When clicking the cross-post icon, a search box appears where you can select the community to cross-post to. It shows announcement communities that disallow posting. It allowed me to select !lemmyverse@lemmyverse.org. But then when I clicked “create” it just goes to lunch and gives an endless spinner. That’s a really shitty behavior. The user has no idea why it’s hanging when in fact there should be no hangup at all.

I did not know !lemmyverse@lemmyverse.org had restricted posting until I went there to see if I could post directly. The search dialog in the cross-posting form should print a prohibited icon or warning icon (⚠) next to communities where posts are impossible. This would show users there will be a problem but in a way that does not ignore the existence of those communities. And if they select such communities anyway, they should get a hard and fast proper error msg.

cross-posted from: https://lemmy.dbzer0.com/post/6251633

LemmyWorld is a terrible place for communities to exist. Rationale:

• Lemmy World is centralized by disproportionately high user count
• Lemmy World is centralized by #Cloudflare
• Lemmy World is exclusive because Cloudflare is exclusive

It’s antithetical to the #decentralized #fediverse for one node to be positioned so centrally & revolting that it all happens on the network of a privacy-offender (CF). If #Lemmy World were to go down, a huge number of communities would go with it.

So what’s the solution? My individual action idea is to avoid posting an original thread to #LemmyWorld. I find a non-Cloudflare decentralized instance to post new threads. I create one if needed. Then I cross-post to the relevant Lemmy World community. This gets some exposure to my content while also tipping off readers of the LW community of alternative venues.

Better ideas? Would this work as a collective movement?

LemmyWorld is a terrible place for communities to exist. Rationale:

• Lemmy World is centralized by disproportionately high user count
• Lemmy World is centralized by #Cloudflare
• Lemmy World is exclusive because Cloudflare is exclusive

It’s antithetical to the #decentralized #fediverse for one node to be positioned so centrally and revolting that it all happens on the network of a privacy-offender (CF). If #Lemmy World were to go down, a huge number of communities would go with it.

So what’s the solution?

Individual action protocol:

1. Never post an original thread to #LemmyWorld. Find a free world non-Cloudflare decentralized instance to start new threads. Create a new community if needed. (there are no search tools advanced enough to have a general Cloudflare filter, but #lemmyverse.net is useful because it supports manually filtering out select nodes like LW)
2. Wait for some engagement, ideally responses.
3. Cross-post to the relevant Lemmy World community (if user poaching is needed).

This gets some exposure to the content while also tipping off readers of the LW community of alternative venues. LW readers are lazy pragmatists so they will naturally reply in the LW thread rather than the original thread. Hence step 2. If an LW user wants to interact with another responder they must do so on the more free venue. Step 3 can be omitted in situations where the free-world community is populated well enough. If /everything/ gets cross-posted to LW then there is no incentive for people to leave LW.

Better ideas? Would this work as a collective movement?

Apart from Cloudflare being an access restricted walled garden that harms interoperability, I really do not want my content on CF & I do not want CF content reaching me. This bug is one of many issues likely caused by Cloudflare:

https://lemmy.dbzer0.com/post/4806490

I would like to flip a switch that has the effect of making my whole UX Cloudflare-free. Cloudflare is antithetical to decentralization and it has clearly broken the #Lemmy network.

I tried to post in a zerobytes.monster community from a normal (non-Cloudflared) instance using Tor Browser. When I clicked the button to submit the post, it just became an endlessly spinning icon.

Then I posted on a non-Cloudflare instance instead, which worked fine. Then I tried to cross-post it to zerobytes.monster. Again, non-stop spinner.

I suspect the problem is that even though I’m actually on node A, when I direct the content to post on node B there is perhaps a direct connection being made to node B. When node B is tor-hostile (e.g. Cloudflare) it’s blocking the packets. But the software is not smart about this.. just leaves the user hanging.

Now I wonder if the other endless spinner I encountered when trying to create an account somewhere is a Cloudflare-induced issue as well:

https://lemmy.dbzer0.com/post/4525532

Filled out the reg. form, filled out the CAPTCHA, and hit the “sign up” button which then turns into a spinner. The spinner never stops. Confirmation email never arrives.

Lemmy devs: please give output rather than just spinners. We have no way to know what is going on or how long it takes to process a registration form. We should receive error messages rather than a forever loop.

I click LOGIN, enter my username, tab over to the password field and as I’m entering the password the username clears. So then i have to go back to the username field and re-enter it.

It’s as if the page is still loading but as a final action in the loading process it clears the form. I’m not a javascript expert but it feels like excessive use of js for something that should simply be html.

#LemmyBug

cross-posted from: https://lemmy.dbzer0.com/post/1867431

Lately I’m running into more and more situations where I am forced to patronize a private company in the course of doing a transaction with my government. For example, a government office stops accepting cash payment for something (e.g. a public parking permit). Residents cannot pay for the permit unless they enter the marketplace and do business with a private bank. From there, the bank might force you to have a mobile phone (yes, this is common in Europe for example).

