at that point you’ll just discourage any new users if they have to gamble on whether or not their content is actually seen by anyone. account age really isn’t a good indicator of anything other than soemone being dedicated enough to spam. considering this isn’t the first wave of csam attacks, i can assure you that whoever is targeting lemmy with this is determined enough that account age won’t deter them for long, they’ll just have to slightly adjust their playbook.

that doesn’t do anything, they’ll just register accounts in advance and wait some days.

we’ve even had spam recently from accounts that had been dormant for months, although it was a different kind of spam.

account deletion does not federate in general, only banning (+ content removal) does

no, they’re getting a lot of downvotes because it’s spam.

they’re not interested in legitimate discussion, they only need to promote the spam links at the end of the post.

I ate fiber but now my internet is down. what do I do?

The 90 days disclosure you’re referencing, which I believe is primarily popularized by Google’s Project Zero process, is the time from when someone discovers and reports a vulnerability to the time it will be published by the reporter if there is no disclosure by the vendor by then.

The disclosure by the vendor to their users (people running Lemmy instances in this case) is a completely separate topic, and, depending on the context, tends to happen quite differently from vendor to vendor.

As an example, GitLab publishes security advisories the day the fixed version is released, e.g. https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/.
Some vendors will choose to release a new version, wait a few weeks or so, then publish a security advisory about issues addressed in the previous release. One company I’ve frequently seen this with is Atlassian. This is also what happened with Lemmy in this case.

As Lemmy is an open source project, anyone could go and review all commits for potential security impact and to determine whether something may be exploitable. This would similarly apply to any other open source project, regardless of whether the commit is pushed some time between releases or just before a release. If someone is determined enough and spends time on this they’ll be able to find vulnerabilities in various projects before an advisory is published.

The “responsible” alternative for this would have been to publish an advisory at the time it was previously privately disclosed to admins of larger instances, which was right around the christmas holidays, when many people would already be preoccupied with other things in their life.

requiring an app to open chests? what?

I’m glad I’ve been avoiding Ubisoft like the plague they are for all the other issues already.

it sure is possible, but not with the amount of work anyone would be willing to put into it.

i don’t want to go to all that effort

you sound like you’re not even washing coconuts

those aren’t actually gifs.
they’re frequently webms.

various people don’t care or don’t know the difference between media formats though, so they’ll just call anything remotely gif-like a gif.

nearly all talks are either in English or have English translations. not sure if they’re available on YouTube but you should be able to find everything on https://media.ccc.de

👀

I don’t see “AI” being a relevant factor here, it should be treated the same as if it was drawn, photoshopped or otherwise.

Although I don’t know the full intention of the rule as it was originally created, I assume the intention to be avoiding political debate here. One of the easiest ways to accomplish this is by banning political figures, no questions asked, but that also prohibits a bunch of content that is unlikely to result in political debate.

At the same time, we have

Exceptions may be made at the discretion of the mods

so I would consider this an exception on that ground.

if you’re renaming from File.js to file.ts, which is also changing suffixes instead of just capitalization, then that couldn’t be explained by case sensitivity, unless it was a typo and you meant File.js to file.js

I’ve been using case insensitive fs on macOS for years and the only software having issues with this is onedrive.

can’t say i’m surprised.

indeed, original source is the wrong term, but at least it’s an english derivation of it, which was only copied by the link in this post

it is indeed somewhat attributed, but it still very much looks like scraped content.

a very strong indicator is the inclusion of

Subscribe The most engaging reads in blockchain. Delivered once a week.

Email address

SUBSCRIBE

at the end, which on cointelegraph’s page is separate from the content and provides a sign-up form.

original source for this badly copied blogspam link: https://cointelegraph.com/magazine/china-dev-fined-salary-vpn-10m-ecny-airdrop-asia-express/

why is this a blog spam article badly copied from the original source at https://cointelegraph.com/magazine/china-dev-fined-salary-vpn-10m-ecny-airdrop-asia-express/ ?