awbvious

joined 2 years ago
MODERATOR OF
[–] awbvious@lemmy.world 1 points 1 month ago

For posterity. This is from today.

Environment Firefox Browser 139.0.1 (64-bit) NoScript 13.0.8 All other extensions disabled

A broken image, from Active on lemmy.world. Notably by a user named "Docker". broken image

My noscript settings. settings

[–] awbvious@lemmy.world 1 points 2 months ago (1 children)

tor browser is a hardened variant of firefox esr.

I'm familiar with ESR. As I understand it, it is the version before (or more precisely a reflection of the version before) Mozilla switched to the newer version, breaking a lot of extensions that I liked in the process. As I remember it, it was a pretty deep departure (and many considered it too Chrome-y, was the same underlying engine on something like that). The newer version was more secure, but also more limited. I've played around with some ESR forks, but I do not use them normally/currently. That alone sounds like a pretty different environment.

screenshot is from macos,

Ah, now I see it. I've seen that in screenshots before. But yes, yet another case of different environments. And that's not even getting into other possible extensions.

your claim of loading js from other instances is ludicrous for someone who knows how these things work

I'm sorry if you thought I was "implying that I’m ... even lying". I just want to get environmental discrepancy issues out of the way first. Let's have best faith assumptions, like I will regarding the above sentence.

As for loading js, I took a screenshot, but I don't want to upload screenshots if not necessary. It was from a few days ago and does show many instances attempting to run scripts. Notably, after my post, I noticed that images were loading without needing to enable any javascript from other servers (didn't bother to check if they were still trying to, but I didn't permanently allow them, and images were loading). I can upload my screenshot, but only if you really want them. That is if it is something you need. My best faith understanding of our communication is neither of us want this to devolve into something unpleasant, and I worry about it getting there.

ublock origin ... umatrix

I have the former, tried the latter, but ultimately have stuck to a mix of ublock origin and noscript. Theoretically, one doesn't even need noscript, ublock origin can do it. But I am used to this mix. I can see by how many times you've mentioned it, that I need not remind you for how long.

not just rant

If this feels like ranting, then perhaps we do not engage further. However, if /you/ feel you would benefit, I am more than happy to. I do appreciate the time you put into your responses and what you have added to the conversation.

[–] awbvious@lemmy.world 2 points 2 months ago* (last edited 2 months ago)

remove thumbnail=96

Hey, that sounds like a great idea, I bet I could add that to ublock origins. And, yeah, zoom via ctrl plus is what I do (I'm not sure if it is remembered between sessions). As for the side bar, it does not bother me, it was just as an example of what an extension theoretically could do. Honestly, another extension should not be needed. Instead a lemmy /c/ or other repository for user hacks would be nice that you could put into ublock origins or other DOM manipulator. That removing thumbnail sampling looks awesome, will try it out next time I'm on desktop.

[–] awbvious@lemmy.world 1 points 2 months ago

I'll try to play with it next time I'm on desktop. Thanks!

[–] awbvious@lemmy.world 2 points 2 months ago* (last edited 2 months ago)

Mentioned elsewhere, and a decent workaround. Doesn't do well with thumbnails, unfortunately.

[edit: someone below suggested removing the thumbnail sampling (I'll probably try via uBlock Origins). Honestly with that and a bit of zoom, might work fine. Will be testing it.]

[–] awbvious@lemmy.world 0 points 2 months ago (4 children)

So, why does your image show the ani.social and mine doesn't? Remember I said Firefox. Sorry, too many years in dealing with these kinds of issues. Please show me a screenshot of the top of the browser so I can see it is Firefox and also expand out the noscript extension like you did before and show me the ani.social image expanded. I know your first image had a window header that did not look like Firefox. In fact you mentioned "tor browser" and I want to make sure we are talking apples to apples.

[–] awbvious@lemmy.world 0 points 2 months ago* (last edited 2 months ago)

So, I agree with everything the other responders are saying. Whitelist the primary domain (and maybe a cdn domain that is hopefully nicely labeled) and a decent site should play decently. But it is also that I (generally) know when to pick my battles--or I at least keep my pointless battles to a small scope and fairly sporatic.

