Hola, finally a good rust ui framework that's not dependent on web

You mean outside iced, slint, egui, etc. ?

Oh come on just learn it properly it's not a big deal to read it

I think this question concedes that there is some possibility that one could experience an incorrect puberty.

Given the definition of maturity is being fully grown, this comes across as an inherently unhelpful thing to ask. If we say “only once someone is fully grown they are able to determine if they experienced the incorrect puberty” then this makes it impossible to help children who are going to experience the incorrect puberty. Unless we have some way to determine a child is trans without any input from them, there becomes no way to help them.

The possibility of being unable to help people is not an excuse for hurting them or others. Generally if you can't know the correct action than you should stick to the status quo.

What's next, gene therapy because the embryo might want to be a different race when it grows up?

The phone doesn't accept biometrics but is still in AFU state. Encryption keys are in memory.

Ah yes, the genius lazy method You just need to keep in mind that there's much less space in a dishwasher than in a closet

Well yeah you could play without an account with a cracked launcher

At first, there was no launcher there was just the Minecraft.jar file which you could launch to start playing. That's what the parent page is doing; it's just having us download and run the game, no need for a launcher.

Yes. Downloading a game file you don't own and running it is called piracy, so beware of possible legal ramifications.

This way you're missing out on specific js patches for sites with hard to block ads (like YouTube)

What incentives does this enforce in the market? Strangling smaller players and reinforcing the dominant ones.

"We understand some users don't want ads so to monetize our product we allow those users to pay and not see ads"

Your response: "I want to keep my cake and eat it too."

I have a solution for you, stop using YouTube if you feel so strongly that a video platform should be free to use.

I'm paraphrasing in the quotes, they aren't real quotes...

Anyone else feels like this will be abused for phishing and/or malware distribution?

is there any hosting site that isn't? feels like a computing law at this point; if you build a hosting site, someone will try to use it for malicious purposes.

Can’t you just make the hosting site features only be for real purposes?

Like a link shortener which only forwards to a domain that matches the subdomain? Or only for watching videos and collecting metrics etc.

Any file upload can be used for unintended purposes, eg encoding files into static to upload to youtube and all other sorts of tomfoolery: https://github.com/boehs/awesome-cloud-storage-abuse

It will be. We had the same issue with Matrix attachments.

got fixed by https://github.com/matrix-org/matrix-spec-proposals/blob/mai... fwiw

I noticed^^

Tbh, I still haven't figured out how my IRC client is supposed to fetch avatars of bridged matrix users now.

Previously I was able to special case bridged matrix users and access their avatars through

    /_matrix/client/r0/profile/{name}/avatar_url
    /_matrix/media/r0/thumbnail/{server}/{id}/
    /_matrix/media/r0/download/{server}/{id}

I believe the bridges should host a proxy (per-bridge) to expose content: https://github.com/matrix-org/matrix-appservice-irc/pull/180...

But does that proxy actually expose avatars/profile pictures? From what I can tell they only proxy attachments.

avatars pictures /are/ just attachments tho?

The bridge only transforms images attached to events to new media proxy links.

If a bridged matrix user joins a channel, as IRC client I see the following information:

    justJanne[m][email protected] (@justjanne:matrix.org)

With the mxid I can call /_matrix/client/r0/profile/{name}/avatar_url and get the mxc url.

    mxc://matrix.org/uQMYcfRtSKFlYYBXLGhuIXzq

In the past that was enough, I could just call /_matrix/media/r0/download/.

With authenticated media, I would need to get a URL with a signed JWT from the bridge's media proxy such as

    https://matrix.org/snoonet/media/v1/media/download/ARahZwUoMu0BcC8Di6Q3N3lpPAejecpE6OyRcKnsvw3n7pjmP7XVSXG8hYT99knbOtESJ9ODlzqLcdLy8Y2mPs9CeTshGEPwAG1hdHJpeC5vcmcvdVFNWWNmUnRTS0ZsWVlCWExHaHVJWHpx

But what endpoint would I call to get that? From what I can tell there's no way to get the bridge to give me a users' avatar.

I'd expect to have an special endpoint such as /snoonet/avatar/{mxid} that'd redirect me to the /snoonet/media/v1/media/download URL.

It'll take about 5 mins for that to happen and then for *.bsky.network to start getting blocked by Google Safe Browsing, Palo Alto, Bluecoat etc.

I don't see how. This is a direct link to the author's bluesky server (PDS) so of course it is controlled by them.

