PhilipTheBucket
@PhilipTheBucket@ponder.cat
- Massive Expansion Of Italy’s Piracy Shield Underway Despite Growing Criticism Of Its Flawswww.techdirt.com ↗Submitted 2 hours ago to technology@lemmy.zip | 0 comments
- Comment on A new security fund opens up to help protect the fediverse 1 day ago:
What? It is to the person who discovers the vulnerability. That’s fairly normal for this kind of thing I think. How would giving it to someone else motivate the result they’re trying to get?
- Comment on A new security fund opens up to help protect the fediverse 1 day ago:
Yeah, there’s also this:
A more recent issue came about when Pixelfed’s creator, Daniel Supernault made the details of a vulnerability public before server operators had a chance to update, which would have left the fediverse vulnerable to bad actors, she says. (Supernault has already apologized publicly for his handling of the issue that had affected private accounts.)
In the case of the Pixelfed issue, for instance, the Hachyderm Mastodon server, which has over 9,500 members, decided it needed to defederate (or disconnect from) other Pixelfed servers that hadn’t been updated in order to protect their users.
It is weird to spend almost half the words in this, pretending that something in Pixelfed that wasn’t a problem on Pixelfed’s side was. This is the weirdest “vulnerability” in the world to pick if you want to pick one to hold up extensively as an example.
- Comment on A new security fund opens up to help protect the fediverse 1 day ago:
Also Lemmy: Here’s a bunch of death threats and pictures of a pig taking a shit because you said democracy was a good idea
- Comment on UK government says anyone working in Britain for the Russian state will have to register and declare what they are doing or face jail 1 day ago:
I get that yeah, but mine gives more context. Seeing other comments besides that one that the three accounts voted on in exactly the same fashion as each other, in the same order, and the pace of voting generally to give context to how unusual the little block all within 15 minutes is, gives a clearer impression of how unusual it is. The other comment they all voted the same way on wasn’t any kind of particularly notable comment to draw every Hexbear user’s attention somehow.
It’s not really ironclad or anything, but it’s certainly sus. And yes I agree, it sort of looks like Plinky’s comment and voting was genuine, and then one Hexbear person noticed the comment after a while and voted on it three times. Why they do that sort of thing, I don’t really have a clear idea.
- Comment on UK government says anyone working in Britain for the Russian state will have to register and declare what they are doing or face jail 1 day ago:
If y’all wanted to keep your weird little "u"s in the official spellings you should have won the war. 😃
I am extremely American, I’m just offering some input as an observer, being concerned about your democracy as I am about my own.
- Comment on UK government says anyone working in Britain for the Russian state will have to register and declare what they are doing or face jail 1 day ago:
IDK, man. Try this:
SELECT p.actor_id, comment_id, score, cl.published FROM person p, comment_like cl, comment c WHERE cl.post_id = 26726744 AND p.id = cl.person_id AND c.id = cl.comment_id ORDER BY cl.published ASC;
Hit slash and type hexbear to highlight all the hexbears. That little grouping of three of their users coming in and giving out basically identical voting patterns, all of a sudden, at 18:16 / 18:29 / 18:31 (in my instance’s timestamps) after almost an hour of silence, looks pretty extremely sus. To me.
- Submitted 1 day ago to technology@lemmy.zip | 1 comment
- Comment on UK government says anyone working in Britain for the Russian state will have to register and declare what they are doing or face jail 2 days ago:
80% of the votes on this comment as of this writing came from Hexbear users. The chance that the situation arose by random chance, that the random walk of users running across this comment and having feelings about it happened to land on 4 Hexbear users almost instantly and on almost no one else, is basically 0. So they’re not just injecting talking points about labor and Gaza into random stories, they’re faking votes to boost it. Good stuff. Glad y’all are federating and bringing the behavior that everyone is always super happy to see.
