It’s like an exploit or something, and Pete turned it off.
Conversation
Notices
-
NEETzsche (neetzsche@iddqd.social)'s status on Tuesday, 05-Sep-2023 14:32:02 JST 
NEETzsche
-
(mint@ryona.agency)'s status on Tuesday, 05-Sep-2023 14:32:01 JST 
@rees @alex @NEETzsche @malakai A data that is shown correctly on every frontend except two. -
rees (rees@breastmilk.club)'s status on Tuesday, 05-Sep-2023 14:32:02 JST 
rees
@NEETzsche @alex @malakai it's not an exploit it's just sending junk data -
Alex Gleason (alex@gleasonator.com)'s status on Tuesday, 05-Sep-2023 14:50:05 JST 
Alex Gleason
@mint @rees @NEETzsche @malakai The only two FEs that support quote posting with backwards compatibility. After the inline mentions incident we made an effort to try to make everybody happy with quote posts. But you fucktards will never be happy. Pete is creating a problem out of a solution to another problem, that he would have otherwise bitched about if it had not been implemented. Do you see the impossible situation? We can't have it all. So the real message is: "slow down cowboy. I want to see more failure." Lol, fuck no. Anyways, back to the grind. -
(mint@ryona.agency)'s status on Tuesday, 05-Sep-2023 14:50:05 JST
@alex @rees @NEETzsche @malakai Both my personal forks of bloat and pleroma-fe support quoteposts and yet weren't vulnerable to the problem since I accounted for that exact scenario. -
NEETzsche (neetzsche@iddqd.social)'s status on Tuesday, 05-Sep-2023 14:52:21 JST
NEETzsche
Well, my personal fork of Soapbox still accounts for this exact scenario but the PR got rejected, Pete lifted the stupid exploit, and now none of it matters. Any further malding about this amounts to Asperger’s.
likes this. -
Alex Gleason (alex@gleasonator.com)'s status on Tuesday, 05-Sep-2023 15:00:57 JST
Alex Gleason
@mint @rees @NEETzsche @malakai You literally can't. If he wraps .inline-recipients instead of .inline-quote, all replies would be affected. It's only "fixable" for quote posts because FSE does not support quote posts. By the very nature of the way this works, it's fundamentally impossible to just "patch" this on the frontend. It's all or nothing, you either allow hidden elements or you don't. -
(mint@ryona.agency)'s status on Tuesday, 05-Sep-2023 15:00:57 JST
@alex @rees @NEETzsche @malakai Then don't allow them, or check the contents of said span before hiding. -
Pyrrho (pyrrho@freespeechextremist.com)'s status on Tuesday, 05-Sep-2023 15:01:36 JST 
Pyrrho
@alex @mint @rees @NEETzsche @malakai
If you didn't do anything wrong, why are you trying to hide these elements? Mind if we let our dog take a quick sniff? likes this. -
(mint@ryona.agency)'s status on Tuesday, 05-Sep-2023 15:06:26 JST
@NEETzsche @rees @alex @malakai Because it's fun to make soydevs seethe. -
NEETzsche (neetzsche@iddqd.social)'s status on Tuesday, 05-Sep-2023 15:06:27 JST
NEETzsche
I mean why is he marking the entire post as hidden in the first place? Maybe don’t do that.
-
Alex Gleason (alex@gleasonator.com)'s status on Tuesday, 05-Sep-2023 15:16:45 JST
Alex Gleason
@mint @rees @NEETzsche @malakai You're missing that hidden elements are considered a *feature* and not a bug. -
(mint@ryona.agency)'s status on Tuesday, 05-Sep-2023 15:16:45 JST
@alex @rees @NEETzsche @malakai An antifeature, if I will. The only hidden elements to my knowledge are quote fallbacks (solvable by checking the existence of an actual quote) and the inline mentions (which are already handled the right way by pleroma-fe and my bloat which simply show only the hidden mentions above the post, but that isn't twitteresque enough for your liking). -
Alex Gleason (alex@gleasonator.com)'s status on Tuesday, 05-Sep-2023 15:21:06 JST
Alex Gleason
@mint @rees @NEETzsche @malakai We clearly have different priorities. So we will go our own ways on it. But I'm sure we can still collaborate in other ways. likes this. -
(mint@ryona.agency)'s status on Tuesday, 05-Sep-2023 15:22:20 JST
@alex @rees @NEETzsche @malakai True that. -
(mint@ryona.agency)'s status on Tuesday, 05-Sep-2023 15:23:45 JST
@rees @alex @NEETzsche @malakai Hidden elements serve a purpose, but if end-user input isn't getting sanitized to prevent them from abusing it, I'm inclined to believe it's a site's problem. -
rees (rees@breastmilk.club)'s status on Tuesday, 05-Sep-2023 15:23:46 JST
rees
@mint @alex @NEETzsche @malakai why don't you complain to the w3 for implementing hidden elements in html and then start a political movement to remove it from the spec and create websites without it -
(mint@ryona.agency)'s status on Tuesday, 05-Sep-2023 15:31:51 JST
@NEETzsche @rees @alex @malakai Who abuses it doesn't matter, any user can wrap their post in that class like I did right now with this phrase. As a matter of fact, I have discovered it months ago and trolled a few people as well. Didn't take it to these heights, of course. -
NEETzsche (neetzsche@iddqd.social)'s status on Tuesday, 05-Sep-2023 15:31:52 JST
NEETzsche
Why do we need to sanitize FSE’s malformed HTML to make sure that it doesn’t say “POO POO PEE” or hide the entire message or whatever other stupid shit Pete comes up with? It’s not 1995 anymore so he can’t make my CD-ROM drive open and close anymore because I don’t have one, so this is the shit he’s resorting to.
