Show Navigation
Notices by Alexandre Oliva (moved to @lxo@gnusocial.jp) (lxo@gnusocial.net), page 58
-
now, I can tell from your response, and from earlier conversations, that, when I attempt to open a large combined page in the browser, it used to attempt to fetch lots of images concurrently, more than what would be normal from the small pages that are served out.
I'll look into fetching those images sequentially, while downloading the pages for archiving and offline reading. then, when I open such a large page on the browser, it should fetch images from local files, without disturbing the server. the only downloads from the server would be such stuff as stylesheets, and I guess I could preload even those, if even they turn out to be a problem. sorry about the disturbance.
-
nice, but then I wonder what it is that's blocking based on User-Agent... it's pretty clear that this is what's happening, it's entirely reproducible, and the error message is different from the one I get when an IP address is blocked, because the TLS session is actually established, then abruptly aborted, whereas IP blocking prevents it from being established
now, I haven't even been able to make even *regular* accesses for weeks, because of this setting, and the accesses you're seeing in your logs are either normal browser-based access while I tried to figure out what was going on, or *sequential* page preloads from my scripts for offline reading and archiving, neither of which has ever got IPs blocked. but access with a modified user-agent... that amounts to an instant block on the very first connection, and only when accessing gnusocial.net.
now, maybe it's not about GNU in User-Agent, maybe it's libresoc? or something else?
Here's what I was using before, that stopped working a few weeks ago: "Mozilla/5.0 (X11; GNU libresoc64; rv:94.0) Gecko/20100101 Firefox/94.0"
while what works now has 'Linux x86_64" instead of "GNU libresoc64", and the actual, current version numbers.
-
@administrator, did you by any chance start blocking https requests based on User-Agent a few weeks ago, or tightened preexisting rules?
I had been unable to access with abrowser for all this time, and could only access over text-based browsers over tor after my home IP got blocked. at first I didn't realize I was getting an unusual error; then I thought it was some abrowser upgrade that broke something; then I upgraded another machine that still worked and it kept on working; then I verified all TLS- and abrowser-related files on this machine and found nothing unusual; finally, I realized both browser profiles in which it failed had a modified User-Agent (to have GNU in the operating system name, rather than the misnomer Linux), but the one in which it worked didn't. once I disabled User-Agent overriding, it started working again. so now I configured the browser to lie about the operating system name when contacting gnusocial.net, and I'm back!
if my diagnosis is correct, could your User-Agent blocking rules please tolerate GNU as the operating system name? TIA,
-
#Linux-libre turns 15!
https://www.fsfla.org/anuncio/2023-02-Linux-libre-15
https://linux-libre.fsfla.org/#news
-
não foi bem a capital que elegeu tarcisio. a capital sozinha teria eleito haddad. foi o interior que puxou a eleição pro outro lado.
-
I'd rather not buy any computing equipment (regardless of price) whose software only the vendor is allowed to audit or fix.
I'm old enough to remember how much work went into checking and fixing stuff so that Y2K was a whimper rather than a boom.
yeah, fixable software can be patched and problems can be avoided. it's proprietary software that only suppliers can fix that has me worried, because they're more likely to leave old stuff unmaintained, unfixed and unfixable to make you buy their newer products
-
that is kind of backwards. open source attempted to replicate the free software definition, but the attempt is not entirely perfect, so there are rare points of non-overlap both ways
but even if the definitions were entirely equivalent, the philosophies and practices aren't. projects that identify as free software exist for the purpose of respecting users' essential freedoms. projects that identify as open source often care more and live by other values, such as the tolerance rather than rejection for user subjugation, sometimes to the point of interacting with, requiring or even embedding nonfree software in them. linux is unfortunately an example of these unfortunate behaviors: it both contains nonfree software, and requires additional nonfree software distributed separately. that it contains such blobs makes it satisfy neither the free software nor the open source definitions, but somehow open source folks elevated to an iconic status a program that fails to be open source. that's evidence of how different the values are, and how such different values steer programs away from the supposed equivalence
-
meus sentimentos
vi uns vídeos com ela há pouco tempo
tava tão animada, tão cheia de planos!
