@fschaap even if what @WPalant said about jeff was somehow true, he still has no involvement in session, just lokinet

@zensaiyuki @MartinShadok i'm working on a hosting project (sorta like the stuff you can find on libreho.st) and i opted to take donations, letting people create an account as a "gift" for their donation. when i said friend-to-friend i meant loosely. compared to open federation, it implies some sort of initial vetting procedure and manual association with other parties, that's all

@zensaiyuki @MartinShadok in general i've been seeing "the light" of closed-registration federated communities, invite trees, friend-to-friend networks overall, that could cut down a majority of moderation and abuse issues we have on current platforms, i believe. it's what i want to push forward on and encourage others to do the same. pros: users and admins have better relationships and trust, manual vetting trumps automated antispam measures, administration is more focused on important issues

@zensaiyuki @MartinShadok see cloudflare: they know fully well that bots and automatic requests are a core component of the web, but for whatever reason, they indiscriminately bar access from API interfaces as they would "human" interfaces

specific to cloudflare, there are better approaches to spam, and DoS attack vector can be decreased by static content serving and caching. cf already does caching, it would be trivial to allow e.g. tor users a static view of websites

@zensaiyuki @MartinShadok captchas are commonly used when we don't even want to keep out bots necessarily. spammers generally have time on their hands to fill captchas, and captcha solvers are cheap (fractions of a penny per solve) so it really doesn't keep out that much abuse

@SubwayTooter i currently do not have much java or android experience, but if i get around to it (might be a while) i will try to help

Show thread

@SubwayTooter do you have plans to make the thread view more accessible for larger threads? it would be helpful to automatically scroll down to the selected post, rather than always be scrolled to top

thanks for the great app

@nusenu i wish i could run exits to offset the DNS/AS monopolies, but my current hosts prevent tor exit traffic originating from their addresses

@jlhertel @sir and a pepper is runtime-configured, you wouldnt see it in a public codebase

@jlhertel @sir salts arent hardcoded like that, youre thinking of a pepper

@cb @GreenandBlack @puffinus_puffinus@sunbeam.city @f0x @emsenn@myasstodon.xyz while this works, i think a proper export is probably best. or at least add --wait flag so you dont bombard the site with requests

@TheGibson do you genuinely have faith in DoH or are you just trying to offset cloudflare's service being used as the default

@n8 @clacke it's foolish to assume though, that google doesnt know its standing in the web ecosystem

in any case i dislike webfonts as a concept. theres a reason i chose a specific system font: it's easier for me to read than all these other ones. unfortunately font icons became a webdev meme at some point so im stuck with keeping webfonts enabled until frontend developers go back to something sane like svg

@n8 @clacke
>true of every web server

and i never suggested otherwise. google's just the topic of this thread

>bug to report to the browser maker

while i agree it's a bug, it isn't specific to browsers; it requires effort on behalf of both server administrators and web UAs to change these de-facto standards. note that tor browser is trying to take up the task of lowering browser fingerprints, so they'll probably be the main source of this type of innovation

@n8 do note that i believe google providing most of the web's fonts is a harmful gesture against the open web; as @clacke stated, it introduces a single point of failure to the web, along with AMP, reCAPTCHA, and non-google services such as cloudflare

@n8 @clacke the faq to which you linked even admits it crossreferences datasets with its other services in the interest of analytics. cookies aren't needed when a party can construct identities from your ip address, useragent, referer, and other metadata alone. and google has a large enough dataset to do this with relative success

this alone isn't malice but it indicates how much useless metadata browsers send, even on the most innocuous of requests

@cuniculus @BadAtNames ah, i learned something new. i never used hooktube

@TheGibson wish i could attend my first con but likely wont happen this year

@er1n @amphetamine@social.wxcafe.net @tastytea probably violates dmca assuming users keep copyright to their content

Show older

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!