- Comment on UK government says anyone working in Britain for the Russian state will have to register and declare what they are doing or face jail 2 days ago:
There’s a big grey area. Someone might be doing a podcast talking about a bunch of appealing topics for young men looking for their path in life, and every so often just slip in some talking points about immigrants buying up all the housing and that’s why their rent is so high, how badly the liberal party betrayed the voters and how the conservatives are going to give them their country back, that kind of thing. Le Pen got a raw deal, all she’s trying to do is save her country and the corrupt forces that dominate politics took her down for their own reasons. Look at this migrant who assaulted these innocent people, I’m just saying it’s a problem, it’s not racist, it’s reality.
And lo and behold someone might find out that that podcaster along with 200 others is being paid by Russia to destabilize British society and support the leaders that will serve Russia’s geopolitical goals. Should we put that podcaster in prison, or else force them to be honest with the British government about what they’re doing, so they can at a bare minimum keep some tabs on it? I mean, it’s not enough, but such a law sounds like a good start to me.
Russia has been exploiting the open nature of societies outside itself, and getting away with it to enact a whole lot of harm. Like a lot. It’s time to stop being polite with them and the people that are helping them do it.
- Comment on The fediverse has a bullying problem 2 days ago:
Yeah. That’s one thing I think Piefed is really doing right. They’re trying to make it so that normal people will have a fairly pleasant normal-person experience.
I think Lemmy’s core developers including explicit acceptance for toxic online behavior, and some of the original core instances openly celebrating and modeling it, really may ruin the platform for the long term. And yes, you and dubvee are completely right as far as the lack of action in any respect by a lot of people who run the instances to do all that much of substance about the people who seem to want to ruin the experience on those instances.
- Comment on The fediverse has a bullying problem 4 days ago:
That’s why I say it is bullying.
He does post trainwreck statuses sometimes, or miss self-imposed deadlines, or something. That’s very very different from “incompetent for implementing badly something easy or toxic for federating ignoring what the federation requires” but it gives people a grain of truth to fall back on when the total bullshit they’re accusing him of gets called out.
Some for JordanLund, same for FlyingSquid. People are imperfect. It’s okay. If your habit is to use people’s imperfections as a reason to make wild accusations at them that have no basis in reality and double down on the legitimate criticisms and pick at them, and generally just be shitty to them, then there is a perfect word for that activity.
- Comment on 90s band alignment chart 4 days ago:
- Comment on 90s band alignment chart 4 days ago:
Many of these bands are misplaced.
Gin Blossoms is sad. NIN is incredibly angry. Mazzy Star is a little bit horny. Deftones is pretty happy. Radiohead is at least a little horny.
- Comment on The fediverse has a bullying problem 5 days ago:
Yeah, the whole thing of “if #public is in
to
and the user is incc
, it means one thing, but if it’s the other way around, it means something different” just reeks of “IDK I just wanted to hack it up and move on and IDGAF how platforms other than Mastodon are going to wind up handling it.” Which is fine… as long as your users universally understand that that’s your level of care towards honoring non-public visibility settings they’re setting on their posts. - Comment on The fediverse has a bullying problem 5 days ago:
Yes. That is 100% my feeling.
Happy to be of service.
- Comment on The fediverse has a bullying problem 5 days ago:
But there is a not insignificant portion of folks on here that are here because they were banned or warned on mainstream platforms because they couldn’t regulate themselves and still aren’t regulating themselves.
What?
Plenty of people on mainstream platforms are obnoxious. Twitter and Reddit in particular are hives of villainy that make anything available on Fedi platforms look childish. Why do you think people are here because they were ejected from mainstream platforms?
Dansup doesn’t exactly follow best practices in his development which I think causes a lot of strife
What?
Can you elaborate?
- Comment on The fediverse has a bullying problem 5 days ago:
Dansup is a developer who made Pixelfed and Loops.
Depending on who you ask, he either fucked up Pixelfed in a way that exposed Mastodon users’ private posts, or else Mastodon implemented private posts poorly and he got caught in the crossfire. I’m firmly in the second camp, so much so that I think it’s misleading to describe it in that both-sides type of way, but regardless, that is the lay of the land of the drama.
