Yeah I’ve never seen it either. However, I was curious if it was because instances were blocking it (as in fedipact).

Checking out Lemmy.world, I noticed threads is actually listed as a linked server. So at some point, lemmy.world has traded content with threads.net.

Though I can’t actually find the content. And there don’t seem to be any threads.net users (except a couple who wrote it in their display name as some sort of joke), so perhaps there are some threads users who are following lemmy communities but haven’t commented (or aren’t able to)?

How does Threads federation work compared to Mastodon? Do they have an allow list?

Mastodon users can subscribe to Lemmy communities so I’m curious if Threads can already federate with Lemmy.

Oh wow, that’s quite… something.

Given how targeted the attacks were at certain people, does this imply a bunch of people walking around with explosives in their pagers, where they weren’t set off because they weren’t one of the targets?

Music has this right. Don’t like spotify? Try Tidal, Qobuz, etc. They all have the same music, but slightly different models to attract different users (Spotify has free and paid tiers, Tidal does high quality, Qobuz does streaming plans as well as individual song purchases).

Ah sorry, it sounded like you were reacting to the comment you replied to, which it was more like you were adding information.

I think you misunderstood the comment you are replying to.

The WordPress Foundation does not have the same owner as WordPress.com.

There is a referer header sent, but depending on the exact code added to the page, it’s very likely they are loading a snippet of JavaScript that lets them collect other information and trigger their own sending of information to their server.

For example, Google Analytics has javascript added to the page, but loading fonts from Google’s CDN (which many sites do) will rely on the referer.

Yes, it’s the reason for the tracking. To sell more targeted ads.

If you’re up for reading some shennanigans, check out the book Mindf*ck. It’s about the Cambridge Analytica scandal, written by a whistleblower, and details election manipulation using data collected from Facebook and other public or purchased data.

How does GDPR fit in to Google Analytics and personalised ads?

I would have thought it went something like: random identifier: not linked to personal info, just a collection of browsing history for an unidentified person, not under GDPR as not personal info.

Link to account: let them request deletion (or more specifically, delinking the info from your account is what Facebook lets you do), GDPR compliant.

Both Google and Facebook run analytics software that tracks users. I presume letting people request deletion once it’s personally linked to them is probably what let’s them do it? But I don’t live in a GDPR country, so I don’t know a whole lot about it.

It doesn’t have to be. Your browser sends the cookies for a domain with every request to that domain. So you have a website example.com, that embeds a Facebook like button from Facebook.com.

When your browser downloads the page, it requests the different pieces of the page. It requests the main page from example.com, your browser sends any example.com cookies with the request.

Your browser needs the javascript, it sends the cookie in the request to get the JavaScript file. It needs the like button, it sends a request off to Facebook.com and sends the Facebook.com cookies with it.

Note that the request to example.com doesn’t send the cookies for Facebook.com, and the request to Facebook.com doesn’t send the cookie for example.com to Facebook. However, it does tell Facebook.com that the request for the like button came from example.com.

Facebook puts an identifier in the cookie, and any request to Facebook sends that cookie and the site it was loaded on.

So you log in to Facebook, it puts an identifier in your cookies. Now whenever you go to other sites with a Facebook like button (or the Facebook analytics stuff), Facebook links that with your profile.

Not logged in? Facebook sets an identifier to track you anyway, and links it up when you make an account or log in.

The problem is that a website is generally not served from one domain.

Put a Facebook like button on your website, it’s loaded directly from Facebook servers. Now they can put a cookie on your computer with an identifier.

Now every site you visit with a Facebook like button, they know it was you. They can watch you as you move around the web.

Google does this at a larger scale. Every site with Google ads on it. Every site using Google analytics. Every site that embeds a Google map. They can stick a cookie in and know you were there.

I don’t get what you want for Lemmy. Lemmy has 50k active monthly users. The forums I used to frequent 20 years ago had a fraction of that.

How many people are you expecting for your online forum?

Yah, I see your battery density graph and the batteries in question would blow a hole in that chart, and several charts above it.

I’m not sure if we are looking at the same chart. The chart goes up to 500 Wh/kg, the same as this new Samsung battery as per the original article. It’s may well be the same battery that gives the chart that value, but notice the years prior it gets higher and higher up to that value.

It might be 10 years away from being the mainstream battery but the battery technology that was 10 years away 9 years ago is almost here.

What makes you think that’s “sudden”?

I was meaning how EVs created a consumer market for huge batteries where prior to that the biggest battery in your house might have been a power tool. But you’re right, there was a premium market for emerging battery tech and it increases along a scale like anything else.

Nah, see the battery density graph here. Batteries have made great progress already, and it’s accelerating because suddenly there are trillions of dollars on the line for anyone that can make big strides in battery technology.

Battery tech has still come a long way since say 10 years ago, even though the “next gen” stuff hasn’t made it to scaled production. Looks like this is the beginning of scaled production, though.

Thanks, I think that explains it a bit more. It is unexpected to me, as a non-git expert, and I’m sure many others.

Ah thanks, this explains it a bit more.

I’m still not sure that answers it. If I fork a project, and the upstream project commits an API key (after I’ve forked it), then they delete the commit, does this commit stay available to me (unexpected behaviour)? Or is it only if I sync that commit into my repo while it’s in the upstream repo (expected behaviour)?

Or is it talking about this from a comment here:

Word of caution 2: The commit can still be accessible directly via SHA1. Force push does not delete the commit, it creates a new one and moves the file pointer to it. To truly delete a commit you must delete the whole repo.

Someone replies and said by having garbage collection kick in it removes this unconnected commit, but it’s not clear to me whether this works for github or just the local git repo.

Perhaps the issue is that these commits are synced into upstream/downstream repos when synced when they should not be?

Like I said, I’m really confused about the specifics of this.

The article is really not clear. Is it saying if a project is forked, then the original is made private, the fork can access data from the private fork?

potentially enabling malicious actors to access sensitive information such as API keys and secrets even after users think they’ve deleted it.

Is this saying people misunderstand git and think committing a deletion makes people unable to access the previous version? Or is it saying the sharing between public and private repos can expose keys in private repos?

If you accidentally commit an API key into a public repository… you need to roll that key. Even if it was deleted completely, someone still could have accessed it while it was there.