The reason he can’t go to the bank because he have take enough loan and can’t take anymore. He said I can make money by apply for loan against property, and loan to him and pocket the different.
It seem that he want to take more loan than the bank want to give him.
That’s not how that works. For a business, if he can show the bank his business plan, they’ll loan him whatever they think he can afford to pay, and at a lot better rate than 15%. The fact that the bank isn’t suggests they think he’s full of shit.
So he wants you to take a loan out using your property as collateral to invest in his business? And if he doesn’t get you the promised return, what do you think happens to your collateral when you can’t pay back your loan?
He said I can make money by apply for loan against property, and loan to him and pocket the different.
You never give loans to someone that you're not completely prepared to write off. You absolutely don't give loans with loans (unless you're a bank and getting those loans from a central bank, which I doubt you are).
I think 0.19 is reverting that behaviour, because it was indeed a certified bad idea.
I think the idea was to attempt to bulletproof potentially crappy clients especially after the XSS incident, but the problem is it’s simply not even always rendered in a web context which makes the processing kind of a pain.
Wouldn’t surprise me if it becomes double and triple encoded too at times because of the federation. Do you encode again or trust that the remote sent you urlencoded data already?
Best format is the original format and transform as late as possible, ideally in clients where there’s awareness of what characters are special. It is in web, not so much in an Android or terminal app.
I don’t think the Lemmy devs are particularly experienced web developers in general. There’s been a fair amount of dubious API design decisions like passing auth as a GET parameter… Thankfully they also fixed that one in 0.19.
Sorry for the late reply, it's been a week... but yeah passing creds in the Get is very bad for multiple reasons. For instance if you pass the creds on a page that contains ads or trackers, they are probably going to store the url AND your credentials and propagate them to a million systems of third parties. That's. Not. Good.
Because then you need to take care everywhere to decode it as needed and also make sure you never double-encode it.
For example, do other servers receive it pre-encoded? What if the remote instance doesn’t do that, how do you ensure what other instances send you is already encoded correctly? Do you just encode whatever you receive, at risk of double encoding it? And generally, what about use cases where you don’t need it, like mobile apps?
Data should be transformed where it needs it, otherwise you always add risks of messing it up, which is exactly what we’re seeing. That encoding is reversible, but then it’s hard to know how many times it may have been encoded. For example, if I type & which is already an entity, do you detect that and decode it even though I never intended to because I’m posting an HTML snippet?
Right now it’s so broken that if you edit a post, you get an editor… with escaped HTML entities. What happens if you save your post after that? It’s double encoded! Now everyone and every app has to make sure to decode HTML entities and it leads to more bugs.
There is exactly one place where it needs to encode, and that’s in web clients, more precisely, when it’s being displayed as HTML. That’s where it should be encoded. Mobile apps don’t care they don’t even render HTML to begin with. Bots and most things using the API don’t care. They shouldn’t have to care because it may be rendered as HTML somewhere. It just creates more bugs and more work for pretty much everyone involved. It sucks.
Now we have an even worse problem is that we don’t know what post is encoded which way, so once 0.19 rolls out and there’s version mismatches it’s going to be a shitshow and may very well lead to another XSS incident.
It still leads to unsolvable problems like, what is expected when two instances federate content with eachother? What if you use a web app to use a third party instance and it spits out unsanitized data?
If you assume it’s part of the API contract, then an evil instance can send you unescaped content and you got an exploit. If you escape it you’ll double escape it from well behaved instances. This applies to apps too: now if Voyager for example starts expecting pre-sanitized data from the API, and it makes an API call to an evil instance that doesn’t? Bam, you’ve got yourself potential XSS. There’s nothing they can do to prevent it. Either it’s inherently unsafe, or safe but will double-escape.
You end up making more vulnerabilities through edge cases than you solve by doing that. Now all an attacker needs to do is find a way to trick you into thinking they have sanitized data when it’s not.
The only safe transport for user data is raw. You can never assume any user/remote input is pre-sanitized. Apps, even web ones, shouldn’t assume the data is sanitized, they should sanitize it themselves because only then you can guarantee that it will come out correctly, and safely.
This would only work if you own both the server and the UI that serves it. It immediately falls apart when you don’t control the entire pipeline from submission to display, and on the fediverse with third party clients and apps and instances, you inherently can’t trust anything.
