services, and you want to be able to avoid the fallout of one of those services being compromised and your users having to change their passwords everywhere (because they're clearly going to be using the same password everywhere), or you want to be able to enforce some reasonable MFA policy without needing to configure it in 300 different places, or you want to be able to disable all user access in one place when someone leaves the company, or, well, all of the above. There's any number of providers for this, ranging from it being integrated with a more general app service platform (eg, Microsoft or Google) or a third party vendor (Okta, Ping, any number of bizarre companies). And, in general, they'll offer a straightforward mechanism to either issue OIDC tokens or manage SAML login flows, requiring users present whatever set of authentication mechanisms you've configured.
This is largely optimised for web authentication, which doesn't seem like a huge deal - if I'm logging into Workday then being bounced to another site for auth seems entirely reasonable. The problem is when you're trying to gate access to a non-web app, at which point consistency in login flow is usually achieved by spawning a browser and somehow managing submitting the result back to the remote server. And this makes some degree of sense - browsers are where webauthn token support tends to live, and it also ensures the user always has the same experience.
But it works poorly for CLI-based setups. There's basically two options - you can use the device code authorisation flow, where you perform authentication on what is nominally a separate machine to the one requesting it (but in this case is actually the same) and as a result end up with a straightforward mechanism to have your users socially engineered into giving Johnny Badman a valid auth token despite webauthn nominally being unphisable (as described years ago), or you reduce that risk somewhat by spawning a local server and POSTing the token back to it - which works locally but doesn't work well if you're dealing with trying to auth on a remote device. The user experience for both scenarios sucks, and it reduces a bunch of the worthwhile security properties that modern MFA supposedly gives us.
There's a third approach, which is in some ways the obviously good approach and in other ways is obviously a screaming nightmare. All the browser is doing is sending a bunch of requests to a remote service and handling the response locally. Why don't we just do the same? Okta, for instance, has an API for auth. We just need to submit the username and password to that and see what answer comes back. This is great until you enable any kind of MFA, at which point the additional authz step is something that's only supported via the browser. And basically everyone else is the same.
Of course, when we say "That's only supported via the browser", the browser is still just running some code of some form and we can figure out what it's doing and do the same. Which is how you end up scraping constants out of Javascript embedded in the API response in order to submit that data back in the appropriate way. This is all possible but it's incredibly annoying and fragile - the contract with the identity provider is that a browser is pointed at a URL, not that any of the internal implementation remains consistent.
I've done this. I've implemented code to scrape an identity provider's auth responses to extract the webauthn challenges and feed those to a local security token without using a browser. I've also written support for forwarding those challenges over the SSH agent protocol to make this work with remote systems that aren't running a GUI. This week I'm working on doing the same again, because every identity provider does all of this differently.
There's no fundamental reason all of this needs to be custom. It could be a straightforward "POST username and password, receive list of UUIDs describing MFA mechanisms, define how those MFA mechanisms work". That even gives space for custom auth factors (I'm looking at you, Okta Fastpass). But instead I'm left scraping JSON blobs out of Javascript and hoping nobody renames a field, even though I only care about extremely standard MFA mechanisms that shouldn't differ across different identity providers.
Someone, please, write a spec for this. Please don't make it be me.
This is largely optimised for web authentication, which doesn't seem like a huge deal - if I'm logging into Workday then being bounced to another site for auth seems entirely reasonable. The problem is when you're trying to gate access to a non-web app, at which point consistency in login flow is usually achieved by spawning a browser and somehow managing submitting the result back to the remote server. And this makes some degree of sense - browsers are where webauthn token support tends to live, and it also ensures the user always has the same experience.
But it works poorly for CLI-based setups. There's basically two options - you can use the device code authorisation flow, where you perform authentication on what is nominally a separate machine to the one requesting it (but in this case is actually the same) and as a result end up with a straightforward mechanism to have your users socially engineered into giving Johnny Badman a valid auth token despite webauthn nominally being unphisable (as described years ago), or you reduce that risk somewhat by spawning a local server and POSTing the token back to it - which works locally but doesn't work well if you're dealing with trying to auth on a remote device. The user experience for both scenarios sucks, and it reduces a bunch of the worthwhile security properties that modern MFA supposedly gives us.