Example 2:

Some gov offices require the general public to call them or email them because they no longer have an open office that can be visited in person. Of course calling means subscribing to phone service (payphones no longer exist). To send an email, I can theoretically connect a laptop to a library network and use my own mail server to send it, but most gov offices block email that comes from IP that Google/SpamHaus/whoever does not approve, thus forcing you to subscribe to a private sector service in order to do a public transaction. At the same time, snail-mail is increasingly under threat & fax is already ½ dead.

Example 3:

A public university in Denmark refuses access to some parts of the school’s information systems unless you provide a GSM number so they can do a 2FA SMS. If a student opposes connecting to GSM networks due to the huge attack surface and privacy risks, they are simply excluded from systems with that limitation & their right to a public education is hindered. The school library e-books are being bogarted by Cloudflare’s walled garden, where a private company restricts access to the books based on factors like your IP address & browser.

Where are my people?

So, I’m bothered by this because most private companies demonstrate untrustworthyness & incompetence. I think I should be able to disconnect and access all public services with minimal reliance on the private sector. IMO the lack of that option is injustice. There is an immeasurably huge amount of garbage tech on the web subjecting people to CAPTCHAs, intrusive ads, dysfunctional javascript, dark patterns, etc. Society has proven inability to counter that and it will keep getting worse. I think the ONLY real fix is to have a right to be offline. The power to say:

*“the gov wants to push this broken reCAPTCHA that forces me to share data with a surveillance capitalist

no thanks. Give me an offline private-sector-free way to do this transaction”*

There is substantial chatter in the #fedi about all the shit tech being pushed on us & countless little tricks and hacks to try to sidestep it. But there is almost no chatter about the real high-level solution which would encompass two rights:

1. a right to be free from the private sector marketplace; and
2. the right to be offline

Of course there could only be very recent philosophers who would think of the right to be offline. But I wonder if any philosophers in history have published anything influential as far as the right to not be forced into the private sector marketplace. By that, I don’t mean anti-capitalism (of course that’s well covered).. but I mean given the premise is that you’re trapped inside a capitalist system, there would likely be bodies of philosophy aligned with rights/powers to boycott.

cross-posted from: https://lemmy.dbzer0.com/post/1702086

So Bob replies to Alice, who then reads the msg and marks it as read. Then Bob makes some significant changes to the msg like adding lots of useful information that further answers Alice’s question. Alice gets no notification that the reply was updated.

I have firefox configured to show no images because I’m on a limited connection. I think the only thing I’ve changed w.r.t. my usage habits recently is to start using Lemmy again. I’m chewing through bandwidth credit quite fast, like ¼—⅓gb in a day. Does it seem possible that Lemmy would cause that even when images are disabled in firefox? I might have to lay off lemmy a few days and see how it goes.

BTW, I only just now disabled “show avatars” in the Lemmy settings, but I don’t expect that to make any difference if my browser was already configured not to show images.

cross-posted from: https://lemmy.dbzer0.com/post/1699039

Title says all. You can be in the middle of a lengthy response to someone, and if you click to vote their post up or down, everything you just typed is lost & non-recoverable. Yikes!

I would love if just once an admin of a fedi host under #DDoS attack would have the integrity to say:

“We are under attack. But we will not surrender to Cloudflare & let that privacy-abusing tech giant get a front-row view of all your traffic (including passwords & DMs) while centralizing our decentralized community. We apologize for the downtime while we work on solving this problem in a way that uncompromisingly respects your privacy and does not harm your own security more than the attack itself.”

This is inspired by the recent move of #LemmyWorld joining Cloudflare’s walled garden to thwart a DDoS atk.

So of course the natural order of this thread is to discuss various Cloudflare-free solutions. Such as:

1. Establish an onion site & redirect all Tor traffic toward the onion site. 1.1. Suggest that users try the onion site when the clearnet is down— and use it as an opportunity to give much needed growth to the Tor network.
2. Establish 3+ clearnet hosts evenly spaced geographically on VPSs. 2.1. Configure DNS to load-balance the clearnet traffic.
3. Set up tar-pitting to affect dodgy-appearing traffic. (yes I am doing some serious hand-waving here on this one… someone plz pin down the details of how to do this)
4. You already know the IPs your users use (per fedi protocols), so why not use that info to configure the firewall during attacks? (can this be done without extra logging, just using pre-existing metadata?)
5. Disable all avatar & graphics. Make the site text-only when a load threshold is exceeded. Graphic images are what accounts for all the heavy-lifting and they are the least important content (no offense @jerry@infosec.exchange!). (do fedi servers tend to support this or is hacking needed?)
6. Temporarily defederate from all nodes to focus just on local users being able to access local content. (not sure if this makes sense)
7. Take the web client offline and direct users to use a 3rd party app during attacks, assuming this significantly lightens the workload.
8. Find another non-Cloudflared fedi instance that has a smaller population than your own node but which has the resources for growth, open registration, similar philosophies, and suggest to your users that they migrate to it. Most fedi admins have figured out how to operate without Cloudflare, so promote them.

^ This numbering does /not/ imply a sequence of steps. It’s just to give references to use in replies. Not all these moves are necessarily taken together.

What other incident response actions do not depend on Cloudflare?