• 0 Posts
  • 20 Comments
Joined 1 year ago
cake
Cake day: June 17th, 2023

help-circle
  • This is the thing. People like to blame Berniebros and whatnot for Clinton’s loss in '16, but the reality is that the centrist Democrats that vote for the party’s corporate-backed candidate wouldn’t vote for a progressive one, so even if Bernie had won the nomination, he probably still would have lost because he would have lost the support of these DNC hardliners. I heard people literally say in '16 that if Bernie had somehow won the nomination over Hillary that they would have just stayed home. It’s wild to think how ideologically balkanized the Democratic party is, with so many people fervently belonging to the leftist minority that holds their nose every election to vote for another mediocre person whose best attributes are being “not an outright fascist” versus the people who will never vote for a truly left wing candidate because they’re fiscally conservative but socially liberal and just allergic to compromising in the same way that they’ve forced the leftists in their party to do since forever.



  • surprised to find indignation at sexual scenes in novels

    To quote Ryan Letourneau, “Gen Z is Puritanpilled.” Seriously, I’ve found post-millennial generations to be extremely prudish. I think part of it has to do with the fact that as the internet evolved and became mainstream (and more profitable by catering to general audiences), the edgy or adult content became more ghetoized and quarantined over time. Used to be you’d go to reddit and there’d be porn on the front page. There’s like a 0% change of finding something NSFW on the front page there now. As such, younger people who grew up with the modern incarnation of the internet have a very different perspective on sexual content than those of us who grew up with a more “wild west” style internet where porn was just something that lived alongside the more mundane content. The side-effect of this is also that content like the John Irving novels you’re talking about are treated as if they’re grotesque for presenting sex as just another part of people’s lives - something that you’re not supposed to be shy about or ashamed of. Which is, uh…concerning, for a number of reasons. Other theories are that the world in which we live has eroded platonic relationships among young people and that they want to only see platonic friendships among characters, as that’s the vicarious experience they most desire.










  • I’m waiting for the day Jimmy Wales gets fed up and sells Wikipedia to Amazon and every page has an Amazon link to “great products matching your interests.” Can we have internet 2.0 now? One without companies and just all the weird people from the first internet who made shitty webcomics and shared waaaaaay too much about their personal lives.


  • This is a good example of an argument that fails by virtue of its foundational premises. Vaush’s foundational premise for age of consent is tied to socioeconomic or material factors around power. In other words, the argument is founded on the premise that a child has less power than an adult so children can’t consent to intimate relationships with adults. This ignores the much more intractable argument over psychological and emotional maturity and the significance of particular age-specific life milestones that help to shape a child into an adult - a fully self-accountable member of society. Socioeconomics have mitigating influence over those things, which implies that even under socialism or any kind of post-capitalist society, that a society would have good reason to maintain agent of consent laws. It also totalizes socioeconomic factors as the defining impetus for consent, but that is in and of itself a slippery slope because you could take it to a logical extreme and argue that people of color and white people shouldn’t be allowed to be in relationships, because a person of color has less socioeconomic power in America than a white person, or even that men and women shouldn’t be allowed to be in relationships at all because men have greater socioeconomic power than women, which would mean that everyone should only be allowed to date same-sex members of their own race.


  • I miss the weird edginess of the internet. The reality is that the internet was a place that kids got warned about being full of weirdos and dangerous types. And they weren’t wrong. The thing is, that also made it interesting and full of fascinating content. And it was largely unregulated and uncensored because the people in power were too old to understand or care about it. Now with things like KOSA and the centralization of the internet around a few megaplatforms, there’s less variety and creativity. The internet has become an endless soup of banal, milquetoast content. Vaguely appealing to everyone, but not greatly appealing to anyone.



  • rwhitisissle@lemmy.worldtoProgrammer Humor@lemmy.mlSingle-Page Application
    link
    fedilink
    arrow-up
    0
    arrow-down
    1
    ·
    edit-2
    9 months ago

    Oh boy a semantic argument

    It turns out the language you use can be semantically ambiguous or misleading if you phrase it incorrectly. Today you learned.

    And any web dev who remotely understands the point of CSP and why it was created, should instantly have alarm bells going off at the concept of triggering arbitrary ajax via html attributes.

    Oh, did you finally manage to fucking Google how HTMX works so you could fish for more reasons to say it’s unsafe? What you’re describing is not a particular concern to HTMX. If an attacker can inject HTML into your page (for example, through an XSS vulnerability), they could potentially set up HTMX attributes to make requests to any endpoint, including endpoints designed to collect sensitive information. But, and this is very important, this is not a unique issue to HTMX; it’s a general security concern related to XSS vulnerabilities and improper CSP configurations.

    Do you know what the correct cure for that is?

    PROPER CSP CONFIGURATION.

    “HTMX doesn’t bypass CSP! It just (proceeds to describe the exact mechanism by which it bypasses CSP)”

    Do you genuinely not understand that CSP works on the browser API level? It doesn’t check to see if your JavaScript contains reference to disallowed endpoints and then prevents it from running. I don’t know how you “think” CSP operates, but what happens is this: The browser exposes an API to allow JavaScript to make HTTP requests - specifically XMLHttpRequest and fetch(). What CSP does is tell the browser “Hey, if you get an API request via XMLHttpRequest or fetch to a disallowed endpoint, don’t fucking issue it.” That’s it. HTMX does not magically bypass the underlying CSP mechanism, because those directives operate on a level beyond HTMX’s (or any JS library’s) influence BY DESIGN. You cannot bypass if it if’s properly configured. Two very serious questions: what part of this is confusing to you? And, have you ever tested this yourself in any capacity to even see if what you’re claiming is even true? Because I have tested it and CSP will block ANY HTMX issued request that is not allowed by CSP’s connect-src directive, assuming that’s set.