There's a third approach, which is in some ways the obviously good approach and in other ways is obviously a screaming nightmare. All the browser is doing is sending a bunch of requests to a remote service and handling the response locally. Why don't we just do the same? Okta, for instance, has an API for auth. We just need to submit the username and password to that and see what answer comes back. This is great until you enable any kind of MFA, at which point the additional authz step is something that's only supported via the browser. And basically everyone else is the same.
Of course, when we say "That's only supported via the browser", the browser is still just running some code of some form and we can figure out what it's doing and do the same. Which is how you end up scraping constants out of Javascript embedded in the API response in order to submit that data back in the appropriate way. This is all possible but it's incredibly annoying and fragile - the contract with the identity provider is that a browser is pointed at a URL, not that any of the internal implementation remains consistent.
I've done this. I've implemented code to scrape an identity provider's auth responses to extract the webauthn challenges and feed those to a local security token without using a browser. I've also written support for forwarding those challenges over the SSH agent protocol to make this work with remote systems that aren't running a GUI. This week I'm working on doing the same again, because every identity provider does all of this differently.
There's no fundamental reason all of this needs to be custom. It could be a straightforward "POST username and password, receive list of UUIDs describing MFA mechanisms, define how those MFA mechanisms work". That even gives space for custom auth factors (I'm looking at you, Okta Fastpass). But instead I'm left scraping JSON blobs out of Javascript and hoping nobody renames a field, even though I only care about extremely standard MFA mechanisms that shouldn't differ across different identity providers.
Someone, please, write a spec for this. Please don't make it be me.
линки недели - 540
Jun. 23rd, 2025 07:07 pmstasДля нашего же блага
1. Seattle officials had no plans to honor religious exemption on Covid vax mandate, ignored fake vax card allegations
2. Justices’ financial disclosures reveal Justice Jackson earned over $2 million in book advances
If you don't figure it out, these are bribes. Unless she's the next Rowling - which she is not - the reason for those is the same as the reason to buy Hunter's "art".
3. Why leftists love trains?
4. California does not want faster vote counting because it would cost extra $110K.
Yes, not 110 billions, not 110 millions - 110 thousands of dollars. They don't have this kind of money, turns out.
5. Whole Foods Market location closes in Seattle as city sees retail exodus
Хипстеры-буденовцы эволюционируют в антифу, а антифа с бизнесом несовместима. Буденовские корпорации учат это через матумбу.
6. Obama: Distinguishing Between Fact And Opinion Will Require Government Constraints, "We Don't Want A Diversity Of Facts"
Только правительство - и только под управлением демократов, конечно! - может отличить правду от лжи. И уж когда оно отличит - никому не будет позволено это оспаривать. У меня даже если отличное название для организации, которая это обеспечит - Министерство Правды.
7. U. Oregon to pay $191,000 after blocking conservative professor on Twitter
Так и надо.
8. AOC: "We're going to have to figure out how we reign in the media"
You don't, you little fascist.
9. Shocking poll shows Zohran Mamdani overtaking Andrew Cuomo in NYC’s ranked choice primary
Похоже, нью-йоркцы желают исламо-коммунизма. Ебанулись на отличненько. Впрочем, может и поллы врут.
Dozens of swastikas
10. “Execute Zionists”: Sydney Professor’s Shocking Tweet Triggers Investigation. “Fuck sanctions, I want Zionists executed like we executed Nazis" said Fahad Ali.
Who the fuck are "we"? Arabs were allies of Hitler.
Граница на замке
11. Every seat in the waiting area of Glenn Valley Foods was occupied with people filling out job applications early Thursday afternoon, two days after the meatpacking plant became the center of the largest worksite immigration raid in the state.
