Pew pew pew

I wish that I had caught this in time to reply with Woman 2 Woman by Urge Overkill

Everything Wordpress is heavily infested with that. However you don't have to let it impact you -- it kind of looks to me like they pressure commercial vendors to put their stuff under the GPL if they're wanting to offer a free version, so there's a robust ecosystem of actually-FOSS tooling for it. My experience has been that it's always worked pretty well in practice; you just have to keep your nope-I'm-not-paying-for-your-paid-version goggles firmly affixed. (Also, side note, GPT does an excellent job of writing little functions.php snippets for you to enable particular custom functionality for your Wordpress install when you need it.)

Wordpress 1,000% (probably coupled with WooCommerce but there are probably some other options)

I honestly don't even know off the top of my head why you would use anything else (aside from some vague elitism connected to the large ecosystem of commercial crap which has tainted by association the open source core of it) -- it combines FOSS + easy + powerful + popular. You will have to tiptoe around some amount of crapware in order to keep it pure OSS though.

What the HECK man?

There's an underlying problem IMO with all Fediverse software and instances, in that because it's made available for free, people get entitled, moderators and admins are obligated to sort of do volunteer work on behalf of people who haven't earned it in order for any of the thing to work, which naturally leads to a inexhaustible wellspring of negative energy because the whole thing isn't right.

I saw the posts of Ruud asking for people to basically interview for a part time admin position and do a job which for skills and time investment is worth from $50k/yr-$200k/yr (calibrating for the fact that it's "only" 5-10 hours per week), and all I could think was whoa no no no this isn't the way. Not saying there's anything wrong with people volunteering their time to make available this great thing, but I think undervaluing them when they decide to do that is almost inevitable, which has follow-on effects that manifest in all kinds of ways and lead to things not being the way they should be. Occasional prickly or unfair behavior by mods or admins represent one example of that; comments like this one represent another.

What on earth is hostile about the OP post in any way?

Yeah, this is true. I edited the title.

Also it seems somewhat likely from his video description that he's just ripping off random people from Spotify... I may post some direct links to those people in the future to try to redress the balance.

Yep.

There are two big end-user security decisions that are totally mystifying to me about Lemmy. One is automatically embedding images in comments without rehosting the images, and the other is failing to warn people that their upvotes and downvotes are not actually private.

I'm not trying to sit in judgement of someone who's writing free software but to me those are both negligent software design from an end-user privacy perspective.

If she disagrees with the plan, she better get the fuck off the Trump Train.

If you're on a boat where there's a mutiny, you can't really be halfway in the mutiny but also hedging your bets saying you don't agree with everything the mutineers are doing. The outcome is going to be one or the other.

Of note about this is that image links in comments aren't rehosted by Lemmy. That means it would be possible to flood a community with images hosted by a friendly or compromised server, and gather a lot of information about who was reading that community (how many people, and all their IP address and browser fingerprint information, to start with) by what image requests were coming in kicked off by people seeing your spam.

I didn't look at the image spam in detail, but if I'm remembering right the little bit of it I looked at, it had images hosted by lemmygrad.ml (which makes sense) and czchan.org (which makes less sense). It could be that after uploading the first two images to Lemmygrad they realized they could just type the Markdown for the original hosting source for the remaining three, of course.

It would also be possible to use this type of flood posting as a smokescreen for a more targeted plan of sending malware-infected images, or more specifically targeted let's-track-who-requests-this-image-file images, to a more limited set of recipients.

Just my paranoid thoughts on the situation.

Yeah. I think it's moderately likely that I'll try to produce a little command-line tool that can do it effectively for deeply nested directories, with some attempt at making it cross platform. To me it's kind of weird that there's no stock solution existing to this problem. I get that it's actually a deceptively difficult problem to solve for a couple of different reasons, but that's no reason to pass the difficulty on to the programmer instead of just presenting a clean and nice interface.

Update: I looked around for something already-existing, and found watchman and fswatch... IDK, maybe I'll try to talk one of them into letting me write an fanotify backend for those tools instead. It seems like it's purely just a Linux issue, and everything is simple on BSD/Mac/Windows, so maybe I'm just lucky.

