Hate really does age a person, doesn't it? Miller is a little over a year younger than me but looks at least 10 years my senior (I'm not baby-faced either).
I flat-out refuse to do business with any that requires I use an app. I won't even scan a QR code for a restaurant menu; that's my cue to go eat elsewhere.
If one server is misbehaving, then they get defederated.
If the instance the spam is originating from is nothing but spam, yeah. Most instances only defederate from another as a last resort and/or if the offending instance is a total lost cause or dedicated to spam/trolling/etc.
Is there anything about Lemmy's architecture that will prevent this problem?
Yes. Applications for new registrations assuming admins can be arsed to turn them on. It won't 100% prevent it, but it will reduce it by probably 90%.
Most spam on Lemmy comes from instances with open registration (ones that do not require an application). Lemdro.id is probably the biggest offender and pain in my side. Email verification and CAPTCHAs are not effective barriers. They may slow down spam signups, but do absolutely nothing to stop them.
Instances that have 24/7 admin coverage do okay with allowing open signups (again, without application approval) and keeping spam to a minimum; some still slip through, but they're usually quickly dealt with due to having an admin available 24/7. Instances with round-the-clock admin availability are rare, though.
Instances without 24/7 admin coverage (roughly 99% of them) should, IMO, NOT have open signups and require applications. Some spam may get through, but the admins can at least have eyes on new registrations.
Fucken dumb ass Dems dont know how to not corporate with a dictator
They didn't. Not even one voted to confirm Patel.
From the article:
Democrats have unanimously considered Patel’s track record in the first Trump administration, his incendiary remarks criticizing the bureau he was nominated to lead and more generally his role in the classified documents case to be disqualifying.
[Patel] wins confirmation in 51-49 Senate vote
All Dems voted against as well as two independents and two republicans.
Intellectual curiosity: Encouraging critical thinking is essential. Without it, individuals risk being swayed by narratives that don't hold up under scrutiny.
I'm convinced this is why "AI" is getting shoved down our collective throats so hard.
If they expected you to read the install script, they'd tell you to download and run it. It's presented here for lazy people in a "trust me, bro, nothing could ever go wrong" form.
There are SHA256 checksums of each binary file available in each release on Github. You can confirm the binary was not tampered with by comparing a locally computed checksum to the value in the release's checksums file.
Binaries can also be signed (not that signing keys have never leaked, but it's still one step in the chain of trust)
The install script is not hosted on Github. A misconfigured / compromised server can allow a bad actor to tamper with the install script that gets piped directly into your shell. The domain could also lapse and be re-registered by a bad actor to point to a malicious script. Really, there's lots of things that can go wrong with that.
That's been the way to acquire software since shortly after the dawn of time. You already know what you're getting yourself into.
There are SHA256 checksums of each binary file available in each release on Github. You can confirm the binary was not tampered with by comparing a locally computed checksum to the value in the release's checksums file.
Binaries can also be signed (not that signing keys have never leaked, but it's still one step in the chain of trust)
The install script is not hosted on Github. A misconfigured / compromised server can allow a bad actor to tamper with the install script that gets piped directly into your shell. The domain could also lapse and be re-registered by a bad actor to point to a malicious script. Really, there's lots of things that can go wrong with that.
The point is that it is bad practice to just pipe a script to be directly executed in your shell. Developers should not normalize that bad practice
Oh, we can do that too, at least to varying degrees. Depends on the bank and what services they offer.
My bank will at least do what's called "Bill Pay". It's (mostly) the equivalent of me telling the bank to write and mail a check to a company on my behalf. I don't currently have that setup, but it is something I'm looking into. It's been available for a long time, but years and years ago when I looked into it, only certain companies/utilities were supported by my bank.
They're also not public info, either. Typically they're combined with name, address, etc for fraud protection, but those details are even easier to acquire than account numbers. The routing numbers are public information, though. In the result of a data breach, a bad actor has everything they need.
What are any potential hackers going to to with my bank account numbers?
Just about anything they want since they'll likely have your personal details too. When adding a bank account to any of my utility payment accounts, there is no verification whatsoever; enter details, authorize payment.
I don't use CashApp and the like, but in the past, PayPal would deposit a few cents into the account, and you had to verify ownership of the account by entering those random amounts into the signup form to complete the process. That's also trivially defeated if enough of your data was breached and in the hands of an attacker (e.g. call the bank, pretend to be you, and ask for the info).
Not to mention, why would attackers in phishing/scam emails ask for bank details if they're not secret or are useless?
For sure. The variables aren't equal, but it all adds up