What a surprise, turns out Americans want those jobs, if only you let them. It's almost like The Experts (TM) lied to us again.
12. 53% of Hispanic voters back Trump's mass deportation policy: LAW poll
Surprise, a lot of normies don't want to live in a shithole.
13. A graduate student in Spanish and gender studies is worried she will not be able to finish her 11th year of college here in America due to the president’s immigration policies.
Oh noes, what we will do without they/them? She's threatening revenge though:
As a result of her fear, D’Angelo “told her friends she would mail them her notebooks of poems if she had to go back to Venezuela”.
Bukele, you are our only hope!
14. Mexicans in Mexico are protesting against Central American immigrants invading their country.
I think they need to stop being racist and give them free healthcare and welfare, while ignoring any criminal activity.
15. SCOTUS Hands Big Immigration Win to Trump Administration
Third-country removal is now permitted again.
Нас бережёт
16. In August, 2020 The FBI had documents detailing how the CCP created fake ID’s to cast fake mail-in ballots for Biden and then FBI Director Chris Wray covered it up then testified there were no plots of foreign interference ahead of the 2020 election
Let me also ask this: is CCP the only organization on the planet who has the technology of making fake IDs?
17. 'Innocent bystander' shot dead by 'peacekeepers' during 'No Kings' protest in Salt Lake City
Mostly peacekeepers. A little murderers.
18. Crickets from J6 Fanatics as Anti-Trump Protesters Breach Barricades, Rush US Capitol
Это же Совсем Другое Дело!
19. We attempted to arrest FUGITIVE & CHILD RAPIST Jose Reyes Leon-Deras with help from the FBI June 20. During our surveillance of this Salvadoran wanted for child rape in Italy, members of Colorado Rapid Response arrived on scene and ALERTED him to law enforcement’s presence which allowed him to escape arrest.
This is a felony. These people need to go to jail.
Trans-Qaeda
20. Crazy Bluesky Leftists Throw Tantrum Over SCOTUS Saving Kids from Scalpels
Bluehair was supposed to be twitter, but without hate - so of course it's full of calls to murder Republicans and SCOTUS judges each time they do something bluehairs don't like.
21. The document that reveals the remarkable tactics of trans lobbyists
Culture war
22. Federal bill would defund medical schools that ‘force’ DEI on students
23. Man in Rhode Island was arrested after he allegedly made a skid mark on a Pride Rainbow crosswalk.
So you understand - burning half of the city down is "mostly peaceful", but making a tiny mark on sacred symbols of wokism is a grave criminal offense.
24. The FBI cited the SPLC in its anti-Catholic memo and now it appears the SPLC was helping train federal prosecutors on “hate crimes.”
Civility and decency
25. Protestors in LA set up a guillotine to simulate beheading Trump.
Mostly peacefully of course.
Лучшие люди города
26. Former Sen. Bob Menendez reports to prison for 11-year sentence
A chair of the Senate Foreign Relations Committee. Completely corrupt. And what's interesting, nobody gives a shit. It's pretty much expected by now.
27. Gavin Newsom was at Napa Valley wine tasting during LA anti-ICE riots: report
У него это, похоже, рефлекторно - чуть что, сразу в Напу и бухать там. Может, его можно насовсем там оставить?
28. Matt Gaetz, оказывается, полнейший ебанько.
А не полез бы учить Израиль демократии, возможно, этот печальный факт удалось бы скрыть.
29. Zohran Mamdani thinks the NYPD should be removed specifically from high-crime areas. He says that’s as mayor, he’d replace cops with social workers—and turn the subway into a network of homeless shelters.
По крайней мере он ничего не скрывает, нью-йоркцы знают, за что голосуют, нельзя сказать, что их не предупреждают.
Беспристрастная пресса
30. On FathersDay, it’s crucial to recognize the importance of mothers, writes Mark Bulgutch.
Can there be one day without woke "well, akshually..."? Nope, no can do.