Sorry for the late reply, but the point is that there is no trivial way to detect whether and how many times something has been encoded. You may end up with multiple levels of encoding in multiple systems and everything becomes untractable. Morever, as i said this doesn't have to be a problem, as you can just decode everything as much as you can BEFORE you put it in the db, as the db can handle all of that by itself. Just let it do its job. Paradoxically, if you use only channels that support utf8 and don't apply any transformation, your data is already perfect as it is. Then it is the job of the client to do what it needs to be able to render properly, but for instance a non-html client shouldn't need to use html libraries to be able to strip html stuff from the text before it can be displayed.
You don’t have to wonder about what the Lemmy devs do and don’t know. They aren’t cloistered or unreachable, you can just join matrix room and talk to them nearly at any time.
The main thing halting progress on the code is time and money. The devs are under strain from the amount of fixes and issues from the sudden burst in lemmy users so they are in an operational mode that isn’t ideal. For my part I’m one of the monthly contributors to the project; Lemmy is community developed software, not corporate.
To be honest it's already incredible that the platform works at all and has all these features. Great job, really! I'm not being sarcastic, it needs improvement but it's a great achievement.
We have a friend who does this. To the point of bleeding. It is a recognised medical compulsive disorder condition (a desire for perfect skin so you want to remove the imperfections which makes it worse and so on)
Please do see a doctor. They won’t think badly of you and can help.
i used to pick at the skin on my face as well, it wasn’t much of a body image issue thing in my case but still it was way more convenient and entertaining then focusing on boring class for example thank you for responding and my heart goes out for your friend i hope they’ll find their peace and feel better thank you again and have a lovely day
Recognize your behavioral triggers. Could be anxiety, stress, etc. Try to actively recognize how you’re feeling before you engage in an addictive behavior, and then either do a substitute activity or find ways to (calmly) move your thoughts or feelings to a different place. The key concept is to divert your thinking that produces the addictive behavior.
Just my two cents, not a doctor but have broken an addiction or two.
thank you for response i’ll try my best to be more “conscious” of my habits hopefully i’ll get myself together and make it
congrats on breaking your addictions! maybe it’s not my place to say it but hell you should be proud of yourself cause this shits hard congrats again and have a great day :)
So sorry, dear one. I have had many physical ticks, habits, addictions. Only one has been terribly damaging. I haven’t been able to stop that one, but I have been able to stop some. My technique has been replacing a harmful one with one less harmful. I’m not sure I have specific advice other than to talk to a psychiatrist. In the most stressful time of my life, I managed to stop chewing my nails by taking anti anxiety meds. When life evened out, I didn’t need them anymore (now I am meticulous about nail clipping and filing). I stopped picking at my feet when I got a foot rasp. Using it after baths with just my feet in the tub it felt like I got what I needed without hurting myself. Keep working, but professional help is best.
thank you for taking your time to respond i’ve never considered a foot rasp before but maybe i should really give it a try thank you again have a nice day
Not too good to be true, but too good to be low risk.
15% ROI is definitely possible. Him screwing up and ending up bankrupt is also possible.
The red flag for me is “I know nothing about business” - you can’t judge the risks. You should absolutely not invest money you can’t afford to lose into risky stuff like this. In particular, taking out a loan just to loan the money to your friend would be a really stupid idea, and if he asked you to do that, he either is stupid, reckless, or doesn’t care if you get hurt.
I’d only consider loaning my own money with which I can afford taking the risk, and only if he could plausibly explain what he’s doing, and I felt like I can understand it and be confident that he can pull it off. I’d consider it a high risk investment on par with cryptocurrencies.
Given that you don’t seem to fully understand and there are other red flags: stay away.
I used to bite my nails. All the way down to the quick. Did that for 20 something years. Finally wanted to stop. I did two things. 1. I became very conscience of when I felt like biting them. 2. I painted them which created a disincentive. After about a month or so, I had no desire to bite.
Maybe get some eczema cream or moisturizer to put on those spots you want to pick at? When you catch yourself doing it, substitute another activity? IDK.
What lasim does is allow you download your account settings. That’s all. So your subscriptions, block lists etc. It doesn’t allow you to transfer posts/comments so yes, your points will be zero on your new account.
If you admin a Community, you can’t transfer that automatically either.
Lemmy doesn’t display your score anyways except for individual posts/messages. Atleast not the web view.
I truly don’t get why it matters. On reddit I made a new account once a year or so anyways and on Lemmy I’ve got like 6 of these. I never paid any attention to my or anyone else’s karma either.
I like the idea and message of the first one except that I used to have an absolute asshole of a neighbor who drove a heep-ed out Wrangler with a spare tire cover which had the phrase on it. I can’t separate any longer.
asklemmy
Active
This magazine is from a federated server and may be incomplete. Browse more on the original instance.