• 0 Posts
  • 15 Comments
Joined 1 year ago
cake
Cake day: June 13th, 2023

help-circle
  • Mountaineer@lemmy.worldtoMemes@lemmy.ml"~~Don't~~ be evil"
    link
    fedilink
    English
    arrow-up
    17
    ·
    1 year ago

    This whole episode is giving me flashbacks to the ActiveX days.

    Image

    The tyranny of the default.

    “Here mum, I’ve installed Firefox for you, it’s better than Chrome in every way!”
    “My knitting circle website doesn’t work, I can’t download patterns, it says I need Chrome”

    Internet Explorer was effectively abandon-ware for a decade after Microsoft used their OS pseudo-monopoly to crush Netscape.
    It took another tech giant abusing THEIR monopoly to relegate IE to the trash heap it should have already been on.



  • Mountaineer@lemmy.worldtoMemes@lemmy.ml"~~Don't~~ be evil"
    link
    fedilink
    English
    arrow-up
    62
    arrow-down
    5
    ·
    edit-2
    1 year ago

    So you won’t use your banks website?
    Or your utilities (gas/water/electricity/internet)?
    You won’t let your kids use the portal at their school for submitting assignments?
    Your government sites for renewing your drivers license or scheduling hard refuse pickup?

    I can think of lots of reasons that will force me to have chrome installed if this goes ahead.





  • Mountaineer@lemmy.worldtoLemmy Shitpost@lemmy.worldXKCD - Infrastructures
    link
    fedilink
    English
    arrow-up
    52
    arrow-down
    1
    ·
    edit-2
    1 year ago

    The annoying thing to me is that it’s taken a further 13 years to reach a point where another social network is feasible.
    I’m not saying there haven’t been attempts like diaspora and the early mastadon etc, but now we’re actually reaching a critical mass of participants where a move is worth it.

    The same is true of Signal. I’ve been using it for nearly a decade, but it’s only in the last 2 years that people haven’t rolled their eyes when I mention it’s my preferred comms app.


  • JavaScript (TypeScript) has access to cookies (and thus JWT). This should be handled by web browser, not JS. In case of log-in, in HTTPS POST request and in case of response of successful log-in, in HTTPS POST response. Then, in case of requesting web page, again, it should be handled in HTTPS GET request. This is lack of using least permissions as possible, JS should not have access to cookies.

    JavaScript needs access to the cookies, they are the data storage for a given site.
    To protect them, the browser silos them to the individual site that created them, that’s why developers haven’t been able to easily load cross domain content for years, to mitigate XSS attacks.
    The security relies on the premise that the only valid source of script is the originating domain.
    The flaw here was allowing clients to add arbitrary script that was displayed to others.
    You’re dead right that only the way to fix this is to do away with JavaScript access to certain things, but it will require a complete refactor of how cookies work.
    I haven’t done any web dev in a few years, this might even be a solved problem by now and we are just seeing an old school implementation. 🤷




  • Maybe the client is faster/prettier/can show videos/uses less data/integrates with their phone better.
    Maybe it’s got features that clients here lack such as the ability to host larger images or video.
    Maybe the user is sick of responding to conversations over there and it not being federated, so they are ignored.
    Maybe using the Threads app is just faster (because it’s local instead of batch federating).

    If I was in charge of product design for Threads, I would be literally crawling the issue listings for Lemmy/Kbin and the associated clients looking for complaints and implementing solutions for those problems.
    Then I would make a list of every limitation within the system and make sure Threads exceeds that baseline.

    And then when I had made the software better in every measurable way (because I am paying a large team of developers to target those pain points), I’d start adding features that ActivityPub doesn’t, especially if ActivityPub instances would find those features hard to implement.

    I’d make damn sure that every time ActivityPub changes from a source outside Meta, I’d drag my heels on implementing that feature, so that instance hosts are forced to choose between implementing the new version, or maintaining compatability with Threads.

    Why would a user here move there?
    Because their spouse/coworker/friend tried to send something for the 50th time and the message just never came through.


  • Threads will mainstream threads.
    Any good content here will be available to the Threads users, who will be oblivious to where it is coming from.
    Eventually, Meta will take steps to break compatability, and lots of the most prolific contributors from here will move to Threads exclusively (for a host of valid reasons).
    When it is no longer in Meta interest to federate, they will stop.

    The fediverse will continue, but it will be weakened by it’s temporary reliance on Threads (who could afford to host large images/videos/etc, have lower latency, etc etc).


  • Individual instance owners can do literally whatever they like.
    Put up ads.
    Charge a subscription.
    Anything.

    Let’s say instance A is hosting a community that everyone on instances B and C love to participate in.
    But A want’s to earn some money so they start charging access to their local users.
    This doesn’t effect users of B and C at all, because the data is federated.
    The owner of A get’s grumpy and defederates B and C.
    The users on B and C find somewhere else, either on one of their instances, or on D.

    Everybody wins.