Wordpress 1,000%

I honestly don’t even know off the top of my head why you would use anything else (aside from some vague elitism connected to the large ecosystem of commercial crap which has tainted by association the open source core of it) – it combines FOSS + easy + powerful + popular. You will have to tiptoe around some amount of crapware in order to keep it pure OSS though.

What the HECK man?

There’s an underlying problem IMO with all Fediverse software and instances, in that because it’s made available for free, people get entitled, moderators and admins are obligated to sort of do volunteer work on behalf of people who haven’t earned it in order for any of the thing to work, which naturally leads to a inexhaustible wellspring of negative energy because the whole thing isn’t right.

I saw the posts of Ruud asking for people to basically interview for a part time admin position and do a job which for skills and time investment is worth from $50k/yr-$200k/yr (calibrating for the fact that it’s “only” 5-10 hours per week), and all I could think was whoa no no no this isn’t the way. Not saying there’s anything wrong with people volunteering their time to make available this great thing, but I think undervaluing them when they decide to do that is almost inevitable, which has follow-on effects that manifest in all kinds of ways and lead to things not being the way they should be. Occasional prickly or unfair behavior by mods or admins represent one example of that; comments like this one represent another.

What on earth is hostile about the OP post in any way?

Yep.

There are two big end-user security decisions that are totally mystifying to me about Lemmy. One is automatically embedding images in comments without rehosting the images, and the other is failing to warn people that their upvotes and downvotes are not actually private.

I’m not trying to sit in judgement of someone who’s writing free software but to me those are both negligent software design from an end-user privacy perspective.

Of note about this is that image links in comments aren’t rehosted by Lemmy. That means it would be possible to flood a community with images hosted by a friendly or compromised server, and gather a lot of information about who was reading that community (how many people, and all their IP address and browser fingerprint information, to start with) by what image requests were coming in kicked off by people seeing your spam.

I didn’t look at the image spam in detail, but if I’m remembering right the little bit of it I looked at, it had images hosted by lemmygrad.ml (which makes sense) and czchan.org (which makes less sense). It could be that after uploading the first two images to Lemmygrad they realized they could just type the Markdown for the original hosting source for the remaining three, of course.

It would also be possible to use this type of flood posting as a smokescreen for a more targeted plan of sending malware-infected images, or more specifically targeted let’s-track-who-requests-this-image-file images, to a more limited set of recipients.

Just my paranoid thoughts on the situation.

deleted by creator

I have no real idea with Navalnvy, and only dim memories of news reports about Magnitsky which went into a little more detail, but I’ll tell you how I assume it operates: It’s basically mistreatment to the point that it’ll kill you, just slowly. Your cell’s cold all the time, in the arctic winter with no blankets. You get bad food and bad sleep and beatings and no medical care of any kind. Once your body starts to malfunction (Magnitsky started having kidney failure), they go on beating you severely enough to cause additional organ damage, but then just continue to put you in your cell day after day with no medicine. Basically, you’re going to die, but they’re drawing the process out enough that it’s indirectly, because of “medical issues” related to what they’re doing to you, instead of just from blunt force trauma or something. So it’s incredibly painful and long and drawn-out, a slow death of constant suffering from which you can’t escape or get any relief.

I mean, I thought about it. I kept careful contemporaneous notes in Google Drive about any time I was spending, cost of any certified mail, etc, and I actually researched a little bit law firms in Texas who could maybe take them to small claims court for me, or how to do it myself remotely over Zoom, stuff like that. I needed to keep everything documented anyway in case they came after me, and I was really amped up wanting to do something legal towards them, and then I calmed down and just moved on with my life.

Like joke’s on you, I love petty bullshit and being stubborn and passive-aggressive about stuff, let’s fuckin rock you faceless evil behemoth

Not a map, but things I’ve seen on the roads in Boston:

• Left turn only from left lane, straight or left from 2nd lane, straight or left from 3rd lane
• Green light and perpendicular traffic coming to me on the cross street, also going, because they also have a green light
• Two lanes, surprise! Lane markers go away it’s one lane, not defined who yields, you guys can work it out

No kidding. I’m genuinely surprised that not one of the people who had family die in there has done it.

I don’t even know about that, because instead of the article I got my App Store opened up demanding that I install Phantom Surfer Browser to protect me from viruses.

What THE FUCK. I knew this stuff but for some reason reading it again made me all furious again.

Eva Mireles, from inside the adjoining classrooms where the shooter was, called her husband, Ruben Ruiz, a Uvalde Consolidated Independent School District officer, who was outside the school. According to DPS Director Steven McCraw, during the call Mireles told Ruiz that she had been shot and was dying; when Ruiz “tried to move forward into the hallway, he was detained [by law enforcement] and they took his gun away from him and escorted him off the scene.” Mireles eventually died from her gunshot wounds.[82][83]

After the police cordoned off the outside of the school, parents pleaded with officers to enter the building. When they did not, parents offered to enter the building themselves.[84][85] Officers held back and tackled parents who tried to enter the school, further warning that they would use tasers if the parents did not comply with directions. Video clips of these interactions were uploaded to social media, including one that depicted a parent being pinned to the ground.[86] Police pepper-sprayed a parent trying to get to their child, and an officer tackled the father of another student. Police reportedly used a taser on a parent who approached a bus to get their child.[13] A mother of two students at the school was placed in handcuffs by officers for attempting to enter the school.[13][87] When released from the handcuffs, she jumped the fence and retrieved her children, exiting before police entered.[88] A video clip showed parents questioning why police were not trying to save their children, to which an officer replies: “Because I’m having to deal with you!”[89]

And, they harassed her afterwards because she was giving interviews that made them look bad.

