CoderKat @ CoderKat @lemm.ee

I write bugs and sometimes features! I'm also @CoderKat@kbin.social.

---

Read more

Posts

7

Comments

728

Joined

2 yr. ago

The sad thing is that all we can usually do is make it harder for attackers. Which is absolutely still worth doing, to be clear. But if an attacker wants to cause trouble badly enough, there's always ways around everything. Eg, image detection can be foiled with enough transformation, account age limits can be gotten past by a patient attacker. Minimum karma can be botted (even easier than ever with AI) and Lemmy is especially easy to bot karma because you can just spin up an instance with all the bots your heart desires. If posts have to be approved, attackers can even just hotlink to innocent images and then change the image after it's approved.

Law enforcement can do a lot more than we can, by subpoenaing ISPs or VPNs. But law enforcement is slow and unreliable, so that's also imperfect.

That's because Reddit chose to leave it up until the media reported on it, though.

That said, it's really hard to protect against a dedicated, targeted attack. Eg, stuff like captchas can make it harder to create accounts, but think about how fast you could make accounts manually if you wanted to. You don't need thousands of accounts to cause mayhem. Even a few dozen can cause serious problems. I think a lot of the internet depends on the general good will of most users. Plus the threat of legal action if they get caught (but that basically requires depending on police and we know police aren't dependable).

One thing Reddit had that I'm not sure Lemmy does (never heard mentions of it) is the option to require all posts and comments to be approved by a mod before it's visible. That might even have just been an automod thing combined with how Reddit let admins hide and unhide comments. But even if they were to use that, it's not fair for volunteer mode to have to deal with that. It's also sooo much work. You can't just approve posts, cause attackers will use comments. And you have to approve edits or attackers will post something innocent and then edit it to be malicious. And even without an edit, they can link to an image and then change the file itself to a different one (checksums could prevent that, but it's more work and it's a constant battle against malice).

I'd avoid hot. Unlike Reddit's sort of the same name, Lemmy's hot gives a lot of weight to brand new posts. I regularly saw lots of posts with no votes when I used it. Active or top is probably safer. Though admittedly, if someone is using bots to post content, they could use bots to upvote, too. Lemmy has pretty much nothing to prevent even basic botting. The way federation works is actually way worse for the ability to prevent bots, because bots just need any insecure instance and can spin up their own instance in minutes if they can't find an existing insecure one (at the cost of burning a domain).

Same (though not American). I did the opposite. I started off conservative cause that's what my family and community was. Then found out that was hateful bullshit and am now extremely progressive. I'm happy to pay my taxes (and I pay waaaay more than average). I do sometimes wish they went to better things and weren't squandered as often (especially on MPs paying for $16 glasses of orange juice), but overall Canada does a decent job at using its taxes. It's impossible for taxes to go to 100% agreeable things, since there's no satisfying everyone. They're ultimately a net benefit.

I also don't have kids but am happy to see kids get the benefits of my taxes (and many other things taxes go to that don't directly benefit me). People who expect tax dollars to always benefit them are selfish and narrow-minded, which I think is the root reason some people don't like taxes.

I think being more specific is also a good thing. Two letter acronyms are too broad. As CSAM, it's unambiguous what it refers to. But CP means many things. Eg, in software dev, it's often used for "control plane". Some video games (eg, Pokemon Go) use it for "combat power". I think ESO used it as "champion points" (though might have been a different MMO).

Especially when they're kids. People should be able to wear whatever they want. But kids don't often get to choose what they want. They're often at the mercy of what their parents want and that's it.

There's also something to be said about pressure from family members. Even if the kid chose to wear something, did they really do so out of their own free will? Or because their parents said they'll burn in hell for all eternity if they don't?

And it's not like we're talking about something like simple taste in clothing or mild culture differences. We're talking about clothes that are drenched in misogyny. It's not about literal clothing in a vacuum, but rather what those clothes imply about women as a whole.

Even without knowing what the number would be, there's some interesting nuance to this. Eg, a lot of guns used in crimes would be taken from family members or parents bought for their kids as a straw purchase, but from the perspective of the gun sale itself, it was a legal sale (even though the user of the gun didn't legally acquire it). I call that particular example out because it's been prominent in some school shootings, won't be fixed by just limiting the purchase of guns, but is still something that only exists because of US gun culture.