31. Whoopi, Hostin: It’s Worse to Be Black in America Than Live in Iran
Well, I think there's an easy solution for them.
32. The guy who used to work for Al Jazeera but now works for WaPo is posting the exact coordinates of successful Iranian missile strikes in Israel after Israel warned not to do this because it helps Iran to configure their missile accuracy.
WaPo is in war on the side of Iran, to nobody's surprise.
33. Sunny Hostin Has Regrets for Actually Asking Kamala a Question and Tanking Her Campaign
Партийная пропагандистка случайно спросила Камалу вопрос, к которому она не была готова (это было нетрудно, все вопросы, кроме "как вам удаётся быть такой замечательной?!" - таковы). И теперь всю оставшуюся жизнь и карьеру "независимой обьективной журналистки" об этом сожалеет.
34. New York Magazine’s Intelligencer: “Damage from Israel’s strike on Ramat Gan in Iran”
The brain - or the thing that replaces it for a "journalist" - is trained to recognize patterns. Damage, from strike? Israel is to blame, somebody on Muslim side is a victim. Can't be otherwise. Ramat Gan? Must be some poor Iranian village attacked by those cruel Zionists.
Международная панорама
35. В Тегеране прекратил работу центральный водопровод, власти обвиняют Израиль
Ну дык, если в кране нет воды... а чего вы ожидали-то?
36. It’s so weird being Iranian right now, scrolling through my feed and seeing all my fellow Iranians praying for freedom, and seeing every white leftist & terror sympathizer praying the oppressor wins… “for humanity.”
Потому что, как обычно, левые срать хотели на иранцев и чего они хотят. Они просто ненавидят Запад и всё, что идеологически связано с Западом, соответственно в борьбе Запада с Ираном, Иран - это для них хорошая сторона.
37. The Biden government sought to control social media speech in every country it sought to control elections. The 2022 Brazil election case study is perhaps the clearest and most shockingly extensive example.
38. LA Sheriff posts condolences for Iran bombing 'victims'—deletes after backlash
Буденовцам просто ужасно чешется повоевать - на любой стороне, за кого угодно, лишь бы против Америки.
39. Iran's atomic body condemns American assault on nuclear sites, vows legal action
Ну, я говорил вам, судья Боaсберг ещё своё слово скажет! Трамп не уйдёт от справедливого суда!
Технология
40. Huge repository of information about OpenAI and Altman just dropped — 'The OpenAI Files'.
Altman looks pretty shady.
Старомыслы не нутрят ангсоц
41. Exclusive: Harvard Law Review Axes 85 Percent of Submissions Using Race-Conscious Rubric, Documents Show
Is there still any science in there, or pure racism is all that left?
SLC
Jun. 21st, 2025 09:38 pmstasОбьясните мне кто-то, что за хуйня происходит в Солт-Лейк Сити, а то я что-то нифига не понимаю. На антфовской демонстрации, один антифовец принимает другого антифовца за террориста... нет, не так, у них там каждый второй террорист, за деплорабля, вот - и открывает стрельбу. Два человека ранены, один (тоже антифовец, естественно) убит. Стрелок не арестован, соросёнок-прокурор отказывается открывать дело. Вообще никто об этом ничего не говорит (ну, Шарлотсвиль, да? ну хоть 1/100 от этого?). Никого вообще это не волнует. Это теперь нормальное дело, житейское?
Персия II. Бомбардировка Фордо
Jun. 21st, 2025 09:42 pmarbat( Изоляционизм )
( На чем сердце успокоится )
( Дипломатия )
( Была ли бомба )
( П.С. Об Яшу )
( П.С. Россия )
( На чем сердце успокоится )
( Дипломатия )
( Была ли бомба )
( П.С. Об Яшу )
( П.С. Россия )
Crosspost: https://arbat.livejournal.com/1175846.html
Vance Boelter
Jun. 21st, 2025 08:42 pmstasIn a rambling, conspiratorial letter addressed to the FBI, alleged assassin Vance Boelter claimed Gov. Tim Walz instructed him to kill U.S. Sen. Amy Klobuchar so that Walz could run for the U.S. Senate, according to two people familiar with the contents of the letter.