Pedro “Pete” Arredondo, said he arrived at the school thinking he was the first law enforcement officer on the scene. He claimed he abandoned his police and campus radios because he wanted his hands free to shoot the gunman, and stated he also thought the radios would slow him down. He said one radio’s antenna would hit him when he ran, while the other radio was prone to falling off his belt when he ran, and that he knew from experience that the radios did not work in some school buildings. Arredondo said he was unaware of 9-1-1 calls being made from the classrooms the gunman was in because he did not have a radio and no one told him; the other officers in the school hallway were not in radio communication either.[97]

“I think it’s a step in the right direction,” said Kim Rubio, whose daughter, Lexi Rubio, was killed in the shooting. “I think for the first time we felt respected – we felt treated with respect, and I believe we’re going to get the answers we’re looking for.”

I can’t even come up with any kind of sarcastic commentary. 😢

He already checked, and the guy said nyet, not yet, need more tiym still.

1. I have absolutely no opinion whether Trump has syphilis.
2. “The clap” is gonorrhea, not syphilis.
3. James Carville should wipe that brown stuff off the corners of his mouth before he makes his videos.

Not since late last year they’re not. They spent early 2023 winning back the north of the country, then had a summer counteroffensive which captured essentially 0 of the East, then over winter they got nothing in terms of the ammunition and weapons aid they’d need to have to fight against an opponent which can outproduce them 20:1. They’re now desperately trying to hold the front line even though after 3 months of nothing they’re basically out of ammunition.

The big aid packages out of the US and EU are stalled apparently indefinitely. There’s that little package from the UK which hopefully will help a little, but unless the GOP stops being compromised by Russia sometime soon, it seems like they might be in real trouble.

Hopefully this time they’ll stay there.

Yeah. It’s just not a logical frame of mind. If you tried to stop me in the moment, you’re the enemy and you must be destroyed, how dare you, I feel angry, fuck you. If I did it and later it turned out it was wrong, you should have stopped me, how dare you, it’s not my fault, it’s your fault, I feel angry, fuck you.

Mozilla/5.0 (Android 10; Mobile; rv:121.0) Gecko/121.0 Firefox/121.0.

I just did a bunch of testing. The issue is that final version number, “Firefox/121.0”. Google returns very different versions of the page based on what browser you claim to be, and if you’re on mobile Firefox, it gives you different mobile versions depending on your version:

% wget -O - -nv -U 'Mozilla/5.0 (Android 10; Mobile; rv:62.0) Gecko/121.0 Firefox/41.0' https://www.google.com/ | wc -c
2024-01-08 15:54:29 URL:https://www.google.com/ [1985] -> "-" [1]
    1985
% wget -O - -nv -U 'Mozilla/5.0 (Android 10; Mobile; rv:62.0) Gecko/121.0 Firefox/62.0' https://www.google.com/ | wc -c
2024-01-08 15:54:36 URL:https://www.google.com/ [211455] -> "-" [1]
  211455
% wget -O - -nv -U 'Mozilla/5.0 (Android 10; Mobile; rv:62.0) Gecko/121.0 Firefox/80.0' https://www.google.com/ | wc -c
2024-01-08 15:52:24 URL:https://www.google.com/ [15] -> "-" [1]
      15
% wget -O - -nv -U 'Mozilla/5.0 (Android 10; Mobile; rv:62.0) Gecko/121.0 Firefox/121.0' https://www.google.com/ | wc -c
2024-01-08 15:52:04 URL:https://www.google.com/ [15] -> "-" [1]
      15

If you’re an early version of Firefox, it gives you a simple page. If you’re a later version of Firefox, it gives you a lot more complete version of the page. If you’re claiming to be a specific version of mobile Firefox, but the version you’re claiming (edit: oopsie doesn’t exist or even really make sense didn’t exist when they set this logic up or something), it gets confused and gives you nothing. You could argue that it should default to some sensible mobile version in this case, and they should definitely fix it, but it seems to me like it’s clearly not malicious.

Edit: Wait, I am wrong. I didn’t realize Firefox’s version numbers went up so high. It looks like the cutoff for where the blank pages start coming is at version 65, which is like 2012 era, so not real old at all. I still maintain that it’s probably accidental but it looks like it affects basically all modern mobile Firefoxes, yes.

What’s the user-agent? I’m curious now.

Is this still true? I just tested and it works for me on LibreWolf, both for google.com and google.com.br.

Honestly, Google doing this as a deliberate anti-Firefox measure seems so wildly stupid and counterproductive on their part that I’d assume it was some failure (serving a slightly different version of the page to Chrome as for other browsers, and the non-Chrome side breaks for some reason) before thinking it was malicious.