quase não acreditei que era a mesma pessoa quando recebia notícia. muito triste
que consigamos honrar sua memória
-
você levanta um ponto importante sobre a vulnerabilidade, mas IMHO escorrega na exceção
revisar o código fonte do app é uma possibilidade valiosa, mas não é como se a falta do conhecimento técnico para fazê-lo anulasse os benefícios da disponibilização do código fonte:
- você pode escolher pessoas em quem confia, e que tenham essa habilidade, para fazer essa revisão pra você. ok, só grandes empresas fazem dessas coisas, e olha lá
- só o fato de o código fonte estar disponível já viabiliza que outros olhem, e isso por si só já desencoraja a introdução de código malicioso, pois a descoberta seria escandalosa e embaraçosa
- comparo ao fact-checking jornalístico. bom seria se todo mundo conseguisse verificar os fatos, mas só de ter alguns fazendo verificação dos fatos, já ajuda quem não quer espalhar notícia falsa a encontrar referências de verificação das notícias mais comuns em circulação, saber que há gente verificando desencoraja a publicação de bobagens, e isso beneficia a todos, não só aos jornalistas que fazem a verificação mas ao público em geral. analogamente, verificação de código fonte disponível de aplicativos em uso comum beneficia a todos, inclusive quem não sabe verificar
-
ler esse seu pôste segundos depois de dar o primeiro gole num café instantâneo que fiz com água fria da chaleira elétrica que esqueci de ligar foi de um contraste notável ;-)
-
trying to scale up single servers has a limit and runs into complexities and diminishing returns. everyone scales services by sharing the workload among multiple servers, even when they present themselves in a way that gives the illusion of a single server. we don't have any pressing need to give the illusion of a single server, we can scale our federated network by adding more independent servers, which is both cheaper and lighter. (maintaining the illusion of unity has a significant cost). multiple separate servers also make for a healthier decentralized network, at least when they aren't under control of the same entity.
-
a platform controlled by a third party can give you an audience just as easily as it can take it away. it's not good for your activism to depend on the visibility provided by a profit-motivated third party whose goals aren't aligned with yours. moving to a more decentralized and neutral platform may feel scary, but it will put it on far more solid ground. you and your target audience should be aware of that, and it would be wise to motivate yourselves with it to make the leap together, so as to remain connected regardless of billionaires' whims.
#TwitterMigration
-
part of the problem, I think, is that long-timers have evolved very efficient workflows, whereas newcomers who've come of age under surveillance capitalism got used to interfaces designed not for efficiency, but for exploitation of the useds. this creates a fundamental tension in which making interfaces more welcoming and familiar to the useds makes them far less efficient for everyone, for nobody's benefit (unless there is someone gathering the information made available by the inefficiencies, which we'd be better off avoiding)
-
don't assume software freedom can solve the problems of using computers for voting, it can't possibly. even if some version of the software is fully audited, signed, and earns wide trust, and even if the computers are supposed to only run signed code, how could you, at the time of voting, tell whether the computer hasn't been compromised so as to run a different version?
-
the publishers who criticize unauthorized sharing are precisely those who take nearly all of the money from authors
-
servers are really no harder to operate, but propaganda has convinced people that they should leave it to the experts, as a means to capture their data and make them dependent. reversing that belief seems hard.
OTOH, keeping data stable (safe against loss) in consumer devices, especially ultraportable ones, is a bit of a challenge. the best answer to that so far has been live backups.
I know a better way to approach this: local apps, encompassing all the logic (no client/server separation), using dumb p2p storage for the data.
https://www.fsfla.org/blogs/lxo/draft/decent-computing
-
he's privatized much of power generation and transmission, so now any efforts to enable rooftop generation are going to be taken as threats to those profits. regulation and public funding could confront that, but I'm not hopeful, it's going to be an uphill battle. which sucks, because our hydroelectric generators are operating at low capacity and a lot of thermal plants are making up. a significant overlap between their owners has led to speculation that reservoirs of hydroelectric plants have been emptied so that they could run and sell the more expensive power from the thermal plants. which sucks for us, because they're not only more expensive, they also pollute more, and the fresh water has not been easy to replenish
-
meanwhile, in brazil, bolsonaro's government has granted 109 private banks access to citizens' personal records and biometric data collected by government's online services, electoral authorities and by states' identity document issuers
https://gnusocial.net/url/7938242
-
when antivaxxers stop believing and spreading lies
after over 9e9 shots total, anyone who thinks it's experimental after health regulators everywhere say otherwise is living in an imaginary parallel reality. and whoever claims the vaccine is riskier than the virus must be able to credibly demonstrate at least 9e7 fatal victims
-
one would hope that's just a quick patch to get it going while they implement a proper fix, but who knows?
Alexandre Oliva (moved to @lxo@gnusocial.jp)
All Jonkman Microblog content and data are available under the