  • rwhitisissle@lemmy.worldtoProgrammer Humor@lemmy.mlSingle-Page Application
    link
    fedilink
    arrow-up
    0
    arrow-down
    1
    ·
    edit-2
    9 months ago

    Just to be clear, are you talking about some kind of templating library that literally transpiles all the htmx logic and instead packs it into individual ajax logic in js files “per element”, such that you don’t need to serve htmx client side and instead you pre-transpile all the ajax logic out to separate files?

    My brother in Christ, what the fuck are you talking about “transpiling HTMX” and “serving HTMX client side?” You don’t “serve” HTMX and there’s nothing to “transpile into JavaScript.” It is JavaScript. That’s like saying you “serve React client side” and “transpile JavaScript into more JavaScript.” Jesus, I feel like I’m taking crazy pills.

    Cause the very start of my statements was that if we had something like that then HTMX would be fine, as a templating lib that transpiled out to html+js.

    Oh, okay, so you don’t actually know what HTMX is or how it works, then? Because HTMX (https://htmx.org/) is a JavaScript library. Like, literally just a JavaScript library. It’s like…4000 lines of JavaScript. In fact you can read the source code for it here: https://github.com/bigskysoftware/htmx/blob/master/src/htmx.js. For some…insane reason you seem to think HTMX is its own language. It’s not. It’s…just a JavaScript library. There is no other language called HTMX. There is no other mechanism or tool called HTMX. No implementation or protocol or ANYTHING else. It’s just a small JavaScript library.

    invoke arbitrary logic with html attributes

    Once again, HTMX enhances HTML with various attributes declaratively. It utilizes custom data attributes in HTML (like hx-get, hx-post) to specify how elements on the page should behave - essentially, how and where to fetch data or submit forms without a full page reload. This is a form of declarative programming that tells the htmx.js library (which is just doing fucking AJAX) what to do when certain events occur (e.g., a click or a form submission). The actions (like the actual requesting of data from an endpoint) are performed by the code in htmx.js.

    This is a fancy way of saying “if you stick an hx-get attribute on a button, then you can just say where you want a GET request to go to and what element you want updated with the HTML returned from it and htmx.js will parse that out on page load and set an event listener for the button click to know when to initiate an AJAX request to the defined endpoint.” If you had an hx-get attribute in an element in a page and that page didn’t have the htmx.js library loaded it would do literally nothing.

    And, once again, HTMX, being a JavaScript library, operates under the same security constraints as any JavaScript executed in the browser. This means that:

    1. HTMX’s scripts themselves must be loaded from sources allowed by the script-src CSP directive.
    2. Any dynamic requests to load content or submit data initiated by HTMX are subject to CSP’s connect-src directive.

  • HTMX enables arbitrary invocation of ANY api endpoint with cookies included, through html attributes, which inherently can’t be covered by Content Security Policy

    I want you to please explain how HTMX bypasses the Content Security Policy connect-src directive, or any -src directive, for that matter, assuming it is specified (which it should be). Because I’m genuinely curious why the HTMX dev team would include a section on CSP in their docs if it did literally nothing, as you say.

    Actually, as an even more basic question…you do know that HTMX is literally just an AJAX library, right? It doesn’t actually “do” anything via HTML attributes. The additional HTMX attributes, like hx-get, hx-post, etc. just tells HTMX where and how to make the API requests. These requests are executed by the browser’s native fetch or XMLHttpRequest APIs, depending on compatibility and implementation. Therefore, HTMX is subject to the same security constraints and policies as any other JavaScript-based operation that makes HTTP requests. Which also, by definition, means that it adheres to the Content Security Policy directives configured for that website.

    In other words, an HTML button element with hx-get=“https://www.some-endpoint.com/” on it would eventually translate into

    const xhr = new XMLHttpRequest();
    xhr.open("GET", "https://www.some-endpoint.com/");
    xhr.send();
    

    on click.

    You do understand that, right?


  • I’m actually a huge fan of scalping and hope it happens more. Here’s why: many of your more dim-witted, more or less middle-class “free market” bros will gladly tell you that the value of a good is set by supply and demand. Hospital care is so expensive because there are comparatively few doctors, MRI machines, etc. in comparison with the entire population. Houses are so expensive because everyone wants a house and it’s an appreciable asset. I’ve seen these people my entire life. They’ll decry socialism and make the age old joke that “socialism is when no potato.” But the second a PS5 gets a street price of 700 bucks, suddenly they become walking “Homer Simpson fading into the hedge and coming back out wearing a different outfit” memes. They’ll say things like “scalping should be illegal” or “the government should step in to make sure that the actual consumers who want one can get one - nobody should be allowed to buy 500 of them and just sit on them forever.” Suddenly, market economics produces a state of inequality that doesn’t directly benefit them, and the guiding hand of the government should be used to ensure equitable distribution of resources. Not that they’d ever reflect on this in any way or consider how their personal experiences indicates a larger set of structural problems with the economic systems that produce such a state of affairs.