There's also the fact that a massive amount of gun crime is gang violence, where it's more likely that the guns are illegally owned. This is still a tragedy and nobody should be dying to gun violence whether or not they're in a gang. But unless innocent people are victims (which also is often the case!), gang violence isn't usually what people are thinking of or focusing on, since many people's concern is somewhat understandably focused on more random gun violence, where it's harder to understand why it's happening.

Ugh, I basically never watched any show that closely before DVDs. Mind you, I was also pretty young at the time, but that worked even more against me as it was much less of an option to record anything when it was entirely on my parents' devices. Plus only one TV had satellite and my dad basically monopolized it.

I basically only watched things sporadically, as I was able to. Which also meant story heavy serials weren't viable. Everything had to be at least decently episodic so that I wouldn't feel lost due to missing half the episodes and watching reruns out of order.

I'm genuinely glad kids these days have it so much better. How many times as a kid did I beg my parents to let me watch some popular kids show and it wasn't an option? And if I ever did get to see something I liked, it could be months before the stars aligned to get to see another episode.

K3s? What did you do to the other 5 letters??

The difference is popular conception. Laws aren't set based on science. They're set based on what enough people believe. People believe energy drinks are worse and thus they get regulated whether or not it's true.

Advertising, audience, and stereotypes play a part in this too. Coffee is stereotypically consumed by older people, whereas energy drinks are often younger people (who older people find annoying). Coffee also has a much greater social acceptance that would make it controversial to regulate. End result is that it's popular to limit energy drinks but unpopular to point out that coffee has far more caffeine.

Yeah. I don't understand it even in context.

"This shooting was racially motivated, and he hated Black people," the sheriff said at a news conference. "He wanted to kill n------. "That's the one and only time I'll use that word," Waters said, referring to the racial slur.

Like, what??? Why use it even that "one and only" time?

In literally every pair of pants I have, I use that to store a hair elastic or two. Then whenever I need my hair up (eg, eating and hair would get in the way), I have one easily on hand.

I somehow never even realized that was Tom Cruise until today...

As someone with a hearing impairment, robot phone menus are the absolute worst. Sometimes I just can't understand what the options are and unlike a human, robots can't rephrase or enunciate differently. I will literally go out of my way to not do business with some companies based solely on whether or not I can do everything online.

The speed bumps are supposed to be tailored to the target speed. There's some 40 km/h streets in my city with regular speed bumps and they're perfectly fine because the speed bumps are designed for that speed. They're quite shallow compared to the kind of speed bump you'd see in a 20 km/h parking lot.

Yeah, the government controls your health care whether or not they're actually running the hospitals.

Plus, the GOP loves statements like that because they actively sabotage the government. While far from perfect, plenty of countries are capable of adequately running public health care systems, along with plenty of other government programs (roads, prisons, education, national defense, etc). The GOP's whole strategy is to purposefully break systems and then point at the broken system and claim that this is why we need to privatize it. Government run programs are just as good as the government as a whole, and the GOP are poisoning the US government.

How much do people contribute to Terraform itself as opposed to a Terraform provider, I wonder? I'm biased because I've personally contributed to providers (and not Terraform itself), but I perceive providers to really be the meat of the product. For the most part, Terraform largely is just a framework for reconciling resources, but most actual functionality is in those resources themselves, for which all functionality is provided by the provider. e.g., if I wanna make a load balancer and a bunch of VMs, Terraform provides the glue that loads providers and can specify the dependency of the VMs on the LB, but the whole creating of the VMs and LB as well as the diffing and updating are all in the provider.

That's not to excuse what HashiCorp did, but just I suspect a lot of what people view as "Terraform" isn't actually the part that HashiCorp controls.

Man, I utterly detest Musk and think he's dumb as bricks, but blaming Musk for this feels like a big stretch. Not, you know, Tencent or the CCP?

Yeah. GitHub makes sense because most users are writing code that can be executed by others. That makes GitHub accounts security critical.

But a Lemmy account? Naw, you lose almost nothing if that gets compromised. A little bit of history and subscriptions, mostly.

I'm in a discord that for some reason "requires" 2FA. Based on searching, I think they give everyone some kinda admin role or something? It doesn't actually require 2FA, but it shows a very annoying warning that covers up a bunch of the channel selection screen. But despite that, I don't really wanna deal with the hassle of 2FA on a chat app that's basically consequence free for me if it gets exploited.

Yeah, there's some abilities that are just a lot of fun to have, but if your party doesn't have the right class, they wouldn't get the fun. An example would be druid shapeshifting (especially for non combat purposes). That's really great for story potential, thanks to being able to use it for spying and finding routes.