Why are you commenting on this thread when you're not a member of the server?
Why would a ton of conservatives commandeer an explicitly leftist instance, and why would a ton of conservatives have a bunch of pronouns in their bios + trans emotes
I’m kinda disgusted by the amount of Russia apologia and pro war sentiment generally.
Where are you seeing this. Do you have links? I've seen people mentioning this a lot but have never seen any of this content personally.
It not only verifies that any given incoming request is in the absolute correct format it also validates the timestamp in the user’s cookie (it’s a JWT thing).
This is false.
Lemmy's JWTs are forever tokens that do not expire. They do not have any expiration time. Here is the line of code where they disable JWT expiration verification.
Lemmy's JWTs are sent via a cookie and via a URL parameter. Pop open your browser console and look at it.
There is no way to revoke individual sessions other than changing your password.
If you are using a JWT cookie validation does not matter, you need to have robust JWT validation. Meaning JWTs should have short expiration times (~1hr), should be refreshed regularly, and should be sent in the header.
Yeah that article is really flawed. Mastodon instances do not federate with each and every other instance. It’s more like a web. Most of them will federate with mastodon.social, but even then they’re not getting all the content, just the content their users follow. No scaling problems on my server so far.
LMAO yeah to be clear those exist. Mastodon has significantly better tools though for managing them. Reports get handled, you have extremely granular options for mutes, and you can block entire domains of people / instances if you want. If you don’t like those people, you’re able to limit access with them.