JRaccoon

Compare your actions to releasing a 0-day exploit for a security vulnerability instead of responsibly disclosing. It doesn’t help, it just causes chaos until the people who do the actual work can figure out a solution.

This comparison is not fair at all. It’s not like the devs are unaware of this. They could start by removing the API endpoint that lists a post’s votes, but they haven’t, which means they seem to think it’s okay for the instance admins to snoop on votes if they so wish.

They can include runnable JavaScript too, which can cause vulnerabilities in certain contexts. One example from work some years back: We had a web app where users could upload files, and certain users could view files uploaded by others. They had the option to download the file or, if it was a file type that the browser could display (like an image or a PDF), the site would display it directly on the page.

To prevent any XSS (scripts from user-provided files), we served all files with the CSP sandbox header, which prevents any scripts from running. However, at the time, that header broke some features of the video player on certain browsers (I think in Safari, at least), so we had to serve some file types without the header. Mistakenly, we also included image files in the exclusion, as everyone through image files couldn’t contain scripts. But the MIME type for SVG files is image/svg+xml… It was very embarrassing to have such a simple XSS vuln flagged in a security audit.

I never understood why exactly it’s such a controversial topic. It’s my third year on Mastodon, and I’ve never felt the service was lacking just because not having proper quote posts. But then, I also don’t understand most of the arguments against them, especially when/if they’re implemented as an opt-in for the original poster.

Basically, people on both sides seem angry over nothing, and I’m just like, ‘Neat, a new feature. Anyway…’

You will be able to choose whether your posts can be quoted at all.
You will be notified when someone quotes you.
You will be able to withdraw your post from the quoted context at any time.

To me this sounds like the right way of doing it. Quote posts have always been kinda a hot topic on Mastodon. Some people want them while others absolutely do not. So best just let everyone to decide for themselves.

In addition to what others have already pointed out, please also note that mentioning any other account in a “private” message chain will allow that account to retroactively see all the messages in the chain.

Basically DMs in Mastodon are pretty useless.

I would imagine the flight recorders keep recording as long as there’s any power left in the aircraft. So if there was a bird strike as they suspect, and if that caused a dual engine failure, the recorders should still work, right? So there has to be more to the story than a simple bird strike.

I do it if I’ll be away more than just couple of days. Some of my hardware is pretty old at this point and I’m just a little paranoid about the possible fire hazard. I’m sure it would be fine to leave everything running but no real harm in shutting it down either.

Well, just by looking at responses in this thread, the controversy most definitely still exists. Some seem to like it and others hate it fiercely.

Cool, thanks for the explanation.

a single application that gets bundled with all necessary dependencies including versioning

Does that mean that if I were to install Application A and Application B that both have dependency to package C version 1.2.3 I then would have package C (and all of its possible sub dependencies) twice on my disk? I don’t know how much external dependencies applications on Linux usually have but doesn’t that have the potential to waste huge amounts of disk space?

Sorry to ask, I’m not really familiar with Linux desktop nowadays: I’ve seen Flatpak and Flathub talked about a lot lately and it seems to be kinda a controversial topic. Anyone wanna fill me in what’s all the noice about? It’s some kind of cross-distro “app store” thingy?

Google Tasks. Does not have all the features of other apps but does everything I need and was preinstalled

It’s still unclear if he’s allowed to use the logo and such. The national broadcaster Yle (which itself has a strict policy against advertising) allowed it in the national show and argued that (quote) “Windows 95 is no longer a protected trademark today. The product is hardly used by anyone anymore. Thus the name and the costume are allowed”

But EBU might have a different stance ofc

I use Megalodon. It’s a fork of the official Android app but with the missing features (like hashtag following) added.

But as others have mentioned, the official web app is great too and works as PWA

The quest log tends to remind me of my ticket backlog at work.

Yes, absolutely this. New quests/tickets just keep coming faster than you can complete them…

IIRC this feature used to only be available in English locale and needed a registry hack to enable it on other locales. That might not be the case anymore

Lots of great recommendations in this thread. One I use and didn’t see mentioned yet is StreetPass. It automatically saves any Mastodon rel="me" verification links you come across while browsing. I’ve found it very useful for finding interesting accounts to follow