I think inotify's limit is per system... and even if it wasn't, why would I want to take on the artificial challenge of keeping up with making sure all the watchers are set on the right directories as things change, instead of just recursively monitoring the whole directory? The whole point of asking the question was "hey can something do this for me" as opposed to "hey I'd like the opportunity to code up for myself a solution to this problem." 🙂

Just looking briefly it looks like it uses inotify (which definitely won't work; I don't have a super heavy write load but I have a total of 124,000 subdirectories to monitor) or can fall back to polling (which I could do myself without having to involve a library).

Why this app is constructed to store its stuff in 124,000 subdirectories is a separate issue but one that I can't immediately snap my fingers and make go away, unfortunately.

If it makes you feel any better, I'm watching them with an ad blocker and not currently paying for premium, so it's costing Google money every time I put this on.

In general I sorta agree with you; do you know of a genuinely libre source that has a wide variety of music available?

Ads? Or just principle?

I have no real idea with Navalnvy, and only dim memories of news reports about Magnitsky which went into a little more detail, but I'll tell you how I assume it operates: It's basically mistreatment to the point that it'll kill you, just slowly. Your cell's cold all the time, in the arctic winter with no blankets. You get bad food and bad sleep and beatings and no medical care of any kind. Once your body starts to malfunction (Magnitsky started having kidney failure), they go on beating you severely enough to cause additional organ damage, but then just continue to put you in your cell day after day with no medicine. Basically, you're going to die, but they're drawing the process out enough that it's indirectly, because of "medical issues" related to what they're doing to you, instead of just from blunt force trauma or something. So it's incredibly painful and long and drawn-out, a slow death of constant suffering from which you can't escape or get any relief.

Just like them, it slaps.

Yeah, Hania Rani is good on a level that doesn't even really make sense. I don't understand how she's so good. It's honestly unreal.

Glad to have introduced her.

Yeah, that's universally my expectation when dealing with these systems. I was already queuing up my complaining-fingers when I pasted the error message to it, expecting it to refer me to some unrelated and useless documentation and make it a little more difficult for me to talk with a human (who might, 50/50, know how to solve the problem). I was not in any capacity expecting it to ask relevant questions and use them to identify the problem, tailor the link it was sending me according to what I needed to download, and then give me the link and tell me how to use it. Astounding.

Also he tried to kill his own vice president when he didn't do what Trump wanted, committed multiple rapes, and said he is above the law.

I feel like that kind of thing should get mentioned more often whenever someone starts comparing candidates. It's like that Batman comic where they elected The Joker mayor.

Not a map, but things I've seen on the roads in Boston:

• Left turn only from left lane, straight or left from 2nd lane, straight or left from 3rd lane
• Green light and perpendicular traffic coming to me on the cross street, also going, because they also have a green light
• Two lanes, surprise! Lane markers go away it's one lane, not defined who yields, you guys can work it out

Headline’s a little misleading; the thrust of the story is that every search engine is getting worse under the absolutely crushing weight of SEO gaming the system, and they note:

Google's targeting of SEO and affiliate spam appears to be the most effective, the team found.

Not since late last year they’re not. They spent early 2023 winning back the north of the country, then had a summer counteroffensive which captured essentially 0 of the East, then over winter they got nothing in terms of the ammunition and weapons aid they’d need to have to fight against an opponent which can outproduce them 20:1. They’re now desperately trying to hold the front line even though after 3 months of nothing they’re basically out of ammunition.

The big aid packages out of the US and EU are stalled apparently indefinitely. There’s that little package from the UK which hopefully will help a little, but unless the GOP stops being compromised by Russia sometime soon, it seems like they might be in real trouble.

Hopefully this time they’ll stay there.

"You want my honest opinion? I don't think there's no solution."

For some reason the way he said it hit me really hard.

Surely all the people who wanted Nazis off Substack will also celebrate the ban on the Hamas flag

Oh wait, the Israeli government is very clearly promoting a violent ideology as well... we need to... outlaw the Israeli flag?

Oh wait

Hang on

Mozilla/5.0 (Android 10; Mobile; rv:121.0) Gecko/121.0 Firefox/121.0.