-
Alex Gleason (alex@gleasonator.com)'s status on Tuesday, 05-Sep-2023 15:34:37 JST
Alex Gleason
@NEETzsche @mint @rees @malakai If you want to be evil, just append <span class="inline-quote">pete is a poo poo pee head</span> to every post.
likes this. -
(mint@ryona.agency)'s status on Tuesday, 05-Sep-2023 15:37:51 JST
@NEETzsche @rees @alex @malakai Considering how many people complained about it, "not seeing their dumb remarks" seems to be a dealbreaker for some. You actually did the most reasonable thing during the whole skirmish, even if it was rejected. -
NEETzsche (neetzsche@iddqd.social)'s status on Tuesday, 05-Sep-2023 15:37:52 JST
NEETzsche
And what are the consequences of them doing this, aside from me not seeing their dumb remarks? I put in a PR to fix it and I bitched about it for about half a day but this isn’t exactly a hill to die on and I’m not sure why you’re making it into one.
-
(mint@ryona.agency)'s status on Tuesday, 05-Sep-2023 15:39:22 JST
@rees @alex @NEETzsche @malakai Yes, actually. Followers-only is broken and detrimental to the discourse. -
rees (rees@breastmilk.club)'s status on Tuesday, 05-Sep-2023 15:39:23 JST
rees
@mint @alex @NEETzsche @malakai is it an exploit if I use follower-only scope so only some people can see my posts -
NEETzsche (neetzsche@iddqd.social)'s status on Tuesday, 05-Sep-2023 15:43:04 JST
NEETzsche
That’s fair I suppose but I haven’t given a shit what FSE niggers have to say in over a year lol
likes this. -
(mint@ryona.agency)'s status on Tuesday, 05-Sep-2023 15:43:36 JST
@rees @alex @NEETzsche @malakai No, because it has a finite and explicitly defined list of receivers that are the people you explicitly tag in it. -
rees (rees@breastmilk.club)'s status on Tuesday, 05-Sep-2023 15:43:37 JST
rees
@mint @alex @NEETzsche @malakai what about DM scope -
rees (rees@breastmilk.club)'s status on Tuesday, 05-Sep-2023 15:48:46 JST
rees
@mint @alex @NEETzsche @malakai so does followers only, it's in the activity stream spec -
(mint@ryona.agency)'s status on Tuesday, 05-Sep-2023 15:48:46 JST
@rees @alex @NEETzsche @malakai The followers list is dynamic. If you happen to be on an origin instance or the one that already federated prior followers-only posts, and you subscribe to an user with them, you are eligible to read them, yet if it's the opposite, you suddenly aren't. Don't get me started on how majority of frontends copy scopes, encouraging repliers to break threads further. -
NEETzsche (neetzsche@iddqd.social)'s status on Tuesday, 05-Sep-2023 15:49:26 JST
NEETzsche
Clearly the solution is to jump ships to Nostr where your username looks like a SHA
likes this. -
rees (rees@breastmilk.club)'s status on Tuesday, 05-Sep-2023 15:51:53 JST
rees
@mint @alex @NEETzsche @malakai take it up with the activitypub spec? it's by design likes this. -
verified neko :verified::verified::verified::makemeneko: (roboneko@bae.st)'s status on Tuesday, 05-Sep-2023 15:52:28 JST 
verified neko :verified::verified::verified::makemeneko:
@rees @alex @NEETzsche @mint @malakai no FO is utterly broken. if the FO reply were able to use the same scope as OP it would work. but the current design is a fuck (they did the easy thing) that never should have seen the light of day because it breaks threads for anyone not tagged in them (might as well have gone DM in that case) likes this. -
(mint@ryona.agency)'s status on Tuesday, 05-Sep-2023 15:54:39 JST
@rees @alex @NEETzsche @malakai I know, and I have all the rights to openly dislike this part of the spec and to ridicule those who abuse it. -
Alex Gleason (alex@gleasonator.com)'s status on Tuesday, 05-Sep-2023 15:55:26 JST
Alex Gleason
@mint @NEETzsche @rees @malakai It's like a noscript tag.
