I’m not sure you can make that conclusion. This isn’t a real vulnerability, and this isn’t a surprise to anybody who knows how the AP protocol works. Dansup didn’t reveal anything that was previously unknown, the blog author just has an axe to grind. It’s unfair to assume that an actual 0 day vulnerability would have been treated the same way.
more people will know and exploit the vulnerability
It’s not even a vulnerability, it’s how AP works by design, is the issue at hand here. Mastodon decided they wanted to implement something not supported by AP, and everybody else had to take the heat for not ‘doing it right’.
To keep it secure from the servers themself would require users to handle the encryption. See PGP for an idea of how much uptake that’s likely to get. If you mean for the servers to handle the encryption, that’s already the case, and the issue right now is that servers are privy to what users do, and by nature are a 3rd party in the convo.
Defaulting to not federating is what the major email providers currently do, and is why email has now become a centralised service that you cannot practically self host.
Does modding work across PF - Lemmy?
Post pinning is also pretty wonky.
We’re taking a free ride on the Finns. !norway@sopuli.xyz
Why so? It’s easy to block bots that have their accounts tagged as such. I block them myself, but I have no problem with them existing.
Not sure what to say to that. Nobody in my group would consider classic email and IMs equivalent, unless you’re layering an extra UI layer on top like what the other commentor mentioned.
Oh sure, if you’re using something like that I can get behind it. But then you’re back to the network effect. Probably slightly mitigated since everybody has email, even if they’re not getting it in a pretty IM format and won’t be replying to it on the spot.
Also an entirely different thing, email is nothing alike to IMs.
You ended up redirected back to the homepage. You’ll notice there’s nothing there about flairs. Pretty sure blaze wanted to link this post
Think your link’s broken, blaze.
Perhaps, but it’s a bit too late to rename an existing and active community.
if people have a choice to interpret something as 1) that a question about fashion is in fact an innocuous question about fashion, or 2) that he’s obviously a rapist and victim blaming and I’m going to call him a rapist (when the entire tone of the thread and community is not serious)
That’s on the assumption that the reader sees both possible meanings, though. Most people don’t do that, the first meaning that comes to mind is the one we go with. It’s a very rare person that will, without external prompting, go ‘I wonder if he meant something else?’.
And oddly enough, he was the person to escalate with that explanation, and I was the one to explain it.
From his POV, you had already escalated. Yeah it was due to his misunderstanding. But at that point you were the one with a choice as to whether to nicely explain your actual original meaning, (and maybe edit the confusing line?) or just rage about everybody on Lemmy being quick to assume the worst. Nobody’s the asshole here, it was a misunderstanding, but you could have chosen to make it better :)
Looking at the comments, I can see how your comment got misinterpreted. I do believe you had no such intention, but the way it was worded (especially the last word, ‘anyway’) makes it sound out of context as if you were victim blaming. And from the number of votes, it’s obvious many see it that way. Rather than get mad at randos on the internet, why not just reflect that you might have written that in a somewhat confusing way, and clarify it? Without escalating.
Reading through it, I’m not seeing much in favor of ATP. It basically says ATP will never be decentralised. What exactly are the points you’re trying to make here?
And because there are still so many people who are willing to run instances for fun/as a hobby, they are effectively pricing their own work at zero dollars
Isn’t that a major point? If there are many people willing AND HAPPY to run it for free, presumably because they’re getting something intangible out of it, why not leave it to them?
Yeah, but you’re like the community directory, you know everything 😂
Not me who downvoted you, FYI.
To me, a vulnerability is something unforeseen, that allows bad actors to exploit the system in an unintended manner. In this case, the system is working perfectly as designed. Just because another system decided to implement a new feature without consulting anybody else, does not make it a vulnerability. Or perhaps it does, but with the vulnerability on the side of Mastodon, since they’re the ones telling their users their post is private when it is actually nothing of the sort.
What would I call it? An unsupported feature. One that Mastodon forced everybody else to implement without asking or any respect.