Why the password.trim()? Silently removing parts of the password can lead to dangerous bugs and tells me the developer didn’t peoperly consider how to sanitize input.

I remember once my password for a particular organization had a space at the end. I could log in to all LDAP-connected applications, except for one that would insist my password was wrong. A trim() or similar was likely the culprit.

Not my idea of a good date, but to each their own

“I dropped my fair share of hard Rs back then”

Reserved for future use

Unit tests or integration tests?

GDPR enforcement is left to the member states. The EDPB isn’t an agency, its more like all the national data protection authorities in a trench coat.

Some national authorities allow it, most don’t. The final word will be from the CJEU or the EDPB.

Applying AI-voodoo to a non-existing problem with unknown side effects? Sign me up!

It’s not. Image hosting sites have existed for decades. Websites are not liable unless they have actual knowledge of illegal content and ignore takedown requests. Stop fearmongering.

While it’s stupid that ISPs are using their monopolies to screw consumers, the concept of data caps is not as stupid as you might think.

You’re not just paying for the connection between you and the ISP, but also all the other data links that get your internet traffic to its destination. For example, those cables across the ocean are owned third parties and they charge money for every byte that goes through. It wouldn’t be unreasonable for ISPs to pass that cost to users.

Furthermore, most links are overprovisioned in order to keep costs down. For example, if you assume that users only use 10% of their bandwidth on average, that means you can fit 10x as many people on a connection (or maybe 8x to account for peaks). This does mean that users should be discouraged from using their full bandwidth for long durations, otherwise the network operators can’t overprovision as much and have to invest more in infrastructure.

The real question is do you encrypt-and-sign or sign-and-encrypt?

It’s slightly different. Your shell will see the /* and replace it with all the directories under /, e.g. /bin /dev /etc /home etc. So the actual command that runs is rm -rf /bin /dev /etc /home etc.

Put the source code in the bag and nobody gets hurt.

Never repeat anything 👍

Yes, that was what I was referring to. However, this is assuming that Lemmy has properly implemented webfinger and doesn’t store direct links (which I haven’t checked).

Alternatively, you could proxy all requests with application/activity+json in the Accept or Content-type headers.

You can, but other servers will not recognize it as the same server.

There are however ways to run your server on a subdomain and make it appear as if it’s still the original domain. Is that what you’re looking for?