The urinals at my work are terrible, even though I’m 5’10". One is so low that it’s like pissing in a bucket. The other is so high it’s like pissing straight ahead.
Back when they implemented Real ID and forced people to provide real namr and identification for playing the games they paid for, these motherfuckers locked me out of my account for account sharing because someone logged in from another country. That was me, logging in for my lunch break at work, about 1 hour away from home. They demanded I not only gave them my real name, but even send a copy of my passport to them by email. Obviously I refused. I had the original box and the game code, but they didn’t care. There were no other fraud indicators. Just me logging in from work and using a pseudonym. I never got any of my games back. Fuck them
If I had the power to stop time I’d stop it, travel all around the world putting live grenades in the pockets of every type of evil greedy cunt I could find, then start it again and wait for the fireworks to ensue. Every time someone starts making psychopath money again? Suddenly a grenade appears in their pocket. Funding wars, poison and incarceration? Every person with a finger in haliburton or monsanto, turned into red mist at a board meeting. Shareholders, exploding in hot tubs, saudi princes splattered in their shitty lambos. Every jordan belfort wannabe fuckstick exquisitely morphed into charcuterie.
It was originally developed in 2003, just as the hat started to come back. The neck beard meme seems to have come about later in the 2000’s (knowyourmeme.com/memes/fedora-shaming).
I think 0.19 is reverting that behaviour, because it was indeed a certified bad idea.
I think the idea was to attempt to bulletproof potentially crappy clients especially after the XSS incident, but the problem is it’s simply not even always rendered in a web context which makes the processing kind of a pain.
Wouldn’t surprise me if it becomes double and triple encoded too at times because of the federation. Do you encode again or trust that the remote sent you urlencoded data already?
Best format is the original format and transform as late as possible, ideally in clients where there’s awareness of what characters are special. It is in web, not so much in an Android or terminal app.
I don’t think the Lemmy devs are particularly experienced web developers in general. There’s been a fair amount of dubious API design decisions like passing auth as a GET parameter… Thankfully they also fixed that one in 0.19.
Sorry for the late reply, it's been a week... but yeah passing creds in the Get is very bad for multiple reasons. For instance if you pass the creds on a page that contains ads or trackers, they are probably going to store the url AND your credentials and propagate them to a million systems of third parties. That's. Not. Good.
Because then you need to take care everywhere to decode it as needed and also make sure you never double-encode it.
For example, do other servers receive it pre-encoded? What if the remote instance doesn’t do that, how do you ensure what other instances send you is already encoded correctly? Do you just encode whatever you receive, at risk of double encoding it? And generally, what about use cases where you don’t need it, like mobile apps?
Data should be transformed where it needs it, otherwise you always add risks of messing it up, which is exactly what we’re seeing. That encoding is reversible, but then it’s hard to know how many times it may have been encoded. For example, if I type & which is already an entity, do you detect that and decode it even though I never intended to because I’m posting an HTML snippet?
Right now it’s so broken that if you edit a post, you get an editor… with escaped HTML entities. What happens if you save your post after that? It’s double encoded! Now everyone and every app has to make sure to decode HTML entities and it leads to more bugs.
There is exactly one place where it needs to encode, and that’s in web clients, more precisely, when it’s being displayed as HTML. That’s where it should be encoded. Mobile apps don’t care they don’t even render HTML to begin with. Bots and most things using the API don’t care. They shouldn’t have to care because it may be rendered as HTML somewhere. It just creates more bugs and more work for pretty much everyone involved. It sucks.
Now we have an even worse problem is that we don’t know what post is encoded which way, so once 0.19 rolls out and there’s version mismatches it’s going to be a shitshow and may very well lead to another XSS incident.
It still leads to unsolvable problems like, what is expected when two instances federate content with eachother? What if you use a web app to use a third party instance and it spits out unsanitized data?
If you assume it’s part of the API contract, then an evil instance can send you unescaped content and you got an exploit. If you escape it you’ll double escape it from well behaved instances. This applies to apps too: now if Voyager for example starts expecting pre-sanitized data from the API, and it makes an API call to an evil instance that doesn’t? Bam, you’ve got yourself potential XSS. There’s nothing they can do to prevent it. Either it’s inherently unsafe, or safe but will double-escape.
You end up making more vulnerabilities through edge cases than you solve by doing that. Now all an attacker needs to do is find a way to trick you into thinking they have sanitized data when it’s not.
The only safe transport for user data is raw. You can never assume any user/remote input is pre-sanitized. Apps, even web ones, shouldn’t assume the data is sanitized, they should sanitize it themselves because only then you can guarantee that it will come out correctly, and safely.
This would only work if you own both the server and the UI that serves it. It immediately falls apart when you don’t control the entire pipeline from submission to display, and on the fediverse with third party clients and apps and instances, you inherently can’t trust anything.