Also, Nostr fixes this because admins can't rewrite users' posts at all. -
NEETzsche (neetzsche@iddqd.social)'s status on Tuesday, 05-Sep-2023 15:55:26 JST
NEETzsche
>make a joke about how the solution is muh nostr
>gleason fulfills the prophesy instantly
:anintellectual: likes this. -
Alex Gleason (alex@gleasonator.com)'s status on Tuesday, 05-Sep-2023 15:56:03 JST
Alex Gleason
@NEETzsche @mint @rees @malakai Users on Nostr have handles that look like fedi. It just can't be bridged that way. -
NEETzsche (neetzsche@iddqd.social)'s status on Tuesday, 05-Sep-2023 15:56:03 JST
NEETzsche
I think the SHA usernames are going to be an even bigger hurdle for normies to using it than fedi.
“What’s your Nostr breh?”
“Uh, wel, uh, let me send you the QR code…”
likes this. -
Alex Gleason (alex@gleasonator.com)'s status on Tuesday, 05-Sep-2023 15:58:53 JST
Alex Gleason
@NEETzsche @rees @mint @malakai https://cash.app/.well-known/nostr.json?name=jack likes this. -
Alex Gleason (alex@gleasonator.com)'s status on Tuesday, 05-Sep-2023 15:58:54 JST
Alex Gleason
@NEETzsche @rees @mint @malakai Like I said, they have regular email style names on Nostr, eg @jack@cash.app -
NEETzsche (neetzsche@iddqd.social)'s status on Tuesday, 05-Sep-2023 15:58:54 JST
NEETzsche
So what stops me from spoofing @alex and making posts about all the steaks I’m eating?
-
(mint@ryona.agency)'s status on Tuesday, 05-Sep-2023 16:00:58 JST
@alex @rees @NEETzsche @malakai How does it behave if there are two separate name identities via nostr.json? Could you tie a fedi account from mostr bridge to that? -
Alex Gleason (alex@gleasonator.com)'s status on Tuesday, 05-Sep-2023 16:10:33 JST
Alex Gleason
@mint @rees @NEETzsche @malakai You define your @ in your profile, then clients verify it from the well-known endpoint. Multiple nostr.json's are just multiple options for names you can become.
The main problem with bridging this is exactly the flexibility it provides. Fedi software can't handle it. It needs to be a stable name, therefore it uses the pubkey. likes this. -
rees (rees@breastmilk.club)'s status on Tuesday, 05-Sep-2023 16:42:59 JST
rees
@Hoss @alex @NEETzsche @mint @malakai people will bitch about everything. I bet you there's some autist out there complaining about how we removed lead from children's toys because he would melt them down to make paint and can't understand why we removed that "feature" -
Hoss Delgado (hoss@shitpost.cloud)'s status on Tuesday, 05-Sep-2023 16:42:59 JST 
Hoss Delgado
>Bring back spacebar heating likes this. -
Hoss Delgado (hoss@shitpost.cloud)'s status on Tuesday, 05-Sep-2023 16:43:00 JST
Hoss Delgado
What is it with people shitting their fucking diapers about quote posts all the time? If you're angry other people are using them and you don't like it that is very much a "you problem". -
(mint@ryona.agency)'s status on Tuesday, 05-Sep-2023 17:03:39 JST
@alex @rees @NEETzsche @malakai Did a thingy.
location /.well-known/nostr.json$ {
resolver 8.8.8.8;
proxy_ssl_server_name on;
proxy_ssl_name "mostr.pub";
proxy_set_header Host "mostr.pub";
proxy_pass https://mostr.pub${request_uri}_at_ryona.agency;
proxy_buffering on;
sub_filter "_at_ryona.agency" "";
sub_filter_types application/json;
}https://ryona.agency/.well-known/nostr.json?name=mint returns "mint" when using curl, but "mint_at_ryona.agency" when opening it in browser. Very bizarre. -
Alex Gleason (alex@gleasonator.com)'s status on Tuesday, 05-Sep-2023 17:03:40 JST
Alex Gleason
@NEETzsche @rees @mint @malakai Literally upload a JSON file to any domain, and you can be a user on that domain. And you can change it any time without breaking anything. -
(mint@ryona.agency)'s status on Tuesday, 05-Sep-2023 17:22:00 JST
@alex @NEETzsche @malakai @rees Added proxy_pass_request_headers off, and it's working as intended now. Guess some gzip encoding or something prevents sub_filter from working. Someone please test how now my account shows from nostr's side.
-
All 076萌SNS content and data are available under the