Ну то есть явный трампист, кто ещё может такое написать? Понятно, теперь, почему манифест куда-то запропал и вообще как-то эту тему стали по-быстрому заминать. Народу не нужны нездоровые сенсации.
Ну то есть явный трампист, кто ещё может такое написать? Понятно, теперь, почему манифест куда-то запропал и вообще как-то эту тему стали по-быстрому заминать. Народу не нужны нездоровые сенсации.
горячие новости
Jun. 21st, 2025 08:32 pmstasFederal judge James Boasberg issued an emergency temporary restraining order demanding US government to rebuild Iranian nuclear installations in Fordow, Natanz and Isfahan.
как по нотам
Jun. 21st, 2025 07:46 pmstasТрампушка однако чему-то у Израиля научился. Как решил вьебать по аятоллам, то не стал писать заранее предупреждение в Социальную Правду, а наоборот, сказал, подумаю недельки две, потом решу. Аятоллы булки расслабили, дескать уж две недельки у нас знамо есть, а там может и дальше потянем, а тем временем бомбардировщики уже вылетели. Молодец, как по нотам разыграл.
My a11y journey
Jun. 20th, 2025 01:11 ammjg5923 years ago I was in a bad place. I'd quit my first attempt at a PhD for various reasons that were, with hindsight, bad, and I was suddenly entirely aimless. I lucked into picking up a sysadmin role back at TCM where I'd spent a summer a year before, but that's not really what I wanted in my life. And then Hanna mentioned that her PhD supervisor was looking for someone familiar with Linux to work on making Dasher, one of the group's research projects, more usable on Linux. I jumped.
The timing was fortuitous. Sun were pumping money and developer effort into accessibility support, and the Inference Group had just received a grant from the Gatsy Foundation that involved working with the ACE Centre to provide additional accessibility support. And I was suddenly hacking on code that was largely ignored by most developers, supporting use cases that were irrelevant to most developers. Being in a relatively green field space sounds refreshing, until you realise that you're catering to actual humans who are potentially going to rely on your software to be able to communicate. That's somewhat focusing.
This was, uh, something of an on the job learning experience. I had to catch up with a lot of new technologies very quickly, but that wasn't the hard bit - what was difficult was realising I had to cater to people who were dealing with use cases that I had no experience of whatsoever. Dasher was extended to allow text entry into applications without needing to cut and paste. We added support for introspection of the current applications UI so menus could be exposed via the Dasher interface, allowing people to fly through menu hierarchies and pop open file dialogs. Text-to-speech was incorporated so people could rapidly enter sentences and have them spoke out loud.
But what sticks with me isn't the tech, or even the opportunities it gave me to meet other people working on the Linux desktop and forge friendships that still exist. It was the cases where I had the opportunity to work with people who could use Dasher as a tool to increase their ability to communicate with the outside world, whose lives were transformed for the better because of what we'd produced. Watching someone use your code and realising that you could write a three line patch that had a significant impact on the speed they could talk to other people is an incomparable experience. It's been decades and in many ways that was the most impact I've ever had as a developer.
I left after a year to work on fruitflies and get my PhD, and my career since then hasn't involved a lot of accessibility work. But it's stuck with me - every improvement in that space is something that has a direct impact on the quality of life of more people than you expect, but is also something that goes almost unrecognised. The people working on accessibility are heroes. They're making all the technology everyone else produces available to people who would otherwise be blocked from it. They deserve recognition, and they deserve a lot more support than they have.
