Sarcasm: Yup. The black people who were lynched should have just participated in local communities and confronted the KKK! That’ll fix everything!

Anyway, online isn’t the place to take up space and confront people. You do that in person. Online is where you come to get support, encouragement, and resources for the in-person fight. And that doesn’t work if your online profile is also local. For many people, there online participation cannot, and should not, be geographically local. Remember the “good old days” of the local BBS that you had to dial into? Isn’t it interesting that every single documentary full of sepia toned reminiscences about how wonderful those local communities were is entirely created by and featuring old middle-class white dudes? No women, no homosexuals or transsexuals, no people with disabilities, and no ethnic minorities? I wonder why!

Again, speaking from personal experience: blind people had NFBNet, but it wasn’t local. And the local BBS’s had so much ASCII art and other accessibility issues that we couldn’t participate.

And now, on local Reddits and Facebook groups, nobody uses alt text. I guess that’s my fault for not participating in a space that is completely inaccessible to me. I’m the problem with democracy!

If we look at how toxic and racist the local city groups are on Reddit or Facebook, I’m not sure this is a good model. If I’m a black trans woman living in a small town in Mississippi, my local instance might not even be a safe place, for me.

Similarly, I would encourage blind folks to join us at rblind.com rather than a local instance, because a local instance might not take our needs into account: many have captchas, some use inaccessible themes, etc. At rblind.com you can be sure that we won’t deploy an update or configuration change that will break accessibility, because the server admins and moderators are all blind ourselves. But the beauty of federation means that you can talk to everyone else on other instances, so being part of a particular identity group doesn’t limit you to just talking to other members of that group.

Because Spotify, YouTube, Apple Music, etc. are so cheap or free that it’s not worth the trouble of setting one up for the people who have the resources to do it. Sure, download what you want to keep. But for Discovery? The streaming services are fine. And the people who can’t access/afford them also don’t have the resources to set something like this up.

Perfect! Thanks for the info!

How do those of us who loathe the horrific and proven bad idea of quote posts, and also refuse to use Mastodon, opt out of this terrible misfeature? Will blocking anyone who quote posts me and defederating from their instance remove the quote?

This has been broken for us on the entire 0.9 series. It works with iceshrimp, go to social, etc. just not mastodon. I think it has something to do with authorized fetch and signatures. But I haven’t tried to track it down as the way lemmy formats posts from mastodon was super ugly anyway.

If you’re comfortable with using codeberg, yes, that’s the best place. Otherwise you can post in the comments of the original thread, complete the survey, or use github issues (if you must).

Sadly I don’t have an einc device. But if someone does, we’d be happy to accept feedback and include some images.

So most modern activitypub servers backfill threads and profiles. My single user instance processes 30000 notes a day. If I was actually trying, I’m sure it’d be easy to grab much more while appearing well behaved.

How does that help? My personal instance currently has a database of several million posts thanks to the various Mastodon relays. I don’t need to scrape your instance to sell your posts. I don’t, of course, but it’d be easy for some company to create friendlycutekittens.social and just start collecting posts. Do you really have time to audit every instance you federate with?

When watching a movie or tv show by ourselves, blind people can’t see the picture. So unless we are watching with a sighted friend, we would rather save on storage and bandwidth by only downloading the audio.

Audiovault.net is the website you want. Made by and for blind folks, it has thousands of AD tracks in mp3 format. You should be able to just sync them with the video. Though blind folks never bother; we only care about audio anyway.

From the article:

The TLS-SNI header is used by CDN servers to route requests based on the Server Name in the header. However, a typical front end server, or even a load balancer (LB), belongs to a single app or organization, and does not typically need to handle the SNI header. The easy and reasonable way to configure TLS certificates on such a server, is to either:
 Serve all requests with a single TLS certificate that has SANs (Subject Alternative Names) for all the domains that are used Have multiple certificates, chosen according to SNI, with one of them as the default. In both of these common cases, sending a HTTPS request directly to the IP of a front end server, without any SNI, will present us with a default server certificate. This certificate will reveal what domains are being served by this server.

So apparently the real issue is that people aren’t using SNI correctly.

The tech blog is much better: https://www.zafran.io/resources/breaking-waf-technical-analysis

It boils down to scanning all IPV4 space, and grabbing the SSL certificate returned by any webservers on port 443. If the server is incorrectly configured the fields in the SSL cert will tell you what domains it serves. And using Certificate Transparency logs to figure out what domains you want to target. I wouldn’t really call this a flaw that breaks anything. It’s just a byproduct of how SSL, IPV4, and WAFs work.

Your post showed up here just fine.

There’s also a list here, though last updated in 2020: https://distributedcomputing.info/projects.html

Most of those projects remain active in some form.

For those of us using screen readers, this is a way bigger deal. Honestly I probably shouldn’t use a bluetooth headset and a bluetooth keyboard for my banking. We focus so much on SSL/HTTPS and wifi security, but I wonder how much effort goes into wireless keyboard security? Not nearly as much, I’d bet.

Problem was that I usually only discovered the issue when I went to read the book lol

I never did that, my connection was too slow to want to take up someone’s DCC slot for like a day to get an entire movie. Remember all the frustrating idiots who would share .lit files, but forget to remove the DRM from them?

Ah, good to know. Back in my day, when we had to walk a hundred miles to school in the snow, up hill both ways, IRC was the only place to get ebooks. I’m guessing it’s just the old users clinging on now.