I just did a bunch of testing. The issue is that final version number, "Firefox/121.0". Google returns very different versions of the page based on what browser you claim to be, and if you're on mobile Firefox, it gives you different mobile versions depending on your version:

% wget -O - -nv -U 'Mozilla/5.0 (Android 10; Mobile; rv:62.0) Gecko/121.0 Firefox/41.0' https://www.google.com/ | wc -c
2024-01-08 15:54:29 URL:https://www.google.com/ [1985] -> "-" [1]
    1985
% wget -O - -nv -U 'Mozilla/5.0 (Android 10; Mobile; rv:62.0) Gecko/121.0 Firefox/62.0' https://www.google.com/ | wc -c
2024-01-08 15:54:36 URL:https://www.google.com/ [211455] -> "-" [1]
  211455
% wget -O - -nv -U 'Mozilla/5.0 (Android 10; Mobile; rv:62.0) Gecko/121.0 Firefox/80.0' https://www.google.com/ | wc -c
2024-01-08 15:52:24 URL:https://www.google.com/ [15] -> "-" [1]
      15
% wget -O - -nv -U 'Mozilla/5.0 (Android 10; Mobile; rv:62.0) Gecko/121.0 Firefox/121.0' https://www.google.com/ | wc -c
2024-01-08 15:52:04 URL:https://www.google.com/ [15] -> "-" [1]
      15

If you're an early version of Firefox, it gives you a simple page. If you're a later version of Firefox, it gives you a lot more complete version of the page. If you're claiming to be a specific version of mobile Firefox, but the version you're claiming (edit: oopsie doesn't exist or even really make sense didn't exist when they set this logic up or something), it gets confused and gives you nothing. You could argue that it should default to some sensible mobile version in this case, and they should definitely fix it, but it seems to me like it's clearly not malicious.

Edit: Wait, I am wrong. I didn't realize Firefox's version numbers went up so high. It looks like the cutoff for where the blank pages start coming is at version 65, which is like 2012 era, so not real old at all. I still maintain that it's probably accidental but it looks like it affects basically all modern mobile Firefoxes, yes.

What's the user-agent? I'm curious now.

Is this still true? I just tested and it works for me on LibreWolf, both for google.com and google.com.br.

Honestly, Google doing this as a deliberate anti-Firefox measure seems so wildly stupid and counterproductive on their part that I'd assume it was some failure (serving a slightly different version of the page to Chrome as for other browsers, and the non-Chrome side breaks for some reason) before thinking it was malicious.

Do we upvote because it’s nuts or downvote because it’s nuts

Help, I don’t know what to do

If I were a user, and the system told me that it was aware of what I wanted to do, and capable to do it, and it was in both of our financial best interests that the system fulfill my request, but it was deciding not to until I went back and jumped through an additional pointless hoop, before doing what I'd attempted to do in the first place... I definitely would be more irritated than not.

It might be worth having a prominent notification that the system was fulfilling the expired request, so it's not confusing that the expired tickets work sometimes and not other times. Or, maybe just tell them the JWT they've got is expired, and ask them yes or no if they want the new (current) price instead, and update it transparently if they say yes. You can have a higher price if it's higher, and depending on your relationship with the customers, you could either lower the price if it's lower or just leave it at the current price and have them get what they get. But I would definitely make things easy and smooth for the customer in this type of situation as opposed to making the system easy to make, at the expense of having them have to click through a little circular runaround when the system is aware of exactly what they're trying to do.

0.19.2 you mean? 0.19.1 is from 3 weeks ago and the fix was merged 4 days ago.

There was one time only in my life that I saw The Revolution of the Customers take one little step towards becoming a reality. I consider myself blessed that I was there to witness it.

I was in an airport during a holiday and a baggage handler's strike. I was happy to be patient, since I support the workers in fucking up the bosses and striking during an especially painful time, so I was just observing the chaos. Gate and ticket agents were dealing with customers and then going down and putting bags on the plane themselves. Flights were cancelled. People were flown to new airports without a seat assignment on their connecting flight, and then told at the new airport that they wouldn't be able to fly out for some indefinite period of time until the airline figured some new things out. I saw a little handful of people waiting for their bags at their destination make friends with each other, and break out a bottle of wine from one of someone's bags that had arrived, and they all sat around drinking from the bottle while they were waiting for the rest of their bags, which never arrived. General chaos. Like I say, I was fine, but some people were pissed and the employees who were there were clearly dealing with a mountain of logistical and emotional difficulties.