I'm asking for a solution to this from the lemmy community, not reddit or a big corposite. They would want a single domain or a few domains for opposite reasons than making the user happy: they would want to control the user experience and ensh**tify via dark patterns. I do not think we should need to blanket allow scripts from dozens of sites just to see images, that's the scope of this mini-battle I do not plan to fight beyond this post. I mention ensh**tification because I just happened to see this https://thetyee.ca/Culture/2025/05/26/Internet-Sucks-Cory-Doctorow/ on this https://old.lemmy.world/?sort=Hot&listingType=All&page=3 (thanks, above suggester for reminding me of old.lemmy).

So open technology like the web is replete with disenshi**ifying add-ons. Ad blockers are running in more than half of all web browsers in the world. It's the most successful consumer boycott in human history, but there are zero ad blockers running in apps, because you have to reverse engineer the app first, and that's illegal under use of Bill C-11 and under the U.S. Digital Millennium Copyright Act, and Article 6, the copyright directive.

[Note, I censored those letters. I've been told you can swear on the internet, though.] One of my "old man yells at cloud" moments of late is when I have to deal with a very small company forcing an app down my throat when a website will do and the using of that company/service (and thus app) is being forced upon me by outside forces. If it's a small enough company, I will go through too many emails back and forth with their "CTO" telling them why it's a problem and why they should just have an app (a site that, yes, almost certainly would need javascript). Because that's the small act of protest some of us should be doing in my mind. That way the next time someone thinks, hmm, we could just do an app and only offer it, they'll then think, naw, there's going to be that one annoying customer, not worth it. Same with this issue, for me at least. I don't see why we /have/ to run javascript on secondary sites just to have a thumbnail and a resulting image. And I'm posing this, again, on lemmy not reddit. So, consider this my allowing myself a brief moment to yell at a cloud.

[EDIT: Escaped my asterisks. I worried there would be automatic markdown, but I didn't see the Preview button.]

[–] awbvious@lemmy.world 1 points 2 months ago (2 children)

Which is basically the same as old.reddit.com . Which is great as far as functionality. Squint and you can imagine it would be perfect. Zoom in and it's decent, except the thumbnails now are even more clearly 4-pixel potatoes. Okay, so where's my FOSS firefox extension that works like RES (Reddit Enhancement Suite)? Or, I actually don't need that, just a FOSS firefox extension that takes any old.lemmy and makes the layout look like the new layout, with toggles to turn off anything in the new layout you don't want (e.g. right side bar)? Or, maybe some custom javascript I can save in greasemonkey to make everything zoom 150% and replaces thumbnails with better compressed versions of their expanded versions (make my own thumbnails)?

[–] awbvious@lemmy.world 3 points 2 months ago (2 children)

Looks nice is my immediate impression (looking at it with all javascript off, including ). Still would like thumbnails that are the entire image just much smaller, maybe via CSS. The cropping is very misleading on a lot of images. Perhaps one could use css-toggle-switch--not going to try to solution it, and I know last time I checked css wasn't great for it. But the results are notably different from lemmy.world for Active or Top past 12 hours. Not necessarily /bad/, particularly for top posts as they at least have a bit of engagement. But it seems like part of the solution is just don't incorporate results from servers that require javascript. Is it possible (ethical even) to incorporate them, but be a middle-man that saves the user from their javascript?

[–] awbvious@lemmy.world 0 points 2 months ago (6 children)

That looks cherry picked or very lucky. Can you show me a screenshot of Firefox with NoScript and allowing only lemmy.world and ANY other image from the first five results of the home page? My result? "The American Dream" discuss.online - BROKEN "We are way overdue for an open source 2d printer" sub.wetshaving.social - BROKEN "We never stood a chance." ani.social - BROKEN "literally useless" lemmy.blahaj.zone - BROKEN "Anime Recommendations" lemmy.dbzer0.com - Works (the one you show)

 

So, I am one of those old school types who mains with Firefox and Noscript. And also a filthy casual that just goes on lemmy.world. But half the images are broken because I'm expected to allow scripts on like 30+ sites to see most of the posts. I'm literally expected to allow /all/ the scripts from a domain just so I can see a dang picture behind the thumbnail. That's the entirety of the scripting needed. That seems ridiculous. Is there, I don't know, a server/way that makes it so I don't have to blanket allow all these scripts? To put it in meme form (not sure I'm doing it right, never seen the show): "It's an image of a banana Michael, what should it take, one Raspberry Pi running Docker?"