Sorry for the late reply, but the point is that there is no trivial way to detect whether and how many times something has been encoded. You may end up with multiple levels of encoding in multiple systems and everything becomes untractable. Morever, as i said this doesn't have to be a problem, as you can just decode everything as much as you can BEFORE you put it in the db, as the db can handle all of that by itself. Just let it do its job. Paradoxically, if you use only channels that support utf8 and don't apply any transformation, your data is already perfect as it is. Then it is the job of the client to do what it needs to be able to render properly, but for instance a non-html client shouldn't need to use html libraries to be able to strip html stuff from the text before it can be displayed.
You don’t have to wonder about what the Lemmy devs do and don’t know. They aren’t cloistered or unreachable, you can just join matrix room and talk to them nearly at any time.
The main thing halting progress on the code is time and money. The devs are under strain from the amount of fixes and issues from the sudden burst in lemmy users so they are in an operational mode that isn’t ideal. For my part I’m one of the monthly contributors to the project; Lemmy is community developed software, not corporate.
To be honest it's already incredible that the platform works at all and has all these features. Great job, really! I'm not being sarcastic, it needs improvement but it's a great achievement.
I actually think they’re new school enough where Linux to them means a lot less than it does to us. And so they don’t feel at home on a Linux machine and, unfortunately, don’t care to learn.
I could totally be wrong, though. Maybe I’m the moron.
It’s an isolationist policy. The US military doesn’t have military bases/presences across Europe (and elsewhere) out of the goodness of its heart or to protect Europe. They also do it because their military realises that its much, much better to have bases somewhere where they can strike an international enemy quickly from. It’s a militarily mutually beneficial arrangement.
So, the US would lose that early strike capability. They’d also lose all the intelligence benefits having people on the ground brings with it. Also, should it happen and Europe was successfully invaded, US businesses would either temporarily or permanently lose access to one of their biggest trade export blocs and a large amount of access to imports too.
Honestly, we shouldn’t consume drugs at all, but to each their one I always say.
However, I completely agree that the ATF should change their policy and prohibit ALL gun sales without a US identification and simple background check at least.
You could put giant billboards warning for the risk and it would still become a recurring event. Even if it said “warning: this is capable of grinding a human being to pulp”.
I’ve heard of it posted on high voltage electrical panels, but never seen it myself (I’m not an electrician). I don’t know if I got the wording exactly right, but it sounds good.
I’d imagine it’s got weight and pressure sensors, so I don’t think a person would get very far. I can definitely see the mechanism getting jammed by garbage or some shit, especially if someone’s trying to jam it.
US here… it has less to do with the 1% being fucking morons and more to do with the only infrastructure we actually pay any attention to is cars. Sure we’re having a bit of a bicycle revolution but at least in my area the bikes aren’t being used for transport but for fun, but then that’s with a metro that’s sprawling with a city that’s only 100 sq miles smaller than NYC, with 8,000,000 less people in it. Add that the auto companies were allowed to buy out things like the streetcar that was local and able to tear up the tracks to get rid of competition, it really isn’t a shocker.
But we’re now stuck in a cyclical spiral, of no investment for things like this are happening because it’s not seen as profitable enough. Which means a constant problem of using something like a bike for commuting is “But then I have nowhere I can put my bike where it won’t get fucked with.” so people don’t commute with it, which leads to no investment to the infrastructure.
I always call it FaceBook Inc. It’s absurd that that shit has always gone right past everyones observation. Prolly still clicking because upon seeing it you’re ass will do the denial your damn self instead of reading it upside down: zero responsibility for maintenance of spying products handle when a corporation is doing the gig and not the gorramn government.
I never liked Twitter that much to begin with, but it’s definitely not the same thing as it used to be. I’m fine with calling it X instead of Twitter because of that. X is a stupid name for a stupid social media platform. It’s fitting. It’s definitely not Twitter anymore, which ever way you want to look at it.
The following comment is NSFW and n=1 and also I wouldn’t post it if I wasn’t anonymous so here goes. Don’t keep reading if you’re easily grossed out. Content warning; urine.
Knowing that I had lost my sense of taste from covid, I reviewed the things I could do that not having a sense of taste might benefit from, and I asked my boyfriend (who I’m aware has a mild watersports fetish) if he’d like to take advantage of my lack of sense of taste…
And he did.
And later that night, shortly after our experiment, my sense of taste came back! I don’t know if it’s a revolutionary treatment for Covid, but if you’re desperate…
That is not what I have observed. I do kinda wonder sometimes however
Me: right so we said we would be there by 630. If we leave within the next five minutes we should be there at 6:25
Wife: it’s fine
Me: just you know we could leave now and no one has to have any anxiety about being late.
Wife: they aren’t going to care
Me: true they won’t really care that much but we did say 6:30. Wouldn’t it be nice to not be worried? Like what if we make a wrong turn and have to double back? We would still be on time if we left now.
Right??? Like wtf I thought everyone just thought about how everything could go wrong all the time. You mean people do things and expect to succeed instead of expect to fail??? This is legitimately wild to me.
I wish I could do that. Currently I’m trying to start a bussines, but my mind just keeps coming up with the most unlikely terrible scenarios that might happen and convincing me to never try anything new so that I can’t fuck it up.
asklemmy
Top
This magazine is from a federated server and may be incomplete. Browse more on the original instance.