The link in question (linked from the the sumbitted link) is `porcini.us-east.host.bsky.network`. That's hosted by bsky, isn't it?

Lack of moderation combined with an offical-sounding domain name.

This would have to get the user to follow a link or call a phone number or something though. These are plausible. It's too bad the content-security-policy can't prevent following links.

Bluesky seems to use a lot of totally different domain names for each part of their infrastructure, maybe for this reason. e.g. this one is bsky.network

While they're nowhere close on volume, they're certainly beating microsoft in terms of the rate they're adding similar looking official URLs.

> bsky.network

Shortening your brand to 4 letters when your chosen TLD is the same length as your full brand name is such a weird choice.

I think the linked blogpost is the first time I've seen that URL used anywhere user-facing. (other than the status page) bsky.<TLD> is already used for other user-facing URLs though.

I guess bsky.net and bluesky.net were taken. What’s weird is why ICANN allowed .network TLD at all when .net already existed, was shorter, and meant for that.

I can't be the only person who visited bluesky.com, assuming that was the thing everyone was talking about.

This is why you and I aren't in charge of marketing I reckon.

I mean, the way AT Proto is designed, moderation primarily happens on the app layer, not the protocol layer. So on an app like Bluesky, you can have a lot of moderation. But the protocol itself allows hosting arbitrary content in a distributed/decentralized way.

Phish could be this:

$inane_marketing_trope

...

Click here to Unsubscribe from Bluesky

https://porcini.us-east.host.bsky.network/xrpc/com.atproto.s...

...

Redirects to bad site.

As long as content is authored by the administrator of the server, I don't see where there is a security issue.

It's like if you point to your own Apache server in your own domain where you host a scam page and say there's a security issue with Apache because you could do that.

Or are you saying that you can make this person's server serve third-party content?

> Or are you saying that you can make this person's server serve third-party content?

Http: yes see OP

Email: not sure. Hopefully not. But spoofing happens.

hehehe. I pinned it to the top research ideas. I'll get back to you on this

You can't compare that... cobalt doesn't DDOS YouTube

Cobalt is also completely free, without ads or any other monetization besides donations, it's purely meant to help normal people download videos for normal people purposes. It's not like they're a for-profit data harvesting outfit complaining about getting abused by another for-profit data harvesting outfit.

You're just saying that Cobalt is small and non-profit so they must be good and YouTube and ByteDance are big and rich so they must be evil. But if you only look that what they are actually doing here, it's very similar: bypassing protections to use a service in a way that the service provider doesn't like.

Bytedance and youtube are evil, but not beacause they are big and rich. Cobalt is good, but not because they are small and a non-profit.

If bytedance are so big and rich why don’t they implement their own scraping solution instead of abusing a small service like cobalt.

...Because someone scraping from a Bytedance IP range is not necessarily Bytedance, just like requests from an AWS IP do not imply Amazon authored the spider

In isolation, a thief masquerading as a security system technician and an actual technician both do good work by checking on your home security. You can't meaningfully say one is better than the other, because even though one is secretly casing out your home so he can rob it later, in isolation they're doing the same thing.

Cobalt is bypassing protections to allow legitimate Youtube users to download single videos without causing harm and with no monetary incentives. Bytedance is mass downloading thounsands of videos, all for monetary incentives while heavily breaking the TOS and potentially ignoring copyright laws. Similar, but one is doing way more harm than the other.

> and with no monetary incentives

Donations are a monetary incentive

> while heavily breaking the TOS and potentially ignoring copyright laws

Cobalt also breaks the TOS and ignores copyright laws, personally I don't think that matters but having a double standard when one company does it "It's ok when they do it" and when one you don't like does it you try to use copyright laws and TOS as a weapon just makes me think it really isn't about TOS or copyright is it.

Also just gives YouTube ammunition to impose stricter protection against smaller violators like cobalt, like self running yt-dlp

Cobalt didn’t say the DDOS was evil, they said:

“bytedance's scraper was specifically built to go around cloudflare & other web security solutions, which is just genuinely evil”

So I would say it’s a fair comparison.

> built to go around cloudflare

Then they either didn't set up CF correctly or they just use the mode in most headless browsers that bypasses default CF protection when CF is not in attack mode.

By this logic, maybe we shouldn't charge murders because the murdered party is not around to see justice?

Every victim has family or friends or things they cared about publicly (usually the public presence is the reason they became a victim).

Justice can be found in many ways.

We are seeing justice from the many ways. There aren't many people who appreciate waiting on justice in crimes that are ruining a lot to steal a little.