But when we deal with technology, we deal with transitions. A lot of the Linux accessibility support depended on X11 behaviour that is now widely regarded as a set of misfeatures. It's not actually good to be able to inject arbitrary input into an arbitrary window, and it's not good to be able to arbitrarily scrape out its contents. X11 never had a model to permit this for accessibility tooling while blocking it for other code. Wayland does, but suffers from the surrounding infrastructure not being well developed yet. We're seeing that happen now, though - Gnome has been performing a great deal of work in this respect, and KDE is picking that up as well. There isn't a full correspondence between X11-based Linux accessibility support and Wayland, but for many users the Wayland accessibility infrastructure is already better than with X11.
That's going to continue improving, and it'll improve faster with broader support. We've somehow ended up with the bizarre politicisation of Wayland as being some sort of woke thing while X11 represents the Roman Empire or some such bullshit, but the reality is that there is no story for improving accessibility support under X11 and sticking to X11 is going to end up reducing the accessibility of a platform.
When you read anything about Linux accessibility, ask yourself whether you're reading something written by either a user of the accessibility features, or a developer of them. If they're neither, ask yourself why they actually care and what they're doing to make the future better.
The timing was fortuitous. Sun were pumping money and developer effort into accessibility support, and the Inference Group had just received a grant from the Gatsy Foundation that involved working with the ACE Centre to provide additional accessibility support. And I was suddenly hacking on code that was largely ignored by most developers, supporting use cases that were irrelevant to most developers. Being in a relatively green field space sounds refreshing, until you realise that you're catering to actual humans who are potentially going to rely on your software to be able to communicate. That's somewhat focusing.
This was, uh, something of an on the job learning experience. I had to catch up with a lot of new technologies very quickly, but that wasn't the hard bit - what was difficult was realising I had to cater to people who were dealing with use cases that I had no experience of whatsoever. Dasher was extended to allow text entry into applications without needing to cut and paste. We added support for introspection of the current applications UI so menus could be exposed via the Dasher interface, allowing people to fly through menu hierarchies and pop open file dialogs. Text-to-speech was incorporated so people could rapidly enter sentences and have them spoke out loud.
But what sticks with me isn't the tech, or even the opportunities it gave me to meet other people working on the Linux desktop and forge friendships that still exist. It was the cases where I had the opportunity to work with people who could use Dasher as a tool to increase their ability to communicate with the outside world, whose lives were transformed for the better because of what we'd produced. Watching someone use your code and realising that you could write a three line patch that had a significant impact on the speed they could talk to other people is an incomparable experience. It's been decades and in many ways that was the most impact I've ever had as a developer.
I left after a year to work on fruitflies and get my PhD, and my career since then hasn't involved a lot of accessibility work. But it's stuck with me - every improvement in that space is something that has a direct impact on the quality of life of more people than you expect, but is also something that goes almost unrecognised. The people working on accessibility are heroes. They're making all the technology everyone else produces available to people who would otherwise be blocked from it. They deserve recognition, and they deserve a lot more support than they have.
But when we deal with technology, we deal with transitions. A lot of the Linux accessibility support depended on X11 behaviour that is now widely regarded as a set of misfeatures. It's not actually good to be able to inject arbitrary input into an arbitrary window, and it's not good to be able to arbitrarily scrape out its contents. X11 never had a model to permit this for accessibility tooling while blocking it for other code. Wayland does, but suffers from the surrounding infrastructure not being well developed yet. We're seeing that happen now, though - Gnome has been performing a great deal of work in this respect, and KDE is picking that up as well. There isn't a full correspondence between X11-based Linux accessibility support and Wayland, but for many users the Wayland accessibility infrastructure is already better than with X11.
That's going to continue improving, and it'll improve faster with broader support. We've somehow ended up with the bizarre politicisation of Wayland as being some sort of woke thing while X11 represents the Roman Empire or some such bullshit, but the reality is that there is no story for improving accessibility support under X11 and sticking to X11 is going to end up reducing the accessibility of a platform.
When you read anything about Linux accessibility, ask yourself whether you're reading something written by either a user of the accessibility features, or a developer of them. If they're neither, ask yourself why they actually care and what they're doing to make the future better.