So, in the middle of this, we were all sitting at our gate and waiting, while the gate agent was slowly processing her way through the queue of angry people, when this dude stormed over to our little gate area and started yelling out to everyone at the top of his lungs.

"HEY! Are all you people waiting for flight 437?"

Someone indicated that we were.

"Well you're waiting at the wrong gate! It's B37! Do you wanna know how I know? Because that's MY flight! And I was waiting at the wrong gate too!"

"YOU!" he yelled, pointing at the gate agent like the finger of God. Everyone's eyes swiveled over to the poor woman standing at her little podium.

"You didn't tell them! Did you!?"

She indicated that she was about to make the announcement, and he cut her off.

"I KNEW IT!" he yelled. Turning away from her dismissively, he addressed the crowd, since he had their full attention. "Come on, everybody! Let's go to gate B37!"

And, completely alone, he stormed off through the airport towards B37.

After everyone had verified with the agent that yes, we should be at B37, we all sheepishly migrated over to where he'd told us to go. It was only an instant in time, but for that moment, I felt like I saw a glimmer of what could be. The full realization of self-government by the "going where they're told while employees organize everything" consumer class. And in an airport, the most restrictive of take-off-your-shoes-and-throw-away-your-water obedience places, no less.

Ayyy, that's wonderful! Thank you, that's awesome. It still doesn't work (my log says things like "failed: Failed to get chain object https://lemmy.world/comment/6479326"), but presumably that's a problem on the kbin side, and I'm happy digging into it and seeing what I can find. If I have any questions or anything I'll reach out, and thanks again for the quick response + resolution.

You saw that this isn't a "bot" in the normal sense of the word, but just a kbin instance doing federation, right?

I mean I'm fine with however you want to limit access; I'll leave it as "kbinBot" so it'll get blocked, if that's really what you want, but completely preventing a kbin instance from federating with lemmy.world because of how the user-agent looks seems like maybe not the right thing to do. (Assuming that's what's going on -- kbin.social identifies itself as kbinBot also, and its posts seem like they're going through, so maybe I'm just misunderstanding something about the situation.)

If someone learns something bad about you, and your first reaction is not "this is why it's not true" but "how did you find that out, we must punish the person who told you," you might be a violent POS.

I'm a little new to it all, but this bothered me as well. As far as I can tell, the underlying issue is that ActivityPub isn't strict enough about how these things should be implemented, so everyone implements them in similar but slightly incompatible ways.

I think either Lemmy or Mastodon "could" fix it on their ends if they wanted to, but it's not super easy and so far they're deciding not to. I'm actually right in the middle of messing around with kbin right now, which aims to support the best of both worlds (can talk to Lemmy and interoperate well with Lemmy communities but can also follow / message / hear from Mastodon users within a UI that makes sense for Mastodon). It doesn't seem like it's as mature yet as either Mastodon or Lemmy though, but I'm pretty likely to switch to it for exactly this reason, that I'd like to have one account that can talk to both.

I looked at it super-briefly. Honestly, I tend to prefer the kbin "I have a vision for what I want this to be and I don't want democratically inspired changes to my codebase" system over the mbin "if it looks good we'll merge it" system. Based on my little bit of experience with it, the backend of kbin seems relatively well-organized, and obviously he put it together well enough for it to be able to work in production on a busy site, so I trust his judgement a little. I didn't look in detail enough to make a real informed decision about it though. I do have some nitpicks with kbin (definitely as far as the frontend in particular) but relative to other Fediverse software it seems above average (although, that's a low bar.)

Looking over mbin now, the one thing that seems like a serious point in its favor is talking about security fixes. Do you know anything more about that? Are there security things that the maintainer(s) of kbin are not wanting to address or something?

Edit: Oh, also, update: It looks to me like lemmy.world is currently configured to break all incoming federation from default-configured kbin instances. Maybe I am wrong about that, but that's how it looks to me right now. I posted about it.