dQw4w9WgXcQ @ dQw4w9WgXcQ @lemm.ee

Posts

2

Comments

455

Joined

2 yr. ago

It just seems like the perspective is off. Implementing some script which reads images of the website which depicts the CAPTCHA, sending it to some AI-solution which can succeed some percentage of the time. Adding this to something which can interact with the website (not sure if you'll need to indirectly act through something like selenium or if you can make direct web-calls), while also ensuring that the CAPTCHA doesn't receive other suspicious data.

If you go through that trouble, I would be amazed if combining 2 or 3 words from a dictionary into a username would be the kryptonite of your bot farm.

Again, I don't know, and it might be a much more preventative solution than I can understand, but it feels like a strange security by obscurity.

Emails, sure. Captchas require a fair bit of elbow grease. Generating a random username which looks fine is nothing in the landscape of bot protection.

I just don't see how the username is an attack vector. The sign-up has email verification and CAPTCHA. Requiring the username to be something sensible seems excessive.

But honestly, I don't know. Maybe this stops a lot more bot farms than I'd expect.

If I were a bot farm owner, I would likely just generate more "realistic" person usernames. Generating a unique username which doesn't look like random letters is trivial, and I don't really think that creating that obstacle is a real hinderance to anyone.

Sure, and I'd probably understand it from the instance owners perspective better if I were in their shoes. And to be fair to them, my username was randomly generated by youtube at some point. So if they just outright reject appeals from generated usernames, I definitely fall into that category. I just feel like that's a bad process and practice for instances which are among the top of the suggested list for new users.

Considering that some bots might also have automatic appeals integrated makes it more reasonable to expect that automated rejection.

You quoted the appeal-part of my comment. I would understand if a bot is implemented to suspend users with usernames which is just a generated string of high entropy, like my own. But rejecting an appeal should not be an automated process.

I can't imagine that the automated ban helps a lot either. Generating random usernames which looks like real people's usernames is pretty much a trivial task. Using a high-entropy string is just a choice on the developers side.

Yep, maybe that's it. It has been my username on reddit for ~12 years, and I carried over to lemmy when I joined here. And joining mastodon, I'd like to keep it still. But if the large mastodon servers are suspending and ignoring appeals due to a suspicious username, I'm kinda unhappy with those instances.

I completely understand that mastodon are compiled of individual admins per server, and they can do what they want with their instance. But I'd expect the highest suggested instances to at least answer the appeals when suspending users. If I joined a random tiny instance of someone who wants to keep it to themselves, I'd understand, but the instances I joined are huge with a welcomming message etc.

That ad personalization will not be pretty.

I think your best bet is'); DROP TABLE BOT_TRAINING_DATA;--

I kinda want to go there because of the amazing food and culture. But I will probably never go there, because I'm reminded of all the less great things about India considering pollution, poverty, heat and a guarantee of food sickness (which does not go well for someone with IBS).

Absolutely. There is an exchange of money involved in the advertising services, so it would be natural to expect a small fee for sanity-checking the advertisement. Facebook are mostly able to check for nudity, porn or gore in the advertisement, so with some additional inspection, it should be possible to weed out a lot of scams.

Wait, so is this a scenario where I get to watch that film, then I suddenly die as soon as it ends? Or do I get to watch it on repeat for all years to come? Or do I watch that movie once and never watch any movie ever after that point? Or do I get to watch the movie once, but it's slowed down to fit the rest of my lifespan?

I mean, my answer is Citizen Kane either way.

Don't reuse passwords. Reusing usernames shouldn't be a huge issue, no?

It depends.

On a good day with a decent amount of sleep, good food (not too light and not too heavy) and interesting tasks, I find that I can dive my head pretty deep into concentration and really filter out the world around me.

Doing this takes a lot from me, so it usually only lasts up to around an hour before I need a good break.

But most days, I don't end up concentrating that hard.

For conversations which include interested parts as recipients, it's good to reply to all to ensure they get all the updates. But this goes for smaller groups. If you go beyond 7-10 recipients, it might be time to ask if everyone really wants this or if some other communication format would be preferrable (chat group or meeting).

I was on a class trip out on Kjerragbolten in Norway. It is a rock wedged in a cracked mountain, leaving several hundred meters of freefall on either side of the rock. It was a particularily windy day, but somehow our teacher allowed us to walk out on it. I remember walking out on it, and getting basically scarred for life about heights, especially since the quick gusts that day could easily have killed me.

Here is a decent POV video of what I experienced (the video is not mine) https://youtu.be/VqzoC_C2RaI?si=BhECeXwgSu423RfJ

A few months later, our teacher left her position, and we never really knew why she left, but I assume some of the parents informed the board about her recklessness at that trip.

For a key-combo I've found handy:

shift + ins = a more general paste-command. While ctrl + v works in most Microsoft-contexts, shift + ins seems to work both in MS Windows, Command prompt, Linux and several other systems.

Not sure how I forgot that! Will edit it in!