- Comment on The fediverse has a bullying problem 5 days ago:
Yeah, I alluded to that when I said I’m probably guilty of it sometimes.
A reasonable person could say that I tend to bully the mods when I disagree with something they’ve done. I do think that when you sign up to control people’s experience and delete messages you don’t agree with, you’re signing up to have your decisions criticized. Reasonably or not. It’s absurd to say that no one is allowed to get upset or air their grievances when the moderators apply moderation in a way that they don’t like, because the end state of that setup is Reddit. But in fairness you are not wrong, sometimes I take it too far, and I think I should cool it at least a little with getting embittered about people moderating me in ways I don’t like.
Also, just for the record I’ve never had any issue on any level with you specifically. My whole anger at one of your moderators posting electoral propaganda and then banning people who disagreed with it, was that I thought he was hijacking his way into the slrpnk good graces for his own agenda, not that that was the intent behind the whole instance or anything. I’ve started being snarky towards the instance as a whole since the slrpnk admin team for some reason came out swinging hard to defend him on that, and then also gave out some further deletions and bans afterwards that I thought were equally silly, but it was more because I felt like you were supposed to be one of the good instances that supported people being able to have the conversations they wanted to have, and move the whole network in a good direction. I definitely wasn’t happy about it or looking for that embittered interaction.
(For context for anyone who’s confused, here are some instances of what might be called bullying that I’ve done previously. The second one in particular sort of makes me cringe to post here, because it’s exactly the kind of sour grapes innuendo that I’m complaining about when people aim it at Dansup.)
- Comment on The fediverse has a bullying problem 5 days ago:
Agreed. It’s not completely their fault. But also, they’ve run further than they needed to with the “I’m in charge of what protocol I’m going to speak to other instances running my own software” than they needed to. Case in point, this exact issue with “private” posts. A lot of things had to be fleshed out more so than they are in the AP spec. This feature needed to be handled more carefully than that.
- Comment on The fediverse has a bullying problem 5 days ago:
Correct. And as I tangentially mentioned, even if you do think this needs to be kept secret, then the blog author would still be wrong, because this blog post is doing is doing way more “harm” by publicizing the issue than any amount of commit notes ever could.
But yes, trying to keep this secret like a 0-day is completely the backwards model for how to handle it.
- Comment on The fediverse has a bullying problem 5 days ago:
Yeah. I do think communicating over the internet even with people you disagree with is possible to do, and it can be super productive. Can be. It just takes conscious effort to do so, I guess not much different from when you can talk them out face-to-face.
- Comment on The fediverse has a bullying problem 5 days ago:
“Doesn’t scale because the containers are set up wrong” is different from “unmaintainable code” though. What of the code was bad? I’ve looked at a bunch of fedi projects and Pixelfed didn’t strike me as either particularly good or particularly bad.
As for the last, I don’t have any examples
?
I mean, that is sort of what I expected. Mastodon doesn’t publicize Wordpress. Lemmy doesn’t publicize mbin. They all, mostly, mention a little bit of the context that they can interoperate with other federated services, but it doesn’t strike me as weird or malicious that someone would write a project and then promote that project. That sounds normal.
Actually, both Mastodon and Lemmy chose to implement sort of their own versions of ActivityPub, and that actually does strike me as selfish behavior. It means that mostly they are their own independent platforms that run “on top of” ActivityPub instead of enabling full interoperation with the other stuff. Doing it that way was hard to avoid, because the design of ActivityPub to me isn’t great, but this situation is actually a perfect example of that: Mastodon implemented a new feature in a way that would break (in a really jarring privacy-violating-to-some-extent way) until everyone else copied their implementation exactly. I’m not aware of Pixelfed doing anything like that. Mastodon and Lemmy can both get away with presenting themselves as “the fediverse” and forcing everyone else into copying one implementation or the other if they want things to actually work, and they both show very little interest in making it easy. If you want to pick out sins of various fedi projects to start to point out that are disrespecting the other projects in the space, something like that is where I would start.