[EDIT 6/1/25 - thanks to everyone who commented on this. Screenshots: https://lemmy.world/comment/17403335 ]

 

How many times is it:

a) White-hat hacker, found out there was a problem, wanted to exploit before anyone else did, so they could return. Maybe they don't follow some rules of convention proposed by others on how to do it safely like https://jumpcrypto.com/writing/safu-creating-a-standard-for-whitehats/ . Maybe they aren't aware or just don't have the time to set it all up.

b) White-hat hacker, same as above, but believes they really should get paid somewhat. So if there's no bug bounty yet, will wait until offered a 10% bounty.

c) Black-hat hacker that would totally keep all of this, but someone just came to the door where they live with all kinds of details on them and their love ones.

We'll probably never know.

I mean, if you are able to completely track down the exploiter, and could thus contact them by non-public means, would you then telegraph that information to the world as a blockchain message and thus lose a bit of that leverage? Or even after the funds were returned, and the leverage wasn't need any more, reveal what was done to get the funds back, as that could kind of backfire with the crypto community (Arkham Intelligence)?

I like to think this is rare. Except for when it is state sponsored, most of these exploiters, I think, are fine with just a small bounty because, yeah, they just alerted you to a bug before someone who might just keep it all found that bug. Funds can generally always be returned rather quickly and easily. Also, in many cases, it's not even so easy to say when exploiting is even unethical. For one, in many ways, DeFi is about code being law. And that code likely doesn't have a EULA in it (would be awfully spammy for the chain if it did and really, who likes EULAs?).

That said, I do like the idea of standard for whitehats. But it's a bit ironic that Jump Crypto should care about ethics, after they bailed out Terra Luna. Afterwards, they told no one, they just let everyone hear Do Kwon's lies about the algorithm working, and not the truth that the ponzi only stayed barely afloat a little longer thanks to their TradFi backroom shenanigans.

 

I like most of these arguments, and I can easily agree on security (but that's as easy as acknowledging how centralized staking has been). But there is no statistical evidence regarding the environmental "debunk." GPUs being reused for other uses is not a slam. If anything, more uses would mean if existing hardware didn't exist more would be created AND use the same energy. As for MEV, he has no stats for how much was done prior to merge, thus to way to prove. I'd been hearing about the Dark Forest long before the Merge. A technological advance on MEV could fix regardless of PoS or PoW--or it can fail regardless (looking at you PoH Solana https://www.coindesk.com/tech/2023/02/24/for-solana-users-priority-fees-mean-paying-up-to-skip-the-line/ - nail in the coffin for me as killing MEV was my main hope for the chain). No stats = weaker argument. It definitely should require weasel words, not absolutes, like environmental impact is definitely not better with PoS. Again, the arguments on security and profitability are fine.

1
submitted 2 years ago* (last edited 2 years ago) by awbvious@lemmy.world to c/cryptonews@lemmy.world
 

This is the image: Late Stage Crapitalism

Hello! Welcome to the CorpoMegaMetaverse! Let's play a game where you hear our advertising pitches in this dead, soulless wasteland.

Do you want to try our new McNeftee Burger? All the pixels and none of the taste! It's like an advertisement in your virtual mouth. Yum!

1
awbvious opensea (opensea.io)
submitted 2 years ago* (last edited 2 years ago) by awbvious@lemmy.world to c/awbvious@lemmy.world
 

awbvious awbvious awbvious awbvious awbvious awbvious awbvious awbvious awbvious awbvious awbvious awbvious awbvious awbvious awbvious awbvious awbvious awbvious awbvious awbvious awbvious awbvious awbvious awbvious awbvious awbvious awbvious awbvious awbvious awbvious awbvious awbvious awbvious awbvious awbvious awbvious awbvious awbvious awbvious