- Comment on The fediverse has a bullying problem 5 days ago:
Oop. She is not. Fixed.
- Comment on The fediverse has a bullying problem 5 days ago:
What parts of the codebase did you look at and not like how they were implemented?
Why is it a problem if he makes server software and then publicizes it? Like can you show a couple of examples of authors of some other software who are giving credit to the hundreds - thousands of other people, and how they are giving credit? What are they doing differently than Dansup?
- Comment on The fediverse has a bullying problem 5 days ago:
Yeah. There are a lot of subtle cues that keep things in check, that let people express frustration or disagreement with each other and it still be okay and kept in a balanced fashion, when it’s happening in person. In typing that all goes out the window. It takes conscious effort to be able to remember the social aspect and not just get carried away with your typing and decide the other person is horrible and you need to attack (or just take something without the right context and think they’re going on the attack when they’re not.) Like I say, I’m guilty of treating it pretty carelessly sometimes too.
- Comment on Pixelfed leaks private posts from other Fediverse instances - fiona fokus 5 days ago:
content should be private by default, nowhere is stated otherwise
This is completely false. Read section 7.1, “Note: Silent and private activities”. It specifically says that privacy behavior, even for activities with no recipients at all, is undefined. It recommends not showing them to anyone, obviously, but that “behavior is not defined” has a very specific meaning in a specification document. It means, if you sent an activity of that type to someone, trusting that they would then keep it private, then you fucked up, because behavior in that area is undefined and cannot be relied upon.
That’s not “rules lawyering.” That is how specification documents work. That’s an important note, which I suspect is why it is highlighted and in its own separate box. There are some similar parts of the document, involving the big word “MAY” in all caps where they had the option of writing “SHALL” or even “SHOULD”, to indicate that a server had to keep certain things private, that follow the same philosophy.
None of that means you can’t use some common sense. It’s obviously not good to be handling intended-to-be-private information in some way that the sender doesn’t expect, and that’s why Dansup fixed it quickly when it was brought to his attention (particularly since the issue wasn’t even directly related to access control on private posts, just in a subtle interaction involving approved-followers-only users and a setting that was failing to federate). My point was just on the broader issue, that if Mastodon is sending out “private” statuses to random servers, then this is at the root a Mastodon issue. The quick fix (regardless of whatever it was about that made the blog poster even more upset when Dansup took it seriously and fixed it quickly) puts the lie to your assertion that Dansup is “toxic” “ignoring what the federation requires” and so on.
I suspect that we’re going to keep going around in circles on this forever. I have a new strategy when someone is just endlessly arguing with me about some weird minor issue. I just make a new post dealing with the issue in more depth, so that it’s not just you and me endlessly going in circles deep in the comments at each other. You’re welcome to come to that post, and continue the conversation there, if you’d like to:
- Comment on The fediverse has a bullying problem 5 days ago:
Yeah, you’re not wrong. I definitely don’t think it is a fediverse-only problem. Something changed culturally between Usenet and the things that came after.
I was thinking about this earlier today: There was a wonderful little renaissance that happened around the time of the Napster / Slashdot / flash game era, when “it’s the internet so of course it is awful” was in abeyance for a little bit of time and things were cool (as well as being pretty creative, and generally sensible.) I think a lot of what I’m upset about here is not so much that people are being catty (as you said, that’s just kind of the nature of the beast), but that it’s so disconnected from reality. People will say wild made-up nonsense and then other people will take it seriously. Of course, yes, that’s not exactly new or a fedi specific problem…
- Submitted 5 days ago to fediverse@lemmy.world | 100 comments
- Comment on Pixelfed leaks private posts from other Fediverse instances - fiona fokus 6 days ago:
I did a whole analysis of what the spec actually says, how it relates to “private” posts, and Mastodon’s implementation details. TL;DR they just made things up and it’s a huge disservice to Mastodon users to give people the impression that these posts are private.